
Loading summary
A
Washington yanks Anthropic's Mythos and Fable models offline. The FBI guts a billion dollar phishing empire. Another security tool becomes the critical vulnerability. A fired IT workers 21 month grudge and our latest addition to Fortawatch. This is cybersecurity Today and I'm your host David Shipley. Let's get started. The US government has yanked Anthropic's two most capable AI models offline for everyone on Earth. BLEEPING Computer and Fortune report that On Friday the U.S. commerce Department issued an Export Control Directive citing national security. It bars any foreign national inside or outside the United States, including anthropic's own non US citizen staff, from accessing Fable 5 and Mythos 5. To comply, anthropic had to shut both models down for everyone. Other models, including Claude Opus 4.8 are still online. The stated trigger for the US government action? A reported method to bypass Fable 5's safeguards. Anthropic says it reviewed the report and found capability that's widely available Elsewhere, including in OpenAI's GPT 5.5, which as of this recording on Sunday night was not subject to an export control directive. CNBC reports the White House has spent over a year in talks to acquire an equity stake in OpenAI, which is Anthropic's chief rival. The Pentagon has already branded Anthropic a supply chain risk earlier this year. That's a label usually reserved for foreign adversaries. Anthropic sued. That fight is ongoing. White House advisor David Sachs said that government officials acted last week reluctantly after Anthropic refused to fix or de deploy. There may be several reasons behind the Anthropic model ban. Maybe Anthropic's own marketing has made its tools sound far too dangerous to leave standing. Maybe a real risk exists that Washington hasn't fully disclosed. But if the threat were that grave, why leave the door open to every US citizen, criminals included? Maybe it's payback. Maybe it's about giving OpenAI an edge. Or maybe, as some foreign countries are wondering, it's economic warfare. There's a non zero chance it's a multiple choice. Answer One certainty. This absolutely pours fuel on the global push for sovereign AI and sovereign compute. We turn now from the latest Anthropic drama to a much more positive government move. The FBI just pulled the plug on one of the biggest phishing operations going. Bleeping computer reports the Bureau, working with Google and Black Lotus Labs, dismantled a China based phishing as a service network called Outsider Enterprise Active since at least 2023, it ran at industrial scale. Google ties it to over 9,000 fake websites and more than a million fraudulent URLs. The kits impersonated trusted brands in text messages, blasted out through AT&T T mobile and Verizon. The damage? 3.8 million stolen credit card records and an estimated 1.9 billion in losses. The takedown is part of the FBI's Operation Riptide. Agents seized administration servers, a Shopify storefront and the account the crew used to test its own service. They grabbed about $100,000 in tether from payment wallets. Thousands of seized domains now point to an FBI splash page, and the bureau took over a telegram bot, the one holding the operations customer list. Google has filed a civil suit against the infrastructure and is working with carriers to block messages upstream. The scale here is staggering. Over two weeks in May, 2.5 million scam texts hit in Android users from outsider systems. Google is also pushing seven bipartisan anti scam bills, including the Stop Scams act in the US which would put the FBI in charge of a coordinated national anti scam strategy. The biggest question here is this. Takedowns like this are real wins and deserve to be celebrated. But with AI letting operators rebuild infrastructure faster than ever before, how long will this last? Bad news yet another tool built to keep us secure has been turned into the vulnerability. This time it's Splunk, with a 9.8 critical exploit and details already public. The Hacker news reports that CVE2026 2253 lets an unauthenticated attacker run code on vulnerable Splunk servers. The root cause? A PostgreSQL sidecar endpoint that ships with no authentication. Any network reachable user can hit it, write files to the system and chain that into full remote code execution. Watchtower Labs published the full ATTCK chain on Friday. One detail really stands out. The sidecar is on by default in Splunk Enterprise on aws, so those deployments are exposed out of the box. Other self managed installs may not have the Sidecar enabled, but don't assume the fixes are now out. Splunk, now part of Cisco, patched it in versions 10.0.7, 10.2.4. The 10.4 line is not affected and Splunk Cloud is clear because it doesn't use the postgres sidecar. Now