US and allies warn of Russian critical infrastructure attacks

Posted in Commentary with tags on July 13, 2026 by itnerd

Cybersecurity agencies from the United States and eight other countries have issued a joint warning that Russian state hackers are targeting vulnerable and poorly configured routers to infiltrate critical infrastructure networks.

Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks. This joint Cybersecurity Advisory (CSA) builds on FBI’s Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure Public Service Announcement of the decade plus FSB Center 16 cyber activity by providing additional tactics, techniques, and procedures (TTPs) to enable defenders to more fully understand and counter the threat.

Commenting on this is Ensar Seker, CISO at SOCRadar: 

“This warning demonstrates that nation-state attackers do not always need a sophisticated zero-day to penetrate critical infrastructure. In many cases, weak router configurations, default SNMP community strings, outdated firmware, and unnecessary exposure of legacy management protocols provide everything they need.

Router configuration files are extremely valuable intelligence. They may reveal network topology, administrative credentials, access-control rules, VPN settings, internal IP ranges, and trusted connections. Once attackers obtain this information, they can identify pathways into more sensitive systems, prepare targeted follow-on attacks, or establish persistent access while remaining below the visibility of conventional endpoint security tools.

Organizations should treat routers and other network appliances as high-value security assets, not passive infrastructure. Defenders should immediately inventory internet-facing devices, replace SNMPv1 and SNMPv2 with properly configured SNMPv3, remove default or shared community strings, restrict management access to dedicated networks, disable unnecessary TFTP and Cisco Smart Install services, update firmware, and monitor for unauthorized configuration exports or changes.

The broader lesson is that critical infrastructure security can be undermined by a single forgotten or poorly managed edge device. Network appliances often sit outside normal endpoint detection coverage, making configuration monitoring, external attack-surface visibility, and continuous validation essential.”

Warnings like these don’t come about every day. Thus you job is to pay attention to these warnings and take action accordingly.

Meta Pulls AI Image Feature From Instagram 

Posted in Commentary with tags on July 13, 2026 by itnerd

Remember the AI image generator that Meta has force fed Instagram users? And the fact that I wrote how to disable it which showed how much of a privacy nightmare it was? Well, I have some good news for you. Meta has had a change of heart based on this statement:

“Our intent was to provide a useful creative tool and to give people control over whether their public ​content could be referenced in this way,”  

And:

“We’ve ​heard the feedback that this feature missed the mark, so ⁠it’s no longer available,” 

Now no longer being available doesn’t make it more private. It just means it’s no longer available for free to the majority of users. If someone is willing to pay enough, privacy won’t be a limiting factor. Keep that in mind as I don’t think we’ve seen the last of this feature.

OpenAI mandates hardware-backed passkeys for access to its most advanced cyber models

Posted in Commentary with tags on July 13, 2026 by itnerd

Yubico has welcomed OpenAI’s decision to require hardware-backed passkeys for individual members of its Trusted Access for Cyber program.

From 1 September 2026, all individual Trusted Access for Cyber members must enable OpenAI’s Advanced Account Security using a hardware-backed passkey to retain access to the company’s most cyber-capable frontier models. Members who do not meet the requirement will return to default model access.

Trusted Access for Cyber provides qualified security researchers and organisations with access to advanced AI capabilities for authorised defensive cybersecurity work, including vulnerability triage and validation, malware analysis, detection engineering and patch validation.

The new requirement reflects the heightened security risks posed by increasingly capable artificial intelligence models and the need to ensure that access remains limited to verified and trusted users.

OpenAI is also strengthening restrictions for high-risk entities and jurisdictions as part of a broader effort to prevent the misuse of advanced cyber capabilities.

Hardware-backed passkeys store authentication credentials in a physical security key rather than synchronising them through software or cloud services. The credentials cannot be copied or remotely extracted, providing stronger protection against phishing, credential theft, adversary-in-the-middle attacks and account takeover.

