On this week's Security Sprint, Dave and Andy covered the following topics:

Opening:

• 27th Annual TribalNet Conference & Tradeshow, 20 – 24 Sep, Dallas, TX

• 02 Jun! WaterISAC H2OSecCon (Virtual Conference)

Main Topics:

Exploitation! and the KEV!

• CISA Adds One Known Exploited Vulnerability to Catalog - CVE-2026-9082 Drupal Core SQL Injection Vulnerability

• Drupal security advisory (AV26-492) - Update 2 - Canadian Centre for Cyber Security

• CISA orders feds to patch actively exploited Drupal vulnerability - BleepingComputer

• CISA Adds One Known Exploited Vulnerability to Catalog - CVE-2026-48172 LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

• CISA gives feds 4 days to patch actively exploited cPanel plugin flaw - BleepingComputer

• CISA Adds One Known Exploited Vulnerability to Catalog - CVE-2026-0257 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

• Palo Alto Networks Security Advisory AV26-462 — Canadian Centre for Cyber Security

• ETR: Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability CVE-2026-0257 — Rapid7

Ransomware & Data Breaches:

• The Cyber Extortion Economy - Palo Alto Networks Unit 42 - 28 May 2026 “As recently noted by our Chief Security Intelligence Officer, Wendi Whitmore, it only took 39 seconds for threat actors to move from initial access to data exfiltration in one case.”

• Stay Ahead of Ransomware: What 2026 Threat Reports Are Telling Us — SANS Institute — 01 Jun 2026

• Charter Communications Data Breach Could Impact Nearly 5 Million

• How St. Paul, Minn., Recovered From a Ransomware Attack

• FBI FLASH - Silent Ransom Group Impersonating IT Personnel through Social Engineering - FBI IC3 & FBI warns of in-person data theft attacks from extortion gang

• Charter confirms data breach after ShinyHunters extortion threat

• The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

• The Gentlemen Ransomware Group Is Scaling Faster Than Any Other Group on Record

• The Gentlemen (Ransomware) in Disguise: Defense Evasion and other TTPs

World Cup:

• FBI PSA - Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup - FBI IC3

• FAA Establishes No Drone Zones for FIFA World Cup 2026 Stadiums, Fan Events and Base Camps — FAA

• Column: Empower Emergency Managers for Major Events

• Ebola concerns grow ahead of World Cup — The Hill

Quick Hits:

• The Future of AI Risk: Predictions for 2027 and Beyond - Gate 15 - 26 May 2026

• Top 10 Artificial Intelligence Security Actions Primer — Canadian Centre for Cyber Security

• Mythos Exposes a Bigger Problem in Critical Infrastructure Cyber Defense - HSToday

• NSA Launches Zero Trust Implementation Guidelines Resource Webpage — National Security Agency

• Designing secure access with ZTNA - National Cyber Security Centre

• The 2026 U.S. Midterms Have a Cyber Problem, But It’s Not at the Ballot Box — Check Point & Hackers are already laying groundwork to disrupt 2026 midterms, research says — Nextgov

• 'Holding our breath': Hurricane season is here, and FEMA is shorthanded — Politico

On the latest episode of Nerd Out, Dave and Alec covered the following topics:

• The San Diego mosque attack.
• Recent arrest indicating potential risk to the U.S.
• World Cup considerations.
• Mandalorian, Daredevil, and Punisher reviews (SPOILER WARNING)

References to what was discussed on the pod:

San Diego Mosque Shooters' Apparent Manifestos Reveal Anti-Muslim Extremism, Antisemitism, and Broader Extremist Ideology

• https://www.adl.org/resources/article/san-diego-mosque-shooters-apparent-manifestos-reveal-anti-muslim-extremism
• https://abc7news.com/post/san-diego-mosque-shooting-alleged-islamic-center-shooter-caleb-vazquezs-behavior-led-guns-seized-2025/19162644/

