Cybersecurity Saturday

David ErmerCongress, Cybersecurity, Generative AI

From the War with Iran front,

  • Cybersecurity Dive reports yesterday,
    • “Iranian government-backed hackers are using spear-phishing attacks and remote access Trojans (RATs) to spy on “high-value sectors” in the U.S. and the Middle East as part of Tehran’s response to the U.S.-Israeli war, according to Palo Alto Networks.
    • “The company’s Unit 42 researchers recently discovered six new RATs that an Iran-linked group the researchers call Screening Serpens has used for espionage purposes. The group “has increased its operations” since the war began, the researchers said, and malware metadata suggests that it has attacked “targets across the U.S., Israel and the [United Arab Emirates] as well as two additional Middle Eastern entities.”
    • “Screening Serpens — which other researchers call UNC1549Smoke Sandstorm and Nimbus Manticore — has “consistently set its sights on high-value sectors,” Palo Alto Networks said, especially in the aerospace, defense and telecommunications industries.
    • “A defining characteristic of these recent campaigns is the deep personalization of the attackers’ lures,” researchers wrote. “By leveraging tailored social engineering tactics, including fake job requisitions and spoofed video conferencing meeting invitations, the attackers lure victims into initiating the infection chain, thereby exposing their organizations to further exploitation.”
  • Industrial Cyber adds,
    • “Ransomware groups are increasingly being used as proxy weapons in geopolitical cyber warfare, enabling nation-states to exert pressure on their adversaries while maintaining plausible deniability. What used to be financially motivated cybercrime and targeting can now influence operations and cause operational disruption. While the change has been incremental, it has been unmistakable. Criminal groups, ideological hacktivists, and state-aligned adversaries are converging and sharing environments, infrastructure, tactics, techniques, and procedures (TTPs), access brokers, and, at times, even strategic objectives.
    • “Operations linked to Iran demonstrate the sprawl between cybercrime, espionage and industrial sabotage as ever closer. A recent investigation exposed claims by pro-Iran hackers that they altered on-the-ground conditions to target critical wheat reserves, demonstrating how cyber activity can directly affect food security and industry. Once the contact is made, these adversaries can choose how and when to attack.”

From the Project Glasswing front,

  • Anthropic offers a look back at the project’s first month.
  • The Wall Street Journal adds,
    • “Anthropic is letting Mythos users [participating in Project Glasswing] share cybersecurity threats with others who may face similar vulnerabilities.
    • “Anthropic modified its previous stance amid concerns that limiting access to the information could hurt smaller companies.
    • “The new policy highlights challenges facing artificial-intelligence companies that are restricting access to their best models.’

