Latest stories — Page 14

Anthropic's Claude Fable is back — and users say it's answering "no" to almost everything
After regulators lifted the ban, the returning model keeps handing tasks off to a weaker sibling. Anthropic says its safety net is just set very wide.

U.S. Government Lifts Its Block on Anthropic's AI Models — With Strings Attached
After a weeks-long government-ordered shutdown triggered by a security flaw in its AI software, Anthropic's chatbots are back online. One is open to the public again. The other remains locked behind federal approval.

Cisco Phone System Flaw Now Being Actively Exploited — Patch Immediately
A security hole in Cisco's business phone software is being used in real attacks. Millions of offices run this software. The fix has existed since June.

Anthropic pulls Claude Fable 5 from subscriptions on July 7 — but says it's coming back
The AI company blames unpredictable demand for its most powerful model. Subscribers will need to pay per use until capacity catches up.

Kubota North America Says Hackers Sat Inside Its Network for Over a Month
The Japanese equipment maker's US arm says intruders quietly read employee files — including Social Security numbers — between mid-March and late April.

FBI Dismantles NetNut Proxy and Popa Botnet Operations
The FBI seizes key domains of NetNut, disrupting a sprawling proxy service linked to cybercriminal activities.

Anubis Affiliates Ride Citrix Bleed 2 Into Enterprise Networks
Ransomware crews are chaining CVE-2025-5777 with RMM tooling and stolen credentials to skip past MFA entirely.

Google and FBI Kneecap NetNut, Cutting Millions of Home Devices From Proxy Pool
Google's Threat Intelligence Group says a joint operation with the FBI and Lumen has stripped millions of infected home devices from NetNut, also tracked as Popa.

CISOs Are Betting Big on AI—But Is the Hype Outrunning the Evidence?
Reddit's CISO and an Omdia analyst weigh in on where AI security tooling actually delivers, and where the gap between pitch deck and production remains embarrassingly wide.

The USB Drop That Changed Pen Testing: Steve Stasiukonis's Credit Union Experiment, Revisited
Twenty years ago, a handful of booby-trapped thumb drives in a parking lot became one of the most-cited social-engineering case studies in security history. Here's what actually happened.

Chris Inglis on the Snowden Era: What NSA Got Wrong, and What CISOs Should Still Be Asking
The former NSA Deputy Director reflects on institutional failures, insider threat detection, and why 'enculturation' may matter more than access controls.

Twenty Years of Getting It Wrong: The Breaches and Blunders That Defined Modern Cybersecurity
From MGM's identity disaster to MOVEit's patch pile-up, the same failure modes keep appearing in postmortems. That's the problem.

Small Gaps, Big Consequences: The Week's Breaches Ran on Trust, Not Zero-Days
Browsers, bots, AI sandboxes and email flows all failed the same way — quietly, and inside the rules.

CitrixBleed Redux: PoC Drop Triggers Immediate NetScaler Memory-Scrape Campaign
Attackers wasted no time after proof-of-concept code surfaced for a new Citrix NetScaler memory-disclosure bug — the gap between publish and exploit measured in hours, not days.

Identity Security as a Career On-Ramp: What One CISO Actually Thinks
Silverfort's John Paul Cunningham argues AI is opening doors in cybersecurity rather than closing them — and identity is where new practitioners should focus first.

ToddyCat's New Umbrij Malware Pulls Gmail Straight From Google's API
Kaspersky ties the China-nexus crew to a Gmail-siphoning tool that skips the browser and talks to Google directly.

AI-Generated Code Is Outpacing Your Audit Process
CISOs are discovering that traditional software audits weren't built for a world where a developer can generate 500 lines of Go in forty seconds. Here's what the checklist needs to look like now.

FortiBleed: Stolen FortiGate Credentials Now Fueling INC and Lynx Ransomware Attacks
Credentials harvested from hundreds of thousands of compromised FortiGate devices are feeding active ransomware operations — and defenders who haven't rotated credentials post-patch are still exposed.

IGA Was Built for Employees. Agents Break the Model.
Identity governance assumes a hire date, a manager, and an exit interview. Autonomous AI agents have none of those — and legacy IGA tools can't see the gap.

Unpatched Argo CD Flaw Turns Your GitOps Engine Into a Deployment Backdoor
A gRPC endpoint that skips authentication, network policies off by default, and Redis credentials sitting in the environment. Synacktiv's research shows how one compromised pod can become a supply-chain pivot.

Context Manipulation Attack 'BioShocking' Turns Agentic Browsers Into Credential Thieves
Researchers demonstrate how feeding poisoned context to AI-driven browser agents causes them to quietly drop safety guardrails and exfiltrate stored credentials.