
Coverage: Last 24 hours
Today’s Highlights
Attackers are leveraging AI tools to speed up social engineering, persistence, and lateral movement. Security teams must adjust assumptions about attacker capability, tooling, and dwell time as automation and AI become integral to offensive campaigns. Major themes today include AI-driven phishing campaigns targeting Microsoft 365, AI-powered memory manipulation in workflow agents, and the regulatory shifts in AI data usage and privacy.
Table of Contents
- ⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More
- New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email
- Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft
- Meta Files Patent for AI That Can Listen All Day and Track How You’re Feeling
- Thinking Fast and Slow in the SOC: The Case for Combining Autonomous AI with Analyst Copilots
- Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory
- Ed Husic says weakening copyright to benefit AI companies would betray Labor party’s ethos
Top Stories
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More
Source: The Hacker News | Risk: High | Impacted: Cloud file-sharing users, Citrix customers, Organizations lagging on patching
Summary: Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t file tickets. That’s the shape of this week. Trusted code turns on the people who installed it. Old bugs
Why it matters: Attackers exploiting automation and old flaws present an operational risk by shortening response windows and amplifying the pace at which exploitation outpaces remediation cycles.
Practitioner Perspective
Security teams must recalibrate their response strategies, as adversaries armed with automated and AI-driven tools are rapidly exploiting both legacy and newly-released vulnerabilities. Traditional patch and detection cycles are being outpaced, especially when attackers use the same or superior tooling at scale. The value proposition of defense-in-depth rises as exploitation becomes a race; relying solely on signature-based tools or scheduled patch windows is increasingly obsolete. Teams should prioritize detection engineering for lateral movement and privilege escalation, especially as ransomware affiliates weaponize automation. Defenders can no longer assume that time is on their side.
Recommended Actions
- Prioritize emergency patching for Citrix NetScaler Gateways/ADC platforms targeted by ransomware
- Restrict access to ShareFile via network segmentation and conditional access controls
New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email
Source: The Hacker News | Risk: High | Impacted: Users employing AI agents with memory and inbox integration, Organizations automating workflow decisions via generative AI
Summary: Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false “fact” about the user, hide the change, and quietly steer its answers in later sessions. When it works, the person reads an
Why it matters: Data poisoning in AI agents through manipulated email content lets attackers stealthily influence downstream actions and recommendations, jeopardizing the integrity of user decision-making and workflow automation.
Practitioner Perspective
Organizations deploying AI agents with persistent memory and inbox access are exposed to subtle integrity threats via crafted social engineering emails. This persistence elevates risk beyond traditional phishing, as poisoned ‘facts’ can steer sensitive workflows long after initial compromise. The pace of AI adoption is pushing the boundaries of trust models, with few controls on verifying or sanitizing agent memories. Defenders need to view AI workflows as new attack surfaces with business logic risks. Security leaders must assess manipulations that are harder to detect than simple credential theft.
Recommended Actions
- Audit permissions granted to AI inbox agents and restrict unnecessary email access
- Deploy monitoring for abnormal outbound or AI-initiated email behaviors from agent accounts
Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft
Source: The Hacker News | Risk: High | Impacted: Microsoft 365 business tenants, Organizations with staff using personal devices for corporate email, Security teams reliant on legacy MFA
Summary: A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed via Telegram and costing $400 a month (or $3,800 per year), attack chains leverage phishing
Why it matters: Commercialization of advanced phishing targeting Microsoft 365 means credential and session theft is accessible to less skilled attackers, increasing the scale and success rate of business email compromise campaigns.
Practitioner Perspective
Forg365 lowers the barrier to entry for adversaries seeking to compromise Microsoft 365 environments using device code phishing and adversary-in-the-middle (AitM) operations. This model introduces reliable, scalable attack chains and improves post-access persistence through mailbox manipulation. As AI-aided lure generation becomes the norm, traditional user awareness training and basic conditional access policies are insufficient. Security analysts should expect more subtle and well-crafted campaign flows, requiring deeper telemetry and more granular session anomaly detection. The threat landscape for cloud identity is worsening, not improving.
Recommended Actions
- Roll out device code phishing-resistant MFA (such as FIDO2) for all Microsoft 365 users
- Enable continuous risk-based conditional access in Microsoft Entra
Meta Files Patent for AI That Can Listen All Day and Track How You’re Feeling
Source: The Hacker News | Risk: Medium | Impacted: Enterprises with BYOD policies, Users interacting with AI assistants on endpoint devices, Data protection and compliance teams
Summary: Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every read. Each read gets pinned to the moment it happened: the time, your location, what you were doing, even how you were using
Why it matters: Continuous voice and behavioral tracking by consumer AI platforms vastly increases privacy risk, regulatory exposure, and the likelihood of sensitive information leakage in enterprise-connected environments.
Practitioner Perspective
Enterprises whose workforce interacts with consumer AI tools should re-examine their acceptable use and data protection controls in light of expanded sensor capabilities. Persistent environmental listening and emotional profiling could yield unexpected data exfiltration or regulatory breaches, even through non-malicious use. As data collection becomes ambient and always-on, legal and privacy reviews should consider both inadvertent leakage and targeted surveillance implications. Security teams should be aware that user devices may become uncontrollable sources of sensitive telemetry. Policies will need to evolve as consumer and workplace tech boundaries blur.
