Normal view

GitHub nukes 70+ Microsoft repos, breaks CI/CD pipelines, following suspected worm infections

8 June 2026 at 15:56
Microsoft’s GitHub temporarily disabled over 70 repositories after they were reportedly compromised by a worm in the latest open source supply chain attack. The code shack took down 73 repos within the space of 105 seconds after its alarms were tripped on Friday, June 5, after detecting signs of the Miasma worm infecting its projects, according to StepSecurity’s co-founder and CTO, Ashish Kurmi. “Our priority is to protect customers and the broader ecosystem. We temporarily removed some repositories as we investigated potential malicious content," a Microsoft spokesperson told us on Wednesday, two days after this story was originally published. "All of these repos have been restored after review. As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels.” Users reported issues quickly on Friday, after visits to those repos all resulted in the same message displayed, indicating that they had been disabled due to terms of service violations. According to StepSecurity’s analysis, the attack kicked off after a compromised contributor account pushed a malicious commit to Azure/durabletask. The commit dropped configuration files that triggered remote code execution on machines when a developer opened the repo in an IDE or AI coding tool, such as Claude Code, Gemini CLI, and Cursor. Several developers soon reported broken CI/CD pipelines, a support thread showed, although a moderator said at the time this was due to “an internal management issue.” "The repo that most immediately caused issues was Azure/functions-action,” Kurmi wrote, used to deploy code to Azure. With it being taken down, every workflow that referenced Azure/functions-action@v1 stopped resolving. GitHub stepped in a few hours after the repos were infected by the malicious commit. Its automated detections kicked in and disabled the repos in under two minutes, in two separate waves. However, it was the borking of the durabletask family that hinted at the bigger picture, that the attack was indeed a re-opening of the previous Miasma worm attack that hit Microsoft last month. Microsoft’s durabletask PyPi package was a previous target of the Miasma worm on May 19. Within a 35-minute window, three versions of the package were uploaded to PyPi, which planted infostealers on developers’ machines, specifically sniffing out cloud secrets and developer tool configurations on Linux systems. Crucially, the re-targeting of durabletask suggests the tokens associated with the compromised developer account used to execute the PyPi attack were not fully rotated, allowing an attacker to gain access and push commits to GitHub, Kurmi said. It was either that, or the contributor was re-compromised through the worm's own propagation loop, or a different contributor's token was used but the attacker altered the metadata to make it look like a repeated attack. Security shop Snyk described Miasma as a descendant of the Mini Shai Hulud worm. It’s the same one that ravaged open source packages over at the npm registry, including Red Hat’s, earlier this month. Cybercrime group TeamPCP claimed responsibility for developing Mini Shai Hulud, which itself is named after an earlier worm of the same name, sans “mini.” However, because TeamPCP open-sourced Mini Shai Hulud, it’s difficult to tell whether it was also behind Miasma or if someone else took the reins on the follow-up project. StepSecurity also reported that two days before the Microsoft attack, the same worm was making a nuisance of itself at npm, compromising more than 50 packages, including a Vapi.ai SDK with more than 408,000 monthly downloads.® Updated on June 10 with new comment from Microsoft and the fact that the repos have now been restored.

NSO Group back in Meta's crosshairs after alleged WhatsApp targeting

8 June 2026 at 14:10
Meta has asked a federal judge to hold Israeli spyware maker NSO Group in contempt of court after claiming it caught the surveillance vendor targeting WhatsApp users again despite a permanent injunction ordering it to stop. In a blog post on Monday, Meta said it had disrupted "NSO-linked social engineering attempts" after investigating reports from users. According to the company, the activity involved attempts to lure targets into clicking malicious links that redirected them to websites outside WhatsApp, as well as the creation of test accounts and groups on the messaging platform. "We successfully disrupted NSO-linked social engineering attempts after investigating user reports," Meta said. "They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO." WhatsApp also published a handful of domains it linked to the campaign, including ikhwancast[.]com, ghazacast[.]com, and fr24cast[.]com, and said it was releasing indicators to help organizations identify related activity. The move marks the latest chapter in the long-running legal battle between Meta and the Israeli spyware maker. A US court found NSO liable in December 2024 for hacking WhatsApp users via its Pegasus spyware. In May 2025, a jury awarded Meta roughly $168 million in damages, but the judge later cut that to $4 million while issuing a permanent injunction barring NSO from targeting WhatsApp or its users. Meta, however, says NSO didn't get the memo. "Last year, WhatsApp made history by securing a landmark verdict and permanent injunction barring NSO Group ... from targeting WhatsApp and its users ever again," the company wrote. "Today, we're asking the court to hold them in contempt of that order." The company provided few technical details about the activity, such as when it occurred, how many users were targeted, whether any compromises were successful, or how it attributed the operation to NSO. Meta did not respond to The Register’s questions. However, the blog post adopts a hard line on the spyware industry than previous updates, repeatedly describing commercial spyware as a national security issue. "When a malicious company on the US government's Entity List continues to defy US courts, existing restrictions must remain firmly in place," WhatsApp wrote. "Easing them would undermine US national security and put American companies and billions of people worldwide who depend on secure communications at risk." If Meta's allegations are accurate, the episode suggests that a court loss is not enough to persuade a spyware vendor to leave a high-value target alone. ®

Oxford Uni student data pwned yet again - this time via career platform breach

6 June 2026 at 09:28
Oxford University students seeking work will be dismayed to learn that crooks have breached a second external platform provider for the university in as many months. The institution’s CareerConnect platform, provided by Group GTI, was the target of the intrusion, which exposed users’ full names and email addresses. Those who don’t use single sign-on (SSO) had their encrypted passwords leaked, too. CareerConnect forms part of Oxford University’s career services department, supporting students and alumni to find work opportunities. It is available to students, alumni, research staff, and recruiters. The same underlying technology powering the platform, which GTI markets as TargetConnect, is used by other universities in the UK and overseas, according to its website. OxfordUni said the May 28 attack was enabled by a “security vulnerability,” which has since been fixed. GTI has not publicly disclosed the security snafu itself, and did not respond to our requests for more information. The London-based tech company has not confirmed how many individuals were affected by the break-in, nor whether any data was stolen. It has also not explicitly stated which types of individuals were affected, although Oxford’s announcement listed “alumni, research staff, and employer users” as those who had their passwords forcibly reset following the attack. “There is no evidence that course information, uploaded files, appointment information, or financial information were involved in this incident,” the announcement went on to say. “GTI has stated this breach appeared to be focused on gathering credentials which may lead to phishing attempts.” The university did not list current students as among those affected, but told student newspaper Cherwell that names and email addresses might be compromised, and said the attack was entirely separate from the one which hit Instructure’s Canvas last month. Twice bitten Oxford University was just one of the circa 8,800 educational institutions affected by the mega breach at Canvas, a separate platform that’s also relied upon by schools, colleges, and universities. Seemingly timed by ShinyHunters to coincide with exam season, students across multiple countries were left without access to learning materials, tests, and grades at a pivotal time of the year. The scale of the attack was vast, affecting the usernames, email addresses, course names, enrollment information, and messages of up to 275 million students, teachers, and staff. The severity of the situation, coupled with the inopportune timing, led to Instructure “reaching an agreement” with ShinyHunters to prevent the criminal gang from leaking all the data online. In cyberese, this implies Instructure paid the criminals an extortion fee in exchange for their word that they would delete the stolen data. "We received digital confirmation of data destruction (shred logs)," Instructure said, adding "We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise." ®

