
Coverage: Last 24 hours
Today’s Highlights
Today’s digest highlights an active risk cycle: high-impact zero-days across Linux and Huawei, urgent concerns over privileged AI agents, and newly open-source AI security tooling. Several stories underscore the operational tensions between rapid AI adoption and regulatory, ethical, or technical control gaps. Noteworthy themes include a resurgence of sophisticated Linux rootkits and router vulnerabilities, mounting risks with unchecked AI systems, new open-source security tools for AI, election misinformation via chatbots, and pressures on public-sector tech procurement.
Table of Contents
- ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
- London mayor Sadiq Khan blocks £50m Met police deal with Palantir
- Why patients are turning to Dr Chatbot | Letters
- Nobel laureates and human rights abuses | Brief letters
- Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
- AI will help make a Nobel prize-winning discovery within a year, says Anthropic co-founder
- San Francisco turns to AI to save whales from ship strikes as deaths soar
- ChatGPT and other AI bots made huge errors before Scottish election, study finds
- Google DeepMind in talks with UK unions amid staff concern over US and Israel’s AI use
- SpaceX Is Spending $2.8 Billion to Buy Gas Turbines for Its AI Data Centers
- I Gave My OpenClaw Agent a Physical Body
Top Stories
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
Source: The Hacker News | Risk: Critical | Impacted: Linux server admins, Telecom operators using Huawei routers, Organizations deploying agentic AI, Critical infrastructure SOC teams
Summary: This week’s ThreatsDay Bulletin covers the discovery of 47 zero‑day vulnerabilities at Pwn2Own Berlin 2026, a warning from the UK’s NCSC about the risks of deploying over‑privileged agentic AI tools, signs of the persistent Linux rootkit OrBit resurfacing after nearly four years, AI‑driven intrusion campaigns in Latin America, and a Huawei router zero‑day causing a nationwide telecom outage in Luxembourg.
Why it matters: The resurfacing of advanced Linux rootkits and active telecom infrastructure 0-days increases the likelihood of long-term attacker persistence and large-scale service disruption if not rapidly detected and contained.
Practitioner Perspective
Linux server operators and telecom engineers face an uptick in targeted rootkit campaigns, including the return of OrBit, as well as the direct exploitation of a Huawei router 0-day with real-world outage consequences. The high cadence of zero-day discoveries at Pwn2Own Berlin 2026 signals ongoing capability uplift among well-resourced attackers. AI-driven intrusion campaigns further complicate threat modeling, introducing new lateral movement and persistence risks. Prioritize threat hunting for stealthy implant indicators and validate Huawei network equipment segmentation, as adversaries may chain vulnerabilities for extended access.
Recommended Actions
- Hunt for OrBit rootkit artifacts on Linux systems: check for .so file replacement, staged credential theft, and anomalous SSH activity
- Isolate and restrict access to Huawei routers pending vendor remediation of the identified 0-day
Emerging Signals
London mayor Sadiq Khan blocks £50m Met police deal with Palantir
Source: The Guardian | Risk: Medium | Impacted: Public sector procurement officers, Law enforcement IT/security leads, Third-party risk managers
Summary: London mayor Sadiq Khan has blocked a proposed £50 million Metropolitan Police contract with US tech firm Palantir, citing a “clear and serious breach” of procurement rules, risk of lock-in to the company’s technology and lack of demonstrated value for money. His office said only one supplier had been engaged, and expressed concern that public funds should go to firms aligned with London’s values.
Why it matters: Strategic technology procurement missteps with surveillance vendors can lock organizations into closed ecosystems, complicating future exit or oversight and exposing sensitive operations to poorly aligned contractual controls.
Practitioner Perspective
Large-scale security or analytics platform procurements, especially those involving firms like Palantir, require due diligence not just on technical merit but contract flexibility and compliance posture. Rushing or single-vendor engagements risk creating data silos that are difficult to audit or migrate, and can add alignment or ethics pressures for public sector security teams. Practitioners supporting procurement should make third-party risk reviews and exit strategy non-negotiable controls in any high-trust technology agreement. The cost of unwinding a misaligned contract is often far higher than delays to close supply chain gaps up front.
Recommended Actions
- Require vendor-neutral data export and audit clauses in analytics or surveillance system RFPs
- Perform structured exit risk analysis before entering large single-source contracts (e.g., Palantir)
Why patients are turning to Dr Chatbot | Letters
Source: The Guardian | Risk: High | Impacted: Healthcare IT security staff, Clinical practice SOC, Regulated medical data controllers
Summary: The opinion letters argue that patients are increasingly turning to AI chatbots not as a cultural shift but out of necessity, filling a void caused by declining continuity in NHS general practice, while cautioning that doctors are also resorting to unregulated AI tools and urging proper regulation of medical AI.
