How the February 28 Strikes Triggered a New Wave of AI-Assisted Attacks on US Critical Infrastructure

Posted in Commentary with tags on March 9, 2026 by itnerd

CloudSEK has posted a pair of research reports that are highly relevant to the cyber dimension of the Iran-US conflict, especially in light of developments since the February 28 strikes.

Following the February 28 US-Israel strikes on Iran, CloudSEK has documented an immediate and significant surge in Iranian-aligned cyber activity targeting US critical infrastructure, with AI now acting as a direct force multiplier for threat actors.

The key findings:

  • Over 60 Iranian-aligned hacktivist groups activated on Telegram within hours of the February 28 strikes, the largest single-event mobilization of this ecosystem ever recorded.
  • An Electronic Operations Room was formed on Telegram to coordinate attacks, operating on ideological initiative rather than central state direction, which makes activity harder to predict and constrain.
  • More than 40,000 US industrial control systems are currently reachable on the public internet, many with default or no credentials, representing an immediately exploitable attack surface.
  • CloudSEK researchers demonstrated that an actor with no prior ICS knowledge can move from intent to a working list of accessible US industrial targets in under five minutes using AI tools and passive reconnaissance. No scanning, no exploitation, no specialist knowledge required.
  • The same AI platforms now embedded in US defense operations are accessible to threat actors for offensive reconnaissance, creating a dual-use dynamic that significantly widens the threat.

Both reports are primary-sourced, technically detailed, and directly tied to the current conflict escalation. The full write-ups are here:

Report 1: AI, the Iran-US Conflict, and the Threat to US Critical Infrastructure
https://www.cloudsek.com/blog/ai-the-iran-us-conflict-and-the-threat-to-us-critical-infrastructure

Report 2: Threat Actor Landscape Assessment of ICS/OT Targeting in the 2026 Iran-US Conflict
https://www.cloudsek.com/blog/a-threat-actor-landscape-assessment-of-ics-ot-targeting-in-the-2026-iran-us-conflict-and-the-scale-of-the-risk

Leave a comment »

ESET Opens 2026 Women in Cybersecurity Scholarship Applications Across Canada on International Women’s Day

Posted in Commentary with tags on March 9, 2026 by itnerd

ESET today announced the opening of applications for its Women in Cybersecurity North American Scholarship, launching on International Women’s Day in alignment with the 2026 theme, #GiveToGain. Now entering its 11th year, the program continues ESET’s longstanding commitment to support and empower women pursuing careers in cybersecurity through financial assistance, mentorship, and community-building.

Originally established in 2016 in the United States and expanded to Canada in 2021, ESET’s Women in Cybersecurity Scholarship was one of the earliest initiatives of its kind in the industry. In Canada alone, the program has awarded more than $50,000 to 14 women, expanding from one $5,000 award in its first year to $15,000 across three scholarships today. Many recipients have gone on to build successful careers in cybersecurity and technology.

The need for continued action remains clear. According to the most recent (ISC)² Cybersecurity Workforce Study, approximately 22% of the global cybersecurity workforce is comprised of women, a sign of gradual progress but continued underrepresentation across the industry. In Canada, women account for 21.2% of cybersecurity professionals, underscoring the need for initiatives to expand access and strengthen the talent pipeline. As emerging technologies like AI reshape the threat landscape, a diversity of perspectives is critical to developing ethical and effective solutions.

For the 2026 application cycle, ESET Canada will award three $5,000 awards to applicants demonstrating strong technical aptitude, leadership potential, and a commitment to cybersecurity.

DETAILS AND HOW TO APPLY

Applications are now being accepted for the 2026 round and submissions must be received by 11:59 p.m. PT April 8, 2026. Applicants can learn more about the scholarships and submit their application by visiting ESET’s dedicated webpages. If you’re a Canadian student, apply here. Questions? Email us at CA-scholarship@eset.com [Canada-only inquiries] with any questions.

