CyberStrikeAI Hits FortiGate and French Medical Data Leaks [Prime Cyber Insights]

[00:00] Announcer: From Neural Newscast, this is Prime Cyber Insights, Intelligence for Defenders, Leaders and Decision [00:05] Announcer: Makers. [00:06] Aaron Cole: I'm Aaron Cole. [00:08] Aaron Cole: Today's briefing from March 4th, 2026 covers the escalation of AI-driven offensive operations [00:15] Aaron Cole: and a significant data breach in the healthcare sector. [00:18] Lauren Mitchell: I am Lauren Mitchell. [00:20] Lauren Mitchell: Joining us to provide a systems-level perspective on enterprise risk is Chad Thompson, a director-level [00:26] Lauren Mitchell: AI and security leader. [00:28] Lauren Mitchell: Tad, it is great to have you with us. [00:31] Aaron Cole: We start with a significant shift in AI-assisted offensive capabilities. [00:36] Aaron Cole: Researchers at Team Kumru have identified an open-source platform known as Cyber Strike AI. [00:43] Aaron Cole: This tool is currently being leveraged in mass scanning campaigns targeting Fortinet Fortigate appliances. [00:50] Aaron Cole: Developed by a Chinese national using the alias Edwons0NZ, [00:56] Aaron Cole: the platform integrates over 100 security tools for automated vulnerability discovery and attack chain analysis. [01:03] Lauren Mitchell: The sheer scale is notable, Aaron. [01:06] Lauren Mitchell: Amazon Threat Intelligence reports that over 600 appliances across 55 countries have already been compromised. [01:13] Lauren Mitchell: While the scanning itself is automated, the developer appears to have ties to state-aligned contractors like Knownsec404. [01:21] Lauren Mitchell: Chad, we are seeing these tools scrubbed of obvious state ties on GitHub to maintain their viability. [01:28] Lauren Mitchell: How does this evolve the enterprise risk profile? [01:30] Chad Thompson: It significantly lowers the barrier to entry, Lauren. [01:34] Chad Thompson: When a platform like CyberStrike AI packages reconnaissance and exploitation into a Go-based automated framework, [01:41] Chad Thompson: The threat shifts from artisanal hacking to industrial-scale scanning. [01:48] Chad Thompson: Enterprises are no longer just defending against a threat actor. [01:53] Chad Thompson: They are up against a highly efficient, AI-augmented pipeline that can pinpoint a vulnerable appliance in a matter of minutes. [02:04] Lauren Mitchell: Building on that, this tool integrates models like DeepSeek and Anthropic Claude for its internal logic. [02:12] Lauren Mitchell: Does the open-source nature of these offensive tools make them more difficult to block at the perimeter? [02:19] Chad Thompson: Exactly. [02:20] Chad Thompson: Because these frameworks are built on legitimate generative AI services and integrated with standard scanning protocols, [02:27] Chad Thompson: their traffic often blends in with routine administrative or testing activity. [02:32] Chad Thompson: The developer is also distributing tools for jailbreaking chat GPT and detecting privilege escalation. [02:39] Chad Thompson: Essentially building a complete, automated ecosystem for initial access. [02:44] Aaron Cole: Turning to data privacy, the French healthcare software provider Sejidim Sante has confirmed a major breach. [02:52] Aaron Cole: Reports this week indicate that 15.8 million records were exfiltrated from their Mon Logisil medical platform. [03:00] Aaron Cole: Chad, given your focus on resiliency, does this suggest a fundamental failure in third-party [03:05] Aaron Cole: supply chain oversight within healthcare? [03:07] Chad Thompson: It highlights a persistent vulnerability in the handling of administrative doctor notes, [03:13] Aaron Cole: Aaron. [03:15] Chad Thompson: In this instance, 165,000 files contain sensitive comments regarding HIV status and sexual [03:23] Chad Thompson: orientation. [03:25] Chad Thompson: While the structured medical records remain secure. [03:28] Chad Thompson: The unstructured administrative data was the weak point. [03:33] Chad Thompson: Resilience now requires looking beyond the core database to the metadata, [03:37] Chad Thompson: and practice notes that are often less protected. [03:41] Lauren Mitchell: That is a critical distinction. [03:43] Lauren Mitchell: Thank you for that context, Chad. [03:45] Lauren Mitchell: Moving to remediation, CISA has added a VMware ARIA operations flaw [03:51] Lauren Mitchell: to its Known Exploited Vulnerabilities Catalog. [03:55] Lauren Mitchell: Tracked as CVE-2026-22719, this high-severity command injection vulnerability allows unauthenticated attackers to execute arbitrary commands. [04:10] Lauren Mitchell: Broadcom has released patches and federal agencies have until March 24th to secure their systems. [04:17] Aaron Cole: We are also monitoring a major update from Google which has released the March 2026 security update for Android. [04:23] Aaron Cole: It addresses 129 vulnerabilities including 10 critical bugs and a high-severity graphics component flaw, CVE 2026-21,385. [04:35] Aaron Cole: Google indicates this specific flaw is under limited targeted exploitation and impacts over [04:41] Aaron Cole: 230 different Qualcomm chipsets. [04:43] Lauren Mitchell: The Android update is split into two patch levels, with pixel devices receiving the fix first. [04:50] Lauren Mitchell: Given the zero-day involvement in the graphics module, this is not an update to delay, Aaron. [04:56] Lauren Mitchell: It is a demanding week for infrastructure teams ranging from AI-driven network scanners to critical, mobile, and hypervisor patches. [05:04] Aaron Cole: That concludes today's briefing. I'm Aaron Cole. [05:08] Lauren Mitchell: And I'm Lauren Mitchell. For full technical indicators, visit pci.neuralnewscast.com. [05:15] Lauren Mitchell: Prime Cyber Insights is a production of Neural Newscast. [05:20] Lauren Mitchell: This briefing is for informational purposes only [05:23] Lauren Mitchell: and does not constitute professional security advice. [05:26] Lauren Mitchell: Neural Newscast is AI-assisted, human-reviewed. [05:30] Lauren Mitchell: View our AI transparency policy at neuralnewscast.com. [05:34] Lauren Mitchell: Stay resilient. [05:36] Announcer: This has been Prime Cyber Insights on Neural Newscast. [05:40] Announcer: Intelligence for Defenders, Leaders, and Decision Makers. [05:43] Announcer: Neural Newscast uses artificial intelligence in content creation, [05:46] Announcer: with human editorial review prior to publication. [05:50] Announcer: While we strive for factual, unbiased reporting, [05:52] Announcer: AI-assisted content may occasionally contain errors. [05:56] Announcer: Verify critical information with trusted sources. [05:59] Announcer: Learn more at neuralnewscast.com.