
Loading summary
A
Microsoft hangs out the unwelcome sign for bots and teams Anthropic's Fable model is back, but restrictions remain on mythos. New BioShock trick breaks AI browser safety guardrails Ransomware groups breach hundreds of organizations thanks to Fortableed and Nissan confirms employee data breach this is Cybersecurity today and I'm your host David Shipley. Let's get started. Microsoft has decided that not every guest deserves a seat at an online meeting. The company has rolled out a new Teams administrative policy that lets organizers stop third party bots from crashing meetings without approval. It's called Manage External Bots and Their Access to Meetings, and it lives in the Teams Admin Center. Admins can apply it to individual users or to specific groups. Here's how it works, according to Bleeping Computer when the policy is on, teams sniffs out potential bots, parks them in a lobby and slaps a label on them, asking an organizer to sign off before they get in. Even in meetings where everyone else can skip a lobby, a flagged bot waits at the door. The point here is improve visibility, and it applies to transcription bots, note takers, automated tag alongs, as well as malicious apps wearing one of these as a costume. Microsoft first floated the feature in a March roadmap entry. It's live now across Windows, macOS, Android and iOS on standard multi Tenant and GCC cloud. Microsoft says more is coming. It's building allow list for trusted bots, a switch to block external bots entirely, plus administrative reports and audit logs on what's being detected. Starting in December, admins will be able to block external teams users outright through the Defender Portal. Anthropic's most powerful public model is back. Fable 5 returned for global users starting on Wednesday after the US Commerce Department lifted export controls late Tuesday night. Fable is available to all customers, but Anthropic says cybersecurity or safety risks may be routed to less powerful models instead. An Anthropic spokesperson told NBC News it had implemented a new method of blocking cybersecurity workarounds that had first worried officials and that experts from the Commerce Department's center for AI Standards and Innovation tested the new security approach and backed the new controls. Fable 5 and its more powerful sibling, Mythos 5, went dark on June 12 after the US administration ordered anthropic to block all foreign nationals, citing national security concerns. Reporting at the time of the ban pointed to worries that Fable 5 could be jailbroken and used in cyber attacks. Anthropic downplayed those reports saying those that had surfaced were already known minor flaws. Commerce Secretary Howard Lutnick said the government worked with Anthropic over the past two weeks to analyze and approve access to the mob. His letter reserves the right to reimpose controls if Anthropic doesn't hold to its commitments. In other AI security news, you can talk an AI powered web browser out of its own safety rules by convincing it that reality is optional. Researchers at LARX call the attack bioshocking. In this attack, a malicious website hands a browser a game. Solve a puzzle to win, but the puzzle rewards wrong answers. 225 Once the AI accepts that the answer isn't 4, it slips into what the researchers describe as a state of delusion, a place where consequences don't exist and guardrails no longer bind it. Then the site makes its move. It asks the browser politely to prove its aptitude by handing over the contents of a code box. It signs off with Victory is Defeat. The names are literary. Would you'd kindly is the hypnotic trigger for the video game BioShock. Victory is defeat and 225 come straight out of Orwell's 1984 fitting for an attack that's built on convincing a machine to believe in a lie. Larax researcher Roy Paz says all six agents failed to flag for the final step, stealing user credentials as a violation of their guardrails. The BioShock technique worked against ChatGPT, Atlas, Comet, filu, Genspark, Sigma, and the Claude Chrome plugin. Larax admits the proof of concept is more of a demonstration at this point than an effective weapon. The game is still visible to the user, so it's not stealthy, and it's unclear whether the stolen data ever left the machine. But it raises interesting questions as governments yank and then allow back certain powerful AI models. And that's not the only guardrail hack we have to report. The guardrail that's supposed to stop an AI coding agent from running a dangerous command can be stepped around with a shell trick that's been public for decades. Adversa AI calls the bypass GuardFall. The Hacker News reported that GuardFall worked against 10 out of 11 open source coding tools that Adversa AI tested. Only one continue held up. The tested tools have nearly 548,000 GitHub stars between them. The flaw here is a mismatch. Most agents check each command against a block list as plain text, but Bash rewrites the text before it runs, stripping quotes, expanding shortcuts so the filter and the shell end up reading two entirely different things. A filter watching for RM sees nothing wrong with R M. Bash drops the empty quotes and runs RM anyway. Adversa says there isn't a bug here to patch, and there's no cve. It's a class of problem that's baked into programming conventions for decades. Adding more to a block list pattern does not fix any of this. The best defense is to make sure the commands are parsed in a way that Bash would before deciding what actually runs. But it's also important here that everyone be exceptionally careful with what AI coding agents get to use when it comes to inputs, what data sources they read or consult in doing things, and what actions ultimately they're actually allowed to perform. Socradar now links the mass fortigate credential theft known as fortableed to two ransomware crews Inc. Ransom and Lynx. An operator with access to fortableed infrastructure was found logged into both groups negotiation panels. Those panels are the first and direct line from credential