Summary4 min read

Cybersecurity Headlines — May 15, 2026

Host: Steve Prentiss
Episode Theme:
A roundup of significant developments in global cybersecurity, including new G7 guidelines for AI transparency, major software vulnerabilities affecting Windows and Linux, evolving ransomware tactics, legal updates for security researchers, and fresh insights on AI-generated security risks.

1. G7 Releases AI Software Bill of Materials (SBOM) Guidance

[00:12]

Agencies from the U.S., Canada, Japan, Germany, France, Italy, the U.K., and the EU have jointly published the first AI-specific Software Bill of Materials (SBOM) guidance.
- An SBOM is defined as “a detailed, machine readable manifest that catalogs every component, library, dependency, and module incorporated into a software product to provide full transparency into its composition.”
Purpose:
“This document aims to, help public and private sector organizations enhance transparency in their AI systems and supply chains, making it easier to track vulnerabilities and reduce risks.” — Steve Prentiss [00:27]
Significance: Seen as a major step for transparency and risk reduction in the rapidly expanding field of AI.

2. Dell SupportAssist Causing Windows Blue Screen Crashes

[00:46]

Dell confirmed its SupportAssist software is causing random blue screen of death (BSOD) reboots after a surge in user complaints.
- Specifically tied to version 5.5.16.0 of the Dell SupportAssist Remediation service.
Current Resolution: Dell recommends disabling or uninstalling the service as a workaround until a permanent fix is released.

3. Dirty Frag Linux Vulnerability Gets a Sequel: “Fragnesia”

[01:19]

The infamous Linux local privilege escalation vulnerability “Dirty Frag” has resurfaced in the form of a new bug named “Fragnesia.”
- Discovered by researcher Hyun Woo Kim, this is a follow-up to prior vulnerabilities including “copy fail” and original “Dirty Frag.”
- Impact: Allows unprivileged users to gain root access by corrupting page cache memory.
- The bug emerged as an unintended side effect of patches for the original Dirty Frag vulnerability.
Key Quote:
“This Fragnesia bug emerged as an unintended side effect of patches shipped to fix the original Dirty Frag vulnerabilities.” — Steve Prentiss [01:48]

4. Ransomware Campaigns Now Use Threats of Physical Violence

[02:07]

New report from Semperis: As many as 40% of global ransomware attacks in 2025 included threats to physically harm staff who refused to pay ransom.
- U.S. numbers even higher at 46%.
- Attackers leverage stolen PII to threaten individuals using their addresses, SSNs, etc.
- In some campaigns, attackers threaten to damage or manipulate machinery remotely (like robots, conveyor belts), raising the risk of injury or worse.
Threat Actor Profile: FBI notes perpetrators are typically aged 17–25, working for or recruited by financially motivated criminal gangs.

5. UK Proposes Rewrite of Cybercrime Law to Protect Security Researchers

[04:24]

The U.K. government announced plans to update the Computer Misuse Act of 1990.
Reason:
The current law “no longer reflects the realities of modern defensive security work… written before the rise of cloud computing, ransomware gangs, cryptocurrency laundering, and the modern cybersecurity industry.”
Key Quote:
“Researchers and industry groups have argued for years that the law’s broad unauthorized access provisions can create legal uncertainty around legitimate activities such as vulnerability research, penetration testing, and threat intelligence operations.” — Steve Prentiss [04:54]

6. Microsoft on Track for Annual Vulnerability Record

[05:16]

Following the latest Patch Tuesday, Microsoft released fixes for over 130 vulnerabilities, over 500 so far in 2026.
Representatives say increased use of AI tools is leading to a surge in vulnerability discovery across the industry.
Quote from Tom Gallagher, Microsoft Security Response Center VP (via blog):
The company expects vulnerability discoveries and associated patch releases to “continue trending larger.”

7. Microsoft Teams Exploited in New Corporate Breaches by ‘Kong Tookie’

[05:47]

Access broker “Kong Tookie” has been leveraging Microsoft Teams for social engineering attacks.
- Attackers trick users into pasting malicious PowerShell commands, planting a remote access trojan for persistent corporate network access.
- These brokers then sell access to ransomware operators for further exploitation, including file theft and malware deployment.
Tactic: Attackers masquerade as IT or help desk staff via Teams.

8. AI Hallucinations Now a Security Liability

[06:23]

AI “hallucinations” — confident, incorrect responses — are now considered a severe risk, especially as AI is used for critical infrastructure decisions.
Findings:
“According to the Artificial Analysis Organization’s AA OmniScience benchmark, 36 out of 40 AI models tested were found to be more likely to provide a confident incorrect answer than a correct one on difficult questions.” — Steve Prentiss [06:42]
Warning: Every AI-generated response should be treated as a potential vulnerability unless verified by a human.

9. Memorable Quotes & Moments

“A software bill of materials… provides full transparency into its composition.” — Steve Prentiss [00:18]
“This Fragnesia bug emerged as an unintended side effect of patches shipped to fix the original Dirty Frag vulnerabilities.” — Steve Prentiss [01:48]
“Researchers and industry groups have argued for years that the law’s broad unauthorized access provisions can create legal uncertainty around legitimate activities…” [04:54]
“AI… lacks a mechanism to recognize uncertainty, instead generating a most probable response based on patterns in its training data.” — Steve Prentiss [06:32]

10. Timestamps for Key Segments

[00:12] G7 AI SBOM Guidance
[00:46] Dell SupportAssist BSOD Bug
[01:19] Dirty Frag / Fragnesia Linux Vulnerability
[02:07] Ransomware Threats of Physical Harm
[04:24] UK Computer Misuse Act Rewrite
[05:16] Microsoft Vulnerability Record Pace
[05:47] Kong Tookie Microsoft Teams Attacks
[06:23] AI Hallucinations in Security

For More Details

Head to cisoseries.com for the full stories and links to referenced reports (such as the AA OmniScience benchmark).

