Cybersecurity Today

The U.S. government orders Anthropic to shut down foreign access to its Fable 5 and Mythos 5 AI models after the Pentagon labels the company a supply-chain risk.
David Shipley examines what may be  behind the decision and what it means for countries and businesses that depend on American AI platforms.
The FBI also disrupts Outsider Enterprise, a China-based phishing-as-a-service network linked to more than 9,000 fake websites, one million fraudulent URLs, 3.8 million stolen payment-card records and an estimated $1.9 billion in losses.
Also in this episode:
A critical Splunk vulnerability could allow an unauthenticated attacker to remotely execute code through a PostgreSQL sidecar service enabled by default in some deployments.
A former Iowa school IT worker is sentenced after retaining access for 21 months and using it to delete accounts and disrupt school systems.
And FortiWatch returns with a critical FortiSandbox command-injection vulnerability that requires no authentication.
Cybersecurity Today is hosted by David Shipley.
Chapters
00:00 Cybersecurity Today headlines
00:26 U.S. government shuts down Anthropic AI models
02:59 FBI takes down Outsider Enterprise phishing network
04:47 Critical Splunk vulnerability explained
06:31 Former school IT worker sentenced for cyberattack
08:29 FortiWatch: FortiSandbox command-injection vulnerability
10:08 What's ahead this week

Cybersecurity Today on the Weekend interviews the winning Canadian CyberTitan team ("S-ores"/a regex-based name) along with coach Phil, educator Tim, and CyberTitan manager Sheena to explain how CyberTitan (run by ICTC) connects to the international CyberPatriot program. They describe the competition mechanics—securing compromised Windows, Windows Server, and Linux virtual machines for points, plus Cisco Packet Tracer networking—and how Canadian teams compete through CyberPatriot before the top teams advance to a national CyberTitan final. Students Faye and Eric share why they joined, their learning "aha" moments in Windows tools and networking concepts, and the value of teamwork. The guests discuss teacher benefits, free training materials, building diverse participation, sponsorship challenges, and hopes for a fully Canadian program with regional events and cloud-based cyber ranges like Field Effect's.
00:00 Weekend Show Intro
01:00 Tim's CyberTitan Journey
01:46 ICTC Explained
02:08 Who Can Compete
02:42 Why CyberTitan Matters
03:22 Origins and CyberPatriot Link
04:04 How The Competition Works
05:09 Meet Team Sors
07:07 Coach Phil's Role
09:44 Why Students Join
12:08 Student Aha Moments
15:13 Community and Teacher Wins
16:34 Sheena Runs The Show
17:29 Scale and National Reach
18:51 Coast To Coast Growth
19:40 XOR Team's Home District
19:55 Teams Across Toronto
20:39 Trophies Medals Coins
21:22 Eric Why Join
23:04 Faye Encouragement Story
25:51 Teachers Start Teams
27:52 Building Girls Pipeline
30:40 Cloud Range Future
33:49 2030 Vision Wrap

Anthropic is calling for governments to have the authority to stop deployment of advanced AI systems that pose unacceptable risks. CEO Dario Amodei points to the company's Mythos cybersecurity model as proof that AI has become a matter of national and strategic consequence, warning that cyber risks may soon be followed by biological and autonomy risks.
Meanwhile, security researcher Nightmare Eclipse has released RoguePlanet, a new Windows Defender zero-day that reportedly works against fully patched Windows 10 and Windows 11 systems. The disclosure comes shortly after Microsoft said it had no intention of pursuing action against security researchers, suggesting the dispute between the company and the researcher is far from over.
And European authorities have dismantled AudiA6, a cryptocurrency laundering operation that Europol says used thousands of fraudulent exchange accounts to help obscure the proceeds of ransomware attacks and other cybercrime. Investigators linked the service to more than 15 ransomware and major cryptocurrency theft investigations worldwide.
Chapters
00:00 Top Stories Rundown
00:19 Crypto Laundering Takedown
02:02 Why Cashout Networks Matter
02:36 RoguePlanet Zero Day Drops
03:19 Microsoft Researcher Fallout
04:24 Exploit Reliability And What Next
05:37 Anthropic Wants Stop Powers
06:10 Mythos Model Cybersecurity Shock
07:37 Regulation Motives And Competition
08:37 Beyond Cyber Bio And Autonomy
09:20 Closing And Next Episodes

Instagram AI Support Hack Hits 20,225 Accounts; AI Worm 'Hades' Lies to Security Tools; Chrome Zero-Day Patch
Host David Shipley reports Meta says 20,225 Instagram accounts were hijacked after an AI support tool was tricked into sending reset links to attacker-controlled emails, with only MFA-protected accounts resisting. Step Security details a new Miasma-derived worm wave called Hades that targets config files for 14 AI coding tools, can inject instructions to hijack assistants, lies to AI security tools, and includes a "dead man switch" wipe if stolen GitHub tokens are revoked; Microsoft also removed some GitHub repos after 73 open-source projects were compromised to inject an info stealer. University of Toronto and Vector Institute researchers demonstrated an AI worm using a free local model that spread across a simulated network via known flaws and misconfigurations. Google issued an emergency Chrome patch for actively exploited CVE-2026-11645 in V8, and insurers are tightening claims scrutiny and increasingly excluding AI-related liabilities.
00:00 Instagram AI Hack Fallout
01:36 AI Worm Hades Evolves
02:55 Microsoft Repo Compromise
03:54 Lab Built AI Worm Demo
05:27 Emergency Chrome Zero Day
07:07 Cyber Insurance Tightens Up
08:02 AI Liability Coverage Shrinks
09:16 Wrap Up and Sign Off

TClaude Outage Data Leak Fears, Microsoft GitHub Worm, IBM Hack Allegations, Meta AI Instagram Takeovers, and Canada's Bill C-8
David Shipley reports that Anthropic's Claude suffered a roughly two-hour outage affecting models including Opus, during which a user alleged receiving another customer's conversation; Anthropic says it has no evidence of a data leak and is investigating. A Team PCP self-spreading worm, Miasma, infected 73 Microsoft GitHub repositories across four accounts and now triggers via AI coding assistants when developers open cloned projects. A former IBM threat-intel executive, William Barlow, alleges IBM was hacked three times by foreign governments (including APT10 from 2013–2016) and concealed it; IBM denies wrongdoing and the claims are unproven. TechCrunch reports attackers hijacked Instagram accounts by persuading Meta's support chatbot to relink accounts to attacker emails, with ongoing reports despite Meta saying it's fixed. Canada's Senate passed critical-infrastructure cybersecurity law Bill C-8, mandating rules and incident reporting for telecom, finance, energy, and transportation.
00:00 Top Headlines Rundown
00:37 Claude Outage Data Leak Fears
02:17 Miasma Worm Hits Microsoft
03:52 IBM Breach Cover Up Claims
05:25 Meta AI Hands Over Instagram
06:40 Why Chatbots Fail Social Engineering
07:44 Canada Passes C-8 Cyber Law
09:58 Wrap Up and Sign Off