In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA

Summary

SecurityWeek's weekly roundup highlights multiple threat campaigns: threat actors exploit AI chatbots and SEO to distribute cryptocurrency miners, the Grandoreiro banking trojan targets financial institutions, and 'The Gentlemen' RaaS features automated network propagation. Additionally, Let's Encrypt prepares post-quantum certificate infrastructure, US agencies warn of exploited tank gauge systems linked to Iran, and data breaches affect Ultrahuman and other entities.

Full text

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Threat actors poison AI chatbot queries to harvest computing power Microsoft reported that threat actors are exploiting both SEO and AI chatbot recommendations to trick users into downloading fake utilities that impersonate legitimate tools like CrystalDiskInfo and PDFgear. Once an endpoint is compromised, the attackers abuse ConnectWise ScreenConnect to secure persistent remote access and deploy a specialized binary that hollows out trusted Microsoft .NET processes. The hijacked processing power is ultimately used to run cryptocurrency miners specifically engineered to target high-performance GPUs. Advertisement. Scroll to continue reading. Grandoreiro banking trojan attacks WatchGuard researchers observed a new Grandoreiro malware campaign targeting financial institutions across Portugal and Latin America using DLL side-loading techniques that abuse four legitimate software applications. The malware has been around for a decade and it continues to be active despite law enforcement action. Self-propagating Go encryptor automates full network compromise Microsoft Threat Intelligence is tracking Storm-2697, a financially motivated group operating ‘The Gentlemen’ ransomware-as-a-service, which features an aggressive Go-based encryptor obfuscated with Garble. The malware uses password-protected command-line arguments to establish its encryption speed and automatically self-propagates across targeted networks by creating scheduled tasks with SYSTEM privileges. The Gentlemen ransomware was recently also dissected by Halcyon and Huntress. Let’s Encrypt adopts Merkle trees for post-quantum future To mitigate the massive bandwidth bloat caused by post-quantum cryptographic algorithms, Let’s Encrypt is adopting Merkle Tree Certificates to secure future web authentication infrastructure. By batching certificates under a single signature rather than authenticating them individually, this new approach significantly shrinks TLS handshake sizes while inherently baking in certificate transparency. The certificate authority plans to launch a staging environment for these optimized post-quantum certificates in late 2026, followed by a full production rollout in 2027. Federal agencies sound alarm on exposed tank gauge systems CISA, the FBI, the NSA, and other US agencies are warning critical infrastructure operators about threat actors actively exploiting internet-exposed Automatic Tank Gauge (ATG) systems used for remote liquid and fuel monitoring. Attackers are bypassing authentication and leveraging OS command execution to modify configurations, prompting the government to urge facilities to immediately disconnect ATGs from the public internet. Attacks on ATGs at US gas stations were recently linked by officials to Iran. Palantir technology chief eyed for CISA director role The Trump administration is reportedly considering Palantir Technologies Chief Technology Officer Shyam Sankar to serve as the next director of CISA. If nominated, the longtime Palantir executive would step into the vacant leadership position as CISA faces significant budget cuts. Tom Parker, a security services lead at IBM, was recently also positioned as a frontrunner for the role. Malware infection triggers leak of Ultrahuman data Indian health technology vendor Ultrahuman disclosed a data breach exposing user contact details, transaction history, and wellness metrics for a fraction of its customer base. The threat actor gained unauthorized, read-only access to an internal analytics system by leveraging credentials stolen from a malware-infected employee laptop, though the company confirmed no passwords or payment details were compromised. Crypto-miner hitches a ride on Hola Browser Sophos discovered an XMRig crypto-miner binary quietly bundled within a certified version of the Hola Browser installer for Windows. Hola attributed the anomaly to a localized supply chain compromise affecting a small segment of its distribution pipeline, which allowed the unauthorized payload to evade detection. AI attack mapping exposes rapid rise in autonomous agentic scaffolding A year-long Anthropic analysis mapping AI-enabled cyber operations against the MITRE ATT&CK framework reveals a sharp increase in threat actors leveraging LLMs for high-risk activities like lateral movement and credential dumping. The AI giant concluded that an attacker’s threat level will soon be dictated by the external agentic scaffolding they build to orchestrate autonomous attack chains. Malformed IPv6 packet triggers unpatched Comodo firewall crashes Security researcher Marcus Hutchins released details and a PoC exploit for ComoDoS, a critical vulnerability residing in Comodo Internet Security. The unpatched flaw enables remote attackers to crash targeted Windows endpoints by sending a single malformed TCP/IP packet, effectively bypassing all configured firewall rules. Hutchins said he attempted to responsibly disclose the flaw, but received no response from the vendor. SecurityWeek was unable to contact Comodo for comment. Related: In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking Related: In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws Written By SecurityWeek News Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from SecurityWeek News Willow Raises $7 Million for Securing Autonomous AI AgentsDragos Acquires xIoT Security Firm PhosphorusIn Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain AttacksIBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon BayLastwall Raises $11.5 Million for Quantum-Resilient Identity PlatformWatch on Demand: Threat Detection & Incident Response Summit – All Sessions AvailableIn Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking Latest News Hackers Leak DentaQuest Information Impacting 2.6 MillionChrome 149 Patches 429 VulnerabilitiesIndustry Reactions to New Trump AI Cybersecurity Executive Order: Feedback FridayFive Eyes: Chinese Spies Target Government, Military Staff With Fake Job OpportunitiesNightclub Giant RCI Says Data Breach Affects 40,000 IndividualsCisco Warns of 7th SD-WAN Zero-Day Exploited in 2026Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity RiskWebinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Third-Party Risk in Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register Virtual Roundtable: CISO Forum 2026 Mid-Year Review June 10, 2026 Explore how attackers are using AI to scale threats and how security teams can respond with AI-driven defenses. Protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks. Register Peopl

Indicators of Compromise

• malware — Grandoreiro
• malware — The Gentlemen
• malware — Storm-2697
• malware — ConnectWise ScreenConnect

Entities