Fable 5, Tchap hacked, CISA priorities - Cybersecurity Headlines

Summary5 min read

Cybersecurity Headlines – Episode Summary

Date: June 10, 2026
Host: Rich Stroffolino
Podcast: CISO Series – Cybersecurity Headlines

Episode Overview

This brisk daily episode of Cybersecurity Headlines covers a range of critical developments in the cybersecurity landscape as of June 10, 2026. The stories span AI model releases, government messaging app breaches, critical changes in risk management directives from CISA, targeted cyberattacks in wartime contexts, policy shifts on AI chip exports, exploitation of known software flaws, another concerning Cisco SD-WAN zero day, and a standout instance of AI misuse in the legal system.

Key Discussion Points & Insights

1. Anthropic Releases Claude Fable 5 (00:23)

Anthropic releases its Fable 5 LLM, positioned as similar in capability to their not-yet-public "Mythos" model for tasks like knowledge work, vision, and long-running tasks.
Notably, Fable 5 has targeted restrictions for misuse-prone areas like cybersecurity and biology.
Performance fallback: In certain scenarios, it downgrades to Opus 4.8 capability, but Anthropic claims "95% of sessions run on Fable 5's native capabilities without falling back."
Bug bounty and red-teaming efforts reportedly failed to discover "critical bypasses or universal jailbreaks."

"Anthropic says this model operates similar to Mythos... but has targeted blocks in place for areas ripe for misuse, such as cybersecurity and biology." (00:27)

2. French Government Messaging Service Breach (01:12)

"Tchap," an encrypted messaging app used by the French government, was breached after a threat actor compromised a user account.
The attacker reportedly exploited hardcoded LDAP credentials shared by the French tax authority, exfiltrating 13+ GB of documents and data on over 73,000 accounts.
Authorities blocked account access and are auditing which conversations and data were exposed.
Built on Matrix protocol and developed with cybersecurity agency ANSSI.

"A threat actor taking credit for the breach said they stole hard coded LDAP credentials... and stole over 13 GB of documents as well as information on over 73,000 accounts." (01:41)

3. CISA Shifts Vulnerability Risk Prioritization (02:13)

Acting Director Nick Anderson discusses CISA's new approach: moving from "patch as fast as possible" to prioritizing based on exploitation risks and impact on critical infrastructure.
A forthcoming Binding Operational Directive will push agencies to patch more intelligently by assessing business/system importance.
Motivated by the increasing flood of vulnerability disclosures, particularly with AI tools.

"This new directive will ask critical infrastructure operators to focus on the risks associated with the vulnerability and whether it can be exploited and have a fine grained understanding of which systems are most important to patch." (02:43)

4. Romance Scams Targeting Russian Soldiers (03:10)

F6 cybersecurity details how the "Siribclone" group targets Russian armed forces (especially near combat borders) via romance and humanitarian lures.
Tactics include using fake personas to entice targets to install "SafeLove Stealer" Android spyware or give up Telegram credentials.
Objective: Steal files, monitor communications, and siphon military intelligence.

5. Taiwan Eyes AI Chip Export Controls to China (04:03)

According to Bloomberg, Taiwan is considering stricter criminal penalties for unauthorized AI chip exports to China.
Exporting chips to China already requires U.S. approval; new policy would criminalize violations, aligning Taiwan closer with U.S. regulatory pressure.

6. WinRAR Vulnerability Targeted Against Ukraine (04:44)

Patched in July 2025, the WinRAR path traversal bug is still being exploited.
Groups "Earth Dahu" and "ShadowEarth 066" (linked to Russia) deploy the flaw in current campaigns.
Payloads include info-stealing malware "Gifted Crook" and espionage modules for sustained access, active since April.

7. Cisco SD-WAN Zero-Day #7 in 2026 (05:21)

Cisco faces its seventh major SD-WAN zero-day for the year, allowing privilege escalation to root.
Discovered by Mandiant, the bug requires valid or privileged credentials.
No current patch or workaround; Cisco promises a fix "at a future date."

