Cybersecurity Saturday

David ErmerAgentic & Generative AI, Cybersecurity

From the Project Glasswing front,

  • CNBC reports,
    • “A U.S. official told The Associated Press on Tuesday [June 23] that one of Anthropic’s artificial intelligence models had identified vulnerabilities in highly sensitive and secure U.S. government computer systems during a testing exercise.
    • “The official, who spoke on the condition of anonymity to discuss the matter, said Anthropic had teamed up with U.S. intelligence agencies to conduct tests using the company’s Mythos model. It had identified certain vulnerabilities within hours, but that does not mean the model was able to exploit them within that time, the official said.
    • “The official said the testing was done through an Anthropic initiative called Project Glasswing, which brought together tech giants and other companies in hopes of securing the world’s critical software from “severe” fallout that the Mythos model could pose to public safety, national security and the economy.”
  • NextGov/FCW relates,
    • “OpenAI is offering a limited preview of its new GPT-5.6 model series to select partners, part of an “ongoing engagement with the U.S. government” as Washington and leading artificial intelligence developers try to strike a balance between tech innovation and safety.
    • Three models in the company’s GPT-5.6 series — Sol, Terra and Luna — will initially be available to select partners following conversations and previews with government officials, OpenAI said in its Friday [June 26] announcement
    • “That initially limited rollout follows a request made by the federal government. During the narrow preview period, OpenAI will test model capabilities and coordinate with collaborating partners before making it more broadly available. General access to the models will be available “in the coming weeks,” a similar structure to Anthropic’s Project Glasswing that was set up to test its Mythos Preview model.
    • “OpenAI made it clear that it primarily believes in broad, open access to AI models and that limited previews for government partners are short-term.” * * *
    • “OpenAI’s announcement follows Trump’s signing of an executive order earlier this month that calls for leading AI developers to share model access before market release for safety analyses. Signed following last-minute industry pushback regarding overregulation concerns, the order and OpenAI’s choice to voluntarily share its new model with the government signal the priority the White House is placing on AI safety despite trying to thread the needle between a light-tough regulatory posture and ensuring companies are unencumbered enough to innovate.”
  • The Wall Street Journal informs us,
    • “The Trump administration is allowing Anthropic to reoffer one of its banned AI models to trusted companies and government partners, a key step toward rolling back restrictions that fueled industry concern about ad hoc federal regulation of artificial intelligence.
    • “Anthropic can allow dozens of companies and partners trusted by the government to access Mythos 5, one of the two models that the administration banned for foreign use two weeks ago, Commerce Secretary Howard Lutnick said in a Friday letter to Anthropic Chief Compute Officer Tom Brown, a copy of which was viewed by The Wall Street Journal. 
    • “Fable 5, a general-purpose version of Anthropic’s powerful Mythos model that was also banned, remains restricted, and restrictions on Mythos 5 still apply to entities that aren’t trusted partners.
    • “The olive branch from the administration is the result of two weeks of talks led by Lutnick and Brown to address the government’s security concerns, which were sparked by Amazon researchers who found a way to evade Fable’s safeguards.” * * *
    • “An Anthropic spokesman said the company was working to restore access to Mythos 5 for the partners as soon as possible. “We are pleased to see this progress and continue to work with the government to expand access to Mythos 5 and make Fable 5 available for general use again,” he said.” 

