AI-Powered Cybercrime Surges as Ransomware and Data Breaches Dominate Latest Threat Landscape
The past month has seen a sharp escalation in cyber threats, with artificial intelligence (AI) accelerating cybercrime, ransomware attacks reaching new highs, and major organizations facing breaches highlighting the growing sophistication of digital threats.
AI as a Cybercrime Accelerator
AI is increasingly being weaponized by hackers, with Verizon’s 2026 Data Breach Investigations Report revealing that nearly a third of breaches now originate from software vulnerabilities surpassing stolen passwords as the primary attack vector. Generative AI tools enable cybercriminals to rapidly identify weaknesses and develop malware, compressing the window for defenders to respond. CrowdStrike reported an 89% year-on-year increase in AI-enabled attacks in 2025, empowering both novice and advanced threat actors.
A notable case involves Anthropic’s Claude Mythos, an AI model designed to bolster cybersecurity but later found to pose risks to the systems it was meant to protect. During testing with 50 partner organizations, Mythos uncovered over 10,000 vulnerabilities in a single month. However, Anthropic suspended access to its latest models (Claude Fable 5 and Mythos 5) after U.S. authorities raised national security concerns, citing potential "jailbreaking" techniques that could expose new attack vectors.
Ransomware Attacks Intensify
Ransomware remains a dominant threat, with Check Point Research recording a 48% surge in May 2026. The education sector was hit hardest, averaging 4,641 weekly attacks per organization a 7% increase year-on-year followed by government and telecommunications. Retail also faced significant disruptions, including a breach at 7-Eleven, where hackers leaked 9.4GB of franchisee data after failed ransom negotiations.
Manufacturing giant Foxconn, a key supplier for Apple, Google, Nvidia, and Sony, fell victim to an extortion attack in May. Hackers claimed to have stolen 11 million files, including sensitive customer data, underscoring the risks to global supply chains.
Key Breaches and Regulatory Developments
- 23andMe (now Chrome Holding) faces legal action from California over a 2023 breach that exposed 7 million customers’ genetic and family data. The UK’s Information Commissioner’s Office previously fined the company for inadequate protections.
- Carnival Cruises disclosed a social engineering attack affecting nearly 6 million passengers, offering affected U.S. travelers two years of credit monitoring.
- GitHub suffered a breach after hackers compromised an employee’s device via a malicious Visual Studio Code extension, stealing 3,800 internal repositories though no customer-facing systems were impacted.
- U.S. Congress introduced the Great American AI Act, proposing a federal AI governance framework, including a Center for AI Standards and Innovation and fines up to $1 million per violation for non-compliance with transparency requirements.
AI’s Dual Role in Cybersecurity
While AI fuels cybercrime, it is also becoming a critical defense tool. The World Economic Forum’s AI and Cyber: Empowering Defenders report found that organizations using AI for phishing detection, anomaly monitoring, and incident response reduced breach lifecycles by 80 days and cut costs by up to $1.9 million. However, sectors like education, healthcare, and NGOs where disruptions have real-world consequences remain particularly vulnerable due to resource constraints.
As AI reshapes cybersecurity, the race between attackers and defenders continues to intensify, with high-stakes breaches and regulatory shifts defining the latest threat landscape.