Kata’ib Hizballah Commander with Ties to Iran Arrested for Terror Campaign

• https://smallwarsjournal.com/2026/05/20/kataib-hizballah-commander-with-ties-to-iran-arrested-for-terror-campaign/
• https://www.justice.gov/opa/pr/iraqi-national-arrested-and-charged-providing-material-support-iranian-backed-terrorist

World Cup Security

• https://www.theguardian.com/football/2026/may/10/fifa-world-cup-terrorism-risk-iran-war
• https://mailchi.mp/factal/benchmarker-conus-drone-threats-securingwatch-parties-data-center-threats-analyst-operator-merger

On this week's Security Sprint, Dave and Andy covered the following topics:

Opening:

• Misinformation, Deepfakes, and AI’s Unwelcome Companions. This blog is part of Gate 15’s blog series “Riding the Tiger: AI Threats and Opportunities”, highlighting the essential considerations for organizational leaders and security professionals.

• Researchers warn of coordinated influence accounts amplifying synthetic AI-generated geopolitical narratives across social platforms

• Bluesky Says Kremlin Is Hacking Its Platform to Spread Propaganda

• Trump’s AI executive order postponed. Here’s why. & Trump’s AI order sacks tech experts and sidelines safety testing

• Pope Leo warns AI boom can give Big Tech and the people who run it too much power

• Health-ISAC: Healthcare is scaling AI without the infrastructure to manage it

• AT&T joins Cybersecurity Manufacturing Innovation Institute’s C2-ISAC initiative - AT&T, and see Who’s whispering in Trump’s ear on Iran for more on C2-ISAC (“New ISAC in Town”) and lots of other articles sharing this announcement.

• GAO: Critical Infrastructure Protection: EPA Needs to Ensure Water Systems Address Risks from Cybersecurity Threats

• Ranking Member Lofgren’s Opening Statement at Water Cybersecurity Hearing & Ranking Member Amos’ Opening Statement at Water Cybersecurity Hearing

• Tip of the Week – May 21, 2026 - WaterISAC

Main Topics:

2026 Data Breach Investigations Report - Verizon - 19 May 2026

• 2026 Verizon Data Breach Investigations Report finds third-party risk and credential abuse accelerating

• Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector

• What the 2026 Verizon DBIR Signals About Internet Intelligence and External Visibility

• Verizon 2026 DBIR: 10 Takeaways You Should Know

• Verizon DBIR finds vulnerability exploitation overtakes stolen credentials as top breach entry point for critical infrastructure

• Patches take weeks. Exploits take hours. The 2026 DBIR makes the math brutal.

San Diego Mosque Shooting and Extremism

• San Diego Shooter So Alarmed Police in 2025, They Seized Father's Guns

• CSIS: The San Diego Mosque Shooting Marks a Deadly First in the United States

• ‘It’s the Jews’: San Diego mosque shooters decried ‘the universal enemy’ in hate-filled manifesto

• San Diego mosque shooter Caleb Vazquez’s family breaks silence on terror attack, say autistic son was brainwashed online

• Several people watched San Diego attack live on video calls, recordings show

• Violent Neo-Nazi Ideology at the Heart of San Diego Attack

• San Diego Mosque Shooting Another Symptom Of The “Great Replacement” Conspiracy Theory

• San Diego Mosque Shooters’ Apparent Manifestos Reveal Anti-Muslim Extremism

• San Diego shooting suspects had manifesto, weapons cache: FBI

• Father-of-eight killed in San Diego mosque shooting hailed as a hero

• Imam blames anti-Muslim rhetoric for San Diego attack: ‘This is what we get’

Quick Hits:

• NOAA predicts below-normal 2026 Atlantic hurricane season – NOAA

• Nine Practical Ideas to Strengthen Preparedness This Hurricane Season

• Ebola: Worldwide Caution - U.S. Department of State

• World Cup’s Ebola factor

• There is no Ebola vaccine for this outbreak. There won’t be one soon. Here’s why.

