Archive for March 6, 2026

CloudSEK Identifies 40,000+ Exposed US Industrial Systems Vulnerable to AI-Assisted Recon as Iranian-Aligned Groups Mobilise

Posted in Commentary with tags on March 6, 2026 by itnerd

CloudSEK researchers have documented how artificial intelligence has fundamentally collapsed the barrier to targeting industrial control systems, compressing what once required weeks of specialist knowledge into a five-minute reconnaissance workflow. 

The findings come as the 28 February 2026 US-Israel strikes against Iran triggered the largest single-event activation of Iranian-aligned cyber actors ever documented, with over 60 hacktivist groups mobilising within hours – many without deep ICS expertise, but now equipped with AI tools that make that expertise unnecessary.

Key Findings

  • CloudSEK identified 40,000+ internet-exposed US industrial control systems immediately discoverable using AI-assisted reconnaissance – and confirmed that a passive five-minute workflow using free tools can identify live devices, retrieve default credentials, map accessible interfaces, and enumerate CVEs without authenticating to or probing a single system.
  • OpenAI confirmed in October 2024 that Iranian-affiliated actors (CyberAv3ngers) used ChatGPT to conduct ICS reconnaissance, querying default credentials for industrial devices, generating Shodan search strings, and requesting automation scripts – one of the first documented use of a commercial LLM by a state-affiliated actor against critical infrastructure.
  • More than 60 Iranian-aligned hacktivist groups mobilised within hours of the 28 February 2026 strikes. The death of Supreme Leader Khamenei disrupted IRGC command structures, removing the political constraints that historically governed Iranian cyber targeting. Proxy and hacktivist groups now operate without accountability for civilian harm.
  • US government reporting confirms 75+ US ICS devices were compromised in campaigns linked to the same threat ecosystem, including 34+ in the Water and Wastewater sector. The 2023 Aliquippa water plant compromise – forced onto manual operations by a default password – is the documented template these groups are replicating.
  • Internet exposure across OT and ICS environments is worsening: 35% year-on-year growth in exposed systems and a 160% surge in Unitronics port 20256 exposure, despite two years of CISA advisories following the Aliquippa attack (ReliaQuest, H1 2025).

Why This Matters

The real shift is not in malware sophistication. It is in speed, scale, and accessibility. AI is enabling less technically mature actors to perform ICS reconnaissance that once required years of specialist knowledge.

 In a conflict environment where over 60 groups are simultaneously activated and seeking accessible targets, AI compresses the cycle from intent to impact.

CloudSEK researchers reproduced the AI-assisted reconnaissance chain as a passive research exercise, mirroring the confirmed methodology. Following the same process, researchers identified multiple live instances of unauthenticated, internet-exposed ICS systems with direct operational impact potential. 

CloudSEK notes that the passive nature of this research, standard HTTP requests against publicly indexed systems, is indistinguishable from what a threat actor would perform.

The cyber fallout from the Iran-US conflict is not limited to advanced state-linked operators. Loosely aligned hacktivists and proxy actors can now use AI-assisted workflows to identify and prioritise exposed industrial assets in real time, increasing the risk of opportunistic disruption to water treatment, energy distribution, fuel management, and manufacturing operations.

The same 28 February window also saw OpenAI confirm a partnership with the US Department of Defense, triggering a 295% spike in ChatGPT app uninstalls (Sensor Tower via TechCrunch). As commercial AI platforms face governance pressure around military use, threat actors migrate to unconstrained alternatives. The safety guardrails that limited CyberAv3ngers on ChatGPT in 2024 are a floor, not a ceiling.

