Top 5 Cybersecurity News Stories May 29, 2026

This week in Cybersecurity News Stories May 29, 2026, the stories are not about breached databases or leaked passwords. They are about the mechanisms of trust itself — code signing, government credentials, AI platforms, and human presence — being systematically subverted or failing under pressure. Five different exposure layers, five different attack vectors, one consistent signal: the perimeter organisations thought they understood is wider than any firewall can cover.

1) The Agency That Audits Your Security Left Its Own Keys in Public for Six Months

A contractor working for the Cybersecurity and Infrastructure Security Agency (CISA) used a public GitHub repository as a file synchronisation tool between a work laptop and a home computer. The repository, named “Private-CISA,” remained publicly accessible from November 13, 2025 until May 18, 2026 — six months. Inside: administrative credentials to three AWS GovCloud accounts, plaintext usernames and passwords for dozens of internal CISA systems filed in a document titled “importantAWStokens,” SSH keys, Kubernetes configuration files, and an RSA private key granting access to all CISA code repositories. 844 megabytes in total. Security researcher Guillaume Valadon of GitGuardian discovered the exposure on May 15 and notified CISA. The AWS GovCloud keys remained valid for 48 hours after the repository was taken down. Congressional inquiries were opened by both chambers within days of public reporting.

The contractor was an employee of Nightwing, a government defence contractor based in Dulles, Virginia. Nightwing declined to comment. The exposed credentials included password patterns such as the platform name followed by the current year — a pattern CISA itself has warned enterprises against in multiple advisories. The contractor had completed more than a dozen security certifications, all with passing marks.

What this reveals is not primarily a failure of individual hygiene. It is a structural exposure that exists in every organisation relying on contractors who have administrative access and the autonomy to configure their own development environments. The specific failure here — disabling GitHub’s built-in secret detection, using a public repository as a sync mechanism — is a misconfiguration available to every person with admin rights. CISA’s own Secure by Default guidance addresses exactly this class of risk. The fact that it happened here removes any remaining assumption that security-aware institutions are immune to third-party operator risk. The breach occurred while CISA has been operating with roughly 70% of its pre-2025 staffing.

 

Read more on: Krebs on Security

2) Fox Tempest Sold Microsoft-Signed Malware Certificates for $5,000 a Certificate

Fox Tempest operated signspace[.]cloud from May 2025 until Microsoft’s OpFauxSign disruption on May 19, 2026. The service offered malware-signing-as-a-service: for between $5,000 and $9,000, paying customers received Microsoft Artifact Signing certificates valid for 72 hours, which they used to sign their malicious payloads. The certificates were fraudulently obtained by abusing Microsoft’s code signing infrastructure, meaning the resulting binaries appeared legitimate to endpoint security tools that rely on signature validation. Microsoft Threat Intelligence observed Fox Tempest enabling deployments of Rhysida ransomware by the group Vanilla Tempest, as well as Lumma Stealer and Vidar. The operation compromised thousands of machines across multiple countries. Microsoft’s OpFauxSign seized the signspace[.]cloud domain, took hundreds of the operation’s virtual machines offline, and revoked over 1,000 code-signing certificates.

Code signing is a foundational trust signal in modern security architecture. Operating system controls, endpoint detection and response platforms, and enterprise software deployment tools all assign lower risk scores to signed binaries as a matter of design. When that signal is for sale — when any threat actor with $5,000 to $9,000 can obtain a Microsoft-issued certificate for 72 hours — every security layer that uses signature status as a positive indicator is partially compromised. Small and medium-sized enterprises running standard EDR configurations with default trust settings for signed binaries are directly exposed to this class of bypass. The correct architectural response is not to distrust all signed code, but to pair signature verification with behavioural analysis, since signatures only answer the question of origin, not of intent.

The industrialisation of trust-bypass services is the more significant signal. Fox Tempest was not a one-off operation — it maintained a pricing structure, a client base, and a multi-month operational history. The disruption removes one service but not the market demand that created it.

 

Read more on: The Hacker News

3) Iran’s IRGC Is Writing Malware With AI Assistance — and Adapting Faster Than Defenders Can Follow

Nimbus Manticore, an IRGC-affiliated threat group also tracked as UNC1549, conducted a series of escalating campaigns against defence, aerospace, and telecommunications organisations across the United States, Western Europe, and the Middle East between February and April 2026. The group’s primary new tool is MiniFast, a previously undocumented 64-bit Windows backdoor. Check Point Research disclosed the campaign on May 26, 2026. MiniFast communicates with its command-and-control infrastructure over JSON while disguising traffic as a Chrome browser session. Its development exhibits coding patterns consistent with generative AI assistance: excessive defensive error handling around standard API calls, verbose and highly modular naming conventions, and embedded debug-style status messages characteristic of large language model output with limited post-processing.

The operational significance is not that AI was used. It is what AI assistance does to the economics of offensive tooling. Custom malware development historically required sustained engineering effort — days to weeks for a functional, evasive implant. AI-assisted generation compresses that cycle significantly, enabling rapid adaptation when defensive signatures are published. Nimbus Manticore introduced AppDomain hijacking as a new technique alongside a previously unused delivery method — SEO poisoning — and trojanised Zoom installers in its March 2026 campaign, demonstrating precisely this kind of rapid tactical iteration. For defence, aerospace, and manufacturing organisations with supply chain exposure to US primes or European defence contractors, the targeting scope of this campaign is directly relevant.