Host: Steve Prentiss reporting for the CISO Series.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines
[00:07]
B
these are the cybersecurity headlines for Friday, May 15, 2026. I'm Steve Prentiss. G7 countries release AI software bill of materials guidance agencies from the U.S. canada, Japan, Germany, France, Italy and the United Kingdom. The G7, along with European Union countries, have now published the SO software bill of materials for AI. A software bill of materials, or SBoM, is a detailed machine readable manifest that catalogs every component, library, dependency and module incorporated into a software product to provide full transparency into its composition. This document aims to, quote, help public and private sector organizations enhance transparency in their AI systems and supply chains, end quote making it easier to track vulnerabilities and and reduce risks Dell confirms its Support assist software causes Windows Blue screen of death crashes the company has confirmed that this support assist software is causing the crashes on some Windows systems. This follows a flood of user reports about random reboots that have been affecting Dell devices since Friday. Version 5.5.16.0 of the Dell Support Assist Remediation service is responsible for this series of crashes, and the company says it is working towards a resolution. An easy workaround, they say, is to simply disable the Dell Support Assist remediation service, or uninstall it. Dirty Frag 2 Electric Boogaloo its sequel arrives as Fragnesia following up on a story we covered on Tuesday, it appears the Linux kernel vulnerability called Dirty Frag, which itself was a follow up on the copy fail bug, is now returning and as Fragnesia F R A G N E S I A a Linux kernel local privilege escalation flaw. This flaw allows unprivileged users to gain root access by corrupting page cache memory, and it now has its own CVE number. According to researcher Hyun Woo Kim, who discovered Dirty Frag, this Fragnesia bug emerged as an unintended side effect of patches shipped to fix the original Dirty Frag vulnerabilities Ransomware campaigns increasingly turn to threats of physical violence, according to a report from security firm Semperis, in as many as 40% of global ransomware attacks in 2025, the criminals in charge of the attacks threatened to physically harm members of staff who refused to pay their ransom demand. This number is even higher in the US at 46%. This technique is made easy for hackers who often gain access to pii, allowing them to call individuals at work quoting their home addresses, Social Security numbers and other types of personal data. In other cases, the violence is not threatened against people, but against machinery, such as demonstrating their control by turning devices such as robots and conveyor belts on and off, actions that could easily lead to injuries or even death in most cases. According to an FBI report, the hackers who make these threats are young, between 17 and 25 years old, and work for or are recruited by financially motivated gangs. Huge thanks to our sponsor Doppel Social engineering attacks look trustworthy A routine request? An internal email, A familiar face on a call. But Doppel sees through the disguise. Their AI native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. They fight relentlessly to protect your business, brand and people. DOPL outpacing what's next in social engineering? You can learn more@doppel.com that is D O P P E L. UK moves to shield security researchers in cybercrime law rewrite the British government announced on Wednesday its intention to rewrite key cybercrime laws after years of warnings that outdated legislation was hindering security researchers and weakening the country's cyber defenses. End quote. This rewrite would be an update of the Computer Misuse act of 1990, intended to address a long running complaint that its cybercrime law no longer reflects the realities of modern defensive security work. It was written before the rise of cloud computing, ransomware gangs, cryptocurrency laundering and the modern cybersecurity industry. Researchers and industry groups have argued for years that the law's broad unauthorized access provisions can create legal uncertainty around around legitimate activities such as vulnerability research, penetration testing and threat intelligence operations. End quote Microsoft closes in on its own annual vulnerability record, adding to a story covered yesterday regarding Microsoft's M Dash vulnerability tool. It should also be noted that last Tuesday Patch Tuesday, the company issued patches for more than 130 security vulnerabilities, putting it on pace to break its own annual record. Representatives acknowledged that AI tools are driving a surge in vulnerability discovery across the industry. Microsoft has already patched more than 500 vulnerabilities in 2026, and Tom Gallagher, vice president of engineering at Microsoft's Security Response center, said in a blog post the company expects releases to continue trending. Larger Kong Tookie hackers use Microsoft Teams for corporate breaches Initial access broker Kong Tookie has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. This is done by tricking users into pasting a PowerShell command that delivers a remote access trojan. Initial access brokers like Kong Tookie then sell company network access to ransomware operators who use it to deploy file theft and data encrypting malware. A central element to this campaign is cybercriminals, using teams to reach out to company employees, pretending to be it, and help desk staff. AI hallucinations are Creating Real Security Risks AI hallucinations are introducing serious security risks into critical infrastructure decision making by exploiting human trust through highly confident yet incorrect outputs. This highlights a major weakness in AI. Specifically, it lacks a mechanism to recognize uncertainty, instead generating a most probable response based on patterns in its training data. According to the Artificial Analysis Organization's AA OmniScience benchmark, 36 out of 40 AI models tested were found to be more likely to provide a confident incorrect answer than a correct one on difficult questions. As AI takes on a larger role in cybersecurity operations, organizations must treat every AI generated response as a potential vulnerability until a human has verified it. A link to the AA OmniScience report is available in the show Notes to this Episode if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us at feedback@cisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.
[08:16]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.