From the War with Iran front

• SC Media reports,
  • The Iran state-sponsored threat group Nimbus Manticore conducted attacks during the U.S.-Israel military campaign Operation Epic Fury targeting the U.S. aviation industry and others for deployment of a new AI-assisted backdoor called “MiniFast,” Check Point Research reported Friday [May 22].
  • The attacks, seen throughout the 2026 Iran war in March, followed previous campaigns throughout February using an older backdoor called MiniJunk. Both waves of attacks utilized career-themed phishing lures for initial access and AppDomain hijacking techniques to execute malicious payloads. * * *
  • Check Point said Nimbus Manticore has shifted tactics in its most recent attacks, seen after the Iran war ceasefire in April, using search engine optimization (SEO) poisoning to impersonate the software Oracle SQL Developer and spread MiniFast.
  • “MiniFast, the successor of MiniJunk, enables extensive control of the victim’s machine through API-based communications with the attacker’s command-and-control (C2) server. As in previous attacks, Nimbus Manticore used career-themed phishing lures to spread MiniFast during Operation Epic Fury, specifically impersonating a U.S. domestic airline.”
    
• Cybersecurity Dive adds,
  • “Iranian government-linked hackers sabotaged the computer infrastructure of Los Angeles’s transit system by using access to a virtual machine to delete critical operating-system data, the Israeli cybersecurity firm Gambit Security said in a report published on Tuesday.
  • “The same threat actor also conducted data-wiping attacks on the South Florida Regional Transportation Authority, the connected-vehicle technology firm Agnik and a Saudi Arabian construction company that handles critical infrastructure projects, according to the report.
  • “Gambit dismissed the hackers’ claims of being a new pro-Iranian hacktivist gang, instead attributing their operations to Black Shadow, a group that the Israeli government and private security firms have linked to Iran’s Ministry of Intelligence and Security.”

From the Project Glasswing front,

• Bleeping Computer reports,
  • “Anthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private software.” * * *
  • In a blog post, Anthropic confirmed that it plans to release Mythos-class models to the public in the coming weeks, but it has not committed to a specific timeframe.
  • “We’re making swift progress on developing these safeguards and expect to be able to bring Mythos-class models to all our customers in the coming weeks,” Anthropic said in a blog post.
  • “Anthropic says it is already allowing a small number of organizations to use Claude Mythos preview for cybersecurity work, but it is unclear if the same model will be rolled out to the public.
  • “According to the company, the Mythos model shows major improvements in code reasoning and autonomy, far above Claude’s current flagship model, Opus 4.8.”

From the cybersecurity policy and law enforcement front,

• Beckers Health IT reports,
  • “House Republican leaders are calling on FBI Director Kash Patel to act aggressively to stop cybercriminal groups targeting the healthcare industry.
  • “In a May 28 letter to Mr. Patel, the lawmakers pointed to the sharp increase in healthcare ransomware attacks and data breaches over the past several years that jeopardize patient safety and cost hospitals and health systems millions of dollars.
  • “We strongly encourage continued collaboration between the FBI and healthcare stakeholders, including through public-private partnerships, streamlined reporting mechanisms, and clear guidance that enables hospitals — large and small — to participate effectively in information-sharing initiatives without undue burden,” the legislators wrote.”

• Cyberscoop relates,
  • “House subcommittee will hold an open hearing next week on how frontier artificial intelligence models are shaping the cybersecurity landscape, for good and for ill.
  • “The June 4 hearing will be the second the Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection has held that was focused at least in part on the subject, following a similar hearing held in December. But unlike at that joint subcommittee hearing, where members also examined other emerging technologies, AI takes center stage next week. * * *
  • “The witnesses will be Sandra Joyce, vice president of Google Threat Intelligence; Chris Meserole, executive director of the Frontier Model Forum; Jack Cable, a former top official at the Cybersecurity and Infrastructure Security Agency and now chief executive officer and co-founder of Corridor Security; and Matthew Guariglia, senior policy analyst at the Electronic Frontier Foundation.”
• and
  • “The White House has updated rules for federal agencies to keep logs of significant cyber activities in their networks, touting it as a measure to cut back on red tape and focus on how cybersecurity risks have evolved.
  • “The Office of Management and Budget memorandum, released Friday, replaces a 2021 memo signed by then-President Joe Biden. It continues revisions that President Donald Trump has made to federal cybersecurity guidance under his predecessor.
  • “The new memo, M-26-14, nods at the intentions of the earlier memo, M-21-31, saying that “Implementation of that memorandum improved foundational capabilities across agencies” to establish standards for logging and improve agencies’ record-keeping for the purposes of detecting and responding to cyberattacks.” * * *
  • “There have been calls for the idea of updating the 2021 memo, and one observer praised the new version to CyberScoop. Another analyst, however, questioned how much harm the Trump administration might do by rescinding the earlier memo before having all of the new memo’s directives in place.
  • “One directive is for the Cybersecurity and Infrastructure Security Agency to develop a “logging reference architecture” within 90 days that prioritizes the objectives of conducting continuous event monitoring and enabling investigations of forensic analysis after a known or suspected compromise.
  • “Agencies would have another 90 days to submit a logging plan that adheres to those principles. The memo also establishes a new model for measuring agency progress in implementation. Multiple government watchdogs have concluded that agencies weren’t meeting the prior memo’s benchmarks.”

• Federal News Network adds,
  • “Acting Federal Chief Information Security Officer Mike Duffy wrote on LinkedIn that the new policy “focuses agencies on what matters most: continuous visibility, rapid detection, effective threat hunting and actionable response capabilities.”
  • “And given the recent discovery by Claude’s Mythos of thousands of zero day vulnerabilities in systems that were previously known or not addressed, agencies and industry are being forced to figure out how best to strengthen their partnership against these AI-fueled attacks.
  • “Nick Andersen, the acting director of the Cybersecurity and Infrastructure Security Agency, said he has deep concerns specifically about one type of technology when it comes to cybersecurity vulnerabilities.
  • “The open source community is one that I’m particularly worried about when we start to think about the rapid escalation of vulnerability discovery. But it is going to result in us having to make some really, really hard decisions on the level of investment that’s going to be required,” Andersen said on May 21 at the Cyber Innovation Summit sponsored by the National Security Institute at George Mason University’s Antonin Scalia Law School.”
    
