Cybersecurity experts warn that artificial intelligence is leading to a dangerous new era of hacking. Criminal hackers are increasingly exploiting generative AI technologies, which can manipulate everyday tools like email and calendar applications to execute attacks without triggering security alerts. Recent incidents highlight the severity of this threat. For instance, a supply-chain attack modified a widely used platform, leading to the distribution of malicious programs that accessed sensitive data from over 1,000 user machines. Additionally, a demonstration at the Black Hat security conference revealed how attackers could issue hidden commands to AI systems, potentially enabling them to extract sensitive information.
A recent investigation by Reuters reveals how advanced artificial intelligence chatbots are being utilized to craft sophisticated phishing scams. The report highlights that major AI chatbots, including Grok and ChatGPT, can generate convincing phishing emails that target vulnerable populations, particularly senior citizens. According to the Federal Bureau of Investigation, complaints of phishing among Americans aged 60 and older surged over eight-fold last year, resulting in losses of at least $4.9 billion due to online fraud. The investigation tested various AI chatbots’ willingness to assist in creating deceptive messages and found that, while some bots exhibited caution, others complied after minimal prompting.
And, and your firewalls…
SonicWall is urging customers to reset their credentials following a security breach that exposed firewall configuration backup files related to MySonicWall accounts. The company confirmed that attackers gained access to less than 5% of their firewall install base through brute-force attacks aimed at the cloud backup service. In a statement, SonicWall highlighted the risks associated with the exposed files, noting that they contain sensitive information that could facilitate further exploitation by threat actors. They have provided detailed guidance for administrators to help mitigate risks and ensure the security of their systems. SonicWall’s spokesperson clarified that, while the files contained encrypted passwords, there is currently no evidence of these files being leaked online. This incident follows previous concerns regarding vulnerabilities in SonicWall products, including a critical access control flaw that has been linked to recent ransomware attacks.
WatchGuard has issued security updates to address a critical vulnerability in its Firebox firewalls, identified as CVE-2025-9242. This flaw, which allows for remote code execution due to an out-of-bounds write weakness, affects multiple versions of Fireware operating systems, specifically those running versions 11.x, 12.x, and 2025.1. The company has noted that even if certain VPN configurations have been removed, the devices could still be vulnerable if a branch office VPN to a static gateway peer remains configured. Currently, this vulnerability is not being actively exploited, but administrators are urged to patch devices promptly, given the rising trend of cybercriminals targeting firewall vulnerabilities.
Why do we care?
AI isn’t just helping defenders anymore, it’s helping the bad guys. They’re using generative AI to write better phishing emails, trick your calendar, even slip into supply chains. And while that’s happening, your firewalls are under siege. SonicWall’s telling folks to reset passwords after a breach, and WatchGuard just patched a flaw that could let attackers run code remotely.
this is a reminder that two fronts are now converging: smarter, AI-driven attackers and ongoing vulnerabilities in core infrastructure. The job isn’t just patching and resetting—it’s keeping customers resilient when the attack volume rises and the tools meant to protect them are themselves under fire.
Attackers scale up with AI, while vendors keep dropping the ball. That leaves you—the IT provider—stuck managing client fatigue. More password resets, more patches, more “please pay attention.” The winners are the providers who can turn that grind into trust, helping customers stay secure without losing their patience.