In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
Security WeekArchived May 22, 2026✓ Full text saved
Other noteworthy stories that might have slipped under the radar: CISA contractor exposes credentials, Mythos testing and new features, Huawei router flaw triggered telecom blackout. The post In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking appeared first on SecurityWeek .
Full text archived locally
✦ AI Summary· Claude Sonnet
SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.
This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.
Here are this week’s highlights:
Iranian hackers suspected in US gas station tank monitor breaches
US officials believe Iranian hackers breached automatic tank gauge (ATG) systems that monitor fuel levels in underground storage tanks at gas stations across multiple states. The attackers exploited unprotected, internet-connected devices lacking passwords and were able to alter display readings, though they could not change actual fuel volumes. While no physical damage or safety incidents have occurred, the intrusions have sparked concerns that such access could potentially mask gas leaks or create other risks to critical infrastructure. The cybersecurity industry has long warned about the risks posed by exposed, unprotected ATG systems.
CISA contractor exposes credentials
A contractor working for CISA left a public GitHub repository named Private-CISA openly accessible for months, exposing administrative keys to multiple AWS GovCloud accounts along with plaintext passwords for internal CISA systems, Brian Krebs reported. While CISA states there is no evidence of unauthorized access to sensitive data so far, the exposed credentials could have allowed attackers to move laterally into government systems or tamper with internal software packages.
Anthropic enables Mythos users to share cyber threat intel
Anthropic has introduced a new feature in its Mythos vulnerability discovery platform that allows users to share information about cyber threats with others. This update aims to improve collective defense by enabling faster dissemination of threat details among security teams and researchers.
Cloudflare highlights Mythos strengths and limits
Cloudflare ran Anthropic’s Mythos model against over 50 of its internal repositories. The model stood out for its ability to construct exploit chains from multiple low-severity primitives and autonomously generate working proofs of concept. However, Cloudflare noted some challenges, including inconsistent model refusals on legitimate research tasks, high false positive rates especially in C/C++ codebases, and the necessity of a multi-stage harness rather than generic agent usage to achieve useful coverage and low-noise results.
Huawei router flaw triggered Luxembourg telecom blackout
A zero-day vulnerability in Huawei enterprise router software caused a complete outage of Luxembourg’s telecom network in July 2025, knocking out landline, 4G, and 5G services for over three hours. The attack involved specially crafted network traffic that forced routers into a continuous restart loop, disrupting emergency communications for hundreds of thousands of residents. POST Luxembourg confirmed it was a denial-of-service incident exploiting undocumented behavior for which no patch existed at the time. It’s unclear if the vulnerability has since been patched.
NanoCo raises $12 million in seed funding
NanoCo, the developer of NanoClaw, a secure open source alternative AI professional assistant to OpenClaw, has raised $12 million in seed funding. The funding was led by Valley Capital Partners, with participation from Docker, Vercel, monday.com, Slow Ventures, Clutch Capital, Factorial Capital, and Clem Delangue, CEO of Hugging Face.
Four-Faith industrial router vulnerability exploited by botnets
Attackers are aggressively exploiting CVE-2024-9643, an authentication bypass flaw in Four-Faith F3x36 industrial cellular routers that stems from hardcoded administrative credentials. CrowdSec has tracked a surge in exploitation since late April 2026, with activity reaching mass exploitation levels by mid-May as attackers fold compromised devices into botnets for further campaigns. Other Four-Faith router vulnerabilities have also been exploited in attacks.
Solo operator runs 5-year AI-powered Patriot Bait influence and fraud scheme
A single individual has orchestrated a sophisticated five-year operation using one primary fake persona, heavily assisted by AI tools, to run an influence campaign targeting patriotic and conservative audiences in the US while conducting financial fraud. The Patriot Bait campaign combined social media manipulation, content generation, and scam tactics to build trust and defraud victims. The threat actor targeted credentials and cryptocurrency wallets.
Open WebUI vulnerability
Researcher Chinmohan Nayak has discovered a high-severity SSRF vulnerability in Open WebUI (CVE-2026-45401). The flaw allows attackers to bypass URL validation via redirect handling and access internal resources, including cloud metadata endpoints. The researcher says the application implemented outbound request validation, but only for the initial request — not for redirect chains — leading to a trust-boundary bypass.
CISA launches new form for crowdsourcing exploited vulnerability reports
CISA has introduced an online Nomination Form that lets researchers, vendors, and industry partners submit known exploited vulnerabilities (KEVs) directly for faster review and inclusion in its catalog. The new tool strengthens the agency’s ability to validate and rapidly share actively exploited flaws with clear remediation guidance, complementing existing email submissions.
Related: In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
Related: In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
WRITTEN BY
SecurityWeek News
More from SecurityWeek News
Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution
Virtual Event Today: Threat Detection & Incident Response Summit
In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
Webinar Today: ROI for Cyber-Physical Security Programs
Exaforce Raises $125 Million for Agentic SOC Platform
In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
Webinar Today: Securing Identity Across Humans, Machines and AI
Autonomous Offensive Security Firm XBOW Raises $35 Million
Latest News
Canadian Man Arrested for Operating Kimwolf Botnet
‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested
TrendAI Patches Apex One Zero-Day Exploited in the Wild
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
Cisco Patches Critical Vulnerability in Secure Workload
Ocean Emerges From Stealth With $28M for Agentic Email Security Platform
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
Trending
Virtual Event: Threat Detection And Incident Response Summit
May 20, 2026
Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.
Register
Webinar: Third-Party Risk In Practice
June 4, 2026
Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.
Register
People on the Move
Joe Chen has become Chief Technology Officer at Trellix.
Usercentrics has named Pawan Hegde as COO and Elena Ignatova as CPTO.
SecureAuth has named Mark van Oppen as Chief Revenue Officer.
More People On The Move
Expert Insights
Caught Off Guard: Securing AI After It Hits Production
As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb)
Cyber Resilience Is The New Business Continuity Plan
The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin)
Enhancing Data Center Security Without Sacrificing Performance
For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael)
Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?
Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au)
The Mythos Moment: Enterprises Must Fight Agents With Agents
Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor)
Flipboard
Reddit
Whatsapp
Email