The mandate comes as cybercriminals increasingly use sophisticated phishing, social engineering and session hijacking techniques to bypass passwords and legacy multi-factor authentication methods such as SMS codes and mobile push notifications.

While traditional account protections can be intercepted, redirected, or socially engineered, hardware-backed passkeys verify both the user and the legitimate service before authentication occurs. This prevents users from inadvertently signing in to fraudulent websites designed to capture their credentials.

Requiring physical, phishing-resistant authentication also makes it considerably more difficult and expensive for threat actors to create, validate and resell compromised accounts at scale.

Through OpenAI’s Advanced Account Security program, users can protect their ChatGPT accounts with security keys while disabling weaker fallback authentication methods that could otherwise be exploited by attackers.

OpenAI already uses YubiKeys internally to protect its employees and infrastructure from sophisticated phishing attacks. The expanded partnership enables eligible users to adopt the same hardware-backed security model.

A custom two-pack of YubiKeys is available to existing OpenAI account holders at preferred pricing. The pack includes:

  • YubiKey C NFC – OpenAI, which enables users to authenticate on compatible phones, tablets and computers using USB-C or a tap through near-field communication.
  • YubiKey C Nano – OpenAI, a low-profile USB-C security key designed to remain connected to a laptop for convenient, ongoing protection.

Once enrolled, users can authenticate through a fast, passwordless process without relying on credentials that can be copied, intercepted or synchronised between devices.

The requirement represents an important shift in AI security, recognising that model safeguards must be supported by strong identity and authentication controls. As access to advanced AI capabilities becomes more valuable, organisations will increasingly need to consider not only what their systems can do but who is permitted to use them and how that access is protected.

More information about Advanced Account Security and the YubiKey offer is available at chatgpt.com/advanced-account-security.

For more information on Yubico, visit www.yubico.com.

Guest Post: Meta’s Muse Image release highlights “consent on” crisis in AI training on social media

Posted in Commentary with tags on July 10, 2026 by itnerd

The launch of Meta’s new Muse Image tool has brought renewed scrutiny to a systemic privacy issue: the “consent on” default setting for AI training on social media. This release marks a significant shift from using data for general model improvements to a more personal and potentially invasive application of generative AI.

“While past AI developments mostly worked out of sight, Muse Image changes the game by letting users directly reference public Instagram accounts to create images using data from those posts. This shift turns the ‘consent on’ default into a critical privacy risk, as individuals have no way of knowing when their personal photos are being harvested as source material for someone else’s AI-generated content,” says Luís Costa, Research and Insights Team Lead at Surfshark.

According to a recent Surfshark study, nearly all major social media platforms prioritize AI development over user privacy by default, using active data collection for model training.

The study found that 8 out of the 10 most popular social media platforms set AI training consent to “on” by default. This “opt-out” rather than “opt-in” model means that unless users proactively navigate complex settings and forms to revoke access, their years of posts, photos, and even private interactions have likely already been integrated into training sets.

“If you’ve ever shared content on social media, it’s highly likely that your photos are already being exploited as a resource for AI training without your clear consent. Our findings revealed that because platforms lack user-friendly opt-out options, much of this data usage is effectively irreversible. Opting out today only prevents future collection, but it cannot undo the training that has already occurred,” says Costa.

The issue of using user content for AI training is also highlighted by other social media platforms, most notably Reddit, which offers no option to opt out of AI model training. Its vast forum discussions are openly used for global AI development, highlighted by contracts with Google and OpenAI to license this user-generated data. In contrast, Discord stands out as the singular exception among the 10 platforms examined. It explicitly states that it does not use user data for AI training.

For the complete research material behind this study, click here.

Note that the IT Nerd has covered mitigating this privacy breach here.

EU unveils AI cybersecurity action plan to build on Cyber Resilience Act

Posted in Commentary with tags on July 9, 2026 by itnerd

The European Commission unveiled an Action Plan on Cybersecurity and Artificial Intelligence aimed at helping Member States, public authorities, and industry address cyber risks associated with advanced AI systems.

