The input describes a range of cybersecurity threats and incidents reported by SecurityWeek on May 22, 2026. Key technical points include: Iranian threat actors exploiting unsecured automatic tank gauge systems at US gas stations to alter fuel level displays; a CISA contractor exposing administrative AWS GovCloud credentials publicly on GitHub, though no unauthorized access is confirmed; a zero-day vulnerability in Huawei enterprise routers causing a telecom outage in Luxembourg by triggering continuous router restarts via crafted network traffic, with no patch available at the time; and active exploitation of CVE-2024-9643, an authentication bypass vulnerability in Four-Faith F3x36 industrial cellular routers due to hardcoded credentials, leading to botnet recruitment. Additionally, a high-severity SSRF vulnerability (CVE-2026-45401) in Open WebUI allows bypass of URL validation via redirect chains. CISA has launched a new nomination form to accelerate reporting and cataloging of known exploited vulnerabilities. Patch status for some vulnerabilities, such as the Huawei router flaw, is unclear. The Four-Faith router vulnerability is actively exploited at scale. The CISA credential exposure incident currently shows no evidence of compromise.

The Iranian hacker activity on gas station tank monitors altered displayed fuel levels but did not affect actual fuel volumes or cause physical damage, though it raises concerns about potential risks to critical infrastructure. The CISA contractor credential exposure could have allowed lateral movement or tampering within government systems if exploited, but no unauthorized access has been detected so far. The Huawei router zero-day caused a significant telecom outage affecting landline and mobile services for hundreds of thousands, disrupting emergency communications. The Four-Faith router authentication bypass vulnerability is being aggressively exploited to conscript devices into botnets, increasing risk of further attacks. The Open WebUI SSRF vulnerability allows attackers to access internal resources, including cloud metadata endpoints, potentially leading to information disclosure or further compromise. Overall, these incidents demonstrate active exploitation of industrial and enterprise network device vulnerabilities with impacts ranging from service disruption to potential unauthorized access.

For the Four-Faith router vulnerability (CVE-2024-9643), organizations should apply any available vendor patches or mitigations immediately; if no patch is available, restrict network access to these devices and change default or hardcoded credentials where possible. For the Huawei router zero-day, check with the vendor and telecom providers for any updates or patches since the incident; if no patch exists, implement network-level protections to detect and block malicious crafted traffic. For the Open WebUI SSRF vulnerability, apply vendor patches or updates addressing CVE-2026-45401. Regarding the CISA credential exposure, no evidence of compromise has been found, but organizations should audit credential usage, rotate exposed keys and passwords, and enforce strict access controls. For the gas station ATG systems, secure internet-connected devices by enforcing strong authentication, network segmentation, and monitoring for unauthorized changes. CISA’s new KEV nomination form should be used to report actively exploited vulnerabilities to facilitate rapid response. Patch status for some vulnerabilities remains unclear; organizations should monitor vendor advisories closely for updates.