🔴 For the first time, Google caught an AI-generated zero-day exploit in the wild

This is the moment security researchers have been warning about for years.

Google’s Threat Intelligence Group published a report on Monday confirming the first documented case of a cybercrime group using AI to discover and weaponise a previously unknown zero-day vulnerability.

The target was a popular open-source web-based system administration tool. The exploit, a Python script designed to bypass 2FA, was identified by Google before the group could launch its planned mass exploitation campaign. Google worked with the vendor to patch it quietly. Google Cloud Blog

The reason Google knew AI was involved: the code gave itself away. It had all the hallmarks of code written by an LLM.

The GTIG chief analyst put it plainly: “The reality is that the AI vulnerability race has already begun. For every zero-day we can trace back to AI, there are probably many more out there.” SecurityWeek

🟡 Do you manage mobile devices for clients? Android 17 is about to make your life easier

Another Google story. It announced yesterday that Android 17, due next month, is getting its biggest security overhaul yet. Several features are directly relevant to MSPs managing devices in the field.

Verified financial calls: Android will now work with banking apps to automatically detect and terminate spoofed calls from scammers impersonating banks, before the scammer even gets to speak. BleepingComputer

Theft protection: The “Mark as Lost” feature now requires biometric authentication, so even a thief with the PIN can’t access or track-disable a reported device. Remote Lock and Theft Detection Lock will be enabled by default on all new Android 17 devices globally.

And for MDM specifically: Android Enterprise is getting Advanced Protection support later this year, meaning organisations can enforce Google’s strongest security settings across managed devices by policy.

🟢 Ransomware gangs take summer breaks too

Every year, without fail, ransomware attack volumes drop between Q2 and Q3. Researchers have tracked this pattern consistently across multiple years and multiple groups.

The working theory, delivered with appropriate dry wit by the analysts at Industrial Cyber, is that threat actors take summer holidays. The data supports it. Attack volumes spike in Q1, hold through early Q2, then quietly dip as the weather improves. Industrial Cyber

The practical implication: the next six to eight weeks are historically the best window of the year for MSPs to get clients to sit down, review their security posture, and fix the things that have been on the list since January.

Book those reviews now. The bad guys will be back from the beach in September.

Ooh, we are perilously close to the weekend. Have a great day, we’ll be back in your inbox tomorrow morning.