The plan includes measures to expand AI-assisted vulnerability detection, establish an EU capability to evaluate advanced AI models, and develop secure testing environments for AI systems. It builds on existing legislation, including the Cyber Resilience Act, the AI Act, and NIS2.

The Commission said the initiative will support the secure development and deployment of AI by strengthening collaboration between governments, industry, and the cybersecurity community. Planned actions include coordinated vulnerability disclosure, AI-powered cyber defense capabilities, and guidance for organizations deploying AI in critical sectors.

The plan’s press release can be found here: New EU plan to address the risks and opportunities of advanced AI for cybersecurity – European Commission

Steven Swift, Managing Director, Suzu Labs provided this comment:

   “The problem with locking new frontier models behind a governmental pre-release screening, is that it gives governments a mechanism to require frontier labs to modify their models in ways that aligns with political preferences, such as selecting which version of the truth they want models to present. While at the same time being able to claim “for better security” as the official reason to gate the release at all.

   “The other problem with it, is that there isn’t really a difference between the offensive and defensive capabilities of a model. Even if screening focus is narrowly focused on cybersecurity capabilities, actively lowering a model’s offensive capabilities directly impacts its ability to perform defensive work. Especially defensive verification, which is critical. Models will hallucinate unpredictably. It is absolutely essential that agentic systems be capable of building tests to verify the validity of results to ensure that hallucinations aren’t present.

   “This makes frontier models more insecure, and makes their use less safe. Despite the entire point of cybersecurity review process to be the opposite.

   “If we are going to gate frontier models behind an approval process, it is absolutely critical that the structured access programs actually function effectively to get legitimate security professionals, and developers access to sensitive unrestricted models, so that appropriate verification and testing can be performed on their own systems.”

Seemant Sehgal, Founder & CEO, BreachLock has this comment:

   “The EU is right to treat this as an infrastructure problem, not a software problem. AI embedded in critical sectors carries the same risk profile as power grids and financial rails in that a failure isn’t an inconvenience, but a systemic event.

   “The window to set baseline security expectations before widespread deployment is already closing. What makes this harder than traditional infrastructure is that AI systems don’t stay static after deployment. The testing frameworks have to keep pace with that. The real question is whether coordinated disclosure and continuously updated validation environments can be stood up before adversaries finish mapping what Europe has already put in place.”

Doc McConnell, Head of Policy and Compliance, Finite State adds this:

   “This action plan presents what the EU sees as an ideal ecosystem to support safe, responsible, and innovative development and utilization of AI across the Union. That vision is ambitious, including a stronger system of third-party AI evaluators, sovereign AI capacity, multi-state workforce training, and secure testing platforms. These will require significant investment, international coordination, and development of new technology. And as the EU works to achieve these goals, existing frontier labs will continue to innovate, and new open-weight models may emerge.

   “The specificity of this action plan stands in contrast to the U.S. policy on AI security, as laid out in the June 2026 Executive Order Promoting Advanced Artificial Intelligence Innovation and Security. Although the goals are similar, including protection of critical infrastructure, early government access to cybersecurity tools, and the promotion of innovation, the U.S. approach is much more open-ended.

   “I expect that neither approach will fully meet this moment, and we will see national policies have to adapt along with the technology they are seeking to oversee. The action plan describes a promising future: one of “unprecedented opportunities to enhance cyber resilience.” That is the goal to keep in mind. Even as plans, priorities, and AI models change, we must all, individual technologists and commercial companies, as well as policymakers, make choices that prioritize AI as an enabler of better defense, greater resilience, and stronger international security.”

The US and other countries that are not in the EU should copy what the EU is doing as the EU has the right idea here. And other countries when all is said and done are on the wrong side of history.

Freedom Mobile Sends Out Survey Asking If Users Would Pay $8 Monthly for “Security”…… WTF??