From the cybersecurity policy and law enforcement front,

  • Cybersecurity Dive reports,
    • “President Donald Trump on Monday [June 22] set ambitious deadlines for how quickly federal agencies and government contractors must adopt quantum-resistant encryption algorithms, aiming to prevent U.S. adversaries from using quantum computers to decrypt sensitive data in the coming decades.
    • “The United States must take steps to strengthen cryptographic protections for the Nation’s sensitive data, critical infrastructure, and digital economy,” Trump said in a new executive order.
    • “The directive requires the Office of Management and Budget to issue guidance setting two major deadlines for agencies’ adoption of post-quantum cryptography (PQC) in their high-value assets: Dec. 31, 2030, for key establishment, and Dec. 31, 2031, for digital signatures.”
    • “By accelerating the U.S. Government’s PQC migration timeline, this Order ensures that American cybersecurity keeps pace with emerging technology and recognizes the reality of the accelerating quantum industry,” the White House said in a fact sheet about the new order.”
  • Dark Reading adds,
    • “Organizations will face major challenges — and even greater costs — on the road to becoming quantum-ready over the next five years.” * * *
    • “Jonathan Nguyen-Duy, chief technology officer (CTO) at quantum security vendor Arqit, tells Dark Reading that many organizations underestimate the scale of this challenge, viewing post-quantum migration as a technology upgrade.
    • “Cryptography sits everywhere from applications, networks, cloud environments, and software libraries to connected devices and third-party systems,” he says. “That’s why post-quantum migration is much more than swapping one algorithm for another. Every update needs to be tested and implemented without disrupting the business. It requires long-term funding, cross-functional ownership and a level of persistence that many organizations will find challenging.”
    • “Garfield Jones, SVP of research and strategy at post-quantum cryptography vendor QuSecure, says that many agencies are in the inventorying stage, and some have designated PQC leads. “But substantial work remains on implementation and testing of NIST standardized algorithms within agency environments,” he explains. “Smaller agencies may be able to meet these accelerated deadlines, but larger and federated agencies face a more difficult path as previously unaccounted IT and OT assets continue to surface through manual counting processes.”
  • The American Hospital Association News relates,
    • “Leaders of the Five Eyes cybersecurity agencies, consisting of Australia, Canada, New Zealand, the United Kingdom and the United States, released a joint statement June 22 urging resilience as the evolution of artificial intelligence has been rapidly transforming cyber risk. The alert recommends leaders and organizations to understand and assess risk, readiness and accountability; prioritize foundational cybersecurity practices and controls; empower leaders with authority and resources; and remain engaged as threats and guidance evolve. The agencies recommended additional actions to reduce operational, financial and reputational exposure. Specific tactical recommendations include reducing attack surface, accelerating patching processes, addressing legacy systems, reviewing and strengthening identity and access controls, and preparing for incidents before they happen. 
    • “This important advisory from leaders of the world’s most trusted domestic and international cybersecurity agencies amounts to a clear and stark warning for the private sector,” said John Riggi, AHA national advisor for cybersecurity and risk. “Cyber adversaries are using AI to increase the speed, sophistication and severity of cyberattacks. Within months, not years, the rapid development of frontier AI models will accelerate cyber risk. It is recommended that organizations treat cyber risk as an enterprise risk, use AI to bolster network defenses, and mitigate potential risk to patient care and safety by preparing in-depth cyber resiliency and extended clinical continuity plans. It is especially important for hospitals and health systems to prioritize cyber resiliency for mission-critical and life-critical services.” 
       