• Cyberscoop cautions,
  • “A Department of Commerce inspector general report released Thursday [May 28] found that the National Institute of Standards and Technology has mismanaged a critical cybersecurity vulnerability database through poor planning, inefficient operations, duplicate federal programs, and failure to communicate with users.
  • “The National Vulnerability Database, maintained by NIST since 2005, collects information about computer security flaws and adds details like severity ratings and affected products. This information helps cybersecurity professionals across government and the private sector decide which security problems to fix first. In February 2024, the database’s enrichment contract lapsed, creating a backlog of unprocessed security flaws that has only grown worse.
  • “The report identified the lack of strategic planning as a core problem. NIST leaders admitted they had no long-term plan for clearing the backlog, even as it grew from about 13,000 unprocessed security flaws in June 2024 to over 27,000 by the end of 2025.

• The American Hospital Association lets us know,
  • “The Cybersecurity and Infrastructure Security Agency May 26 announced a revised schedule for its series of virtual town hall meetings for public input on proposed rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The meetings will now begin June 15. They were originally scheduled for March and April but were not held due to the partial shutdown of the Department of Homeland Security. CISA seeks input to finalize a proposed rule originally issued in March 2024. The proposed rule would require critical infrastructure organizations, including hospitals and health systems, to report certain cyber incidents to CISA within 72 hours and ransom payments within 24 hours, among other mandates. The AHA commented on the rule, calling certain proposed requirements redundant to those from other federal agencies and saying that they may add unnecessary burden to hospitals working to ensure access to needed services during cybersecurity incident response.”
    
• CISA notes,
  • “The revised [town hall meeting] schedule is available in the Federal Register. Interested stakeholders may register for the town hall meetings at www.cisa.gov/circia. Any changes or updates to the town halls will be available on www.cisa.gov/circia“

• Cybersecurity Dive tells us,
  • “The Cybersecurity and Infrastructure Security Agency on Thursday [May 28] warned that hackers targeted software development pipelines in recent weeks and urged security teams to check for potential compromise of their environments. 
  • “CISA referenced two recent campaigns, including the “Megalodon” supply chain attack and a GitHub compromise through a malicious Nx Console Visual Studio Code extension.” * * *
  • “CISA is urging security teams to monitor and conduct audits on their workflow files and activity from contributors. Attention should be paid to suspicious pull requests or direct commits, specifically any coming from an automated account. 
  • “Security teams should revert any unauthorized changes, CISA advised, and check for anything that came in after May 18. 
  • ‘If a compromise is found in connection with a previously compromised Nx Console or GitHub account, CISA suggests the following:
    • “Undertake a forensics review of continuous integration/continuous delivery logs, impacted developer machines and cloud audit trails. 
    • “Rotate or revoke secrets, including credentials, tokens and secrets related to CI/CD pipelines.”

• The Wall Street Journal informs us,
  • “The FBI’s latest report on internet crime complaints shows cybercriminals are using AI, causing $893 million in losses.
  • “Cryptocurrency investment fraud was the largest source of financial losses, totaling $7.2 billion last year.
  • “Government-impersonation scams increased to over 32,000 complaints last year, aided by AI for sophistication.”

• Bleeping Computer points out,
  • “A North Carolina man was sentenced to more than 10 years in prison for selling the personal information of over 7 million elderly Americans to Jamaican scammers.
  • “57-year-old Troy Murray (who used the Steve Dixon pseudonym) pleaded guilty in January 2026 to one count of conspiracy to commit wire fraud and was sentenced Thursday to 121 months in prison, three years of supervised release, and ordered to forfeit $5,2 million.
  • ‘Prosecutors said that Murray’s alias was so widely known among Jamaican scammers that it was referenced in a 2022 song lyric by a Jamaican musical artist.
• and
  • A Romanian national was sentenced this week to 56 months in federal prison for breaking into an Oregon state government computer network and fr cyberattacks targeting dozens of other U.S. victims.
  • 46-year-old Catalin Dragomir (who used the online handle “inthematrixl”) of Constanta, Romania, pleaded guilty on February 19 to one count of aggravated identity theft and one count of obtaining information from a protected computer.
  • The charges carried a maximum of five years in prison for the computer intrusion count, followed by a mandatory consecutive two-year term for the identity theft count, a fine of $250,000, and three years’ supervised release. The court also ordered Dragomir to forfeit approximately 23 Monero (XMR), a cryptocurrency, valued at roughly $8,500.

From the cybersecurity breaches and vulnerabilities front,

• Bleeping Computer reports,
  • “The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned.
    “Charter has over 92,000 employees and provides internet, mobile, video, and voice services to more than 32 million customers and over 57 million homes in 41 states across the U.S. through its Spectrum brand.
    “The company confirmed the breach earlier this week, saying that the attackers did not steal sensitive personal customer information and that it had alerted authorities about the incident.”
  • * * * “After the company refused to pay the ransom demanded by ShinyHunters to have the stolen data returned and destroyed, the cybercrime group leaked the documents stolen from Charter’s Salesforce instance on their dark web leak site.
  • “Have I Been Pwned analyzed the leaked data and confirmed that the incident affected 4.9 million accounts, whose names, email addresses, job titles, phone numbers, and physical addresses were stolen.
  • “The group later published the data, which exposed 4.9M unique email addresses along with names, phone numbers and physical addresses,” Have I Been Pwned said. “A subset of approximately 85k records originating from an internal employee directory also included job titles.”
  • “The FBI has recently advised ShinyHunters’ victims not to give in to the gang’s ransom demands, after previously warning that doing so cannot guarantee that threat actors won’t attempt to sell the stolen data to other cybercriminals or extort them again.
• and
  • “Threat actors are abusing ChatGPT’s content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application.
  • “The “LLMShare” campaign, discovered by Push Security, uses Google ads to direct users searching for ChatGPT to a malicious shared ChatGPT page hosted on chatgpt.com, allowing the attack to be delivered through a legitimate OpenAI domain.
  • “Users who click the advertisement are taken to a legitimate ChatGPT shared page, but instead of seeing a chat conversation, they are presented with a rendered outage notice claiming the web version is unavailable and that they should download the desktop application instead.”

