The Akamai Hunt Team has uncovered a new strain of malware that targets exposed Docker APIs with expanded infection capabilities. First observed in August 2025 within Akamai’s honeypot infrastructure, this variant diverges from the June 2025 Trend Micro report by blocking other attackers from accessing the Docker API and delivering a modular payload rather than […]
A sophisticated new cybercrime toolkit named SpamGPT is enabling hackers to launch massive and highly effective phishing campaigns by combining artificial intelligence with the capabilities of professional email marketing platforms.
Marketed on the dark web as a “spam-as-a-service” platform, SpamGPT automates nearly every aspect of fraudulent email operations, significantly lowering the technical barrier for criminals.
The platform’s interface mimics a legitimate marketing service, offering a suite of tools designed for illegal activities.
It features an AI-powered, encrypted framework, along with an AI marketing assistant that helps attackers create and optimize their malicious campaigns.
The creators promote it as an all-in-one solution that blurs the line between commercial marketing software and weaponized automation.
SpamGPT – AI-powered Email Attack Tool
SpamGPT’s dark-themed user interface provides a comprehensive dashboard for managing criminal campaigns.
It includes modules for setting up SMTP/IMAP servers, testing email deliverability, and analyzing campaign results, features typically found in Fortune 500 marketing tools but repurposed for cybercrime.
The platform gives attackers real-time, agentless monitoring dashboards that provide immediate feedback on email delivery and engagement.
SpamGPT Interface
At the core of the platform is an AI assistant, branded “KaliGPT,” which is integrated directly into the dashboard.
This tool can generate persuasive phishing email content, craft convincing subject lines, and even offer advice on targeting specific audiences.
Attackers no longer need strong writing skills; they can simply prompt the AI to create scam templates for them.
The toolkit’s emphasis on scale is equally concerning, as it promises guaranteed inbox delivery to popular providers like Gmail, Outlook, and Microsoft 365 by abusing trusted cloud services such as Amazon AWS and SendGrid to mask its malicious traffic.
One of SpamGPT’s key selling points is its advanced feature set for evading detection and automating infrastructure management.
For a price of $5,000, the toolkit includes a training program on “SMTP cracking mastery,” which teaches users how to compromise or create an unlimited supply of high-quality SMTP servers for sending spam.
This empowers even low-skilled actors to access the infrastructure needed for large-scale attacks.
SpamGPT notes
The platform facilitates advanced spoofing techniques, allowing attackers to customize email headers and impersonate trusted brands or domains.
By using valid SMTP credentials and forged sender details, these emails can bypass basic authentication checks like SPF and DKIM, especially if the target organization has not enforced a strict DMARC policy.
SpamGPT further streamlines operations with a built-in utility for bulk-checking SMTP and IMAP accounts, ensuring credentials are valid before a campaign begins.
It also automates inbox placement tests by sending emails to designated accounts and checking whether they land in the inbox or spam folder, allowing attackers to fine-tune their content for maximum effectiveness.
By packaging a powerful suite of features behind a user-friendly graphical interface, SpamGPT dramatically lowers the entry barrier for conducting sophisticated phishing campaigns.
What once required significant technical expertise can now be executed by a single operator with a ready-made toolkit.
The rise of such AI-driven platforms signals a new evolution in cybercrime, where automation and intelligent content generation make attacks more scalable, convincing, and difficult to detect.
To counter this emerging threat, organizations must harden their email defenses. Enforcing strong email authentication protocols such as DMARC, SPF, and DKIM is a critical first step to make domain spoofing more difficult.
Furthermore, enterprises should deploy AI-powered email security solutions capable of detecting the subtle linguistic patterns and technical signatures of AI-generated phishing content.
As attackers leverage AI, defenders must do the same, combining advanced technology with threat intelligence to stay ahead of the curve.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized.
If you’re a CISO or security leader, you’ve likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments often fall short unless they’re framed in a way the board can understand and appreciate.
A new technique to exploit a complex use-after-free (UAF) vulnerability in the Linux kernel successfully bypasses modern security mitigations to gain root privileges.
The method targets CVE-2024-50264, a difficult-to-exploit race condition bug in the AF_VSOCK subsystem that was recognized with a Pwnie Award for its complexity. The vulnerability, introduced in Linux v4.8, presents significant challenges for exploitation.
