Weekly Security Sprint EP 156. Scams, cyber reports, and hurricane preparedness

In this week's Security Sprint Dave and Andy covered the following topics:Opening• Homeland Security Funding Bill Passed, Includes Money for CISA • Browser Extensions and Shadow AI: Unmanaged Threats to Privacy — Gate 15• Data Centers, Telecommunications Networks, and Space-Based Systems: Modernizing DHS’s SRMA Role for the Communications and IT Sectors — House Committee on Homeland Security• New Cybersecurity Guide Targets Rising Threats to Food and Agriculture SMBs • Maine Law Requires Hospitals to Enact Cybersecurity PlansMain TopicsNew FTC Data Show People Have Lost Billions to Social Media Scams - Federal Trade Commission - 23 Apr 2026 The Federal Trade Commission reported that consumers have lost billions of dollars to scams originating on social media platforms, with fraudsters leveraging impersonation, investment schemes, and romance scams to exploit user trust. Take9! 9 Seconds For A Safer World. Cyber threats are everywhere. And getting sneakier. What can you do to protect yourself, your community and our nation? New 2026 ‘IOCTA’ highlights sophisticated tactics and emerging challenges in the digital landscape – Europol unveils comprehensive analysis of evolving cybercrime threats - Europol - 28 Apr 2026 Europol released its 2026 Internet Organised Crime Threat Assessment, warning that encryption, proxies, artificial intelligence, dark web marketplaces, cryptocurrencies, fraud ecosystems, ransomware, and child sexual exploitation are expanding the cybercrime landscape. Global Encryption Coalition (GEC). The Global Encryption Coalition (GEC) was founded in 2020 by the Center for Democracy & Technology, Global Partners Digital and the Internet Society and now has over 350 members. Gate 15 is a proud member of the GEC. Ransomware! Weekly ransomware & data leak landscape; A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch. — eCrime.ch — 26 Apr 2026. The eCrime weekly report provides a seven-day analysis of ransomware claim activity, data leak site postings, actor concentration, and sector targeting trends. • NCC Group Monthly Threat Pulse - Review of March 2026 • Ransomware and Cyber Extortion in Q1 2026 - ReliaQuest Presidential Message on National Hurricane Preparedness Week - The White House - 03 May 2026 This message encourages Americans in hurricane-prone areas to prepare before the season by protecting property, building emergency plans, assembling supplies, and monitoring forecasts and evacuation routes. It emphasizes local and state frontline roles while describing federal support for response and recovery. • Hurricane Preparedness - NOAA • Summer forecast 2026: Heat, severe storms to shape the season as El Niño develops, strengthens - AccuWeather• 2026 Hurricane Awareness Webinars - NOAA Quick Hits• Email threat landscape: Q1 2026 trends and insights — Microsoft Security Blog • Tycoon2FA disruption impact• QR code phishing attacks• CAPTCHA tactics• Malicious payloads• Business email compromise• Defending against email threats• Microsoft Defender detections• Alert - AL26-008 - Vulnerability affecting cPanel and WebHost Manager (WHM) - CVE-2026-41940 - Canadian Centre for Cyber Security • Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks • To recover your files kindly send 0.1 BTC to… ransom note appears on websites • The cPanel Situation Is… - • cPanel authentication bypass vulnerability CVE-2026-41940 exploited • Over 40,000 Servers Compromised in Ongoing cPanel Exploitation • Cole Allen’s journey from Caltech grad to accused gunman in D.C. attack • Footage shows White House correspondents' dinner suspect 'casing' hotel: US attorney • Washington Hilton says it was using Secret Service protocols on night of attack

