The AI Phishing Arms Race and the FortiWeb/Ray Zero-Day Exploits

Show Notes

Threat actors are leveraging AI to run sophisticated phishing campaigns that mimic Fortune-500 marketing departments, making identity the most vulnerable target. We also dive into critical zero-day exploits impacting FortiWeb and the Ray AI framework, and explore the necessary shift toward behavior-based security defenses to counter modern threats.

Transcript

(0:00 - 0:30) Intro Music fades out

Mike Housch: Welcome back to Cyber Scoops & Digital Shenanigans. I’m your host, Mike Housch, and today we are tackling a fundamental shift in the threat landscape. For years, we’ve relied on catching the obvious flaws in phishing—poor spelling, bad grammar—but AI has changed the rules of engagement. Identity is now the ultimate battleground, and attackers are deploying corporate-level strategies to steal it.

(0:30 - 8:30) Segment 1: When Cybercrime Meets Fortune 500 Marketing

Mike Housch: Let’s start with the elephant in the room: AI is supercharging phishing attacks. Torsten George, writing for SecurityWeek, notes that AI has given cybercriminals the ability to operate like Fortune-500-scale marketing departments—except their product is account takeover, data theft, and identity fraud.

The statistics still show phishing is incredibly widespread and effective. In the 2025 Verizon Business Data Breach Investigations Report, phishing accounted for 16 percent of cybersecurity incidents, just behind credential abuse at 22 percent and vulnerability exploitation at 20 percent. While overall phishing volume might be down 20 percent according to Zscaler’s ThreatLabz report, attackers are now focusing on highly targeted campaigns aimed at departments like HR, IT, finance, and payroll.

So, what makes this new generation of phishing faster, smarter, and more dangerous? It comes down to sophistication and scale.

First, we can no longer rely on poor grammar or spelling to detect malicious messages. AI creates perfectly polished grammar and tone, eliminating those common red flags. These messages are also highly personalized, built using personal and behavioral data scraped from social media, breached databases, and Dark Web sources.

Second, attacks are no longer confined to email inboxes. We are seeing them spread across non-email channels like search engines, social media, and messaging apps.

And perhaps the most critical development is real-time impersonation and automation.

AI can generate deepfake voice clones that convincingly imitate executives in live phone calls. AI-generated video can simulate leaders in virtual meetings to approve fraudulent wire transfers or request confidential information. With remote work still widespread, these impersonation attacks are becoming exceedingly difficult for employees to detect.

We’re also seeing Business Email Compromise, or BEC, operating at machine speed. Compromised accounts allow AI tools to conduct dynamic, multi-step conversations with employees. Attackers can analyze internal workflows, invoice cycles, and approval structures to make their financial fraud attempts extremely believable. This automation allows adversaries to stay hidden far longer than before.

The consequence is that AI-powered phishing is no longer just about stealing login details; it enables continuous identity exploitation. Attackers can use AI-generated documents and synthetic identities to bypass weak verification. They can execute fraudulent onboarding to gain legitimate-looking access to sensitive systems. Once inside, AI helps them automate lateral movement and escalate privileges. The message is clear: Identity is the new battleground.

(8:30 - 14:30) Segment 2: Zero-Days, AI Flaws, and Nation-State Activity

Mike Housch: Beyond the phishing threat, the sources highlighted significant news this week regarding vulnerability exploitation and nation-state activity.

Let’s talk about Fortinet. They recently disclosed patches for 17 vulnerabilities, including a zero-day exploited in the wild, tracked as CVE-2025-58034. This OS command injection flaw allows authenticated attackers to execute arbitrary code on the underlying system. Critically, this was the second FortiWeb zero-day disclosed within a week, following CVE-2025-64446, a critical path traversal issue confirmed to have been targeted in attacks. CISA, the US cybersecurity agency, added the second zero-day to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch it within a week, which underscores the seriousness of these exploited flaws.

We also have a major concern in the AI development space: the Ray AI framework. Threat actors are actively exploiting a two-year-old vulnerability, CVE-2023-48022 (CVSS score of 9.8), due to Ray’s lack of authentication. This vulnerability allows unauthenticated attackers to execute arbitrary code via the framework’s Jobs API.

A fresh campaign, dubbed ShadowRay 2.0, involves multiple threat actors abusing this flaw to take over computing resources for crypto-mining operations. One adversary, named IronErn440, has been using Ray’s legitimate orchestration features to autonomously propagate their cryptojacking activity.

Here’s where AI meets AI infrastructure attacks: Oligo reports that the Bash and Python payloads submitted by the attackers are likely AI-generated, based on their structure, comments, and error handling patterns. This is a new front: attackers are now using AI to generate attack code targeting AI infrastructure.

The attackers are using a sort of "DevOps for cybercrime" approach. They leveraged platforms like GitLab—and then GitHub after removal—as their CI/CD pipeline for malware distribution, allowing them to A/B test techniques and update payloads in real time, which then propagate across the network within hours.

