Podcasts
CyberWire Daily
Ep 2551
The CyberWire Daily Podcast 5.13.26
Ep 2551 | 5.13.26

Every layer needs a patch now.

Show Notes
Transcript

Patch Tuesday. Global agencies update SBOM guidance. Iran-linked espionage group Seedworm breached a major South Korean electronics manufacturer. A telehealth platform breach affects 716,000. Foxconn confirms a cyberattack. Maria Varmazis has an update on orbital data centers. A lawmaker questions surveillance pricing. Brandon Karpf, friend of the show, is talking with Dave about "Japan’s space systems face growing cybersecurity threats." Robotic lawnmowers on the cutting edge.

Today is Wednesday May 13th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Patch Tuesday.

This month’s Patch Tuesday landed in four major categories: enterprise software, infrastructure and networking, hardware and chipsets, and industrial control systems. Microsoft led the cycle with fixes for 137 vulnerabilities, including multiple flaws marked “exploitation more likely.” Adobe, Zoom, Fortinet, and Ivanti also released high-severity patches affecting collaboration platforms, networking appliances, and remote access tools.

In enterprise software, Microsoft patched two Word remote code execution flaws that researchers say could trigger through the Preview Pane alone. Adobe addressed 52 vulnerabilities, including critical code execution bugs in Adobe Connect and Commerce. Infrastructure vendors Fortinet and Ivanti resolved critical flaws affecting authentication systems, sandboxes, and endpoint management platforms.

On the hardware side, Intel and AMD published more than two dozen advisories covering 70 vulnerabilities. Several flaws could lead to privilege escalation, denial-of-service, or arbitrary code execution in drivers, firmware, and cloud acceleration platforms.

Industrial control system vendors Siemens and Schneider Electric also issued critical advisories affecting programmable logic controllers, industrial web servers, and energy management systems. Siemens separately warned that one Ruggedcom product is exposed to a previously disclosed PAN-OS vulnerability linked in public reporting to suspected Chinese state-sponsored activity.

Patch Tuesday now reaches far beyond desktops and servers. Security teams are increasingly expected to coordinate risk management across cloud services, operational technology, hardware supply chains, and traditional enterprise software at the same time.

Global agencies update SBOM guidance. 

Cyber agencies from the G7 and partner nations have released new guidance defining the minimum elements for software bills of materials, or SBOMs, for artificial intelligence systems. The framework outlines seven categories covering metadata, system properties, AI models, datasets, infrastructure, performance indicators, and security controls. The goal is to help organizations better understand how AI systems are built, trained, and maintained across increasingly complex supply chains.

The guidance stresses that AI SBOMs alone are not enough to secure the AI ecosystem. The authors say the framework should work alongside vulnerability management tools, security advisories, and evolving cybersecurity tooling. Former CISA SBOM lead Allan Friedman noted that several proposed categories may prove difficult to standardize consistently across organizations.

The guidance was jointly published by agencies including CISA, the UK’s National Cyber Security Centre, France’s ANSSI, Germany’s BSI, and partners across the G7 and European Union.

Iran-linked espionage group Seedworm breached a major South Korean electronics manufacturer. 

Researchers from Symantec and Carbon Black say the Iran-linked espionage group Seedworm breached a major South Korean electronics manufacturer in February 2026 as part of a wider campaign targeting at least nine organizations across government, manufacturing, education, and financial sectors worldwide. The attackers abused legitimate signed binaries from Fortemedia and SentinelOne to sideload malicious code and evade detection.

The operation relied on Node.js-delivered PowerShell scripts for reconnaissance, screenshot capture, credential theft, privilege escalation, and SOCKS5 proxy tunneling. Researchers observed the group stealing Windows Security Account Manager, or SAM, hives and exfiltrating data through the public file-sharing service sendit.sh. The campaign also showed Seedworm using redundant credential theft tools and public cloud-style infrastructure to blend malicious activity into normal network traffic.

The campaign highlights continued maturation in Iranian cyber espionage tradecraft. Researchers say Seedworm combined legitimate software, stealthier scripting frameworks, and consumer services to reduce visibility and complicate detection for defenders.

