Cyber Security News

Hacking Editorial Brief – May 16, 2026

Iranian-Linked Actors Target US Fuel Infrastructure

US officials suspect Iranian threat actors are behind a series of intrusions into automatic tank gauge (ATG) systems at gas stations across the United States. The hackers exploited unprotected ATG systems to manipulate display readings, though fuel levels themselves were not altered. Iran has previously targeted ATG infrastructure, making attribution plausible, though investigators note attackers left minimal forensic evidence. The campaign represents a continuation of Iranian activity against US critical infrastructure, focusing on operational technology systems with weak security controls.

Ransomware Groups Strike Manufacturing and Education Sectors

The Nitrogen ransomware group has claimed responsibility for a cyberattack on Foxconn Technology Group that impacted North American manufacturing facilities around May 12. Attackers reportedly exfiltrated eight terabytes of confidential data during the breach. Separately, the Canvas learning management system experienced a cyberattack that disrupted access for thousands of users, with reports indicating a deal has been reached with attackers to delete stolen data. Meanwhile, active exploitation has begun of CVE-2026-6973, a remote code execution vulnerability in Ivanti Endpoint Manager Mobile that grants administrative access. Security researchers have also documented use of the OrBit rootkit to harvest SSH and sudo credentials from compromised Linux systems through operator-driven configuration of existing malware code rather than new development.

Sources: JSON Line · East Idaho News · Cyber Magazine · The Hacker News · Cybersecurity News