Tag
A threat actor was observed in early June 2026 using AI-generated PowerShell scripts for Active Directory enumeration and then deploying s5cmd for data exfiltration after gaining initial access via RDP, indicating a shift towards AI-augmented tradecraft for rapid and aggressive campaigns.