The IT Nerd

Comparitech is reporting that the cybercriminal group Anubis today claimed responsibility for a data breach at Singing River Health System in Jackson County, MS. Singing River last month notified 53,888 people of a December 2025 data breach that compromised names, SSNs, bank account info, medical info, health insurance info, treatment and diagnostic info, and more. 

Commenting on this news is Rebecca Moody, Head of Data Research at Comparitech: 

“Anubis’s proof pack for this claim is a disturbing one, with intimate and graphic images of patients and their surgeries/injuries. This just serves as a stark reminder of the level these cybercriminals will stoop to in order to try to secure a ransom payment. While we don’t know whether or not Singing River negotiated with Anubis or not, the fact that Anubis has come forward just as SRHS has started issuing notifications suggests negotiations could have failed and Anubis is carrying out its threat.”

Mark my words. This is the first of many attacks that we will see from Anubis. The proof pack is the big hint that there is more to come.

Instagram has resolved a security issue that allowed several users’ accounts to get hacked. The attack appeared to rely on tricking Meta’s own AI-powered support chatbot into granting access to a victim’s account. The compromised accounts include the Instagram handle for the Obama-era White House, which appears to have been inactive since 2017; and the account of the U.S. Space Force’s chief master sergeant John Bentinvegna.

Commenting on this news is Dan Moore, Sr. Director, CIAM Strategy & Identity Standards atFusionAuth: 

“This is a great illustration of why AI agent authorization is the harder, and more critical, problem than authentication. Meta’s bot verified nothing about who was asking; it just helpfully did what it was told to do, up to and including sending the attacker email a confirmation code to make sure the new email address was valid. The industry is pretty focused on keeping AI from saying bad things. That’s fine, as long as we don’t completely overlook whether AI should be allowed to do what it’s trying to do.”

While AI can go both ways, we need to focus on what it can do. And focus on what it can’t do.

It is being reported that Iranian hackers were responsible for a disruptive computer breach in March that forced Los Angeles’ transit system to shut down parts of its network.

More details can be found here: https://gambit.security/blog-posts/babil-of-minab-iran-mois-destruction-campaign

Commenting on this news is Ensar Seker, CISO at SOCRadar: 

“This incident reflects a broader shift we are seeing in Iranian cyber operations: the growing willingness to combine espionage, disruption, and psychological impact in a single campaign. Transportation systems are particularly attractive targets because even limited operational disruption can generate immediate public visibility, media attention, and pressure on local governments. In this case, the theft of hundreds of gigabytes of internal data alongside network disruption suggests the attackers were not simply conducting intelligence collection, but also positioning themselves for coercive influence and operational impact.

What is especially concerning is the targeting profile. Public transit environments are highly interconnected ecosystems that depend on legacy infrastructure, third-party vendors, operational technology, and real-time communications systems. That creates multiple attack paths for adversaries linked to state-sponsored ecosystems such as Iran’s MOIS-affiliated actors. Even if attackers do not directly impact train operations or safety systems, disruption to scheduling, internal communications, identity systems, or maintenance platforms can still create significant operational paralysis.

Organizations should also pay attention to the data exposure aspect of this incident. The theft of backups, emails, and internal documentation can create long-term downstream risks including follow-on phishing campaigns, extortion attempts, infrastructure mapping, and targeting of employees or contractors. Many organizations still treat operational disruption and data theft as separate problems, but modern state-aligned actors increasingly combine both into multi-stage campaigns.

This attack also reinforces an important geopolitical reality: regional conflicts increasingly spill into civilian digital infrastructure outside the immediate conflict zone. Transportation, healthcare, energy, and municipal services are becoming symbolic and strategic targets for adversaries seeking asymmetric pressure without crossing traditional military thresholds.”

The ability to set up shop and conduct activities that takes weeks and months isn’t good. Thus it should be one more thing that organizations should watch out for when conducting counter surveillance.

It is being reported that US officials suspectIranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states. They exploited automatic tank gauge (ATG) systems that were sitting online with unprotected by passwords, allowing them to intefere with display readings on the tanks but not the actual levels of fuel in them.