A telehealth platform breach affects 716,000. 

Telehealth platform OpenLoop Health says hackers stole personal and medical information belonging to roughly 716,000 individuals during a January 2026 network intrusion. The company says attackers accessed its systems between January 7 and January 8 and removed names, addresses, email addresses, birth dates, and medical data. OpenLoop says Social Security numbers, financial information, and electronic health records were not accessed.

The company disclosed the breach to authorities in March, but the full impact appeared this week on the US Department of Health and Human Services breach portal. OpenLoop says it worked with external cybersecurity specialists, notified law enforcement, and offered affected individuals free identity monitoring.

 

Thanks Dave.

According to IEEE, Los Angeles-based startup Orbital Inc is the latest recipient of venture funding to build data centers in low earth orbit in response to the growing energy demand from AI. The launch of the company's prototype satellite is expected next year, and Orbital says it plans to build a distributed cloud of up to 10,000 satellites, each running an independent GPU server rack to tackle inference workloads, which are less compute-intensive tasks. That means needing less power and generating less heat - good news for the GPUs, because contrary to what you may have heard, space is not cold, it is empty, so getting rid of heat is a massive constraint on the viability of the entire orbital data center concept. The physics aren't slowing the orbital data centers for AI feeding frenzy though, as Cowboy Space Corp, also based in California, just got $275 million in funding for its own all-in-one approach, building the data center directly into the upper stage of its homegrown rocket.  

For the CyberWire daily, I'm Maria Varmazis from T-Minus: Space-Cyber Briefing. Back to you Dave. 

Foxconn confirms a cyberattack. 

Electronics manufacturer Foxconn confirmed a cyberattack affecting some of its North American factories after the Nitrogen ransomware group claimed responsibility online. The company says production continuity measures were activated immediately and affected facilities are now returning to normal operations.

Nitrogen claims it stole roughly 8 terabytes of data, including more than 11 million files tied to projects involving Apple, Nvidia, Intel, Google, and Dell. The alleged haul reportedly includes technical drawings, internal project documents, and confidential instructions. Foxconn declined to confirm whether customer information was compromised. Researchers have previously warned that a flaw in Nitrogen’s ransomware decryptor may prevent victims from recovering encrypted files, even if ransom payments are made.

Foxconn sits deep inside the global technology supply chain, making any disruption or data theft potentially significant for downstream partners and product development.

A lawmaker questions surveillance pricing. 

Representative Frank Pallone of New Jersey has launched an inquiry into whether major retailers are using surveillance pricing techniques to charge customers different prices based on personal data. Letters sent to 25 companies, including Walmart, Target, Amazon, CVS, and Walgreens, ask how customer data is collected and whether artificial intelligence or machine learning systems help determine pricing.

The inquiry follows growing scrutiny of algorithmic pricing practices. Pallone pointed to New York’s new disclosure law requiring companies to notify consumers if AI systems use personal data to set prices. The letter also cites a 2025 Federal Trade Commission report describing how businesses can adjust prices using factors like demographics, geolocation, shopping behavior, and online activity.

Robotic lawnmowers on the cutting edge. 

Security researcher Andreas Makris found a long list of vulnerabilities in Yarbo robotic yard equipment, including flaws that exposed Wi-Fi passwords, GPS locations, camera access, and remote control functions. Makris demonstrated the risk by remotely commandeering his own mower and letting it run him over, which is one way to make a point during vulnerability disclosure.

According to the research, Yarbo devices shared a hardcoded root password and relied on persistent remote-access tunnels users could not disable. Weak protections around MQTT messaging meant access to one robot could potentially expose the broader device fleet. Researchers said attackers could bypass emergency stops, reactivate mower blades, or use compromised devices for local network attacks and botnet activity.

To Yarbo’s credit, the company publicly acknowledged the findings and moved quickly to disable remote tunnels, reset credentials, and begin shifting toward per-device authentication and audited remote diagnostics. Still, the company plans to retain remote access capabilities, albeit with tighter controls. 

 The good news is the company patched the vulnerabilities. The bad news is we now live in a world where “rogue lawn mower incident” sounds technically plausible.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com. 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.