Anthropic’s Claude Fable 5 Pulled From The Market

Posted in Commentary with tags on June 16, 2026 by itnerd

Something that I missed last week is the fact that Anthropic who has had a testy relationship with the government has released Claude Fable has been released and then pulled shortly after release:

The AI lab said in a statement that the federal government told it Friday afternoon that it had become aware of a way of “jailbreaking” Fable 5, bypassing limits that Anthropic had implemented to reduce the risk the model could be misused. When Anthropic first announced Mythos, it released the software to only a select group of government agencies and technology professionals because of its ability to uncover cybersecurity vulnerabilities. 

The government imposed what are known as export controls on the products, which Anthropic said means it had to suspend access to the two models by any foreign national, whether inside or outside of the US. The only way it could do so is by shutting the models down entirely, the company said.

So what is Claude Fable 5. I will let the company itself explain:

Claude Fable 5 is a Mythos-level model built for your most ambitious, long-running projects. Try problems you weren’t able to solve with other models. Claude Fable 5 is thorough, proactive, and tests its own work.

Scary stuff. Chris Nyhuis, CEO of the cybersecurity company Vigilant had this comment including with the fact that Amazon was behind this:

A jailbreak is when someone gets an AI model to step around the safety limits its maker built in. In our work that matters because the same capability that lets a model find and fix a vulnerability in a client’s code is the capability that can hand an attacker a roadmap. It’s dual-use, like most powerful tools

Did a “jailbreak” even happen or did Amazon make it up? 

From my perspective it is not even clear a real jailbreak happened. What was demonstrated was a model being asked to read code and fix the flaws in it. That is not someone breaking the guardrails; that is the exact job we hire these tools to do. By the maker’s own account the vulnerabilities were minor and already findable with other models. We pulled a national defensive asset off the field over a finding that, on the public record, looks more like normal defender work than a weapon.

What are the ramifications from the White House to Wall Street to Main Street?

This was the first time a government pulled a commercial AI model off the market over a cyber capability. That sets a precedent every CISO, cloud provider, and investor now has to price in. When access to your best defensive tool can disappear in ninety minutes by directive, that is a board-level risk, not just an engineering one.

Has the White House overstepped and weakened cybersecurity nationally? 

The cybersecurity defender’s argument is straightforward. America’s adversaries are not waiting for an export license. If we slow the people defending American networks while the attackers keep moving, we have made the gap worse, not better. The honest version is that this is a genuinely hard tradeoff, and reasonable people in my field disagree on where the line sits.

How do we know what to trust from AI and if cybersecurity can protect us from hackers jailbreaking? 

Tools come and go, but the harder problem is the people. In the cyber world we hand a small number of people the keys to everything: the networks, the source code, the detection systems. As a nation we have to be far better at making sure the people in those seats are vetted, trusted, and genuinely on our side. That is not about where someone was born. It is about whether we have done the work to earn confidence that the person holding the keys is aligned with the mission. Right now we lean too hard on the technology and not nearly hard enough on the trust model around the people who run it.

Leave a comment »

Salesforce Acquires Fin

Posted in Commentary with tags on June 16, 2026 by itnerd

Something that I missed in my coverage yesterday is that Salesforce has acquired Fin. Here’s the details:

Fin’s core offering, its AI Agent, resolves complex customer queries end-to-end, across every channel, including live chat, email, WhatsApp, SMS, phone, and Slack. The AI Agent is powered by the company’s proprietary AI model, Apex, that is purpose-built for customer support and has demonstrated industry-leading resolution rates that outperform top commercially available frontier models.

 Anoop Dawar, Chief Strategy Officer (CSO) of Deepgram had this to say:

“This isn’t a one-off. In a single month we’ve seen Fin acquired, SpaceX pay $60 billion for Cursor, and OpenAI stand up a $10 billion deployment company – three very different bets on the same scarce thing: teams that can make AI agents work reliably in the real world, not just in a demo. That capability has quietly become the most valuable asset in software, because these are probabilistic systems that drift and have to be measured and monitored continuously to stay accurate. And it gets hardest in voice – real-time, unforgiving, no second take – which is exactly where the next phase of this race will be won.”

The deal is scheduled to close during Salesforce’s fiscal year 2027 and Salesforce will not impact Salesforce’s capital return program.

Leave a comment »

CloudBees Names Moritz Plassnig Chief Executive Officer

Posted in Commentary with tags on June 16, 2026 by itnerd

CloudBees today announced that Moritz Plassnig has been appointed Chief Executive Officer, effective immediately. Plassnig succeeds Anuj Kapur, who led the company through a defining chapter of operational transformation, bringing CloudBees to profitability and revenue growth, while serving global enterprise customers including Adobe, Bosch, Visa, Salesforce, and more.