• WHO chief says Ebola outbreak in Congo is ‘spreading rapidly’ and upgrades risk assessment

• Threat Actors Impersonate IC3 Employees to Defraud Victims - FBI IC3

• “First VPN Service” Used by Ransomware Actors to Compromise Systems - FBI IC3

In this week's Security Sprint, Dave and Andy are joined by Anna Mentzer-Hernandez to talk about the following topics:

Opening:

• AI Governance: Aligning Corporate Structures with Emerging Tech - Gate 15

o CISA & G7 Partners Release Joint Guidance on the Minimum Elements of a Software Bill of Materials for Artificial Intelligence

o Thinking carefully before adopting agentic AI - NCSC

• Non-Human Identities (NHIs) Are Growing Faster Than Most Security Programs - RSAC Conference - 13 May 2026 Gate 15’s Sadie-Anne Jones wrote that non-human identities are expanding rapidly across cloud, automation, AI, API, SaaS, and CI/CD environments, often outpacing the governance programs meant to control them.

• PERSPECTIVE: Stabilizing the Cybersecurity and Infrastructure Security Agency Starts With These Critical Steps - HSToday - 13 May 2026 Scott Algeier, Executive Director of the Information Technology Information Sharing and Analysis Center and Executive Director of the Food and Agriculture Information Sharing and Analysis Center, argues that stabilizing CISA requires renewed public-private partnership, legal protections for information sharing, and practical reforms that strengthen trust with industry.

Main Topics:

Hurricane Season & (TLP:GREEN) GATE 15 TARGET Hurricane Preparedness, 18 May 2026

San Diego shooting: 5 dead in mosque attack; anti-Islam writings found - Los Angeles Times - 18 May 2026 The Los Angeles Times reported live updates on the San Diego mosque attack, including that five people were dead and anti-Islam writings were found as investigators examined motive. The reporting described a large law enforcement response and continued investigation into whether the attack was driven by bias or extremist intent. The incident has elevated concern around religiously motivated targeted violence and the protection of schools or community spaces co-located with houses of worship. Target is faith-based organizations, Muslim communities, school administrators, and emergency managers with Dig highlighting the intersection of hate-driven violence, mass casualty response, and community security preparedness.

Iranian hackers target gas stations and internet-connected systems amid regional tensions – CNN – 15 May 2026 Iranian-linked cyber actors are reportedly targeting internet-connected systems and fuel distribution infrastructure amid heightened geopolitical tensions involving Iran and Western governments. Analysts assess the activity as part of a broader pattern of retaliatory cyber signaling intended to demonstrate disruptive capability without crossing into full-scale destructive cyber conflict. The incidents reinforce ongoing concerns regarding the exposure of operational technology and public-facing infrastructure systems vulnerable to politically motivated cyber operations. Target is fuel distribution systems and internet-connected infrastructure environments with Dig highlighting how geopolitical escalation continues to increase cyber risk to civilian operational systems.

• ISACs! ONE-ISAC, Tribal-ISAC, RH-ISAC

• Iraqi National Arrested and Charged with Providing Material Support to Iranian-Backed Terrorist Organizations and Directing Attacks Targeting U.S. Citizens and Interests

Quick Hits:

• Fine of nearly £1m issued against South Staffordshire Plc and South Staffordshire Water Plc

• UK water company allowed hackers to lurk undetected for nearly two years, regulator finds

• W.H.O. Declares Ebola Outbreak a Global Health Emergency

In this episode of The Gate 15 Interview, Andy Jabbour speaks with Allan Liska. Allan Liska, threat intelligence analyst at Recorded Future, has more than 15 years of experience in information security and has worked as both a security practitioner and an ethical hacker. Through his work at Symantec, iSIGHT Partners, FireEye, and Recorded Future, Allan has helped countless organizations improve their security posture using more effective intelligence. He is the author of “The Practice of Network Security, Building an Intelligence-Led Security Program”, “Securing NTP: A Quickstart Guide” and the co-author of “DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion.”, and "Ransomware: Understand. Prevent. Recover."