Yet another Cisco SD-WAN 0-day under attack, and no patch in sight

5 June 2026 at 19:27
The threat is real. Unknown miscreants are exploiting a high-severity, zero-day bug in Cisco’s SD-WAN management software, and the networking giant hasn’t said when it will patch the flaw. Cisco issued an advisory on Thursday for the Catalyst SD-WAN Manager vulnerability, tracked as CVE-2026-20245, and it sounds like attackers have been exploiting this security failure for at least the last week. It’s due to a validation error - the software fails to properly validate user-supplied input - and an authenticated, local attacker can exploit the flaw by uploading a specially crafted file to vulnerable systems. From there, they can escalate privileges and execute commands with root privileges. The vulnerability affects all versions of the SD-WAN software, regardless of device configuration, and across all deployment types including on-premises, cloud-based, and FedRAMP-certified deployments. Switchzilla says it became aware of attacks against this vulnerability in June. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system,” the vendor said. “This would require valid credentials or exploitation of CVE-2026-20182 or CVE-2026-20127. Cisco is not aware of successful exploitation by other methods.” Both of these earlier SD-WAN security holes have also been hit by attackers in previous months. The good news: an attacker needs valid credentials to abuse the new hole. The bad news: exposed credentials aren’t hard to find (or buy) online. We don’t know the scope of exploitation or exactly when attackers began hitting this SD-WAN hole. Cisco declined to answer The Register’s questions, and instead sent us a statement via email. “Cisco recommends customers upgrade to the fixed software released in May 2026 for CVE-2026-20182 as a protective measure,” a spokesperson said. “A patch for this vulnerability will be provided on a future date. Customers needing assistance should contact Cisco TAC.” This latest bug is the sixth SD-WAN vulnerability listed as under attack since the start of the year, and the second zero-day in two months. The most recent is the one the Cisco spokesperson mentioned in an email to The Register. In May, Switchzilla disclosed a max-severity make-me-admin bug (CVE-2026-20182) affecting Catalyst SD-WAN Controller and Manager, and warned that attackers had already found and exploited the hole before it issued a patch. A month earlier, America's lead cyber-defense agency said that three Cisco Catalyst SD-WAN Manager bugs (CVE-2026-20128, CVE-2026-20133, and CVE-2026-20122) were under attack, and gave federal agencies just four days to patch the security holes. Cisco fixed all three CVEs in late February, and in March warned of attackers abusing two of them. Also in February, the networking vendor patched a max-severity improper authentication flaw (CVE-2026-20127) affecting the same SD-WAN software, prompting a Five Eyes countries’ joint intelligence alert urgently warning defenders to patch it - plus an old SD-WAN vulnerability (CVE-2022-20775) - or risk root takeover. "Malicious cyber threat actors are targeting Cisco Catalyst SD-WAN used by organizations globally," the UK's lead cyber agency said at the time. "These actors are compromising SD-WANs to add a malicious rogue peer and then conduct a range of follow-on actions to achieve root access and maintain persistent access to the SD-WAN." And while this one isn't listed as under active exploitation (yet), on Wednesday, Cisco warned about a proof-of-concept exploit for CVE-2026-20230, a critical bug in its Unified Communications Manager that also allows attackers to gain root privileges. ®

World Food Programme breach exposes data of 600k vulnerable Gazan families

5 June 2026 at 15:00
Humanitarian organization World Food Programme (WFP) says one of its systems was breached, and around 600,000 Gazan households receiving aid had their details improperly accessed. Its announcement, made via Telegram on May 31, confirmed there was “a security incident” in the self-registration application used by Gazans to register for aid and applicants’ names, ID numbers, phone numbers, and location information were among the data types accessed. “We understand this may be concerning, and we want to assure you that protecting your data and privacy is our top priority,” the WFP said. “The program is treating this situation with the utmost seriousness and priority.” The organization said it temporarily suspended the registration platform to urgently apply the necessary security improvements. Its most recent update on the situation came on June 2, when it said the platform was still down, but added that aid recipients did not need to do anything, while their support would continue to be delivered uninterrupted. “The WFP wants to assure all those registered via the link that food assistance, cash assistance, nutritional supplementation, and all other WFP programs are continuing as usual,” it said. “If you are already registered on the Self-Registration Application (SRA), your registration remains valid. There is no need to update, delete, or re-register your information at this time.” WFP told The New Humanitarian, which first reported the story, that the attack was detected on May 14, and confirmed the scale to be in the region of 600,000 households. The news organization also claimed, citing a whistleblower’s account of matters, that an anonymous “independent expert” contacted WFP’s Palestine team, alerting it to vulnerabilities in the SRA two days before the organization detected the breach. The Register contacted WFP’s Rome headquarters for more details, but it did not immediately respond. WFP, which is a division of the UN and the largest welfare organization in the world, supports 1.6 million Palestinians every month who face a malnutrition crisis amid fierce conflict between the territory and neighboring Israel. This represents around 77 percent of the country’s population, and an estimated 80 percent of the population is unemployed, unable to earn the money required to pay for a nutritionally sound diet. WFP delivers wheat flour, high-energy biscuits, and fortified snacks to families, community kitchens, and bakeries in its effort to push back famine, as well as facilitating cash transfers. The organization is also helping individuals get back into paid work, maintains roads, and says that when conditions allow, it will stay in the region and help local people rebuild communities, markets, and other food systems. ®

Council in UK's City of York outs hundreds of disabled residents with a single email blunder

5 June 2026 at 12:00
A City of York Council email mishap exposed the email addresses of hundreds of Blue Badge holders in the ancient Viking capital, inadvertently revealing their status as disabled residents and triggering a data breach investigation. The council confirmed to The Register that it’s investigating what it described as a "personal data breach" after emails sent to residents last week were distributed without using the blind carbon copy (BCC) function, allowing recipients to see everyone else on the mailing list. According to local reports, the council sent three emails containing Blue Badge-related updates before issuing a fourth message acknowledging the error and asking recipients to delete the previous emails, including from their deleted items folders. Recipients were also warned to remain alert for suspicious messages following the incident. While the exposed information appears to have been limited to email addresses, the breach is especially sensitive because everyone on the distribution list was receiving communications intended for Blue Badge holders. In practice, that meant recipients could identify hundreds of people as members of a group generally associated with disabilities or mobility impairments. One affected resident told local media that the disclosure had left her upset because most people in her life were unaware she held a Blue Badge. "Honestly, I think it's just disgusting – we've been given the details of hundreds of disabled people, which feels unsafe," she said. In a statement to The Register, a spokesperson at City of York Council said it activated its data breach procedures as soon as the error was identified and is conducting a risk assessment in line with guidance from the UK Information Commissioner's Office. "We're working carefully to establish exactly what's happened, alongside conducting a thorough risk assessment ... to understand any potential impact on individuals," a spokesperson said. “Our investigation is ongoing, and we’ll continue to be as open as possible while ensuring the accuracy of the information we provide.” The spokesperson declined to say how many individuals were affected or whether the issue was caused by human error or a technical issue. The council added that it was assessing whether the incident meets the threshold for notification to the ICO within the statutory 72-hour reporting window. That may depend less on the email addresses themselves than on what the mailing list revealed. A spokesperson at the ICO told The Register: "We can confirm that we have received a data breach report on this matter, and following an assessment of the information provided we have closed the case with advice given.” For all the talk of AI-powered cyber threats, it seems some organizations remain committed to the classics. ®

AI: Threat, tool, or both?

5 June 2026 at 10:56

Public attitudes toward Artificial Intelligence (AI) are changing, and we wanted to understand why.

A recent Pew Research survey found that about half of adults say the increased use of AI in daily life makes them more concerned than excited, and that concern has grown over the last few years. People tend to worry most about long‑term social effects (jobs, creativity, relationships, misinformation), even while many do use AI tools and see some practical benefits, particularly for data analysis and routine tasks.

Data from an older UK survey already showed something similar. Awareness of highly visible AI technologies, such as driverless cars and facial recognition is high, but awareness of AI in welfare assessments, loan decisions, or care services is much lower. Concern about many of these use cases has risen since 2022. In other words, people feel AI is everywhere, but don’t always understand where or how it’s being used, and that makes people cautious.

The concern is usually less about science‑fiction extinction scenarios and more about social and economic harm. People worry about their jobs disappearing, a loss of creativity, the spread of disinformation, and increased surveillance, more than about killer robot scenarios.

Research into public attitudes towards AI repeatedly finds that people hold conflicting views, shaped by narratives of admiration and hype on one side and threat and dystopia on the other.

They see genuine benefits in the technology, but are increasingly wary of how companies, governments, and criminals might use it. Basically, people aren’t scared of AI itself, but about who’s using it and for what purpose.

Cybersecurity

AI in cybersecurity is a special case. When asked in which field of AI research they would invest an unlimited amount of money, people chose the fields of medicine and cybersecurity.

People increasingly recognize that AI is now a tool used by both defenders and cybercriminals. Few would feel comfortable with defenders refusing to use AI while attackers continue to adopt it.

Security products use machine learning to process huge volumes of data, detect unusual behavior, prioritize alerts, and identify threats faster than human analysts could alone.

At the same time, cybercriminals are using AI to create more convincing phishing emails, clone voices, generate fake images and videos, automate research on victims, and develop malware that can evade traditional detection techniques.

Both sides use AI-assisted tools to find software vulnerabilities that could be exploited to defraud people or breach systems, so vendors want to patch them before cybercriminals exploit them.

While studies consistently show that cybersecurity is one of the AI applications people worry about most, they also see that AI is increasingly necessary to keep pace with modern threats. A 2025 study focusing on AI in cybersecurity found that the public widely recognizes the technical benefits of AI‑driven defenses (speed, scale, accuracy), while remaining concerned about privacy, bias, and job displacement in security operations.

That is why the AI debate in cybersecurity feels different from the debate in many other fields. People may be uneasy about AI, but they also understand that the threat landscape no longer moves at human speed. Attackers already use automation, scale, and increasingly AI‑assisted workflows, so defensive teams that refuse to adapt would simply be slower and less effective.

Our mission at Malwarebytes is twofold: reduce the risks created by AI, and use AI to prevent, detect, and respond to threats. We’ve been using machine learning in our security products for nearly two decades, developing proprietary detection systems that help identify malicious code and suspicious behavior at a scale and speed that would be impossible manually.

Coming soon: How AI is changing trust online

Malwarebytes recently surveyed 1,500 adults across the US, UK, Austria, Germany, and Switzerland about their experiences with AI. The findings reveal a growing uncertainty about what people can trust online, alongside increasing concern about scams, impersonation, and AI-generated deception.

