London, United Kingdom, 5th March 2025, CyberNewsWire

**London, United Kingdom, March 5th, 2025, CyberNewsWire**

AI Soft has announced the upcoming public release of **Alli AI**, an advanced artificial intelligence-powered platform designed for content creation. Following the conclusion of a closed beta phase, the platform will soon be available with a free trial version, allowing users to explore its capabilities. Alli AI offers a range of tools for image enhancement, background modification, photo animation, video generation, and voice synthesis, catering to designers, photographers, marketers, and digital creators.

**Expanding AI Applications in Content Creation**

Alli AI functions as both an editor and a content generator, with applications spanning social media, digital marketing, and creative design. The technology has reportedly contributed to a growing volume of AI-generated content across platforms such as TikTok, Instagram, and X. Users have leveraged the tool for various applications, from animated imagery to advertising campaigns.

**Insights from Beta Testing**

The beta testing phase highlighted the platform’s appeal across multiple industries. Designers have used Alli AI to accelerate creative workflows and experiment with different artistic styles, while photographers have explored its animation and enhancement tools. Marketers have utilized the platform to streamline content production, and early adopters in other fields have experimented with its capabilities.

**Upcoming Public Launch**

Alli AI’s developers have announced plans for an upcoming public release, which will include a trial version. The platform is positioned as a tool for content creators seeking AI-driven enhancements for branding, digital media, and other projects.

**About Alli AI**

Alli AI is an AI-powered content creation platform developed by **AI Soft**. It offers tools for image enhancement, animation, background modification, video generation, and voice synthesis. Designed for professionals and casual users alike, Alli AI aims to streamline creative workflows across multiple industries, including marketing, photography, and design.

For more information, users can visit Alli AI’s official website or follow updates on X.

**Contact**

**AI Soft**  
**XS Trade**  
**\[email protected\]**  
**+447458196484**

Alli AI Announces Upcoming Public Launch of AI-Powered Content Creation Platform

Google has announced the rollout of artificial intelligence (AI)-powered scam detection features to secure Android device users and their personal information.
"These features specifically target conversational scams, which can often appear initially harmless before evolving into harmful situations," Google said. "And more phone calling scammers are using spoofing techniques to hide their real

Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud

New research shows at least a million inexpensive Android devices—from TV streaming boxes to car infotainment systems—are compromised to allow bad actors to commit ad fraud and other cybercrime.

Cheap TV streaming boxes seem like one of the most straightforward gadgets out there, but they can come with hidden costs. In 2023, researchers revealed that tens of thousands of Android TV boxes being used in homes, schools, and businesses were equipped with secret backdoors that allowed them to be used in a host of cybercrime and online fraud. Now, the same researchers have found that the China-based ecosystem behind the compromised devices and the illicit activities they’re used for—collectively dubbed Badbox 2.0—is fueling a next-generation campaign that’s broader in scope and even more sneaky.

At least 1 million Android-based TV streaming boxes, tablets, projectors, and after-sale car infotainment systems are infected with malware that conscripts them into a scammer-controlled botnet, according to new research shared exclusively with WIRED by the cybersecurity firm Human Security. The compromised devices are used for a range of advertising fraud and in so-called residential proxy services, which allow their operators to use victim internet connections for routing and masking web traffic. And all of this activity happens behind the scenes without the owners of compromised devices having any idea of how their streaming boxes are being used.

“This is all completely unbeknownst to the poor users that have bought this device just to watch Netflix or whatever,” Gavin Reid, Human’s chief information security officer, tells WIRED. “Ad fraud including click fraud is all happening behind the scenes, but the main way they are monetizing the million devices is reselling this proxy service. Victims don't know that they're a proxy, they never agreed to be a proxy service, but they're being used for that. Any bad thing you want to do, scraping, whatever it is, these proxy services are an enabler for that.”

The researchers found that the majority of infected devices are in South America, particularly Brazil. The impacted devices often use generic names and aren’t produced by known brands. For example, there are dozens of impacted streaming boxes, but the majority of Badbox 2.0 targets are in the “TV98” and “X96” device families. Virtually all of the targeted devices are designed using Android’s open source operating system code, meaning they run versions of Android but aren’t part of Google’s ecosystem of protected devices.