harvesting to actual deployment of ransomware, and threat actors have been Busy, according to Socradar. They've been scanning against roughly 11,250 FortiGate portals in more than 150 countries, the hacker News reports. That confirmed ransomware admin Access exists on 409 of those portals, and a full attack chain was completed on 354. There were at least a dozen ransomware deployments with hundreds of endpoints encrypted. Socradar pegs the crew running this at about 20 people who are Russian speaking and working as initial access brokers. And they're not stopping at just Fortinet. Investigators found a target list of some 29,000 Citrix IP addresses, plus a suspected zero day in Nextcloud. Nissan has confirmed a data breach the automaker says attackers exploited a zero day in Oracle's PeopleSoft, the software Nissan Americas uses to manage payroll and personnel records. In a breach notification filed with California's attorney general, Oracle said the data theft campaign hit hundreds of companies and that Nissan was specifically targeted. According to Bleeping Computer. Nissan is still early in its investigation but believes the stolen data may include employee contact details, banking information, national identification numbers, tax records and beneficiary information. The breach is believed to affect employees in the United States, Canada, Mexico and Brazil. Nissan says that it has locked down affected systems, brought in outside experts, and is working with Oracle. It's offered credit and dark Web monitoring where available, and it's tightening down on payroll. Access to pay slips and direct deposit changes are now restricted to company computers or those on the secured VPN with extra identity checks before any payroll change requests go through. The trail for this breach leads back to Shiny Hunters. The extortion gang claimed responsibility for the overall wider campaign, telling bleeping computer it breached over 300 PeopleSoft instances across a hundred different organizations. Oracle later disclosed the flaw behind the breach, CVE202635273 and shipped emergency mitigations. Mandiant confirmed threat actors exploited it as a zero day and data theft attacks between May 27 and June 9, primarily against the education sector. Shiny Hunters has already begun leaking victim data. Victims posted to its data leak site include the University of Nottingham and the national association of Insurance Commissioners in the United States. Shiny Hunters is the same crew behind the Instructure canvas hack. That one lifted 280 million records from students, teachers and staff around the world before Instructure cut a deal with them to yank the information off the web. And that's Cybersecurity today for Friday, July 3rd. To our American listeners, Happy Independence Day on Saturday and happy 250th for all the IT cybersecurity and incident response teams out there. I hope you all have a wonderfully quiet Independence Day weekend. I'll be back on the News desk on Monday, July 6 with the latest headlines. We won't have a Weekend Edition tomorrow, but if you're looking for something to listen to, I highly recommend last weekend's episode with Jennifer Hutton where we talk about car dealership cybersecurity. Thanks for listening and if you like the show, please let us know. Drop us a note@technewsday.com or CA or leave a comment under the YouTube video. Have a great weekend.
Podcast: Cybersecurity Today
Host: David Shipley
Episode: Teams battles bots, Bioshocking AI browser guardrails, Fortibleed fuels ransomware
Date: July 3, 2026
This episode covers a packed week in cybersecurity, focusing on enterprise security threats and defensive tools. Host David Shipley breaks down Microsoft Teams’ new anti-bot policy, emerging AI safety vulnerabilities (including “bioshocking” browser exploits), new security features in Anthropic's Fable model, the catastrophic Fortibleed mass breach linked to ransomware attacks, and details surrounding the Nissan/PeopleSoft data breach. The episode is a timely resource for businesses and IT professionals concerned with keeping up in an increasingly high-risk environment.
[00:30–03:30]
Notable quote:
"The point here is improve visibility, and it applies to transcription bots, note takers, automated tag alongs, as well as malicious apps wearing one of these as a costume."
— David Shipley [01:15]
[03:35–06:45]
Notable quote:
"If Anthropic doesn't hold to its commitments, his letter reserves the right to reimpose controls."
— David Shipley [06:30]
[06:50–09:10]
Notable quote:
"Once the AI accepts that the answer isn't 4, it slips into what the researchers describe as a state of delusion, a place where consequences don't exist and guardrails no longer bind it."
— David Shipley [07:50]
[09:15–11:00]
Notable quote:
"Adding more to a block list pattern does not fix any of this. The best defense is to make sure the commands are parsed in a way that Bash would."
— David Shipley [10:35]
[11:05–13:20]
Notable quote:
"Those panels are the first and direct line from credential harvesting to actual deployment of ransomware, and threat actors have been busy..."
— David Shipley [12:00]
[13:25–16:40]
Notable quote:
"The breach is believed to affect employees in the United States, Canada, Mexico and Brazil. Nissan says that it has locked down affected systems, brought in outside experts, and is working with Oracle."
— David Shipley [15:40]
| Timestamp | Segment | |------------|-------------------------------------------------------| | 00:30-03:30| Microsoft Teams blocks bots from meetings | | 03:35-06:45| Anthropic Fable 5 returns with new security policies | | 06:50-09:10| Bioshocking: AI browser trick bypasses guardrails | | 09:15-11:00| GuardFall: AI coding agents bypassed via shell trick | | 11:05-13:20| Fortibleed breach facilitates mass ransomware | | 13:25-16:40| Nissan’s PeopleSoft data breach and broader campaign |
Listeners are advised to monitor new developments, especially regarding AI tool usage, cloud app security configurations, and urgent patching of enterprise software platforms.