  • Homeland Security Today informs us,
    • “The Cybersecurity and Infrastructure Security Agency (CISA) published a guide [on June 24] that helps federal civilian agencies advance their zero trust capabilities and adopt modern architectures supported under the Trusted Internet Connections (TIC) 3.0 Initiative. Part of CISA’s Journey to Zero Trust seriesthis guide helps agencies transition away from the limitations of using TIC 2.0 and capitalize on TIC 3.0 flexibilities to employ Secure Access Service Edge (SASE) solutions. Federal agencies will better understand, plan and mature to zero trust architecture to improve user experience, increase visibility and control, and enable telemetry sharing with CISA services.
    • “Many legacy architectures rely on perimeter-based security models such as TIC 2.0 that routes all traffic through centralized controls. Today’s rapidly evolving threat landscape and organizations’ shift to more distributed business models with cloud capabilities and remote workforces reveal shortcomings in legacy perimeter-based paradigms. Based on CISA’s work with federal agencies, this guide helps technical leaders and enterprise architects implement a SASE solution to replace their existing managed trusted internet protocol services (MTIPS) connectivity. The transformation to SASE solution improves network performance, reduces latency, and increases visibility and control.”
  • Per a General Accounting Office news release,
    • “Cloud computing services allow access to resources like networks, storage, and software. It can cost federal agencies less to use these services than to create their own. But using cloud computing services can pose cybersecurity risks.
    • “We looked at how some agencies protect data in the cloud. Agencies we reviewed varied in implementing key cloud computing security practices. For example, some agencies didn’t fully continuously monitor security controls. Also, some agencies didn’t document how to respond to or recover from cybersecurity incidents.
    • “Our recommendations address these issues and more to ensure cloud services are safe.”
  • Security Week points out,
    • “The National Institute of Standards and Technology (NIST) announced Wednesday that it’s seeking public feedback on updated Internet of Things (IoT) security guidelines.
    • “Updated to reflect current security needs, the guidance provides general considerations on the impact of IoT products on risk assessments and aims to establish cybersecurity requirements to support security controls.
    • “The initial public draft (IPD) of SP 800-213 Revision 1, titled ‘IoT Product Cybersecurity Guidelines for the Federal Government: Establishing IoT Product Cybersecurity Requirements’, is available for download on NIST’s website (PDF), with the public comment period ending August 24.
    • “As organizations increasingly rely on IoT products, they need to understand that these products are system elements and must be taken into account in the risk management process, NIST argues.
    • “The updated guidelines build on SP 800-213A, which provides a catalog of IoT product cybersecurity capabilities and non-technical capabilities for both manufacturers and consumers.”
  • Cybersecurity Dive notes,
    • “Microsoft on Wednesday announced a coordinated operation with Europol and other international partners to disrupt Amadey and StealC — tools used as infostealers to conduct ransomware, financial fraud and other digital crimes. 
    • “Amadey is a specialized tool used by cybercriminals to infect computers, while StealC is used to steal passwords and other sensitive data after the computers are infected. The tools are used widely around the globe, with Microsoft finding more than 140,000 computers worldwide infected with the tools during the first two weeks of May. 
    • “Microsoft identified more than 200 malicious Amadey and StealC command-and-control domains and IPs and shut them down using a combination of court-ordered actions, domain seizures and related actions. 
    • “In a filing with the U.S. District Court in Miami, Microsoft accused a series of unnamed defendants of operating a malware-as-a-service enterprise. Microsoft asked the court to disable and transfer control of related internet domains to the company. 
    • “Microsoft, in a blog post Wednesday, said investigators used AI to help analyze how Amadey and StealC were being used in the infostealing operation.” 

