CyberWire Daily - Every layer needs a patch now.
Episode Date: May 13, 2026Patch Tuesday. Global agencies update SBOM guidance. Iran-linked espionage group Seedworm breached a major South Korean electronics manufacturer. A telehealth platform breach affects 716,000. Foxconn ...confirms a cyberattack. Maria Varmazis has an update on orbital data centers. A lawmaker questions surveillance pricing. Brandon Karpf, friend of the show, is talking with Dave about "Japan’s space systems face growing cybersecurity threats." Robotic lawnmowers on the cutting edge. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Brandon Karpf, friend of the show, is talking with Dave about "Japan’s space systems face growing cybersecurity threats." Selected Reading Microsoft Fixes 17 Critical Flaws in May Patch Tuesday (Infosecurity Magazine) Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises (SecurityWeek) Adobe Patches 52 Vulnerabilities in 10 Products (SecurityWeek) Fortinet, Ivanti Patch Critical Vulnerabilities (SecurityWeek) Chipmaker Patch Tuesday: Intel and AMD 70 Vulnerabilities (SecurityWeek) ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA (SecurityWeek) Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks (Infosecurity Magazine) Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign (SECURITY.COM) 716,000 Impacted by OpenLoop Health Data Breach (SecurityWeek) Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files (The Register) Congressman launches inquiry into how food retailers use surveillance pricing (The Record) Orbital Inference Data Center Bets On Space GPUs (IEEE Spectrum) Cowboy Space raises $275 million to launch AI data centers on brand-new rocket (Space.com) Yarbo responds to robot flaws that could mow down their owners (Malwarebytes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Maybe that's an urgent message from your CEO,
or maybe it's a deep fake trying to target your business.
Dopple is the AI-native social engineering defense platform
fighting back against impersonation and manipulation.
As attackers use AI to make their tactics more sophisticated,
Dopple uses it to fight back.
from automatically dismantling cross-channel attacks to building team resilience and more.
Doppel.
Outpacing what's next in social engineering.
Learn more at doppel.com.
That's D-O-P-P-E-L.com.
We got your patch Tuesday update, global agencies update S-bomb guidance.
Iran-linked espionage group Seedworm breaches a major South Korean electronics manufacturer.
A telehealth platform breach affects 716,000.
Foxcon confirms a cyber attack.
Maria Vermazas has an update on orbital data centers.
A lawmaker questioned surveillance pricing.
Brandon Karp is talking with me about Japan's space systems
facing growing cybersecurity threats.
And robotic lawnmowers are on the cutting edge.
It's Wednesday, May 13, 26.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
It's great as always to have you with us.
This month's Patch Tuesday landed in four major categories, enterprise software, infrastructure, and networking, hardware and chipsets, and industrial control systems.
Microsoft led the cycle with fixes for 137 vulnerabilities, including multiple flaws marked exploitation more likely.
Adobe, Zoom, Fortinette, and Avanti also released high-severity patches affecting collaboration platforms, networking appliances, and networking appliances, and,
remote access tools. In enterprise software, Microsoft patched two word remote code execution flaws
that researchers say could trigger through the preview pane alone. Adobe addressed 52 vulnerabilities,
including critical code execution bugs in Adobe Connect and commerce. Infrastructure vendors
Fortinette and Avanti resolved critical flaws affecting authentication systems, sandboxes, and
endpoint management platforms. On the hardware side, Intel and AMD published more than two dozen
advisories covering 70 vulnerabilities. Several flaws could lead to privilege escalation, denial of
service, or arbitrary code execution in drivers, firmware, and cloud acceleration platforms.
Industrial Control System vendors Siemens and Schneider Electric also issued critical
advisories affecting programmable logic controllers, industrial web servers, and energy management systems.
Siemens separately warned that one rugged-com product is exposed to a previously disclosed
Pan-OS vulnerability linked in public reporting to suspected Chinese state-sponsored activity.
Patch Tuesday now reaches far beyond desktops and servers.
Security teams are increasingly expected to coordinate risk management across cloud
services, operational technology, hardware supply chains, and traditional enterprise software,
all at the same time.
Cyber agencies from the G7 and partner nations have released new guidance, defining the minimum
elements for software bills of materials or S-bombs for artificial intelligence systems.
The framework outlined seven categories covering metadata, system properties, AI models,
data sets, infrastructure, performance indicators, and security controls.
