A

You're listening to the Cyberwire Network powered by N2K.

B

Maybe that's an urgent message from your CEO. Or maybe it's a deepfake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more. Doppel outpacing what's next in social engineering? Learn more@doppel.com that's D O P E L dot com. We got your Patch Tuesday Update Global Agencies Update SBOM Guidance Iran linked espionage group Seed worm breaches a major South Korean electronics manufacturer A telehealth platform breach affects 716,000 Foxconn confirms a cyber attack Maria Ramazas has an update on Orbital Data centers A lawmaker questions surveillance pricing Brandon Karp is talking with me about Japan's space systems facing growing cybersecurity threats and robotic lawnmowers are on the cutting edge. It's Wednesday, may 13, 2026. I'm dave bittner and this is your cyberwire intel briefing. Thanks for joining us here today. It's great as always to have you with us. This month's patch Tuesday landed in four major categories enterprise software infrastructure and networking hardware and chipsets and industrial control systems. Microsoft led the cycle with fixes for 137 vulnerabilities, including multiple flaws marked exploitation more likely. Adobe, Zoom, Fortinet and Ivanti also released high severity patches affecting collaboration platforms, networking appliances and remote access tools in enterprise software. Microsoft patched two Word remote code execution flaws that researchers say could trigger. Through the preview pane alone, Adobe addressed 52 vulnerabilities, including critical code execution bugs in Adobe Connect and commerce infrastructure. Vendors Fortinet and Ivanti resolved critical flaws affecting authentication systems, sandboxes and endpoint management platforms. On the hardware side, intel and AMD publish more than two dozen advisories covering 70 vulnerabilities. Several flaws could lead to privilege escalation, denial of service or arbitrary code execution in drivers, firmware and cloud acceleration platforms. Industrial control system vendors Siemens and Schneider Electric also issued critical advisories affecting programmable logic controllers, industrial Web servers and energy management systems. Siemens separately warned that one rugged com product is exposed to a previously disclosed Panos vulnerability linked in public reporting to suspected Chinese state sponsored activity. Patch Tuesday now reaches far beyond desktops and servers. Security teams are increasingly expected to coordinate risk management across cloud services, operational technology, hardware supply chains and traditional enterprise software all at the same time. Cyber agencies from the G7 and partner nations have released new guidance defining the minimum elements for software bills of materials or SBOMs, or for artificial intelligence systems. The framework outlines seven categories covering metadata, system properties, AI models, datasets, infrastructure performance indicators and security controls. The goal is to help organizations better understand how AI systems are built, trained and maintained across increasingly complex supply chains. The guidance stresses that AIs bombs alone are not enough to secure the AI ecosystem. The authors say the framework should work alongside vulnerability management tools, security advisories and evolving cybersecurity tooling. Former CISA SBOM lead Alan Friedman noted that several proposed categories may prove difficult to standardize consistently across organizations. The guidance was jointly published by agencies including CISA, the UK's National Cybersecurity center for France's ANSI, Germany's BSI, and partners across the G7 and European Union, researchers from Symantec and Carbon Black say. The Iran linked espionage group Seedworm breached a major South Korean electronics manufacturer in February as part of a wider campaign targeting at least nine organizations across government, manufacturing, education and financial sectors worldwide. The attackers abused legitimate signed binaries From Fortimedia and SentinelOne to sideload malicious code and evade detection. The operation relied on Node JS delivered PowerShell scripts for reconnaissance, screenshot capture, credential theft, privilege escalation and SOX5 proxy tunneling. Researchers observed the group stealing Windows Security Account Manager, or SAM Hives and and exfiltrating data through the public file sharing service sendit sh. The campaign also showed Seedworm using redundant credential theft tools and public cloud style infrastructure to blend malicious activity into normal network traffic. The campaign highlights continued maturation in Iranian cyber espionage tradecraft. Researchers say Seedworm combined legitimate software, stealthier scripting frameworks and consumer services to reduce visibility and complicate detection for defenders. Telehealth platform Open Loop Health says hackers stole personal and medical information belonging to roughly 716,000 individuals during a January 2026 network intrusion. The company says attackers accessed ITS systems between January 7 and January 8 and removed names, addresses, email addresses, birth dates and medical data. Open Loop says Social Security numbers, financial information and electronic health records were not accessed. The company disclosed the breach to authorities in March, but the full impact appeared this week on the U.S. department of Health and Human Services breach portal. Open Loop says it worked with external cybersecurity specialists, notified law enforcement and offered affected individuals free identity monitoring. The notion of orbital data centers continues to draw attention. Some say it's not practical. Others think it'll be the next big thing. Maria Vermazes is host of the T Minus Space Cyber Podcast. She joins us with this update.