Compromised Ray clusters have been used for more than just crypto-mining. They were leveraged to steal credentials, deploy a TCP state exhaustion tool called Sockstress (suggesting potential weaponization for DDoS attacks), and even steal proprietary custom models. Oligo’s scans uncovered over 230,000 Ray servers accessible from the web, many belonging to startups and research organizations, and compromised clusters were used to spray attack payloads to other Ray dashboards worldwide, essentially creating a self-propagating worm.

Finally, a quick note on nation-state espionage: MI5 warned British lawmakers that Chinese spies are trying to reach them via LinkedIn. The Chinese Ministry of State Security is using LinkedIn profiles to conduct outreach at scale, aiming to collect information and lay the groundwork for long-term relationships. The targeting is widespread and includes economists, think tank consultants, and government officials.

(14:30 - 18:30) Segment 3: Modernizing Defense—The Shift to TTPs

Mike Housch: Given this escalating threat landscape—AI-driven identity theft, zero-days, and sophisticated botnets—how do organizations fight back? We need a strategic shift.

Etay Maor highlights a critical need to move away from conventional security measures that rely on Indicators of Compromise (IoCs), such as file hashes and domain names. These methods are reactive, easily changed by attackers, and don't work well against the high volume of threats and AI-driven social engineering we’re facing.

Instead, organizations must shift to detecting attacker behaviors, known as Tactics, Techniques, and Procedures (TTPs).

The concept is reinforced by the ‘Pyramid of Pain’. IoCs are at the base and are easily changed, but TTPs are at the top, representing the attacker’s core behavioral patterns. Disrupting TTPs forces adversaries to change their entire strategy, making TTP-based detection the most effective way to combat them. Behavioral detection allows defenders to recognize activity patterns like privilege escalation, credential theft, and lateral movement—often ahead of encryption or data exfiltration.

To implement TTP-first defense at scale, a converged architecture is required, such as a cloud-native Secure Access Service Edge (SASE) platform. SASE unifies networking and security controls and inspects traffic inline across all edges, which is necessary to detect and contain fast-moving, multi-stage ransomware campaigns.

Torsten George outlines specific defensive strategies organizations must adopt to fight AI-equipped adversaries:

1. Adopt advanced identity threat detection and risk mitigation tools to spot anomalies in access patterns.
2. Use adaptive and phishing-resistant authentication, like biometrics and possession-bound credentials, moving away from relying solely on passwords or SMS codes. Microsoft is also addressing this, unveiling new Entra ID features to strengthen identity protection and reduce phishing risk.
3. Continuously educate employees using simulated training that reflects modern AI-driven attack tactics.
4. Implement Zero Trust access principles to limit damage when credentials are compromised. This involves ZTNA—Zero Trust Network Access—ensuring users and devices only reach resources they’re explicitly allowed to access.

The operational controls should combine behavioral detection with automation, segmentation, and least privilege. Monitoring SMB traffic is essential for spotting major file modifications, which often indicate an ongoing ransomware attack.

Ultimately, the goal is preparedness over inevitability. By modernizing defense strategies and embracing phishing-resistant identity protection, organizations can hope to outpace the next wave of AI-driven threats.

(18:30 - 19:30) Segment 4: News Quick Hits

Mike Housch: Time for a few quick scoops from the week:

First, the Cloudflare outage that disrupted major online services like ChatGPT, X, and Shopify on November 18th was not caused by a cyberattack. Cloudflare CTO Dane Knecht confirmed it was a latent bug in a service underpinning their bot mitigation capability that crashed after a routine configuration change.

Second, Microsoft reported mitigating the largest DDoS attack ever observed targeting its Azure cloud service. The attack peaked at 15.72 terabits per second (Tbps) and was aimed at a single endpoint in Australia. This record-breaking attack was powered by the Aisuru botnet, which has also been linked to a larger 22.2 Tbps attack observed by Cloudflare. Aisuru is described as a TurboMirai-class IoT botnet offered as a DDoS-for-hire service.

Third, in cybersecurity funding news, the AI-powered Security Operations Center startup Mate emerged from stealth mode with $15.5 million in seed funding. Mate uses AI agents, LLMs, and reasoning models to investigate and resolve incidents, aiming to turn SOCs into continuously learning defense systems.

Finally, at Microsoft Ignite 2025, the company unveiled several security enhancements. These include new Defender capabilities like Predictive Shielding—an automatic attack disruption component that anticipates attacker movements—and new Entra ID features designed to strengthen identity protection and reduce phishing risk. They also announced Security Dashboard for AI, a unified dashboard for CISOs to aggregate real-time AI posture and risk insights.

(19:30 - 20:00) Outro Music fades in

Mike Housch: That’s it for this week’s dose of Cyber Scoops & Digital Shenanigans. We covered a lot of ground, but the takeaway remains: the game has changed. When defending your network, remember that chasing every IoC is like chasing smoke; focus on the TTPs, and you hit the attacker’s strategy. Stay safe out there, and we’ll catch you next time.

(20:00) Outro Music fades out