Malware & Threats In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking Other noteworthy stories that might have slipped under the radar: CISA contractor exposes credentials, Mythos testing and new features, Huawei router flaw triggered telecom blackout. By SecurityWeek News | May 22, 2026 (10:07 AM ET) Flipboard Reddit Whatsapp Whatsapp Email SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Iranian hackers suspected in US gas station tank monitor breaches US officials believe Iranian hackers breached automatic tank gauge (ATG) systems that monitor fuel levels in underground storage tanks at gas stations across multiple states. The attackers exploited unprotected, internet-connected devices lacking passwords and were able to alter display readings, though they could not change actual fuel volumes. While no physical damage or safety incidents have occurred, the intrusions have sparked concerns that such access could potentially mask gas leaks or create other risks to critical infrastructure. The cybersecurity industry has long warned about the risks posed by exposed, unprotected ATG systems. Advertisement. Scroll to continue reading. CISA contractor exposes credentials A contractor working for CISA left a public GitHub repository named Private-CISA openly accessible for months, exposing administrative keys to multiple AWS GovCloud accounts along with plaintext passwords for internal CISA systems, Brian Krebs reported. While CISA states there is no evidence of unauthorized access to sensitive data so far, the exposed credentials could have allowed attackers to move laterally into government systems or tamper with internal software packages. Anthropic enables Mythos users to share cyber threat intel Anthropic has introduced a new feature in its Mythos vulnerability discovery platform that allows users to share information about cyber threats with others. This update aims to improve collective defense by enabling faster dissemination of threat details among security teams and researchers. Cloudflare highlights Mythos strengths and limits Cloudflare ran Anthropic’s Mythos model against over 50 of its internal repositories. The model stood out for its ability to construct exploit chains from multiple low-severity primitives and autonomously generate working proofs of concept. However, Cloudflare noted some challenges, including inconsistent model refusals on legitimate research tasks, high false positive rates especially in C/C++ codebases, and the necessity of a multi-stage harness rather than generic agent usage to achieve useful coverage and low-noise results. Huawei router flaw triggered Luxembourg telecom blackout A zero-day vulnerability in Huawei enterprise router software caused a complete outage of Luxembourg’s telecom network in July 2025, knocking out landline, 4G, and 5G services for over three hours. The attack involved specially crafted network traffic that forced routers into a continuous restart loop, disrupting emergency communications for hundreds of thousands of residents. POST Luxembourg confirmed it was a denial-of-service incident exploiting undocumented behavior for which no patch existed at the time. It’s unclear if the vulnerability has since been patched. NanoCo raises $12 million in seed funding NanoCo , the developer of NanoClaw, a secure open source alternative AI professional assistant to OpenClaw, has raised $12 million in seed funding. The funding was led by Valley Capital Partners, with participation from Docker, Vercel, monday.com, Slow Ventures, Clutch Capital, Factorial Capital, and Clem Delangue, CEO of Hugging Face. Four-Faith industrial router vulnerability exploited by botnets Attackers are aggressively exploiting CVE-2024-9643 , an authentication bypass flaw in Four-Faith F3x36 industrial cellular routers that stems from hardcoded administrative credentials. CrowdSec has tracked a surge in exploitation since late April 2026, with activity reaching mass exploitation levels by mid-May as attackers fold compromised devices into botnets for further campaigns. Other Four-Faith router vulnerabilities have also been exploited in attacks . Solo operator runs 5-year AI-powered Patriot Bait influence and fraud scheme A single individual has orchestrated a sophisticated five-year operation using one primary fake persona, heavily assisted by AI tools, to run an influence campaign targeting patriotic and conservative audiences in the US while conducting financial fraud. The Patriot Bait campaign combined social media manipulation, content generation, and scam tactics to build trust and defraud victims. The threat actor targeted credentials and cryptocurrency wallets. Open WebUI vulnerability Researcher Chinmohan Nayak has discovered a high-severity SSRF vulnerability in Open WebUI (CVE-2026-45401). The flaw allows attackers to bypass URL validation via redirect handling and access internal resources, including cloud metadata endpoints. The researcher says the application implemented outbound request validation, but only for the initial request — not for redirect chains — leading to a trust-boundary bypass. CISA launches new form for crowdsourcing exploited vulnerability reports CISA has introduced an online Nomination Form that lets researchers, vendors, and industry partners submit known exploited vulnerabilities (KEVs) directly for faster review and inclusion in its catalog . The new tool strengthens the agency’s ability to validate and rapidly share actively exploited flaws with clear remediation guidance, complementing existing email submissions. Related : In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws Related : In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner Written By SecurityWeek News Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from SecurityWeek News Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution Virtual Event Today: Threat Detection & Incident Response Summit In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws Webinar Today: ROI for Cyber-Physical Security Programs Exaforce Raises $125 Million for Agentic SOC Platform In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner Webinar Today: Securing Identity Across Humans, Machines and AI Autonomous Offensive Security Firm XBOW Raises $35 Million Latest News Canadian Man Arrested for Operating Kimwolf Botnet ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested TrendAI Patches Apex One Zero-Day Exploited in the Wild Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack Cisco Patches Critical Vulnerability in Secure Workload Ocean Emerges From Stealth With $28M for Agentic Email Security Platform Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register Webinar: Third-Party Risk in Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register People on the Move Joe Chen has become Chief Technology Officer at Trellix. Usercentrics has named Pawan Hegde as COO and Elena Ignatova as CPTO. SecureAuth has named Mark van Oppen as Chief Revenue Officer. More People On The Move Expert Insights Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Cyber Resilience is the New Business Continuity Plan The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin) Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Is the SOC Obsolete, and We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email