A

Thanks, Dave. According to IEEE Los Angeles based startup Orbital Inc. Is the latest recipient of venture funding to build data centers in low Earth orbit in response to the growing energy demand from from AI. The launch of the company's prototype satellite is expected next year, and Orbital says it plans to build a distributed cloud of up to 10,000 satellites, each running an independent GPU server rack to tackle inference workloads, which are less compute intensive tasks. That means needing less power and generating less heat. Good news for the GPUs because contrary to what you may have heard, space is not quite cold. It is empty. So getting rid of heat is a massive constraint on the viability of the entire Orbital data center concept. The physics aren't slowing the Orbital data centers for AI feeding frenzy though as Cowboy Space Corporation, yes, that is actually their name just got $275 million in funding for its own all in one approach, building the data center directly into the upper stage of its homegrown rocket. For the Cyberwire Daily, I'm Maria Varmazes from T Minus Space Cyber Briefing. Back to you Dave.

B

The T Minus Space Cyber podcast is rebooting this Sunday. You'll find it in your CyberWire podcast feed. Electronics manufacturer Foxconn confirmed a cyber attack affecting some of its North American factories after the Nitrogen ransomware group claimed responsibility online. The company says production continuity measures were activated immediately and affected facilities are now returning to normal operations. Nitrogen claims it stole roughly 8 terabytes of data, including more than 11 million files tied to projects involving Apple, Nvidia, Intel, Google and Dell. The alleged haul reportedly includes technical drawings, internal project documents and confidential instructions. Foxconn declined to confirm whether customer information was compromised. Researchers have previously warned that a flaw in Nitrogen's ransomware decryptor may prevent victims from recovering encrypted files even if ransom payments are made. Foxconn sits deep inside the global technology supply chain, making any disruption or data theft potentially significant for downstream partners. And product development representative Frank Pallone of New Jersey has launched an inquiry into whether major retailers are using surveillance pricing techniques to charge customers different prices based on personal data. Letters sent to 25 companies, including Walmart, Target, Amazon, CVS and Walgreens, ask how customer data is collected and whether AI or machine learning systems help determine pricing. The inquiry follows growing scrutiny of algorithmic pricing practices. Pallone pointed to New York's new disclosure law requiring companies to notify consumers if AI systems use personal data to set prices. The letter also cites a 2025 Federal Trade Commission report describing how businesses can adjust prices using factors like demographics, geolocation, shopping behavior and online activ. Coming up after the break, my conversation with Brandon Karp about Japan's space systems facing growing cybersecurity threats and robotic lawnmowers on the cutting edge. Stick around. Foreign when it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guard square.com. No, it's not your imagination. Risk and regulation are ramping up and customers expect proof of security just to do business. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer Trust together on one AI powered platform. Whether you're preparing for a SoC2 or managing an enterprise GRC program, Vanta helps keep you secure and your deals moving. Companies like Ramp and RYTR report spending 82% less time on audits. That's not just faster compliance reports, that's more time to focus on growth. When I look around the industry I see over 10,000 companies, from startups to big enterprises, trusting Vanta get started@vanta.com cyber. It is always my pleasure to welcome back to the studio Brandon Karp. He is the leader of International Public Private Partnerships at ntt. Brandon, welcome back.

C

Thanks Dave. Always good to be on with you.

B

Yeah, I saw an article in Japan Times that was about Japan's space systems facing growing cybersecurity threats. And obviously your employer NTT is out of Japan.

C

Sure.

B

I'm interested in your take on this. Can we start off with some high level stuff here? I mean where does Japan stand when it comes to how they're dealing with the challenge of security in space?

C

Yeah. So overall this story which really came from Prime Minister Takeichi's growth strategy where they at the end of 2025 and into 2026 have named space and cyber among a few of their priority sectors for investment over the coming years in their budgets. This is part in this story about space security is part of a larger story around cybersecurity in J where Japan is actively growing their investment and their capability in countering some of the most significant cyber Threats around the world, have they been behind? I think they have been a little bit. They've been a little bit isolated and not leaning as forward as they can or as their technology sector and capabilities would allow them to. And one of the notable things under the Prime Minister, Prime Minister Takechi, is really just in the last year, they have made tremendous strides forward in being more aggressive, more direct, and building their own relationships around the world, not just with cybersecurity, but with national security and defense, certainly taking kind of a more of a leadership position.

B

My understanding is that Japan has implemented unified cybersecurity standards. How does that apply specifically to space systems?