The goal is to help organizations better understand how AI systems are built, trained, and maintained
across increasingly complex supply chains.
The guidance stresses that AI S-bombs alone are not enough to secure the AI ecosystem.
The authors say the framework should work alongside vulnerability management tools,
security advisories and evolving cybersecurity tooling.
Former SISA S-Bomb lead Alan Friedman noted that several proposed categories may prove
difficult to standardize consistently across organizations.
The guidance was jointly published by agencies including SISA, the UK's National Cybersecurity
Center, France's ANSI, Germany's BSI, and partners across the G7 and European Union.
Researchers from Symantec and Carbon Black say the Iran-linked espionage group Seedworm
breached a major South Korean electronics manufacturer in February
as part of a wider campaign targeting at least nine organizations across government
manufacturing, education, and financial sectors worldwide.
The attackers abused legitimate signed binaries from Forte Media and Sentinel One
to side-load malicious code and evade detection.
The operation relied on Node.js delivered PowerShell scripts for reconnaissance,
screenshot capture, credential theft, privilege escalation, and SOX5 proxy tunneling.
Researchers observed the group stealing Windows Security Account Manager or Sam Hives
and exfiltrating data through the public file sharing service sendit.sh.
The campaign also showed seedworm using redundant credential theft tools and public cloud
style infrastructure to blend malicious activity into normal network traffic.
The campaign highlights continued maturation in Iranian cyber espionage tradecraft.
Researchers say seedworm combined legitimate software, stealthier scripting frameworks,
and consumer services to reduce visibility and complicate detection for defenders.
Telehealth platform open-loop health says hackers stole personal and medical information
belonging to roughly 716,000 individuals during a January 26 network intrusion.
The company says attackers accessed its systems between January 7th and January 8th and removed names,
addresses, email addresses, birth dates, and medical data.
Open Loop says social security numbers, financial information, and electronic health records were not accessed.
The company disclosed the breach to authorities in March,
but the full impact appeared this week on the U.S. Department of Health and Human Services breach portal.
Open Loop says it worked with external cybersecurity specialists,
notified law enforcement, and offered affected individuals free identity monitoring.
The notion of orbital data centers continues to draw attention.
Some say it's not practical.
Others think it'll be the next big thing.
Maria Vermazas is host of the T-Minus Space Cyber Podcast.
She joins us with this update.
Thanks, Dave.
According to ICCI,
Los Angeles-based startup Orbital Incorporated
is the latest recipient of venture funding
to build data centers in low-Earth orbit
in response to the growing energy demand from AI.
The launch of the company's prototype satellite
is expected next year,
and Orbital says it plans to build
a distributed cloud of up to 10,000 satellites,
each running an independent GPU server rack
to tackle,
inference workloads, which are less compute-intensive tasks. That means needing less power and generating
less heat. Good news for the GPUs, because contrary to what you may have heard, space is not cold.
It is empty. So getting rid of heat is a massive constraint on the viability of the entire orbital
data center concept. The physics aren't slowing the orbital data centers for AI-feeding frenzy,
though, as Cowboy Space Corporation, yes, that is actually their name,
just got $275 million in funding for its own all-in-one approach,
building the data center directly onto the upper stage of its homegrown rocket.
For the CyberWire Daily, I'm Maria Varmazes from T-minus Space Cyber Briefing.
Back to you, Dave.
The T-minus Space Cyber Podcast is rebooting this Sunday.
You'll find it in your Cyberwire podcast feed.
Electronics manufacturer Foxcon confirmed a cyber.
attack affecting some of its North American factories after the nitrogen ransomware group claimed
responsibility online. The company says production continuity measures were activated immediately
and affected facilities are now returning to normal operations. Nitrogen claims it stole roughly
8 terabytes of data, including more than 11 million files tied to projects involving Apple,
invidia, Intel, Google, and Dell. The alleged hall reportedly includes technical drawings,
internal project documents, and confidential instructions. Foxcon declined to confirm whether
customer information was compromised. Researchers have previously warned that a flaw in nitrogen's
ransomware decryptor may prevent victims from recovering encrypted files, even if ransom payments are made.
Foxcon sits deep inside the global technology supply chain, making any disruption or data theft
potentially significant for downstream partners and product development.
Representative Frank Pallone of New Jersey has launched an inquiry into whether major retailers
are using surveillance pricing techniques to charge customers' different prices based on personal
data.