Stay tuned for the full Malwarebytes report on how AI is reshaping trust, identity, and scams.

Use AI safely

If you use AI in a security context, keep your data hygiene strict. Don’t paste passwords, customer data, or sensitive incident details into public AI tools. Treat AI-generated outputs as untrusted until verified, especially when they touch code, logs, indicators, or policy decisions.

AI can be useful for summarizing information, indentifying patterns, and producing first drafts, but keep a human in the loop for anything that affects access, containment, legal decisions, or public communications. Where possible, prefer enterprise or local deployments with logging, access control, and clear data-retention rules.

Also remember that AI can hallucinate confidently. In security work, that means every output needs validation against logs, documentation, source code, or other primary evidence before you act on it.


Something feel off? Check it before you click.  

Malwarebytes Scam Guard helps you analyze suspicious links, texts, and screenshots instantly.  

Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.  

Try it free → 

EFF Testifies to Congress on Protecting Americans’ Rights from Government AI

4 June 2026 at 22:52

Governments must not adopt emerging and powerful AI technologies without also adopting strong and clear safeguards to protect Constitutional rights, EFF Senior Policy Analyst Dr. Matthew Guariglia testified today to the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection. 

During the hearing on “The AI Security Landscape: How Frontier Models, Agentic AI, and AI Coding Tools Are Reshaping Cybersecurity and Critical Infrastructure Resilience,” he explained that the use of generative AI for the purposes of mass government surveillance would supercharge unconstitutional violations of civil liberties. He also highlighted how government secrecy, in addition to the black box of for-profit proprietary technology, prevents the public and lawmakers from knowing when AI models make mistakes, including errors that seriously impact the cybersecurity of critical infrastructure and the lives of individuals.  

“AI also has a track record of getting things wrong—from false citations on legal briefs to a major AI mistake that sent DHS recruits to the field without proper training. There are likely more consequential examples that we do not even know about because of classification that would prevent a more thorough accounting," he said in his opening remarks.

play
Privacy info. This embed will serve content from youtube.com

 

“At this level the question is not how do we rein in AI, it’s how do we rein in the agencies that would unleash AI on the American public,” Matthew said in response to a question by Subcommittee Ranking Member Delia Ramirez, D-Ill.  

You can read his full testimony as prepared here. 

OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds

4 June 2026 at 21:08
The next threat your server faces may have been helped along by a bot. OpenAI's Codex agent helped uncover a remote denial-of-service (DoS) exploit that can be launched from a single machine to render vulnerable web servers inaccessible in seconds, according to Calif security researchers. The attack works on default HTTP/2 configurations of major web servers including nginx, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora. As of Thursday, Microsoft IIS and Cloudflare Pingora still don’t have a patch, according to the researchers, although Cloudflare disputes this finding. “Cloudflare's existing architecture and DDoS mitigations automatically detect and protect against this attack, making customers resilient to this vulnerability,” a spokesperson told The Register. “No patch is needed.” “We are aware and actively investigating appropriate mitigations to help keep customers protected," a Microsoft spokesperson told The Register. Calif researcher Quang Luong discovered the exploit, named it HTTP/2 Bomb, and will present the full technical details of the attack at the Real World AI Security conference later this month. In the meantime, there are proof-of-concept exploit scripts on GitHub along with a warning from the AI red teaming security shop: “Please don't point these at infrastructure you don't own.” In a Tuesday blog, Luong says Codex chained two existing DoS attack techniques that have been known for more than a decade - HPACK compression bomb and Slowloris-style hold - and warns that upwards of 880,000 websites supporting HTTP/2 and running one of the vulnerable web servers may be affected. An HPACK bomb attack (also known as CVE-2016-6581) exploits the HTTP/2 header compression algorithm (HPACK) by sending thousands of tiny messages to the server, forcing it to rapidly allocate memory and ultimately crash. Then the Slowloris DoS attack (CVE-2016-8740 and CVE-2016-1546) overwhelms the server by opening legitimate connections and maintaining them as long as possible. Combining the two exhausts the server’s memory and forces it offline. “A home computer on a 100Mbps connection can render a vulnerable server inaccessible within seconds,” Luong wrote. “Against Apache httpd and Envoy, a single client can consume and hold 32GB of server memory in roughly 20 seconds.” The Calif research team disclosed the issue to nginx in April, and the web server’s maintainers fixed it the next day in version 1.29.8, which imports the max_headers directive from freenginx. Apache issued a fix (mod_http2 v2.0.41) the same day that Calif submitted its report, and assigned it CVE-2026-49975. “The fix commits above are public and disclose the vectors directly; any capable AI model can turn those diffs into a working exploit, which is exactly how we found that Microsoft IIS, Envoy, and Pingora are also vulnerable,” the threat hunting team wrote, adding that all three have been notified. In a Wednesday update, Calif pointed to Envoy patches “that appear to mitigate this attack,” and notes that its researchers are still validating the fix to ensure it works. For Microsoft IIS and Cloudflare Pingora, the security sleuths recommend disabling HTTP/2 if possible, or enforcing a cap on the number of HTTP headers a client can send in a single request to the server. The fact that a coding agent - not a human - discovered this attack is notable, according to Calif. “Both halves have been public for a decade,” Luong wrote. “What Codex did was read the codebases, recognize that the two compose, and build the combined attack. That combination is obvious once you see it, and yet as far as we can tell no human had put it together against these servers.” ® Updated at 2023 with statement from Microsoft.

Five Eyes: Watch out for odd LinkedIn connection requests, China's back on the hunt for state secrets

4 June 2026 at 13:57
MI5 and its international allies are once again warning that China is shopping for state secret leakers on popular recruitment platforms, including LinkedIn, Indeed, and Upwork. In a fresh advisory published on Wednesday evening, the UK’s domestic counter-intelligence agency said China is using an increasing number of platforms to recruit those who have access to classified or privileged information. Chinese military intelligence officers specifically target security clearance holders, including marks working in defense, security, and foreign affairs, military personnel, and those with indirect access to government information, such as academics, journalists, think tank employees, and others. Anyone who fits the bill is being urged to remain vigilant to potential attempts from Chinese operatives to cultivate long-term relationships. “These actors use an aggressive online recruitment strategy whereby intelligence officers or their affiliates pose as employees of private consultancies, think tanks, or human resources firms, and place online job advertisements for foreign policy and defence analysts (or similar),” the advisory [PDF] states. “Successful candidates are pressured to provide 'non-public' information for unspecified clients who are associated with the Chinese government. China’s military intelligence services ultimately seek to acquire privileged military, political, and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes.” According to MI5, after the job and gig-work ads are posted online, China’s spies will rank the resumes they receive based on how likely a given individual is to have information of interest before interviewing them. It warned that even by sending a resume over, which includes personal details, a person is risking their own security and privacy. Targets face probing questions about who they know in government. For those in the military, they might be asked about where they were based, and what tasks they were responsible for. After demanding potential recruits complete a trial report on matters related to China, the spies will often shift conversations to encrypted messaging platforms where recruits are offered payments in exchange for increasingly privileged information. Payments may arrive through a number of online platforms, including reputable services like PayPal, Zelle, and Wise, to others more commonly associated with associated with illegality, such as Western Union and cryptocurrency. MI5 closed out its advisory with a warning to anyone even considering a life of peddling secrets to China: doing so comes with severe consequences. “Certain types of data can place the lives of frontline military or other personnel at risk, can weaken our economic prosperity, and enable interference in our democratic processes,” it said. “Individuals engaged in the unauthorized disclosure of sensitive or classified information could face a number of consequences, including prosecution under national laws such as those relating to espionage.” A common theme This week’s admonition is far from the first issued by the UK in response to this particular aspect of Chinese spies’ tradecraft. The most recent came in November when UK security minister Dan Jarvis reminded the UK's House of Commons that members should have received information about Chinese attempts to recruit parliamentarians through identical means. In those information packs disseminated by MI5, Brit politicos were given the names of two online profiles that the counter-intelligence agency suspected of being involved in recruitment campaigns. MI5 dished out an earlier warning in 2021, saying that around 10,000 Britons had been targeted by Chinese spies over the previous five years using work platforms, posing as headhunters. The 10,000 figure, it added, was thought to be a conservative estimate, with the agency's head, Ken McCallum, saying workplace platforms were being exploited “on an industrial scale.” The US said it was seeing similar tactics used when President Trump took office for the second time, which shortly after led to mass redundancies across federal agencies. Experts at the Foundation for Defense of Democracies (FDD) named five supposed consulting companies targeting the recently jobless via LinkedIn, Craigslist, and others, all in search of state secrets. The companies would present the fired workers with job opportunities, and as FDD senior analyst Max Lesser told The Register at the time, the layoffs, which began in February 2025, would have likely raised the risk level associated with state secrets being spilled. ®

Hacking Meta’s AI Chatbot

4 June 2026 at 13:04

Hackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts:

A video posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location to avoid triggering Instagram’s automated account protections. Then, the hacker opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target’s account. The chatbot can be seen sending a verification code to the email address provided by the hacker; the hacker then shares the verification code with the chatbot, which prompts the chatbot to show a button to “Reset Password.” The hacker enters a new password and takes over the victim’s account.