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• AI in Cybersecurity Defense: Best Practices and Limitations — Gate 15 • FS-ISAC releases advisory on hardening cybersecurity from AI • Sector Risk Advisory: AI-Enabled Vulnerability Detection & Remediation Perspectives on Third Parties • Sector Risk Advisory: Preparing the Enterprise for AI-Enabled Vulnerability Discovery • Executive Overview: Implications of AI-Enabled Vulnerability Detection & Exploitation • Europe must prevent misuse of Anthropic's Mythos, Bundesbank chief warns • FB-ISAO Newsletter V8 Issue 4 Main Topics:WHCD Attack• White House Dinner Shooting Suspect's Family Alerted Police To Threats Minutes Before Attack • Read White House Correspondents’ Dinner gunman Cole Allen’s full anti-Trump manifesto • WHCD shooting suspect Cole Allen mocked lack of security on every leg of cross-country journey in manifesto: ‘Actually insane’ • Who Are The Wide Awakes? What We Know About Group Tied to Cole Allen • White House Correspondents' Dinner gunman 'assembled long weapon in unsecured room' before firing near ballroom, volunteer reveals • Correspondents’ dinner shooting suspect called himself ‘friendly federal assassin’ • White House correspondents’ dinner was not given top security status • White House correspondents’ dinner shooting suspect reached ballroom staircase • Trump shooting at correspondents dinner raises security concerns • Staged conspiracy theories are everywhere following White House Correspondents’ Dinner shooting Cyber Resilience• Cyber Centre warns of sophisticated smishing activity targeting Canadians & Smishing: Protect yourself from SMS attacks - Canadian Centre for Cyber Security • NCSC: Leave passwords in the past - passkeys are the future – UK National Cyber Security Centre • Cyber security considerations for passkeys (ITSAP.30.033) — Canadian Centre for Cyber Security • How NOT to Be Your Adversary’s Best Friend | FIRST CTI 2026 Day 2 - FIRST CTI 2026 • Could your choice of metrics be harming your SOC? – UK National Cyber Security Centre • NCSC CEO keynote speech, CYBERUK 2026 — UK National Cyber Security Centre • Vendor diversification (ITSAP.10.006) - Canadian Centre for Cyber Security FBI: Open Letter to Parents, Guardians, and Caregivers Quick Hits:• AI tools are helping mediocre North Korean hackers steal millions - WIRED • Inside Lazarus: How North Korea Uses AI to Industrialize Attacks on Developers - Expel • Distinguished ex-cop arrested for ‘mass shooting’ plot to gun down black people at New Orleans festival• UK warns of Chinese hackers using botnets of hijacked consumer devices to evade detection • FIRESTARTER Backdoor - CISA • Data Centers, Telecommunications Networks, and Space-Based Systems: Modernizing DHS’s SRMA Role for the Communications and IT Sectors - House Committee on Homeland Security. Witnesses include Sam Visner, Chair of the Board of Directors at Space Information Sharing and Analysis Center; and Scott Algeier, Executive Director of the Information Technology-Information Sharing and Analysis Center. • CISA director pick Sean Plankey withdraws his nomination - CyberScoop • Treaty Adjacent: Why Tribal Data Sovereignty Matters - LinkedIn

In the latest episode of Nerd Out, Dave and Alec go deep into the various threats from Iran and the ways they can still inspire and influence attacks before diving into the fire as a weapon / arson threats. And as always they wrap up talking about some of their favorite shows including Daredevil and Maul! Plus, are we in the midst of a revival or peak for fandom!Iran Security Threatshttps://www.visionofhumanity.org/wp-content/uploads/2026/03/The-Iran-War-and-The-Global-Terrorism-Threat.pdfhttps://www.longwarjournal.org/archives/2026/04/iran-linked-group-ashab-al-yamin-surges-attacks-in-european-cities-claims-15-since-march.phphttps://www.theguardian.com/uk-news/2026/apr/23/iran-low-level-hybrid-warfare-arson-attacks-uk-europeIran Supply Chain:https://www.cnbc.com/2026/04/21/oil-price-iran-war-middle-east.htmlhttps://splash247.com/war-turns-sulphur-market-toxic-in-acid-supply-shock/Workplace Violence – Employee Reportedly Intentionally Sets Fire at Massive Warehouse, Possibly Motivated by Ideological Grievances:⁠https://www.asisonline.org/security-management-magazine/articles/2026/04/distribution-center-arson-attack/⁠