Posted in Commentary with tags on July 9, 2026 by itnerd

So get this. Freedom Mobile, which I have touted as a possible alternative to the “Big Three” telecoms have sent out a survey. Now there’s nothing unusual about a telco sending out a survey as telcos do that all the time. But this was different. One of the questions as captured by a Reddit thread was:

“If these advanced security features were offered by Freedom Mobile at an additional cost of $8 per month (on top of your mobile service plan), how likely would you be to subscribe?*

(Advanced security features: Encrypted text messages and voicemail, spam call detection, SIM swap protection, improved account sign-in security, and location privacy)”

The fact is that “Advanced security features” such as sim swap protection, spam call detection and the like would sit behind any sort of paywall is a #EpicFail on the part of Freedom Mobile. Doubly so given that they log in process quite frankly epically sucks beyond any belief as I covered here. The fact is that this should be the least that a carrier offers. Plus Freedom Mobile’s log in process needs a serious overall. As in they need to adhere to modern security standards such as multi factor authentication or some sort of passwordless authentication. Passkeys for example.

Now to be fair, Freedom Mobile haven’t announced any changes. Yet. But the fact that a survey like this has gone out shows that they are thinking about making changes. And like those who are part of this Reddit thread, I will be much more likely to dump Freedom Mobile if these changes are implemented. But I guess that Freedom Mobile feel that they need to generate revenue somehow. And simply stealing customers from the “Big Three” isn’t enough. I’d ask Freedom Mobile for their side of the story, but they won’t talk to me. So I guess I will have to see how this plays out. If they are smart, they make sure that it plays out in a way that customers win.

A New Ransomware Leader Emerges as June 2026 Attack Volumes Climb Worldwide

Posted in Commentary with tags on July 9, 2026 by itnerd

Check Point’s June 2026 Monthly Cyber Threat Statistics reveal a significant increase in global cyberattacks, with organizations experiencing an average of 2,270 weekly cyberattacks, up 17% year-over-year and 10% month-over-month. The report also highlights a 33% increase in ransomware activity, with The Gentlemen emerging as the most active ransomware group, alongside continued concerns around GenAI-related data leakage risks, as 1 in every 26 GenAI prompts carried a high risk of exposing sensitive information.

Key takeaways
  • Weekly cyber-attacks per organization reached 2,270 in June 2026, up 10% from May and 17% higher than June 2025
  • Education, Government, and Telecommunications again sat at the top of the industry list, with Education and Telecommunications posting double-digit gains while Government rose 5% year over year
  • Most regions grew year over year, led by Latin America at a 27% increase, while Africa was the exception with a 9% decline
  • GenAI exposure held roughly steady, though Healthcare and Telecommunications emerged as the industries carrying the most risk from unsafe prompts
  • Ransomware attacks reached 646 for the month, a 33% jump from June 2025, and The Gentlemen overtook Qilin as the most active group
A Global Rebound That Reaches Every Region

June reversed the brief calm of May. Organizations faced an average of 2,270 weekly cyber attacks, a 10% rise from the previous month and a 17% increase compared with June last year. What makes this month notable is not just the size of the jump but its reach. Rather than one region or sector absorbing the bulk of the growth, the increase showed up almost everywhere at once, suggesting attackers spread their effort wider rather than concentrating it.

Which Industries Faced the Most Attacks?

Education remained the most targeted sector, with organizations facing an average of 4,816 weekly attacks, a 16% climb from June 2025. Open campus networks, constant device turnover, and thin security budgets keep making schools and universities an easy draw for attackers. Government followed at 2,836 weekly attacks, up 5%, and Telecommunications came in close behind at 2,835, a 13% rise. Together these three sectors continue to absorb a disproportionate share of global attack volume, a pattern that has held steady across recent months even as the specific numbers shift.