According to Alexander Popov, an unprivileged user can trigger the bug, but it comes with severe limitations, including an unstable race condition, an extremely short time window for memory corruption, and multiple ways for the kernel to crash during the attempt.
The original exploit strategy was highly complex, involving large-scale memory sprays and advanced techniques like SLUBStick and Dirty Pagetable.
Linux Kernel Use-After-Free Vulnerability
Seeking a simpler path, the researcher devised a new approach centered on the msg_msg kernel object. The core of the new method is a technique that allows for the corruption of an msg_msg object without causing the kernel to hang.
Typically, a UAF write on this object would fail because a pointer field, m_list.prev, would be non-zero, causing a system hang when the kernel tries to acquire a spinlock.
The researcher’s solution involves a clever manipulation of the message queue:
The message queue is filled almost to capacity, leaving only a few bytes of free space.
The exploit then attempts to send the target msg_msg objects. Because the queue is full, the kernel allocates the objects but blocks the msgsnd() system call, forcing it to wait for space.
While the system call is blocked, the UAF is triggered, corrupting fields within the waiting msg_msg object.
Finally, space is freed in the message queue, allowing the blocked system call to resume. The kernel then proceeds to add the corrupted msg_msg object to its queue, conveniently fixing the corrupted list pointers in the process and avoiding a crash.
This technique effectively creates a reliable exploit primitive from a UAF write, even under difficult conditions, without needing a prior kernel information leak.
Bypassing Kernel Defenses
To successfully execute the attack, several other hurdles had to be overcome.
The researcher used a cross-cache attack to replace the freed virtio_vsock_sock object with the msg_msg object, navigating around kernel hardening features like CONFIG_RANDOM_KMALLOC_CACHES. The UAF write also occurred too quickly for this attack to work reliably.
To solve this, a technique was used to slow down the responsible kernel worker by overwhelming it with notifications from timerfd and epoll instances, widening the race window significantly, Alexander said.
This msg_msg corruption was used to achieve an out-of-bounds read, leaking kernel memory that included the address of the process’s credentials (struct cred).
With this information, a second UAF was performed against a pipe_buffer object to gain arbitrary address read and write capabilities.
This allowed the attacker to directly modify the process credentials and escalate privileges to root, completing the data-only attack.
The entire exploit development process was refined using kernel-hack-drill, a custom testing environment for experimenting with kernel exploit primitives in a controlled manner.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Cybersecurity researchers at FortiGuard Labs have uncovered a sophisticated phishing campaign that deploys the MostereRAT remote access trojan to compromise Windows systems. The malware leverages advanced evasion techniques and installs legitimate remote access tools like AnyDesk and TightVNC to maintain persistent, covert access to infected machines. The attack begins with carefully crafted phishing emails targeting […]
Jaguar Land Rover’s UK factories will remain closed until at least Wednesday as the company continues to recover from a cyberattack that struck its systems on 31 August. The carmaker shut down its IT networks in response to the breach, halting production at its Halewood and Solihull plants, Wolverhampton engine facility, and sites in Slovakia, […]
A new exploitation method has been discovered for the Linux kernel use-after-free (UAF) vulnerability tracked as CVE-2024-50264. The vulnerability was awarded the Pwnie Award 2025 for Best Privilege Escalation due to its complexity and impact on major Linux distributions. Researchers developed innovative techniques to bypass kernel slab allocator and race condition protections, making exploitation much more feasible than […]
Dynatrace has confirmed that customer data stored in Salesforce was exposed following a third-party breach involving Salesloft’s Drift application. The incident, which occurred in August 2025, allowed unauthorized access to Salesforce CRM data across multiple companies. Both Salesloft and Salesforce responded by disabling the compromised integrations and notifying affected customers. Incident Overview The breach stemmed […]
A newly demonstrated attack technique has revealed a flaw in how Windows Defender manages its update and execution mechanism. By exploiting symbolic links, attackers can hijack Defender’s service folders, gain full control over its executables, and even disable the antivirus entirely. How the Exploit Works Windows Defender stores its executables inside versioned folders under ProgramData\Microsoft\Windows Defender\Platform. […]
The North Korean-aligned threat group APT37, also known as ScarCruft, Ruby Sleet, and Velvet Chollima, has evolved its cyber warfare capabilities by deploying sophisticated Rust and Python-based malware in recent campaigns targeting Windows systems. Active since 2012, this advanced persistent threat group continues to focus on South Korean individuals connected to the North Korean regime […]
.webp)