• Allan on LinkedIn
• Allan on Bluesky
• Allan on Substack (Ransomware)
• Green Archer Comics
• Allan Liska’s cybersecurity books on Amazon!
• The Gate 15 Interview EP 55. Allan Liska, Ransomware Sommelier. Threats, mental health, comic books and Diet Dr. Pepper. (18 Feb 2025)

“I think we’re in a rough time right now… we need to be more empathetic and more compassionate” – Allan Liska

In the podcast, Allan and Andy discuss:

• Ransomware, Recorded Future, cybersecurity, and comics!
• Anti-Ransomware Day, 3rd party ransomware risk, and the expanding ransomware ecosystem
• IABs, scams, BEC, and other threats
• Thoughts on AI and LLMs
• The value of networking!
• Green Archer Comics! and where you can meet Allan: Comic Logic (17 May), Big Lick Comic Con NOVA (30-31 May) Sleuthcon (05 Jun)
• We play Three Questions! and talk, Green Arrow, The White Desert, and some rapid-fire comic word association
• And more!

In this week's Security Sprint, Dave and Andy covered the following topics:

Opening:

• Summary Playbook: AI Risk Management Checklist for Leaders - Gate 15

• Ripple teams up with Crypto ISAC to stop North Korean hackers

• Designation: Restrict the Operation of Unmanned Aircraft in Close Proximity to a Fixed Site Facility ; An unpublished Proposed Rule by the Federal Aviation Administration on 05/06/2026 - FAA

• Trump admin will push for ‘long-term’ reauthorization of key cyber data-sharing law

• FEMA Review Council Releases Final Report - DHS

• Ranking Member Thompson Statement on FEMA Review Council Report - House Homeland Security Committee Democrats

Main Topics:

Ransomware! International Anti-Ransomware Day 2026: Kaspersky shares insights into ransomware trends and tactics - Kaspersky - 12 May 2026.

• Weekly ransomware & data leak landscape - eCrime.ch

• Q1 2026 Ransomware Report: Fewer Groups, Higher Impact - Check Point Research

• Ransomware roundup: April 2026 - Comparitech

• Arete’s 2025 Annual Crimeware Report Operationalizes Cyber Intelligence and Incident Response Data

• Global ransomware statistics 2026: the data behind the rising threat

• Gentlemen ransomware reportedly hit by… ransomware

CI Fortify: Strengthening Resilience Across Critical Infrastructure - CISA - 05 May 2026 This initiative outlines CISA efforts to strengthen resilience across critical infrastructure sectors through targeted guidance tools and collaborative programs.

America’s Most Critical Lifeline- Water! AI-Assisted ICS Attack on Water Utility - Dragos - 07 May 2026 Dragos reports that threat actors used artificial intelligence tools during an intrusion involving a water utility environment to support reconnaissance, scripting, and operational targeting activity.

• WaterISAC H2OSecCon!! 02 June 2026

• WaterISAC: TLP:GREEN Physical Security Case Study: Water Treatment Plant Insider Threat Incident

• Polish intelligence warns hackers attacked water treatment facility

United States Counterterrorism Strategy - The White House - 06 May 2026 The White House released its 2026 counterterrorism strategy, outlining priorities focused on homeland protection, cartel and transnational gang threats, jihadist organizations, violent secular political groups, state sponsors, and weapons of mass destruction risks.

o Perspective: Selective Threats — A Counterterrorism Strategy Built on Politics - HSToday - 11 May 2026 - Analysis/Commentary. HSToday argues that political considerations are shaping counterterrorism priorities in ways that can distort threat assessment and operational focus.

o Trump counterterrorism strategy targets ‘violent left-wing extremists’ with ‘transgender ideology’

o Trump Releases New 'Counterterrorism Strategy' With Fresh Focus on Cartels and Antifa

o Trump’s counterterrorism strategy puts focus on left-wing ‘violent secular groups’

o Trump signs new counterterrorism strategy that focuses on hemispheric threats

o US says migration has made Europe an ‘incubator’ for terrorism in new counter-terrorism strategy

o Ranking Member Thompson Statement on Trump Administration’s Counterterrorism "Strategy"

Quick Hits:

• One in Eight Workers Has Sold Their Corporate Logins

• El Niño to fuel Pacific hurricane season, increase risks for California, Hawaii, Mexico

• ClickFix! Clipboard to Encryption: The Critical Role of ClickFix in Ransomware Campaigns

• ClickFix! ClickFix distributing Vidar Stealer via WordPress targeting Australian infrastructure

• ClickFix! ClickFix campaign uses fake macOS utilities lures to deliver infostealers

• Between Intent and Capability: Assessing the Lack of Iranian Attacks on the U.S. Homeland

• The Canvas Hack Is Disrupting Schools and Universities Across the Country

• OT Cybersecurity Lessons Learned from the Frontlines

• English Language Video Attributed to Al-Qaeda in the Arabian Peninsula Calls for Lone Wolf Attacks in the West

In this week's Security Sprint Dave and Andy covered the following topics:

Opening

• Homeland Security Funding Bill Passed, Includes Money for CISA

• Browser Extensions and Shadow AI: Unmanaged Threats to Privacy — Gate 15

• Data Centers, Telecommunications Networks, and Space-Based Systems: Modernizing DHS’s SRMA Role for the Communications and IT Sectors — House Committee on Homeland Security

• New Cybersecurity Guide Targets Rising Threats to Food and Agriculture SMBs

• Maine Law Requires Hospitals to Enact Cybersecurity Plans

Main Topics

• New FTC Data Show People Have Lost Billions to Social Media Scams - Federal Trade Commission - 23 Apr 2026 The Federal Trade Commission reported that consumers have lost billions of dollars to scams originating on social media platforms, with fraudsters leveraging impersonation, investment schemes, and romance scams to exploit user trust.

• Take9! 9 Seconds For A Safer World. Cyber threats are everywhere. And getting sneakier. What can you do to protect yourself, your community and our nation?

• New 2026 ‘IOCTA’ highlights sophisticated tactics and emerging challenges in the digital landscape – Europol unveils comprehensive analysis of evolving cybercrime threats - Europol - 28 Apr 2026 Europol released its 2026 Internet Organised Crime Threat Assessment, warning that encryption, proxies, artificial intelligence, dark web marketplaces, cryptocurrencies, fraud ecosystems, ransomware, and child sexual exploitation are expanding the cybercrime landscape.

• Global Encryption Coalition (GEC). The Global Encryption Coalition (GEC) was founded in 2020 by the Center for Democracy & Technology, Global Partners Digital and the Internet Society and now has over 350 members. Gate 15 is a proud member of the GEC.

Ransomware! Weekly ransomware & data leak landscape; A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch. — eCrime.ch — 26 Apr 2026. The eCrime weekly report provides a seven-day analysis of ransomware claim activity, data leak site postings, actor concentration, and sector targeting trends.

• NCC Group Monthly Threat Pulse - Review of March 2026

• Ransomware and Cyber Extortion in Q1 2026 - ReliaQuest

Presidential Message on National Hurricane Preparedness Week - The White House - 03 May 2026 This message encourages Americans in hurricane-prone areas to prepare before the season by protecting property, building emergency plans, assembling supplies, and monitoring forecasts and evacuation routes. It emphasizes local and state frontline roles while describing federal support for response and recovery.

• Hurricane Preparedness - NOAA

• Summer forecast 2026: Heat, severe storms to shape the season as El Niño develops, strengthens - AccuWeather

• 2026 Hurricane Awareness Webinars - NOAA

Quick Hits

• Email threat landscape: Q1 2026 trends and insights — Microsoft Security Blog

• Tycoon2FA disruption impact

• QR code phishing attacks

• CAPTCHA tactics

• Malicious payloads

• Business email compromise

• Defending against email threats

• Microsoft Defender detections

• Alert - AL26-008 - Vulnerability affecting cPanel and WebHost Manager (WHM) - CVE-2026-41940 - Canadian Centre for Cyber Security

• Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks

• To recover your files kindly send 0.1 BTC to… ransom note appears on websites

• The cPanel Situation Is… -

• cPanel authentication bypass vulnerability CVE-2026-41940 exploited

• Over 40,000 Servers Compromised in Ongoing cPanel Exploitation

• Cole Allen’s journey from Caltech grad to accused gunman in D.C. attack

• Footage shows White House correspondents' dinner suspect 'casing' hotel: US attorney

• Washington Hilton says it was using Secret Service protocols on night of attack

In this week's Security Sprint, Dave and Andy covered the following topics:

Opening:

• AI in Cybersecurity Defense: Best Practices and Limitations — Gate 15

• FS-ISAC releases advisory on hardening cybersecurity from AI

• Sector Risk Advisory: AI-Enabled Vulnerability Detection & Remediation Perspectives on Third Parties

• Sector Risk Advisory: Preparing the Enterprise for AI-Enabled Vulnerability Discovery

• Executive Overview: Implications of AI-Enabled Vulnerability Detection & Exploitation

• Europe must prevent misuse of Anthropic's Mythos, Bundesbank chief warns

• FB-ISAO Newsletter V8 Issue 4

Main Topics:

WHCD Attack

• White House Dinner Shooting Suspect's Family Alerted Police To Threats Minutes Before Attack

• Read White House Correspondents’ Dinner gunman Cole Allen’s full anti-Trump manifesto

• WHCD shooting suspect Cole Allen mocked lack of security on every leg of cross-country journey in manifesto: ‘Actually insane’

• Who Are The Wide Awakes? What We Know About Group Tied to Cole Allen

• White House Correspondents' Dinner gunman 'assembled long weapon in unsecured room' before firing near ballroom, volunteer reveals

• Correspondents’ dinner shooting suspect called himself ‘friendly federal assassin’

• White House correspondents’ dinner was not given top security status

• White House correspondents’ dinner shooting suspect reached ballroom staircase

• Trump shooting at correspondents dinner raises security concerns

• Staged conspiracy theories are everywhere following White House Correspondents’ Dinner shooting

Cyber Resilience

• Cyber Centre warns of sophisticated smishing activity targeting Canadians & Smishing: Protect yourself from SMS attacks - Canadian Centre for Cyber Security

• NCSC: Leave passwords in the past - passkeys are the future – UK National Cyber Security Centre

• Cyber security considerations for passkeys (ITSAP.30.033) — Canadian Centre for Cyber Security

• How NOT to Be Your Adversary’s Best Friend | FIRST CTI 2026 Day 2 - FIRST CTI 2026

• Could your choice of metrics be harming your SOC? – UK National Cyber Security Centre

• NCSC CEO keynote speech, CYBERUK 2026 — UK National Cyber Security Centre

• Vendor diversification (ITSAP.10.006) - Canadian Centre for Cyber Security

FBI: Open Letter to Parents, Guardians, and Caregivers

Quick Hits:

• AI tools are helping mediocre North Korean hackers steal millions - WIRED

• Inside Lazarus: How North Korea Uses AI to Industrialize Attacks on Developers - Expel

• Distinguished ex-cop arrested for ‘mass shooting’ plot to gun down black people at New Orleans festival

• UK warns of Chinese hackers using botnets of hijacked consumer devices to evade detection

• FIRESTARTER Backdoor - CISA

• Data Centers, Telecommunications Networks, and Space-Based Systems: Modernizing DHS’s SRMA Role for the Communications and IT Sectors - House Committee on Homeland Security. Witnesses include Sam Visner, Chair of the Board of Directors at Space Information Sharing and Analysis Center; and Scott Algeier, Executive Director of the Information Technology-Information Sharing and Analysis Center.

• CISA director pick Sean Plankey withdraws his nomination - CyberScoop

• Treaty Adjacent: Why Tribal Data Sovereignty Matters - LinkedIn

In the latest episode of Nerd Out, Dave and Alec go deep into the various threats from Iran and the ways they can still inspire and influence attacks before diving into the fire as a weapon / arson threats. And as always they wrap up talking about some of their favorite shows including Daredevil and Maul! Plus, are we in the midst of a revival or peak for fandom!

