As these platforms add more AI-driven automation: autonomous triage, auto-response, AI-based policy changes, how are you currently keeping track of what these AI components are actually doing?

Not asking about threat detection quality. More about the operational side, do you know when an AI feature took an automated action? Do you review it? Is there any process around it or is it pretty much set and forget?

Genuinely curious how teams are handling this in practice.

I’ve been analyzing a phishing campaign that abuses Google Cloud Storage (storage.googleapis.com) as a redirect layer to send victims to multiple scam pages hosted mostly on .autos domains.

The phishing themes include fake Walmart surveys, Dell giveaways, Netflix rewards, antivirus renewal alerts, storage full warnings, and fake job lures.

We recently published a paper showing how generative AI can dramatically reduce the barrier to entry for robot hacking.

Using Cybersecurity AI (CAI), we analyzed three real consumer robots:

• a robotic lawn mower

• a powered exoskeleton

• a window-cleaning robot

In ~7 hours the system identified 38 vulnerabilities including:

– firmware exploitation paths

– BLE command injection

– unauthenticated root access

– safety-critical control exposure

Historically, uncovering these kinds of vulnerabilities required weeks or months of specialized robotics security research.

The paper argues that we are entering a new phase where AI-assisted attackers can scale faster than traditional robot security defenses.

We also discuss the implications for consumer robotics privacy, safety and regulatory compliance (e.g. GDPR).

Paper (arXiv):

https://arxiv.org/pdf/2603.08665

Happy to answer technical questions.

A high-severity (CVSS 7.8) security feature bypass in Microsoft Office is being actively exploited in the wild, with a public PoC already available and the vuln now on CISA's KEV catalog. Root cause is unvalidated input handling (CWE-807) that allows malicious OLE/COM objects in crafted documents to bypass built-in protections. Attack vector is local with no privileges required — just a user opening a phishing-delivered Office file. Affects Office 2016, 2019, LTSC 2021/2024, and Microsoft 365 Apps on x86/x64. Microsoft dropped an out-of-band emergency patch on January 26, 2026. Office 2016/2019 also require a registry-based mitigation. Confirmed targeting of government agencies, critical infrastructure, and maritime/transport sectors.

• MicroStealer exposes a broader business risk by stealing browser credentials, active sessions, and other sensitive data tied to corporate access.
• The malware uses a layered NSIS → Electron → JAR chain that helps it stay unclear longer and slows confident detection.
• Distribution through compromised or impersonated accounts makes the initial infection look more trustworthy to victims.

Update (March 13, 2026):

Several major developments since this was posted:

1. Packet Storm Security — Advisory published: https://packetstorm.news/files/id/217089

2. Apple Product Security — Confirmed forwarding to investigation team (Ticket OE01052449093014). Apple is actively investigating Alipay iOS app.

3. Google Play — Policy violation investigation confirmed (Case #9-7515000040640).

4. Singapore PDPC — Formal investigation opened (Case #00629724).

5. HKCERT — Forwarded report to CNCERT (China National CERT).

6. MITRE CVE — 6 CVEs pending (Ticket #2005801), CVSS 7.4–9.3.

Vendor (Ant Group) continues to maintain these are "normal functionality" and has issued no patch.

Full report: https://innora.ai/zfb/