Leave a comment »

Ubitium tapes out universal processor to end embedded computing complexity crisis

Posted in Commentary with tags on March 9, 2026 by itnerd

Ubitium today announced the tape-out of its first silicon on Samsung Foundry’s 8nm process. The tape-out was completed in December 2025. The chip is the first universal RISC-V processor to replace the stack of specialized processors used in modern embedded systems.

Embedded computing, a $115 billion market, has reached a breaking point. Cars once ran on one processor; today’s vehicles contain more than 200, each with its own toolchain, software stack and supplier. Performance is no longer the only limiting factor. Complexity is. As AI workloads move into robots, drones, and industrial machines, this complexity becomes unsustainable.

Ubitium builds on RISC-V, the open-source architecture already used in billions of chips worldwide and extends it beyond a conventional CPU. Its universal processor runs Linux and RTOS simultaneously, handles radar and audio signals in real time, and executes neural networks for inference at the edge, without separate accelerators or coprocessors. Full RISC-V software compatibility preserved. 

Ubitium does for embedded compute what software-defined radio did for wireless: replaces fixed-function hardware with one reconfigurable silicon. The result: embedded systems that ship faster, cost less, and have long product lifecycles.

Ubitium is working with Samsung Foundry, Siemens Digital Industries Software and ADTechnology as it advances toward production silicon.

Ubitium’s founders have spent decades building programmable architectures and the software stacks that unlock them at scale. CTO Martin Vorbach created PACT XPP, an early commercial reconfigurable processor, and holds 200+ processor-architecture patents. The core team combines deep industry experience from Intel, Texas Instruments, Apple and NVIDIA, with 350+ peer-reviewed publications.

The tape-out validates the foundational components of Ubitium’s architecture: the Universal Processing Array with runtime reconfiguration and LPDDR5 memory interface. A second tape-out is targeted for later this year, with volume production in 2027.

Technical Notes

  • Workload coverage: Ubitium’s universal processor spans general-purpose computing, real-time signal processing, and massively parallel AI inference on a single die; in a homogeneous architecture
  • Software stack: Full Linux and RTOS support, standard RISC-V toolchains, and compatibility with modern software frameworks. No need for proprietary languages or vendor-specific compilers.
  • Target applications: Radar and multi-sensor signal chains, real-time audio and voice, computer vision, edge AI, automotive cockpits, industrial HMI.
  • Runtime adaptability: The Universal Processing Array shifts execution mode at runtime (CPU, DSP, GPU, parallel accelerator) without context-switch penalty or external offload.
  • System consolidation: One processor, one toolchain, one qualification cycle. Reduces BOM cost, board complexity, and supplier dependencies across product lifecycles.

Leave a comment »

Today Is International Women’s Day

Posted in Commentary on March 8, 2026 by itnerd

International Women’s Day 2026 is being celebrated today under the theme “Give To Gain,” emphasizing support, collaboration, and gender equality. Since this is a tech blog, I reached out to a pair of women in tech to get their views on this important day.

Margaret Hoagland, VP, Global Sales & Marketing, SIOS Technology

“On International Women’s Day, we honor the courage of women like Anita Hill, Ruth Bader Ginsburg, and Malala Yousafzai—whose bravery and sacrifice reshaped the future for women everywhere. Their leadership expanded rights, opportunity, and voice. But progress is not permanent. Without our continued vigilance and action, the gains they fought for can be eroded. Let us honor their legacy not only with words, but with sustained action to protect and advance equality for the next generation.”

Betsy Doughty, Vice President of Partner Marketing, Hammerspace

Gender equality advances when we choose to build it – deliberately, consistently, and together. Throughout my career, whether leading employee resource groups, running WILD (Women Inspiring Leadership Development), mentoring women at CU Leeds, or learning from mentors myself, I’ve seen that progress doesn’t happen by accident; it happens through intentional connection. The theme Give to Gain reflects what I’ve experienced firsthand: when we give time, advocacy, and opportunity, we gain perspective, growth, and stronger communities in return. What I’ve experienced firsthand is that when we give time, advocacy, and opportunity, we gain perspective, growth, and stronger communities in return. Nowhere is that more evident than in mentorship and networking, and particularly women learning from other women.

