On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:
- Anthropic’s Fable 5 and Mythos 5 get nuked by the US government four days after launch “because security”
- Why “guardrails” won’t keep the world safe from your AI doomsday machine
- The FISA 702 statute expired, but the spying can (probably) continue!
- NPM v12 delivers some protection against supply chain attacks, but not enough.
- Microsoft has a series of bugs that prevent Windows Update from … updating
- Much, much more!
This episode is also available on YouTube
Show notes
- Anthropic suspends new AI models after government directive | NBC News Tech
- Anthropic rankles users with safety-first Fable release | NBC News Tech
- How a 90-minute White House deadline sparked Silicon Valley’s biggest AI fight | washingtonpost.com
- Pete Hegseth (@PeteHegseth) on X | X (formerly Twitter)
- David Sacks (@DavidSacks) on X | X (formerly Twitter)
- DoW CIO Kirsten Davies (@DoWCIODavies) on X | X (formerly Twitter)
- David Shulman (@DavidShulmanFL) on X | X (formerly Twitter)
- Controversial FISA spying law expires tonight. The spying will continue. | Ars Technica
- GitHub announces npm security changes to tackle supply-chain attacks | BleepingComputer
- Why NPM v12 won’t stop supply chain attacks – Risky Business Media | Social Signals
- Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks | BleepingComputer
- Microsoft patches Exchange Server zero-day exploited in attacks | BleepingComputer
- Max severity Ivanti Sentry vulnerability now exploited in attacks | BleepingComputer
- CISA warns of another cPanel plugin flaw exploited in attacks | BleepingComputer
- Critical Fortinet FortiSandbox flaws now exploited in attacks | BleepingComputer
- CISA orders feds to patch actively exploited Ivanti flaw by Sunday | BleepingComputer
- CISA to require federal agencies to patch some cyber vulnerabilities within 3 days | therecord.media
- Path traversal flaw in AI dev platform Langflow exploited in attacks | BleepingComputer
- Microsoft: Some Windows PCs fail to install latest monthly updates | BleepingComputer
- Microsoft fixes BitLocker recovery bug on Windows Server 2025 | BleepingComputer
- Microsoft fixes Windows update failures linked to WUSA installer | BleepingComputer
- New attack turned Microsoft 365 Copilot into 1-click data theft tool | BleepingComputer
- Over 73,000 French govt employees affected in Tchap messenger breach | BleepingComputer
- Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps | wired.com
- FBI disrupts massive AI-powered phishing service using a million URLs | BleepingComputer
- Cyberattack shuts down major Australian sugar mills, disrupting harvest | The Record
- Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts, Report Finds | wired.com
- It Is Trivially Easy to Use Reddit to Manipulate AI Search, Research Suggests | 404.feed.press
- Who Runs the Ransomware Group ‘The Gentlemen?’ | krebsonsecurity.com
- :brdKnife: (@cR0w@infosec.exchange) | Infosec Exchange