From the cybersecurity breaches and vulnerabilities front,

  • HealthExec reports,
    • “Last week, HealthExec reported on a data breach at a healthcare AI company that resulted in personal data from its hospital and payer clients being exposed to hackers. This week, a filing with the federal government provided details on how many patients were impacted. 
    • “According to the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights healthcare data breach tracker, the number of individuals impacted by the hack on Xsolis was determined to be 1,396,519.
    • “Stolen data was determined to include protected health information, including details on medical treatments that patients received. Names, dates of birth, contacts, Social Security numbers and health insurance information were also compromised. 
    • “Xsolis, a company that uses artificial intelligence to improve patient care utilization, posted a notice earlier this month that contained many of the details of the data security incident, said to have stemmed from a “targeted phishing attack” that resulted in an unauthorized third party accessing its network.” 
  • Cybersecurity Dive relates,
    • “Klue, a provider of a market intelligence platform, is investigating a supply chain attack that led to the mass exfiltration of Salesforce customer relationship management data belonging to hundreds of customers, including several prominent cybersecurity firms. 
    • “A threat actor used a compromised Klue Battlecards app to gain access to OAuth tokens for connecting Klue with third-party integrations, including Salesforce, according to information from Klue and security researchers at Reliaquest, which warned about the attack in a recent blog post. 
    • “Salesforce, which disabled connections through the Klue Battlecards appuntil further notice, said there is no indication of a vulnerability within its own platform. 
    • “A threat actor tracked as Icarus posted stolen data from several victims on its website, according to a Monday [June 22] blog post from Huntress. Itself a victim of the attack, Huntress said none of its internal systems were impacted.
    • “The threat group has begun reaching out to companies whose customer data was compromised in the attack, said Charles Carmakal, CTO at Mandiant Consulting.” 
  • Bleeping Computer tells us,
    • “The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims’ historical messages.
    • “The updated public service announcement is an update to a March 2026 advisory that warned the threat actors were targeting users of commercial messaging applications, particularly Signal, through phishing campaigns designed to hijack accounts rather than break end-to-end encryption.
    • “RIS cyber threat actors continue to masquerade as automated CMA support accounts in updated phishing messages but have evolved their tactics to attempt to elicit victims’ Backup Recovery Keys,” warns an FBI PSA published today [June 26].
  • CISA added six known exploited vulnerabilities (KVEs) to its catalog this week.
    • June 23, 2026
      • CVE-2025-67038 Lantronix EDS5000 Code Injection Vulnerability
      • CVE-2026-34908 Ubiquiti UniFi OS Improper Access Control Vulnerability
      • CVE-2026-34909 Ubiquiti UniFi OS Path Traversal Vulnerability
      • CVE-2026-34910 Ubiquiti UniFi OS Improper Input Validation Vulnerability
        • The Hacker News discusses these KVEs all of which required patching within three days.
    • June 25, 2026
      • CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability
      • CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
        • Bleeping Computer discusses these KVEs. CISA set the same June 28 deadline for federal agencies to patch both KVEs.
  • Cyberscoop adds,
    • “An attacker exploited a previously unknown and unpatched Cisco vulnerability earlier this year to infiltrate a communications service provider and gain the highest level of access possible, Mandiant said Wednesday [June 24].
    • “Cisco has since patched the flaw, one of seven actively exploited zero-day vulnerabilities this year in its SD-WAN (software-defined wide area network) software used to manage internet traffic within organizations, typically those that are widely distributed, such as banks with numerous branches.
    • “But Google-owned cybersecurity firm Mandiant said the attacker (or attackers) could have used its root-level access to obtain broad and undetected visibility into the internal traffic throughout the provider’s entire corporate network. In a caveat, Mandiant also said it could not fully assess how far the compromise actually went because of how cleverly the perpetrators hid their activity.
    • “The attack illustrated hackers’ ongoing targeting of edge devices, Mandiant said. Attacks on such devices have been very common and involved in some of the most consequential breaches in recent years, prompting the Cybersecurity and Infrastructure Agency to direct federal agencies to give them special attention this year.
  • Cyberscoop observes,
    • “When CISA issues an emergency directive, the message to every federal agency and every security team paying attention is to patch now. For CVE-2026-50751, a CVSS 9.3 authentication bypass in Check Point Remote Access VPN, that directive landed on June 21. despite exploitation beginning in early May. That, six-week active intrusion gap is not a footnote. It is the entire story.
    • “The flaw itself is straightforward in the worst possible way. A logic error in the certificate-validation process, triggered when the deprecated IKEv1 key-exchange protocol is enabled, allows a remote attacker to establish a fully authenticated VPN session without a valid password. No phishing. No credential theft. No lateral movement required to reach the perimeter. The attacker walks through the front door, and the door logs it as a legitimate entry.
    • “By the time Check Point disclosed the vulnerability on June 8, a Qilin ransomware. affiliate had already used it to compromise a few dozen organizations worldwide. The post-access playbook was efficient, including Rclone for data exfiltration, the Tox protocol for command-and-control communication routed through disposable VPS infrastructure. Quiet, fast, and designed to complete the job before detection had a chance to matter.” * * *
    • “CISA will issue another emergency directive. There will be another authentication bypass, another perimeter device turned attack vector, another financially motivated threat actor with a head start measured in weeks. The patch-and-detect cycle will play out again, and organizations that had their exposure managed entirely at the perimeter will find themselves in the same position.
    • “The lesson here is not that Check Point failed or that VPNs are over. It is that any architecture where a single authentication bypass gives an attacker operating authority over the entire environment has a structural problem that no patch resolves. Closing the door is necessary. Making sure the ransomware cannot detonate even after the attacker is inside is the part the industry still has not solved at scale.
    • “That is the conversation the CISA directive should be starting, and mostly is not.”
  • Security Week points out,
    • “Researchers at Wiz have disclosed a high-severity vulnerability in the Amazon Q Developer extension for Visual Studio Code that could allow attackers to steal developers’ cloud credentials by luring them into opening a booby-trapped code repository.
    • “Amazon Q Developer is an AI-powered coding assistant that offers developers features such as code suggestions, automated refactoring, and access to external tools and services via integrations with local processes.
    • “AWS was notified about the issue on April 20 and a patch was released on May 12. The cloud giant published a security advisory this week.
    • “The root cause of the vulnerability was that the extension would automatically act on configuration files embedded in a workspace without first asking the user for permission.