Google collaborated with the researchers to address the ad fraud component of the activity, though. The company says it worked to terminate publisher accounts associated with the scams and block the ability of those accounts to generate revenue through Google’s advertising ecosystem.

“Malicious attacks like the one described in this report are expressly prohibited on our platforms,” Google spokesperson Nate Funkhouser told WIRED in a statement. “Bad actors’ tactics are constantly evolving. Partnering with organizations like HUMAN helps us share threat intelligence and expands our collective ability to identify and take swift action against bad actors, as we did here.”

In the original Badbox campaign, scammers focused on installing backdoored firmware in streaming boxes before they arrived in the hands of consumers. The Badbox 2.0 campaign is significant, the researchers say, because it reflects a major change in tactics. Rather than focusing on low-level firmware infections, Badbox 2.0 involves more traditional software-level malware distributed through common tactics like drive-by downloads, in which victims accidentally download malware without realizing it.

Researchers from multiple firms say that the campaign seems to come from a loosely connected ecosystem of fraud groups rather than one single actor. Each group has its own versions of the Badbox 2.0 backdoor and malware modules and distributes the software in a variety of ways. In some cases, malicious apps come preinstalled on compromised devices, but in many examples that the researchers tracked, attackers are tricking users into unknowingly installing compromised apps.

The researchers highlight a technique in which the scammers create a benign app—say, a game—post it in Google's Play Store to show that it’s been vetted, but then trick users into downloading nearly identical versions of the app that are not hosted in official app stores and are malicious. Such “evil twin” apps showed up at least 24 times, the researchers say, allowing the attackers to run ad fraud in the Google Play versions of their apps, and distribute malware in their imposter apps. Human also found that the scammers distributed over 200 compromised, re-bundled versions of popular, mainstream apps as yet another way of spreading their backdoors.

“We saw four different types of fraud modules—two ad fraud ones, one fake click one, and then the residential proxy network one—but it's extensible,” says Lindsay Kaye, Human’s vice president of threat intelligence. “So you can imagine how, if time had gone on and they were able to develop more modules, maybe forge more relationships, there is the opportunity to have additional ones.”

Researchers from the security firm Trend Micro collaborated with Human on the Badbox 2.0 investigation, particularly focusing on the actors behind the activity.

“The scale of the operation is huge,” says Fyodor Yarochkin, a Trend Micro senior threat researcher. He added that while there are “easily up to a million devices online” for any of the groups, “This is only a number of devices that are currently connected to their platform. If you count all the devices that would probably have their payload, it probably would be exceeding a few millions.”

Yarochkin adds that many of the groups involved in the campaigns seem to have some connection to Chinese gray market advertising and marketing firms. More than a decade ago, Yarochkin explains, there were multiple legal cases in China in which companies had installed “silent” plugins on devices and used them for a diverse array of seemingly fraudulent activity.

“The companies that basically survived that age of 2015 were the companies who adapted,” Yarochkin says. He notes that his investigations have now identified multiple “business entities” in China which appear to be linked back to some of the groups involved in Badbox 2. The connections include both economic and technical links. “We identified their addresses, we’ve seen some pictures of their offices, they have accounts of some employees on LinkedIn,” he says.

Human, Trend Micro, and Google also collaborated with the internet security group Shadow Server to neuter as much Badbox 2.0 infrastructure as possible by sinkholing the botnet so it essentially sends its traffic and requests for instructions into a void. But the researchers caution that after scammers pivoted following revelations about the original Badbox scheme, it’s unlikely that exposing Badbox 2.0 will permanently end the activity.

“As a consumer, you should keep in mind that if the device is too cheap to be true, you should be prepared that there might be some additional surprises hidden in the device,” Trend Micro’s Yarochkin says. “There is no free cheese unless the cheese is in a mousetrap.”

1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers

Cofense uncovers new LinkedIn phishing scam delivering ConnectWise RAT. Learn how attackers bypass security with fake InMail emails…

Cofense uncovers new LinkedIn phishing scam delivering ConnectWise RAT. Learn how attackers bypass security with fake InMail emails and how to protect against this sophisticated phishing tactic.