Letters sent to 25 companies, including Walmart, Target, Amazon, C, and Amazon, C, and
CVS and Walgreens, ask how customer data is collected and whether AI or machine learning systems
help determine pricing. The inquiry follows growing scrutiny of algorithmic pricing practices.
Pallone pointed to New York's new disclosure law requiring companies to notify consumers
if AI systems use personal data to set prices. The letter also cites a 2025 Federal Trade
Commission report describing how businesses can adjust prices
using factors like demographics, geolocation, shopping behavior, and online activity.
Coming up after the break, my conversation with Brandon Karp about Japan's space systems facing growing cybersecurity threats
and robotic lawnmowers on the cutting edge.
Pick around.
When it comes to mobile application security, good enough is a risk.
A recent survey shows that 72% of organizations reported,
at least one mobile application security incident last year,
and 92% of responders reported threat levels have increased in the past two years.
Guard Square delivers the highest level of security for your mobile apps
without compromising performance, time to market, or user experience.
Discover how Guard Square provides industry-leading security for your Android and iOS apps
at www.gardesquare.com.
No, it's not your imagination.
Risk and regulation are ramping up,
and customers expect proof of security just to do business.
That's where Vanta comes in.
Vanta automates your compliance process
and brings compliance, risk, and customer trust together
on one AI-powered platform.
Whether you're preparing for a SOC 2
or managing an enterprise GRC program,
Vanta helps keep you secure and your deals moving.
Companies like Ramp and Writer
reports spending 82% less time on audits.
That's not just faster compliance,
that's more time to focus on growth.
When I look around the industry,
I see over 10,000 companies from startups to big enterprises
trusting Vanta.
Get started at vanta.com slash cyber.
It is always my pleasure to welcome back to the studio,
Brandon Karp.
He is the leader of international public-private partnerships
at NTT.
Brandon, welcome back.
Thanks, Dave.
It was good to be on with you.
Yeah.
I saw an article in Japan Times that was about Japan space systems facing growing cybersecurity threats.
And obviously your employer, NTT, is out of Japan.
Sure.
I'm interested in your take on this.
Can we start off with some high-level stuff here?
I mean, where does Japan stand when it comes to how they're dealing with the challenge of
security in space. Yeah, so overall, this story, which really came from Prime Minister
Takeichi's growth strategy, where they, at the end of 2025 and into 2026, have named
space and cyber among a few of their priority sectors for investment over the coming years
in their budgets. This is part in this story about space security as part of a larger story
around cybersecurity in Japan, where Japan is actively growing their investment in their
capability in countering some of the most significant cyber threats around the world.
Have they been behind?
I think they have been a little bit.
They've been a little bit isolated and not leaning as forward as they can or as their
technology sector and capabilities would allow them to.
And one of the notable things under the prime minister, prime minister, Takiichi is really just
in the last year they have made tremendous strides forward in being more aggressive, more
direct in building their own relationships around the world, not just with cybersecurity, but with
national security and defense, certainly taking kind of a more of a leadership position.
My understanding is that Japan has implemented unified cybersecurity standards.
How does that apply specifically to space systems?
Yeah, so Japan kind of broadly speaking, and again, especially with this administration,
has recognized that space and critical infrastructure are.
active targets. For example, Jaxsa has been breached. Jackson being their version of NASA,
has been breached twice in recent history with major cyber intrusions. And then observing what
occurred in the early days of Ukraine with the VASAT attack, Japan's kind of recognized that their
core critical infrastructure is held at threat and is trying to make Enroads in addressing that.
They're doing that through a few different ways. One, as you mentioned, kind of universal standardization,
but also laws.
So in May of last year, they passed what's called the active cyber defense law, which enables them to take more what we would call in this country more offensive, but they're calling active cyber defense against adversaries and critical sectors.
And so this recent announcement about the space sector and the risks of space sector, but also the investment, it's looking like about almost 60 billion this coming year that the Japanese government's going to invest in.
in space security using a space strategy fund
is specifically around kind of modernizing these architectures
and trying to bring in not just the technology,
but actually the talent and the training
and the resources to build up their domestic capability.
Can we touch on the perceived asymmetry here?
I mean, cybersecurity, you often hear it described
as being asymmetric.
Does that apply in the context of space systems as well?
It does.
