Transcript
A (0:00)
From the CISO series. It's Cybersecurity Headlines
B (0:07)
these are the cybersecurity headlines for Thursday, May 7, 2026. I'm Sarah Lane. Google Chrome installs 4 gigabyte AI model on devices Computer scientist and lawyer Alexander Hampf reports that recent versions of Google Chrome automatically Download a roughly 4.4Gigabyte Gemini Nano AI model to user devices without explicit consent when default AI features are enabled. He says the file installs silently and can redownload after deletion and at Chrome's scale could generate between 6,000 and 60,000 tons of CO2 equivalent emissions, raising privacy and environmental concerns. HONF argues the behavior may violate privacy laws and and calls for an opt in prompt. Damon Tools Disk app backdoored in supply Chain attack Kaspersky reports that Damon Tools disk imaging app was compromised in a month long supply chain attack starting April 8th with malicious updates signed by the developer. Infecting Windows users who downloaded versions 12.5.0.24.21 through 12.5.0.24 dot34. The malware collects system data and sends it to attacker servers. With thousands of machines across more than 100 countries affected, a subset of organizations received more advanced backdoors capable of executing commands and evading detection. Kaspersky says the attack was highly sophisticated and likely targeted, urging users to scan systems and monitor for suspicious activity. Crypto's decentralized Finance sector hit by investor exodus the Financial Times reports that the defi sector is seeing a sharp investor pullback, with nearly $14 billion withdrawn after two major hacks, including a $290 million exploit tied to North Korean actors that destabilized open source protocol AAVE and triggered a bailout. The attacks exposed structural risks in interconnected DEFI protocols, leaving AAVE with more than $200 million in bad debt and pushing the market down to around $86 billion near a yearly low. Iran cyber snoops still LARPing as ransomware crooks Rapid7 researchers report that an Iranian state linked group, likely muddy water tied to the Iranian Ministry of Intelligence and Security, masqueraded as the Chaos Ransomware Gang to conceal an espionage campaign. The attackers used Microsoft Teams, phishing, social engineering and remote tools to steal credentials, deploy dark comp backdoors and move laterally across networks while staging fake ransomware messages without encrypting files or seeking payment. Rapid7 says the operation was designed to obscure attribution and distract defenders revolution with stolen data ultimately published, suggesting intelligence gathering or pre positioning for future attacks rather than financial motives huge thanks to our sponsor Vanta. Risk and regulation ramping up and customers expect proof of security just to do business. Vanta's automation brings compliance, risk and customer trust together on one AI powered platform. So whether you're prepping for a SoC2 or running an enterprise GRC program, Vanta keeps you secure and keeps your deals moving. Learn more@vanta.com CISO sandbox bug lets attackers execute code on hosts A critical vulnerability in the widely used Node JS sandboxing library. VM2 lets attackers escape the sandbox and execute arbitrary code on the host system. The flaw stems from improper handling of exceptions where webassembly features can bypass JavaScript level protections and exposed host objects, enabling access to sensitive Node JS internals. A proof of concept exploit is available and users are urged to Upgrade to version 3.10.5 or later. New offline CISA initiative for cyber Attacks CISA launched a new initiative called CI Fortify to help critical infrastructure operators maintain operations during cyber attacks by preparing to disconnect from Internet and telecom dependencies and operate in isolation. The guidance emphasizes network segmentation, rapid recovery and resilience, as officials acknowledge that nation state actors like China linked Voltaifun may already be embedded in systems and difficult to remove. New Cisco DOS flaw requires manual reboot Cisco has patched a high severity Denial of Service flaw affecting its crosswork network controller and network Services Orchestrator products. The bug lets unauthenticated attackers remotely exhaust connection resources and crash systems, leaving them unresponsive until a manual reboot is performed. Cisco says there's no evidence of active exploitation, but urges customers to upgrade to fixed versions, noting similar dos flaws have been exploited in past attacks. Arctic Wolf thins out the Pack Arctic wolf laid off 250 employees or less than 10% of its workforce as part of a restructuring to shift more investment towards AI and including its superintelligence platform and agentic SOC offerings. The cuts impacted roles across sales, product and marketing as the company looks to operate more efficiently while competing in the crowded MDR and EDR markets. There's a broader industry trend going on of reallocating resources towards AI driven security capabilities. Remember to join us this Friday for Super Cyber Friday. Our topic is Hacking the End of Compliance with We're going to be digging into the impacts of continuous monitoring on the compliance landscape. It all starts at 1pm Eastern time. Head on over to the events page@cisoseries.com to register and we want you to share the event. If you share the registration link on LinkedIn and tag the CISO series. We will put you in a drawing to win some awesome CISO series swag. We will see you then. If you have some thoughts on the news from today or about our show in general, be sure to reach out to us feedbackisoseries.com we always want to hear from you. I am Sarah Lane reporting for the CISO Series. Stay safe, stay warm and stay cool out there.