CNN has the story here: https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations

Lieutenant General Ross Coffman (U.S. Army, Ret.), who currently serves as President of Forward Edge-AI, provided the following comments:

“This cyber attack should come as no surprise.  I cannot confirm if these cyber terrorists are Iranian, Iranian proxies, or another nefarious actor. However, I can confirm that the weakest link will always be exploited by our advisories. They will target every chink in our cyber armor.  his is happening daily and we still live in a pre-quantum world.  Post-quantum will be 1000x worse.  The time to get ready is now!“

Strangely, I am not at all shocked about this. This is another example of infrastructure being targeted by threat actors. And it will keep happening until organizations wake up and take the threat seriously.

Threat actors earlier today published more than 600 malicious packages to the npm index as part of a new Shai-Hulud supply-chain campaign. Most of the affected packages are in the @antv ecosystem, which includes libraries for charting, graph visualization, building flowcharts, and mapping.

Commenting on this news is Dan Moore, Sr. Director, CIAM Strategy & Identity Standards at FusionAuth:

“In the OIDC/OAuth security model, tokens are short-lived by design. OIDC assumes you authenticate for a specific operation and the token expires in a timely fashion. That’s what’s supposed to happen but in practice many CI/CD pipelines and services don’t yet use these.

What is scary about this attack is that OIDC tokens were abused and used to submit artifacts to Fulcio and Reko, core components of the Sigstore project. The Sigstore project is an ecosystem for signing/verifying software and is used by projects like Kubernetes and PyPI.

This latest Shai-Hulud attack is more dangerous than the previous TanStack breach. Previously, valid provenance attestations required hijacking the legitimate CI/CD pipeline. The attacker needed the real workflow to run, which is a significant effort. Now the malware generates Sigstore attestations directly from stolen OIDC tokens, without the pipeline at all. This is an attack on the root of supply chain security. Provenance verification no longer tells you what you think it tells you.

Unfortunately, short-lived OIDC tokens don’t solve everything. The real gap here is that “this package was built by the expected pipeline” became conflated with “this package is trustworthy.” Closing that gap requires things like:

• Verifying the build configuration hasn’t changed (not just that the build ran)
• Checking commit signatures and authorship against expected maintainers
• Detecting orphan commits from deleted forks
• Pre-install script sandboxing
• Consumer-side policy that doesn’t treat supply chain frameworks like SLSA as ground truth without considering the entire picture”

This example shows you just how important “trust but verify” is. That sort of thing worked for Ronald Regan. It should work for you as well.

Attackers began targeting the PraisonAI vulnerability almost immediately after disclosure, showing how quickly threat actors are shifting toward AI frameworks and agentic tooling as viable attack surfaces. The speed of exploitation reflects a broader reality: many AI platforms are being deployed into enterprise environments before organizations fully understand their exposure, visibility gaps, or how these systems interact with sensitive internal infrastructure.

Gidi Cohen, CEO & Co-founder, Bonfy.AI

“Less than four hours after CVE-2026-44338 was disclosed, attackers were already probing PraisonAI’s unauthenticated agent endpoints. The patch is straightforward: upgrade to 4.6.34. But the harder question deserves attention.

PraisonAI is a multi-agent framework. When authentication is stripped away, what’s exposed isn’t just an endpoint; it’s every workflow those agents are configured to run, and every piece of sensitive data flowing through them. As Sysdig noted, “the impact ceiling is whatever that workflow is allowed to do.”

Most AI agent security conversations focus on configuration: what agents exist, what tools they can call, and whether auth controls are in place. Those questions matter. But they miss the data layer entirely, with sensitive content moving continuously between data sources, LLM providers, MCP servers, and output channels at runtime.

That’s where the real exposure lives. And right now, for most organizations, it’s almost entirely unexamined.

Patch immediately. Then ask: if an attacker had triggered your agent workflows before you patched, would you have known what data moved, and whether it should have?

All I have to say is welcome to our new reality where flaws are weaponized faster than they ever have before.

Foxconn, the world’s largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack by the Nitrogen ransomware operation earlier this week which stole 8 TB of data and more than 11 million documents.

Adrian Culley, Senior Sales Engineer, SafeBreach:

Adrian has extensive global cyber investigations experience, including technical roles at SafeBreach, Trellix, Palo Alto Networks, Norse, and the London Metropolitan Police Service. 

“The Foxconn incident is the latest reminder that the boundary between IT compromise and operational disruption has effectively disappeared. A ransomware crew using commodity techniques — malvertising, DLL sideloading, Cobalt Strike — was able to disrupt production at one of the world’s most sophisticated manufacturers and walk away claiming 8 TB of customer-sensitive technical data.