[…]

On Monday, Instagram spokesperson Andy Stone said in a reply to Wong’s post and others that the issue was now fixed. It’s unclear how many Instagram users had their accounts improperly accessed.

It’s not that easy. Probably this particular tactic is now blocked. But there are others, many others, and they cannot be blocked as a class. The real problem is that LLM chatbots are not trustworthy enough for this application.

Another news article.

All the passwords were stored in Active Directory description fields

4 June 2026 at 07:00
PWNED Welcome back to PWNED, the weekly column where we talk about weak security policies and how to avoid them. Hopefully, we can learn from others’ mistakes – or at least have a good laugh at them. Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request. This week, we have a tale of password passivity involving Active Directory. It comes to us courtesy of Rob Anderson, head of reactive consulting services at Reliance Cyber, a UK-based security firm. Anderson recalls in the past working with a firm that was creating service accounts that developers needed to use, but the org didn’t have a proper password vault for storing the associated credentials. Instead, to make it easy for team members to find what they needed, they put the passwords into the description field for Active Directory. “People don't realize that as soon as you've got an Active Directory user — just an ordinary user — you can read the comments field or the description field across the whole of Active Directory,” Anderson told The Register. “It's such an amazing lapse of security.” Soon enough, an Initial Access Broker (IAB), someone who specializes in gaining access to protected networks and then selling it to other threat actors, used a phishing campaign and executed offensive hacking tool Sliver on the endpoint. At that point, they captured a victim’s credentials, which led them to query Active Directory. Once in AD, the hackers found plenty of passwords, which came with full domain access. They used this access to delete all the backups and execute ransomware. In total, the crimes put 2000+ users out of action by encrypting Hyper-V hypervisors and their hosts. The company was taken offline for months. What we can learn from this sad story is that you can’t put passwords in cleartext anywhere that's easy to access, unless you want an enormous attack surface. Even without a phish, an untrustworthy colleague could have sold the passwords to a threat actor. After all, a recent survey found one in eight workers think selling company logins can be justified. “I've seen it where configuration details are kept in application servers that are running, and threat actors are using fuzzing — trying likely file and directory names — which again exposes configuration and credentials to the threat actors,” Anderson said. He noted that developers are a bit more savvy these days about where they put their credentials, but security naivete sinks ships. Trust no one. ®

Commvault says it's time to rethink resiliency as AI crooks leave victims in a 'dark, dead' state

4 June 2026 at 00:31
AI-enabled cybercriminals have better tools and are inflicting more pain on their victims, wiping out virtual machines and hypervisors and leaving infrastructure in a "dark, dead" state after an attack, said Commvault Chief Technology Officer Brian Brockway. "The majority of cyber cases that we've seen in the customer base have moved well beyond the breaking inside, and encrypting and corrupting some of your key files and folders, to taking over control of your entire VM environment, wiping out all VMs, destroying all hypervisors, blowing up the center and leaving you in basically a dark, dead state," Brockway told The Register. Frontier AI is reshaping the threat landscape in two ways, he explained: advanced models are uncovering a deluge of software vulnerabilities, and attackers are exploiting disclosed flaws within minutes rather than weeks. “The more unplanned work that has to be done to react to this, that's always going to challenge priorities,” Brockway said. “We had the plan in place, we had sprints already dedicated to kind of get out to the next launch, and we have to come back over and reinvest more engineering time to corrective actions versus the next new get ahead feature.” Commvault cited Palo Alto Networks research showing that frontier AI models such as Mythos and GPT-5.5-Cyber identified more than seven times the typical number of software vulnerabilities found within a single month during testing. To prepare for this, Commvault recommends that IT and security teams look beyond backups and ask whether they can restore critical systems cleanly, whether recovery environments are isolated from compromised production systems, and whether recovery plans include the most important applications and dependencies. Brockway said air-gapping is the starting point. He said organizations should keep immutable and isolated copies of critical data separated from production identity, network, and management planes, and pressure-test recovery time and recovery point objectives against realistic attack scenarios, a hard lesson learned from witnessing victims recover from recent attacks. “One team is just trying to even clear the smoke to figure out what happened, then you have to come back over, strip it all down to bare metal, and basically redeploy the data center all over again,” he said. “While that's ongoing – and that's not a couple hour process by any means, that could take you, even in a well-exercised environment, it could be a couple of days or longer to get it back into a stable, usable state – what are our sanitized versions that we're going to come back over to (in order to) rebuild or restart the business again?” Businesses should prioritize the systems they cannot operate without — identity platforms, billing systems, operational databases, and cloud services — and define the order in which they will be restored, he said. As AI moves into core operations, teams should also account for newer dependencies such as data pipelines, model repositories, vector databases, and agentic workflows. In its recommendations, Commvault said it is also critical that organizations continuously test recovery. Brockway recommends rehearsing those plans in isolated cleanroom environments before the worst happens. “I need a testing environment that's got the same makeup, the same builds, which we're using, maybe not on full production resources, but I need to be able to say, ‘How do I put that application stack into a live environment, so we can come back over and test?’ “ he said. “That's what we're saying about things like this clean room concept of not just being a reaction to an incident, but it is also a quick environment for you to come back over and clone.” Brockway said this new normal in the AI era is straining the engineers who build and maintain enterprise software. He said while the first wave of AI scanning tools flooded teams with potential vulnerabilities, newer models go further, entering controlled environments and attempting the exploits themselves — a capability that mirrors what attackers do. "When you let them in, you have to do it under an extremely tight security control, because you're effectively almost automating the same thing that bad guys can do on the outside too," Brockway said. The output can swamp downstream teams. Brockway said one frontier model flagged roughly 10,000 critical vulnerabilities across operating systems, browsers, and other infrastructure. "That's 10,000 patches that have to come out of the system," he said. That volume forces hard choices about engineering priorities. Brockway said unplanned remediation work pulls staff off planned releases. To absorb the load at Commvault, Brockway runs a standing group dedicated to just those items. "They're the fast action team to analyze, make a quick assessment," he said. Brockway said the signal volume emerging from AI bug finders ultimately calls for more automation and AI to filter noise, assist with patching, and support deployment. "The amount of information and signals that are coming in are way overwhelming. People just get desensitized, and that's when bad things really start to occur," he said.®

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

3 June 2026 at 16:30
UPDATED Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with the way the company handles security reports. Ammar Askar dropped a proof of concept (PoC) exploit for a Visual Studio Code (VS Code) flaw within just an hour of disclosing it to “an old contact” at the open source platform, according to his account of things. The vulnerability he exposed involves attackers configuring repos, either of their own making or those they have compromised separately, to push malicious VS Code extensions via its Workspace Recommendations feature, which then steal OAuth tokens they can then use to read/write public and private GitHub repos. It affects anyone who has ever used github.dev, a feature that allows users to open a GitHub repo in a browser-based version of VS Code. Askar said that the feature is enabled by github.com passing an OAuth token over to github.dev and, crucially, this token is not limited to the repo from which github.dev was spun up. It means that this token can hand an attacker access to any other repo – public or private – to which the target also has access. The exploit is contingent on an attacker being able to modify a repo’s .vscode/extensions.json file and recommending an attacker-controlled extension for the browser-based VS Code instance. In normal scenarios, a pop-up would appear asking for a user to accept the installation of this extension, potentially tipping them off to foul play. However, because of the way in which the attacker delivers the repo to the target, they already have a Jupyter Notebook file running in the target’s github.dev before the extension is installed. The attacker must initially get the target to open their repo using a github.dev link that points to this ipynb file, which VS Code immediately opens inside a Webview. Inside the Jupyter Notebook is a hidden HTML snippet inside a Markdown cell, which when loaded allows attacker-controlled JavaScript code to run. This code fires a simulated keyboard shortcut, which VS Code bubbles up to the main editor, tricking the system into automatically accepting the malicious extension popup. The attaker-controlled extension is then running with access to the browser environment, and steals the OAuth token, which can be used to read and change any public or private repo. Askar said past negative experiences with Microsoft Security Response Center (MSRC) influenced his decision not to go through the typical responsible disclosure process, publishing the PoC roughly an hour after tipping off his GitHub contact. “To summarize the last time I interacted with MSRC regarding reporting a VSCode bug, it was a horrible experience where they silently fixed the bug I pointed out without any credit,” he wrote. “They also marked it as not having any security impact. As I mentioned in that post, going forward I would be doing full public disclosure for any security bugs I found in VSCode. Taking a look at a recent report by Starlabs on a VSCode XSS bug marked as ineligible and low severity, it doesn’t look like MSRC has gotten any better about VSCode bugs. “I’m sure the VSCode team would have appreciated a longer heads up on this to come up with solutions. There is legitimately a UI/UX balance here that needs to be struck with the security concerns. To those folks, I am sorry, but this is one of the few levers I have to try to influence MSRC and the security posture of VSCode. Finding and fully developing security bugs into proof-of-concepts like this takes time and effort on the part of security researchers that should not be disrespected or taken for granted.” Askar’s approach is reminiscent of a researcher who goes by Nightmare Eclipse, a suspected former Microsoft employee who has attracted a great deal of attention in recent weeks for leaking zero-days without informing Microsoft beforehand. The researcher has so far released six zero-days, three of which were quickly confirmed to be exploited by attackers in the wild. As regards their motivation for launching this attack on Microsoft, Nightmare Eclipse previously alluded to being stabbed in the back and being left homeless after an agreement that was not honored – all very vague. After the sixth zero-day, Microsoft vaguely threatened the researcher with its Digital Crimes Unit, which works closely with law enforcement, before quickly backing down after an outpouring of negative responses. ® Updated to add on June 4: Microsoft has been on touch with a statement: "We value the critical role that the security research community plays in strengthening the security of our products, services, and the broader technology ecosystem. "While independent researchers determine when and how to publish their findings, we remain committed to rapidly assessing reported issues, mobilizing the appropriate engineering and security response resources, and delivering mitigations, guidance, and protections as quickly as possible to help safeguard our customers." A Microsoft spokesperson also told us that the issue that Askar pointed out "has been mitigated and no customer action is required."

