TZUTC: -0500   
   MSGID: 2058.consprcy@1:2320/105 2dde10c2   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Hackers are using LLMs to build the next generation of phishing attacks -   
   here's what to look out for   
      
   Date:   
   Mon, 26 Jan 2026 15:35:00 +0000   
      
   Description:   
   What if a phishing page was generated on the spot, with no visible malicious   
   code or payload?   
      
   FULL STORY   
      
   When Generative Artificial Intelligence (GenAI) first emerged, early opinion   
   makers were discussing dynamic websites - sites that are not designed upfront   
   and unveiled, but were rather generated on the spot, for the visitor,   
   depending on their location, keywords used, browsing habits, device used,   
   intent, and so on.    
      
   The age of static websites was apparently almost over, and that in no-time,   
   the content well see on the internet will be unique and tailored solely for   
   us.    
      
   While that dream still hasnt materialized, the pioneers of this approach will   
   most likely be - cybercriminals.   
      
   Not exactly theoretical    
      
   Security researchers from Palo Alto Networks Unit 42 arm have found the   
   technique can be easily used in phishing.    
      
   In short, here is how it would work:    
      
   A victim would be phished to visit a seemingly benign webpage. It contains no   
   visible malicious code, but once loaded, it sends carefully crafted prompts    
   to a legitimate LLM API. The LLM returns JavaScript code (which is unique and   
   different for every user), which is then assembled and executed directly in   
   the browser.    
      
   As a result, the victims are presented with a fully functional, personalized   
   phishing page, generated with no static payload delivered over the network   
   which the researchers could intercept and analyze.    
      
   While the method is mostly a proof-of-concept today, its not purely   
   hypothetical, either. Unit 42 did not say it observed such an attack in the   
   wild, but hinted that the building blocks are being used.    
      
   LLMs are already generating obfuscated JavaScript, albeit offline; runtime    
   use on compromised machines is everywhere; LLM-assisted malware, ransomware,   
   and cyber-espionage campaigns are increasing in numbers every day.    
      
   Dynamically generated phishing pages are the future of scams, Unit 42   
   stressed, but added that detection is still possible through enhanced   
   browser-based crawlers.    
      
   Defenders should also restrict the use of unsanctioned LLM services at   
   workplaces. While this is not a complete solution, it can serve as an   
   important preventative measure, they added.    
      
   Finally, our work highlights the need for more robust safety guardrails in    
   LLM platforms, as we demonstrated how careful prompt engineering can   
   circumvent existing protections and enable malicious use.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/hackers-are-using-llms-to-build-the-nex   
   t-generation-of-phishing-attacks-heres-what-to-look-out-for   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426