• Security Week relates,
  • “The infamous extortion gang Silent Ransom Group (SRG) has been impersonating IT support in a fresh campaign targeting law firms, the FBI warns.
  • “Active since at least 2022, SRG has been targeting law firms in the US since at least 2023, mainly through callback phishing emails and social engineering calls, claiming to aid victims in canceling subscription fees.
  • “In a May 2025 alert, the FBI warned of SRG’s phishing emails containing links to remote access software that allowed the attackers to quickly exfiltrate data from the victims’ systems.
  • “In attacks observed this year, the threat actor has updated its tactics, now posing as an employee from the victim’s IT department.” * * *
  • “To prevent SRG attacks, organizations are advised to verify the credentials of all individuals with access to company assets, limit access to sensitive data, train employees to identify phishing attempts, and establish clear policies for IT support communication and authentication.
  • “Backing up all company data, implementing phishing-resistant multi-factor authentication (MFA), blocking access to commonly exploited ports, and disabling remote access and permissions for external drive installation should also prevent intrusions and the loss of sensitive and confidential data.”
    
• Cybersecurity Dive tells us,
  • “Nearly all executives are confident their employees are using AI responsibly, but shadow AI is creeping its way into organizations, an Okta survey released Wednesday found. More than half of employeesreported they’re using personal AI tools without approval, the security platform provider learned in surveying nearly 300 tech executives and 500 knowledge workers along with market research firm Apprize360.
  • “Workers reported using unapproved AI tools for productivity reasons, saying they allow the tools access to internal messages, HR-related information and confidential company documents. The practice is heightening security risks, as 58% of executives said their organization had an AI-related security incident or a close call last year, according to the report. 
  • “Lack of clarity in AI usage policies or banning personal AI tools can actually increase shadow AI use, said Harish Peri, Okta’s SVP and GM for AI security, in an email. “By taking a more collaborative approach with employees, leaders can offer sanctioned, enterprise-grade alternatives to the unapproved tools that teams are using.”

• CISA added five known exploited vulnerabilities to its catalog this week.
  • May 26, 2026
    • CVE-2026-48172 LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
      • SC Media discusses this KVE here.
  • May 27, 2026
    • CVE-2026-8398 Daemon Tools Lite Embedded Malicious Code Vulnerability
    • CVE-2026-45321 TanStack Unspecified Vulnerability
    • CVE-2026-48027 Nx Console Embedded Malicious Code Vulnerability
      • Security Affairs discusses these KVEs here.
  • May 29, 2026
    • CVE-2026-0257. Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
      • Cybersecurity News discusses this KVE here.

From the ransomware front,

• Industrial Cyber reports,
  • “The Federal Bureau of Investigation (FBI) disclosed that about 25 ransomware groups used a criminal VPN service known as ‘First VPN Service’ to conduct network intrusions, scanning operations, botnets, denial-of-service attacks, and scams. The service has been active since around 2014 across 32 exit nodes in 27 countries. It affects organizations by enabling ransomware groups and other cybercriminal actors to conduct network intrusions, reconnaissance, credential abuse, denial-of-service attacks, and broader malicious operations.
  • “At least 25 ransomware groups, such as Avaddon Ransomware, have used First VPN Service infrastructure to perform network reconnaissance and intrusions,” the FBI wrotein a recent FLASH advisory. “First VPN Service IP addresses have been used for scanning activity, botnets, denial of service attacks, scams, and hacking. First VPN Service was almost exclusively advertised in known criminal dark web forums such as Exploit[.]in and XSS[.]is, two of the most prominent Russian-language online forums which provide marketplaces for cyber criminals to buy and sell unauthorized access to computer systems, stolen personal identifying information, hacking tools, and contraband. This reporting applies solely to the First VPN Service and does not extend to other VPN providers with similar naming.” 
  • “The revelation came alongside a coordinated international takedown of the service, led by French and Dutch cybercrime units with support from Ukraine, the U.K., Switzerland, and Luxembourg. It follows from the findings that the VPN was marketed almost exclusively on prominent Russian-language dark web forums used by cybercriminals to trade stolen data, hacking tools, and unauthorized access to systems.”

• Morphisec tells us “How AI is Changing Ransomware — and Why It’s Faster, Smarter, and Harder to Detect.” 
  • “AI-driven ransomware is still in its early stages, but the direction is clear. Threats are becoming:   
    • “faster  
    • “more adaptive
    • “more autonomous  
    • “harder to observe  
    • “increasingly resistant to detection    
  • “Organizations that continue relying solely on reactive security models will face growing exposure as attack timelines shrink, and visibility gaps expand. The future of cybersecurity will not be defined by who can detect threats fastest. It will be defined by who can prevent them from executing at all.”   

• Tech Radar adds,
  • “There is a glaring misconception at the heart of cybersecurity that cyber-attacks are targeted at specific organizations or sectors. But while certain sectors do receive more than their fair share of attacks, this isn’t due to deliberate targeting; like any business, it’s driven by money.
  • “Threat groups are largely driven by financial gain, with actors looking to get the most ‘bang for their buck’. Targeting vulnerabilities that don’t just give them access to one organization, but multiple, to grow their potential revenue opportunities.
  • “And at the moment, organizations are leaving far too many of these vulnerabilities open for exploitation.”

