AI Supply Chain Exploits, Cyber-Kinetic Threats, and the FUD-X

This week on Dragon News Bytes, Eli Woodward and Will Baxter welcome Stephen Campbell, Team Cymru's new Senior Threat Intel Advisor, to the show. The team breaks down an intense week of AI-assisted supply chain compromises, the expanding blast radius of Iranian cyber operations, and the operational security (OPSEC) failures of rival ransomware gangs. Plus, the hosts issue a strong call to action for the CTI industry: stop burning valuable intelligence methods just for blog clicks.

‍

Topics & References

‍

Part 1: The Pace of Business and AI-Assisted Discovery

• SAP Package Compromise: Team PCP is actively targeting the software supply chain, highlighted by a recent compromise within the SAP cloud ecosystem.
• AI as a Discovery Engine: Threat actors are continuously deploying agents to hunt for low-hanging fruit, such as unhardened software package libraries.
• The Linux "Copy Fail" (CVE 2026-31431): An AI-focused research company discovered a new local privilege escalation vulnerability in Linux.
• The Business Reality: The rapid pace of shipping products and integrating AI models creates vulnerabilities at scale.

Part 2: The Expanding Target Space

• Iranian Cyber-Kinetic Threats: Due to resource constraints, Iranian threat actors are deploying a "spray and pray" methodology targeting any Western-aligned organization.
• Sector Impact: The risk has heavily expanded beyond the defense sector into financial and healthcare organizations, as seen with the Handala group targeting healthcare in Minnesota.
• Terrorism as a Service: An alleged Iranian-linked Telegram contact offered an undercover journalist cryptocurrency to carry out street-level vandalism in London.

Part 3: Ransomware Drama and Industry OPSEC

• Zero APT vs. CryBit: The ransomware group Zero APT faced a massive data leak in retaliation from a rival group known as CryBit.
• Creating a "Flail-X": Defenders can leverage these threat actor OPSEC mistakes and internal disputes to impose higher operational costs and friction on adversaries.
• Stop Burning Intelligence: The hosts criticized the CTI industry trend of publishing sensitive adversarial infrastructure and methods publicly for blog traffic, urging professionals to use trusted channels like ISACs instead.

Events & Community

‍

• RISEx Frankfurt: May 28th in Frankfurt, Germany‍
  
  • 🔗 to register: https://www.team-cymru.com/events/rise-frankfurt-2026

• RISEx Chicago: June 3rd in Chicago, IL‍
  
  • 🔗 to register: https://www.team-cymru.com/events/rise-chicago-2026
• RISEx New York: June 16 in New York City, US‍
  
  • 🔗 to register: https://www.team-cymru.com/events/rise-new-york-city-2026

• RISEx DC: June 11 in Washington DC, US
  
  • 🔗 to register: https://www.team-cymru.com/events/risex-dc

• Underground Economy: September 7th -9th in Strasbourg, France‍
  
  • 🔗 to register: https://www.team-cymru.com/events/underground-economy-2026

Connect with Us:
‍

• Follow us on LinkedIn: https://www.linkedin.com/company/team-cymru
• Subscribe to the Dragon News Bytes feed: https://www.team-cymru.com/dnb

Disclaimer: The views expressed in this podcast are those of the hosts and do not necessarily reflect the official policy or position of our employers.

‍