CyberCapsule - January 2026

Last month we witnessed conflicting views on the efficacy of AI in cybercrime, a push for increased legislation to thwart AI-driven cybercrime, and a preview of Trump's cybersecurity strategy.

AI's Use In Cybercrime

• Petty Use of AI in Cybercrime? On November 26, 2025, Unit 42 profiled two leading LLMs used by hackers: Worm GPT 4 and KawaiiGPT. Both can write rudimentary malware and phishing emails, but not much else.
• Or Significant? On November 26, 2025, researchers revealed that because of AI's ability to produce flawless IDs, deepfakes, and autonomous bots, advanced fraud attacks surged 180% in 2025.
• Detection Evasion Detected. On November 26, 2025, Google's Threat Intelligence Group noted how cyber-attackers are integrating LLMs into malware to evade detection and augment their code on demand.

Strategy and Proposed Legislation

• Generating New AI Legislation. On November 26. 2025, Reps. Ted Lieu, D-Calif., and Neal Dunn, R-Md., introduced the AI Fraud Deterrence Act, which increases potential criminal fines and prison time for individuals that use AI tools to create convincing fake audio, video, or texts to carry out their schemes.
• Undeterred. On December 2, 2025, Rep. August Pfluger, R-Texas, revived the Cyber Deterrence and Response Act, legislation he first sponsored in 2022. The proposed legislation directs the executive branch to formally designate foreign parties behind major cyberattacks against the United States as a "critical cyber threat actor" who would be subject to sanctions.
• Something to Keep Your Eye On. On December 3, 2025, Axis Communications, a leading surveillance camera maker, pledged to follow CISA's Secure by Design campaign, which persuades vendors to fix basic flaws in their products that made them easy prey for hackers.
• Six-Pillar Strategy to Trump Biden's Cybersecurity Strategy. On December 4, 2025, the Trump administration announced the January release of its cybersecurity strategy based on: (i) cyber offense and deterrence; (ii) harmonizing regulations; (iii) strengthening the cyber workforce; (iv) federal procurement; (v) protection of critical infrastructure; and (vi) emerging technologies.
• Hygiene Check. On December 5, 2025, Bill Cassidy, R-La., and colleagues resurrected the 2023 Health Care Cybersecurity and Resiliency Act, which aims to improve coordination between HHS and CISA including providing coordinated training to health care providers.

As The World Turns

• Ready for LockBit 6.0? On December 7, 2025, researchers revealed that LockBit 5.0's infrastructure was exposed, revealing the IP address and domain to their leak site.
• Shakedown Takedown You're Busted. On December 8, 2025, the Financial Crimes Enforcement Network reported that ransomware peaked in 2023, totaling more than 1,500 incidents and $1.1 billion in reported payments, before the 2023 takedown of BlackCat and 2024 takedown of Lockbit.
• Not George Micheal's Careless Whisper. On December 8, 2025, security researchers identified a vulnerability in WhatsApp and Signal, dubbed Careless Whisper, which allows hackers to track user activity, monitors routines, drains battery life, and collects sensitive data using only a phone number.
• Seeking a Gentlemen? On December 11, 2025, security researches detailed the Gentlemen ransomware group first identified in August 2025. The group the group employs typical tactics seen in advanced ransomware groups, such as Group Policy Objects (GPO) manipulation and Bring Your Own Vulnerable Driver (BYOVD).
• But We Had MFA Enabled? On December 12, 2025, researchers chronicled a sophisticated phishing campaign whereby hackers bypass MFA to steal Okta session tokens to conduct man-in-the-middle attacks.
• A New Prince in Town. On December 18, 2025, security researchers discussed the resurrection of the Iranian hacking group (Prince of Persia) that has targeted networks and critical infrastructure organizations across the globe since the 2000s.

Click on our map of the United States, then choose "Data Breach Notification Statutes" or "Information Security Standards," and then click on the specific state for which you would like information.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.