Iran Security Threats

• https://www.visionofhumanity.org/wp-content/uploads/2026/03/The-Iran-War-and-The-Global-Terrorism-Threat.pdf
• https://www.longwarjournal.org/archives/2026/04/iran-linked-group-ashab-al-yamin-surges-attacks-in-european-cities-claims-15-since-march.php
• https://www.theguardian.com/uk-news/2026/apr/23/iran-low-level-hybrid-warfare-arson-attacks-uk-europe

Iran Supply Chain:

• https://www.cnbc.com/2026/04/21/oil-price-iran-war-middle-east.html
• https://splash247.com/war-turns-sulphur-market-toxic-in-acid-supply-shock/

Workplace Violence – Employee Reportedly Intentionally Sets Fire at Massive Warehouse, Possibly Motivated by Ideological Grievances:

• ⁠https://www.asisonline.org/security-management-magazine/articles/2026/04/distribution-center-arson-attack/⁠
  

On this week's Security Sprint, Dave and Andy covered the following topics:

Opening:

• TribalHub Regional Tribal Technology Forums

• WaterISAC H2OSecCon 2026. Virtual Event: 02 Jun, 11am-5pm ET Overview, Registration, Agenda, Speakers

• Offensive AI: What Red Teams and Attackers are Doing Now - Gate 15

Main Topics:

Vercel April 2026 security incident Vercel 20 Apr 2026. Vercel said it identified unauthorized access to certain internal systems and initially found a limited subset of customers whose credentials were compromised. The company said the incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee, which then enabled takeover of that employee’s Google Workspace account and access to some Vercel environments and non-sensitive-marked environment variables. Vercel said services remain operational, law enforcement has been notified, and customers who were not contacted are not currently believed to have had credentials or personal data compromised. Vercel is a cloud platform used for frontend hosting, serverless functions, and deploying websites, particularly those built with React or Next.js. It enables developers to easily build high-performance, edge-optimized applications. Key features include automatic Git integrations (CI/CD) for instant deployments, preview environments, and edge storage.

• Vercel confirms breach as hackers claim to be selling stolen data

• Breaking: Vercel Breach Linked to Infostealer Infection at Context.ai

• Vercel’s security breach started with malware disguised as Roblox cheats

Wiz: 80% of cloud breaches are caused by basic mistakes - IT Pro - 13 Apr 2026 IT Pro reports that Wiz Threat Research found most cloud breaches in 2025 were driven by familiar security mistakes rather than entirely new vulnerability classes, with AI expanding the places where known risks can appear. The article frames the problem around scale, shared trust, and increasingly complex cloud and AI environments rather than exotic attack novelty. Target is cloud security teams, platform engineers, and enterprise risk leaders with Dig highlighting that basic exposure management, identity control, and configuration discipline remain the decisive factors in many modern cloud compromises.

Fire As An Act Of Sabotage Guidance UK National Protective Security Authority 25 Sep 2024. The NPSA guidance outlines how to mitigate the risk of deliberate fire-setting used as sabotage against premises and infrastructure that may be attractive targets. Although not new, it remains operationally useful because it provides protective security and risk management guidance for owners and operators responsible for physical sites and critical functions. The relevance is heightened in an environment where sabotage, arson, and hybrid disruption are increasingly discussed alongside state and extremist threat models.

From tabletop reality 10 gaps executive cyber exercises consistently reveal - SANS Institute - 2026 This analysis identifies recurring gaps observed during executive cyber exercises, including communication breakdowns and decision-making delays. It highlights the importance of realistic training scenarios to improve organizational readiness. The findings provide actionable insights for strengthening incident response at the leadership level.

• Critical infrastructure resilience escalated threat navigation initiative - Canadian Centre for Cyber Security

• Preparing for severe cyber threat why leaders must act now - NCSC UK

• CISO Survey 2026: The State of Incident Response Readiness

Quick Hits:

• The State of Ransomware in Q1 2026 - Emsisoft

• Safeguarding Our Data, Intellectual Property, and Technology from Non-traditional Collectors