Plassnig, founder of Codeship, the continuous integration and delivery platform acquired by CloudBees in 2018, returns with a rare combination: deep enterprise product instincts and a track record of building tools developers love. Most recently, Moritz served as Chief Product Officer at Immuta, a data security and governance platform, where he oversaw product, engineering and customer success. He will also join the CloudBees Board of Directors.

Plassnig assumes leadership at a pivotal moment for the software industry as AI is writing an increasing share of enterprise code. The enterprises CloudBees serves, including software and technology companies, financial institutions, governments, and critical infrastructure providers, want to embrace this shift. With agents now committing, testing, and deploying code autonomously, the bottleneck has shifted from generating code to governing what ultimately reaches production environments. 

Under Plassnig, CloudBees is moving immediately to be an AI-first company in the products it builds and ships, and in how it runs the business itself, with AI agents already embedded across CloudBees’ own engineering, marketing, and customer operations. The company’s open and flexible governance layer gives CIOs, CISOs, and platform leaders one place to set policy, manage risk, and maintain control over how software is built, secured, and released across every tool in their stack, not only CloudBees’ own. Every change, human or AI, becomes visible, auditable, and accountable, and the Global 2000 can adopt AI-driven development securely without replacing the tools and workflows their teams already rely on. Plassnig is already engaging with customers, and this will continue to be his priority in the coming weeks.

Leave a comment »

Fake Microsoft alerts show attackers are exploiting trust, not vulnerabilities

Posted in Commentary with tags on June 16, 2026 by itnerd

Frequent readers of this blog won’t find this new. But some of you will which is why I am covering it. For years fake Microsoft alerts have popped up via surfing around. But what makes this campaign unique is that these fake popups have been used to deliver North Korean-linked NarwhalRAT. This is another reminder that attackers don’t always need sophisticated exploits to compromise organizations. Increasingly, threat actors are succeeding by impersonating trusted brands, security notifications, and software providers to manipulate user behavior and bypass traditional defenses. The malware itself is only part of the story. The real challenge is that users are being asked to make security decisions in environments where legitimate and malicious prompts can look nearly identical.

Cybernews for example has details:

The infection begins with a spear phishing email pretending to be an urgent security alert from the “Microsoft Account Team.”

The message warns the recipient about suspicious one-time password activity and directs them to open an attached advisory document. In reality, the attachment is a ZIP archive hiding a malicious LNK shortcut file, not a real document.

Analysts at Genians Security Center said in a report shared with Cyber Security News (CSN) that this threat bears strong similarities to a Python-based backdoor campaign documented in May 2026.

Researchers named the malware NarwhalRAT, drawing on the string “naverwhale” found inside its code, believed to be an attempt to masquerade as Naver Whale, a popular browser in South Korea.

The malware primarily targets Korean users, and its behavioral structure confirms this. NarwhalRAT uses “naverwhale” as its working directory name and assigns Hidden and System file attributes to the created folder to stay out of plain sight.

It also handles KakaoTalk-related window identifiers separately during data collection, strongly pointing to Korean targeting. 

The threat actor operated a dual command-and-control structure using a Korean relay server alongside the pCloud API as a Dead-drop Resolver. This lets the attacker change the actual C2 address without touching the malware, and helps traffic blend with normal web activity, making detection harder.

Yagub Rahimov, CEO, Polygraf AI

“It’s interesting to see what NarwhalRAT tells us about where APT37 is focusing on. This group was almost entirely on RokRAT, it was their signature, basically the thing analysts used to point to them. Moving to a new Python-based RAT helped them break that signature – it helps them to look like someone else.

Everything else in this campaign is built around being invisible, not getting in clever. All the attempts like, the LNK chain, the fileless in-memory execution or the Python runtime taken from the official site – none of it is interesting on its own. APT37 has been running using similar playbook for over a year. What’s interesting is the attention to details. Wiped timestamps, a staging directory named to impersonate Naver Whale, persistence through a scheduled task with a name designed to blend into legitimate Windows entries. Every decision was trying not to trip anything that watches disk or signatures. There’s nothing for traditional antivirus to grab onto because almost nothing touches the disk in a recognizable form.

A fake Microsoft account security alert warning about OTP abuse is almost perfectly designed, it uses the victim’s own security awareness against them. The more trained someone is to take account-security warnings seriously, the more likely they are to open the attachment. That’s what this attack relies on. Every technical layer can be defeated by detection eventually, but the entry point is a human being doing what they’ve been told is the responsible thing. That’s where the chain actually breaks.”

