Loading summary
A
Cybersecurity Today we'd like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email identity and data threats inside Google Workspace and Microsoft 365. You can contact them at Material Security.
B
Washington loosens restrictions on Anthropic's most powerful AI, but only for American firms A Canadian hacktivist heads to prison over Texas GOP hack An unpatchable iPhone exploit is a gift to the forensics trade and the CISO job is breaking more people than ever before. This is Cybersecurity Today and I'm your host David Shipley. Let's get started. On Friday, the US government granted a partial reprieve to Anthropic's most powerful model, Claude Mythos 5SEMAFOR reported. The decision clears the model for release to more than 100American firms and U.S. institutions. The list includes major companies and government agencies, but the leash here is still pretty short. Access stays locked to approved US Entities only. This is a narrow carve out, not a return to open release and business as usual. Two weeks ago, the administration slapped export controls on Anthropic, the Mythos model and its more restricted version, Fable 5, went dark. The trigger was a warning from Amazon and others that the models could be jailbroken and turned to malicious use. Security professionals have been debating whether those concerns were really a jailbreak. The shift from the US Government came in a letter Friday afternoon, US Commerce Secretary Howard Lutnick wrote to Anthropic's chief compute officer, Tom Brown. Lutnick said appropriate safeguards were now in place to let trusted partners access the model. He credited two weeks of intense daily talks between the company and the U.S. government. The letter says nothing about Fable 5. People close to the talks between Anthropic and the government say a release is likely, but the timing is unclear. The same day Washington freed Mythos, it leaned hard on OpenAI. Politico reported that OpenAI's newest model, GPT5.6, will ship only to a small group of government approved partners as well. OpenAI hadn't planned on restricting access to that model. The company changed course at the White House's request after consulting the Office of Science and Technology Policy and and the Office of the National Cyber Director. So both major USAI frontier firms are now playing by the same rules. This all traces back to an executive order US President Donald Trump signed earlier this month. It set up a review process for the most cyber capable models, asking companies to submit them voluntarily 30 days before release. None of this news is likely going to calm foreign government fears over access to US Technology. When Washington pulled Mythos and Fable, the EU called it a wake up call on technological sovereignty. Canada's prime minister pointed out the risk of depending on a small cluster of powerful US Tech firms. France's foreign intelligence service has already dropped American software giant Palantir for a domestic rival. A Canadian hacker tied to the Anonymous collective is heading to prison. All the Aubrey Cottle, a 39 year old from Oshawa, Ontario, was sentenced Friday to 18 months in custody. He had pled guilty to three charges stemming from a 2021 cyber attack on the Texas Republican Party. Cottle goes by the alias Curtainer Online after credit for time served. He has roughly 175 days left in his sentence, the Globe and Mail reported. The attack dates to September 11, 2021. Cottle got into the Texas GOP's website by first compromising its web host, Epic. He defaced the site and he pulled down 180 gigabytes of data, including sensitive personal and financial records. Then he posted it online and Anonymous claimed credit. At the time, he pled guilty to fraudulently obtaining a computer service and causing mischief to data under Canadian law. But there was also a third charge. Cottle breached his bail conditions. He was to live with his mother and he was to stay off the Internet unless he was supervised. He did neither. The judge called the breach flagrant. Cottle has been in custody since late October. As a result, the judge balanced the bail breach and the other crimes against his clean prior record and what he called strong rehabilitation prospects. Cottle told the court he wants to leave crime behind, finish a computer science degree and one day work for the Canadian government. But the Canadian sentence may not be the end of Cottle's troubles. He also faces charges in the United States over the same conduct. Those charges have not yet been tested in court. If he is extradited and convicted there, he could face a far stiffer penalty than the one handed down on Friday in a Canadian court. Cottle's lawyers are fighting any extradition request and want the US Charges dropped. A new exploit cracks Apple's secure boot chain on millions of older iPhones and Apple can't patch it. European research firm Paradigm Shift disclosed the flaw. They call it usbliterate, Security Week reported. It targets Apple's secure rom, the first code an iPhone runs at startup and the foundation of the whole secure boot process. Because that code is baked permanently into the chip, no software update can fix it. This is not a remote attack, and it requires physical USB access to the device. An attacker plugs in a small microcontroller board, sends crafted USB packets, and