SecurityWeek’s weekly cybersecurity news digest provides a quick rundown of significant developments that might not get their own full articles but are still important for understanding the wider threat landscape.
This handpicked collection spotlights major stories covering newly disclosed vulnerabilities, novel attack techniques, policy changes, industry findings, and other notable happenings, helping readers stay well-informed about the constantly shifting cybersecurity scene.
Here are this week’s top stories:
Iranian hackers linked to US gas station tank monitoring breaches
US authorities suspect that Iranian hackers broke into automatic tank gauge (ATG) systems — the devices that track fuel levels in underground storage tanks — at gas stations spanning several states. The attackers took advantage of internet-connected devices that had no password protection, allowing them to tamper with display readings, though they couldn’t alter the actual fuel quantities. While no physical harm or safety issues have resulted so far, the breaches have raised alarms that such access could potentially hide gas leaks or introduce other dangers to critical infrastructure. Cybersecurity experts have long cautioned about the dangers of exposed, unsecured ATG systems.
CISA contractor leaks sensitive credentials
A contractor employed by CISA kept a public GitHub repository called Private-CISA openly accessible for months, exposing admin keys for multiple AWS GovCloud accounts and plaintext passwords for internal CISA systems, according to a report by Brian Krebs. Although CISA says there’s currently no evidence that sensitive data was accessed without authorization, the leaked credentials could have let attackers pivot into government systems or modify internal software packages.
Anthropic lets Mythos users share cyber threat intelligence
Anthropic has rolled out a new capability in its Mythos vulnerability discovery platform that enables users to share cyber threat information with one another. The goal of this update is to bolster collective defense by speeding up how quickly threat details reach security teams and researchers.
Cloudflare evaluates Mythos capabilities and shortcomings
Cloudflare tested Anthropic’s Mythos model against more than 50 of its internal code repositories. The model excelled at chaining together multiple low-severity weaknesses into full exploit chains and at generating working proofs of concept on its own. That said, Cloudflare flagged several issues, including the model sometimes refusing legitimate research tasks, a high rate of false positives particularly in C/C++ codebases, and the need for a carefully designed multi-stage harness rather than a generic agent setup to get meaningful coverage with minimal noise.
Huawei router flaw caused Luxembourg telecom outage
A previously unknown zero-day vulnerability in Huawei enterprise router software triggered a total blackout of Luxembourg’s telecom network in July 2025, cutting off landline, 4G, and 5G services for more than three hours. The attack used specially crafted network traffic that forced routers into an endless restart cycle, disrupting emergency communications for hundreds of thousands of residents. POST Luxembourg confirmed it was a denial-of-service attack exploiting undocumented behavior for which no fix was available at the time. It remains unclear whether the vulnerability has since been patched.
NanoCo secures $12 million in seed funding
NanoCo, the company behind NanoClaw — a secure open-source AI professional assistant designed as an alternative to OpenClaw — has raised $12 million in seed funding. Valley Capital Partners led the round, with additional investment from Docker, Vercel, monday.com, Slow Ventures, Clutch Capital, Factorial Capital, and Clem Delangue, CEO of Hugging Face.
Four-Faith industrial router flaw actively exploited by botnets
Attackers are heavily exploiting CVE-2024-9643, an authentication bypass vulnerability in Four-Faith F3x36 industrial cellular routers caused by hardcoded admin credentials. CrowdSec has observed a sharp rise in exploitation attempts since late April 2026, with activity escalating to mass exploitation by mid-May as attackers absorb compromised devices into botnets for follow-on attacks. Other vulnerabilities in Four-Faith routers have also been weaponized in the wild.
Single operator runs 5-year AI-driven Patriot Bait influence and fraud campaign
One individual has carried out a sophisticated five-year operation using a single primary fake persona, heavily powered by AI tools, to run an influence campaign aimed at patriotic and conservative audiences in the US while simultaneously committing financial fraud. The Patriot Bait campaign blended social media manipulation, AI-generated content, and scam tactics to build credibility and swindle victims. The threat actor went after login credentials and cryptocurrency wallets.
Open WebUI vulnerability discovered
Security researcher Chinmohan Nayak has uncovered a serious SSRF vulnerability in Open WebUI (CVE-2026-45401). The flaw lets attackers sidestep URL validation through redirect handling and reach internal resources, including cloud metadata endpoints. According to the researcher, the application did implement outbound request validation, but only for the initial request — not for subsequent redirects — resulting in a trust-boundary bypass.
CISA launches new form for crowdsourcing reports on exploited vulnerabilities
CISA has launched an online Nomination Form that allows researchers, vendors, and industry partners to directly submit known exploited vulnerabilities (KEVs) for faster evaluation and addition to its catalog. This new tool enhances the agency’s ability to verify and quickly share details about actively exploited flaws along with clear remediation steps, supplementing the existing email-based submission process.
Related: In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
Related: In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