While this is targeting Korean’s, you can expect it to target you next. Thus if your charged with defending your organization from threats, consider yourself warned.

Leave a comment »

Check Point and Illumio Expand Partnership to Deliver Protection and Resilience Against Frontier AI-Powered Attacks

Posted in Commentary with tags on June 16, 2026 by itnerd

Check Point and Illumio Inc., the breach containment company, today announced an expanded strategic partnership to help organizations defend against a new category of threat: frontier AI models capable of autonomously executing full-scale attacks at machine speed.

Frontier AI models are changing the nature of cyber attacks. Adversaries can now compress the entire attack lifecycle — discovery, exploitation, and lateral movement — into a single, automated sequence with little or no human involvement. The window between initial access and catastrophic breach is collapsing. For security teams already stretched thin, the critical question is no longer, “can we stop the attack at the door?” It’s “if something gets in, can we find it and stop it from spreading before the damage is done?”

This expanded partnership is built to answer both questions. Check Point delivers the industry’s best security for the perimeter, data center, and networks — with the best real-time threat prevention against unknown attacks and the most comprehensive Zero Trust security available. Illumio addresses what happens inside the network: visibility into how workloads communicate, exposure of attack paths, and microsegmentation controls that protect critical assets and contain breaches before they cascade into disasters. Together, the two companies deliver protection and resilience as a unified capability. Customers can now procure Illumio directly through Check Point, simplifying vendor consolidation and accelerating deployment.

Building on the 2025 integration with Illumio Insights, which helped security teams connect Check Point threat intelligence with workload visibility to detect lateral movement risk, the expanded partnership now adds deep integration with Illumio Segmentation. Security teams can align Check Point firewall policy with Illumio’s workload model across hybrid and multi-cloud environments, reducing unnecessary connectivity and making it significantly harder for attackers to move undetected through the network once inside.

The result is a more complete security architecture for the AI era. Check Point’s prevention-first enforcement stops threats at key network boundaries. Illumio Insights surfaces suspicious movement and attack paths across hybrid environments. And Illumio Segmentation, now more tightly aligned with Check Point firewall policy, limits how far any threat can travel once inside. For security teams managing more systems, more connectivity, and more change than ever before, this combination means faster detection, smarter decisions, and incidents contained before they become disasters.

The expanded integration is available now for joint Check Point and Illumio customers. Additional details, including technical integration guidance, are available in the Check Point and Illumio white paper.

Leave a comment »

ESET Research: China-aligned FishMonger updates its arsenal, targets governments in Asia and Latin America

Posted in Commentary with tags on June 16, 2026 by itnerd

ESET researchers have discovered two as-yet undocumented Windows variants (WIN_DRV and WIN_PLUS) of SprySOCKS, a previously Linux-only backdoor reportedly used by FishMonger, the group believed to be operated by a Chinese contractor named I-SOON. While ESET initially discovered the malware samples on VirusTotal uploaded in April 2024, ESET telemetry shows real activity between 2023 and 2024, with several victims in Honduras, Taiwan, Thailand, and Pakistan, targeting mostly government organizations.

The WIN_DRV variant includes support for over 30 Command and Control (C&C) commands, covering various functionalities, including system information collection and process enumeration as well as service management and file management functions, such as listing, creating, deleting, and transferring files.

In addition to the core backdoor functionality, FishMonger’s backdoor weaponizes a kernel driver for advanced stealth. SprySOCKS utilizes this driver to hide the malware’s network connections, processes, files, and registry keys and enables TCP traffic diversion, allowing the malware operators to send commands to the backdoor through a random TCP port on the victim’s device without exposing the backdoor’s real listening port in the network traffic.

Based on ESET telemetry, there are limited indications that some SprySOCKS attack scenarios could involve a UEFI bootkit component, possibly exploiting CVE 2023 24932.

FishMonger — believed to be operated by a Chinese contractor named I-SOON — is a cyberespionage group that falls under the Winnti Group umbrella and is most likely operating out of China, from the city of Chengdu. It is also known as Earth Lusca, TAG-22, Aquatic Panda, or Red Dev 10. ESET Research published an analysis of FishMonger in early 2020 when it heavily targeted universities in Hong Kong during the civic protests that started in June 2019. The group is also known to operate watering-hole attacks. FishMonger’s toolset includes ShadowPad, Spyder, Cobalt Strike, FunnySwitch, SprySOCKS, and the BIOPASS RAT.

