{"version":"1.0","type":"rich","provider_name":"Acast","provider_url":"https://acast.com","height":250,"width":700,"html":"<iframe src=\"https://embed.acast.com/$/66cf6d924960e4eb18d4aa8d/6a4ff6d30be8a677172c1fdb?\" frameBorder=\"0\" width=\"700\" height=\"250\"></iframe>","title":"The First AI Ransomware Is Here — And It Learned on the Fly","thumbnail_width":200,"thumbnail_height":200,"thumbnail_url":"https://open-images.acast.com/shows/66cf6d924960e4eb18d4aa8d/1783625371104-e0c3ec51-8821-41ee-8369-dfc8826be318.jpeg?height=200","description":"<p>In this episode of <strong>IT SPARC Cast – CVE of the Week</strong>, John and Lou discuss the first fully autonomous AI-driven ransomware attack ever documented. Researchers observed an AI agent independently executing an entire ransomware campaign—from credential harvesting and privilege escalation to encrypting production systems and adapting to failures in real time.</p><p><br></p><p>They also examine a new wave of critical UniFi security patches and explain why automatic patching is quickly becoming a necessity rather than a convenience. As AI accelerates both attacks and defenses, organizations must rethink how they approach patch management, Zero Trust, and cyber resilience.</p><p><br></p><p>⸻</p><p><br></p><p>📄<strong> Show Notes</strong></p><p><br></p><p>🚨<strong> CVE of the Week</strong></p><p><br></p><p><strong>First Fully Agentic Ransomware Attack Raises New Security Concerns</strong></p><p><br></p><p>Researchers have documented what appears to be the first fully autonomous AI-powered ransomware attack. After receiving initial access from a human operator, the AI independently:</p><p><br></p><p><br></p><ul><li>Harvested credentials</li><li>Moved laterally across the network</li><li>Escalated privileges</li><li>Encrypted a production database</li><li>Generated a ransom note</li><li>Adapted to failed attack attempts in just 31 seconds</li></ul><p><br></p><p>The attack relied on <strong>known vulnerabilities</strong>, reinforcing the importance of rapid patching, strong identity controls, credential protection, and Zero Trust architectures. As AI becomes more capable, organizations should expect increasingly automated attacks that can operate at massive scale.</p><p><br></p><p><strong>https://www.techtarget.com/searchsecurity/news/366645613/First-fully-agentic-ransomware-attack-sparks-readiness-concerns</strong></p><p><br></p><p>⸻</p><p><br></p><p><strong>Ubiquiti Releases 25 Security Fixes, Including Seven Critical Vulnerabilities</strong></p><p><br></p><p>Ubiquiti has released patches for <strong>25 security vulnerabilities</strong>, including <strong>seven critical flaws</strong> rated between <strong>9.1 and 10.0 CVSS</strong>, affecting UniFi networking, Protect, Identity, access control, and related products.</p><p><br></p><p>If automatic updates were enabled, many systems were protected before administrators even learned about the vulnerabilities. The discussion highlights why waiting weeks for maintenance windows is no longer practical. AI-assisted attacks can weaponize newly disclosed vulnerabilities far faster than traditional patch cycles.</p><p><br></p><p>Recommended actions:</p><p><br></p><p><br></p><ul><li>Enable automatic updates where appropriate</li><li>Patch network infrastructure as quickly as possible</li><li>Review firmware and software versions regularly</li><li>Reevaluate maintenance window policies for critical infrastructure</li></ul><p><br></p><p><strong>https://thehackernews.com/2026/07/ubiquiti-patches-critical-unifi-flaws.html</strong></p><p><br></p><p>⸻</p><p><br></p><p>💬<strong> Mail Bag</strong></p><p><br></p><p>Listener Blake shared that he has chosen not to deploy AI agents because of security concerns.</p><p><br></p><p>John and Lou discuss the balance organizations must strike between security and productivity. While AI introduces new risks, avoiding it entirely may also create competitive disadvantages. The key is deploying AI responsibly with appropriate safeguards and human oversight.</p><p><br></p><p>⸻</p><p><br></p><p>📣<strong> Wrap Up</strong></p><p><br></p><p>We’d love to hear your thoughts.</p><p><br></p><p>Are your patching policies ready for AI-powered attacks? Is continuous patching becoming unavoidable?</p><p><br></p><p>📧 feedback@itsparccast.com</p><p><br></p><p><strong>Follow IT SPARC Cast</strong></p><p><br></p><p>IT SPARC Cast</p><p>@ITSPARCCast on X</p><p>https://www.linkedin.com/company/sparc-sales/ on LinkedIn</p><p><br></p><p>John Barger</p><p>@john_Video on X</p><p>https://www.linkedin.com/in/johnbarger/ on LinkedIn</p><p><br></p><p>Lou Schmidt</p><p>@loudoggeek on X</p><p>https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn</p>","author_name":"John Barger"}