Cybersecurity researchers at Cofense have recently uncovered a deceptive campaign that distributes malicious software using a spoofed LinkedIn email. This operation, detected by their Phishing Defense Center and Intelligence teams, diverges from typical LinkedIn-themed phishing attacks, which usually aim to steal user credentials or facilitate business email compromise. Instead, this campaign delivers a remote access trojan called ConnectWise RAT.

The fraudulent email is designed to mimic a notification for a LinkedIn InMail message, a feature that allows users to contact individuals outside of their immediate network. The email effectively leverages LinkedIn’s branding, convincingly creating legitimacy. However, careful examination reveals that the email uses an outdated template, reminiscent of LinkedIn’s design prior to its 2020 user interface and branding overhaul.

LinkedIn’s 2020 Branding (Source: Cofense)

The email’s narrative centres around a supposed sales director from a company requesting a product or service quote. This strategy aims to create a sense of urgency, prompting the recipient to respond quickly. However, the sender’s identity and the company mentioned are fabricated.

The profile picture used in the email belongs to a real individual, Cho So-young, who is the president of a Korean civil engineering organization, whereas the company name (DONGJIN Weidmüller Korea Ind) combines elements of two legitimate corporations, but this company does not exist.

Clicking the “Read More” or “Reply To” buttons embedded within the email triggers the download of the ConnectWise RAT installer. Interestingly, the email avoids the common tactic of directly prompting users to download or run a file. This subtle approach might be designed to bypass the suspicions of users who are trained to be wary of such direct requests.

Analysis of the email’s security headers reveals that it fails Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) authentication checks, indicating that the email was not sent from a legitimate LinkedIn server and was not digitally signed.

Despite these red flags, the email bypassed existing security measures, likely due to the Domain-based Message Authentication, Reporting & Conformance (DMARC) policy being configured to mark the email as spam rather than outright rejecting it.

This campaign has been active since at least May 2024, with the email template remaining consistent. However, whether earlier iterations of this campaign also delivered the ConnectWise RAT remains unconfirmed.

“This campaign was found to exist in the wild as far back as May 2024. While the email template has not changed since then, Cofense Intelligence was unable to confirm whether this campaign was used to deliver ConnectWise RAT in prior samples that were found via open-source intelligence,” researchers noted in the blog post.

Nevertheless, this campaign highlights the evolving tactics of cybercriminals and the persistent threat of sophisticated phishing attacks involving LinkedIn. Protection against such threats requires educating employees to carefully scrutinize email senders especially those requesting urgent actions, appropriately configuring email authentication protocols (SPF, DKIM, and DMARC), and ensuring your Secure Email Gateway (SEG) is configured to effectively filter and block suspicious emails.

LinkedIn Phishing Scam: Fake InMail Messages Spreading ConnectWise Trojan

Scammers are impersonating BianLian ransomware, and mailing fake ransom letters to businesses. Learn the red flags and how…

Scammers are impersonating BianLian ransomware, and mailing fake ransom letters to businesses. Learn the red flags and how to protect against this extortion scam.

GuidePoint Security’s Senior Threat Intelligence Analyst, Grayson North, has discovered a peculiar trend in the corporate sector in which executives at various organizations began receiving physical letters delivered via the US Postal Service.

In March 2025, the GuidePoint Research and Intelligence Team (GRIT) received reports of suspicious physical letters from the BianLian ransomware group, claiming that the recipient’s corporate IT network had been compromised and sensitive data had been stolen. The letters were delivered via mail from US addresses.

These senders demanded substantial ransom payments, ranging from $250,000 to $350,000, to a Bitcoin wallet address provided, with a threat of data leakage if payment was not received within ten days. The letter arrived with the following text:

“We no longer negotiate with victims: You have 10 days from the receipt of this letter to pay. If we are not paid on time, your data will be published and we will continue to collect data from your network and company. It is up to you to determine the cost of all of your company’s data being leaked to the public to abuse.”

The letters mimicked the format of traditional digital ransomware notes, including QR codes for easy Bitcoin transfers and Tor links to BianLian’s data leak site on the Dark Web. However, cybersecurity analysts at GuidePoint Security quickly identified numerous inconsistencies that cast doubt on the legitimacy of these claims.

