Breach Roundup: US Lawmakers Sound Alarm on AI Bug Hunters

Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response Breach Roundup: US Lawmakers Sound Alarm on AI Bug Hunters Also, YellowKey Bypasses BitLocker, Škoda Breach, Kingdom Market Operator Jailed Pooja Tikekar (@PoojaTikekar) • May 14, 2026     Credit Eligible Get Permission Image: Shutterstock Every week, ISMG rounds up cybersecurity incidents and breaches around the world. This week, U.S. lawmakers urged federal action ahead of an artificial intelligence wave of vulnerability disclosures and a researcher disclosed a BitLocker bypass privilege-escalation exploits targeting Windows 11 and Server 2025. Škoda, Nvidia’s GeForce NOW partner and telehealth firm OpenLoop reported breaches. Microsoft patched 120 vulnerabilities in a rare zero-day-free Patch Tuesday, a Kingdom Market operator sentenced and pro-Ukraine hacking and Iran-linked MuddyWater intensified espionage campaigns. Nitrogen ransomware claimed theft of Apple and Nvidia-linked data from Foxconn systems. See Also: How Organizations Are Strengthening Defenses Against Scattered Spider US Lawmakers Entreat White House to Act on Coming Wave of AI-Discovered Vulnerabilities Nearly three dozen bipartisan members of the U.S. House of Representatives exhorted the White House to work out a plan for handling the coming cascade of vulnerability disclosures generated by advanced artificial intelligence. The lawmakers, led by Rep. Bob Latta, R-Ohio, wrote National Cyber Director Sean Cairncross to propose that the White House convene a clutch of federal agency officials and private sector executives to work out how to handle security flaws in what might be termed the post-Mythos era of cybersecurity. The Anthropic-made frontier model - along with close competitors - has made waves for weeks now over its advanced vulnerability observing capabilities. Organizations including the European Central Bank and the International Monetary Fund have sounded warnings that Mythos-level models will require a cybersecurity recalibration (see: ECB: AI Means European Banks Must Hasten Cybersecurity Pace). Letter signatories - there are 35 in total - also said the federal government should encourage AI developers to routinely provide early access to open-source maintainers, non-profit security organizations and developers who command a large install base. The federal government should offer patching assistance to critical infrastructure operators who lack sufficient cybersecurity capacity, they said. How news of new vulnerabilities becomes public should be subject to a framework for deciding when to restrict proof of concepts or vulnerability chains to just affected vendors or "vetted defenders." The government ought to be ready for new jumps in AI capabilities, the letter also states. Lawmakers recommend developing a process for determining "what types of vulnerabilities a model can reliably discover or exploit; the token cost per useful vulnerability, exploit, or patch; and the effectiveness of post-training guardrails to prevent misuse." A number of tech mainstays have reported using AI to find previously hidden bugs. Palo Alto Networks told Axios it identified 75 vulnerabilities through Anthropic and OpenAI tools. Firefox browser maker Mozilla disclosed finding 271 vulnerabilities through Mythos. YellowKey and GreenPlasma Flaws Target Windows 11 and Server 2025 Attackers with physical access to a Windows device could bypass Microsoft BitLocker and access encrypted drives using a newly published proof-of-concept exploit targeting the Windows Recovery Environment, or WinRE. A second exploit released simultaneously targets a core Windows input service to achieve system-level privileges. A security researcher using the aliases "Nightmare-Eclipse" and "Chaotic Eclipse" released the exploits on GitHub, claiming they affect Windows 11 and Windows Server 2022 and 2025 systems but not Windows 10. The first exploit, dubbed "YellowKey" involves placing specially crafted files on a USB drive or EFI partition and booting the target system into WinRE. Holding the control key during the reboot sequence spawns a command shell with access to BitLocker-protected volumes. The vulnerability does not require an external storage device. The researcher said YellowKey exploits NTFS transactions in combination with the Windows Recovery image. The exploit relies on a functionality present only inside the WinRE image. A component with the same name exists in standard Windows installations but lacks the behavior that triggers the bypass - a discrepancy the researcher describes as evidence of a deliberate backdoor. The exploit works against the default TPM-only BitLocker configuration used on most consumer machines. The researcher claims the flaw also works against TPM+PIN configurations but has declined to publish that version, saying "what's out there is already bad enough." A threat researcher who goes by the alias KevTheHermit on X said the exploit works, though the required key presses are "a bit hit or miss." The second exploit, "GreenPlasma," targets the ctfmon process - which runs as system in every interactive session and handles text input features. The exploit plants an arbitrary memory section, tricking ctfmon into interacting