Figure 1: Global average weekly cyber-attacks per industry, June 2026 vs June 2025

Which Regions Saw the Sharpest Increase?

Latin America held its position as the most attacked region, with organizations reporting 3,501 weekly attacks on average, a 27% increase over June 2025. APAC followed at 3,060, a smaller 5% rise, while Africa posted 3,008 weekly attacks, down 9% from a year earlier, its only decline among the five regions tracked. Europe and North America both saw sharp jumps, up 22% and 14% respectively, pushing every region into growth except Africa.

Figure 2: Weekly cyber-attacks per organization by region, June 2026

GenAI Exposure: Where the Risk Concentrates

GenAI exposure has become one of the clearest examples of how everyday business behavior can create security risk. In this context, the risk is not about attackers using AI or flaws in the models themselves. It is about what employees place into prompts: customer records, internal documents, infrastructure details, legal material, financial data, or HR information that may be copied into public or unmanaged GenAI tools.

The June data highlights three main signals:

  • High-risk prompts are common: 1 in every 26 GenAI prompts from enterprise networks carried a high risk of sensitive data leakage, equal to a global exposure rate of 3.9%
  • The risk is widespread: 85% of organizations that regularly use GenAI tools were affected by high-risk prompt activity
  • Sensitive information is frequently present: A further 27% of prompts contained potentially sensitive information
  • Adoption is broadening: Each organization used an average of 7 different GenAI tools over the past month, while the average user generated 78 prompts

That level of activity suggests GenAI is no longer a side experiment in many workplaces. It is becoming part of daily workflows, often faster than data protection policies, user training, and technical controls can adapt.

The highest-risk regions and industries stood out clearly against the 3.9% global benchmark. Looking at where this risk lands, Latin America stood out as the highest risk region at 5.2%, well above the global rate. Europe matched the global average of 3.9%, while North America and APAC came in slightly under it, at 3.6% and 3.5%. By industry, Healthcare and Medical carried the heaviest exposure at 5.7%, followed by Telecommunications and Business Services, both at 5.1%, and Information Technology at 4.1%.

Figure 3: High risk prompts per region, June 2026

Personal data made up the largest share of sensitive content flowing through these prompts, appearing in 80% of organizations, followed by network and infrastructure details at 62%, legal and regulatory material at 61%, financial data at 60%, and employee records at 57%. Taken together, these figures point to a workforce that treats GenAI tools as a general-purpose assistant, feeding them exactly the kind of material that governance policies are meant to protect.

Figure 4: The types of data flowing through AI prompts

This shows that GenAI exposure is not limited to one department or one type of task. It cuts across personal, technical, legal, financial, and workforce-related data, making prompt-level visibility and governance increasingly important as enterprise GenAI use continues to grow.

Figure 5: High risk prompts by industry, June 2026

Ransomware Keeps Climbing, With Business Services in the Crosshairs

* This ransomware data draws from ransomware “shame sites” operated by double-extortion groups, which publicly disclose victim information. While these sources have inherent biases, they provide valuable insight into the ransomware landscape.

Ransomware attacks totaled 646 in June, a 33% increase over the same month in 2025. Business Services remained the most affected industry, responsible for 31% of reported victims, followed by Consumer Goods and Services at 16% and Industrial Manufacturing at 14%. Two trends stand out over the past three months. Consumer Goods and Services has climbed steadily, from 14% of victims in April to 15% in May and 16% in June, and Government has moved even faster, rising from 4.0% to 4.3% to 5.4% across the same stretch.

Figure 6: Percentage of ransomware victims by industry, June 2026

Figure 7: Share of global ransomware victims by industry, April – June 2026

North America accounted for 44% of reported ransomware incidents, with APAC at 23% and Europe at 22%. APAC saw the sharpest shift of any region, its share of global victims rising from 16.8% in April to 22.6% in June, a jump of over a third in just two months.