triggers a memory write that hands them full control before the operating system even loads. No physical access, there's no attack. The blast radius here is older hardware devices equipped with the A12 and A13 chips, which date back to 2018 and 2019. Affected models include the iPhone, XS, XR and 11 plus some older Apple watches. Anything with an A14 or newer chip is in the clear, and Macs aren't affected at all. Apple also stressed that user data isn't directly exposed. The secure enclave, which guards your files, photos and messages, isn't cracked open by this flaw, though the researchers note it widens the path towards going after the enclave later. So who actually wins from this exploit? Police and intelligence agencies. They're the ones sitting on piles of locked, older iPhones that they've been unable to open. This is tailor made for forensic extraction, and Paradigm Shift has already published proof of concept code, which means the mobile device hacking vendors, the Cellebrites and Graykeys of the world, have a working blueprint. Expect extraction modules built on usbliterate to ship in short order. The top cybersecurity job is wearing people down, and more are choosing to leave the CISO role and the way that companies buy that CISO expertise is changing because of these trends. A new survey from Issa International and analyst firm Omedia lays it all out. More than two thirds of senior cybersecurity leaders, 68% say the job is harder than it was two years ago. Dark Reading reported that 55% point to rising complexity and workload, and 52% say the threats themselves have become overwhelming. The result is an exodus. The share of companies with a full time ciso dropped to 63%, down from 76% in 2024. Over the same stretch, fractional CSOS professionals brought in part time, often for consulting or to help with Strategy, climbed to 15% from 6% to firms. On a more positive note, the fear of personal liability, the thing that rattled the field after The Uber and SolarWinds prosecutions has cooled. It didn't even crack the top reasons for CISO's stress in the survey. What replaced personal liability as the top concern is now AI. Shadow AI. Inside the enterprise is a fresh migraine staff switching on tools that the security team never sees, which is the same blind spot problem that came with Cloud and SaaS. But CISOs also want AI working for them 37% say they already use it. Another 46% plan on using it. The tasks they want to offload, the automated assessments, software testing, predictive risk analysis and threat detection. The fractional trend isn't just about burnout, though. Smaller firms now have to prove their cyber hygiene to land insurance, and the paperwork for that demands real expertise. So now they're renting it. One CISO interviewed in the study put it plainly. He he isn't seeing CISO roles eliminated per se. He's seeing the cost of those roles spread around. And that's Cybersecurity today for Monday, June 29th. Thanks for listening and if you like the show, please let us know. Drop us a note@technewsday.com or CA or you can leave a note under the YouTube video. I'll be back on Wednesday with the latest headlines. Until then, stay safe and have a great start to your week.
A
Here's a question worth asking. What happens after a phishing email slips past your filters? Most email security tools only guard the front door, but attackers are already inside. Material security is different. It's a unified detection and response platform, purpose built for Google Workspace and Microsoft 365, protecting email files and accounts all in one place. We're talking automated phishing, remediation, account takeover containment and sensitive data protection without alert fatigue. Find out why companies like Figma, Reddit and Lyft trust material to stop the threats. Other tools Ms. See workspace security in action at Material Security. That's Material Security. And if you do contact them. Take a second and say thanks for sponsoring Cybersecurity Today.
Host: David Shipley
Date: June 29, 2026
In this episode, David Shipley delivers a rapid roundup of critical cybersecurity developments, with a particular focus on the US government's evolving stance on powerful AI models, a landmark sentencing of a Canadian hacktivist, a newly disclosed unpatchable iPhone exploit, and a revealing survey on the pressures facing CISOs. The episode blends policy analysis, breach case studies, technical exploit insights, and workplace trend observations to keep business leaders and security professionals informed about the shifting threat and technology landscape.
Partial Reprieve for Anthropic's Claude Mythos 5
OpenAI Faces Similar Restrictions
Global Reaction and Sovereignty Concerns
Details of the Exploit
Impact and Beneficiaries
Survey Findings
Stress Causes and AI’s Double-Edged Sword
Changing Needs and Industry Adaptations
David Shipley maintains a brisk, concise, and slightly wry tone throughout, blending clarity and urgency. He paraphrases sources, summarizes key takeaways, and sometimes offers paraphrased commentary by survey participants or government sources, always keeping the focus on practical implications for business and cybersecurity professionals.
For more detailed headlines and next updates, tune in to the next Cybersecurity Today episode or contact David Shipley via technewsday.com.