For a more detailed analysis about FishMonger’s latest arsenal, check out the ESET Research blog post “Fishmonger’s arsenal upgraded: SprySOCKS for Windows” on WeLiveSecurity.com.

Leave a comment »

Guest Post: From numbers to networks: Top 3 skills that will turn CFOs into CEOs

Posted in Commentary with tags on June 16, 2026 by itnerd

 By Brian Veloso, Managing Director at SAP Concur Canada

2025 saw a record high number of CEO exits across global indices, driven largely by planned succession as leaders from across the C-suite stepped into top executive roles. In Canada, this shift is also reshaping how organizations view finance leadership, with businesses increasingly looking to CFOs not only for financial oversight, but also for strategic leadership.

One common transition is from CFO to CEO roles. According to this year’s annual SAP Concur CFO Insights Survey, 78 per cent of Canadian CEOs and MDs believe their company’s finance head has the potential to become the CEO in the future.

Include link to report once live

Yet, while CFOs bring a high level of skill to the C-suite, most business leaders (67 per cent) say they have critical areas to upskill in before they take the top spot.

Let’s unpack the top three skills CFOs must develop before they become CEO, according to the survey’s findings.

  1. Strategic leadership
    50 per cent of Canadian CEOs and MDs cite strategic leadership as a CFO skill that requires the most development. If finance chiefs want to transition from setting the financial agenda to the overall direction of the enterprise, they’ll need to develop their ability to make strategically sound, effective decisions around business priorities, trade-offs, and timing.

Strategy again comes to play when thinking about where finance should contribute the most to business growth. As an integral part of this strategic focus, CEOs want CFOs to provide new business models that ensure their companies long-term success.

  1. People leadership

The second-largest skills gap that Canadian CEOs and MDs perceive is people leadership, cited by 50 per cent of respondents. Business leaders see the jump from managing a ringfenced finance team to leading an entire organization as a hurdle for finance chiefs to overcome. But why do they lack confidence in their CFOs?


It could come down to how they perceive the head of finance’s ability to run their own department. Nearly a quarter (24 per cent) of Canadian CEOs report that finance faces talent and skills challenges which impact performance. Technology is a particular talent leak, with 86) per cent of CFOs finding it challenging to attract or retain talent with hybrid finance-technology skills.

If finance chiefs can overcome department-level talent challenges by enhancing recruitment, upskilling, and mentorship programmes, they could present a “proof of concept” of their wider people leadership capabilities to CEOs and MDs. It would illustrate that CFOs are capable of building a high-performing culture that can be replicated across the wider business – positioning them as the natural successor to the CEO.

Beyond finance, spearheading cross-functional initiatives that target multiple departments would help CFOs showcase expertise in other areas that business leaders see as developmental priorities. These include communication (25 per cent ) and visibility (25 per cent).

While CEOs and MDs believe the latter two skills need less development than others, they’re by no means unimportant.

  1. Commercial insight

Commercial or customer insight is ranked as the CFO’s third-largest development area (63 per cent%). Business leaders aren’t looking for finance leaders to play a background role that centres only on cost optimisation. Instead, they want a strategic partner who understands why customers buy and why they exit the revenue stream.

How the CFO works with customers, boards, investors, and partners – and accurately reports on revenue – matters just as much as internal performance management.

That’s not to say demand has fallen for traditional financial management activities. Canadian finance and business leaders still believe that finance priorities such as risk management (71 per cent) and cost efficiency (79 per cent) should contribute to growth. However, there’s a feeling that more could be done, just 46 per cent and 43 per cent of respondents say these areas contribute to the company’s growth, respectively.

To support business leaders as needed, CFOs will need to deliver substantive insights on revenue, costs, and growth opportunities both internally and externally. This is where data and analytics upskilling can unlock new opportunities for forecasting, scenario planning, and cost control.


By prioritising the focus areas identified by the business leaders of today, CFOs can prime themselves to become the business leaders of tomorrow. It’s the aspiring few with the necessary strategic leadership, people leadership, and commercial capabilities who will become CEO and play an integral role in shaping the future of business.

Leave a comment »

Hisense RGB MiniLED Supports FIFA World Cup 2026 VAR Operations at the International Broadcast Centre

Posted in Commentary with tags on June 16, 2026 by itnerd

Hisense is strengthening its role at FIFA World Cup 2026 as the tournament’s Official Video Assistant Referee (VAR) Review TV Provider. 

With FIFA’s VAR operations now fully operational at the International Broadcast Centre (IBC) in Dallas, Hisense RGB MiniLED TVs are supporting match officials with high-performance display technology designed for accurate and reliable decision-making.