UK banks offered access to OpenAI’s GPT-5.5 amid exclusion from Anthropic’s Glasswing expansion

3 June 2026 at 13:04
Updated: UK banks are set to receive access to OpenAI’s GPT-5.5 Cyber after being excluded from Anthropic’s latest expansion of Project Glasswing. Project Glasswing, and access to the Mythos Preview model, is geared toward ensuring critical infrastructure providers are prepared to handle the threat posed by advanced AI models, once they inevitably make their way into the public domain, and therefore the hands of attackers. However, amid a fourfold expansion of Glasswing’s partners, only JPMorganChase was named among the financial institutions to receive access to Mythos Preview, despite financial services falling under the critical infrastructure umbrella. In light of the news, HSBC, Lloyds Banking Group, and Nationwide will be among the banks to receive access to GPT-5.5 Cyber, the BBC reported, while NatWest and Santander have already been playing with it as part of separate agreements. OpenAI offered nine UK banks access to its Mythos-rival model in total, after they were snubbed from Glasswing. It is not clear if this number also includes the Bank of England, whose governor, Andrew Bailey, has been outspoken about its exclusion from Glasswing. Bailey told Bloomberg TV last week that despite pushing for access so the UK’s financial system is protected, Anthropic has not handed over the keys to Mythos Preview. Liam Salsi, director of architecture at Talion, told The Register he suspects the decision to exclude UK banks was political. Bailey had also previously alluded to suspicions that Anthropic had not yet granted access to Mythos Preview due to processes at play related to the US administration. “The US government wants to control who has access to the platform and this is largely because it will limit the chances of it falling into the wrong hands,” said Salsi. “However, limiting access will ultimately leave some banks more exposed to cyber threats and could impact their vulnerability management, leaving larger windows of opportunities for attackers. “It's hopeful these gaps won't exist for too long because of competition among Advanced AI platforms. GPT-5.5 was issued only a few weeks after Mythos, and it's safe to assume more advanced AI platforms will surface soon, closing gaps and delivering more of these systems to a larger pool of critical organizations.” He added that it could also introduce a single point of failure in the global banking sector if every institution were using the same product. Anthropic has not commented publicly on its approach regarding which financial institutions receive Mythos access, although it's not just financiers who are pondering the company’s decision-making. It transpired this week that the EU’s cybersecurity agency, ENISA, will receive access to Mythos Preview, while the US equivalent, CISA, is yet to be selected. Glasswing goes big In other news, Anthropic said on Tuesday it is looking to induct many more organizations into its Project Glasswing initiative, taking the total number of members from around 50 to 200. The additional 150 or so organizations hail from 15 different countries and will join the old guard, comprised of security shops and other tech giants, government agencies, and open-source maintainers. It has not named these organizations officially, although reports suggest that South Korea is among the 15 countries, and its science ministry, Samsung, SK Hynix, and SK Telecom are among the new inductees. Project Glasswing is something of a private members’ club – a carefully selected cohort of organizations with early access to Anthropic’s most advanced Mythos Preview model, the one the company claims will fundamentally alter the cybersecurity landscape. The cynics among us may see such claims as an extension of Anthropic’s marketing playbook, which some believe involves stoking excitement about a product through fear. When the AI biz announced Mythos in April, it did so by dubbing it too dangerous to unleash on the public. It was billed as an expert bug hunter and zero-day specialist, capable of finding vulnerabilities in code far more efficiently than humans. The oft-touted nugget from launch was the 27-year-old OpenBSD bug Mythos found during initial testing, but there were many more zero-days and other critical vulnerabilities – novel ones – Anthropic said its model was able to unearth. Those who have tinkered with Mythos Preview already report mixed results. Cloudflare CISO Grant Bourzikas wrote in May that the model represented “a real step forward,” and was able to find a series of low-severity bugs and chain them into working exploits. Others, such as cURL’s Daniel Stenberg, called Mythos Preview “an amazingly successful marketing stunt,” after it found just one vulnerability in the data transfer software. Likewise, security expert Kevin Beaumont said the model “is not great,” and “it’s marketing, essentially.” He said Mythos Preview was good at finding bugs in vibe-coded applications, but aside from that, it was not discovering much beyond what the models of yesteryear were capable of. Regarding the new intake of Glasswing partners, Anthropic but said each would have to pass its own security requirements before being granted access to Mythos Preview. It also said the new organizations brought into the fold all managed critical infrastructure services, and a successful attack on their systems could be “catastrophic.” “For most partners, we estimate that a major attack could affect more than 100 million people, with important ramifications for both global and national security,” the company said on Tuesday. “This expansion is the next step toward our long-term goals: for AI to make all software more secure, and for us to help the industry adjust to how AI could change many of the core assumptions of cybersecurity.” The big when? As for when the Mythos model will be made available to the wider public, Anthropic has kept that largely under wraps, but don’t expect it to be anytime soon. In its latest Glasswing announcement, the company said the safeguards required to prevent abuse are not yet available. “We’re working as quickly as we can to safely release Mythos-level capabilities in general access,” it stated. “To do so, we’ll need highly robust safeguards that prevent the model’s cyber capabilities from being misused – safeguards that we (and, to our knowledge, all other AI developers) have yet to develop. “Because cybersecurity has both helpful and destructive uses, making safeguards that are both strong and precise enough is a major challenge.” Anthropic may face some tough decisions in the next year, however, as by its own reckoning other AI companies will produce Mythos-level capabilities within their own models inside 6-12 months. Confusingly, it also said on Friday that it would be releasing Mythos-class models to all customers in the coming weeks. Anthropic said it will expand Glasswing further before Mythos is more widely launched, bringing in more critical infrastructure orgs, open-source maintainers, and safety testers. “We intend for future expansions to cover organizations in the US and overseas, just as this one does. We also intend to scale up our Cyber Verification Program, which would grant Mythos-class capabilities to many more organizations for specific cyberdefense tasks.” ® Updated to add at 1420 UTC: An OpenAI spokesperson confirmed to us that retired Brit politico and newspaper editor George Osborne – who has been OpenAI’s Head of OpenAI for Countries since the end of 2025, has "written to the CEOs / CISOs" at several UK financial institutions including HSBC, Natwest, Lloyds Banking Group, Nationwide, and others "to extend access to our latest defensive cyber capabilities." Global financial infrastructure provider Swift is also included. They added: "In total, we are extending access to nine leading financial institutions, which includes Santander Group and Natwest Group that already have access to GPT-5.5-Cyber as part of our existing relationships."

Russian spy agency says foreign spies turned officials' smartphones into surveillance devices

2 June 2026 at 16:45
Russia's domestic spy agency says it has uncovered a sprawling foreign espionage operation that allegedly turned the smartphones of senior Russian officials into pocket-sized surveillance devices, though it has so far offered little in the way of evidence. In a statement Tuesday, the Federal Security Service (FSB) claimed foreign intelligence agencies implanted malware on the mobile devices of high-ranking Russian officials, allowing operators to steal data, intercept conversations, and secretly activate microphones and cameras to monitor targets and their surroundings. “This software is used to steal existing data, eavesdrop on ongoing conversations, and conduct covert acoustic and video monitoring of the environment near electronic devices, all aimed at obtaining sensitive information,” the FSB said. The agency said it had opened a criminal investigation into illegal access to computer information and the distribution of malicious software. It did not identify the alleged intelligence service responsible, disclose how many officials were affected, name the malware involved, or provide any technical indicators that would allow independent verification of the claims. As things stand, the FSB has revealed the accusation but not the proof. However, the notion that foreign intelligence agencies might target the phones of senior Russian officials is hardly farfetched. State-backed mobile surveillance campaigns have become a routine feature of modern espionage, and Moscow has spent years accusing Western intelligence services of abusing consumer technology platforms for intelligence gathering. In 2023, the FSB claimed that thousands of iPhones had been compromised in a US National Security Agency spying operation. At the time, Russian security vendor Kaspersky disclosed what became known as “Operation Triangulation”, an iPhone surveillance campaign that infected devices through iMessage. Apple denied cooperating with any government, while Kaspersky stopped short of attributing the operation to the NSA. Moscow's spy agencies are hardly strangers to offensive cyber operations themselves. Last year, the FBI warned that hackers linked to the FSB's Center 16 were exploiting a years-old Cisco vulnerability to collect configuration files from thousands of network devices associated with critical infrastructure operators. So while the FSB's latest allegations may ultimately prove accurate, they lack the technical evidence security researchers would normally expect before accepting claims of a major cyber espionage campaign. ®

