{"id":8064,"date":"2026-05-29T12:00:00","date_gmt":"2026-05-29T09:00:00","guid":{"rendered":"https:\/\/blog.eset.ee\/et\/2026\/05\/29\/this-month-in-security-with-tony-anscombe-may-2026-edition\/"},"modified":"2026-05-29T12:00:00","modified_gmt":"2026-05-29T09:00:00","slug":"this-month-in-security-with-tony-anscombe-may-2026-edition","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2026\/05\/29\/this-month-in-security-with-tony-anscombe-may-2026-edition\/","title":{"rendered":"This month in security with Tony Anscombe \u2013 May 2026 edition"},"content":{"rendered":"<p>It\u2019s that time of month when ESET Chief Security Evangelist <a href=\"https:\/\/www.welivesecurity.com\/our-experts\/tony-anscombe\/index.html\">Tony Anscombe<\/a> looks back at some of the top cybersecurity stories that made the news over the past 30 or so days and offers insights that the they may hold for your own cyber-defenses. Here&#8217;s some of what caught Tony\u2019s attention in May 2026:<\/p>\n<ul type=\"disc\">\n<li>Poland\u2019s Internal Security Agency (ABW) has <a href=\"https:\/\/www.securityweek.com\/polish-security-agency-reports-ics-breaches-at-five-water-treatment-plants\/\">released information<\/a> about cyber-intrusions into ICS (industrial control systems) at five water treatment facilities in the country in 2024 and 2025. The two main attack vectors \u2013 weak passwords and systems exposed directly to the internet \u2013 were the same as those used in attacks against the Polish energy sector that leveraged DynoWiper described by ESET researchers <a href=\"https:\/\/www.welivesecurity.com\/eset-research\/dynowiper-update-technical-analysis-attribution\/index.html\">here<\/a>.<\/li>\n<li>An unknown group recently exfiltrated troves of data from the government of Mexico in what has been <a href=\"https:\/\/www.darkreading.com\/ics-ot-security\/worlds-first-ai-driven-cyberattack-couldnt-breach-ot-systems\">described<\/a> as one of the world&#8217;s first truly AI-directed attacks, but the subsequent attack against a water utility plant failed to bridge the gap from IT to OT systems,<\/li>\n<li>Google has <a href=\"https:\/\/www.securityweek.com\/google-detects-first-ai-generated-zero-day-exploit\/\">identified<\/a> what it believes is the first zero-day exploit developed using AI<\/li>\n<li>Americans lost more than $388 million last year to scams using cryptocurrency kiosks, <a href=\"https:\/\/www.ic3.gov\/PSA\/2026\/PSA260515-2\">according to the FBI<\/a>.<\/li>\n<\/ul>\n<p>What are some key mitigation steps against attacks targeting OT systems? How do scams crypto ATMs work and how to stay safe? Learn this and more in Tony&#8217;s video and be sure to check out the <a href=\"https:\/\/www.welivesecurity.com\/month-security-tony-anscombe-april-2026\/index.html\">April 2026<\/a> edition of Tony&#8217;s monthly security news roundup for more insights.<\/p>\n<\/p>\n<p class=\"wls-source\"><a href=\"https:\/\/www.welivesecurity.com\/en\/videos\/month-security-tony-anscombe-may-2026\/\" rel=\"nofollow noopener\" target=\"_blank\">Read the full analysis on WeLiveSecurity \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit<\/p>\n","protected":false},"author":5,"featured_media":8065,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2914],"tags":[],"class_list":["post-8064","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-media"],"acf":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/8064","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=8064"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/8064\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/8065"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=8064"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=8064"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=8064"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}