Figure 8: Ransomware victims by region, June 2026

A New Name at the Top of the Ransomware Leaderboard

The Gentlemen was the most prevalent ransomware group in the past month, responsible for 17% of the published attacks, overtaking Qilin, which accounted for 11%. LockBit also recorded a significant increase, rising from 1% of published attacks in the previous month to 7%, making it the third most prevalent ransomware group.

  • The Gentlemen: The Gentlemen is a fast growing Ransomware-as-a-Service operation founded in mid-2025 by a Russian-speaking operator (Hastalamuerte) who previously worked as an affiliate across Qilin, Embargo, LockBit, Medusa, and BlackLock before launching his own platform after a dispute with Qilin. The group openly recruits affiliates in various forums and uniquely functions as both a RaaS provider and an Initial Access Broker, offering affiliates self-service access to approximately 14,000 pre-exploited FortiGate devices (CVE-2024-55591). With over 320 DLS-claimed victims and an estimated 1,570+ actual compromises revealed through Check Point Research’s analysis, The Gentlemen has established itself as a top-7 global ransomware threat in under a year. The group’s cross-platform lockers target Windows, Linux, and ESXi (C-based), and their latest May 2026 operator communication announces a shift from blunt-force BYOVD-based EDR killing to surgical userland evasion techniques. The group’s geographic targeting is notably atypical, with the US representing only 12% of victims (vs 50% ecosystem average), reflecting a device-driven victim selection model shaped by the FortiGate stockpile rather than deliberate geographic preference.
  • Qilin: Qilin is one of the most established RaaS groups, with a consistent track record of victim disclosures dating back to 2022. Originally operating under the name “Agenda,” the group rebranded as “Qilin” by September 2022, introducing a Rust-based encryptor and expanding its RaaS infrastructure. It provides affiliates with a full-featured toolkit via a dedicated administrative panel, including an encryptor, negotiation infrastructure, and support services. Following RansomHub’s retirement, Qilin intensified its affiliate recruitment efforts and, since March 2025, has significantly increased the volume of victim listings on its data leak site (DLS).
  • LockBit: LockBit is a ransomware-as-a-service (RaaS), that was first launched in September 2019 and was updated and improved in June 2021. LockBit targets large enterprises and government entities from various countries and does not target individuals in Russia or the Commonwealth of Independent States. LockBit shares details of their victims on a Tor-hosted leak site along with the countdown to the date and time at which stolen data will be published unless the ransom payment is received. LockBbit is considered to be the fastest ransomware in terms of encryption speed.
Frequently Asked Questions About June 2026’s Cyber Threat Landscape
  • Why did cyber attacks increase across nearly every region in June? The growth was broad rather than concentrated in one place, which points to attackers expanding their targeting rather than focusing on a single weak point. Latin America and Europe saw the steepest year over year gains, while Africa was the only region to post a decline.
  • Which industries face the highest GenAI data leakage risk? Healthcare and Medical carried the highest risk at 5.7% of prompts, followed by Telecommunications and Business Services at 5.1% each, and Information Technology at 4.1%. All four sat above the global average of 3.9%.
  • Why did The Gentlemen overtake Qilin as the top ransomware group? The Gentlemen built rapid scale through self-service access to a large pool of pre-exploited devices and an aggressive affiliate recruitment model, letting it grow into a leading threat within about a year of launching. In June it accounted for 17% of published attacks against Qilin’s 11%.
  • Is ransomware activity still concentrated in North America? Yes, though less so than before. North America still accounts for 44% of reported victims, but APAC’s share grew sharply, from 16.8% in April to 22.6% in June, making it the fastest growing region for ransomware activity.
  • Reading June Correctly: The headline number tells a straightforward story: attacks are up, broadly and consistently, across regions that had shown mixed signals in prior months. The more useful story sits underneath it. Ransomware is not just growing, it is reorganizing at the leadership level, with a group that barely existed a year ago now setting the pace. GenAI risk has not spiked, but it has settled into a steady baseline that most organizations still have not built the right controls around. None of this points to a single fix. It points to the same conclusion every month like this one does, that a prevention first strategy across network, cloud, endpoint, and user activity is the only approach built to keep up with a landscape that keeps shifting shape.