Microsoft reaches for olive branch after public dustup with 0-day researcher

2 June 2026 at 14:37
Microsoft has moved to calm an increasingly noisy backlash from the security community after appearing to threaten legal action against a researcher who spent the past several weeks dumping Windows zero-days onto the internet. In a statement published on Monday, Redmond said it has "no intention to pursue action against individuals conducting or publishing security research”, a noticeably softer position than the one it adopted just days earlier when it condemned a string of public vulnerability disclosures and invoked its Digital Crimes Unit. The updated statement follows a public feud with a researcher known as Nightmare-Eclipse, who released multiple Windows zero-days along with proof-of-concept exploit code. Several of those vulnerabilities have since been exploited in the wild, turning what might have remained an obscure disclosure dispute into a much larger argument about how vendors handle security researchers. Last week, Microsoft described the publication of exploit code for unpatched flaws as "never justifiable" and warned it would work with law enforcement when criminal activity harmed customers. The statement triggered immediate criticism from parts of the security community, with researchers warning that the language risked creating a chilling effect around vulnerability research. Former Microsoft employee and security researcher Kevin Beaumont described the company's position as a "dumpster fire of its own making," while Luta Security founder Katie Moussouris, who created Microsoft's bug bounty program, told The Register the response sent mixed messages. She questioned Microsoft's decision to tout researcher compensation and recognition while responding to a researcher who claims he received neither, and argued that references to the Digital Crimes Unit made the post feel "vaguely threatening." She added that, regardless of the specifics of the dispute, Microsoft risked creating a chilling effect on other researchers considering whether to report vulnerabilities. What’s more, if Microsoft's goal was to isolate Nightmare-Eclipse, that may not be going entirely to plan. The researcher claimed over the weekend that other researchers had begun handing over vulnerabilities following Microsoft's response, including an alleged flaw dubbed "Bitskrieg" that breaks Secure Boot trust guarantees and bypasses BitLocker. Nightmare-Ecipse said the bug will be released “sometime in June”. Against that backdrop, Microsoft's Monday message read more like damage control than deterrence. "We have no intention to pursue action against individuals conducting or publishing their security research," Microsoft said, adding that legal referrals would be reserved for people engaging in malicious activity that causes harm to customers. The company also acknowledged that "some interactions have fallen short" and said it was working to learn from feedback. Notably, Microsoft stopped well short of conceding any of Nightmare-Eclipse's specific allegations. The researcher had accused Microsoft of deleting accounts used for vulnerability reporting, refusing to pay bounties, and mishandling communications through the Microsoft Security Response Center. The company has not publicly addressed those claims directly. Nobody should mistake Monday's statement for a sudden conversion to the church of full disclosure. Microsoft remains firmly of the view that researchers should report vulnerabilities privately, give vendors time to fix them, and avoid dropping working exploit code onto the internet for everyone else to play with. The problem for Redmond was that the argument had drifted well beyond the actions of one researcher. What began as a dispute over a string of Windows zero-day releases was rapidly turning into a debate about Microsoft's relationship with the security community and whether the company was comfortable invoking lawyers when that relationship soured. The updated statement looks very much like an attempt to slam the brakes on that narrative. ®

Wardriving assessment across Mexico: Preparing for the 2026 World Cup

2 June 2026 at 14:00

Introduction

Mexico is one of the host countries for the 2026 FIFA World Cup, with matches to be played in three major cities: Mexico City, Monterrey, and Guadalajara. These locations are expected to see a large influx of international visitors, increasing the potential security risks. Many of those risks arise from users connecting to public wireless networks.

To better understand the wireless environments that visitors may encounter, we at Kaspersky GReAT conducted a wardriving assessment in the three host cities. The aim of the study was to analyze characteristics, deployment patterns, security configurations and potential exposure risks of public Wi-Fi infrastructure in urban wireless environments.

The information collected during the assessment was used exclusively for passive observation and infrastructure analysis. No attempts were made to authenticate, intercept communications, exploit systems or interact with the detected wireless networks beyond the publicly broadcast management information.

During processing of the collected data, one step involved filtering out networks belonging to cars or cell phones categorized as mobile hotspots because they do not represent networks that can be considered part of the assessment.

Research scope

The cities included in the study have high population density and extensive wireless infrastructure deployments. We chose areas with the most prominent wireless network activity and highly concentrated public access points. We carried out wardriving research in Monterrey back in 2008, but the city’s hotspot landscape has changed since then.

We chose the following analysis areas for each of the cities:

  1. Mexico City: México City Stadium, Mexico City International Airport, Zócalo, Paseo de la Reforma, Colonia Roma, La Condesa, Polanco, and Coyoacán.
  2. Guadalajara: Guadalajara Stadium, Guadalajara International Airport, the city center, Zapopan, Providencia, Avenida Chapultepec, Colonia Americana, Tlaquepaque, and the area around Andares.
  3. Monterrey: Monterrey Stadium, Monterrey International Airport, Fundidora Park, Cintermex Monterrey, the downtown area, Barrio Antiguo, MacroPlaza, and the San Pedro financial district.

The wireless information was collected using passive wireless reconnaissance techniques. The collected information included:

  • SSID analysis and information exposure, including BSSID-derived SSIDs
  • Default router configurations and ISP deployments
  • Frequency and signal characteristics
  • Channel congestion and spectrum usage
  • Wireless security configurations, including:
    • Open and insecure wireless networks
    • WPS-enabled networks
    • Secure networks (WPA2/WPA3) with WPS enabled

We performed a wireless infrastructure analysis in Mexico City, Guadalajara, and Monterrey. We drove through the areas surrounding the World Cup stadiums, tourist zones, and other places where fan concentrations are likely to be largest. Our goal was to evaluate the security status, deployment characteristics and operational exposure of detected wireless networks.

In total, we recorded 84,588 signals with 69,473 unique Service Set Identifiers (SSIDs) in busy locations and World Cup zones across the three cities. Mexico City accounted for 61.4% of the signals, Guadalajara for 23.6%, and Monterrey for 14.8%. Approximately 82% of the signals had a single SSID (81.9%, 81.34%, and 84% respectively). Notably, they all operate under the IEEE 802.11 standard protocol.

Particular attention was given to identifying standard deployment patterns, legacy configurations, default vendor settings and information disclosure through publicly broadcast wireless identifiers.

The following sections present the results that were obtained by analyzing wireless infrastructure across the three locations.

Our findings

SSID analysis and information exposure

SSID analysis was conducted to evaluate naming conventions, deployment standardization and potential information exposure.

Only a few networks (0.0047%) have an invisible SSID, meaning the names of these networks are not broadcast. Some users prefer to hide the SSID for various reasons, such as the network’s purpose, the profile of its users, internal policies, etc. In contrast, the rest of the networks maintained active SSID broadcasting.

SSID structures may unintentionally disclose operational details about internet service providers (ISPs), device manufacturers, deployment practices, organizational ownership or user identity. The repeated presence of default SSID naming patterns across the analyzed locations indicates a significant degree of infrastructure homogeneity and reuse of default wireless configurations. It may also facilitate passive infrastructure profiling by revealing standard characteristics in use.

Approximately 34% of the detected networks retained the default SSID naming conventions provided by the manufacturer or ISP, while 66% used customized identifiers.

Distribution of SSID naming conventions (download)

Several recurring SSID naming conventions associated with ISP-provided deployments were identified in the three cities. The most frequently observed patterns include identifiers such as “Club_Totalplay_WiFi”, “izzi WiFi”, and “Megacable WiFi”, which suggests extensive standardization of wireless infrastructure deployment. Additionally, we observed distinctive location-specific SSIDs in each area of analysis, such as “XXXX-Internet para Todos-CDMX” or “RED JALISCO”.

Most frequently observed SSID patterns (download)

Sequential SSID naming structures were also identified during the analysis. Patterns such as “INFINITUMXX” and “IZZI-XX” suggest automated ISP deployment and large-scale deployment strategies.

We identified 33 unique sequential naming structures among the 137 sequential SSIDs in total, representing approximately 0.16% of the detected wireless networks.

The following graph shows the top five sequential SSID patterns found in the largest number of networks:

Five most frequently observed sequential patterns (download)

Several customized SSIDs contained personal or organizational identifiers, including family names, professions, addresses or internal department references. Although personalized SSIDs may simplify local network identification for users, they may also expose sensitive information that could be useful for social engineering, physical targeting, or organizational profiling.