Mentorship changed everything for me. Early in my career, mentors recognized my potential before I could articulate it myself. They listened, advocated, and created opportunities that altered my trajectory. They showed me that great mentors don’t hold talent in place – they help it move forward. Over time, I stepped into mentoring roles of my own, offering guidance, opening doors, and supporting women at pivotal moments in their careers. What surprised me most was how much I gained in return: clarity, self-reflection, fresh perspective, and the privilege of watching confident, capable leaders emerge. You don’t need to be at the peak of your career to mentor; you simply need to share what you’ve learned so far.

Networking plays a similarly powerful role. For women, especially, access to networks builds visibility, confidence, and a sense of belonging. Creating intentional spaces for connection fosters shared language around growth and leadership, turning individual success into collective momentum. For me, Give to Gain is not an abstract idea—it’s a lived experience. Every time we choose to lift one another as we climb, we strengthen not just individual careers, but the foundation for lasting gender equality.

Leave a comment »

CloudSEK Identifies 40,000+ Exposed US Industrial Systems Vulnerable to AI-Assisted Recon as Iranian-Aligned Groups Mobilise

Posted in Commentary with tags on March 6, 2026 by itnerd

CloudSEK researchers have documented how artificial intelligence has fundamentally collapsed the barrier to targeting industrial control systems, compressing what once required weeks of specialist knowledge into a five-minute reconnaissance workflow. 

The findings come as the 28 February 2026 US-Israel strikes against Iran triggered the largest single-event activation of Iranian-aligned cyber actors ever documented, with over 60 hacktivist groups mobilising within hours – many without deep ICS expertise, but now equipped with AI tools that make that expertise unnecessary.

Key Findings

  • CloudSEK identified 40,000+ internet-exposed US industrial control systems immediately discoverable using AI-assisted reconnaissance – and confirmed that a passive five-minute workflow using free tools can identify live devices, retrieve default credentials, map accessible interfaces, and enumerate CVEs without authenticating to or probing a single system.
  • OpenAI confirmed in October 2024 that Iranian-affiliated actors (CyberAv3ngers) used ChatGPT to conduct ICS reconnaissance, querying default credentials for industrial devices, generating Shodan search strings, and requesting automation scripts – one of the first documented use of a commercial LLM by a state-affiliated actor against critical infrastructure.
  • More than 60 Iranian-aligned hacktivist groups mobilised within hours of the 28 February 2026 strikes. The death of Supreme Leader Khamenei disrupted IRGC command structures, removing the political constraints that historically governed Iranian cyber targeting. Proxy and hacktivist groups now operate without accountability for civilian harm.
  • US government reporting confirms 75+ US ICS devices were compromised in campaigns linked to the same threat ecosystem, including 34+ in the Water and Wastewater sector. The 2023 Aliquippa water plant compromise – forced onto manual operations by a default password – is the documented template these groups are replicating.
  • Internet exposure across OT and ICS environments is worsening: 35% year-on-year growth in exposed systems and a 160% surge in Unitronics port 20256 exposure, despite two years of CISA advisories following the Aliquippa attack (ReliaQuest, H1 2025).

Why This Matters

The real shift is not in malware sophistication. It is in speed, scale, and accessibility. AI is enabling less technically mature actors to perform ICS reconnaissance that once required years of specialist knowledge.

 In a conflict environment where over 60 groups are simultaneously activated and seeking accessible targets, AI compresses the cycle from intent to impact.

CloudSEK researchers reproduced the AI-assisted reconnaissance chain as a passive research exercise, mirroring the confirmed methodology. Following the same process, researchers identified multiple live instances of unauthenticated, internet-exposed ICS systems with direct operational impact potential. 

CloudSEK notes that the passive nature of this research, standard HTTP requests against publicly indexed systems, is indistinguishable from what a threat actor would perform.

The cyber fallout from the Iran-US conflict is not limited to advanced state-linked operators. Loosely aligned hacktivists and proxy actors can now use AI-assisted workflows to identify and prioritise exposed industrial assets in real time, increasing the risk of opportunistic disruption to water treatment, energy distribution, fuel management, and manufacturing operations.