“Friendly Fire” exploit highlights growing risks in AI-assisted code review

Posted in Commentary with tags on July 9, 2026 by itnerd

The “Friendly Fire” proof-of-concept highlights a difficult reality in AI security: the very tools built to detect malicious code can be tricked into running it. Researchers got Claude Code and OpenAI Codex, in their autonomous modes, to execute a hidden malicious binary just by hiding instructions in an ordinary README file, no config-file trust prompt, no elevated access required, just a routine “run this security check” request. 

Eljan Mahammadli, Head of AI Provenance, Polygraf AI had this to say:

“The important part of AI Now’s Friendly Fire research is the weakness it exposes, rather than the specific binary or poisoned README the researchers used to demonstrate it. An AI coding agent has no reliable way to distinguish the text it reads from instructions it is supposed to follow. A model processes everything in its context window as one stream of tokens, so the operator’s request to review the code and a third-party repository’s README arrive carrying the same authority. Once the malicious instruction is in the context, nothing marks it as untrusted. This is why the same weakness keeps surfacing through different channels: a booby-trapped repository in Adversa’s TrustFall, a fake Sentry bug report in Tenet’s Agentjacking, and now an ordinary README file here. It also explains why a model update will not close it, because the problem is a property of how these systems handle language and not a defect that can be trained away. In provenance terms, this is a failure of attribution: the agent acts on text without any dependable sense of where it came from or whether that source should be trusted.

I would push back on reading this as an argument against using AI for defensive security work, and I say that as someone who builds AI security tooling for a living. The research does not condemn AI-assisted defense as a category. What it condemns is one configuration that happens to be common: an agent that reads untrusted data, can run arbitrary commands, and can reach the developer’s credentials and host, all in the same process, with a safety classifier as the only thing standing between those capabilities. When those powers sit together, a single injected instruction is enough to turn the agent against its operator. When they are separated, most of the attack stops working. The durable control has to live in the runtime around the model. It should inspect what a tool or file hands the agent and refuse to let externally sourced text escalate into command execution. Sandboxing helps, but it is not sufficient on its own; Claude Code’s own sandbox had an escape vulnerability disclosed this year (CVE-2026-39861).

The detail worth sitting with is that some of the newer, more capable models actually detected the mismatch, recognizing that the binary did not correspond to the source it was supposed to come from, and then ran it anyway. The common assumption is that a more capable agent is a safer one. This research suggests a more capable and more compliant agent can simply be a more effective executor of whatever instruction reaches it, an attacker’s included. Capability without a trustworthy sense of source does not amount to defense. Governments and vendors are now moving quickly to place these agents inside security workflows and critical infrastructure, well ahead of any real solution to the weakness this work documents. Before we ask an agent to guard code we do not control, we should be honest that it still cannot answer a simple question about the text in front of it: who wrote this, and should I trust them?”

Again, I get to say that this highlights the fact that:

  1. AI needs to have human supervision.
  2. Security needs to take into account AI in order to be effective.

Otherwise, you can guarantee that bad things will happen to organizations that don’t take both of those items into account.

ESET Threat Report: AI boosts cyber attackers’ efficiency

Posted in Commentary with tags on July 9, 2026 by itnerd

ESET Research has released its H1 2026 Threat Report, which summarizes threat landscape trends seen in ESET telemetry, as well as insights from ESET threat detection and research experts, from December 2025 through May 2026. The first half of 2026 shows how attackers continue to improve the efficiency and scalability of their operations. Artificial intelligence (AI) is playing a growing role in this development. ESET analyzed nearly 900,000 AI skills – small functional components used by AI agents – and identified tens of thousands of suspicious and thousands of outright malicious instances. AI is also beginning to appear within malware itself: ESET researchers have identified PromptSpy, the first known Android malware to use generative AI in its execution flow.

