You're listening to the Cyber Wire Network, powered by N2K. Maybe that's an urgent message from your CEO, or maybe it's a deepfake trying to target your business. Doppel is the AI-native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back, from automatically dismantling cross-channel attacks to building team resilience and more. Doppel, outpacing what's next in social engineering. Learn more at doppel.com. That's D-O-P-P-E-L dot com. We got your patch Tuesday update. Global agencies update SBOM guidance. Iran-linked espionage group Seedworm breaches a major South Korean electronics manufacturer. A telehealth platform breach affects 716,000. Foxconn confirms a cyber attack. Maria Vermazis has an update on orbital data centers. A lawmaker questions surveillance pricing. Brandon Karp is talking with me about Japan's space systems facing growing cybersecurity threats. And robotic lawnmowers are on the cutting edge. It's Wednesday, May 13th, 2026. I'm Dave Bittner, and this is your CyberWire Intel Briefing. Thanks for joining us here today. It's great, as always, to have you with us. This month's Patch Tuesday landed in four major categories, enterprise software, infrastructure, and networking. hardware and chipsets, and industrial control systems. Microsoft led the cycle with fixes for 137 vulnerabilities, including multiple flaws marked exploitation more likely. Adobe, Zoom, Fortinet, and Avanti also released high-severity patches affecting collaboration platforms, networking appliances, and remote access tools. In enterprise software, Microsoft patched two Word remote code execution flaws that researchers say could trigger through the preview pane alone. Adobe addressed 52 vulnerabilities, including critical code execution bugs in Adobe Connect and Commerce. Infrastructure vendors Fortinet and Avanti resolved critical flaws affecting authentication systems, sandboxes, and endpoint management platforms. On the hardware side, Intel and AMD published more than two dozen advisories covering 70 vulnerabilities. Several flaws could lead to privilege escalation, denial of service, or arbitrary code execution in drivers, firmware, and cloud acceleration platforms. Industrial control system vendors Siemens and Schneider Electric also issued critical advisories affecting programmable logic controllers, industrial web servers, and energy management systems. Siemens separately warned that one rugged com product is exposed to a previously disclosed PAN OS vulnerability linked in public reporting to suspected Chinese state-sponsored activity. Patch Tuesday now reaches far beyond desktops and servers. Security teams are increasingly expected to coordinate risk management across cloud services, operational technology, hardware supply chains, and traditional enterprise software, all at the same time. Cyber agencies from the G7 and partner nations have released new guidance defining the minimum elements for software bills of materials, or SBOMs, for artificial intelligence systems. The framework outlines seven categories covering metadata, system properties, AI models, data sets, infrastructure, performance indicators, and security controls. The goal is to help organizations better understand how AI systems are built, trained, and maintained across increasingly complex supply chains. The guidance stresses that AI SBOMs alone are not enough to secure the AI ecosystem. The authors say the framework should work alongside vulnerability management tools, security advisories, and evolving cybersecurity tooling. Former CISA SBOM lead Alan Friedman noted that several proposed categories may prove difficult to standardize consistently across organizations. The guidance was jointly published by agencies including CISA, the UK's National Cybersecurity Center, France's ANSI, Germany's BSI, and partners across the G7 and European Union. Researchers from Symantec and Carbon Black say the Iran-linked espionage group Seedworm, breached a major South Korean electronics manufacturer in February as part of a wider campaign targeting at least nine organizations across government, manufacturing, education, and financial sectors worldwide. The attackers abused legitimate signed binaries from Fortimedia and Sentinel-1 to sideload malicious code and evade detection. The operation relied on Node.js delivered PowerShell scripts for reconnaissance, screenshot capture, credential theft, privilege escalation, and SOX5 proxy tunneling. Researchers observed the group stealing Windows Security Account Manager or SAM hives and exfiltrating data through the public file service SendIt The campaign also showed Seedworm using redundant credential theft tools and public cloud-style infrastructure to blend malicious activity into normal network traffic. The campaign highlights continued maturation in Iranian cyberespionage tradecraft. Researchers say Seedworm combined legitimate software, stealthier scripting frameworks, and consumer services to reduce visibility and complicate detection for defenders. Telehealth platform OpenLoopHealth says hackers stole personal and medical information belonging to roughly 716,000 individuals during a January 2026 network intrusion. The company says attackers accessed its systems between January 7 and January 8 and removed names, addresses, email addresses, birthdates, and medical data OpenLoop says social security numbers, financial information, and electronic health records were not accessed The company disclosed the breach to authorities in March but the full impact appeared this week on the U.S. Department of Health and Human Services breach portal Open Loop says it worked with external cybersecurity specialists, notified law enforcement, and offered affected individuals free identity monitoring. The notion of orbital data centers continues to draw attention. Some say it's not practical. Others think it'll be the next big thing. Maria Vermazis is host of the T-Space Cyber Podcast. She joins us with this update. Thanks, Steve. According to IEEE, Los Angeles-based startup Orbital Incorporated is the latest recipient of venture funding to build data centers in low-Earth orbit in response to the growing energy demand from