Cybersecurity News
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
Reported: May 31, 2026 | Source: The Hacker News
Dutch law enforcement has taken down a botnet responsible for infecting devices worldwide, The Hacker News reported. According to the Dutch National Police (Politie) and the National Cyber Security Center (NCSC), the bot network consisted of at least 17 million infected devices, including computers, tablets, smartphones, and IoT devices.
How the Botnet Operated
More than 200 servers located in the Netherlands served as the platform’s backend infrastructure. Police seized a subset of those servers from a Netherlands-based hosting provider, which subsequently took the botnet offline.
Authorities did not officially name the botnet. However, local news outlet NL Times identified the service as Asocks, a company that sells residential proxy subscriptions for $5 to $15 per month.
According to a statement issued by the NCSC, devices become part of a botnet when attackers gain access and install malware that allows remote control. Those compromised devices are then used to route malicious traffic or carry out cyberattacks.
Residential proxy networks like Asocks have legitimate uses, but their infrastructure is frequently exploited by bad actors seeking to mask criminal activity behind real devices.
Protecting Devices from the Botnet Cyber Threat
The NCSC recommends that organizations and individuals keep their operating systems up to date, maintain visibility of edge devices like routers, use strong passwords, and enable two-factor authentication wherever possible. Organizations should also install applications only from trusted sources and secure Wi-Fi networks using WPA2 or WPA3 protocols.
Nordic CISOs Provide International Counterparts with Benchmarks for Cyber Threat Preparedness
Reported: May 28, 2026 | Source: Dark Reading
Security leaders across the Nordic countries are holding the line against a growing volume of attacks, according to a Dark Reading report. The news outlet cited findings from the Nordic CISO Report 2026, published by cybersecurity firm Truesec.
Despite a measurable rise in threat activity, the majority of CISOs in northern Europe say the number of severe incidents at their organizations has not grown.
A Significant Drop in Severe Cyber Threat Incidents
The report is based on in-depth interviews with CISOs from leading Nordic organizations across both the private and public sectors. Only 9% of respondents said severe cyber incidents had increased over the past two years. That’s a sharp drop from 2024, in which 53% of CISOs reported an increase.
The authors attribute the improvement to stronger detection capabilities and faster incident response, rather than any slowdown in attack activity.
That said, the picture isn’t entirely positive as “Time-to-Exploit” has decreased dramatically. The time between a vulnerability’s disclosure and its active exploitation has dropped from 53 days in 2024 to just 2.4 days in 2026.
CISOs also reported a rise in smaller incidents and attack attempts, which suggests attackers are probing more aggressively even if fewer breaches are succeeding.
Broader Lessons for Security Leaders
CISOs around the world can follow the example from Nordic security leaders by investing in faster detection, security automation, and strong incident response capabilities. These investments could significantly reduce risk, even as AI accelerates cyber threats like phishing campaigns and identity-based attacks.
Ransom Group Breaches Organizations by Impersonating IT Staff, Sometimes in Person
Reported: May 29, 2026 | Source: Infosecurity Magazine
A cyber threat actor known as the Silent Ransom Group (SRG) has escalated its tactics to breach systems, this time targeting law firms. Infosecurity Magazine reported that, in at least some cases, it has even sent operatives impersonating IT staff to victims’ physical locations to gain access to systems.
it has targeted financial organizations in the past. The FBI issued a Flash Alert warning organizations about the group’s expanding social engineering methods, which also include phone-based IT impersonation and phishing attacks.
SRG Attacks are Cunning and Sophisticated
According to the FBI Flash Alert, SRG, also known as Luna Moth, Chatty Spider, and UNC3753, has targeted US-based law firms since 2023. Although currently targeting law firms, SRG has also victimized companies in insurance, finance, and healthcare.
Historically, SRG ran callback-style phishing schemes in which victims were tricked into calling a fake support line and granting remote access to their devices.
As of spring 2026, the group has taken a more aggressive approach. Attackers contact employees by phone or email, posing as IT staff and urging them to grant access to a remote desktop session. If that fails, SRG sends someone in person to the victim’s office, claiming to need physical access to “image” the device or create a backup file.
Once access is obtained, the group moves quickly to exfiltrate data using tools like WinSCP, Rclone, or by copying files directly to an external drive. Traditional antivirus products are unlikely to flag the intrusion because SRG relies on legitimate remote access and system management tools.
Recommendations from the FBI
The FBI recommends that firms take the following steps:
- Verify the identity of all individuals accessing company spaces, including obtaining copies of visitors’ ID cards
- Develop clear policies about how IT staff will identify and authenticate themselves to employees
- Train staff to recognize and report phishing and social engineering attempts
- Require phishing-resistant multi-factor authentication wherever possible
- Disable external drive installation permissions on computers with access to sensitive data
Cybersecurity Tips
Cisco Study: AI Creators’ Security Claims Didn’t Hold When Models Were Tested Against Realistic, Iterative Attacks
Reported: May 27, 2026 | Source: CSO Magazine
Financial firms are scaling enterprise AI to create new services and capabilities, and they rely on their security teams to keep their operations secure and compliant. Security leaders, in turn, rely on AI vendors’ published safety scores when selecting and deploying large language models (LLMs).
However, according to a blog post by Cisco about its recent study, security leaders may be operating on incomplete information.
CSO Magazine reported on the study, which found that frontier AI models perform significantly worse under realistic multi-turn attacks than their official safety benchmarks suggest. The blog post was released alongside a recent study conducted by Cisco, entitled “Proprietary Problems: How Frontier Closed Models Collapse Under Iterative Pressure.”
The full report on Cisco’s study is available online (PDF).
Safety Benchmarks Focus on Single-Prompt Threats
The problem, Cisco’s researchers argue, is that the dominant safety benchmarks for AI models are built around a single prompt and a single response. Those benchmarks inform model cards, safety reports, and procurement decisions across the industry.
Attackers don’t typically stop after one failure. Instead, they reframe their prompts, break tasks up across multiple exchanges with the model, adopt personas, and escalate the cyber threat gradually. These are all strategies that single-turn benchmarks cannot detect.
To test this, Cisco researchers ran 30,090 single-prompt attacks across 15 widely used frontier models, running 6,986 multi-turn attacks for comparison. The results showed that most models fell victim to considerably higher attack success rates (ASR) under multi-turn conditions.
Here are some of the highlights from the report:
- Anthropic’s Claude Opus 4.6 had a single-turn ASR of 3.64%. Under multi-turn attacks, that rate climbed to 16.20%.
- OpenAI’s GPT 5.4 went from 2.74% to 24.68%.
- The most dramatic shift belonged to Google’s Gemini 3 Pro, which went from 18.10% to 73.35%.
- Configuration makes a difference: xAI’s Grok 4.1 Fast had a multi-turn ASR of 88.30% in non-reasoning mode, which dropped to 43.47% when reasoning was turned on.
What CISOs Should Do About the AI Cyber Threat
Cisco’s researchers are calling for a new generation of benchmarks that reflect real-world attack conditions, including the adversarial techniques catalogued by OWASP and similar organizations. They also recommend that AI vendors publish ASRs for both single-turn and multi-turn attacks, broken down by attack strategy and configuration settings.
The researchers recommend that any model demonstrating a difference greater than 15 percentage points between its single-turn and multi-turn ASR should trigger a manual review before deployment.
Upcoming regulatory requirements, including the NIST AI Risk Management Framework, the draft NIST Cyber AI Profile (IR 8596), and Article 15 of the EU AI Act, are calling for adversarial testing. Security leaders who start evaluating models under multi-turn attack conditions now will be better positioned when those requirements become mandatory.