Such as, the letters’ language was notably different from BianLian’s past ransom notes, displaying a level of polished English that was uncharacteristic. Though the provided Tor links did lead to BianLian’s legitimate data leak sites, these links are publicly known and easily accessible. The most glaring anomaly was the method of delivery since ransomware groups typically communicate digitally, and generally avoid using physical mail mediums.

Moreover, according to GRIT’s report, instead of standard threat actors’ practices, the senders refused to negotiate. The Bitcoin wallet addresses were newly generated and showed no previous association with any ransomware activity. Crucially, investigations revealed no evidence of network intrusions or data breaches in the organizations that received these letters.

The research team, hence, concluded that given the unusual delivery method, the language inconsistencies, the lack of intrusion evidence, and the fresh Bitcoin wallets all pointed to an attempt to impersonate BianLian for financial gain. The letters were marked “TIME SENSITIVE READ IMMEDIATELY” and had a return address in Boston.

The fake ransom letter used in the campaign (Via GRIT)

These aspects indicate that the letters were designed to create a sense of urgency and fear, exploiting the reputation of a known ransomware group. GRIT recommends organizations should educate employees on handling such threats and ensure network defences are up to date and no active alerts are present.

1.  Fake CrowdStrike Recruiters Distribute Malware
2.  Journalist Targeted in USB Drive Bombing Attack
3.  Hackers Call Employees to Steal VPN Data from US Firms
4.  Volcano Demon Ransomware Makes Phones Victim of Ransom
5.  Fake IT Calls Scam MS Teams Users into Installing Ransomware

Scammers Mailing Ransom Letters While Posing as BianLian Ransomware

Boston and Tel Aviv, United States, 4th March 2025, CyberNewsWire

**Boston and Tel Aviv, United States, March 4th, 2025, CyberNewsWire**

Pathfinder AI expands Hunters’ vision for AI-driven SOCs, introducing Agentic AI for autonomous investigation and response.

**Hunters**, the leader in next-generation SIEM, today announced **Pathfinder AI**, a major step toward a more AI-driven SOC. Building on Copilot AI, which is already transforming SOC workflows with LLM-powered investigation guidance, Hunters is introducing its Agentic AI vision, designed to autonomously enhance detection, investigation, and response. Agentic AI will launch soon, with ongoing innovations to further streamline security operations.

> “Hunters has already made a significant impact on our security operations by reducing manual investigations, streamlining data ingestion, and improving threat visibility. With Pathfinder AI, we’re enhancing efficiency and response times through AI-driven detection explanations and automated investigative guidance. This innovation continues to strengthen Emburse’s security posture with cutting-edge AI-powered threat intelligence.” — Casey Sword, Endpoint Security Architect, Emburse

**How AI is Shaping the Future of Security Operations**

Security investigations are complex and unpredictable—each alert triggers multiple investigative steps, creating an overwhelming number of possible paths. Traditional automation follows rigid workflows, often leaving analysts stuck chasing false leads while real threats slip through.

AI changes the equation. Unlike static rule-based automation, Agentic AI dynamically adapts, prioritizing critical threats, filtering out noise, and continuously refining investigations to keep security teams focused and efficient.

To stay ahead of evolving threats, SOCs need two key AI-driven capabilities:

*   **Copilot AI** – Enhances analyst workflows with automated data analysis, report generation, and guided investigations.
*   **Agentic AI** – Delivers autonomous threat detection, investigation, and response, reducing manual workloads and accelerating decision-making.

By leveraging specialized AI agents that collaborate in real time, security teams can move beyond manual triage and fragmented investigations—operating faster, smarter, and with greater precision.

**Hunters Pathfinder AI**

From day one, Hunters was founded with the vision of embedding analyst intelligence into the SIEM—automating triage and investigation to maximize efficiency and accuracy. With years of experience refining AI-driven security operations, they are uniquely positioned to lead the AI-driven SOC transformation, leveraging the deep expertise to deliver automation at scale.

As Hunters Pathfinder AI continues to evolve, they are expanding its capabilities in two key areas: AI-Assisted SOC and AI-Driven SOC. These advancements will further reduce manual workloads while enhancing detection, investigation, and response.