AI. The launch of the company's prototype satellite is expected next year, and Orbital says it plans to build a distributed cloud of up to 10,000 satellites, each running an independent GPU server rack to tackle inference workloads, which are less compute-intensive tasks. That means needing less power and generating less heat. Good news for the GPUs because, contrary to what you may have heard, space is not cold. It is empty. So getting rid of heat is a massive constraint on the viability of the entire orbital data center concept. The physics aren't slowing the orbital data centers for AI feeding frenzy, though, as Cowboy Space Corporation, yes, that is actually their name, just got $275 million in funding for its own all-in-one approach, building the data center directly onto the upper stage of its homegrown rocket. For the Cyber Wire Daily, I'm Maria Varmozes from T-Space Cyber Briefing. Back to you, Dave. The T-Space Cyber Podcast is rebooting this Sunday. You'll find it in your Cyber Wire podcast feed. Electronics manufacturer Foxconn confirmed a cyberattack affecting some of its North American factories after the Nitrogen ransomware group claimed responsibility online. The company says production continuity measures were activated immediately and affected facilities are now returning to normal operations. Nitrogen claims it stole roughly 8 terabytes of data, including more than 11 million files tied to projects involving Apple, NVIDIA, Intel, Google, and Dell. The alleged haul reportedly includes technical drawings, internal project documents, and confidential instructions. Foxconn declined to confirm whether customer information was compromised. Researchers have previously warned that a flaw in Nitrogen's ransomware decryptor may prevent victims from recovering encrypted files, even if ransom payments are made. Foxconn sits deep inside the global technology supply chain, making any disruption or data theft potentially significant for downstream partners and product development. Representative Frank Pallone of New Jersey has launched an inquiry into whether major retailers are using surveillance pricing techniques to charge customers different prices based on personal data. Letters sent to 25 companies, including Walmart, Target, Amazon, CVS, and Walgreens, ask how customer data is collected and whether AI or machine learning systems help determine pricing. The inquiry follows growing scrutiny of algorithmic pricing practices. Pallone pointed to New York's new disclosure law requiring companies to notify consumers if AI systems use personal data to set prices. The letter also cites a 2025 Federal Trade Commission report describing how businesses can adjust prices using factors like demographics, geolocation, shopping behavior, and online activity. Coming up after the break, my conversation with Brandon Karp about Japan's space systems facing growing cybersecurity threats and robotic lawnmowers on the cutting edge. Stick around. When it comes to mobile application security, good enough is a risk. A recent survey shows that 72% of organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in the past two years. GuardSquare delivers the highest level of security for your mobile apps without compromising performance time to market or user experience Discover how GuardSquare provides industry security for your Android and iOS apps at www No, it's not your imagination. Risk and regulation are ramping up, and customers expect proof of security just to do business. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk, and customer trust together on one AI-powered platform. Whether you're preparing for a SOC 2 or managing an enterprise GRC program, Vanta helps keep you secure and your deals moving. Companies like Ramp and Ryder report spending 82% less time on audits. That's not just faster compliance. That's more time to focus on growth. When I look around the industry, I see over 10,000 companies from startups to big enterprises trusting Vanta. Get started at vanta.com slash cyber. it is always my pleasure to welcome back to the studio brandon carp he is the leader of international public private partnerships at ntt brandon welcome back thanks dave always good to be on with you. Yeah. I saw an article in Japan Times that was about Japan's space systems facing growing cybersecurity threats. And obviously your employer, NTT, is out of Japan. Sure. I'm interested in your take on this. Can we start off with some high-level stuff here? I mean, where does Japan stand when it comes to how they're dealing with the challenge of security in space. Yeah, so overall, this story, which really came from Prime Minister Takeichi's growth strategy, where they, at the end of 2025 and into 2026, have named space and cyber among a few of their priority sectors for investment over the coming years in their budgets. This is part in the story about space security as part of a larger story around cybersecurity in Japan, where Japan is actively growing their investment and their capability in countering some of the most significant cyber threats around the world. Have they been behind? I think they have been a little bit. They've been a little bit isolated and not leaning as forward as they can or as their technology sector and capabilities would allow them to. And one of the notable things under the prime minister, Prime Minister Takeichi, is really just in the last year, they have made tremendous strides forward in being more aggressive, more direct, and building their own relationships around the world, not just with cybersecurity, but with national security and defense, certainly taking kind of a more of a leadership position. My understanding is that Japan has implemented unified cybersecurity standards. How does that apply specifically to space systems? Yeah, so Japan kind of broadly speaking, and again, especially with this administration, has recognized that space and critical infrastructure are active targets. For example, JAXA has been breached. JAXA being their version of NASA has been breached twice in recent history with major cyber intrusions. And then observing what occurred in the early days of Ukraine with the Viasat