SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.
This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.
Here are this week’s highlights:
Iranian hackers suspected in US gas station tank monitor breaches
US officials believe Iranian hackers breached automatic tank gauge (ATG) systems that monitor fuel levels in underground storage tanks at gas stations across multiple states. The attackers exploited unprotected, internet-connected devices lacking passwords and were able to alter display readings, though they could not change actual fuel volumes. While no physical damage or safety incidents have occurred, the intrusions have sparked concerns that such access could potentially mask gas leaks or create other risks to critical infrastructure. The cybersecurity industry has long warned about the risks posed by exposed, unprotected ATG systems.
CISA contractor exposes credentials
A contractor working for CISA left a public GitHub repository named Private-CISA openly accessible for months, exposing administrative keys to multiple AWS GovCloud accounts along with plaintext passwords for internal CISA systems, Brian Krebs reported. While CISA states there is no evidence of unauthorized access to sensitive data so far, the exposed credentials could have allowed attackers to move laterally into government systems or tamper with internal software packages.
Anthropic enables Mythos users to share cyber threat intel
Anthropic has introduced a new feature in its Mythos vulnerability discovery platform that allows users to share information about cyber threats with others. This update aims to improve collective defense by enabling faster dissemination of threat details among security teams and researchers.
Cloudflare highlights Mythos strengths and limits
Cloudflare ran Anthropic’s Mythos model against over 50 of its internal repositories. The model stood out for its ability to construct exploit chains from multiple low-severity primitives and autonomously generate working proofs of concept. However, Cloudflare noted some challenges, including inconsistent model refusals on legitimate research tasks, high false positive rates especially in C/C++ codebases, and the necessity of a multi-stage harness rather than generic agent usage to achieve useful coverage and low-noise results.
Huawei router flaw triggered Luxembourg telecom blackout
A zero-day vulnerability in Huawei enterprise router software caused a complete outage of Luxembourg’s telecom network in July 2025, knocking out landline, 4G, and 5G services for over three hours. The attack involved specially crafted network traffic that forced routers into a continuous restart loop, disrupting emergency communications for hundreds of thousands of residents. POST Luxembourg confirmed it was a denial-of-service incident exploiting undocumented behavior for which no patch existed at the time. It’s unclear if the vulnerability has since been patched.
NanoCo raises $12 million in seed funding
NanoCo, the developer of NanoClaw, a secure open source alternative AI professional assistant to OpenClaw, has raised $12 million in seed funding. The funding was led by Valley Capital Partners, with participation from Docker, Vercel, monday.com, Slow Ventures, Clutch Capital, Factorial Capital, and Clem Delangue, CEO of Hugging Face.
Four-Faith industrial router vulnerability exploited by botnets
Attackers are aggressively exploiting CVE-2024-9643, an authentication bypass flaw in Four-Faith F3x36 industrial cellular routers that stems from hardcoded administrative credentials. CrowdSec has tracked a surge in exploitation since late April 2026, with activity reaching mass exploitation levels by mid-May as attackers fold compromised devices into botnets for further campaigns. Other Four-Faith router vulnerabilities have also been exploited in attacks.
Solo operator runs 5-year AI-powered Patriot Bait influence and fraud scheme
A single individual has orchestrated a sophisticated five-year operation using one primary fake persona, heavily assisted by AI tools, to run an influence campaign targeting patriotic and conservative audiences in the US while conducting financial fraud. The Patriot Bait campaign combined social media manipulation, content generation, and scam tactics to build trust and defraud victims. The threat actor targeted credentials and cryptocurrency wallets.
Open WebUI vulnerability
Researcher Chinmohan Nayak has discovered a high-severity SSRF vulnerability in Open WebUI (CVE-2026-45401). The flaw allows attackers to bypass URL validation via redirect handling and access internal resources, including cloud metadata endpoints. The researcher says the application implemented outbound request validation, but only for the initial request — not for redirect chains — leading to a trust-boundary bypass.
CISA launches new form for crowdsourcing exploited vulnerability reports
CISA has introduced an online Nomination Form that lets researchers, vendors, and industry partners submit known exploited vulnerabilities (KEVs) directly for faster review and inclusion in its catalog. The new tool strengthens the agency’s ability to validate and rapidly share actively exploited flaws with clear remediation guidance, complementing existing email submissions.
Related: In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
Related: In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
