In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA
Security WeekArchived Jun 05, 2026✓ Full text saved
Other noteworthy stories that might have slipped under the radar: Ultrahuman data leak, The Gentlemen ransomware analysis, Hola Browser bundles miner. The post In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA appeared first on SecurityWeek .
Full text archived locally
✦ AI Summary· Claude Sonnet
SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.
This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.
Here are this week’s highlights:
Threat actors poison AI chatbot queries to harvest computing power
Microsoft reported that threat actors are exploiting both SEO and AI chatbot recommendations to trick users into downloading fake utilities that impersonate legitimate tools like CrystalDiskInfo and PDFgear. Once an endpoint is compromised, the attackers abuse ConnectWise ScreenConnect to secure persistent remote access and deploy a specialized binary that hollows out trusted Microsoft .NET processes. The hijacked processing power is ultimately used to run cryptocurrency miners specifically engineered to target high-performance GPUs.
Grandoreiro banking trojan attacks
WatchGuard researchers observed a new Grandoreiro malware campaign targeting financial institutions across Portugal and Latin America using DLL side-loading techniques that abuse four legitimate software applications. The malware has been around for a decade and it continues to be active despite law enforcement action.
Self-propagating Go encryptor automates full network compromise
Microsoft Threat Intelligence is tracking Storm-2697, a financially motivated group operating ‘The Gentlemen’ ransomware-as-a-service, which features an aggressive Go-based encryptor obfuscated with Garble. The malware uses password-protected command-line arguments to establish its encryption speed and automatically self-propagates across targeted networks by creating scheduled tasks with SYSTEM privileges. The Gentlemen ransomware was recently also dissected by Halcyon and Huntress.
Let’s Encrypt adopts Merkle trees for post-quantum future
To mitigate the massive bandwidth bloat caused by post-quantum cryptographic algorithms, Let’s Encrypt is adopting Merkle Tree Certificates to secure future web authentication infrastructure. By batching certificates under a single signature rather than authenticating them individually, this new approach significantly shrinks TLS handshake sizes while inherently baking in certificate transparency. The certificate authority plans to launch a staging environment for these optimized post-quantum certificates in late 2026, followed by a full production rollout in 2027.
Federal agencies sound alarm on exposed tank gauge systems
CISA, the FBI, the NSA, and other US agencies are warning critical infrastructure operators about threat actors actively exploiting internet-exposed Automatic Tank Gauge (ATG) systems used for remote liquid and fuel monitoring. Attackers are bypassing authentication and leveraging OS command execution to modify configurations, prompting the government to urge facilities to immediately disconnect ATGs from the public internet. Attacks on ATGs at US gas stations were recently linked by officials to Iran.
Palantir technology chief eyed for CISA director role
The Trump administration is reportedly considering Palantir Technologies Chief Technology Officer Shyam Sankar to serve as the next director of CISA. If nominated, the longtime Palantir executive would step into the vacant leadership position as CISA faces significant budget cuts. Tom Parker, a security services lead at IBM, was recently also positioned as a frontrunner for the role.
Malware infection triggers leak of Ultrahuman data
Indian health technology vendor Ultrahuman disclosed a data breach exposing user contact details, transaction history, and wellness metrics for a fraction of its customer base. The threat actor gained unauthorized, read-only access to an internal analytics system by leveraging credentials stolen from a malware-infected employee laptop, though the company confirmed no passwords or payment details were compromised.
Crypto-miner hitches a ride on Hola Browser
Sophos discovered an XMRig crypto-miner binary quietly bundled within a certified version of the Hola Browser installer for Windows. Hola attributed the anomaly to a localized supply chain compromise affecting a small segment of its distribution pipeline, which allowed the unauthorized payload to evade detection.
AI attack mapping exposes rapid rise in autonomous agentic scaffolding
A year-long Anthropic analysis mapping AI-enabled cyber operations against the MITRE ATT&CK framework reveals a sharp increase in threat actors leveraging LLMs for high-risk activities like lateral movement and credential dumping. The AI giant concluded that an attacker’s threat level will soon be dictated by the external agentic scaffolding they build to orchestrate autonomous attack chains.
Malformed IPv6 packet triggers unpatched Comodo firewall crashes
Security researcher Marcus Hutchins released details and a PoC exploit for ComoDoS, a critical vulnerability residing in Comodo Internet Security. The unpatched flaw enables remote attackers to crash targeted Windows endpoints by sending a single malformed TCP/IP packet, effectively bypassing all configured firewall rules. Hutchins said he attempted to responsibly disclose the flaw, but received no response from the vendor. SecurityWeek was unable to contact Comodo for comment.
Related: In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
Related: In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
WRITTEN BY
SecurityWeek News
More from SecurityWeek News
Willow Raises $7 Million for Securing Autonomous AI Agents
Dragos Acquires xIoT Security Firm Phosphorus
In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks
IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”
SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon Bay
Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform
Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available
In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
Latest News
Hackers Leak DentaQuest Information Impacting 2.6 Million
Chrome 149 Patches 429 Vulnerabilities
Industry Reactions to New Trump AI Cybersecurity Executive Order: Feedback Friday
Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities
Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026
Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk
Webinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond
Trending
Webinar: Third-Party Risk In Practice
June 4, 2026
Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.
Register
Virtual Roundtable: CISO Forum 2026 Mid-Year Review
June 10, 2026
Explore how attackers are using AI to scale threats and how security teams can respond with AI-driven defenses. Protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks.
Register
People on the Move
Opal Security has appointed CPO, CTO, VP of Field Engineering, VP of Marketing, and Head of Product and Solutions Marketing.
The Department of the Air Force has appointed Ashley Devoto as Chief Information Officer.
Bartley Richardson has been named Chief AI and Autonomous Systems Officer at CrowdStrike.
More People On The Move
Expert Insights
The Zero-Knowledge Threat Actor And The End Of Responsible Disclosure
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor)
Raising The Cybersecurity Stakes: Ante Up For The Agentic Era
CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael)
Caught Off Guard: Securing AI After It Hits Production
As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb)
Cyber Resilience Is The New Business Continuity Plan
The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin)
Enhancing Data Center Security Without Sacrificing Performance
For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael)
Flipboard
Reddit
Whatsapp
Email