Cybersecurity business and defenses front,

• Cybersecurity Dive reports,
  • “IBM will spend $5 billion to help find and fix vulnerabilities in open-source software packages used throughout the business world, the company announced on Thursday [May 28].
  • “Through Project Lightwell, IBM will create “a trusted enterprise clearinghouse combined with a global force of engineers to identify and fix vulnerabilities at scale,” using AI to validate and test the patches before deployment, the company said. Businesses will be able to subscribe to the patching program for automated deployment of fixes that integrates with their existing life cycle management processes.
  • “Open source is the backbone of today’s digital economy and the foundation of modern AI, and we are at an inflection point in how it is built, secured, and scaled,” IBM CEO Arvind Krishna said in a statement. “This is about strengthening trust in the systems that power business, government, and society.”

• Security Week relates,
  • “Google Cloud this week announced an always-on autonomous platform designed to protect enterprises from the rising wave of AI-powered cyberattacks.
  • “The new Google AI Threat Defense cybersecurity solution leverages AI to identify machine-powered threats faster and stop them before they can do harm.
  • “According to Google, the platform continuously prioritizes critical real-world risks and can help organizations implement defenses that predict attack paths and proactively deploy remediation.
  • “Google AI Threat Defense combines Mandiant’s frontline and incident response experience with Wiz’s cloud security platform (recently acquired by Google) and Gemini’s reasoning and code remediation capabilities powered by Gemini and CodeMender.
  • “By connecting real-world exposure directly to autonomously creating and prioritizing patching, AI Threat Defense helps organizations actively predict attack paths, prioritize the most significant threats, and deploy verified fixes faster than adversaries can exploit them,” Google says.”
• and
  • “Anthropic has announced two new security features for its Claude AI: a self-hosted sandbox and a new security guidance plugin.
  • “The sandbox, currently in public beta, was announced at Anthorpic’s Code w/ Claude event in London this week.
  • “According to the company, Claude Managed Agents can now operate in a user-controlled sandbox connected to the user’s private MPC servers. 
  • “Tool execution moves to an environment you configure—your own infrastructure or a managed provider like Cloudflare, Daytona, Modal, or Vercel—while the agent loop that handles orchestration, context management, and error recovery stays on Anthropic’s infrastructure,” Anthropic explained. 
  • “It added, “Your network policies, audit logging, and security tooling apply, files and repositories don’t leave your perimeter, and you control compute sizing and the runtime image for compute-heavy work.”
  • “Separately, the company unveiled a security guidance plugin for Claude Code, designed to help developers detect and fix vulnerabilities as they write code.”

• Cyberscoop informs us,
  • “CrowdStrike has dismantled the Glassworm botnet in an operation aided by Google and Shadowserver, stripping the operators’ access to infrastructure that helped threat actors infect hundreds of pieces of open-source software with malware since early 2025, the company said Tuesday [May 26]. 
  • “The coordinated effort involved the simultaneous takedown of four attacker-controlled servers that were designed to obscure the botnet’s operations and remain resilient against disruptions.
  • “CrowdStrike and partners took down infrastructure, severed access to the botnet’s most critical services, impeded operation momentum and slowed the attackers’ ability to scale, Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, told CyberScoop.”
• and
  • “Security researchers chained together five separate weaknesses in the popular workflow automation service Zapier that, if first discovered by a malicious actor, could have granted access to millions of user accounts and the systems those accounts connect to.
  • :The flaws, disclosed by security firm Token Security, did not require malware or insider access. The only prerequisite, according to the company’s report, was a free Zapier account. From there, researchers chained together weaknesses that, if taken individually, would have looked routine, but together opened a path to one of the most widely used services of the modern internet.
  • “Zapier’s software can be configured to move data between email, customer-relationship tools, payment processors, calendars, code repositories and thousands of other applications. Zapier says it supports more than 8,000 third-party integrations and has millions of users, which means breaking into Zapier could escalate into a wide-ranging supply-chain attack.” * * *
  • “The episode lands at a moment when automation platforms and artificial-intelligence tools are increasingly being granted the standing authority to act on behalf of users across dozens of services at once. Token Security’s researchers argued that the weaknesses they found were not unique to Zapier. Each link in the chain, they said, was a well-documented kind of mistake. The vulnerability was the chain itself, and the same pattern, they warned, almost certainly exists at other companies that have not yet looked.
  • “Zapier says the issues have been fixed and no further action is required. But the researchers suggested organizations with heightened sensitivity review their automation logs for anything they did not create, and consider reauthorizing Zapier connections to particularly sensitive systems.
  • “You can read the full research report on Token Security’s website.” 

• Tech Target points out
  • “The unified platform versus best-of-breed tools debate continues as security teams struggle with integration challenges, alert fatigue and limited resources. Does buying software from individual vendors still make sense, or does that approach only further complicate today’s distributed networks? The pressure is prompting a fresh look at unified security platforms as a way to reduce complexity and costs, improve visibility and regain control.”
    
• An SC Media commentator identifies “seven identity security best practices for the Agentic AI era.”
  • “Execute regular identity security risk assessments: Leverage tools that can clearly show what AI agents operate in our environment, including those that are operating as shadow IT. This analysis should put risks in clear context, including agent security posture, and potential escalation paths.
  • “Encrypt credentials: Put them in a secure vault, with automatic key rotation to make it harder to steal or reuse valid credentials.
  • “Restrict remote access to systems: Use leverage tooling that can perform automated credential injection from the company’s vaults to prevent adversary-in-the-middle attacks.
  • “Use workload identity to avoid long-lived tokens: Also use scoped permissions, whether OAuth-based or otherwise, to reduce the “blast radius” of stolen credentials.
  • “Limit permissions on endpoints with endpoint privilege management tools: Default permissions to “standard user” and set up policies that limit what local agents can do on those systems. Remove standing policies and replace them with JIT or time-limited policies and permissions.
  • “Implement IP allowlisting: This will reject AI agent requests coming from non-authorized locations.
  • “Log and audit all privileged behavior: Do this in all systems, whether that’s through tools such as session logs, shipping event logs to a SIEM, or using anomalous behavior analysis tools in the SOC.”