"Seven might be a lucky number, but not for Cisco, which is dealing with its seventh actively exploited zero day in Cisco SD WAN this year." (05:21)

8. Legal Sanctions for AI Hallucinations in Court Filings (05:56)

Judge Sherrion Acock of Mississippi penalizes both plaintiff and defense lawyers for citing non-existent, "hallucinated" cases generated by AI.
Consequences: All four attorneys disqualified, two barred for two years, and $3,500 fines per offending lawyer.
Recurring offender: Kathleen Wilson had prior citations for similar issues.

"In what was described as paying ChatGPT to argue against itself. Judge Acock canceled the trial, disqualified all four lawyers involved, and barred two from appearing in court cases for two years, as well as issuing fines of up to $3,500 each." (06:10)

Notable Quotes & Memorable Moments

Anthropic on Model Safety:

"External bug bounty and red teaming efforts fail to uncover critical bypasses or universal jailbreaks." (00:44)
On the Tchap breach:

"Dynam said it blocked access to the compromised account and is reviewing logs to see what conversations they had access to." (01:58)
CISA's shift:

"Anderson characterized the overall approach to date as applying patches as quickly as possible after their release..." (02:24)
AI in the courts:

"This court is yet again burdened with addressing AI hallucinations in court filings." (06:06)

Segment Timestamps

[00:23] – Anthropic’s Claude Fable 5 LLM release and safety measures
[01:12] – French government’s Tchap messaging service breached
[02:13] – CISA’s new vulnerability risk prioritization strategy
[03:10] – Romance scam campaign targets Russian soldiers
[04:03] – Taiwan considers AI chip export limits to China
[04:44] – Old WinRAR flaw exploited by Russian groups against Ukraine
[05:21] – Cisco SD-WAN faces seventh active zero-day in 2026
[05:56] – Federal judge sanctions lawyers for “AI hallucinations” in legal filings

Tone & Language

The episode is fast-paced, succinct, and delivered with a matter-of-fact, slightly wry tone typical of daily cybersecurity news coverage. Quotes are attributed, and "file this under too good to pass up" moments add some personality without detracting from the stories' gravity.

Final Thoughts

This episode delivers a comprehensive update on current cyber threats and policy shakeups, underlining the security community's ongoing challenges—from persistent vulnerabilities and evolving geopolitical threat actors, to the societal hazards of unchecked AI adoption, not just in industry but in the courtroom as well.