On this week's Security Sprint, Dave and Andy covered the following topics:Opening:• TribalHub Regional Tribal Technology Forums• WaterISAC H2OSecCon 2026. Virtual Event: 02 Jun, 11am-5pm ET Overview, Registration, Agenda, Speakers• Offensive AI: What Red Teams and Attackers are Doing Now - Gate 15Main Topics:Vercel April 2026 security incident Vercel 20 Apr 2026. Vercel said it identified unauthorized access to certain internal systems and initially found a limited subset of customers whose credentials were compromised. The company said the incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee, which then enabled takeover of that employee’s Google Workspace account and access to some Vercel environments and non-sensitive-marked environment variables. Vercel said services remain operational, law enforcement has been notified, and customers who were not contacted are not currently believed to have had credentials or personal data compromised. Vercel is a cloud platform used for frontend hosting, serverless functions, and deploying websites, particularly those built with React or Next.js. It enables developers to easily build high-performance, edge-optimized applications. Key features include automatic Git integrations (CI/CD) for instant deployments, preview environments, and edge storage. • Vercel confirms breach as hackers claim to be selling stolen data • Breaking: Vercel Breach Linked to Infostealer Infection at Context.ai • Vercel’s security breach started with malware disguised as Roblox cheatsWiz: 80% of cloud breaches are caused by basic mistakes - IT Pro - 13 Apr 2026 IT Pro reports that Wiz Threat Research found most cloud breaches in 2025 were driven by familiar security mistakes rather than entirely new vulnerability classes, with AI expanding the places where known risks can appear. The article frames the problem around scale, shared trust, and increasingly complex cloud and AI environments rather than exotic attack novelty. Target is cloud security teams, platform engineers, and enterprise risk leaders with Dig highlighting that basic exposure management, identity control, and configuration discipline remain the decisive factors in many modern cloud compromises. Fire As An Act Of Sabotage Guidance UK National Protective Security Authority 25 Sep 2024. The NPSA guidance outlines how to mitigate the risk of deliberate fire-setting used as sabotage against premises and infrastructure that may be attractive targets. Although not new, it remains operationally useful because it provides protective security and risk management guidance for owners and operators responsible for physical sites and critical functions. The relevance is heightened in an environment where sabotage, arson, and hybrid disruption are increasingly discussed alongside state and extremist threat models. From tabletop reality 10 gaps executive cyber exercises consistently reveal - SANS Institute - 2026 This analysis identifies recurring gaps observed during executive cyber exercises, including communication breakdowns and decision-making delays. It highlights the importance of realistic training scenarios to improve organizational readiness. The findings provide actionable insights for strengthening incident response at the leadership level. • Critical infrastructure resilience escalated threat navigation initiative - Canadian Centre for Cyber Security • Preparing for severe cyber threat why leaders must act now - NCSC UK • CISO Survey 2026: The State of Incident Response Readiness Quick Hits:• The State of Ransomware in Q1 2026 - Emsisoft • Safeguarding Our Data, Intellectual Property, and Technology from Non-traditional Collectors

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Gate 15: Leveraging AI for Proactive Physical Threat Detection and Emergency Response• Cloud Security Alliance: The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program • Cyber.gov.au: Frontier models and their impact on cyber security• Canadian Centre for Cyber Security: Frontier artificial intelligence - • Anthropic: Glasswing• A.I. Is on Its Way to Upending Cybersecurity • U.S. Department of the Treasury: Treasury Launches Cybersecurity Information Sharing Initiative for the Digital Asset Industry• Strengthening American Leadership in Digital Financial Technology Digital Assets Report EO14178 • Treasury debuts effort to share cyber threat intel with crypto firms • Crypto Firms Can Now Access Treasury’s Cybersecurity Info to Bolster Defense Against Attacks Main Topics:FBI Releases the 2025 Internet Crime Report: “Cryptocurrency and AI Scams Bilk Americans of Billions” — 07 Apr 2026. The FBI says IC3 received about 453,000 cyber enabled fraud complaints with losses exceeding $17.7 billion, and that investment fraud accounted for nearly half of all scam related losses. The bureau says complaints involving cryptocurrency produced the highest losses with 181,565 complaints totaling more than $11 billion, while the 2025 IC3 report also says cryptocurrency investment fraud alone reached $7.2 billion and that AI related cybercrime complaints totaled 22,364 with losses nearing $893 million. Threat Landscape Report 2025: A Year in Review — 08 Apr 2026. CERT-EU said it tracked at least 174 distinct threat actors affecting Union entities or their ecosystem in 2025, up from 110 in 2024, and said cyberespionage and prepositioning remained the dominant motives while cybercrime also rose. The report says exploitation of vulnerabilities in internet-facing software remained the highest-impact initial access vector for the second consecutive year and that edge devices from vendors including Fortinet, Ivanti, Cisco, and Palo Alto accounted for much of the observed attack activity. Quick Hits:• CSU Forecast for 2026 Hurricane Activity & CSU researchers predicting somewhat below-average Atlantic hurricane season for 2026, PDF. • The first predictions for hurricane season are in and El Niño’s fingerprints are all over it • Super Typhoon Sinlaku Slams Northern Mariana Islands and Guam with Devastating Winds and Catastrophic Flooding, A Travel Nightmare Unfolds• 2026 Cyber Claims Report & 86% of businesses refused to pay cyber ransoms in 2025: Coalition insurance • DHS Shutdown Day 58: Secretary Mullin Orders All Staff Back to Work Despite No Congressional Deal

