In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

Summary

This SecurityWeek news roundup covers multiple significant security incidents including a Tennessee hacker sentenced for Supreme Court breaches, a BOLA vulnerability in AI startup Lovable exposing user source code and credentials, and a major breach at French state agency France Titres affecting ~19M users. Additional stories include unauthorized access to Anthropic's Claude Mythos, UK military deployment to protect undersea cables, alleged US exploitation of Iranian infrastructure via firmware backdoors, and a joint FBI/CISA alert on China-linked Volt Typhoon botnet targeting critical infrastructure.

Full text

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Tennessee hacker gets probation for Supreme Court breaches Nicholas Moore, 25, was sentenced to 12 months of probation after pleading guilty to a misdemeanor for using stolen credentials to break into the Supreme Court’s e-filing system on 25 separate days, plus systems at AmeriCorps and the Veterans Administration Health System. Rather than exploiting the access financially, he posted screenshots of the breached accounts apparently just to impress people online. Advertisement. Scroll to continue reading. UK military deployed to protect internet communications The UK has deployed military assets, including warships, support tankers, Merlin helicopters, and RAF P‑8 maritime patrol aircraft, to protect undersea communications cables from a perceived Russian naval threat. Tony O’Sullivan, CEO of RETN, comments, “Accidental damage is no longer the only threat, and operators and enterprises can no longer assume routes are safe and stable when assessing resilience. Rather, you have to engineer it into the network itself. Route diversity is a must to avoid creating single points of failure, as is ensuring visibility across international paths. Rather than trying to prevent disruption, we have to design networks to cope with it.” Lovable’s shifting story on exposed user data Vibe-coding startup Lovable — valued at $6.6 billion — fumbled its response to a BOLA vulnerability that allowed any free account holder to read other users’ source code, database credentials, and chat history. A researcher reported the flaw to HackerOne 48 days before going public, but the bug was closed without escalation because HackerOne assumed the exposure was intentional behavior. Lovable initially called it a design decision, then reversed course and admitted a February backend change had accidentally re-enabled access to public project chats — a setting they had previously patched out. US accused of exploting backdoor to disable Iranian infrastructure According to Iranian state media, during an attack on the city of Isfahan, networking equipment from Cisco, Juniper, Fortinet, and MikroTik failed simultaneously despite being disconnected from the global internet. Local experts suspect these outages were triggered by pre-installed firmware backdoors or supply chain compromises that allowed for remote deactivation via satellite or internal signals. Claude Mythos accessed by unauthorized testers Anthropic’s Claude Mythos was reportedly accessed by unauthorized users through a third-party vendor environment. Bloomberg News reports that someone discovered the interface, which allowed for the testing of Mythos’ advanced capabilities. The AI giant has since restricted access to the abused portal. Data breach at French state agency France Titres, the agency responsible for passports and driver’s licenses, confirmed a security breach on its ANTS portal that may have exposed the data of millions of users. A threat actor is currently attempting to sell a database on hacking forums containing roughly 19 million records, including names, birth dates, and unique account identifiers. Sean Plankey withdraws nomination for CISA director Sean Plankey has officially withdrawn his name for the role of Director at the Cybersecurity and Infrastructure Security Agency after a prolonged confirmation stalemate in the Senate. The withdrawal leaves the nation’s primary cyber defense agency without a permanent leader. This move forces the White House to restart the search for a candidate capable of navigating a deeply divided political landscape. Nick Andersen is currently Acting Director of CISA. UK’s NCSC debuts hardware guard to prevent data leakage via monitors The UK’s National Cyber Security Centre has developed a hardware security device designed to stop sensitive data from being exfiltrated through high-resolution display links. Named SilentGlass, the plug-and-play device “actively blocks anything unexpected or malicious between HDMI and Display Port connections and screens.” Recommended for high-threat environments, the device can now be acquired by anyone after being tested in government organizations. Global defense agencies issue alert on Chinese botnet infrastructure The FBI, CISA, and international partners have released a joint advisory regarding a massive network of compromised SOHO routers and IoT devices orchestrated by China-linked threat actors. The state-sponsored group Volt Typhoon has used the botnet to target critical infrastructure sectors. The agencies have issued recommendations for defending against such covert networks. Google expands enterprise security with browser and device controls Google has introduced new security capabilities within Chrome Enterprise and Android. Chrome Enterprise Premium now offers advanced data loss prevention and capabilities to address AI risks. Google is also expanding security for mobile, blocking sensitive data downloads on unmanaged devices. New controls in the Google Admin console allow for more granular policy enforcement across both browsers and devices to reduce the attack surface. Related: In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested Related: In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack Written By SecurityWeek News More from SecurityWeek News In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker ArrestedIn Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer HackIndustry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback FridayWebinar Today: Why Automated Pentesting Alone Is Not EnoughIn Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by RansomwareVariance Raises $21.5M for Compliance Investigation Platform Powered by AI AgentsWebinar Today: Agentic AI vs. Identity’s Last Mile ProblemIn Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline Latest News Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber TensionsWhy Cybersecurity Must Rethink Defense in the Age of Autonomous AgentsLocked Shields 2026: 41 Nations Strengthen Cyber Resilience in World’s Biggest ExerciseUS Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ BackdoorTrump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in USVulnerabilities Patched in CrowdStrike, Tenable ProductsBitwarden NPM Package Hit in Supply Chain AttackCopperhelm Raises $7 Million for Agentic Cloud Security Platform Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveNeill Feather has been named Chief Executive Officer at Point Wild.Oasis Security has appointed Michael DeCesare as President.Sterling Wilson has joined IGEL as Global Field CTO, Business Continuity and Disaster Recovery.More People On The MoveExpert Insi

Indicators of Compromise

• malware — SOHO router botnet

Entities