Source: https://www.weforum.org/stories/2026/06/ai-cybercrime-and-other-cybersecurity-news/
Anthropic cybersecurity rating report: https://www.rankiteo.com/company/anthropicresearch
Foxconn cybersecurity rating report: https://www.rankiteo.com/company/foxconn
7-Eleven cybersecurity rating report: https://www.rankiteo.com/company/7-eleven
Carnival Corporation cybersecurity rating report: https://www.rankiteo.com/company/carnival-corporation
GitHub cybersecurity rating report: https://www.rankiteo.com/company/github
"id": "ANTFOX7-ECARGIT1781576848",
"linkid": "anthropicresearch, foxconn, 7-eleven, carnival-corporation, github",
"type": "Vulnerability",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '7 million',
'industry': 'healthcare/biotechnology',
'location': 'USA/UK',
'name': '23andMe (Chrome Holding)',
'type': 'genetic testing company'},
{'industry': 'convenience stores',
'name': '7-Eleven',
'type': 'retail'},
{'industry': 'electronics manufacturing',
'name': 'Foxconn',
'type': 'manufacturer'},
{'customers_affected': '6 million',
'industry': 'cruise line',
'location': 'USA',
'name': 'Carnival Cruises',
'type': 'travel'},
{'industry': 'software development',
'name': 'GitHub',
'type': 'technology'},
{'industry': 'education',
'name': 'Education Sector',
'type': 'sector'},
{'industry': 'government',
'name': 'Government Sector',
'type': 'sector'},
{'industry': 'telecommunications',
'name': 'Telecommunications Sector',
'type': 'sector'}],
'attack_vector': ['software vulnerabilities',
'social engineering',
'malicious extensions'],
'customer_advisories': ['Carnival Cruises offered credit monitoring to '
'affected passengers'],
'data_breach': {'data_exfiltration': ['Foxconn (11 million files)',
'7-Eleven (9.4GB)'],
'number_of_records_exposed': ['7 million (23andMe)',
'9.4GB (7-Eleven)',
'11 million files (Foxconn)',
'3,800 (GitHub)'],
'personally_identifiable_information': ['genetic data '
'(23andMe)',
'passenger data '
'(Carnival Cruises)'],
'sensitivity_of_data': ['high (genetic data)',
'medium (customer data)',
'high (internal repositories)'],
'type_of_data_compromised': ['genetic data',
'family data',
'franchisee data',
'customer data',
'internal repositories']},
'description': 'The past month has seen a sharp escalation in cyber threats, '
'with artificial intelligence (AI) accelerating cybercrime, '
'ransomware attacks reaching new highs, and major '
'organizations facing breaches highlighting the growing '
'sophistication of digital threats.',
'impact': {'brand_reputation_impact': ['23andMe',
'Carnival Cruises',
'Foxconn'],
'data_compromised': ['genetic and family data',
'franchisee data',
'customer data',
'internal repositories'],
'identity_theft_risk': ["6 million passengers' data exposed "
'(Carnival Cruises)',
"7 million customers' genetic data "
'(23andMe)'],
'legal_liabilities': ['23andMe facing legal action in California',
'UK ICO fines'],
'operational_impact': ['supply chain disruption',
'retail disruptions'],
'systems_affected': ['GitHub internal repositories',
'7-Eleven franchisee systems',
'Foxconn customer data systems']},
'initial_access_broker': {'entry_point': ['malicious Visual Studio Code '
'extension (GitHub)']},
'lessons_learned': 'AI is both a tool for cybercriminals and a critical '
'defense mechanism. Sectors like education, healthcare, '
'and NGOs remain vulnerable due to resource constraints. '
'Organizations using AI for cybersecurity reduced breach '
'lifecycles by 80 days and cut costs by up to $1.9 '
'million.',
'motivation': ['financial gain', 'data exfiltration', 'extortion'],
'post_incident_analysis': {'corrective_actions': ['AI governance frameworks '
'(Great American AI Act)',
'enhanced monitoring',
'AI-driven cybersecurity '
'tools'],
'root_causes': ['AI-enabled attack vectors',
'software vulnerabilities',
'social engineering',
'malicious extensions']},
'ransomware': {'data_exfiltration': ['Foxconn (11 million files)',
'7-Eleven (9.4GB)']},
'recommendations': ['Enhance AI governance and transparency (Great American '
'AI Act)',
'Improve phishing detection and anomaly monitoring using '
'AI',
'Strengthen protections for high-risk sectors (education, '
'healthcare, NGOs)',
'Adopt AI-driven incident response strategies'],
'references': [{'source': 'Verizon’s 2026 Data Breach Investigations Report'},
{'source': 'CrowdStrike Report on AI-enabled attacks (2025)'},
{'source': 'Check Point Research (May 2026)'},
{'source': 'World Economic Forum’s *AI and Cyber: Empowering '
'Defenders* report'}],
'regulatory_compliance': {'fines_imposed': ['UK ICO fines (23andMe)'],
'legal_actions': ['California legal action '
'(23andMe)',
'Great American AI Act '
'(proposed)'],
'regulations_violated': ['UK Data Protection Act '
'(23andMe)',
'California data '
'protection laws '
'(23andMe)']},
'response': {'communication_strategy': ['Carnival Cruises offered credit '
'monitoring to affected passengers']},
'title': 'AI-Powered Cybercrime Surge and Major Ransomware/Data Breaches',
'type': ['ransomware', 'data_breach', 'AI-enabled attack'],
'vulnerability_exploited': ['AI-enabled attack vectors',
'jailbreaking techniques',
'Visual Studio Code extension compromise']}