Immediate Defensive Priorities

CloudSEK recommends that organisations urgently:

  • Remove ICS management interfaces from the public internet immediately and place them behind VPN. This single action eliminates the AI-assisted passive reconnaissance attack path entirely.
  • Change default credentials on all deployed ICS devices. The Unitronics default password 1111 is in a vendor manual, in CISA Advisory AA23-335A, and in active use on internet-exposed devices today.
  • Block industrial protocol ports at the perimeter: TCP 20256, 102, 502, 44818, 1911 and UDP 47808 have no legitimate reason to be directly internet-accessible.
  • Audit all third-party remote access to OT environments. IT managed service providers with tools on OT networks are confirmed entry points for supply chain attacks.
     

CloudSEK’s findings are based on passive reconnaissance of publicly indexed information and exposed web interfaces, without logging into or actively probing any system.

You can read the research here: AI, the Iran-US Conflict, and the Threat to US Critical Infrastructure | CloudSEK

Leave a comment »

The Company Reviewing Meta Glasses Footage Has a Security Problem

Posted in Commentary with tags on March 6, 2026 by itnerd

Mike Bell, Founder and CEO of Suzu Labs, has just published the research blog “The Company Reviewing Your Meta Glasses Footage Has a Security Problem.” 

“Last week, Swedish journalists revealed that Meta sends video footage from Meta Ray-Ban smart glasses to human data annotators at Sama, a San Francisco-based outsourcing company that runs its annotation workforce out of Nairobi, Kenya. Workers described seeing footage of people in bathrooms, bedrooms, and intimate situations. The UK’s Information Commissioner opened a probe. The story dominated privacy news for days,” Bell said.

“Nobody asked the obvious follow-up question. How secure is Sama? We did. And the answer isn’t reassuring.”

Sama Credential Exposure on the Dark Web: Suzu Labs ran dark web intelligence against Sama’s corporate domain (sama.com) using its threat intelligence platform. Within the last 90 days alone, Suzu Labs identified 118 credential entries tied to sama.com circulating across Telegram channels, underground forums, and breach databases. The results were alarming, including the fact that eighty-three of the entries included plaintext passwords.

Suzu Labs research reveals just how shaky Sama’s current (December 2025-Feb. 2026) security posture is. “Most of these credentials didn’t come from some third-party breach where Sama employees happened to have accounts. Roughly 87% came from info-stealer malware logs. That means malware was running on machines used by people with sama.com email addresses, pulling credentials and session tokens directly off the endpoint. The stealer takes everything on the machine. It doesn’t filter by importance.”

The research also evaluates risks to AI training data and other Sama clients, and offers recommendations – for Meta, for Sama, and for every organization.

The Company Reviewing Your Meta Glasses Footage Has a Security Problem: https://suzulabs.com/suzu-labs-blog/the-company-reviewing-your-meta-glasses-footage-has-a-security-problem

Leave a comment »

2015 vs. 2025: How password habits have evolved over the past 10 years

Posted in Commentary with tags on March 6, 2026 by itnerd

ExpressVPN has published an article on the evolution of password security over the past 10 years. Cybersecurity researcher Jeremiah Fowler has published an analysis of part of the data from the recent 149 million credentials leak on the ExpressVPN blog, comparing current password habits with those from a decade ago.

During this research, Jeremiah noted some interesting and concerning findings:

  • Only 15% of the passwords from 2025 could be classified as complex.
  • 85% of current passwords typically contain known patterns from prior breaches or password-guessing models.
  • It’s still common for people to reuse passwords across multiple accounts.

Jeremiah published his detailed report on the ExpressVPN blog here: https://www.expressvpn.com/blog/password-security-2015-vs-2025/

Leave a comment »

Cloud Misconfigurations vs Vulnerabilities: What’s the Difference?

Posted in Commentary with tags on March 6, 2026 by itnerd

Uzair Gadit, Founder & CEO of Dubai-based Secure.com, has just published “Cloud Misconfiguration vs Vulnerability: What’s the Difference? Most cloud breaches aren’t hacks — they’re open doors you forgot to close.“.

The brief post equates mis-configurations. versus vulnerabilities as analogous to open doors versus broken locks.