AI skills are small add-ons or sets of instructions that instruct an AI agent how to perform a specific task, including which services or tools to use and what data to access. The published report covers details about malicious AI skills using third-party hacking tools such as Mimikatz or Impacket and a suspicious self-modifying skills designed to create a persistence mechanism (JSON file) and a tool for self-modification (Python code). This can lead to unpredictable behavior of the agent or its abuse by an attacker. And finally, there are benign but problematic skills such as those marketed as security scanners, which create a false sense of security but implement only basic scanning techniques – like AV tools from the 1990s – or simply query the reputation of hashes, URLs, and IP addresses on VirusTotal.

Meanwhile, ClickFix – a social engineering technique leveraging fake error messages – has expanded beyond fake CAPTCHA prompts into AI-themed help pages, browser extensions, and cloud authentication scenarios. AI-fix shows how adversaries exploit trust in generative AI, embedding ClickFix compromise chains into AI-generated troubleshooting content to nonexistent issues on pages that abuse domains of AI powerhouses. ConsentFix highlights an evolution toward token theft, combining ClickFix-style interaction with OAuth authorization abuse to hijack cloud accounts without the need to steal credentials, often bypassing MFA and relying entirely on legitimate login workflows. ESET detections of this vector more than doubled between H2 2025 and H1 2026, indicating sustained activity and adaptation.

Phishing campaigns are also evolving in response to user behavior. QR code phishing – also known as quishing – has reached record levels in ESET telemetry, with attackers embedding malicious links in QR codes to bypass inspection and shift user interaction to mobile devices while exploiting the implicit trust many people place in the barcodes with square patterns. Approximately 11% of all detected phishing emails in H1 2026 utilized QR codes, and QR code phishing threats were most prevalent in the US (19% of detections), Spain (17%), and Mexico (6%).

Last but not least, ransomware activity showed no signs of slowing down, with the continued use of EDR killers – tools designed to disable security software during attacks. ESET Research has documented over 100 different EDR killers used in the wild, with new variants appearing regularly. The number of ransomware attacks continued to grow in H1 2026, but the number of victims willing to pay reached all-time lows. Three recent industry reports confirmed this downward trend, reporting a 14–28% share of paying victims.

For more information, check out the ESET Threat Report H1 2026 on WeLiveSecurity.com. 

Comparitech Healthcare Ransomware Roundup: H1 2026 stats on attacks, ransoms, and data breaches

Posted in Commentary with tags on July 9, 2026 by itnerd

Comparitech researchers have published a new study looking at ransomware attacks against the healthcare sector in H1 2026. 

According to the findings, during the first six months of 2026, the healthcare sector suffered an average of 2.3 ransomware attacks per day. Attacks increased by nearly 14 percent when compared to H2 2025, rising from 360 to 410.

Rebecca Moody, Head of Data Research at Comparitech, provided the following comment: 

“As ransomware attacks remain at a consistently high level, the healthcare sector is no exception. Here, attacks continue to increase, particularly among healthcare businesses (e.g. pharmaceutical manufacturers, drug wholesalers, and medical billing providers). This means healthcare providers (those offering direct care) continue to face the threat of attacks within their own systems and within the systems of the third parties they entrust to carry out various services. 

The March 2026 attack on the University of Mississippi Medical Center, which caused two weeks of disruptions, serves as a stark reminder of the devastating impact system encryption can have on healthcare providers. Meanwhile, attacks on third parties, like Unimed in Germany, demonstrate the far-reaching consequences of data theft following these attacks. In Unimed’s case, numerous clinics and hospitals were impacted, with the breach figure growing into the hundreds of thousands.”

You can read the research here: https://www.comparitech.com/news/healthcare-ransomware-roundup-h1-2026-stats-on-attacks-ransoms-and-data-breaches/