Recommended Actions
- Review mobile device management (MDM) controls to restrict microphone and sensor access by non-corporate AI assistants
- Update data loss prevention policies to include ambient voice data streams where feasible
Thinking Fast and Slow in the SOC: The Case for Combining Autonomous AI with Analyst Copilots
Source: The Hacker News | Risk: Medium | Impacted: Security operations centers adopting AI automation, Organizations with AI-enabled detection or triage, SOC architects and process owners
Summary: A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI agents in the SOC. Smart team. Serious program. They had already connected Claude to a few detection tools and were seeing real value in specific investigations. But as we mapped out the broader architecture, something
Why it matters: Overreliance on autonomous AI agents in the SOC without transparent oversight or context-aware guidance raises the risk of missed detections, mis-prioritized alerts, and unpredictable outcomes during incident response.
Practitioner Perspective
Security operation centers integrating AI copilots must address the challenge that AI can amplify both strengths and errors at scale. Blind trust in autonomous workflows risks codifying gaps in detection or investigation procedures, especially in fast-moving environments where context truly matters. AI output may lack nuance or context that human analysts provide, making layered workflows, human-in-the-loop, not human out-of-loop, critical for high-assurance investigations. SOC leads must strike a balance: leverage AI for speed and capacity, but embed rigorous validation and escalation paths. The quality of incident response increasingly hinges on workflow design, not just tools.
Recommended Actions
- Conduct tabletop exercises with AI-assisted investigation to reveal context gaps and potential blind spots
- Mandate escalation of critical alerts from AI agents to human analysts for final review
Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory
Source: The Hacker News | Risk: High | Impacted: Windows domain environments, Organizations with exposed or under-instrumented Active Directory, Teams relying on legacy PowerShell script blocking
Summary: Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration. “The script looked for the Domain Controller (DC) and mapped users, computers, and domains, before creating a directory and exporting out a number of files, and finally creating AD_Report.html to measure the success of the
Why it matters: Automated generation of PowerShell enumeration scripts allows threat actors to accelerate Active Directory discovery and attack cycles, increasing the likelihood of rapid privilege escalation in compromised environments.
Practitioner Perspective
AI-driven script development gives attackers efficient, highly-targeted tooling for identity enumeration and lateral movement in Windows environments. Defenders should expect more diverse, customized PowerShell code in intrusions, reducing the effectiveness of static detection signatures. SOC teams must shift to behavior-based analytics for AD-related activity, as code similarity will no longer offer reliable coverage. This development compresses attacker dwell time and can lead to near-immediate compromise of critical accounts if not detected early. The focus must move to living-off-the-land techniques and the earliest chain-of-intrusion activities.
Recommended Actions
- Deploy AMSI-enabled EDR solutions for deep visibility into all PowerShell script execution in Active Directory environments
- Baseline and alert on unusual AD enumeration or mass export activity on domain controllers
Ed Husic says weakening copyright to benefit AI companies would betray Labor party’s ethos
Source: The Guardian | Risk: Medium | Impacted: Australian enterprises deploying AI, AI product or model developers, Legal, privacy, and risk management teams
Summary: Labor MP says ‘a fair day’s pay for a fair day’s work’ was a founding principle of the ALP as media union calls for tougher new rules on AI use of creative work Follow our Australia news live blog for latest updates Get our breaking news email, free app or daily news podcast The Labor MP Ed Husic says any
Why it matters: Political resistance to weakening copyright for AI datasets signals impending regulatory constraints on corporate AI adoption and training, with potential compliance and legal risks for organizations ingesting unlicensed data.
Practitioner Perspective
Any organization developing or deploying AI solutions in Australia should anticipate legal headwinds as policymakers push back on permissive copyright waivers for AI vendors. The regulatory environment may become less favorable for unchecked dataset use, exposing businesses to copyright infringement liabilities if procurement and engineering teams are not careful. Legal and compliance functions need to review supply chains and AI model provenance, especially if content creators push for stricter licensing or enforcement. Security teams supporting AI deployment should flag ambiguous areas in data sourcing or model training documentation. Noncompliance could lead to operational halts or retroactive claims.
Recommended Actions
- Inventory all datasets used in AI model development for copyright status and provenance
- Engage legal teams to audit vendor AI contracts for appropriate data licensing terms
Emerging Signals
No qualifying stories for this section today.
Exploits & CVEs
No qualifying CVE disclosures or active exploit stories in the last 24 hours.
AI Security
All major stories today focused on AI security and privacy themes, already detailed above.
Defensive Actions
- Assess and harden AI-enabled workflows for novel persistence or data poisoning vectors, particularly in messaging and workflow automation platforms.
- Monitor Microsoft 365 logins and session activity for device code and adversary-in-the-middle attack patterns, prioritizing FIDO2 or phishing-resistant MFA uptake across the tenant.
- Expand lateral movement and privilege escalation detection to account for dynamically generated attack scripts, focusing on behavior-based analytics in Active Directory.
- Track public and vendor-specific AI feature rollouts for privacy, data retention, and regulatory risk, ensuring legal review before company-wide enablement.
- Enable advanced audit logging for mailbox rules, forwarding, and sign-in anomalies; frequently review these logs for patterns associated with post-compromise persistence.
- Pilot red-teaming exercises designed to poison AI agent memory stores through crafted email and data manipulation.
- Require privacy and regulatory reviews before adopting new consumer AI features in enterprise or BYOD environments.
- Conduct tabletop exercises in the SOC that blend autonomous AI workflows with human analyst escalation and validation stages.
- Restrict AI agents’ access to sensitive inboxes and disable persistent memory or external information retention where not explicitly needed.
What We’re Watching
Security teams worldwide are adapting their strategies as AI-driven attacks become more sophisticated and regulatory bodies challenge large-scale data usage for model training. The next wave of innovation in defense will come from those able to combine rapid automation with measured, context-aware oversight. Stay vigilant for new exploits, evolving phishing tactics, and changes in policy affecting AI deployment and compliance.
Categories: Artificial Intelligence, Cybersecurity Blog
Leave a Reply