**AI-Assisted SOC with Copilot AI**

*   Lead Summarization – AI-generated summaries that provide analysts with immediate and comprehensive context on security events.
*   Guided Investigation Workflows – Suggests next steps across the entire attack surface.
*   Natural Language Querying – Enables SOC analysts to interact with the system using conversational AI to retrieve insights efficiently.
*   Custom Detection Authoring – Helps analysts refine detections with guided logic and iterative fine-tuning.
*   Threat Classification – AI evaluates signals and context to determine whether a threat is benign or malicious, reducing manual triage time.

**AI-Driven SOC with Agentic AI**

*   Autonomous Triage and Classification – AI-driven agents investigate every threat, classifying incidents and providing full investigation reports.
*   Self-Optimizing Detections – Machine learning models continuously refine detection accuracy based on real-world attack data.
*   Automated Root Cause Analysis – AI correlates attack signals across multiple sources to provide full attack narratives.

> “Pathfinder AI is a game-changer for SOC teams, allowing us to deliver on our promise of making security operations more effective in the fight against cyber threats. By combining Copilot AI and Agentic AI, we are not just automating tasks but enabling security teams to focus on what truly matters—stopping real threats before they cause harm.” — Ian Forrest, VP of Product, Hunters

**The Road Ahead**

Hunters remains committed to pushing the boundaries of SOC automation with AI-driven investigations, automated response mechanisms, and deeper AI capabilities. Pathfinder AI represents the next advancement toward a faster, smarter, and more effective security operations center and will be delivered in the upcoming months.

For more details, users can explore Hunters’ **blog post** and **join the webinar** about this announcement on March 5th, 2025.

**About Hunters**

Hunters empowers SOC teams with AI-driven automation, maximizing efficiency without large security budgets. As a next-gen SIEM, the Hunters SOC Platform integrates Agentic AI, Copilot AI, machine learning, and graph-based correlation to automate detection, investigation, and response. Trusted by Cimpress, OpenLane, and The RealReal, Hunters delivers built-in detections, AI-driven investigations, and security expert support from Team Axon.

For more information, users can visit **Hunters Security**.

**Contact**

**Ada Filipek**  
**Hunters**  
**\[email protected\]**

Hunters Announces New AI Capabilities with Pathfinder AI for Smarter SOC Automation

View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 6.7
ATTENTION:
Vendor: Hitachi Energy
Equipment: MACH PS700
Vulnerability: Uncontrolled Search Path Element
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to escalate privileges and gain control over the software.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Hitachi Energy reports the following products are affected:
MACH PS700: Version v2
3.2 VULNERABILITY OVERVIEW
3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427
Uncontrolled search path element in some Intel(R) Chipset Device Software before Version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-28388 has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Switzerland
3.4 RESEARCHER
Hitachi Energy PSIRT reported this vulnerability to CISA.
4. MITIGATIONS
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
MACH PS700 v2 System: Install patch scripts to safely remove the software causing the vulnerability. In addition, general mitigation factors are recommended. (Due to complexity of individual implementation of project, contact local account team for further information on possible remediation and mitigation strategies.)
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000208 Cybersecurity Advisory - Intel Chipset Software Vulnerability in Hitachi Energy MACH PS700 v2 System.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity.
5. UPDATE HISTORY
March 04, 2025: Initial Publication

Hitachi Energy MACH PS700

Artificial Intelligence is a tool that is currently changing how businesses approach digital marketing and SEO. Explore how your business can transform with AI-powered SEO services here.

Over 70% of marketers and small business owners in the world today use AI for SEO. That’s a staggering amount. Right? Well, AI is changing how businesses approach digital marketing. It enables systems to evaluate massive data, determine patterns, and make decisions with little or no human intervention.

So, now businesses can easily automate and optimise key aspects of SEO, such as keyword research, content creation, and website analysis. This allows businesses to get high search rankings and organic traffic more efficiently than with traditional methods. Let’s learn more about this below.