I think that that idea of,
kind of the offense, defense, balance, the asymmetry between the two is probably kind of
changing as these AI threats kind of move into the market. I actually think that it might,
this is another podcast, but it might level the playing field a little bit. So this asymmetry,
it does exist, you know, that's kind of a classic view on the security paradigm. I think what's more
interesting here is the recognition that national critical infrastructure in Japan, this is true in the
U.S. as well, relies on other pieces of infrastructure. So the water treatment facilities rely on
energy and rely on space communications and rely on telecommunications and all of those vice versa,
that there is no isolated siloed piece of critical infrastructure and that we can't allow one domain
to lose investment or to be insecure.
And so we actually need to invest in all of them simultaneously
and think about how they interconnect,
think about how the vulnerabilities in space communications
and satellite infrastructure and ground stations
might actually affect the security of the energy infrastructure
or the port infrastructure or the transportation infrastructure
and recognizing that these systems are actually
just like the internet itself,
interconnected.
Japan launched a space ISAC back in 2024, and they're signaling that perhaps they want to
engage more international cooperation.
Are you tracking that trend as well?
Does it seem like, to what degree is Japan being insular and to what part are they actively
seeking out collaboration globally?
Yeah, so that the same act that was passed last May called the Active Cyber Defense Act,
actually has three pillars. One of them is the one that I mentioned kind of reaching out and
touching the bad guys. But another pillar, one of the three pillars, is actually titled
Public Private Partnerships or Public Private Collaboration. And so very intentionally,
including investment and resources in collaborating, not just with public private internal
to Japan, but actually internationally. This is something that I do in my role with NTT's work
very closely with members of the Japanese government and their cybersecurity office, building
relationships between them and foreign nations and foreign partners in the U.S., the U.K., etc.
So there's active investment.
And, you know, another example I'll give of Japan's kind of shifting perspective under
Prime Minister Takeichi is just starting a few weeks ago and going through the coming weeks,
Japan has been an active participant in a military exercise in the Philippines.
This is the first time that's happened where Japan forces have been on the ground in the Philippines,
working alongside the U.S., the Philippines, the French, the Australians, in a multilateral exercise testing,
not just offensive military equipment, but communications and intelligence processes, et cetera.
And so this is kind of showing that Japan is taking more of an active leadership role,
especially in the Western Pacific region along these pathways.
Brandon Karp is leader of international public-private partnerships at NTT.
Brandon, thanks so much for joining us.
Thank you, Dave.
Most environments trust far more than they should, and attackers know it.
Threat Locker solves that by enforcing default deny at the point of execution.
With Threat Locker Allow listing, you stop unknown executables cold.
With ring fencing, you control how trusted applications behave,
and with Threat Locker, DAC, defense against configurations,
you get real assurance that your environment is free of misconfigurations
and clear visibility into whether you meet compliance standards.
Threat Locker is the simplest way to enforce zero-trust principles without the operational pain.
It's powerful protection that gives CISO's real visibility, real control, and real peace of mind.
Threat Locker makes zero-trust attainable.
even for small security teams.
See why thousands of organizations
choose Threat Locker to minimize
alert fatigue, stop ransomware
at the source, and regain control
over their environments.
Schedule your demo at Threatlocker.com
slash N2K today.
And finally,
security researcher Andreas McCree
found a long list of vulnerabilities
in Yarbo-Robotic Yard Equipment,
including flaws that exposed Wi-Fi passwords, GPS locations, camera access, and remote control functions.
McCree demonstrated the risk by remotely commandeering his own lawnmower and letting it run over him,
which is one way to make a point during vulnerability disclosure.
Presumably, he had the blades disabled.
According to the research, Yarbo devices shared a hard-coded root password and relied on persistent remote access time,
users could not disable. Weak protections around messaging meant access to one robot could
potentially expose the broader device fleet. Researchers said attackers could bypass emergency stops,
reactivate mower blades, or use compromised devices for local network attacks and botnet activity.
To Yarbo's credit, the company publicly acknowledged the findings and moved quickly to disable
remote tunnels, reset credentials, and began shifting toward per-device authentication and audited
remote diagnostics. Still, the company plans to retain remote access capabilities, albeit with
tighter controls. The good news is the company patched the vulnerabilities. The bad news is we now
live in a world where rogue lawnmower incident sounds technically plausible. And that's the Cyberwire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at n2K.com.
N2K's lead producer is Liz Stokes.
were mixed by Trey Hester
with original music
and sound designed
by Elliot Peltzman.
Our contributing host
is Maria Vermazas.
Our executive producer
is Jennifer Ibn.
Peter Kilpe is our publisher
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.