From the ransomware front,

  • Cybersecurity Dive reports,
    • “The number of ransomware attacks that hackers claimed on dark-web leak sites rose by nearly one-fifth in 2025, to 6,883, while the total number of leak sites increased by roughly one-third, to 115, the security firm Bitsight said in its annual “State of the Underground” report.
    • “Ten groups — five of them associated with Russia — were responsible for roughly 58% of attacks, according to the report, suggesting a remarkable concentration of activity.
    • “Roughly 60% of ransomware victims were in the U.S., with the manufacturing sector topping the list.”
  • Dark Reading adds,
    • “A specter is haunting Europe — the specter of ransomware.
    • “After a global lull in 2024 and 2025, the ransomware-as-a-service (RaaS) ecosystem appears to be back to form, at least in Europe. Researchers from Black Kite tracked 684 ransomware attacks across the continent through the first four months of 2026. That’s 55% more than the 441 recorded in the first four months of 2025, even more than the 643 recorded through the first half of 2025.
    • “Globally, the US absorbs almost half of all ransomware victims. Canada and the UK have traded second place. Europe was a step behind. Now that’s shifting,” Ferhat Dikbiyik, chief research and intelligence officer at Black Kite, tells Dark Reading. He believes that at least a couple of factors are at play. 
    • “First, an oversaturation of ransomware activity in the US is leading some to seek opportunities elsewhere. And “second, and this is my read: [Attackers’] own artificial intelligence (AI)-assisted target research is starting to point them at Europe,” he says. “The stealer logs are there. The unpatched vulnerabilities are there. The money is there. Smaller countries may run weaker defenses, but the big economies offer the full package: wealth and exposure together. The question isn’t why ransomware groups target the major EU powers; it’s why would you not?”
  • HelpNetSecurity tells us,
    • “A relatively new backdoor called Mistic has been deployed in multiple attacks since April 2026 targeting organizations in the insurance, education, IT, and professional services sectors, according to Symantec.
    • “The malware appears to be associated with Woodgnat, also known as KongTuke, a financially motivated initial access broker (IAB) active since at least May 2024 that has been connected to ransomware operations including QilinInterlock, Rhysida, Akira8Base, and Black Basta.
    • “Woodgnat reportedly functions primarily as an IAB. Its goal is not to deliver the final payload, but to establish highly durable remote access within an enterprise and sell this high-level access to ransomware affiliates and other attackers for a fee,” the researchers said.”
  • CSO Online shares an “Anatomy of a retail ransomware attack: Tabletop simulates modern mayhem methods.”