In this episode of The Gate 15 Interview, Andy Jabbour speaks with Hank Teran. Hank is the CEO of Open Measures, an open source social intelligence platform built to help researchers identify online threats like disinformation and extremism to mitigate offline harms. Open Measures covers a wide range of social media platforms from mainstream to fringe, with a unique focus on emerging - or alternative - platforms. In the past Open Measures has been used in investigations on a range of topics including Russian information operations in the Sahel, AI deepfakes targeting celebrities and athletes, and the proliferation of stolen logs sales across channel-based messaging apps. Before building Open Measures, Hank led business development and operations teams across industries including M&A, rideshare, and software security & management. Throughout his career he’s been driven by a desire to create meaningful ownership opportunities for workers, both on the cap table and in the workplace. Hank and his team at Open Measures are based in NYC. When he’s not busy helping teams identify online threats, he can be found working on the Sunday crossword or researching the best nearby diner options.Hank on LinkedInHank in Politico, “The limits of making social media political,” 29 Jan 2026⁠ Open MeasuresOpen Measures NewsletterIn the podcast the team and Andy discuss:Hank, Open Measures and info ops.Threats, extremism and the impacts of AI.The importance of having a “human in the lead framework.”Why organizations need to prioritize visibility.Emerging challenges and the normalization of AI-generated content.We play 3 Questions! and discuss New York City, food, culture, Tom's Diner by Suzanne Vega and is this the same Tom’s Diner Hank is telling us about?!Hank closes us out noting, “This work is a marathon, not a sprint” and discussing the importance of mental health.And more!Open Measure links that may be of interest:Michigan-specific election conspiracy theoriesSmear campaign directed at CAIRNGOs targeted as "Antifa" Cracker Barrel CEO targeted amidst rebrandAE Good Jeans Ad sparks inauthentic backlashNeo-Nazi Active Clubs youth recruitmentAnti-abortion activism that puts clinics and practitioners at risk

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Senate confirms Markwayne Mullin to lead Homeland Security as TSA standoff deepens • Auto-ISAC 2025 Annual Report — Auto-ISAC • ISACs confront AI’s promise and peril for threat intelligence-sharing — Cybersecurity Dive Podcast: What healthcare leaders face after a cyberattack — Health-ISAC• New Jersey Sign-Ups for MS-ISAC Remain Low Amid Attacks Main Topics:Cybersecurity Reports, Ransomware & Resilience• M-Trends 2026 — Google Cloud Mandiant — 24 Mar 2026. The PDF version of M-Trends 2026 shows that high tech was the most targeted industry in 2025 at 17 percent of investigations, followed by financial services at 14.6 percent, business and professional services at 13.3 percent, and healthcare at 11.9 percent. It also shows voice phishing at 11 percent of initial intrusion vectors and says ransomware appeared in 13 percent of incidents that Mandiant investigated in 2025. • M-Trends 2026 Report — Google Cloud • M-Trends 2026 reveals threat landscape shaped by faster, coordinated, and industrialized cyberattacks • High-Tech Sector Overtakes Finance as Top Target of Cyber-Attacks in 2025 • The phone call is the new phishing email • M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds • Top 50 Cybersecurity Threats — Splunk • If threat actors gave you a chance to redact the patient data they hacked before they leak it, would you take them up on the offer? Read about the Woundtech incident. • Iran-Linked Pay2Key Ransomware Group Re-Emerges • Waterfall Threat Report 2026 finds ransomware slowdown masks deeper shift toward nation-state attacks on critical infrastructure Atlantic hurricane season forecast 2026: 11-16 named storms predicted by AccuWeather — AccuWeather — 25 Mar 2026. AccuWeather forecasts a near-average Atlantic hurricane season with 11 to 16 named storms and several potential hurricanes. Target is coastal communities, emergency planners, and critical infrastructure operators preparing for seasonal storm impacts. Dig is that even an average season can produce high-impact storms that stress preparedness and response capabilities. The outlook is significant for planning purposes as organizations begin to align resources and contingency plans ahead of peak hurricane activity.• Ready.govQuick Hits:• Treasury asks whether terrorism risk insurance program should bolster cyber coverage — CyberScoop | 25 Mar 2026. Treasury is seeking public comment for a report to Congress on the effectiveness of the Terrorism Risk Insurance Program and specifically asked whether changes should better address cyber related losses arising from acts of terrorism. The notice highlights a persistent gap because even catastrophic cyber incidents may fall outside the program unless Treasury certifies them as terrorism under current law. Target: insurers, critical infrastructure operators, large enterprises, and policymakers evaluating how to manage systemic cyber loss from high consequence attacks. Dig: this is an important resilience and policy signal because it could shape future federal backstop discussions for cyber insurance ahead of the law’s scheduled 2027 expiration. (CyberScoop)