From the cybersecurity policy and law enforcement front,

  • Cyberscoop reports,
    • “Two cybersecurity-focused members of Congress agreed Thursday [May 21, 2026] that reductions to the Cybersecurity and Infrastructure Security Agency have done too much damage to an agency essential to defending civilian networks against foreign adversaries.
    • “Rep. Don Bacon, R-Neb., and Rep. James Walkinshaw, D-Va., spoke during a panel at the National Cyber Innovation Forum. Despite representing different parties, and serving on different congressional committees, the two lawmakers offered closely aligned assessments of CISA’s role and the consequences of recent cuts.” * * *
    • “In the model both lawmakers endorsed, they pushed for CISA to play more of a role after an intrusion, helping affected entities restore their networks while the FBI works to identify the source. Walkinshaw said advanced artificial intelligence expands the attack surface and makes that kind of centralized support more important.”
  • The Wall Street Journal relates,
    • “State cybersecurity officials urged the federal government on Thursday to roll back cuts to cybersecurity programs, arguing that deteriorating federal support weakens defenses just as artificial intelligence and nation-state belligerence are introducing significant new threats.
    • “Technology and cyber officials from New York, Florida and Tennessee told a House Homeland Security Committee hearing that states must now defend against advanced threats as federal backing diminishes.
    • “The witnesses cited the pending expiration of the State and Local Cybersecurity Grant Program, significant budget and workforce cuts to federal agencies and new limits on the information-sharing platforms that state governments rely on to track threats.”
  • Cyberscoop adds,
    • “Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some “hard decisions” amid a wave of malware attacks, the leader of the Cybersecurity and Infrastructure Security Agency said Thursday [May 21, 2026].
    • “The open-source community is one that I’m particularly worried about when we start to think about rapid escalation of vulnerability discovery,” acting director Nick Andersen said, referencing a cartoon about how key technologies that underpin the internet are often maintained by a single person.” * * *
    • “CISA has been working with industry and others “to modify our approach to vulnerability management, modify our approach to coordinated vulnerability disclosure, modify our approach to remediation, with the explicit understanding that we’re just not going to be able to keep up using traditional mechanisms,” Andersen said, speaking at the National Cyber Innovation Forum in Washington, D.C.
    • “The government and private sector can work together to identify the biggest threats and then give them the right level of attention, he said. On the federal government side, that means working to get a full picture of the extent of reliance on open-source technologies.” 
  • and
    • “President Donald Trump said he would postpone the release of an executive order that would set up a 90-day testing and vetting regime for frontier AI models, hours before the White House was set to publicly announce the signing. 
    • “Speaking to reporters in the Oval Office Thursday [May 21, 2026], Trump said he opted to delay the order “because I didn’t like certain aspects of it” and expressed concerns that it could harm U.S. AI industry competition with countries like China. 
  • Cyberscoop tells us,
    • “Authorities arrested and unsealed charges against a Canadian man accused of running Kimwolf, one of the most far-reaching DDoS botnets on record, the Justice Department said Thursday.
    • “Jacob Butler was arrested Wednesday [May 20, 2026] in Ottawa, Canada, and awaits extradition to the United States where he is charged with aiding and abetting computer intrusions and, if convicted, faces up to 10 years in prison.
    • “Investigators said the 23-year-old, also known as “Dort,” was a principal administrator of Kimwolf, a variant of the record-setting Aisuru DDoS botnet that spread like wildfire and eventually took over more than 2 million Android TV devices after its operators figured out how to abuse residential-proxy networks for local control.”
  • and
    • “European authorities took down a prominent virtual private network service and arrested the alleged administrator behind an operation that cybercriminals used to steal data, commit fraud and ransomware attacks, Europol said Thursday [May 21, 2026]. 
    • “First VPN, which was promoted on Russian-speaking cybercrime forums, gained popularity for providing services that allowed users to hide their infrastructure and identities. Officials said the service was entrenched in the cybercrime world and appeared in almost every major recent cybercrime investigation aided by Europol.
    • “For years, cybercriminals saw this VPN service as a gateway to anonymity,” Edvardas Šileris, head of Europol’s European Cybercrime Centre, said in a statement. 
    • “They believed it would keep them beyond the reach of law enforcement,” Šileris added. “This operation proves them wrong. Taking it offline removes a critical layer of protection that criminals depended on to operate, communicate and evade law enforcement.”
  • Security Week adds,
    • “Authorities in North America and Europe have participated in a law enforcement operation to disrupt First VPN, a popular cybercrime service used for ransomware and other attacks.
    • “According to the FBI, First VPN has been active since 2014, providing 32 exit nodes across 27 countries at the time of its disruption. The service, advertised on Russian-language dark web cybercrime forums, has been used by at least 25 ransomware groups for network reconnaissance and intrusions.”
    • “Bitdefender, which was involved in the takedown, pointed out that the 506 users are a subset of First VPN’s customer base, and investigators will determine which of them can be linked to criminal operations. 
    • “Some will be traced to known ransomware groups. Others will reveal fraud operations, data theft campaigns, or cybercrime-as-a-service infrastructure we didn’t know existed,” Bitdefender said.
    • “New anonymization services will appear. The economic demand hasn’t changed. But each takedown shortens the operational window of the next service and raises the barrier for actors who relied on turnkey solutions,” the cybersecurity firm added. “First VPN advertised itself as a service criminals could trust to keep them beyond law enforcement’s reach. The operation proved that claim wrong, and every actor evaluating the next anonymization service now knows the same risk exists.”