C

Yeah, so Japan, kind of broadly speaking, and again, especially with this administration, has recognized that space and critical infrastructure are active targets. For example, JAXA has been breached. JAXA being their version of NASA, has been breached twice in recent history with major cyber intrusions. And then observing what occurred in the early days of Ukraine with the viasat attack. Japan's kind of recognized that their core critical infrastructure is held at threat and is trying to make androads and addressing that. They're doing that through a few different ways. One, as you mentioned, kind of universal standardization, but also laws. So in May of last year, they passed what's called the Active Cyber Defense law, which enables them to take more, what we would call in this country more offensive, but they're calling active cyber defense against adversaries in critical sectors. And so this recent announcement about the space sector and the risks of space sector, but also the investment, it's looking like about almost 60 billion this coming year that the Japanese government's going to invest in space security using a space strategy Fund is specifically around kind of modernizing these architectures and trying to bring in not just the technology, but actually the talent and the training and the resources to build up their domestic capability.

B

Can we touch on the perceived asymmetry here? I mean, cybersecurity, you often hear it described as being asymmetric. Does that apply in the context of space systems as well?

C

It does. I think that that idea of kind of the offense, defense balance, the asymmetry between the two is probably kind of changing as these AI threats kind of move into the market. I actually think that it might. This is another podcast, but it might level the playing field a little bit. So this asymmetry, it does ex. You know, that's kind of a classic view on the security paradigm. I think what's more interesting here is the recognition that national critical infrastructure in Japan, this is true in the US as well. Relies on other pieces of infrastructure. So the water treatment facilities rely on energy and rely on space, communications and rely on telecommunications, and all of those vice versa. That there is no isolated siloed piece of critical infrastructure, and that we can't allow one domain to lose investment or to be insecure. And so we actually need to invest in all of them simultaneously and think about how they interconnect. Think about how the vulnerabilities in space, communications and satellite infrastructure and ground stations might actually affect the security of the energy infrastructure or the port infrastructure or the transportation infrastructure. And recognizing that these systems are actually just like the Internet itself, interconnected, Japan

B

launched a space ISAC back in 2024. And they're signaling that perhaps they want to engage more in international cooperation. Are you tracking that trend as well? Does it seem like to what degree is Japan being insular and to what part are they actively seeking out collaboration globally?

C

Yeah. So the same act that was passed last May called the act of Cyber Defense act, actually has three pillars. One of them is the one that I mentioned, kind of reaching out and touching the bad guys. But another pillar, one of the three pillars, is actually titled Public Private partnerships or Public Private Collaboration. And so very intentionally including investment and resources in collaborating, not just with public private, internal to Japan, but actually internationally. This is something that I do in my role with NTT is work very closely with members of the Japanese government and their cybersecurity office building relationships between them and foreign nations and foreign partners in the US The UK Et cetera. So there is active investment and, you know, another example I'll give of Japan's kind of shifting perspective under Prime Minister Takeichi is just starting a few weeks ago and going through the coming weeks. Japan has been an active participant in a military exercise in the Philippines. This is the first time that's happened where Japan forces have been on the ground in the Philippines working alongside the U.S. the Philippines, the French, the Australians in a multilateral exercise, testing not just offensive military equipment, but communications and intelligence processes, et cetera. And so this is kind of showing that Japan is taking more of an active leadership role, especially in the western Pacific region along these, these pathways.

B

Brandon Karp is leader of International Public Private Partnerships at ntt. Brandon, thanks so much for joining us.

C

Thank you, Dave.

B

Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. Its powerful protection that gives CISOs real visibility, real control and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today.

D

Study and play come together on a Windows 11 PC, and for a limited time, college students get the best of both worlds. Get the unreal college deal everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox game. Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30, terms at aka mscollegepc.

B

And finally, security researcher Andreas McCree found a long list of vulnerabilities in Yarbo robotic yard equipment, including flaws that exposed WI fi passwords, GPS locations, camera access and remote control functions. McCree demonstrated the risk by remotely commandeering his own lawnmower and letting it run over him, which is one way to make a point during vulnerability disclosure. Presumably, he had the blades disabled. According to the research, Yarbo devices shared a hard coded root password and relied on persistent remote access tunnels users could not disable weak protections around messaging meant access to one robot could potentially expose the broader device fleet, researchers said. Attackers could bypass emergency stops, reactivate mower blades, or use compromised devices for local network attacks and botnet activity. To Yarbo's credit, the company publicly acknowledged the findings and moved quickly to disable remote tunnels, reset credentials, and began shifting toward per device authentication and audited remote diagnostics. Still, the company plans to retain remote access capabilities, albeit with tighter controls. The good news is the company patched the vulnerabilities. The bad news is we now live in a world where rogue lawnmower incident sounds technically plausible. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.