we turn from the latest critical vulnerability with a security tool to an ongoing critical vulnerability with process and a reminder that insider threat doesn't end on someone's last Day bleeping Computer reports that a former IT specialist at Iowa's Seidel Community School District has been sentenced to 21 months in prison for a campaign that ran exactly that long against the district that once employed him. Ezekiel Dean Potter, 34, left the district in April 2023, but he kept his access. Prosecutors later called him a quote, plague on the network. The record backs it up. He deleted its Facebook page. He gutted its Apple school Manager account, wiping users passwords, billing data and device management records, locking staff out of their MacBooks and iPads for about a week. It escalated in January 2025, prosecutors say he broke into the district's schoolology platform through a Google Admin account and deleted an IT staffer, knocking out teacher access for two hours. A week later, he deleted nine Gmail accounts, including those of the IT director and the superintendent. Investigators traced the activity to an IP address at 1 of his later employers. And after leaving one of those employers, he asked a former coworker to wipe a USB drive from his desk. The co worker handed it to investigators instead. On IT spreadsheets of Seidel usernames and passwords, Potter pled guilty under the Computer Fraud and Abuse act. He owes nearly $60,000 in restitution to the district and its insurer. The lesson here is one of the oldest in the cyber book. When someone with the keys leaves, change the locks. And we've told a version of this story fairly recently. Back on May 15, it was the actor twins, two fired federal IT contractors who deleted 96 US government databases in the hour after they lost their jobs and unfortunately recorded themselves doing it on a teams call they forgot to switch off. This case is the Slow Burn edition of the same mistake. Retained access left live for too long. Sadly, it's time for another Fort a Watch segment. That's where we talk about Fortinet's latest critical vulnerabilities, which has happened so much this year. We created a dedicated title for it. And this week we have a little bit of good news. For the first time this year, Fortinet strung together more than a month without a critical vulnerability advisory from the 40 client EMS fixes in early April through June 9th. Almost two months. No major critical vulnerabilities. That's a real stretch, and it earns them a nod. But then came CVE2026 25 089, a critical OS command injection in 40 sandbox. No authentication required, with proof of concept already public. That unfortunately ends the streak. But to give them a nod, Fortinet's own product security team found the vulnerability, caught in house, fixed it and shipped it in the wild. Exploitation hasn't been seen yet, but as always, that's a matter of time. So here's the new challenge. Fortinet let's go for a full quarter, 90 whole days, no critical vulnerability advisories. Keep finding bugs, but do it internally. Keep shipping cleaner code and you'll get there. Until then, Fortawatch will be standing by. But we're rooting for you and we're hoping for a boring few months. That's Cybersecurity today for Monday, June 15, 2026. Thanks for listening. I'll be back on the news desk on Wednesday. This week I'm in beautiful Montreal for for the National Cybersecurity Consortium's research event. I'll be on the lookout for some great Canadian research examples and some cyber good news stories. Until Wednesday, Stay safe.
Title: Anthropic Models Blocked, FBI Takes Down $1.9B Phishing Network, Critical Splunk Flaw, and More
Host: David Shipley
Date: June 15, 2026
This episode delivers updates on the latest major cybersecurity incidents and developments. Topics include the US government's dramatic takedown of Anthropic’s flagship AI models, a record-breaking FBI bust of a global phishing network, a critical vulnerability in Splunk’s security software, an insider attack by a disgruntled ex-IT worker, and a “Fortawatch” check-in on Fortinet’s ongoing vulnerabilities. The episode provides actionable insights for securing organizations in an evolving risk landscape.
The episode ends with Shipley noting his attendance at the National Cybersecurity Consortium's research event in Montreal, promising to return with Canadian research highlights and positive cyber stories.
This episode delivers urgent news and analysis on cyber governance, law enforcement action, tool vulnerability, and critical process lapses. Key themes include vigilance in supply chain and insider risk, the shifting balance between global competition and regulation, and the industry’s ongoing challenge to deliver trustworthy, patchable security solutions.