From the cybersecurity breaches and vulnerabilities front,

  • Health Exec reports,
    • “The largest public health system in the U.S. confirmed in a filing with the Department of Health and Human Services that a data breach on its network impacted 1.8 million patients, exposing their personal data to hackers.
    • “The data breach, which was said to have lasted for months, was revealed by NYC Health + Hospitals in March. At the time, the health system said it first discovered “suspicious activity” on its network in February, at which time it moved to “immediately” secure its systems from access by the unauthorized third-party.
    • “An investigation found cybercriminals had been inside its IT infrastructure since November 2025, stemming from a breach on an unnamed vendor the organization contracts with for services.”
  • Dark Reading relates,
    • “Defenders are dealing with an influx of vulnerabilities like never before, and patch prioritization has never been more critical, according to Verizon Business’s 2026 Data Breach Investigations Report (DBIR). This year’s report confirmed several ongoing trends on the vulnerability exploitation and around threat actors abusing AI, for example — but the 2026 DBIR more broadly promotes sticking to the cybersecurity fundamentals as the industry undergoes massive change.
    • “And indeed, defenders in the past year have been tasked with handling everything from self-replicating worms infesting software components to preparing for large language models (LLMs) that can supposedly discover critical zero-day vulnerabilities all on their own.
    • “Most striking in the DBIR might be the statistics that show vulnerability exploitation to be the most common initial access vector for breaches last year, up 31% from the previous year. Meanwhile, only 26% of critical vulnerabilities (defined as those in CISA’s Known Exploited Vulnerability catalog) were fully remediated by organizations in 2025, compared to 38% the previous year. Just over half (58%) were partially remediated last year, and 16% remained unaddressed.” * * *
    • “While organizations perhaps got worse at patching, Verizon also observed a dramatic increase in the number of vulnerability detections observed year over year, likely driven by AI-assisted bug hunting. “There were 68.7 million records in the 2022 dataset and 527.3 million in 2025 — almost eight times the volume,” the DBIR reads.”
  • The HIPAA Journal tells us,
    • “Verizon has published its 2026 Data Breach Investigations Report, which shows that the healthcare sector continues to be targeted by cybercriminal groups. The sector is having to contend with sustained multi-vector attacks, including ransomware, unpatched vulnerabilities, and human error. Regardless of the cause, the attacks are putting patient privacy, safety, and care at risk.
    • “Verizon tracked 1,492 healthcare incidents for its 2026 report, including 1,438 confirmed data disclosures, a majority of which were due to ransomware-driven system intrusions achieved through multiple attack vectors, including the exploitation of vulnerabilities (20%), phishing attacks (14%), stolen credentials (11%), and employee errors (11%). Threat actors are being given far too big a window of opportunity to exploit known vulnerabilities. Verizon found that in 2025, only 26% of critical vulnerabilities were fully remediated, with a median time for resolution stretching to 43 days. In healthcare, where complex legacy systems are the norm, the window of opportunity is greater, giving threat actors a wide attack window.
    • “While external actors accounted for the majority of incidents, insider breaches remain common in healthcare. Internal actors were behind 19% of breaches. As Verizon notes, human error continues to be a chronic source of breaches. The human element was involved in 54% of incidents, including misconfigurations, misdirected communications, the loss/theft of unencrypted devices, and poor cyber hygiene.
    • “The most common human-related cause of healthcare data incidents was misdelivery, which accounted for around 40% of incidents, followed by loss incidents at around 25%, and misconfigurations at around 20%. While greater investment in cybersecurity will help to address the 81% of breaches due to external actors, security awareness training plays an important part in preventing data breaches. Employees need to be made aware of security fundamentals and be taught the importance of practicing good cyber hygiene. Social engineering was the third main cause of healthcare breaches in 2025, the majority of which were due to phishing, followed by pretexting – these attack techniques need to be covered in depth in training courses.”
  • CISA added ten known exploited vulnerabilities (KVEs) to its catalog this week.
  • Cybersecurity Dive adds,
    • “The Cybersecurity and Infrastructure Security Agency is now letting security experts nominate vulnerabilities to the agency’s Known Exploited Vulnerabilities catalog.