Why it matters: Unregulated adoption of AI chatbots by clinicians risks exposing sensitive patient data to opaque third parties and unpredictable model failure modes.
Practitioner Perspective
Healthcare security teams face growing shadow IT risk as clinicians adopt generic AI chatbots for care decisions or patient triage. This dynamic circumvents established data protection and medical validation protocols, sometimes transferring PHI to cloud LLMs with unknown retention or boundary controls. Regulatory bodies now have grounds to expedite rules and sanctions, but local teams cannot wait: prioritize detection and education efforts focused on chatbot traffic and unapproved SaaS use. The most immediate risk comes from sensitive data leakage by unsanctioned tooling, often before formal regulation lands.
Recommended Actions
- Block or flag traffic to unsanctioned AI chatbot domains from healthcare environment egress points
- Audit cloud proxy/firewall logs for PHI leakage toward known LLM endpoints
Nobel laureates and human rights abuses | Brief letters
Source: The Guardian | Risk: Medium | Impacted: Platform trust and safety teams, Third-party compliance leads, Cloud/SaaS providers in high-risk countries
Summary: In a Brief Letter published May 20, 2026 and last modified May 21, 2026, Sehin Teferra from Addis Ababa highlights the irony that Ethiopia’s prime minister, Abiy Ahmed, himself a Nobel peace laureate, has overseen the imprisonment of several gravely ill activists protesting human rights abuses, and suggests fellow Nobel laureates may next call him out.
Why it matters: Operational misuse of surveillance or policy enforcement against dissidents can attract international scrutiny, leading to reputational and regulatory fallout for entities facilitating such activities.
Practitioner Perspective
Human rights concerns tied to surveillance tech should remain a standing item on third-party risk committees for multinationals and service providers. Companies supporting regimes with problematic records may face secondary sanctions, supply chain disruptions, or targeted activism. Security and risk teams have a role ensuring their platforms are not subverted for repression, with special attention to monitoring privileged account actions and data exports in politically exposed geographies. Proactive transparency about usage auditing can sometimes preempt damaging exposures.
Recommended Actions
- Implement continuous monitoring of privileged access and exports for accounts linked to sanctioned or at-risk geographies
- Include human rights impact checks as part of all material SaaS contract renewals
Exploits & CVEs
No new specific CVE entries with available CVSS scores were reported in the past 24 hours, but see ‘ThreatsDay Bulletin’ in Top Stories for summary of major 0-day activity.
AI Security
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Source: The Hacker News | Risk: High | Impacted: AI/ML software engineers, Product security architects, DevOps teams deploying AI agents
Summary: Microsoft on May 20, 2026 made public two open‑source tools to enhance AI agent security during development: RAMPART, a Pytest‑native framework for writing and running safety and security tests against adversarial and benign threats; and Clarity, a tool to validate design assumptions and capture decision rationale before writing code.
Why it matters: Rapid AI agent adoption increases organizational exposure to adversarial input exploitation and design flaws, especially when security controls are not part of the early development pipeline.
Practitioner Perspective
Teams developing or integrating AI agents must contend with higher exposure to input fuzzing, prompt injection, and misuse absent robust validation and adversarial testing. Microsoft’s release of RAMPART (for automated adversarial scenario testing) and Clarity (for tracking design decisions) reflects a growing trend toward codified security checks in AI/ML workflows. As open-source tools, these can be embedded early and iteratively within DevSecOps for AI projects. Defenders should push to operationalize this testing discipline before AI agents hit production environments.
Recommended Actions
- Integrate Microsoft’s RAMPART into existing Pytest-based test suites for AI agent adversarial testing
- Adopt Microsoft’s Clarity to document and review design rationale for AI agent deployment decisions
AI will help make a Nobel prize-winning discovery within a year, says Anthropic co-founder
Source: The Guardian | Risk: Medium | Impacted: Research institutions using frontier AI models, Industries embedding AI into product R&D
Summary: Anthropic co‑founder Jack Clark predicted in a lecture at Oxford University on 21 May 2026 that within 12 months, AI systems working alongside humans will contribute to a Nobel prize‑winning discovery, and within two years bipedal robots will assist tradespeople, while highlighting serious existential risks.
Why it matters: Rising reliance on powerful AI in critical domains increases potential for unanticipated failure modes or misuse before proper oversight mechanisms can catch up.