BSSID-derived SSID

During the analysis, multiple networks were identified that used the physical MAC address of a Wi-Fi access point (BSSID) as the visible SSID. This practice exposes hardware-level information that could facilitate vendor fingerprinting and targeted reconnaissance activities.

The organizationally unique identifier (OUI) contained in the first bytes of the BSSID identifies the equipment manufacturer. Threat actors can correlate exposed manufacturers with device-specific vulnerabilities.

BSSID-derived SSID by city (download)

Notably, we found that more than 30% of networks in all three cities reuse the MAC address as the SSID.

Default router configurations and ISP deployments

We performed wireless infrastructure profiling to identify the most common wireless equipment manufacturers and ISP deployments across the three locations.

Large-scale ISP deployments frequently use standardized wireless configurations and vendor-specific hardware platforms. Identifying dominant manufacturers and ISP naming conventions can provide insight into infrastructure and deployment practices facilitating the mapping of standardized attack surfaces.

The following figure shows the distribution of the most commonly used manufacturers.

Most frequently observed wireless equipment manufacturers (download)

The manufacturer analysis revealed a strong concentration of wireless infrastructure among a limited number of vendors. Across the three locations, Huawei Technologies, MediaTek-based devices, and other manufacturers’ equipment that is distributed through ISP channels represented a significant portion of the detected deployments. Mexico City had the most diverse infrastructure, while Monterrey and Guadalajara had a greater concentration of wireless equipment known as SOHO (small office/home office) or residential-grade hardware. The widespread presence of standard vendor platforms may facilitate infrastructure fingerprinting and large-scale targeting of known device-specific vulnerabilities.

Most frequently observed wireless equipment manufacturers across the three cities (download)

ISP deployments frequently exhibited standardized configuration patterns and recurring manufacturer identifiers. Our ISP deployment analysis revealed a high concentration of access points associated with major residential internet providers. Deployments associated with Infinitum, Totalplay and Izzi represented a substantial portion of the detected wireless infrastructure across all locations. These findings suggest a high degree of deployment standardization across networks associated with major residential internet providers. This observation was supported by the repeated presence of ISP-associated SSIDs such as “Infinitum”, “Totalplay”, and “Izzi”, combined with manufacturer identifiers frequently associated with consumer equipment, including Huawei, ZTE and other residential wireless equipment vendors.

It is important to note that, for this analysis, ISPs were primarily inferred from SSID naming conventions and manufacturer fingerprint data. A significant portion of the detected wireless networks fell into the “UNKNOWN/CUSTOM” category. This classification includes custom hotspots and networks whose naming conventions did not expose identifiable ISP-associated patterns. The findings suggest that many users and organizations (as we saw previously, approximately 66%) use custom network names, limiting direct provider attribution.

The following figure illustrates the distribution of ISP-associated wireless deployments in general.

Most frequently observed ISPs (download)

To better understand this distribution, we took the most frequently observed ISPs by city.

Most frequently observed ISPs across the three cities (download)

Frequency and signal characteristics

We also analyzed wireless signal characteristics to evaluate coverage quality, signal strength, and frequency band utilization in the three cities. In dense urban environments, signal quality and frequency spectrum distribution can affect wireless reliability, client connectivity, roaming performance, and overall network efficiency.

Signal quality analysis revealed that a substantial portion of the detected access points operated under weak or very weak signal conditions. Monterrey had the highest percentage of very weak signals, with approximately 50% of detected deployments. Similar patterns were observed in Guadalajara and Mexico City, suggesting high-density wireless environments with overlapping coverage areas. Only a limited percentage of networks were classified within the very good or excellent signal categories across the three locations.

Signal quality distribution by city (download)

Signal stability analysis revealed that most detected wireless deployments exhibited stable beacon transmission behavior. More than 96% of the detected access points across all locations were classified as stable, while only a small percentage exhibited unstable or indeterminate signal behavior.

These findings imply that the majority of the wireless infrastructure observed during the assessment corresponded to permanently deployed access points rather than transient or intermittent wireless devices.

Signal stability status (download)

Frequency band analysis revealed the strong prevalence of 2.4 GHz wireless deployments across the three locations. More than 95% of the detected wireless networks operated within the 2.4 GHz spectrum, while only a small percentage of deployments were classified under the unknown or non-standard frequency categories. This uneven distribution reflects the continued prevalence of legacy-compatible wireless infrastructure and SOHO deployments.

Frequency band utilization (download)

These findings are consistent with dense urban wireless environments with large numbers of access points in restricted spectrum allocations.

Channel congestion and spectrum usage

Next, we analyzed wireless channel utilization to evaluate frequency spectrum congestion and channel allocation patterns across the three cities. Our analysis focused on the 2.4 GHz spectrum, where channel overlap and high access point density commonly produce interference and degraded wireless performance. In densely populated wireless environments, an excessive concentration of access points on a limited number of channels can lead to co-channel interference, packet collisions, reduced throughput, and degraded network stability.

Spectrum congestion analysis revealed that the 2.4 GHz band consistently experienced elevated congestion levels across the three cities. The detailed results showed a strong concentration of deployments on channels 11, 6 and 1, which are traditionally recommended as non-overlapping channels within the 2.4 GHz spectrum. Channel 11 was the most utilized channel, accounting for 25.2% of the detected access points, followed by channel 6 with 22.5% and channel 1 with 19.5%. This distribution indicates that most wireless deployments adhere to standard channel allocation practices for 2.4 GHz Wi-Fi environments.

The following figure illustrates the overall distribution of the most frequently utilized wireless channels.

Most utilized wireless channels (download)

To further assess wireless spectrum saturation, the detected access points were grouped according to channel congestion levels: VERY_HIGH, HIGH, UNKNOWN, MEDIUM, LOW and NONE.

Mexico City had the highest proportion of heavily congested wireless channels, with approximately 7% of detected access points operating under HIGH congestion conditions. Guadalajara followed with nearly 5% of deployments categorized as HIGH congestion, while Monterrey had the lowest percentage at approximately 3.29%.

These findings suggest that wireless spectrum saturation increases proportionally with urban infrastructure density and access point concentration. Despite the presence of congested deployments, most detected access points were categorized as LOW or MEDIUM congestion, suggesting severe spectrum saturation was localized rather than uniformly distributed.

Channel congestion by city (download)

A thorough analysis of individual channel utilization revealed that channels 11, 6 and 1 consistently experienced the highest congestion levels across the three cities, which correlates with our previous findings. These channels accounted for the majority of VERY_HIGH congestion classifications, particularly within the 2.4 GHz band.

In Mexico City, channel 11 alone accounted for more than 25% of detected deployments and consistently exhibited VERY_HIGH congestion levels.

This behavior reflects the limited availability of non-overlapping channels within the 2.4 GHz spectrum and the widespread reliance on default wireless configurations.

Most congested channels by city (download)

Overall, the channel utilization analysis showed that wireless deployments are concentrated heavily within the traditional, non-overlapping 2.4 GHz channels. While this strategy reduces adjacent-channel interference, excessive access point density on the same channels can still produce significant co-channel contention and poor wireless performance in high-density urban environments.

Wireless security configurations

The next thing we evaluated was the security posture of the detected wireless networks. We analyzed the wireless security configurations advertised by access points in each of the locations.

Overall security configuration distribution

The analysis revealed that WPA2 was the dominant wireless authentication mechanism across the three cities. Mexico City had the highest WPA2 adoption rate at 81.19%, followed by Monterrey at 79.19% and Guadalajara at 77.59%.

The study found that every 6th open access point (17%) was unsafe, namely 16.5% in Mexico City, 18.5% in Guadalajara, and 17.2% in Monterrey. Open wireless deployments were consistently present across all locations, ranging between 10% and 12% of detected access points. These findings show that despite the widespread deployment of modern wireless security standards, encryption adoption remains incomplete.

Distribution of wireless authentication mechanisms across the three locations (download)

To simplify the interpretation of wireless security posture, we grouped detected networks into four categories:

  • Secure (WPA2/WPA3)
  • Insecure (Open/WEP)
  • Weak (WPA)
  • Unknown

Across the three locations, secure networks comprised most of detected deployments, accounting for approximately 82% of all access points. However, insecure open networks still account for between 10% and 12% of detected wireless infrastructure, consistent with our previous findings. It is important to mention that networks within the unknown category are not considered secure.

Mexico City had the highest percentage of secure deployments at 83.54%, while Guadalajara had the highest percentage of insecure open networks at 12.46%. Although Monterrey had the lowest percentage of insecure networks, open deployments still accounted for more than 10% of the detected access points.

Wireless security posture grouping across the three locations (download)

Although modern WPA2/WPA3 encryption standards dominate current wireless deployments, the continued presence of open and legacy WPA deployments indicates that insecure wireless configurations remain relevant from an operational standpoint. These networks may expose users to passive traffic interception, unauthorized monitoring, rogue access point attacks, and credential harvesting techniques.