• Here is a link to Dark Reading’s CISO Corner.

From the War with Iran front,

• Cybersecurity Dive reports yesterday,
  • “Iranian government-backed hackers are using spear-phishing attacks and remote access Trojans (RATs) to spy on “high-value sectors” in the U.S. and the Middle East as part of Tehran’s response to the U.S.-Israeli war, according to Palo Alto Networks.
  • “The company’s Unit 42 researchers recently discovered six new RATs that an Iran-linked group the researchers call Screening Serpens has used for espionage purposes. The group “has increased its operations” since the war began, the researchers said, and malware metadata suggests that it has attacked “targets across the U.S., Israel and the [United Arab Emirates] as well as two additional Middle Eastern entities.”
  • “Screening Serpens — which other researchers call UNC1549, Smoke Sandstorm and Nimbus Manticore — has “consistently set its sights on high-value sectors,” Palo Alto Networks said, especially in the aerospace, defense and telecommunications industries.
  • “A defining characteristic of these recent campaigns is the deep personalization of the attackers’ lures,” researchers wrote. “By leveraging tailored social engineering tactics, including fake job requisitions and spoofed video conferencing meeting invitations, the attackers lure victims into initiating the infection chain, thereby exposing their organizations to further exploitation.”

• Industrial Cyber adds,
  • “Ransomware groups are increasingly being used as proxy weapons in geopolitical cyber warfare, enabling nation-states to exert pressure on their adversaries while maintaining plausible deniability. What used to be financially motivated cybercrime and targeting can now influence operations and cause operational disruption. While the change has been incremental, it has been unmistakable. Criminal groups, ideological hacktivists, and state-aligned adversaries are converging and sharing environments, infrastructure, tactics, techniques, and procedures (TTPs), access brokers, and, at times, even strategic objectives.
  • “Operations linked to Iran demonstrate the sprawl between cybercrime, espionage and industrial sabotage as ever closer. A recent investigation exposed claims by pro-Iran hackers that they altered on-the-ground conditions to target critical wheat reserves, demonstrating how cyber activity can directly affect food security and industry. Once the contact is made, these adversaries can choose how and when to attack.”

From the Project Glasswing front,

• Anthropic offers a look back at the project’s first month.

• The Wall Street Journal adds,
  • “Anthropic is letting Mythos users [participating in Project Glasswing] share cybersecurity threats with others who may face similar vulnerabilities.
  • “Anthropic modified its previous stance amid concerns that limiting access to the information could hurt smaller companies.
  • “The new policy highlights challenges facing artificial-intelligence companies that are restricting access to their best models.’

From the cybersecurity policy and law enforcement front,

• Cyberscoop reports,
  • “Two cybersecurity-focused members of Congress agreed Thursday [May 21, 2026] that reductions to the Cybersecurity and Infrastructure Security Agency have done too much damage to an agency essential to defending civilian networks against foreign adversaries.
  • “Rep. Don Bacon, R-Neb., and Rep. James Walkinshaw, D-Va., spoke during a panel at the National Cyber Innovation Forum. Despite representing different parties, and serving on different congressional committees, the two lawmakers offered closely aligned assessments of CISA’s role and the consequences of recent cuts.” * * *
  • “In the model both lawmakers endorsed, they pushed for CISA to play more of a role after an intrusion, helping affected entities restore their networks while the FBI works to identify the source. Walkinshaw said advanced artificial intelligence expands the attack surface and makes that kind of centralized support more important.”
    
• The Wall Street Journal relates,
  • “State cybersecurity officials urged the federal government on Thursday to roll back cuts to cybersecurity programs, arguing that deteriorating federal support weakens defenses just as artificial intelligence and nation-state belligerence are introducing significant new threats.
  • “Technology and cyber officials from New York, Florida and Tennessee told a House Homeland Security Committee hearing that states must now defend against advanced threats as federal backing diminishes.
  • “The witnesses cited the pending expiration of the State and Local Cybersecurity Grant Program, significant budget and workforce cuts to federal agencies and new limits on the information-sharing platforms that state governments rely on to track threats.”

• Cyberscoop adds,
  • “Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some “hard decisions” amid a wave of malware attacks, the leader of the Cybersecurity and Infrastructure Security Agency said Thursday [May 21, 2026].
  • “The open-source community is one that I’m particularly worried about when we start to think about rapid escalation of vulnerability discovery,” acting director Nick Andersen said, referencing a cartoon about how key technologies that underpin the internet are often maintained by a single person.” * * *
  • “CISA has been working with industry and others “to modify our approach to vulnerability management, modify our approach to coordinated vulnerability disclosure, modify our approach to remediation, with the explicit understanding that we’re just not going to be able to keep up using traditional mechanisms,” Andersen said, speaking at the National Cyber Innovation Forum in Washington, D.C.
  • “The government and private sector can work together to identify the biggest threats and then give them the right level of attention, he said. On the federal government side, that means working to get a full picture of the extent of reliance on open-source technologies.” 
• and
  • “President Donald Trump said he would postpone the release of an executive order that would set up a 90-day testing and vetting regime for frontier AI models, hours before the White House was set to publicly announce the signing. 
  • “Speaking to reporters in the Oval Office Thursday [May 21, 2026], Trump said he opted to delay the order “because I didn’t like certain aspects of it” and expressed concerns that it could harm U.S. AI industry competition with countries like China. 