with it by manipulating a chain of Windows registry tricks and permission rules. In its current state it triggers a user account control prompt in default Windows configurations. "If you're smart enough, you can turn this into a full privilege escalation," the researcher said. Microsoft researchers in 2025 disclosed multiple WinRE-related flaws collectively tracked as "BitUnlocker." Nightmare-Eclipse previously released Windows-focused offensive tools including "BlueHammer," "RedSun" and "UnDefend," targeting privilege escalation, Microsoft Defender protections and a denial-of-service vulnerability, respectively. Škoda Discloses Customer Data Breach After Online Shop Hack Attackers exploited a vulnerability in the standard software used by Škoda Auto's German online shop to gain unauthorized access to customer data, the automaker disclosed. Škoda, a Czech subsidiary of Volkswagen, said it identified the breach during routine security monitoring and temporarily shut down the online shop to patch the flaw. Exposed information includes customer names, postal addresses, email addresses, phone numbers, order details and account information. Password hashes were also compromised. The company said payment card data was not affected since third-party service providers handle financial processing. Škoda said limitations in logging data prevented investigators from determining whether customer information was exfiltrated. Microsoft Patches 120 Vulnerabilities in Rare Zero-Day-Free Patch Tuesday Microsoft's May 2026 Patch Tuesday fixed approximately 120 vulnerabilities across Windows, Office, SharePoint, Azure and enterprise productivity platforms. No zero-day vulnerabilities were disclosed. The release includes 17 critical vulnerabilities, most involving remote code execution. Among the most serious is CVE-2026-41089, a stack-based buffer overflow in Windows Netlogon that could allow attackers to gain SYSTEM privileges on domain controllers without user interaction. Microsoft also patched CVE-2026-41103, an Entra ID authentication bypass vulnerability that could allow attackers to impersonate users. CVE-2026-41096 is a Windows DNS client flaw enabling remote code execution through crafted DNS responses that trigger memory corruption. Another significant patch addressed CVE-2026-40365, a SharePoint Server remote code execution vulnerability that allows authenticated attackers with site owner privileges to execute arbitrary code remotely. Microsoft fixed CVE-2026-35421, a Windows GDI flaw exploitable via malicious EMF files opened in Microsoft Paint. Office-related vulnerabilities featured prominently in the release, including multiple remote code execution flaws affecting Word and Excel. These include CVE-2026-42831, CVE-2026-40363, CVE-2026-40358, CVE-2026-40362 and CVE-2026-40359 - several of which can be triggered through the preview pane without opening an attachment. Nvidia GeForce NOW Partner Discloses Breach After Data Sale Claim A third-party partner operating Nvidia's GeForce NOW service in Armenia disclosed a data breach after a threat actor offered millions of user records for sale on a cybercrime forum. A threat actor posting under a "ShinyHunters" handle on BreachForums, said the stolen database - for sale for $100,000 - contained names, email addresses, usernames, dates of birth, membership status, second factor authentication status and phone numbers. The real ShinyHunters group denied involvement, stating the poster was an impersonator - a pattern previously associated with threat clusters UNC6040 and UNC6240, tracked by Google Threat Intelligence, which have previously impersonated ShinyHunters to increase pressure on victims. The forum post is no longer active. Armenia-based cloud gaming provider GFN.am said attackers accessed its systems between March 20 and March 26. Passwords were not compromised, and users who registered after March 9 were not affected. Nvidia said the incident was limited to systems operated by its GeForce NOW Alliance partner and said Nvidia-operated infrastructure was unaffected. Kingdom Market Operator Sentenced in Darknet Drug, Fraud Marketplace Case A Slovakian national received 16 year prison sentence for helping run Kingdom Market, a darknet marketplace that sold drugs, stolen personal data and fraudulent documents, the U.S. Department of Justice announced Friday. Alan Bill, 33, of Bratislava, pleaded guilty in January to conspiracy to distribute controlled substances. He helped operate Kingdom Market between March 2021 and December 2023. The marketplace facilitated sales of fentanyl, methamphetamine, counterfeit currency, malware and stolen identification records using cryptocurrency and anonymous accounts. Bill allegedly handled site administration, managed forum pages on Reddit and Dread, and promoted the marketplace online under aliases including "Vend0r" and "KingdomOfficial." The December 2023 takedown of Kingdom Market involved coordinated action by U.S. agencies alongside law enforcement from Germany, Switzerland, Moldova and Ukraine. Hacktivist Group BO Team Intensifies Espionage Operations Against Russia Pro-Ukraine hacktivist group BO Team expanded attacks against Russian organizations while deploying updated versions of its ZeronetKit malware and collaborating