Blog | | 5 min read

AI Security Flaws, Record Patch Tuesday, and Rising Cyber Scams: Your Weekly IT Roundup

⚠️ Some links on this site are affiliate links. If you buy through them, we earn a small commission at no extra cost to you. This never influences our reviews.

Welcome back to the itpick weekly news roundup — your no-nonsense guide to the tech stories that actually matter if you’re running a small business or just trying to keep your home setup safe and ticking. It’s been a busy week, so let’s get into it.

Microsoft Just Dropped Its Biggest Ever Patch Tuesday — Update Now

If you use Windows (and let’s be honest, most of you do), this one is urgent. Microsoft pushed out patches for nearly 200 security vulnerabilities this week — a record for a single monthly update cycle. Around 30 of those were rated “critical,” and perhaps more worryingly, working exploit code is already circulating in the wild for at least three of the flaws. That means attackers aren’t waiting around.

These updates cover Windows itself plus a wide range of Microsoft software, so the net is cast pretty wide. The good news is that if you’ve got Windows Update set to automatic, your machine should already be pulling these down in the background. If you’ve got it switched off or you manage a small fleet of business machines, now is the time to get those updates pushed out — don’t leave it until after the weekend.

What this means for you: Check that Windows Update has run on every machine you’re responsible for this week — one unpatched PC is all an attacker needs to get a foothold.

AI Tools Are Leaking Data in Worrying New Ways

Two separate security disclosures in the past fortnight have highlighted a genuinely concerning pattern with enterprise AI tools. Researchers demonstrated that Microsoft 365 Copilot could be manipulated into searching a user’s mailbox and quietly leaking the contents — all triggered by clicking what looked like a perfectly legitimate Microsoft link. Separately, the LiteLLM platform was found to be handing out admin-level access under the right (or rather, wrong) conditions.

The underlying problem is the same in both cases: these AI systems will accept instructions or input from almost anywhere, without properly checking whether they should trust the source. It’s a bit like having a very capable assistant who’ll do whatever any note left on your desk says — even if you didn’t write it.

If your small business is starting to lean on AI tools integrated with your email or cloud accounts, it’s worth auditing exactly what permissions those tools have been granted. Less access is almost always safer.

What this means for you: Review what your AI tools can actually access — if Copilot or any similar assistant has broad permissions over your email and files, consider tightening that up until vendors issue proper fixes.

AI Agent Frameworks Are Being Actively Exploited

Sticking with the AI security theme, it emerged this week that around 7,000 servers running Langflow — a popular tool for building AI agents — have been actively attacked. Researchers also found similar vulnerabilities in LangGraph and LangChain, two other widely used AI development frameworks. Attackers who successfully exploit these flaws can gain full access to the server, including any stored API keys, database credentials, and third-party service tokens sitting on it.

This is more of a developer and technically adventurous small-business story than a pure home-user one, but if you’re using any self-hosted AI tools or agent platforms, it’s well worth checking you’re running the latest versions. And wherever you’re storing sensitive credentials — API keys, passwords, licence keys — a dedicated password manager like NordPass is a much safer home for them than a plain text file on a server.

What this means for you: If you self-host any AI tools, patch them immediately and audit what credentials are stored alongside them.

INTERPOL Warns of Surging Phishing and AI-Powered Scams

INTERPOL has published a fresh cyberthreat report covering the Asia-Pacific region, and the headline finding is a dramatic rise in phishing, ransomware, and scams that use AI to make them more convincing. While the report focuses on Asia and the South Pacific, these threats don’t respect borders — the techniques being refined there will inevitably wash up on UK shores, and in many cases already have.

AI is making phishing emails harder to spot. Gone are the days of obvious broken English and dodgy formatting. Today’s scam messages can be polished, personalised, and alarmingly plausible. A solid VPN like NordVPN or Surfshark won’t stop a phishing email landing in your inbox, but layering up your defences — strong unique passwords, two-factor authentication, and a healthy dose of scepticism — goes a long way.

What this means for you: Be extra cautious with unexpected emails asking you to click links or log in anywhere, even if they look completely legitimate — AI is making fakes much harder to spot.

That’s Your Week in IT

It’s been a week that underlines two big themes: keep your software patched (Microsoft’s record update alone should be enough motivation), and treat AI tools with the same security scepticism you’d give any other software that has access to your data. Threats are getting more sophisticated, but the fundamentals — updates, strong credentials, and not clicking dodgy links — remain your best first line of defence. See you next week.

Further Reading

AI security Patch Tuesday phishing ransomware Microsoft cybercrime
You might also like
Blog
IT News Roundup: Record Patch Tuesday, VPN Exploit Alert, and AI Agent Security
Read post
Blog
Weekly IT News Roundup: AI Risks, Developer Malware Traps, and the Shadow AI Problem
Read post
Blog
This Week in IT: Microsoft Goes Solo on AI, VPN Zero-Day Attacks, and the AI Phishing Flood
Read post