The same 28 February window also saw OpenAI confirm a partnership with the US Department of Defense, triggering a 295% spike in ChatGPT app uninstalls (Sensor Tower via TechCrunch). As commercial AI platforms face governance pressure around military use, threat actors migrate to unconstrained alternatives. The safety guardrails that limited CyberAv3ngers on ChatGPT in 2024 are a floor, not a ceiling.

Immediate Defensive Priorities

CloudSEK recommends that organisations urgently:

  • Remove ICS management interfaces from the public internet immediately and place them behind VPN. This single action eliminates the AI-assisted passive reconnaissance attack path entirely.
  • Change default credentials on all deployed ICS devices. The Unitronics default password 1111 is in a vendor manual, in CISA Advisory AA23-335A, and in active use on internet-exposed devices today.
  • Block industrial protocol ports at the perimeter: TCP 20256, 102, 502, 44818, 1911 and UDP 47808 have no legitimate reason to be directly internet-accessible.
  • Audit all third-party remote access to OT environments. IT managed service providers with tools on OT networks are confirmed entry points for supply chain attacks.
     

CloudSEK’s findings are based on passive reconnaissance of publicly indexed information and exposed web interfaces, without logging into or actively probing any system.

You can read the research here: AI, the Iran-US Conflict, and the Threat to US Critical Infrastructure | CloudSEK

Leave a comment »

The Company Reviewing Meta Glasses Footage Has a Security Problem

Posted in Commentary with tags on March 6, 2026 by itnerd

Mike Bell, Founder and CEO of Suzu Labs, has just published the research blog “The Company Reviewing Your Meta Glasses Footage Has a Security Problem.” 

“Last week, Swedish journalists revealed that Meta sends video footage from Meta Ray-Ban smart glasses to human data annotators at Sama, a San Francisco-based outsourcing company that runs its annotation workforce out of Nairobi, Kenya. Workers described seeing footage of people in bathrooms, bedrooms, and intimate situations. The UK’s Information Commissioner opened a probe. The story dominated privacy news for days,” Bell said.

“Nobody asked the obvious follow-up question. How secure is Sama? We did. And the answer isn’t reassuring.”

Sama Credential Exposure on the Dark Web: Suzu Labs ran dark web intelligence against Sama’s corporate domain (sama.com) using its threat intelligence platform. Within the last 90 days alone, Suzu Labs identified 118 credential entries tied to sama.com circulating across Telegram channels, underground forums, and breach databases. The results were alarming, including the fact that eighty-three of the entries included plaintext passwords.

Suzu Labs research reveals just how shaky Sama’s current (December 2025-Feb. 2026) security posture is. “Most of these credentials didn’t come from some third-party breach where Sama employees happened to have accounts. Roughly 87% came from info-stealer malware logs. That means malware was running on machines used by people with sama.com email addresses, pulling credentials and session tokens directly off the endpoint. The stealer takes everything on the machine. It doesn’t filter by importance.”

The research also evaluates risks to AI training data and other Sama clients, and offers recommendations – for Meta, for Sama, and for every organization.

The Company Reviewing Your Meta Glasses Footage Has a Security Problem: https://suzulabs.com/suzu-labs-blog/the-company-reviewing-your-meta-glasses-footage-has-a-security-problem

Leave a comment »

2015 vs. 2025: How password habits have evolved over the past 10 years

Posted in Commentary with tags on March 6, 2026 by itnerd

ExpressVPN has published an article on the evolution of password security over the past 10 years. Cybersecurity researcher Jeremiah Fowler has published an analysis of part of the data from the recent 149 million credentials leak on the ExpressVPN blog, comparing current password habits with those from a decade ago.

During this research, Jeremiah noted some interesting and concerning findings:

  • Only 15% of the passwords from 2025 could be classified as complex.
  • 85% of current passwords typically contain known patterns from prior breaches or password-guessing models.
  • It’s still common for people to reuse passwords across multiple accounts.

