AI Drives Sophisticated Phishing and Security Gaps

Researchers report that the cyberespionage group UTA0388 used ChatGPT to craft multilingual spear‑phishing messages and to scale a DLL‑side‑loading backdoor family known as GOVERSHELL. Industry surveys show even senior IT leaders frequently click phishing links and sometimes fail to report them, and many employees have shared confidential data with generative‑AI tools amid uneven workplace AI policies. Separately, high‑impact impersonation scams exploiting WhatsApp and mobile wallets are harming individuals and the broader digital economy, driven by low digital literacy and weak enforcement. Observers urge organizations to honestly assess and strengthen cybersecurity programs, including better training, reporting incentives, and clearer generative‑AI use policies. Taken together, these developments underscore an urgent need for cautious operational use of AI by defenders, stronger detection technologies, and comprehensive governance safeguards.