Loading summary

Transcript4 lines

[00:00]
A
We're trying something new on Cybersecurity Headlines. If you've got a hot take about a story from today or this week in Cybersecurity News, send us a short 30 second video to feedbackisoseries.com we'd love to feature these on our Department of no Show. And now onto the news from the
[00:17]
B
CISO series, it's Cybersecurity Headlines.
[00:24]
A
These are the cybersecurity headlines for Wednesday, June 10, 2026. I'm Rich Stroffelino. Anthropic releases Claude Fable 5 ever since Mythos Preview was announced, everyone has been itching to get access to Anthropic's new model. A general release of Mythos still seems to be a way off, but Anthropic is getting closer, releasing the mythos class fable 5 model. Anthropic says this model operates similar to Mythos in terms of knowledge, work, vision and long running tasks, but has targeted blocks in place for areas ripe for misuse, such as cybersecurity and biology. Fable 5 will fall back to Opus 4.8 level performance. Anthropic claims that 95% of sessions run on Fable 5's native capabilities without falling back, and that external bug bounty and red teaming efforts fail to uncover critical bypasses or universal jailbreaks. French government messaging service breached the Digital Affairs Directorate of the French government Dynam warned that threat actors breached the government's encrypted messaging app TD Tchap. This service was developed by Dynam with the French cybersecurity agency ANSSI back in 2018 based on the Matrix protocol. Dynam said a threat actor gained access to the service through a compromised user account. A threat actor taking credit for the breach said they stole hard coded LDAP credentials shared by the French tax authority and stole over 13 GB of documents as well as information on over 73,000 accounts. Dinham said it blocked access to the compromised account and is reviewing logs to see what conversations they had access to. CISA rethinking risk Evaluations Acting CISA Director Nick Anderson said that CISA is looking to reevaluate how it prioritizes risks and vulnerabilities for both privately owned critical infrastructure and the federal government. As part of this, CISA will issue a binding operational directive for federal agencies to revise vulnerability management practices. Anderson characterized the overall approach to date as applying patches as quickly as possible. After their release, however, this new directive will ask critical infrastructure operators to focus on the risks associated with the vulnerability and whether it can be exploited and have a fine grained understanding of which systems are most important to Patch. Anderson framed this directive as a response to the increase in vulnerability disclosures with AI based Tools Romance Scams Target Russian Soldiers the Russian cybersecurity firm F6 released a report detailing a campaign by the group Siribclone targeting members of the Russian armed forces stationed near combat zones and border crossings. These attackers impersonate women posing as either volunteers for humanitarian assistance or engaging in romantic relationships. Both are lures to get soldiers to download malicious apps or share Telegram credentials on spoofed websites. The overall goal of the campaign seems to be to install an Android Spyware app called SafeLove Stealer that looks to steal files, monitor communications and collect sensitive military information. The researchers did not attribute the campaign to a specific country or threat actor and now thanks to our sponsor for today, Doppel Cybercriminals don't respect your security silos. They use one connected attack chain to hit your brand externally, infiltrate your inbox and manipulate your team. Stop playing whack a mole with fragmented tools. Doppel unifies digital risk protection, human risk management and email security into one unified platform. 1 attack chain 3 pillars of defense 0 blind spots Secure your enterprise relentlessly@doppel.com that's.o-p p e l.com Taiwan considers AI Chip Limits to China Bloomberg sources say that Taiwanese authorities are considering stricter export controls on AI chip sales in an attempt to combat smuggling to China. Sales of AI chips to China already require approval by U.S. regulators. Currently, exporting unauthorized AI chips to China isn't considered a crime in Taiwan unless it's to entities on a specific ban list. Right now, authorities just warn sellers that they may be breaking U.S. rules. These new export controls would open the door for Taiwan to criminally prosecute all smugglers to China. WinRAR flaw exploited against Ukraine Last year, a path traversal flaw was discovered in the popular archive utility Winrar. The flaw was subsequently patched in July 2025. That's not stopping two Russian aligned campaigns from continuing to exploit the flaw in Winrar against Ukrainian organizations. According to Trend Micro, the groups Earthdahu and ShadowEarth 066 are both using the flaw in active campaigns. ShadowEarth 066 is using the flaw to install its infostealer Gifted Crook, while Earth Dahu has more of a reputation for industrial scale efforts to maintain long term access to compromised organizations and is using the flaw to deliver espionage modules that have been active since since at least April. Another day, another Cisco SD WAN 0 Day 7 might be a lucky number, but not for Cisco, which is dealing with its seventh actively exploited zero day in Cisco SD WAN this year. The vulnerability was first disclosed by Mandiant late last week, although Cisco said it saw limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. The vulnerability requires valid credentials or privileged access and exploits a validation error, allowing an attacker to execute commands as root and opening the door to a range of attacks. There's no current patch or workaround available, and Cisco only said that a patch for this vulnerability will be provided at a future date. Judge throws the Book at AI filed this under Too good to Pass up Senior United States District Judge for the Northern District of Mississippi, Sherrion Acock issued a sanctions order against both sides of a federal court case, saying this court is yet again burdened with addressing AI hallucinations in court filings. The case involved a contract dispute with the city of Aberdeen, Mississippi about unpaid legal fees. However, both sides cited non existent hallucinated cases in their arguments. In what was described as paying ChatGPT to argue against itself. Judge Acock canceled the trial, disqualified all four lawyers involved, and barred two from appearing in court cases for two years, as well as issuing fines of up to $3,500 each. One attorney, Kathleen Wilson, had already been cited multiple times for AI hallucinated filings going back to January. Have you subscribed to the CISO series YouTube channel yet? If not, what are you waiting for? We're posting content every day there. We have shorts videos publishing daily. We have original interviews. We have demos and clips from all of our fantastic podcasts. So do yourself a favor, head on over to YouTube and subscribe to the CISO Series Channel. Reporting for the CISO Series, I'm Rich drofalino reminding you to have a super sparkly day.
[07:04]
B
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.