Jeremiah published his detailed report on the ExpressVPN blog here: https://www.expressvpn.com/blog/password-security-2015-vs-2025/

Leave a comment »

Cloud Misconfigurations vs Vulnerabilities: What’s the Difference?

Posted in Commentary with tags on March 6, 2026 by itnerd

Uzair Gadit, Founder & CEO of Dubai-based Secure.com, has just published “Cloud Misconfiguration vs Vulnerability: What’s the Difference? Most cloud breaches aren’t hacks — they’re open doors you forgot to close.“.

The brief post equates mis-configurations. versus vulnerabilities as analogous to open doors versus broken locks.

 “Most IT teams treat every cloud security issue the same way. A new CVE drops? Patch it. But what about the S3 bucket someone left public last Tuesday? That doesn’t show up in a CVE database. It shows up in a breach report.

“Cloud environments are not static. Every new service spun up, every new developer onboarded, every shortcut taken under deadline pressure is a chance for a setting to go wrong. The confusion between misconfigurations and vulnerabilities is costing companies millions — not because they don’t care, but because they’re solving the wrong problem,” Uzair said.

He notes that most security budgets are built around patch management which makes sense on prem, but in the cloud is the wrong playbook.

Uzair offers specific vendor neutral recommendations and key takeaways:

  • A leading analyst organization estimates 99% of cloud security failures come from misconfigurations — not software bugs.
  • Misconfigurations are easier to exploit. No hacking skills required. A Google search can find an exposed S3 bucket.
  • Shadow IT and cloud sprawl cause “configuration drift”, i.e. settings that slowly become unsafe as environments grow.
  • The fix is a mix of automated audits (CSPM tools), least-privilege access, and shift-left security in your CI/CD pipeline.

Cloud Misconfiguration vs Vulnerability: What’s the Difference? Most cloud breaches aren’t hacks — they’re open doors you forgot to close: https://www.secure.com/blog/cloud-misconfiguration-vs-vulnerability

Leave a comment »

Women Funding Women Launches the Be Bold Challenge to Turn The Wealth Transfer into Economic Power

Posted in Commentary with tags on March 6, 2026 by itnerd

On International Women’s Day 2026, under the global theme Give to Gain, Women Funding Women Inc. (WFW) is pleased to announce the launch of The Be Bold Challenge, anchored by a strategic framework known as the Three Cs, designed to move Canadian women from wealth ownership to economic power.

Over the next decade, women in Canada will control close to $4 trillion in financial assets, nearly half the nation’s wealth. This is part of an estimated $124 trillion global wealth transfer underway. This historic shift presents a rare opportunity to reshape who builds, leads, and scales Canada’s innovation economy.

Yet a stark contradiction remains.

Despite women founding roughly one in five new businesses, women-led ventures continue to receive less than 4%, and often closer to 2%, of venture capital funding.

The Be Bold Challenge: Introducing the Three Cs

As part of International Women’s Day 2026, WFW is formally introducing the Three Cs as the strategic foundation of The Be Bold Challenge:

Changing the Paradigm
When women back women, we don’t just close the funding gap, we redefine who gets to build, lead, and scale the next generation of companies. This is a call for women to step forward as capital decision-makers and lead boldly at a moment when leadership matters.

Creation of Wealth
Women must move away from fear of risk and toward calculated risk-taking. Women may take more time to make investment decisions, but once committed, they are persistent and thoughtful, qualities that are financial strengths. Venture investing is a legitimate path to prosperity, and women must fully participate in the wealth creation men have benefited from for generations.

Collective Collaboration
Systemic change does not occur in isolation, it is built through deliberate, collective action. When we widen our networks, normalize women as both founders and funders, and create trusted spaces where women can pitch, invest, mentor, and champion one another, collaboration moves from conversation to capital deployment. In that environment, collective collaboration becomes not just supportive – but catalytic – driving change in the economy.

At the same time, durable transformation requires inclusive partnership. Engaging male allies and champions strengthens the ecosystem, expands access to capital and influence, and reinforces that closing the funding gap is not a women’s issue, it is an economic imperative.