• Per a National Institute of Technology and Standards news release,
  • “In FY 2025, the Information Technology Laboratory’s (ITL) Cybersecurity and Privacy Program successfully addressed numerous challenges and opportunities in cybersecurity and privacy. Special Publication (SP) 800-238, Fiscal Year 2025 Annual Report for NIST Cybersecurity and Privacy Program, highlights the program’s research activities across key priority areas:
    • “Cryptography
    • “Cybersecurity & AI
    • “Education and Workforce
    • “Hardware and Software Security
    • “Infrastructure Security
    • “Risk Management”

• Cyberscoop tells us,
  • “Authorities arrested and unsealed charges against a Canadian man accused of running Kimwolf, one of the most far-reaching DDoS botnets on record, the Justice Department said Thursday.
  • “Jacob Butler was arrested Wednesday [May 20, 2026] in Ottawa, Canada, and awaits extradition to the United States where he is charged with aiding and abetting computer intrusions and, if convicted, faces up to 10 years in prison.
  • “Investigators said the 23-year-old, also known as “Dort,” was a principal administrator of Kimwolf, a variant of the record-setting Aisuru DDoS botnet that spread like wildfire and eventually took over more than 2 million Android TV devices after its operators figured out how to abuse residential-proxy networks for local control.”
• and
  • “European authorities took down a prominent virtual private network service and arrested the alleged administrator behind an operation that cybercriminals used to steal data, commit fraud and ransomware attacks, Europol said Thursday [May 21, 2026]. 
  • “First VPN, which was promoted on Russian-speaking cybercrime forums, gained popularity for providing services that allowed users to hide their infrastructure and identities. Officials said the service was entrenched in the cybercrime world and appeared in almost every major recent cybercrime investigation aided by Europol.
  • “For years, cybercriminals saw this VPN service as a gateway to anonymity,” Edvardas Šileris, head of Europol’s European Cybercrime Centre, said in a statement. 
  • “They believed it would keep them beyond the reach of law enforcement,” Šileris added. “This operation proves them wrong. Taking it offline removes a critical layer of protection that criminals depended on to operate, communicate and evade law enforcement.”

• Security Week adds,
  • “Authorities in North America and Europe have participated in a law enforcement operation to disrupt First VPN, a popular cybercrime service used for ransomware and other attacks.
  • “According to the FBI, First VPN has been active since 2014, providing 32 exit nodes across 27 countries at the time of its disruption. The service, advertised on Russian-language dark web cybercrime forums, has been used by at least 25 ransomware groups for network reconnaissance and intrusions.”
  • “Bitdefender, which was involved in the takedown, pointed out that the 506 users are a subset of First VPN’s customer base, and investigators will determine which of them can be linked to criminal operations. 
  • “Some will be traced to known ransomware groups. Others will reveal fraud operations, data theft campaigns, or cybercrime-as-a-service infrastructure we didn’t know existed,” Bitdefender said.
  • “New anonymization services will appear. The economic demand hasn’t changed. But each takedown shortens the operational window of the next service and raises the barrier for actors who relied on turnkey solutions,” the cybersecurity firm added. “First VPN advertised itself as a service criminals could trust to keep them beyond law enforcement’s reach. The operation proved that claim wrong, and every actor evaluating the next anonymization service now knows the same risk exists.”

From the cybersecurity breaches and vulnerabilities front,

• Health Exec reports,
  • “The largest public health system in the U.S. confirmed in a filing with the Department of Health and Human Services that a data breach on its network impacted 1.8 million patients, exposing their personal data to hackers.
  • “The data breach, which was said to have lasted for months, was revealed by NYC Health + Hospitals in March. At the time, the health system said it first discovered “suspicious activity” on its network in February, at which time it moved to “immediately” secure its systems from access by the unauthorized third-party.
  • “An investigation found cybercriminals had been inside its IT infrastructure since November 2025, stemming from a breach on an unnamed vendor the organization contracts with for services.”

• Dark Reading relates,
  • “Defenders are dealing with an influx of vulnerabilities like never before, and patch prioritization has never been more critical, according to Verizon Business’s 2026 Data Breach Investigations Report (DBIR). This year’s report confirmed several ongoing trends on the vulnerability exploitation and around threat actors abusing AI, for example — but the 2026 DBIR more broadly promotes sticking to the cybersecurity fundamentals as the industry undergoes massive change.
  • “And indeed, defenders in the past year have been tasked with handling everything from self-replicating worms infesting software components to preparing for large language models (LLMs) that can supposedly discover critical zero-day vulnerabilities all on their own.
  • “Most striking in the DBIR might be the statistics that show vulnerability exploitation to be the most common initial access vector for breaches last year, up 31% from the previous year. Meanwhile, only 26% of critical vulnerabilities (defined as those in CISA’s Known Exploited Vulnerability catalog) were fully remediated by organizations in 2025, compared to 38% the previous year. Just over half (58%) were partially remediated last year, and 16% remained unaddressed.” * * *
  • “While organizations perhaps got worse at patching, Verizon also observed a dramatic increase in the number of vulnerability detections observed year over year, likely driven by AI-assisted bug hunting. “There were 68.7 million records in the 2022 dataset and 527.3 million in 2025 — almost eight times the volume,” the DBIR reads.”
    
• The HIPAA Journal tells us,
  • “Verizon has published its 2026 Data Breach Investigations Report, which shows that the healthcare sector continues to be targeted by cybercriminal groups. The sector is having to contend with sustained multi-vector attacks, including ransomware, unpatched vulnerabilities, and human error. Regardless of the cause, the attacks are putting patient privacy, safety, and care at risk.
  • “Verizon tracked 1,492 healthcare incidents for its 2026 report, including 1,438 confirmed data disclosures, a majority of which were due to ransomware-driven system intrusions achieved through multiple attack vectors, including the exploitation of vulnerabilities (20%), phishing attacks (14%), stolen credentials (11%), and employee errors (11%). Threat actors are being given far too big a window of opportunity to exploit known vulnerabilities. Verizon found that in 2025, only 26% of critical vulnerabilities were fully remediated, with a median time for resolution stretching to 43 days. In healthcare, where complex legacy systems are the norm, the window of opportunity is greater, giving threat actors a wide attack window.
  • “While external actors accounted for the majority of incidents, insider breaches remain common in healthcare. Internal actors were behind 19% of breaches. As Verizon notes, human error continues to be a chronic source of breaches. The human element was involved in 54% of incidents, including misconfigurations, misdirected communications, the loss/theft of unencrypted devices, and poor cyber hygiene.
  • “The most common human-related cause of healthcare data incidents was misdelivery, which accounted for around 40% of incidents, followed by loss incidents at around 25%, and misconfigurations at around 20%. While greater investment in cybersecurity will help to address the 81% of breaches due to external actors, security awareness training plays an important part in preventing data breaches. Employees need to be made aware of security fundamentals and be taught the importance of practicing good cyber hygiene. Social engineering was the third main cause of healthcare breaches in 2025, the majority of which were due to phishing, followed by pretexting – these attack techniques need to be covered in depth in training courses.”