Practitioner Perspective
The prediction of Nobel-level breakthroughs via AI hints at rapid integration into high-stakes research and industrial workflows, often outside the traditional security perimeter. Security teams must anticipate sudden increases in data sensitivity and attack surface as AI outputs become business-critical. Broader existential risk debates should not distract from practical actions: map where AI systems directly affect core decision-making and enforce compensating controls at these integration points. Do not allow hype or headlines to outweigh the steady, methodical assessment of new exposure.
Recommended Actions
- Conduct targeted data flow mapping for new AI deployments in R&D environments
- Review and log all access to high-sensitivity datasets used by AI agents in research domains
San Francisco turns to AI to save whales from ship strikes as deaths soar
Source: The Guardian | Risk: Medium | Impacted: Maritime OT operators, Shipping/logistics SOCs, OT/ICS network defenders
Summary: An AI-powered system called WhaleSpotter has been launched in San Francisco Bay to detect gray whales day and night, by scanning for blows and heat signatures, and alert vessels to slow down or reroute, as whale deaths from ship strikes rise sharply, including 21 in 2025, with at least 40% attributed to vessel collisions. Marine temperatures and Arctic food shortages are drawing malnourished whales into the bay’s busy shipping lanes.
Why it matters: Deploying real-time AI-driven risk detection in operational technology can introduce new attack vectors that adversaries may exploit to manipulate or disrupt physical systems.
Practitioner Perspective
As AI-based monitoring expands into critical OT (such as vessel collision avoidance), defenders must factor in threats to the integrity, reliability and spoof-resistance of such predictive systems. Adversaries targeting AI/ML sensor pipelines could falsify telemetry or generate noise, leading to operational failures or safety events. Mature organizations are already applying adversarial ML testing and sensor validation, but many shipping and logistics operators lack formal protections. Treat every new AI-OT link as a potential point of compromise requiring continuous monitoring.
Recommended Actions
- Red team the WhaleSpotter AI system for spoofing and sensor manipulation vulnerabilities
- Deploy anomaly detection on OT data feeds ingesting AI outputs for rapid event detection
ChatGPT and other AI bots made huge errors before Scottish election, study finds
Source: The Guardian | Risk: High | Impacted: Digital election trust and safety teams, Platform content moderation ops, Public sector communications IT
Summary: A Demos study found that ahead of Scotland’s May 2026 Holyrood election, AI tools including ChatGPT, Gemini, Replika and Grok gave incorrect responses to 34% of questions, inventing scandals, misdating the election, misattributing candidates and wrongly stating voter ID requirements; in response the UK Electoral Commission urged new legal safeguards. The article is not behind a paywall.
Why it matters: AI chatbot-driven misinformation during elections undermines public trust and raises legal and operational burdens for trust and safety teams in digital platforms.
Practitioner Perspective
Defenders focused on election integrity must now contend with model hallucinations and intentional manipulation from ChatGPT, Gemini, Replika, and Grok, each capable of producing convincing but false narratives. This problem is amplified with regulatory pressure from electoral commissions for comprehensive content monitoring and incident response. Teams should map model integrations, isolate unverified outputs from decision logic, and ensure robust takedown playbooks for high-visibility misinformation. The risk vector includes both organic mistakes and adversarial prompt crafting to exploit gaps.
Recommended Actions
- Deploy detection logic for AI-generated misinformation referencing voting processes or candidate data in ChatGPT, Gemini, Replika, and Grok contexts
- Instrument fast-response escalation paths with legal and comms for takedown of false election information
Google DeepMind in talks with UK unions amid staff concern over US and Israel’s AI use
Source: The Guardian | Risk: Medium | Impacted: Enterprise AI security leads, HR and compliance teams, AI research and development orgs
Summary: Google DeepMind has agreed to enter formal talks via Acas with the Communications Workers Union and Unite after UK staff, concerned about the use of DeepMind’s AI by US and Israeli defence and intelligence agencies and following petitions and a vote to unionise, pushed for representation. Google declined to voluntarily recognise the unions but may hold a formal ballot in the coming months. The concerns follow its 2025 decision to drop a pledge against harmful military or surveillance use.
Why it matters: Staff and regulatory scrutiny over dual-use AI applications can delay or disrupt ongoing projects, create compliance overhead, and drive insider risk escalation if left unaddressed.
Practitioner Perspective
Internal resistance to AI usage in military or intelligence contexts places sustained pressure on project governance and the ability to retain key talent, especially following public unionization drives. For enterprise defenders, employee-driven monitoring and formal challenges can become a new insider risk channel if not transparently managed. Review AI project oversight, document all export/national security controls, and establish escalation pathways for staff objections to dual-use scenarios. Preemptive engagement with unions or worker groups gives organizations time to address credible issues before a major incident.