**Table of Contents**

1.  The integration of artificial intelligence in SEO
    1.  Automation of keyword research
    2.  Optimisation of technical SEO
    3.  Content optimisation and creation
2.  Enhancing user experience through AI-driven strategies
3.  Predictive analytics: forecasting trends with AI
4.  Automating routine SEO tasks using machine learning
5.  Case studies: success stories of AI in SEO
    1.  Bankrate.com
    2.  Rocky Brands
    3.  STACK Media
    4.  RELATED TOPICS

****The integration of artificial intelligence in SEO****

As mentioned earlier, many businesses are adopting the use of AI for SEO. They do so in several ways, including the following:

****Automation of keyword research****

Before AI, keyword research used to involve the tiring work of analysing volume and competition metrics. That’s not the case anymore. Now tools such as Ahrefs and SEMrush use machine learning to predict keyword trends.

This is more efficient and faster than the traditional methods of keyword research. AI quickly analyses a vast amount of data to identify relevant keywords, long-tail phrases, and competitor strategies.

So, it ensures a more targeted content creation. For instance, businesses currently focusing on SEO in Spain, use AI to get more targeted Spanish keywords. Then, they incorporate the keywords in their content to ensure higher search rankings and organic traffic.

****Optimisation of technical SEO****

You can now use AI to automate your technical SEO tasks. This includes identifying technical issues, such as slow loading times and defective links. What’s more, you can use AI to get an insight into where you need to improve your website.

Therefore, AI can help your website shine. This means that it can help you identify and fix issues that can affect your search engine ranking and things like bounce rate.

****Content optimisation and creation****

Today, many businesses use artificial intelligence to develop SEO-driven strategies. Any leading digital marketing agency, such as Seeders, will confirm that AI significantly simplifies and accelerates the process of content optimization and creation. For example, AI-powered tools like Frase, Clearscope, and Surfer SEO help analyze top-ranking content. They provide recommendations on keywords, structure, and readability.

What does this indicate? It means that you don’t have to do the tiring research work daily. AI can do it for you. In addition to the research, AI can help you write great pieces of content. Remember, it all lies in how you prompt it to write.

****Enhancing user experience through AI-driven strategies****

Have you ever gotten the feeling that Google knows what you think before you finish typing? Well, that’s the power of AI. Today, SEO isn’t just about stuffing keywords into articles or hoping your content will land on the first page.

It’s about semantic search and user intent. What’s more, AI ensures that businesses can deliver more personalised, intuitive, and efficient interactions. It does this by doing the following:

*   Analysing user behaviour and past interactions to ensure personalised content and experiences. For example, Amazon and Netflix will give you product or content recommendations based on your unique history. So this ensures better user engagement.

*   Using chatbots to provide instant responses to user queries. This helps to reduce wait times and ensure better customer support.

*   Predicting customer preferences. This ensures that marketing efforts are more personalised.

****Predictive analytics: forecasting trends with AI****

AI doesn’t just focus on history. It can also help you predict the future. AI uses statistical models, data analytics, and machine learning to predict the future. The best part? Its predictions are often accurate and can help your business stay ahead in competitive markets.

Therefore, you can use AI to analyse industry trends, social media sentiments and economic indicators. Then, use the data received to predict market shifts. At the same time, you can use that data to adjust your digital marketing strategies to ensure they align with future demands.

The benefits of using AI in predictive analytics are that:

*   It offers real-time insights.
*   It analyses large datasets quickly
*   It helps businesses to optimise their marketing efforts.
*   It ensures minimal error. So businesses can make decisions quickly.

****Automating routine SEO tasks using machine learning****

As mentioned earlier, machine learning is one of the things that AI uses to make predictive analytics. Apart from that, machine learning can be used to automate routine SEO tasks. This includes doing things like:

*   Analysing search trends, competitor rankings, and user intent to generate high-performing keywords. So, businesses that use AI for keyword research can stay ahead of trends and search terms.

*   Automating content audits to ensure that content aligns well with search engine algorithms.

*   Providing real-time suggestions for content optimisation, including areas where you can improve readability.

*   Identifying gaps in existing content and suggesting topics to improve search rankings by filling these gaps.

*   Identifying technical SEO issues, like broken links and page speed problems. Then providing ways to solve them.

*   Optimising images by automatically generating alt texts.