• CISA added ten known exploited vulnerabilities (KVEs) to its catalog this week.
  • May 20, 2026
    • CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability
    • CVE-2009-1537 Microsoft DirectX NULL Byte Overwrite Vulnerability
    • CVE-2009-3459 Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
    • CVE-2010-0249 Microsoft Internet Explorer Use-After-Free Vulnerability
    • CVE-2010-0806 Microsoft Internet Explorer Use-After-Free Vulnerability
    • CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability
    • CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability
      • Security Affairs discusses these KVEs here.
  • May 21, 2026
    • CVE-2025-34291 Langflow Origin Validation Error Vulnerability
    • CVE-2026-34926 Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
      • Security Affairs discusses these KVEs here.
  • May 22, 2026
    • CVE-2026-9082 Drupal Core SQL Injection Vulnerability
      • Bleeping Computer discusses this KVE here.

• Cybersecurity Dive adds,
  • “The Cybersecurity and Infrastructure Security Agency is now letting security experts nominate vulnerabilities to the agency’s Known Exploited Vulnerabilities catalog.
  • “CISA on Thursday [May 21, 2026] published a form that technology vendors, independent researchers and anyone else can use to warn CISA that hackers are exploiting a vulnerability and it should be added to the KEV.
  • “This new reporting capability enhances CISA’s ability to identify, validate, and quickly share critical threat information,” Chris Butera, CISA’s acting executive assistant director for cybersecurity, said in a statement. “Early detection and coordinated vulnerability disclosure are among the most powerful tools we have to reduce risk at scale.”\
• and
  • “Hackers stole data from thousands of GitHub repositories, the code-hosting giant said on Tuesday [May 19, 2026].
  • “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity,” the company said in a post on X.
  • “On Wednesday [May 20, 2026], the company confirmed that attackers had compromised roughly 3,800 repositories after a GitHub employee used a malware-infected Visual Studio Code extension.
  • “We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity,” GitHub said.”

• Cyberscoop informs us,
  • “The FBI is warning organizations and defenders about Kali365, a growing phishing-as-a-service platform that retrieves Microsoft 365 access tokens, issuing a public service announcement Thursday [May 21, 2026]. 
  • “The toolkit bypasses multi-factor authentication and abuses OAuth device code authorizations via phishing lures impersonating common enterprise services. This technique grants cybercriminal-controlled applications access to Microsoft 365 accounts, opening victims up to a host of follow-on malicious activity, including data theft, fraud, extortion and ransomware attacks.
  • “Kali365 is one of many rapidly emerging device-code phishing tools, which are gaining popularity as a more effective means for cybercriminals to circumvent security controls while abusing legitimate Microsoft device authorization pages, according to researchers.
  • “Instead of gaining access to accounts via phishing kits that steal credentials and second-factor authentication codes, device-code phishing platforms connect a malicious app to a legitimate account with a single code. The process requires fewer steps and less interaction with the user, but victims do have to copy-and-paste a code generated by the Kali365 platform to grant access.”

• Cyber Insider points out,
  • “Hidden audio commands can hijack AI voice assistants and transcription tools without users hearing anything unusual, according to new research set to be presented at the IEEE Symposium on Security and Privacy next week.
  • “The study shows that carefully crafted audio clips can elicit unauthorized actions from audio-language models (LALMs), including downloading files, sending emails, and performing web searches.
  • “The attack, dubbed “AudioHijack,” was developed by researchers from Zhejiang University, Nanyang Technological University, and the National University of Singapore. The team describes the attack as a form of “auditory prompt injection,” in which malicious instructions are embedded in ordinary audio using adversarial perturbations that remain nearly imperceptible to human listeners.
  • “Large audio-language models are increasingly powering voice assistants, meeting transcription services, customer support bots, and multimodal AI systems capable of both understanding and generating speech. Some platforms can also interact with external tools and services, allowing them to search the web, operate apps, or execute commands on behalf of users. According to the researchers, these capabilities significantly expand the attack surface.
  • “Attackers could potentially hide malicious prompts inside music, videos, voice notes, or even live conversations uploaded to AI services. The paper also describes scenarios in which hidden audio could be injected into Zoom meetings or multimedia content processed by AI assistants.”

• The Hacker News notes,
  • “In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. 
  • “The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a routine sign-in. They had actually handed the operator a valid refresh token scoped to their mailbox, drive, calendar, and contacts, with the lifespan of a tenant policy rather than a session.
  • ‘The operator never needed a password, never tripped an MFA prompt, and never produced a sign-in event that looked like an intrusion. The attack succeeded because the OAuth consent screen has become an instinctive click, and the controls built to stop credential phishing do not look at the consent layer.
  • “Security researchers call the resulting condition consent phishing or OAuth grant abuse. The phishing click that mattered last decade handed over a password. The phishing click that matters now hands over a refresh token, and it sits structurally below the identity controls most organizations still treat as the perimeter.”

