VulnHub

Real-time Cybersecurity News

Back to all threats

WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation

SecurityWeek
PhishingMalwarePalo Alto

Summary

Palo Alto Networks has identified new malicious language models, WormGPT 4 and KawaiiGPT, that are being utilized by cybercriminals to enhance their phishing, malware development, and reconnaissance efforts. The rise of these dark LLMs represents a significant threat to cybersecurity, automating and streamlining various cybercrime activities.

Original Article Summary

Palo Alto Networks has conducted an analysis of malicious LLMs that help threat actors with phishing, malware development, and reconnaissance. The post WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation appeared first on SecurityWeek.

Impact

Not specified

In the Wild

Unknown

Timeline

Newly disclosed

Remediation

Not specified

Read Original Article

Related Coverage

Palo Alto Networks launches AI safety toolkit for schools

SCM feed for Latest

Palo Alto Networks has launched a free digital literacy toolkit in collaboration with Cyberlite to help educators teach students about AI-driven threats. This initiative aims to combat the rising use of artificial intelligence by cybercriminals, emphasizing the importance of digital literacy in recognizing and resisting such threats.

Dec 3, 2025

​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​

All CISA Advisories

CISA has identified that various cyber threat actors are using commercial spyware to target users of mobile messaging applications, employing tactics such as phishing, zero-click exploits, and impersonation. The focus is primarily on high-value individuals including government and military officials, indicating a serious threat to sensitive communications.

Nov 24, 2025

In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring

SecurityWeek

The article highlights several significant cybersecurity incidents, including a data breach affecting 120,000 individuals and a surge in scanning activities by Palo Alto Networks. Additionally, it mentions ongoing legal battles involving WhatsApp and NSO, as well as the emergence of AI-related security threats such as second-order prompt injection attacks.

Nov 21, 2025

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

Security Affairs

A hacking campaign has been targeting GlobalProtect logins and scanning SonicWall APIs since December 2, 2025. The attack is significant due to its scale, involving over 7,000 IP addresses linked to a German hosting provider, indicating a coordinated effort that poses a serious threat to the security of affected systems.

Dec 6, 2025