Recommended Actions
- Maintain an up-to-date AI use inventory with visibility into dual-use or national security relevant deployments
- Document and review all export control, legal and compliance measures for AI deployments tied to defense/intel use cases
SpaceX Is Spending $2.8 Billion to Buy Gas Turbines for Its AI Data Centers
Source: The Verge AI | Risk: Medium | Impacted: AI data center operations teams, Regulatory compliance officers, Grok AI platform engineers
Summary: SpaceX has committed more than $2.8 billion to purchase gas turbines for its AI data centers, according to a regulatory filing. This significant investment underscores Musk’s continued reliance on turbine-powered infrastructure despite concerns, lawsuits, and environmental scrutiny over emissions and regulatory compliance.
Why it matters: AI data center scaling efforts that rely on legacy power generation introduce resilience and compliance risk, potentially exposing organizations to grid isolation and regulatory action.
Practitioner Perspective
SpaceX’s investment in gas turbines for Grok AI infrastructure signals ongoing dependency on self-contained, high-emission power models, placing new focus on environmental compliance and continuity planning. Defenders are urged to assess what alternate energy sources and redundancy exist for critical AI workloads, especially as regulatory investigations or lawsuits can force abrupt operational shifts. Energy sourcing is now a fast-emerging supply chain and data residency risk for AI/ML-heavy orgs. Don’t ignore the physical layer: a data center’s generator blueprint may be as mission-critical as its patch cycle.
Recommended Actions
- Review data center BCP/DR plans for dependency on gas turbine power supply specifically for Grok AI clusters
- Document environmental compliance exposure for all non-grid power deployments tied to AI operations
I Gave My OpenClaw Agent a Physical Body
Source: The Verge AI | Risk: High | Impacted: Robotics security engineers, Industrial automation SOCs, OT security architects
Summary: A WIRED reporter equipped their OpenClaw AI agent with a physical robotic arm and the agent autonomously configured it to see and grasp objects, even training another AI model to pick up and place items, demonstrating a notable step toward simplified robotics development.
Why it matters: Transferring AI agents from simulation to direct hardware control multiplies the physical attack surface and creates new failure categories that classic IT monitoring cannot reliably catch.
Practitioner Perspective
Defenders supporting robotics or ‘cyber-physical’ automation must adapt from traditional endpoint and server monitoring to real-time anomaly detection on embedded systems. When AI agents train or operate robotic arms autonomously, the combined software and sensor stack becomes a critical risk zone, with the potential for sabotage, denial of service, or supply chain implant activity. Out-of-the-box models like OpenClaw introduce opaque, rapidly updating codebases with limited audit trails. The pressing question: who has root-equivalent control over these systems, and how will you spot abuse or malfunction at the device level?
Recommended Actions
- Deploy endpoint and network monitoring specifically to robotic arm controllers running OpenClaw or similar agents
- Review code provenance and validate automatic retraining pipelines on embedded robotics platforms
Defensive Actions
- Hunt for OrBit rootkit artifacts on Linux systems: check for .so file replacement, staged credential theft, and anomalous SSH activity
- Isolate and restrict access to Huawei routers pending vendor remediation of the identified 0-day
- Integrate Microsoft’s RAMPART into existing Pytest-based test suites for AI agent adversarial testing
- Adopt Microsoft’s Clarity to document and review design rationale for AI agent deployment decisions
- Conduct targeted data flow mapping for new AI deployments in R&D environments
- Block or flag traffic to unsanctioned AI chatbot domains from healthcare environment egress points
- Deploy detection logic for AI-generated misinformation referencing voting processes or candidate data in ChatGPT, Gemini, Replika, and Grok contexts
- Red team the WhaleSpotter AI system for spoofing and sensor manipulation vulnerabilities
- Require vendor-neutral data export and audit clauses in analytics or surveillance system RFPs
- Deploy endpoint and network monitoring specifically to robotic arm controllers running OpenClaw or similar agents
What We’re Watching
- Persistence and lateral movement indicators as OrBit and similar Linux rootkits resurface
- Telecom-wide impacts from newly discovered Huawei router vulnerabilities
- Efficacy of operationalizing Microsoft’s new AI agent security testing tools, including uptake in production pipelines
- Regulatory and insider risk pressures from rapid AI proliferation in both public and private sectors
- Election-specific countermeasures against AI-driven misinformation at scale
Categories: Cybersecurity Blog, Cybersecurity News
Leave a comment