 “Most IT teams treat every cloud security issue the same way. A new CVE drops? Patch it. But what about the S3 bucket someone left public last Tuesday? That doesn’t show up in a CVE database. It shows up in a breach report.

“Cloud environments are not static. Every new service spun up, every new developer onboarded, every shortcut taken under deadline pressure is a chance for a setting to go wrong. The confusion between misconfigurations and vulnerabilities is costing companies millions — not because they don’t care, but because they’re solving the wrong problem,” Uzair said.

He notes that most security budgets are built around patch management which makes sense on prem, but in the cloud is the wrong playbook.

Uzair offers specific vendor neutral recommendations and key takeaways:

  • A leading analyst organization estimates 99% of cloud security failures come from misconfigurations — not software bugs.
  • Misconfigurations are easier to exploit. No hacking skills required. A Google search can find an exposed S3 bucket.
  • Shadow IT and cloud sprawl cause “configuration drift”, i.e. settings that slowly become unsafe as environments grow.
  • The fix is a mix of automated audits (CSPM tools), least-privilege access, and shift-left security in your CI/CD pipeline.

Cloud Misconfiguration vs Vulnerability: What’s the Difference? Most cloud breaches aren’t hacks — they’re open doors you forgot to close: https://www.secure.com/blog/cloud-misconfiguration-vs-vulnerability

Leave a comment »

Women Funding Women Launches the Be Bold Challenge to Turn The Wealth Transfer into Economic Power

Posted in Commentary with tags on March 6, 2026 by itnerd

On International Women’s Day 2026, under the global theme Give to Gain, Women Funding Women Inc. (WFW) is pleased to announce the launch of The Be Bold Challenge, anchored by a strategic framework known as the Three Cs, designed to move Canadian women from wealth ownership to economic power.

Over the next decade, women in Canada will control close to $4 trillion in financial assets, nearly half the nation’s wealth. This is part of an estimated $124 trillion global wealth transfer underway. This historic shift presents a rare opportunity to reshape who builds, leads, and scales Canada’s innovation economy.

Yet a stark contradiction remains.

Despite women founding roughly one in five new businesses, women-led ventures continue to receive less than 4%, and often closer to 2%, of venture capital funding.

The Be Bold Challenge: Introducing the Three Cs

As part of International Women’s Day 2026, WFW is formally introducing the Three Cs as the strategic foundation of The Be Bold Challenge:

Changing the Paradigm
When women back women, we don’t just close the funding gap, we redefine who gets to build, lead, and scale the next generation of companies. This is a call for women to step forward as capital decision-makers and lead boldly at a moment when leadership matters.

Creation of Wealth
Women must move away from fear of risk and toward calculated risk-taking. Women may take more time to make investment decisions, but once committed, they are persistent and thoughtful, qualities that are financial strengths. Venture investing is a legitimate path to prosperity, and women must fully participate in the wealth creation men have benefited from for generations.

Collective Collaboration
Systemic change does not occur in isolation, it is built through deliberate, collective action. When we widen our networks, normalize women as both founders and funders, and create trusted spaces where women can pitch, invest, mentor, and champion one another, collaboration moves from conversation to capital deployment. In that environment, collective collaboration becomes not just supportive – but catalytic – driving change in the economy.

At the same time, durable transformation requires inclusive partnership. Engaging male allies and champions strengthens the ecosystem, expands access to capital and influence, and reinforces that closing the funding gap is not a women’s issue, it is an economic imperative.

Founder Capital in Action

In keeping with the principles of the Three Cs, the three co-founders of WFW and their Advisory Council are publicly disclosing a selection of women-led Canadian ventures in which they are personally invested, demonstrating leadership by example and reinforcing that angel investing is a disciplined asset class, not a symbolic gesture.

To learn more about the Be Bold Challenge and see a list of companies members of Women Funding Women are invested in visit https://womenfundingwomen.ca.

Leave a comment »