The milestone highlights FIFA’s confidence in Hisense’s display innovation. Deployed within the VAR operations center, Hisense RGB MiniLED TVs deliver exceptional native colour performance and picture precision, helping officials review key match incidents with greater clarity and confidence throughout the tournament.

The importance of display technology in modern football officiating was recently highlighted when FIFA President Gianni Infantino visited the VAR center at the IBC and experienced the review process using a Hisense RGB MiniLED TV.

Powered by independently controlled red, green and blue light sources, Hisense RGB MiniLED technology delivers exceptional native colour performance, enhanced contrast and outstanding image accuracy. These capabilities make it particularly suited for officiating environments, where visual precision can play a critical role in reviewing decisive moments on the pitch.

Commenting on the partnership, Nick Brown, FIFA Director Commercial Partnerships, said: “This is a step forward towards delivering exceptional picture quality and accuracy. It is a testament to how technology can actively support and enhance aspects of the game during the tournament.”

Beyond the VAR operations center, Hisense RGB MiniLED technology also reflects a broader evolution in how football is experienced and delivered worldwide. From officiating to global broadcast production and fan viewing at home, advanced display innovation is helping ensure that every moment of the FIFA World Cup 2026TM is seen with greater clarity, accuracy and emotional impact.

For more information, please visit hisense-canada.com.

Leave a comment »

SOCRadar Discovers Active Fortinet Hacking Campaign – 30,000+ Firewall Credentials Exposed Corporate Networks Across 194 Countries

Posted in Commentary with tags on June 16, 2026 by itnerd

SOCRadar’s researchers have discovered a threat actor systematically compromising Fortinet firewalls and VPN gateways on a massive, global scale, silently building a verified database of working credentials across 194 countries with the US as the #2 target.

The attacker’s database contains login credentials for more than 30,791 devices belonging to companies, banks, telecom operators, hospitals, universities, government agencies, energy companies and multinational corporations with revenues in the tens of billions of dollars. Government entities alone account for 591 entries across 111 domains. Telecoms represent one of the most heavily targeted sectors with 5,616 entries.

The credentials are verified, working usernames and passwords, tested and confirmed by the attackers themselves using automated tools running around the clock. The credentials were leaked from Fortinet devices in earlier incidents, meaning many targets may have never changed their passwords after a prior breach. The attackers know this, and they are counting on it.

The operation is built around full automation. The attackers scan the internet for Fortinet devices, try a curated list of known passwords against each one, and record every successful login. Once a device is compromised, they use it as a listening post, monitoring traffic passing through and collecting any additional credentials that flow by. Those freshly collected passwords are then fed back into the scanner to compromise even more devices. The system feeds itself.

To view the research, please see FortiBleed: How 30,000 Fortinet Firewalls Exposed Corporate Networks Quietly 

Leave a comment »

Cinchy Appoints Cybersecurity Industry Veteran J.Paul Haynes as Chief Executive Officer

Posted in Commentary with tags on June 16, 2026 by itnerd

Cinchy today announced the appointment of J.Paul Haynes as Chief Executive Officer, bringing decades of cybersecurity leadership experience to the company as organizations increasingly seek trusted approaches to AI adoption.

Haynes joins Cinchy following a distinguished career helping build and scale some of cybersecurity’s most recognized organizations, including playing a leadership role in the growth of eSentire from an emerging startup into one of the industry’s leading Managed Detection and Response (MDR) providers.

His appointment comes at a pivotal moment as enterprises struggle to safely move beyond AI experimentation and begin integrating generative AI, copilots and autonomous agents into critical business workflows.

While AI promises significant gains in productivity and acts to unlock  innovation, many organizations are discovering that existing governance and security models were not designed for systems capable of independently accessing data, interacting with enterprise applications and influencing business decisions increasingly in autonomous fashions.

Under Haynes’ leadership, Cinchy will focus on helping organizations accelerate AI adoption while maintaining the governance, security and operational oversight required to do so responsibly.

Founded on a vision of helping organizations govern access to enterprise data, Cinchy has spent years helping customers establish trusted access, visibility and control across complex environments. Today, the company is extending that governance foundation to address a new challenge: enabling trusted AI adoption at enterprise scale.

The appointment reflects Cinchy’s belief that trusted AI adoption is becoming the defining technology challenge of this decade.

As AI continues to take on a more active role across business workflows, Cinchy remains focused on building the governance foundation organizations need to safely scale AI adoption across enterprise systems, data and processes, while maintaining visibility, accountability and trust.

To learn more about Cinchy, visit www.cinchy.com.

Leave a comment »

« Older Entries