From the cybersecurity business and defenses front,

  • Cybersecurity Dive reports
    • “A coalition of technology companies, including Anthropic, AWS, IBM and Microsoft, announced a joint effort to find, disclose and remediate security flaws in open-source software. 
    • “The group, called Akrites, will establish a shared security incident response team as well as a coordinated vulnerability disclosure process.
    • “The founding members, led by the Linux Foundation, will commit extensive resources to the effort, including funding, engineers and cybersecurity expertise. 
    • “Officials said the plan was mainly driven by the emergence of frontier AI models that radically accelerated the ability to discover vulnerabilities in critical software applications. In recent months, malicious actors have demonstrated the ability to weaponize AI for use in sophisticated attacks.” 
  • and
    • “AWS launched agentic tools AWS Continuum, which flags and helps remediate security risks, and AWS Context, a search layer that uses a company’s data to make better informed agents, at its AWS Summit in New York City on June 17.
    • “The company rolled out the tools as the rise in AI agents is rapidly changing the way enterprises operate, reshaping the cybersecurity landscape and necessitating tools that connect siloed data.
    • “AWS rolled out new capabilities for AI tools Kiro, AWS DevOps Agent, AWS Transform for modernization and Amazon Bedrock AgentCore to build and deploy agents. It also updated Amazon Quick, an agentic assistant-modeled AI application, which was released as Quick Suite last year.”
  • Dark Reading adds,
    • “In 2025, nearly 3 in 10 security professionals thought that fully autonomous AI systems could satisfy their companies’ security-testing needs. But after a year of testing and experimentation, that optimism has largely gone away.
    • “Instead, chief information security officers (CISOs) and other security practitioners have more realistic expectations of the AI-based systems, which often have significant blind spots, are prone to false positives, and can blow through AI budgets, according to a June 25 report released by Cobalt, a penetration-testing-as-a-service firm. The number of organizations willing to rely on AI-powered penetration testing for their security needs fell to 9% in 2026, down from 29% a year earlier. The vast majority of companies preferred a hybrid, human-in-the-loop approach or relegating only non-critical tasks to automation.
    • “Security practitioners are experimenting to find the sweet spot of what can be automated reliably and responsibly, says Gunter Ollmann, chief technology officer for Cobalt.”
  • HIPAA Journal informs us,
    • “Cybersecurity risk is growing, and healthcare organizations are struggling to defend a rapidly increasing attack surface. AI tools are being implemented without the secure infrastructure to support them. Most healthcare practices have meaningful gaps in cyberattack recovery readiness, face ongoing and regular third-party vendor disruptions, and there is growing concern that a cyberattack will result in a patient fatality. The current state of cybersecurity in healthcare is far from rosy.
    • “These were some of the findings from the 2026 Healthcare IT Landscape Report from Omega Systems, a leading provider of managed IT and security services to the healthcare and financial services industries. The report is based on a survey of 200 healthcare business leaders in the United States, including CEOs, CISOs, CIOs, CFOs, and COOs, at healthcare organizations with between 50 and 600 employees. The healthcare organizations represented in the report include medical practices, clinics, ambulatory care centers, specialty services, and long-term care facilities.”
  • Tech Target offers “A CISO’s guide to infostealers: Prevention and detection.”
    • “Infostealers aren’t new. But what is new is that almost anyone — regardless of skill — can now deploy the malware. Update incident response plans to safeguard your operations.”
  • Security Week notes,
    • “AI agents go beyond answering questions. They can autonomously browse websites, read emails, search company files, query software tools, and more. AI models producing incorrect answers is hardly a threat, until agents encounter information that’s maliciously designed to influence what it sees, believes, remembers, or executes.
    • “An agent leverages webpages, document stores, wikis, images, emails, or tools to produce intended outputs. But what happens when these sources mask malicious instructions? These trap AI agents into making a wrong interpretation or taking unintended action. Scientists from Google DeepMind categorized these “traps” into six categories, including content injection, semantic manipulation, cognitive state, behavioral control, systemic, and human-in-the-loop traps. The last two are more theoretical and expected to become more relevant as AI agent use grows. It helps to understand these traps to determine the necessary mitigations.”
  • Per Cybersecurity Dive,
    • “As cyber risk evolves, the insurance industry tightens guardrails.”
    • “C-suite executives are concerned about resilience, but claims are increasingly tied to strict underwriting standards.”
  • Here is a link to Dark Reading’s CISO Corner.

Leave a Reply

Your email address will not be published. Required fields are marked *