****Case studies: success stories of AI in SEO****

Many sites have successfully used AI to improve their SEO performance. They include:

****Bankrate.com****

Bankrate.com has successfully used AI to drive thousands of visits each month to their website. This website uses AI to create responses to questions that have specific limitations, such as “What is Financial Liquidity?” and “What is the Contribution Margin?”

So, when done right, AI content can help you achieve success. And Bankrate.com has proven that. The site also uses a human touch to fact-check and rewrite where necessary.

****Rocky Brands****

Rocky Brands is another company that has managed to successfully use AI for SEO. It has implemented the use of BrightEdge tools for formulating effective SEO strategies.

After the implementation of these AI tools, Rocky Brand experienced an increase of YOY revenue by 74%, search revenue by 30% and new users by 13%.

****STACK Media****

STACK Media also collaborated with BrightEdge to enhance their web traffic. This collaboration involved identifying high search volume keywords, analysing SERP visibility, and conducting competitive research.

1.  Top SEO Agencies in the UK: Expert Insights
2.  Best SEO Experts to Follow on Twitter (X) in 2025
3.  How to Improve Your SEO through Enhanced Web Security
4.  SEO vs. PPC: Choosing the Right Strategy for Your Business
5.  16 Best SaaS SEO Experts That Will Help You Dominate Online

Featured Image via Pexels/Matheus Bertelli

AI-powered SEO services: revolutionizing digital marketing

Cybercriminals pose as IT support, using fake calls and Microsoft Teams messages to trick users into installing ransomware through email floods and remote access.

Cybersecurity researchers at Trend Micro are warning about a new scam where cybercriminals pose as tech support to gain access to victims’ computers. But this isn’t just another spam email scheme; attackers are flooding inboxes and even reaching out through Microsoft Teams to trick people into letting them in. Once inside, they deploy ransomware from groups like Black Basta and Cactus.

****Here’s how it works:****

Victims first get bombarded with a flood of emails. Shortly after, someone claiming to be from the IT department contacts them through Microsoft Teams or even a phone call. This “helper” then convinces the user to grant them remote access to their computer, often using a legitimate program called Quick Assist, which is built into Windows to allow remote tech support.

Once inside, the scammer downloads files that seem harmless at first but are secretly combined and unpacked to install a backdoor called BackConnect. Hidden in OneDrive, this backdoor gives attackers full control over the infected system.

It’s worth noting that the Black Basta gang was previously flagged in December 2024 for a similar modus operandi, using email bombing to target Microsoft Teams users. However, at that time, the group was deploying Zbot and DarkGate malware instead.

According to Trend Micro’s latest technical report, recent incidents analyzed by the company show a strong connection between this BackConnect malware and the notorious Black Basta ransomware group, which reportedly made over $100 million from victims in 2023. There’s even evidence suggesting some members of Black Basta have moved over to another ransomware gang called Cactus, as the methods used in recent Cactus attacks are strikingly similar.

These attacks have been particularly active since October 2024, primarily hitting organizations in North America, with the United States suffering the most. The manufacturing sector, followed by finance, investment consulting, and real estate, have been frequent targets for Black Basta.

Screenshot of the email address used by the attacker (Via Trend Micro)

In some cases, after establishing their backdoor, attackers have been seen using more advanced methods to spread through a network, even targeting specialized systems like ESXi hosts used for running virtual machines. They use tools like WinSCP to move files around and have been caught preparing to encrypt files before being stopped. Leaked internal chats from Black Basta reveal the group sees security tools like Trend Micro as a significant hurdle, showing they are actively trying to find ways around them.

> BlackBasta’s internal chats just got exposed, proving once again that cybercriminals are their own worst enemies. Keep burning our intelligence sources, we don’t mind. 😉 pic.twitter.com/6So7dl7xXn
> 
> — PRODAFT (@PRODAFT) February 20, 2025

What makes these attacks effective is not necessarily the complexity of the software used, but the way attackers manipulate people. By mixing social engineering with the abuse of genuine software and cloud services, they make their malicious actions look like normal computer activity. It highlights that cybersecurity isn’t just about having the right software, but also about being aware of how criminals try to deceive people.