From the ransomware front,

• Sophos reports,
  • “SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
  • “The WantToCry name appears to be a reference to the notorious WannaCry (also known as WCry) ransomware worm, which propagated via a vulnerability in SMB at the start of 2017. While WantToCry is not self-propagating and there is no evidence to suggest that the two operations are connected, organizations with internet-exposed SMB services are similarly at risk.” * * *
  • “As with all ransomware activity, prevention remains key to mitigating the threat of remote ransomware operations like WantToCry. Preventive measures include disabling the SMBv1 protocol across the organization, removing “guest” or anonymous SMB access, and blocking inbound SMB traffic (ports TCP/139 and TCP/445) at all internet-facing firewalls. Additionally, it is important to ensure that backups cannot be accessed via SMB protocols.
  • “Organizations should also implement network-level controls and file content monitoring to address this attack methodology effectively. A tool like Sophos CryptoGuard can identify, block, and roll back encryption activity performed via SMB protocols.
  • “WantToCry relies on weak authentication and internet exposure rather than on software vulnerabilities or malware delivery mechanisms. Extended detection and response (XDR) solutions can identify reconnaissance and brute-force attempts against SMB services, providing early warnings of potential WantToCry operations.”

• Bleeping Computer relates,
  • “Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks.
  • “During the intrusions, the hacker took between 30 and 60 minutes to log in, do network reconnaissance, test credential reuse on internal systems, and log out.
  • “SonicWall warned in a security advisory for CVE-2024-12802 that installing the firmware update alone on Gen6 devices does not fully mitigate the vulnerability, and a manual reconfiguration of the LDAP server is required. Failing to do so leaves open the possibility of bypassing MFA protection.”

• The American Hospital Association lets us know,
  • “Microsoft announced May 19 that it disrupted operations of Fox Tempest, a threat actor operating as a malware-signing-as-a-service used by cybercriminals to deploy malicious code, including ransomware. Microsoft said Fox Tempest has enabled attacks on a range of sectors in the U.S. and internationally, including health care, education, government and financial services. The actor has been linked to other ransomware groups, including INC, Qilin and Akira. 
  • “One component of modern security is that software packages need to be digitally signed to prove their authenticity,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “Normally, these signatures can only be provided by trusted, verified sources. Fox Tempest provided these signatures to malware so that it appeared to be legitimate to security systems. This service enabled a number of ransomware actors to attack health care and other sectors. Microsoft has revoked over 1,000 certificates issued by Fox Tempest. Hospitals and health systems should ensure that certificate verification is enabled on their cybersecurity toolsets.” 
• and
  • “Cyberattacks against hospitals, health systems and mission-critical health care third-party providers have surged in recent years. While these attacks often involve theft of patient data and medical research, the most concerning are high-impact ransomware attacks that continue to shut down critical medical systems, resulting in disruption and delays to health care delivery. There is no doubt that these types of disruptive attacks create a direct risk to patient and community safety. To be clear, these are not data-theft crimes, they are in fact “threat to life” crimes.
  • “The perpetrators of these foreign-based ransomware attacks are primarily, but not exclusively, Russian-speaking or based in Russia. Other adversarial nations that provide shelter for dangerous international criminals to launch cyberattacks against the U.S. are the usual suspects — Iran, China and North Korea.
  • “There have been thousands of ransomware and data theft attacks targeting U.S. health care over the last several years. In fact, the FBI reported that in 2025 alone, the health care sector suffered 460 ransomware attacks, far more than any other critical infrastructure sector. Since 2020, over 3,200 hacking incidents have been reported to the Department of Health and Human Services Office for Civil Rights, impacting 574 million individuals. Many incidents were actually encryption ransomware attacks accompanied by data theft — “the double extortion,” in which the perpetrators demand an additional ransom for both a decryption key to unlock systems and in exchange for not publishing stolen patient health records.
  • “The silver lining? We have a great deal of “battle experience” and tough lessons learned, which has helped us collaborate to harden systems and prepare for impact and recovery. We at the AHA, working with victims, the field and the federal government, have also been able to reliably identify strategic cyber risk related to third parties, patient safety and supply chain.
  • The top three risks are
    • Geopolitical tensions
    • Cyberattacks agains third parties, and
    • Autonomous Artificial Intelligence-generated and -facilitated Cyberattacks.

From the cybersecurity defenses front,

• Cyberscooop reports,
  • “On Wednesday [May 20], Microsoft released two new red teaming tools — Rampartand Clarity — meant to help developers design more secure agentic software and assist incident responders in the face of ongoing breaches.
  • “Rampart is built on top of PyRIT, an existing open automation framework Microsoft developed for red teaming generative AI systems. But while PyRIT scans already-built systems for security flaws, Rampart is made to continuously test code for vulnerabilities during the development process, encoding both adversarial and benign testing scenarios into the software development pipeline to flag exploitable bugs and dependencies.
  • “Microsoft said Rampart was built to focus on cross-prompt injection attacks, where “an agent retrieves or processes potentially poisoned content from documents, emails, tickets, and other data sources that manipulate behavior indirectly.” It also confirms fixes or exploits work as intended through multiple rounds of testing, as opposed to tools that perform “single shot validation.”
  • “The second tool, Clarity, can be run as a desktop app, a web interface or directly embedded into a coding agent to provide real time security engineering guidance to developers at the outset of a project. It can categorize and track different business objectives related to the code and highlight downstream security implications along with more secure by design alternatives.”

• Per Dark Reading,
  • “AI Agents Are Shifting Identity Security Budget Dynamics.”
  • “AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.”

• Per Cyberscoop commentaries,
  • “The Canvas breach proved that prevention is no longer enough.
  • “Cybercriminals brought down the most widely used learning platform in North America. The Canvas breach is a blueprint for how SaaS attacks now work — and a warning about how unprepared most organizations still are.”
• and
  • “The readiness paradox: Why a false sense of cyber confidence is becoming a liability
  • “As AI expands the attack surface and alert fatigue grows, cyber exposure management offers a clearer path to understanding where risk truly concentrates and how to reduce it before a crisis hits.”

• Here is a link to Dark Reading’s CISO Corner.