In the latest Nerd Out, Dave and Alec welcome back some old friends - Bridget Johnson and Joe Levy - to talk about Iran, including the threat tactics and capabilities, how individuals and organizations can be prepared and what could come next. The group then talked about some pop culture items and what they are currently watching and looking forward to.Some items reference in the discussion include:Iran and Terrorism: What the U.S. Strikes Could Mean for Homeland Security - https://www.cfr.org/articles/iran-and-terrorism-what-the-u-s-strikes-could-mean-for-homeland-securityWill Iran Turn to Terrorism? - https://www.foreignaffairs.com/iran/will-iran-turn-terrorismHybrid Threat Signals: Assessing Possible Iranian Involvement in Recent Attacks in Europe - https://icct.nl/publication/hybrid-threat-signals-assessing-possible-iranian-involvement-recent-attacks-europeGroup claiming Europe antisemitic attacks tells CBS News it will target "U.S. and Israeli interests worldwide" - https://www.cbsnews.com/news/europe-antisemitism-attacks-group-threatens-us-israel-interests-worldwide/Stryker attack highlights nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict - https://cyberscoop.com/stryker-cyberattack-iranian-hackers-handala/Competing Narratives: Understanding All Sides’ Approach to the War in Iran - https://thesoufancenter.org/intelbrief-2026-march-24/

On this week's Security Sprint, Dave and Andy covered the following topics:Opening:• President Donald J. Trump Unveils National AI Legislative Framework - The White House • Emerging Attack Vectors: AI Agents & Prompt Injection Gate 15 | 16 Mar 2026• The AI Landscape in Cybersecurity • An AI cyberattack could trigger a satellite apocalypse in the next 2 years. Are we prepared? • WaterISAC & EPA National Security Information Sharing Bulletin – Q1 2026 WaterISAC • Food and Ag-ISAC finds 72 active threat actors behind persistent, sophisticated cyber attacks targeting food supply chains • The E-ISAC's 2025 Report: Real Progress, Remaining Constraints Main Topics:Severe Weather• Spring outlook: Drought forecasted to expand in U.S. West, parts of Plains — NOAA | 21 Mar 2026• Get Ready for a Year of Chaotic Weather in the US — Wired, 19 Mar 20262026 Annual Threat Assessment of the U.S. Intelligence Community — Office of the Director of National Intelligence, 18 Mar 2026. The ODNI released its 2026 Annual Threat Assessment outlining key threats including China’s cyber and military expansion, Russia’s hybrid operations, Iran’s regional aggression, and persistent cyber threats from nation-state and criminal actors. The report underscores increasing convergence between cyber operations, information operations, and physical-world impacts across critical infrastructure sectors.Islamic State group activity in the US in 2025 Institute for Strategic Dialogue | 11 Mar 2026. ISD assesses that Islamic State inspired activity in the United States remained persistent in 2025, with two successful attacks, five disrupted plots, and six material support arrests, and says most cases involved teenagers. The dispatch highlights continued use of firearms, explosive devices, vehicle attacks, and newer surveillance tools such as Meta glasses and drones during pre attack planning. It also notes that targets varied widely, including public celebrations, military interests, nightlife venues, law enforcement, schools, and religious institutions, which complicates protective prioritization. Quick Hits:• Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets — FBI IC3• CISA Urges Endpoint Management System Hardening After Cyberattack Against U.S. Organization • CISA and FBI Release Public Service Announcement About Russian Intelligence Services Targeting Commercial Messaging Apps• Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape — Google Cloud Blog• Ransomware Spotlight: Agenda • Amazon Threat Intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls• Hastalamuerte and Gentlemen RaaS: Analyzing TTPs of a Growing Ransomware Threat • Beast ransomware server toolkit analysis • Beast ransomware’s toolkit revealed by exposed directory • Marquis ransomware gang stole data of 672,000 people in 2025 cyberattack • ESET Research: A Deep Dive into EDR Killers - a Cornerstone of Modern Ransomware Operations • Ransomware Affiliate ‘Gentlemen’ Emerges as Key Player • LeakNet Ransomware: What You Need to Know

In this special Joint episode Andy Jabbour and Toni Pepper connect at the 6th Annual Cybersecurity Summit in Jacksonville, Florida to talk Tribal-ISAC, key insights and takeaways, and other fun conversations along the way.