An AI-powered phishing campaign has compromised hundreds of organizations | CyberScoop<\/title> <meta name=\"description\" content=\"Huntress researchers said it\u2019s likely the victims in Railway\u2019s customer set represent just a fraction of compromised organizations worldwide.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/huntress-railway-ai-phishing-campaign-compromised-hundreds-of-organizations\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"An AI-powered phishing campaign has compromised hundreds of organizations\"> <meta property=\"og:description\" content=\"Huntress researchers said it\u2019s likely the victims in Railway\u2019s customer set represent just a fraction of compromised organizations worldwide.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/huntress-railway-ai-phishing-campaign-compromised-hundreds-of-organizations\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-03-23T17:27:20+00:00\"> <meta property=\"article:modified_time\" content=\"2026-03-23T17:27:23+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-2.jpg\"> <meta property=\"og:image:width\" content=\"2448\"> <meta property=\"og:image:height\" content=\"1224\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1773246214g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1772477397g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1773271249g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88348\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88348\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fhuntress-railway-ai-phishing-campaign-compromised-hundreds-of-organizations%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fhuntress-railway-ai-phishing-campaign-compromised-hundreds-of-organizations%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88348 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/huntress-railway-ai-phishing-campaign-compromised-hundreds-of-organizations\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.380281690141\">\n<div class=\"single-article__header-content\" readability=\"34.423357664234\">\n<p> Huntress researchers said it\u2019s likely the victims in Railway\u2019s customer set represent just a fraction of compromised organizations worldwide. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88348\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"320\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations.jpg?resize=640%2C320&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-2.jpg 2448w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-2.jpg?resize=300,150 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-2.jpg?resize=768,384 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-2.jpg?resize=1024,512 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-2.jpg?resize=1536,768 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-2.jpg?resize=2048,1024 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-2.jpg?resize=600,300 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-2.jpg?resize=1200,600 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-2.jpg?resize=1500,750 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"67.013857557203\"><body readability=\"135.30231735362\"><\/p>\n<p>A <a href=\"https:\/\/www.huntress.com\/blog\/railway-paas-m365-token-replay-campaign\">phishing campaign<\/a> tied to AI cloud-hosting service Railway has given hackers access to the Microsoft cloud accounts for hundreds of businesses, according to researchers at Huntress.<\/p>\n<p>Rich Mozeleski, product manager for Huntress\u2019 identity team, told CyberScoop the campaign is currently tied to a smaller actor and approximately a dozen IP addresses, but has managed to compromise hundreds of targets in the past few weeks.<\/p>\n<p>In early March it was compromising a few dozen targets a day, but starting March 3, there was a \u201cmassive increase\u201d in that tempo. Mozeleski said that in addition to being more sophisticated than usual, there were no identical emails or domains used, leading researchers to suspect that they may have been generated through artificial intelligence tools. The templates ranged from traditional email lures to QR codes and co-opted file-share sites.<\/p>\n<p class=\"has-text-align-left\">\u201cJust the amount of it was like Pandora\u2019s Box had opened, and the efficacy was just through the roof,\u201d Mozeleski said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<figure class=\"wp-block-image size-large is-resized\"><img data-recalc-dims=\"1\" decoding=\"async\" height=\"439\" width=\"640\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations.png?resize=640%2C439&ssl=1\" alt=\"A custom file download phishing lure used in the campaign. Researchers believe the attackers used AI to generate unique lures at scale. (Source: Huntress)\" class=\"wp-image-88349\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-1.png 1506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-1.png?resize=300,206 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-1.png?resize=768,526 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-1.png?resize=1024,702 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-1.png?resize=600,411 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-1.png?resize=245,168 245w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-1.png?resize=492,337 492w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-1.png?resize=985,675 985w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-1.png?resize=1230,843 1230w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"><\/figure>\n<p><em>A custom file download phishing lure used in the campaign. Researchers believe the attackers used AI to generate unique lures at scale. (Source: Huntress)<\/em><\/p>\n<p>The phishing campaign exploits Microsoft\u2019s authentication flow for devices such as smart TVs, printers and terminals, which gives the attacker valid OAuth tokens for that account for up to 90 days without needing a password or multifactor authentication.<\/p>\n<p>Ultimately, Huntress has seen hundreds of its customers fall for the phishing scams, though they claim to have prevented post-compromise activity in all cases. But they also believe their customers represent only a small fraction of the likely total victim set, which could number in the thousands.