WPS-enabled networks

We also analyzed Wi-Fi Protected Setup (WPS) in all the locations to evaluate additional attack surfaces. WPS is a standard feature on wireless routers that enables devices such as printers, repeaters or mobile phones to connect to a secure Wi-Fi network without manually entering a long password, typically through a PIN-based enrolled mechanism. Although WPA2 and WPA3 provide strong encryption mechanisms, the presence of WPS can introduce security weaknesses due to inherently vulnerable PIN-based enrollment methods.

By combining detections from the three locations, we found that 55% of all detected access points did not advertise WPS capabilities, leaving 45% of deployments vulnerable to WPS-based abuse. These results suggest that, despite the adoption of modern encryption standards, a significant portion of wireless infrastructure continues to expose legacy convenience features.

During the analysis, we found that Mexico City had the highest proportion of WPS-enabled networks, with 46.61% of the detected access points advertising WPS capabilities. Guadalajara was second with 43.45%, while Monterrey had the lowest proportion at 40.93%.

The percentage of detected access points advertising WPS capabilities across the three locations (download)

Almost half of the detected wireless networks in each city continued to advertise WPS, indicating that WPS prevalence is consistently high across the three cities.

Secure networks with WPS enabled

In many cases, networks classified as secure because of WPA2/WPA3 encryption still had WPS functionality enabled, which effectively increased the available attack surface.

To further assess the relationship between encryption strength and WPS exposure, we conducted a secondary analysis of secure networks (WPA2/WPA3) only. The results showed that around half of all secure deployments still exposed WPS, with the following breakdown for each city:

  • Mexico City: 53.7%
  • Guadalajara: 50.9%
  • Monterrey: 47.5%

The proportion of secure networks with WPS enabled across the three locations (download)

These findings indicate that encryption strength alone is not enough to evaluate wireless security posture because additional protocol features, such as WPS, may still expose exploitable attack vectors.

Additional security considerations

Overall, travelers operating within dense public environments are exposed not only to insecure wireless infrastructure but also to various risks associated with digital interactions. These risks include many threats, from public USB charging systems and phishing QR codes to proximity-based protocols and exposure to shared public devices, such as interactive totems or kiosks. One particular point that should be taken into account in light of our research is the issue of rogue wireless deployments.

Rogue access points are not necessarily malicious; they may be set up accidentally by misconfiguring router settings. An entry point for potential compromise might be caused by various misconfigurations, from a weak password to an insecure protocol. However, attackers deploy such unauthorized hotspots with malicious intent to infiltrate a network. Threat actors may deploy rogue access points posing as legitimate public wireless networks in airports, hotels, cafés and tourist areas. These deployments are called “evil twins” and can trick users into connecting to attacker-controlled infrastructure capable of intercepting traffic, harvesting credentials, or performing man-in-the-middle attacks. Further risk lies in the potential compromise of local network devices or even malware distribution. Such threats complement our findings, underscoring the importance of implementing traffic encryption, using a security solution and exercising extreme caution while browsing via public networks.

Conclusion

The wardriving assessment conducted in Mexico City, Guadalajara, and Monterrey revealed that modern wireless infrastructure continues to present multiple forms of operational exposure despite the widespread adoption of WPA2 and WPA3 security standards. The analysis demonstrated that wireless environments are highly standardized in all the locations, with recurring ISP deployments, default SSID naming conventions, homogeneous manufacturer distribution, and predictable channel allocation practices observed in all three cities.

Although most of the detected networks were classified as secure under WPA2/WPA3 authentication mechanisms, a significant proportion were exposing additional attack surfaces through enabled WPS functionality, default configurations, sequential SSID structures, and infrastructure metadata disclosure. This demonstrates that encryption strength alone is insufficient for evaluating the overall security posture of wireless infrastructure. Additionally, the prevalence of open networks and legacy wireless configurations indicates that insecure deployments are still operationally relevant in all the locations.

The results also showed that wireless infrastructure is heavily concentrated within the 2.4 GHz spectrum, particularly around channels 11, 6, and 1. This leads to elevated congestion and increased co-channel interference in densely populated urban environments.

SSID analysis further revealed that publicly broadcast wireless identifiers frequently expose valuable operational information about ISPs, equipment manufacturers, deployment templates, organizational ownership, and user-defined naming practices. The identification of default ISP naming conventions, sequential SSID structures, and BSSID-derived SSIDs demonstrated that many deployments prioritize operational convenience and simplicity over exposure minimization and privacy.

The scope of the threats stemming from vulnerable wireless configurations poses serious digital exposure risks for users. The widespread presence of standard deployments, predictable SSID naming and publicly exposed infrastructure identifiers can facilitate passive reconnaissance, infrastructure fingerprinting and opportunistic targeting.

Recommendations

To minimize the risks of wireless-based exposure and the attack surface related to hotspot infrastructure, we recommend taking the following measures:

  • Disable WPS functionality on wireless routers whenever possible, particularly within WPA2/WPA3 deployments.
  • Avoid using default SSID naming conventions that disclose ISP providers, router manufacturers, or deployment templates.
  • Refrain from using personal, organizational, or location-based identifiers in wireless network names.
  • Avoid configuring SSID using BSSID or naming conventions derived from MAC addresses, as these may expose hardware fingerprinting information.
  • Promote migration toward modern WPA3-capable infrastructure while removing legacy wireless protocols when operationally feasible.
  • Reduce wireless congestion by optimizing channel allocation strategies and minimizing excessive dependence on the 2.4 GHz spectrum.
  • Encourage adoption of 5 GHz and newer wireless technologies to reduce interference and improve spectrum efficiency.

The findings presented in this assessment emphasize the importance of combining strong wireless encryption standards, secure deployment practices, exposure minimization strategies, and user awareness to enhance the overall security posture of wireless environments.

The Intersection of Encryption and AI

2 June 2026 at 13:06

As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section.

Renowned technologist and author Bruce Schneier contributed a column on June 20, 2010, warning about cryptography’s inability to secure modern networks, a point he says he has been trying to argue since 2000.

“For a while now, I’ve pointed out that cryptography is singularly ill-suited to solve the major network security problems of today: denial-of-service attacks, website defacement, theft of credit card numbers, identity theft, viruses and worms, DNS attacks, network penetration, and so on.

“Recently, I talked to a former NSA employee at a conference. He told me that back in the 1990s, he had a copy of my book Applied Cryptography by his desk, as did many other cryptographers working at Ft. Meade. People were allowed to refer to it, but they were not allowed to cite it.

“The 1990s were an important decade for cryptography. This was before the internet went mass market, when cryptography was just emerging from a niche academic discipline to a mainstream engineering one. There wasn’t much that programmers could read. The NSA used my book for the same reason it became a bestseller: because it collected all the academic cryptography of the time in one place and made it understandable to people who weren’t mathematicians. They feared it for exactly the same reason.

“I’ve been thinking about that conversation as I revisit a 2010 essay I wrote for Dark Reading, ‘The Failure of Cryptography to Secure Modern Networks.’ Cryptography has inherent mathematical properties that greatly favor the defender. Adding a single bit to the length of a key adds only a slight amount of work for the defender but doubles the amount of work the attacker has to do. Doubling the key length doubles the amount of work the defender has to do (if that—I’m being approximate here) but increases the attacker’s workload exponentially. For many years, we have exploited that mathematical imbalance.

“Computer security is much more balanced. There’ll be a new attack, and a new defense, and a new attack, and a new defense. It’s an arms race between attacker and defender. And it’s a very fast arms race. New vulnerabilities are discovered all the time. The balance can tip from defender to attacker overnight, and back again the night after. Computer security defenses are inherently very fragile.

“That isn’t a new idea. I said much the same thing in the preface to my 2000 book, Secrets and Lies:

“‘Cryptography is a branch of mathematics. And like all mathematics, it involves numbers, equations, and logic. Security, real security that you or I might find useful in our lives, involves people: things people know, relationships between people, people and how they relate to machines. Digital security involves computers: complex, unstable, buggy computers.’

“I especially like how I phrased it in 2016: ‘Cryptography is harder than it looks, primarily because it looks like math. Both algorithms and protocols can be precisely defined and analyzed. This isn’t easy, and there’s a lot of insecure crypto out there, but we cryptographers have gotten pretty good at getting this part right. However, math has no agency; it can’t actually secure anything. For cryptography to work, it needs to be written in software, embedded in a larger software system, managed by an operating system, run on hardware, connected to a network, and configured and operated by users. Each of these steps brings with it difficulties and vulnerabilities.’

“It’s a lesson we have all learned over the decades. Cryptography is still necessary for cybersecurity—although I wouldn’t have used that word back then—but is not sufficient. There are particular attack and forms of mass surveillance that cryptography prevents. But as computers have infused throughout our lives, and networks have connected all those computers, those aspects of cybersecurity have become increasingly important, and vulnerable.

“Today, the cybersecurity world is changing yet again, this time due to the capabilities of artificial intelligence. AI isn’t advancing cryptography, but it’s changing cybersecurity. AI has demonstrated a superhuman ability to find vulnerabilities in software and to write exploits. A similar ability to write patches is probably coming. This has profound implications for both attackers and defenders, and it is unclear who will win the particular arms race in a world of what I call instant software.”

❌