attack, Japan's kind of recognized that their core critical infrastructure is held at threat and is trying to make enroads in addressing that. They're doing that through a few different ways. One, as you mentioned, kind of universal standardization, but also laws. So in May of last year, they passed what's called the Active Cyber Defense Law, which enables them to take more what we would call in this country more offensive, but they're calling active cyber defense against adversaries in critical sectors. And so this recent announcement about the space sector and the risks of space sector, but also the investment. It's looking like about almost $60 billion this coming year that the Japanese government's going to invest in space security using a space strategy fund is specifically around kind of modernizing these architectures and trying to bring in not just the technology, but actually the talent and the training and the resources to build up their domestic capability. Can we touch on the perceived asymmetry here? I mean, cybersecurity, you often hear it described as being asymmetric. Does that apply in the context of space systems as well? It does. I think that that idea of kind of the offense-defense balance, the asymmetry between the two, is probably kind of changing as these AI threats kind of move into the market. I actually think that it might, this is another podcast, but it might level the playing field a little bit. So this asymmetry, it does exist. You know, that's kind of a classic view on the security paradigm. I think what's more interesting here is the recognition that national critical infrastructure in Japan, this is true in the U.S. as well, relies on other pieces of infrastructure. So the water treatment facilities rely on energy and rely on space communications and rely on telecommunications and all of those vice versa. that there is no isolated siloed piece of critical infrastructure, and that we can't allow one domain to lose investment or to be insecure. And so we actually need to invest in all of them simultaneously and think about how they interconnect. Think about how the vulnerabilities in space communications and satellite infrastructure and ground stations might actually affect the security of the energy infrastructure or the port infrastructure or the transportation infrastructure and recognizing that these systems are actually just like the internet itself interconnected Japan launched a space ISAC back in 2024 and they signaling that perhaps they want to engage more in international cooperation. Are you tracking that trend as well? Does it seem like, to what degree is Japan being insular and to what part are they actively seeking out collaboration globally. Yeah, so that the same act that was passed last May called the Act of Cyber Defense Act actually has three pillars. One of them is the one that I mentioned kind of reaching out and touching the bad guys. But another pillar, one of the three pillars is actually titled public-private partnerships or public-private collaboration. And so very intentionally including investment and resources in collaborating not just with public-private internal to Japan, but actually internationally. This is something that I do in my role with NTT is work very closely with members of the Japanese government and their cybersecurity office, building relationships between them and foreign nations and foreign partners in the US, the UK, et cetera. So there's active investment. And, you know, another example I'll give of Japan's kind of shifting perspective under Prime Minister Takeichi is just starting a few weeks ago and going through the coming weeks, Japan has been an active participant in a military exercise in the Philippines. This is the first time that's happened where Japan forces have been on the ground in the Philippines, working alongside the U.S., the Philippines, the French, the Australians in a multilateral exercise testing, not just offensive military equipment, but communications and intelligence processes, et cetera. And so this is kind of showing that Japan is taking more of an active leadership role, especially in the Western Pacific region along these pathways. Brandon Karp is leader of International Public-Private Partnerships at NTT. Brandon, thanks so much for joining us. Thank you, Dave. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with ThreatLocker DAC, Defense Against Configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero-trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero-trust attainable. even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo at ThreatLocker.com slash N2K today. And finally, security researcher Andreas McCree found a long list of vulnerabilities in Yarbo robotic yard equipment, including flaws that exposed Wi-Fi passwords, GPS locations, camera access, and remote control functions. McCree demonstrated the risk by remotely commandeering his own lawnmower and letting it run over him, which is one way to make a point during vulnerability disclosure. Presumably, he had the blades disabled. According to the research, Yarbo devices shared a hard-coded root password and relied on persistent remote access tunnels users could not disable. Weak protections around messaging meant access to one robot could potentially expose the broader device fleet. Researchers said attackers could bypass emergency stops, reactivate mower blades, or use compromised devices for local network attacks and botnet activity. To Yarbo's credit, the company publicly acknowledged the findings and moved quickly to disable remote tunnels, reset credentials, and began shifting toward per-device authentication and audited remote diagnostics. Still, the company plans to retain remote access capabilities, albeit with tighter controls. The good news is the company patched the vulnerabilities. The bad news is we now live in a world where rogue lawnmower incident sounds technically plausible. And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com. N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazis. Our executive producer is Jennifer Iben. Peter Kilpie is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Thank you.
