HX Weekly by Hexagon Center
Posts
AI and Cybersecurity is complicated relationship

AI and Cybersecurity is complicated relationship

The 123rd edition of HX Weekly highlights a critical escalation in the cyber threat landscape, driven by the automation of Phishing-as-a-Service (PaaS) kits like Kali365, which bypass security by hijacking Microsoft 365 access tokens. Threat actors are rapidly democratizing cybercrime by deploying “no-code” malware builders and live credential interception, while aggressive fraud campaigns target Formula 1 and 2026 World Cup fans. Defensive AI tools like Claude Mythos are uncovering thousands of high-severity software flaws, but the accelerating pace of AI-assisted exploits has triggered societal anxiety and law enforcement warnings about a rise in anti-tech extremism. Hexagon Center emphasizes that basic caution is insufficient; individuals must intentionally build active cyber intuition and split-second zero-trust habits to defend against highly automated adversaries.

Daniel Masterson, Ai Courtrie Buson & Bard Gee
May 29, 2026

HX Weekly
^{by Hexagon Center}

^{for the week of May 24, 2026, 123rd edition}

Subscribe at hexagoncenter.org

☝️ TWA

Phishing as a service

Photo by Dan Nelson on Unsplash

In the wake of recent advancements in artificial intelligence (AI), phishing has become increasingly automated. This development has resulted in a significant surge in phishing attempts in recent times.

🤷‍♀️ What now?: Have good cyber hygiene and cyber sense.

Tools: Subscribe to at least one cybersecurity publication like HX Weekly to help remind you to stay vigilant.

Meanwhile … FBI Warning: IT Personnel Impersonated by Cybercriminals

WATCH OUT ◉_◉ Kali365 Phishing-as-a-Service Kit Hijacks Microsoft 365 Access Tokens

MUST READ: The FBI warns Microsoft 365 services are being bombarded with new phishing emails — here are 3 steps you can take to stay safe

Echos: AI-Assisted Exploit Development Outpaces Scanner Detection

📰 Security Highlights

In other news, China overhauls world’s biggest surveillance network with advanced AI

GOOD READ: UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia

about this edition and Inside Hexagon

If you think this week’s theme is AI, it is not. Yes, a lot of AI in this week’s edition and they span the gamut. The AI story just seems to be getting more and more urgent and yet, nothing much has changed in the regulatory aspect.

BTMOB Android RAT Spreads Through No-Code Builder Tooling

No-code has come to malware. Attackers are now using remote access trojans to infiltrate into our system without even having to code.

Inside Hexagon

This coming week, we are entering the threshold of the 3rd year of Hexagon Center. We have definitely come a long way with a lot of programs developed to help people who reach out to us. For those who don’t know about Hexagon Center, it is your responsibility to tell them. Share how Hexagon Center can help with cybersecurity, breaches, scams, and technology.

The 123rd edition of HX Weekly highlights a critical escalation in the cyber threat landscape, driven by the automation of Phishing-as-a-Service (PaaS) kits like Kali365, which bypass security by hijacking Microsoft 365 access tokens. The rapid democratization of cybercrime is further evidenced by threat actors deploying "no-code" malware builders and live credential interception, alongside aggressive fraud campaigns targeting Formula 1 and 2026 World Cup fans. While defensive AI tools like Claude Mythos are fighting back by uncovering thousands of high-severity software flaws, the accelerating pace of AI-assisted exploits has triggered societal anxiety, prompting law enforcement warnings regarding a rise in anti-tech extremism. Entering its third year, Hexagon Center emphasizes that basic caution is no longer sufficient; individuals must intentionally build active cyber intuition and split-second zero-trust habits to defend against highly automated adversaries.

- HX Weekly Team

HOUSEKEEPING

Glossary/Legend:

Zero Trust - a strategic cybersecurity framework based on the principle of "never trust, always verify," requiring strict identity authentication and authorization for every user and device, whether inside or outside the network perimeter. It assumes breach, removes implicit trust, and employs granular, least-privilege access controls to protect resources.
Holistic security - a comprehensive strategy that integrates various protection layers—physical, digital, psycho-social, and organizational—to safeguard individuals, communities, or systems, recognizing that true security involves overall well-being, not just isolated technical defenses.

Personal Identifier - A unique word or phrase shared exclusively with an individual or a group, serving as a means of identification and affirmation within the established relationship. It is recommended that 2 or more Personal Identifiers be established per person.
Malware (short for malicious software) - refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.
Ransomware - A type of malware that locks or encrypts a victim's files and demands a ransom payment to unlock and decrypt them. Ransomware can infect a variety of devices, including computers, smartphones, printers, and more.

Privacy Notice: HX Weekly and the Hexagon Center are committed to your digital security. We do not collect, track, or store any personal information from our subscribers beyond the email address provided for delivery.

Spread cybersecurity culture

Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:

hexagoncenter.org

View archives at hxweekly.beehiiv.com

Even though we aim to provide you the most current and critical information to keep you safe, threat actors work 24/7 and this newsletter publishes only once a week. Even though we are available via a hotline, it is crucial that you stay up to date via other sources as well to be informed on how you may be at risk.

You may reply to this newsletter or email us at
[email protected]

Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.

_{Hexagon Center is formed as a nonprofit corporation in California for public benefit,}
_{and is tax-exempt under section 501(c)(3) of the Internal Revenue Code.}

_{Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments. Hexagon Center is}_not_{responsible for any cyber or scam attacks by our readers. HX Weekly tips are advice are not official positions of Hexagon Center nor is Hexagon Center responsible for its content.}

Content of this newsletter is not an official representation of Hexagon Center.

_{SEE MORE DISCLAIMER HERE}

Reply

or to participate.