Founder Capital in Action

In keeping with the principles of the Three Cs, the three co-founders of WFW and their Advisory Council are publicly disclosing a selection of women-led Canadian ventures in which they are personally invested, demonstrating leadership by example and reinforcing that angel investing is a disciplined asset class, not a symbolic gesture.

To learn more about the Be Bold Challenge and see a list of companies members of Women Funding Women are invested in visit https://womenfundingwomen.ca.

Leave a comment »

Iran–US Escalation Heightens Risk to Industrial Systems: CloudSEK

Posted in Commentary with tags on March 5, 2026 by itnerd

CloudSEK today released a threat landscape assessment warning that more than 60 hacker groups mobilised within hours of the February 28, 2026 Iran–US military escalation — and that tens of thousands of US industrial control systems remain directly reachable from the internet, many with no authentication beyond a factory-default password.

The report, “A Threat Actor Landscape Assessment of ICS/OT Targeting in the 2026 Iran–US Conflict,” identifies a two-tier threat ecosystem: nation-state APTs pre-positioned inside US networks for years, and a fast-expanding pool of state-backed hacktivist proxies that need nothing more than an exposed device and a motivation to cause national-headline disruption. 

CloudSEK’s report finds that the industrial attack surface remains exposed at scale. In the United States alone, researchers identified approximately 182.2K internet-exposed industrial and automation-related assets (including both live and historically observed systems). Many of these were found to be actively reachable and exposed without authentication.

The exposure is not limited to the U.S.: Israel recorded around 104.9K such assets, while the United Kingdom showed roughly 88.8K exposed assets. CloudSEK notes that these listings represent industrial or automation-related devices observed on the public internet, underscoring the scale of potential targeting during periods of geopolitical escalation. 

Key highlights from the report

  • Rapid mobilization after escalation: CloudSEK observed a sharp rise in hacktivist and proxy activation following February 28, increasing the volume of actors scanning for high-visibility infrastructure targets.
  • Exposure at scale across industrial protocols: The report identifies large volumes of internet-reachable industrial services in the US, across widely used ICS/OT and automation protocols and platforms — indicating that many operational environments remain discoverable from the public internet.
  • Three primary routes from discovery to impact:
    1. Direct access to exposed industrial interfaces (often enabled by weak/default credentials)
    2. Phishing and compromise of OT-adjacent users and vendors (engineering workstations, operators, third-party access)
    3. Enterprise IT compromise followed by lateral movement into OT, allowing adversaries to pre-position access and activate during crisis windows
  • Basic weaknesses continue to enable real-world compromise: The report underscores that industrial incidents often stem from long-standing issues — internet exposure, unsecured remote access, and default credentials — rather than rare, highly advanced exploits.
  • Operational risk is physical by design: Unlike purely digital attacks, ICS/OT compromise can affect physical processes, making disruption potentially immediate and safety-relevant.

Why default access and exposed interfaces remain a critical risk

CloudSEK’s assessment notes that many industrial environments remain vulnerable because exposed devices and interfaces can be identified quickly through standard internet scanning. In such cases, attackers may not need to exploit software vulnerabilities — they only need to find an exposed system and gain access using weak or default authentication.

This dynamic becomes more dangerous during periods of escalation, when some actors prioritise visibility and disruption over stealth.

Recommended actions for operators and defenders

CloudSEK urges critical infrastructure owners and operators to prioritise immediate, practical defensive measures:

  • Remove ICS/OT management interfaces from the public internet wherever possible; enforce VPN-only access for remote operations
  • Eliminate default credentials and strengthen authentication on industrial devices and management consoles
  • Restrict industrial protocol exposure at the perimeter and shut down unnecessary remote-access services
  • Audit and limit third-party remote access into OT environments (MSPs/RMM tools, vendor pathways)
  • Improve monitoring and logging in OT-adjacent environments to detect unauthorised access and lateral movement early

Leave a comment »

« Older Entries
Newer Entries »