Security Now 1082: AI Threats, Ransomware, Cisco Vulnerabilities, and AI-Powered Worms

This episode of Security Now delves into several pressing cybersecurity issues, beginning with the malicious use of artificial intelligence (AI) and how threat actors are leveraging advanced AI models like those from Anthropic. The hosts discuss a year-long study by Anthropic, where a 'red team' tracked how bad actors abused their AI model, Claude, mapping these abuses to the MITRE ATT&CK framework—a structured knowledge base of cyberattack tactics and techniques. The findings reveal that attackers are rapidly adopting AI to enhance their campaigns, making attacks more sophisticated and harder to detect. For example, AI can automate the creation of convincing phishing emails, generate malicious code, or even adapt attacks in real time based on defenses encountered. The practical implication is clear: organizations must adopt equally advanced AI-driven security tools to counter these threats, as traditional defenses may no longer suffice. Another major topic is the alarming trend of ransomware targeting high-value entities like law firms. The episode highlights a case where a prominent U.S. law firm, Wachtell, Lipton, Rosen & Katz, paid a $20 million ransom to prevent the leak of confidential client data. The attackers, part of the 'Silent Ransom Group,' specifically targeted law firms due to their access to sensitive information and deep financial resources. The hosts argue that this shift in targeting reflects a broader decline in ransom payments from typical corporations, as many now refuse to pay and instead rely on backups or accept the breach as an unfortunate but manageable cost. For law firms, however, the reputational and legal consequences of a data leak are severe, making them more likely to pay. This underscores the need for industries handling sensitive data to prioritize cybersecurity measures, such as encryption, multi-factor authentication, and employee training to mitigate the risk of such attacks. The episode also covers the persistent security vulnerabilities in Cisco’s SD-WAN software, which has been plagued by multiple zero-day exploits in recent years. Zero-day vulnerabilities are flaws unknown to the vendor and thus unpatched, making them prime targets for attackers. The hosts express frustration at Cisco’s repeated failures to secure its products, despite its dominant position in networking infrastructure. They speculate that Cisco’s rapid growth through acquisitions may have led to inconsistent security practices across its product lines. The practical takeaway is that organizations using Cisco’s SD-WAN solutions must stay vigilant, apply patches immediately, and consider additional security layers, such as network segmentation or intrusion detection systems, to protect against these ongoing threats. A particularly concerning segment focuses on 'WeedHack,' a malware-as-a-service (MaaS) campaign targeting Minecraft players, primarily teenagers. The malware disguises itself as free Minecraft mods or game clients, infecting over 116,000 victims since January 2026. What makes WeedHack unique is its low barrier to entry—it offers a free version to anyone with a Discord account, with premium features like webcam access starting at just $5 per month. The hosts highlight how this accessibility has turned teens into both victims and attackers, with some using the malware to harass peers by recording webcam footage or stealing personal data. This raises ethical and legal concerns, as young users may not fully grasp the criminal nature of their actions. Parents and educators are urged to monitor children’s online activities, educate them about the risks of downloading unverified software, and report suspicious behavior to authorities. Finally, the episode explores the creation of the first AI-powered internet worm by researchers at the University of Toronto and the Vector Institute. Unlike traditional worms that exploit a single vulnerability, this AI-driven worm uses recursive reasoning to adapt and exploit multiple vulnerabilities across different systems, making it far more resilient. The worm was tested in a controlled environment, demonstrating its ability to propagate across Linux, Windows, and IoT devices. While the researchers emphasize the need for better AI security evaluations, the hosts caution that such worms could become a reality if defenses do not evolve. The key takeaway is that AI’s dual-use nature—beneficial for security but also a potent tool for attackers—demands proactive measures, such as stricter code audits, AI-driven threat detection, and international collaboration to prevent misuse.