****What You Should and Should NOT Do!****

If you’re a Microsoft Teams user, don’t panic if you suddenly get flooded with emails. Instead, contact your system administrator to ensure these emails are blocked immediately and your device is scanned regularly. Report any suspicious emails or calls from unknown third parties posing as “helpers” to your cybersecurity team.

Remember, you don’t need a helper if you never asked for one; especially when the ‘helper’ is the one who caused the problem in the first place.

Fake IT Support Calls Trick Microsoft Teams Users into Installing Ransomware

FortiGuard Labs discovers an advanced attack using modified Havoc Demon and SharePoint. Explore the attack's evasion techniques and security measures.

A new cyberattack campaign discovered by FortiGuard Labs, Fortinet’s threat intelligence and research unit, leverages a combination of social engineering, multi-stage malware, and the manipulation of trusted cloud services to achieve control over compromised systems.

According to FortiGuard’s investigation, shared with Hackread.com ahead of its publishing on Monday, the campaign targets Microsoft Windows users and has a high severity level. Their most crucial observation is that the attackers have innovated by integrating a modified version of the Havoc framework, Havoc Demon Agent, with the Microsoft Graph API, effectively hiding their malicious communications within the legitimate traffic of well-known cloud services.

For your information, Havoc is an open-source post-exploitation command and control framework used in red teaming exercises and attack campaigns to obtain full control of the target system.

The initial point of entry for this attack is a carefully crafted phishing email, which contains an HTML attachment designed to deceive the recipient into executing a malicious PowerShell command.

The Phishing Email (Source: FortiGuard Labs)

Through a technique known as “ClickFix,” in which users are tricked into executing malicious commands, the attachment presents a fake error message, prompting the recipient to copy and paste a seemingly harmless command into their system’s terminal. However, this command initiates a chain of events that leads to the downloading/execution of further malicious scripts, which are strategically hosted on a SharePoint site, probably to obscure the malicious operation within a trusted cloud environment.

The initial PowerShell script performs checks to evade sandbox detection and then proceeds to download/execute a Python script, also hosted on SharePoint. This Python script acts as a shellcode loader and injects and executes a malicious DLL, KaynLdr, which reflectively loads an embedded DLL, and further complicates analysis by using API hashing.

The core of the attacker’s C2 infrastructure relies on the modified version of the Havoc Demon DLL as it leverages the Microsoft Graph API to establish communication channels that blend seamlessly with legitimate cloud traffic. The “SharePointC2Init” function within the DLL obtains access tokens for the Microsoft Graph API and creates two files within the victim’s SharePoint document library, each named with a unique identifier derived from the compromised system.

These files act as channels for transmitting victim information and receiving C2 commands, while the entire communication is handled by the modified “TransportSend” function and encrypted using AES-256 in CTR mode. The agent then parses and executes these commands, which include a wide range of post-exploitation capabilities, such as information gathering, file operations, and token manipulation.

FortiGuard Labs’s discovery highlights the evolution of open-source C2 frameworks to create new, difficult-to-detect attacks and the growing need for adopting advanced security measures against such attacks.

“In addition to staying alert for phishing emails, guided messages that encourage opening a terminal or PowerShell must be handled with extra caution to prevent inadvertently downloading and executing malicious commands,” FortiGuard’s researchers concluded.

The attack Flow (Source: FortiGuard Labs)

In a comment to Hackread.com, Thomas Richards, Principal Consultant and Network and Red Team Practice Director at Black Duck, a Burlington, Massachusetts-based application security provider, noted that hackers are using trusted Microsoft services to evade detection, showing a high level of sophistication, but what stands out is that their attack method requires more manual action from the victim than usual.

_“_These bad actor groups aim for obfuscation so they can achieve their goals. It’s not unusual to see them use open-source frameworks, however, the use of legitimate Microsoft services shows a level of sophistication that is concerning. Using those services allows them to hide in plain sight and have the benefits of being trusted servers,_“_ Thomas explained. _“_What is surprising about this is the level of manual intervention needed on the victim for the attack to be a success. Usually with these campaigns, the bad actors want as little interaction as possible on the victim’s part aside from clicking on a link._“_

Tag

#intel