    • “CISA on Thursday [May 21, 2026] published a form that technology vendors, independent researchers and anyone else can use to warn CISA that hackers are exploiting a vulnerability and it should be added to the KEV.
    • “This new reporting capability enhances CISA’s ability to identify, validate, and quickly share critical threat information,” Chris Butera, CISA’s acting executive assistant director for cybersecurity, said in a statement. “Early detection and coordinated vulnerability disclosure are among the most powerful tools we have to reduce risk at scale.”\
  • and
    • “Hackers stole data from thousands of GitHub repositories, the code-hosting giant said on Tuesday [May 19, 2026].
    • “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity,” the company said in a post on X.
    • “On Wednesday [May 20, 2026], the company confirmed that attackers had compromised roughly 3,800 repositories after a GitHub employee used a malware-infected Visual Studio Code extension.
    • “We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity,” GitHub said.”
  • Cyberscoop informs us,
    • “The FBI is warning organizations and defenders about Kali365, a growing phishing-as-a-service platform that retrieves Microsoft 365 access tokens, issuing a public service announcement Thursday [May 21, 2026]. 
    • “The toolkit bypasses multi-factor authentication and abuses OAuth device code authorizations via phishing lures impersonating common enterprise services. This technique grants cybercriminal-controlled applications access to Microsoft 365 accounts, opening victims up to a host of follow-on malicious activity, including data theft, fraud, extortion and ransomware attacks.
    • “Kali365 is one of many rapidly emerging device-code phishing tools, which are gaining popularity as a more effective means for cybercriminals to circumvent security controls while abusing legitimate Microsoft device authorization pages, according to researchers.
    • “Instead of gaining access to accounts via phishing kits that steal credentials and second-factor authentication codes, device-code phishing platforms connect a malicious app to a legitimate account with a single code. The process requires fewer steps and less interaction with the user, but victims do have to copy-and-paste a code generated by the Kali365 platform to grant access.”
  • Cyber Insider points out,
    • “Hidden audio commands can hijack AI voice assistants and transcription tools without users hearing anything unusual, according to new research set to be presented at the IEEE Symposium on Security and Privacy next week.
    • “The study shows that carefully crafted audio clips can elicit unauthorized actions from audio-language models (LALMs), including downloading files, sending emails, and performing web searches.
    • “The attack, dubbed “AudioHijack,” was developed by researchers from Zhejiang University, Nanyang Technological University, and the National University of Singapore. The team describes the attack as a form of “auditory prompt injection,” in which malicious instructions are embedded in ordinary audio using adversarial perturbations that remain nearly imperceptible to human listeners.
    • “Large audio-language models are increasingly powering voice assistants, meeting transcription services, customer support bots, and multimodal AI systems capable of both understanding and generating speech. Some platforms can also interact with external tools and services, allowing them to search the web, operate apps, or execute commands on behalf of users. According to the researchers, these capabilities significantly expand the attack surface.
    • “Attackers could potentially hide malicious prompts inside music, videos, voice notes, or even live conversations uploaded to AI services. The paper also describes scenarios in which hidden audio could be injected into Zoom meetings or multimedia content processed by AI assistants.”
  • The Hacker News notes,
    • “In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. 
    • “The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a routine sign-in. They had actually handed the operator a valid refresh token scoped to their mailbox, drive, calendar, and contacts, with the lifespan of a tenant policy rather than a session.
    • ‘The operator never needed a password, never tripped an MFA prompt, and never produced a sign-in event that looked like an intrusion. The attack succeeded because the OAuth consent screen has become an instinctive click, and the controls built to stop credential phishing do not look at the consent layer.
    • “Security researchers call the resulting condition consent phishing or OAuth grant abuse. The phishing click that mattered last decade handed over a password. The phishing click that matters now hands over a refresh token, and it sits structurally below the identity controls most organizations still treat as the perimeter.”