The Nitrogen group’s tradecraft is not novel. It is documented, mapped to MITRE ATT&CK, and within the capability of every mature security program to detect. The question every CISO should be asking this week is not “are we patched?” — it is “have we validated that our controls actually stop this chain, end to end, in our environment?”

This is the gap that Continuous Threat Exposure Management (CTEM) is designed to close, and that Adversarial Exposure Validation (AEV) — the validation layer of CTEM — exists to answer with evidence. Knowing you have an EDR is not the same as knowing it catches Nitrogen’s loader. Knowing you have backups is not the same as knowing your ESXi estate would survive an encryptor that, in Nitrogen’s case, destroys data even when the ransom is paid.

The lesson of Foxconn is not that ransomware is getting more sophisticated. It is that assumed that security is no longer good enough. Validation is.”

 Rebecca Moody, Head of Data Research at Comparitech: 

“This attack highlights why manufacturers remain a key target for ransomware groups. Through this attack, Nitrogen not only caused disruption to certain Foxconn systems but also stole vast quantities of data (if the allegations of 8 TB of data theft are true). Therefore, Nitrogen has two chances of receiving a ransom — one for decrypting the systems and the other for deleting said stolen data.

Manufacturers might not always be in possession of vast quantities of personal data but they’ll often have data that, if leaked, could have a significant impact on their operations and/or clients. The fact that Foxconn works with such high-profile brands only works to add pressure to the company to pay the ransom to prevent said data from being published.

So far this year, hackers have claimed over 600 attacks on manufacturers with 55 companies confirming these attacks. Where figures are available, the median ransom across these attacks has been $400,000.”

Ransomware attacks are completely out of control at the moment. And nobody is safe given that even Foxconn isn’t safe. This is not a good situation and this needs to change and change quickly.

Education technology firm Infrastructure, best known for its widely used learning management platform Canvas, confirmed that it was the victim of a data breach. Yesterday, the ShinyHunters cybercrime group claimed they stole 3.65 terabytes of data from more than 9,000 schools.

We are providing an update on the security incident we advised you of yesterday. While our investigation continues alongside our outside forensics experts, at this stage we believe the incident has been contained.

Here are the steps we have taken since we became aware of the incident. We have:
– Revoked privileged credentials and access tokens associated with affected systems
– Deployed patches to enhance system security
– Out of an abundance of caution, we rotated certain keys, even though there is no evidence they were misused
– Implemented increased monitoring across all platforms

While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions.

Brian Bell, CEO of customer identity and access management platform FusionAuth:

“This is the uncomfortable truth for edtech: student data now moves through a sprawling web of identity systems, APIs, and third-party integrations. Instructure has not confirmed how the attackers got in, but its response shows where the risk had to be contained, privileged credentials, access tokens, and application keys. In edtech, credential governance is student data protection.”

Ensar Seker, CISO at threat intel company SOCRadar:

“The disruption tied to API keys is a strong indicator that identity and access management, not just perimeter security, was the real failure point. When privileged tokens or API credentials are exposed, attackers can bypass traditional defenses and operate as trusted entities. In environments like Instructure’s Canvas, where integrations and automation are core, this creates a high-impact blast radius very quickly.

“The involvement of ShinyHunters and claims of access to a Salesforce instance suggest this may be more than a single-system breach, it points to lateral movement across SaaS ecosystems. Organizations often underestimate how interconnected these platforms are; once attackers gain a foothold, misconfigured integrations and over-permissioned tokens allow them to pivot and aggregate data at scale. Even if highly sensitive fields like financial data or government IDs were not exposed, the combination of names, emails, student IDs, and communications still creates long-term risk. This type of dataset is extremely valuable for phishing, identity correlation, and social engineering campaigns, especially in education, where users are less likely to question trusted platforms.

“The key lesson here is that revoking credentials after the fact is necessary but not sufficient. Organizations need continuous monitoring of API behavior, strict token lifecycle management, and least-privilege enforcement across all integrations. In modern breaches, it’s not just about how attackers get in, it’s about how long they can operate undetected using legitimate access.”

This likely won’t end well in the long term as ShinyHunters is involved. They are on a tear as of late with no end in sight to their spree of hacking anything within their reach.