In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Tennessee hacker gets probation for Supreme Court breaches Nicholas Moore, 25, was sentenced to 12 months of probation after pleading guilty to a misdemeanor for using stolen credentials to break into the Supreme Court’s e-filing system on 25 separate days, plus systems at AmeriCorps and the Veterans Administration Health System. Rather than exploiting the access financially, he posted screenshots of the breached accounts apparently just to impress people online. UK military deployed to protect internet communications The UK has deployed military assets, including warships, support tankers, Merlin helicopters, and RAF P‑8 maritime patrol aircraft, to protect undersea communications cables from a perceived Russian naval threat. Tony O’Sullivan, CEO of RETN, comments, “Accidental damage is no longer the only threat, and operators and enterprises can no longer assume routes are safe and stable when assessing resilience. Rather, you have to engineer it into the network itself. Route diversity is a must to avoid creating single points of failure, as is ensuring visibility across international paths. Rather than trying to prevent disruption, we have to design networks to cope with it.” Lovable’s shifting story on exposed user data  Vibe-coding startup Lovable — valued at $6.6 billion — fumbled its response to a BOLA vulnerability that allowed any free account holder to read other users’ source code, database credentials, and chat history. A researcher reported the flaw to HackerOne 48 days before going public, but the bug was closed without escalation because HackerOne assumed the exposure was intentional behavior. Lovable initially called it a design decision, then reversed course and admitted a February backend change had accidentally re-enabled access to public project chats — a setting they had previously patched out. US accused of exploting backdoor to disable Iranian infrastructure According to Iranian state media, during an attack on the city of Isfahan, networking equipment from Cisco, Juniper, Fortinet, and MikroTik failed simultaneously despite being disconnected from the global internet. Local experts suspect these outages were triggered by pre-installed firmware backdoors or supply chain compromises that allowed for remote deactivation via satellite or internal signals.  Claude Mythos accessed by unauthorized testers Anthropic’s Claude Mythos was reportedly accessed by unauthorized users through a third-party vendor environment. Bloomberg News reports that someone discovered the interface, which allowed for the testing of Mythos’ advanced capabilities. The AI giant has since restricted access to the abused portal. Data breach at French state agency  France Titres, the agency responsible for passports and driver’s licenses, confirmed a security breach on its ANTS portal that may have exposed the data of millions of users. A threat actor is currently attempting to sell a database on hacking forums containing roughly 19 million records, including names, birth dates, and unique account identifiers. Sean Plankey withdraws nomination for CISA director Sean Plankey has officially withdrawn his name for the role of Director at the Cybersecurity and Infrastructure Security Agency after a prolonged confirmation stalemate in the Senate. The withdrawal leaves the nation’s primary cyber defense agency without a permanent leader. This move forces the White House to restart the search for a candidate capable of navigating a deeply divided political landscape. Nick Andersen is currently Acting Director of CISA. UK’s NCSC debuts hardware guard to prevent data leakage via monitors The UK’s National Cyber Security Centre has developed a hardware security device designed to stop sensitive data from being exfiltrated through high-resolution display links. Named SilentGlass, the plug-and-play device “actively blocks anything unexpected or malicious between HDMI and Display Port connections and screens.” Recommended for high-threat environments, the device can now be acquired by anyone after being tested in government organizations.  Global defense agencies issue alert on Chinese botnet infrastructure The FBI, CISA, and international partners have released a joint advisory regarding a massive network of compromised SOHO routers and IoT devices orchestrated by China-linked threat actors. The state-sponsored group Volt Typhoon has used the botnet to target critical infrastructure sectors. The agencies have issued recommendations for defending against such covert networks.  Google expands enterprise security with browser and device controls Google has introduced new security capabilities within Chrome Enterprise and Android. Chrome Enterprise Premium now offers advanced data loss prevention and capabilities to address AI risks. Google is also expanding security for mobile, blocking sensitive data downloads on unmanaged devices. New controls in the Google Admin console allow for more granular policy enforcement across both browsers and devices to reduce the attack surface. Related: In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested Related: In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack WRITTEN BY SecurityWeek News More from SecurityWeek News In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday Webinar Today: Why Automated Pentesting Alone Is Not Enough In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents Webinar Today: Agentic AI vs. Identity’s Last Mile Problem In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline Latest News Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World’s Biggest Exercise US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor Trump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in US Vulnerabilities Patched in CrowdStrike, Tenable Products Bitwarden NPM Package Hit in Supply Chain Attack Copperhelm Raises $7 Million for Agentic Cloud Security Platform Trending Webinar: A Step-By-Step Approach To AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Neill Feather has been named Chief Executive Officer at Point Wild. Oasis Security has appointed Michael DeCesare as President. Sterling Wilson has joined IGEL as Global Field CTO, Business Continuity and Disaster Recovery. More People On The Move Expert Insights Why Cybersecurity Must Rethink Defense In The Age Of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Flipboard Reddit Whatsapp Email