From the ransomware front,

  • Sophos reports,
    • “SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
    • “The WantToCry name appears to be a reference to the notorious WannaCry (also known as WCry) ransomware worm, which propagated via a vulnerability in SMB at the start of 2017. While WantToCry is not self-propagating and there is no evidence to suggest that the two operations are connected, organizations with internet-exposed SMB services are similarly at risk.” * * *
    • “As with all ransomware activity, prevention remains key to mitigating the threat of remote ransomware operations like WantToCry. Preventive measures include disabling the SMBv1 protocol across the organization, removing “guest” or anonymous SMB access, and blocking inbound SMB traffic (ports TCP/139 and TCP/445) at all internet-facing firewalls. Additionally, it is important to ensure that backups cannot be accessed via SMB protocols.
    • “Organizations should also implement network-level controls and file content monitoring to address this attack methodology effectively. A tool like Sophos CryptoGuard can identify, block, and roll back encryption activity performed via SMB protocols.
    • “WantToCry relies on weak authentication and internet exposure rather than on software vulnerabilities or malware delivery mechanisms. Extended detection and response (XDR) solutions can identify reconnaissance and brute-force attempts against SMB services, providing early warnings of potential WantToCry operations.”
  • Bleeping Computer relates,
    • “Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks.
    • “During the intrusions, the hacker took between 30 and 60 minutes to log in, do network reconnaissance, test credential reuse on internal systems, and log out.
    • “SonicWall warned in a security advisory for CVE-2024-12802 that installing the firmware update alone on Gen6 devices does not fully mitigate the vulnerability, and a manual reconfiguration of the LDAP server is required. Failing to do so leaves open the possibility of bypassing MFA protection.”
  • The American Hospital Association lets us know,
    • “Microsoft announced May 19 that it disrupted operations of Fox Tempest, a threat actor operating as a malware-signing-as-a-service used by cybercriminals to deploy malicious code, including ransomware. Microsoft said Fox Tempest has enabled attacks on a range of sectors in the U.S. and internationally, including health care, education, government and financial services. The actor has been linked to other ransomware groups, including INC, Qilin and Akira. 
    • “One component of modern security is that software packages need to be digitally signed to prove their authenticity,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “Normally, these signatures can only be provided by trusted, verified sources. Fox Tempest provided these signatures to malware so that it appeared to be legitimate to security systems. This service enabled a number of ransomware actors to attack health care and other sectors. Microsoft has revoked over 1,000 certificates issued by Fox Tempest. Hospitals and health systems should ensure that certificate verification is enabled on their cybersecurity toolsets.” 
  • and
    • “Cyberattacks against hospitals, health systems and mission-critical health care third-party providers have surged in recent years. While these attacks often involve theft of patient data and medical research, the most concerning are high-impact ransomware attacks that continue to shut down critical medical systems, resulting in disruption and delays to health care delivery. There is no doubt that these types of disruptive attacks create a direct risk to patient and community safety. To be clear, these are not data-theft crimes, they are in fact “threat to life” crimes.
    • “The perpetrators of these foreign-based ransomware attacks are primarily, but not exclusively, Russian-speaking or based in Russia. Other adversarial nations that provide shelter for dangerous international criminals to launch cyberattacks against the U.S. are the usual suspects — Iran, China and North Korea.
    • “There have been thousands of ransomware and data theft attacks targeting U.S. health care over the last several years. In fact, the FBI reported that in 2025 alone, the health care sector suffered 460 ransomware attacks, far more than any other critical infrastructure sector. Since 2020, over 3,200 hacking incidents have been reported to the Department of Health and Human Services Office for Civil Rights, impacting 574 million individuals. Many incidents were actually encryption ransomware attacks accompanied by data theft — “the double extortion,” in which the perpetrators demand an additional ransom for both a decryption key to unlock systems and in exchange for not publishing stolen patient health records.
    • “The silver lining? We have a great deal of “battle experience” and tough lessons learned, which has helped us collaborate to harden systems and prepare for impact and recovery. We at the AHA, working with victims, the field and the federal government, have also been able to reliably identify strategic cyber risk related to third parties, patient safety and supply chain.
    • The top three risks are
      • Geopolitical tensions
      • Cyberattacks agains third parties, and
      • Autonomous Artificial Intelligence-generated and -facilitated Cyberattacks.

From the cybersecurity defenses front,

  • Cyberscooop reports,
    • “On Wednesday [May 20], Microsoft released two new red teaming tools — Rampartand Clarity — meant to help developers design more secure agentic software and assist incident responders in the face of ongoing breaches.
    • Rampart is built on top of PyRIT, an existing open automation framework Microsoft developed for red teaming generative AI systems. But while PyRIT scans already-built systems for security flaws, Rampart is made to continuously test code for vulnerabilities during the development process, encoding both adversarial and benign testing scenarios into the software development pipeline to flag exploitable bugs and dependencies.
    • “Microsoft said Rampart was built to focus on cross-prompt injection attacks, where “an agent retrieves or processes potentially poisoned content from documents, emails, tickets, and other data sources that manipulate behavior indirectly.” It also confirms fixes or exploits work as intended through multiple rounds of testing, as opposed to tools that perform “single shot validation.”
    • “The second tool, Clarity, can be run as a desktop app, a web interface or directly embedded into a coding agent to provide real time security engineering guidance to developers at the outset of a project. It can categorize and track different business objectives related to the code and highlight downstream security implications along with more secure by design alternatives.”
  • Per Dark Reading,
    • “AI Agents Are Shifting Identity Security Budget Dynamics.”
    • “AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.”
  • Per Cyberscoop commentaries,
    • “The Canvas breach proved that prevention is no longer enough.
    • “Cybercriminals brought down the most widely used learning platform in North America. The Canvas breach is a blueprint for how SaaS attacks now work — and a warning about how unprepared most organizations still are.”
  • and
    • “The readiness paradox: Why a false sense of cyber confidence is becoming a liability
    • “As AI expands the attack surface and alert fatigue grows, cyber exposure management offers a clearer path to understanding where risk truly concentrates and how to reduce it before a crisis hits.”
  • Here is a link to Dark Reading’s CISO Corner.

Leave a Reply

Your email address will not be published. Required fields are marked *