The broader pattern is clear: nation-state actors are systematically applying generative AI to offensive operations at the tooling layer. This follows the April disclosure of Google’s first AI-generated zero-day and TrapDoor’s use of AI coding assistants as a delivery mechanism earlier this month. The velocity gap between attacker adaptation and defender signature update cycles is widening, not closing.

 

Read more on: The Hacker News

4) Your AI Workflow Orchestrator Is an Actively Exploited Entry Point

Langflow, a widely deployed AI workflow orchestration platform, contains a critical vulnerability chain (CVE-2025-34291, CVSS 9.4) in all versions up to and including 1.6.9. The exploit requires no stolen credentials. A misconfigured CORS policy combined with a refresh token cookie scoped for cross-site delivery (SameSite=None) and absent CSRF protection on the token refresh endpoint allows an attacker to achieve full account takeover and remote code execution by directing a victim to visit a malicious webpage once. CISA added CVE-2025-34291 to its Known Exploited Vulnerabilities catalog on May 21, 2026, with a federal remediation deadline of June 4. Active exploitation has been observed since January 23, 2026. Recorded exploitation has been linked to MuddyWater, the IRGC-affiliated group behind the Microsoft Teams false-flag operation disclosed earlier this month. The fix is an upgrade to Langflow version 1.9.3.

The structural exposure is what makes this story strategically significant. Langflow is not a standalone application — it is an orchestration platform that connects to cloud APIs, vector databases, AI model providers, internal automation systems, and production services via API keys configured in the platform’s workspace. A compromised Langflow instance is not a compromised web application. It is a compromised credential vault for every downstream service the platform has been configured to reach. Organisations that deployed AI orchestration tooling rapidly through 2025 — as many did to accelerate AI adoption — without a dedicated security review of those deployments are carrying active attack surface into 2026.

The generalisation risk is high. Langflow is one platform in a category of AI orchestration tools — n8n, Flowise, Dify, and others — all of which follow similar architectural patterns of connecting to production APIs via stored credentials. The attack surface exposed by CVE-2025-34291 is not specific to Langflow’s code; it reflects a class of misconfiguration risk inherent to rapidly deployed AI integration infrastructure.

Read more on: The Hacker News

5) When Phishing Fails, They Send a Person: Silent Ransom Group Escalates to Physical Office Intrusion

The FBI issued a FLASH alert on May 26, 2026 warning that Silent Ransom Group — a Russia-linked extortion gang targeting US law firms since 2023 — has escalated its attack chain to include physical operatives. The sequence: SRG first contacts firm employees by phone or phishing email, impersonating the firm’s internal IT department, and requests that the employee open a remote desktop session for urgent maintenance or a security scan. When the remote attempt fails — when the employee hangs up, reports the call, or simply does not comply — SRG does not abandon the target. It sends a person to the firm’s physical location, impersonating IT support staff, with the intent of inserting a USB storage device into a connected workstation to exfiltrate data directly. The FBI has documented this physical escalation as a systematic fallback, not an isolated incident. More than 38 law firms have already had data published on SRG’s leak site. The total victim count exceeds 100, with activity surging sharply in early 2026. A notable victim, Orrick, Herrington and Sutcliffe — a firm with over $1.5 billion in annual revenue and 25+ global offices — had data leaked after refusing to pay.

The strategic implication is not primarily that law firms are being targeted. It is that the attack chain is now complete across all access vectors. Most enterprise security frameworks treat physical security and cybersecurity as separate domains. Badge access controls, visitor policies, and reception desk procedures are managed by facilities teams, not security operations. SRG’s playbook deliberately exploits that gap. When cyber controls hold and social engineering by voice fails, the attacker arrives in reception impersonating the IT team. Professional services firms — law, finance, M&A advisory — holding client data under legal privilege carry the highest-value targets for this model. The FBI’s indicators are specific: unauthorised USB devices connected to workstations, unidentified individuals claiming to be IT support, and unexpected remote desktop session requests from purported internal helpdesk contacts.

The trend this signals is convergence. Ransomware and extortion groups are no longer purely digital operations. The physical dimension of security — who is in the building, why they are there, and what they have access to — is now a component of enterprise threat modelling, not a separate domain.

 

Read more on: BleepingComputer

If this week tells us anything, it’s this:

The attacks that matter most in 2026 are not the ones trying to break through your defences. They are the ones that ask what your defences are built on — and find the answer inadequate. CISA’s credentials were not stolen through a sophisticated breach. They were left in public because a contractor used basic tooling with poor hygiene and no automated detection caught it for six months. Fox Tempest did not break Microsoft’s code-signing infrastructure. It rented access to a system that had already granted it legitimate-looking certificates. Nimbus Manticore is not a faster version of last year’s threat actor. It is an AI-assisted operation that reduces the gap between attacker adaptation and defender response to near zero. Langflow was not a poorly designed tool. It was a rapidly deployed tool whose security review was deferred by organisations more focused on capability than control.

The Silent Ransom Group story is, in this context, the most important signal of the week — not because physical office intrusion is technically sophisticated, but because it reveals what happens when every digital control works as intended. When phishing fails, when remote desktop requests are refused, when MFA holds, the attacker sends a human. The completeness of that playbook is the message. Security architecture that has not modelled a determined adversary cycling through digital, voice, and physical access vectors in sequence is not a complete security architecture. The attack surface in 2026 includes the reception desk.

For more information, please contact us now!