with another threat actor known as Head Mare, cybersecurity firm Kaspersky said. The campaign, observed in the first months of this year, targeted manufacturing, telecom and oil-and-gas companies after earlier focusing on healthcare organizations. BO Team has moved away from overtly destructive operations and toward stealthier, espionage intrusions, researchers said. Kaspersky also identified a Linux tool called "ZeroSSH." The researchers linked BO Team to Head Mare through overlapping infrastructure and tooling, including command-and-control systems operating on the same compromised host. Kaspersky previously tied Head Mare to attacks on Russian organizations through shared C2 servers and malware also associated with another hacktivist group called Twelve. BO Team, also tracked as Black Owl, Lifting Zmiy and Hoody Hyena, has been active since at least 2024 and is known for phishing-led intrusions against Russian organizations. The group has previously been linked to operations supporting Ukrainian interests, including attacks targeting a major Russian drone supplier (see: Ukrainian Hackers Claim Major Hit on Russian Drone Supplier). Iranian Hackers Mask Espionage Campaign as Chaos Ransomware Attack Iranian state-backed hackers earlier this year disguised an espionage campaign as a Chaos ransomware attack to evade detection and complicate attribution, found research from Rapid7. Rapid7 linked the activity to MuddyWater, also known as Seedworm, an Iranian threat actor tied to the country's Ministry of Intelligence and Security. The attackers reportedly used the Chaos ransomware brand as a false flag while focusing primarily on long-term access and data theft rather than file encryption. The campaign began with Microsoft Teams-based social engineering, where attackers convinced employees to participate in screen-sharing sessions. The hackers harvested credentials, manipulated multifactor authentication settings and deployed remote access tools such as DWAgent and AnyDesk to maintain persistence. Researchers said the attackers also used a custom remote access Trojan named Game.exe, disguised as a Microsoft WebView2 application. The malware enabled command execution, file manipulation and persistent remote shell access. The attackers did not prioritize encrypting systems. Instead, they focused on exfiltrating information while using ransomware branding and extortion tactics to distract defenders from the underlying espionage activity. Rapid7 said technical evidence tying the campaign to MuddyWater included overlaps in command-and-control infrastructure and the use of a code-signing certificate previously associated with Iranian state-backed operations. Nitrogen Ransomware Gang Claims Theft of Apple, Nvidia Files in Foxconn Breach Taiwanese electronics manufacturing giant Foxconn disclosed a cyberattack affecting some of its North American factories after the Nitrogen ransomware group claimed it stole eight terabytes of data tied to tech giants Apple, Nvidia, Google, Dell and Intel projects. The ransomware gang said it exfiltrated more than 11 million files, including confidential project documents, technical drawings and customer-related data. Samples posted on Nitrogen's leak site referenced Nvidia materials. The disruption impacted operations at Foxconn facilities in the United States, with some employees temporarily reverting to manual processes during the outage. Nitrogen, active since 2023, initially operated as a malware loader deploying BlackCat/ALPHV ransomware before developing its own strain using leaked Conti 2 builder code. Researchers previously warned that a coding error in the group's ESXi decryptor can make encrypted files unrecoverable even after ransom payment. OpenLoop Revises Patient Toll in January Hack to 716,000 Iowa-based telehealth firm OpenLoop told federal regulators a hacking incident identified in January has affected 716,000 patients. The company had previously reported the data theft to various state regulators as affecting fewer individuals. A threat actor that goes by the moniker Stuckin2019 claimed in March to have stolen data for 1.6 million OpenLoop patients, according to Databreaches.net. OpenLoop, in its breach notice, said that on Jan. 7 it learned that an unauthorized third party had gained access to various company systems, removing "certain information." An investigation into the incident determined that the unauthorized access occurred over a two day period. The incident potentially compromised individuals name, address, date of birth and medical information, but did not involve access to electronic health records, Social Security number, or financial account information, OpenLoop said. The company on its website said its "AI-powered" telehealth platform is used by 20,000 clinicians and serves 250,000 patients per month across all 50 states. Other Stories From This Week Belarus Hackers Target Ukraine With Spear-Phishing Russian Attacks on Polish Water Utilities Use Fear as Weapon UK Plans Overhaul of Cybersecurity Law Stymieing Researchers Utah Moves Ahead With AI-Powered Rx Refills Despite Pushback Mass Supply-Chain Attack Slams npm and PyPi, Hits Mistral AI With reporting from ISMG's Marianne Kolbasuk McGee in the Boston exurbs and David Perera in Northern Virginia.