<\/p>\n<p>The affected entities span a range of sectors: construction and trade companies, law firms, nonprofits, real estate, manufacturing, finance and insurance, healthcare, government and public safety organizations were all among the 344 victims detailed in the Huntress blog.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>To protect customers, Mozeleski said Huntress issued a conditional access policy update Wednesday to 60,000 Microsoft cloud tenants on emails coming from Railway domains, an act he described as \u201cnot anything we\u2019ve ever done before.\u201d<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-weaponizing-vibe-coded-infrastructure\">Weaponizing vibe-coded infrastructure<\/h2>\n<p>Researchers believe the attackers were weaponizing Railway\u2019s Platform as a Service \u2014 built to help non-coders build websites and tools \u2014 to spin up credential harvesting infrastructure for the campaign.<\/p>\n<p>By using compromised domains and pumping out bespoke lures, the phishing emails avoid most commercial email filtering solutions. It\u2019s not clear if they used Railway\u2019s AI tool or a separate one to generate the lures. Either way, all the attacks Huntress has observed are coming through Railway.com IP infrastructure.<\/p>\n<p>In response to questions from CyberScoop on Friday, Railway solutions engineer Angelo Saraceno said the company is aware of the incident and was first contacted by Huntress on March 6 regarding phishing traffic originating from a specific IP address and three domains. \u201cThe associated accounts were banned and the domains were blocked,\u201d Saraceno said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cOur heuristics are built to catch correlations: repeated credit cards, shared code sources, overlapping infrastructure,\u201d he wrote in an email. \u201cWhen a campaign avoids those signals, it gets further than we\u2019d like.\u201d<\/p>\n<p>Saraceno called Railway\u2019s fraud detection \u201ca balance\u201d between catching bad actors and getting flooded with false positives, pointing to an<a href=\"https:\/\/blog.railway.com\/p\/incident-report-february-11-2026\"> incident<\/a> in February when fine-tuning in the company\u2019s automated abuse enforcement system led to a customer outage.<\/p>\n<p>Earlier Friday, Mozeleski told CyberScoop that Huntress continued to see more than 50 compromises a day tied to Railway phishing domains. When asked what more Railway could have done to prevent abuse of their platform, he said vetting and validation on the free use of their product could be improved. He pointed to products with similar trials, like MailChimp and HubSpot, that have controls and oversight in place so users can\u2019t \u201cgo pump in a million contacts and start spamming.\u201d<\/p>\n<p>\u201cDo not allow anybody to come in, start a trial, spin up resources, and start using your infrastructure\u201d for cyberattacks, he said.<\/p>\n<p>One of the more striking contrasts of the campaign was the use of AI to create phishing infrastructure akin to a state-sponsored threat actor or advanced cybercriminal group in service of a garden-variety phishing scam.<\/p>\n<p>It bolsters warnings coming from cybersecurity experts that low-level cybercriminals \u2014 often called \u201cscript kiddies\u201d for their reliance on automated hacking tools \u2014 are poised to become one of the biggest beneficiaries of the generative AI era. Last month, John Hultquist, chief analyst at Google\u2019s Threat Intelligence Group, <a href=\"https:\/\/cyberscoop.com\/state-hackers-using-gemini-google-ai\/\">said<\/a> that he expects that AI tools will help \u201csmaller cybercriminal outfits more than state-sponsored hackers.\u201d <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Testimonials on Railway\u2019s website tout the service\u2019s ability to deliver \u201cvertical auto-scale out of the box\u201d, while another said it \u201cmakes spinning up self-hosted third-party tools almost effortless.\u201d<\/p>\n<p>It may also give them a leg up on victim organizations that have more restrictive internal policies around the use of AI for cyber defense.<\/p>\n<p>\u201cWe are seeing crooks as the first movers of AI,\u201d said Prakash Ramamurthy, chief product officer at Huntress. \u201cThey don\u2019t have any qualms about PII, they don\u2019t have any qualms about model training \u2026 and this incident, just in the sheer pace at which it has evolved, is kind of a testament to that.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.5579710144928\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/huntress-railway-ai-phishing-campaign-compromised-hundreds-of-organizations\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An AI-powered phishing campaign has compromised hundreds of organizations |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,384,282,78,60,256,6249],"tags":[236,388,286,86,67,262,6250],"class_list":["post-8456","post","type-post","status-publish","format-standard","hentry","category-ai","category-artificial-intelligence-ai","category-cybercrime","category-cybersecurity","category-phishing","category-research","category-threat-intell","tag-ai","tag-artificial-intelligence-ai","tag-cybercrime","tag-cybersecurity","tag-phishing","tag-research","tag-threat-intell"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/artificial-intelligence-ai\/\" rel=\"category tag\">artificial intelligence (AI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/phishing\/\" rel=\"category tag\">phishing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threat-intell\/\" rel=\"category tag\">threat intell<\/a>","tag_info":"threat intell","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8456","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8456"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8456\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8456,"date":"2026-03-23T12:27:20","date_gmt":"2026-03-23T17:27:20","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88348"},"modified":"2026-03-23T12:27:20","modified_gmt":"2026-03-23T17:27:20","slug":"an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/03\/23\/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations\/","title":{"rendered":"An AI-powered phishing campaign has compromised hundreds of organizations"},"content":{"rendered":"