Risky Business #842 -- Anthropic needs an adult in the C suite

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

• Anthropic’s Fable 5 and Mythos 5 get nuked by the US government four days after launch “because security”
• Why “guardrails” won’t keep the world safe from your AI doomsday machine
• The FISA 702 statute expired, but the spying can (probably) continue!
• NPM v12 delivers some protection against supply chain attacks, but not enough.
• Microsoft has a series of bugs that prevent Windows Update from … updating
• Much, much more!

This episode is also available on YouTube

Show notes

• Anthropic suspends new AI models after government directive | NBC News Tech
• Anthropic rankles users with safety-first Fable release | NBC News Tech
• How a 90-minute White House deadline sparked Silicon Valley’s biggest AI fight | washingtonpost.com
• Pete Hegseth (@PeteHegseth) on X | X (formerly Twitter)
• David Sacks (@DavidSacks) on X | X (formerly Twitter)
• DoW CIO Kirsten Davies (@DoWCIODavies) on X | X (formerly Twitter)
• David Shulman (@DavidShulmanFL) on X | X (formerly Twitter)
• Controversial FISA spying law expires tonight. The spying will continue. | Ars Technica
• GitHub announces npm security changes to tackle supply-chain attacks | BleepingComputer
• Why NPM v12 won’t stop supply chain attacks - Risky Business Media | Social Signals
• Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks | BleepingComputer
• Microsoft patches Exchange Server zero-day exploited in attacks | BleepingComputer
• Max severity Ivanti Sentry vulnerability now exploited in attacks | BleepingComputer
• CISA warns of another cPanel plugin flaw exploited in attacks | BleepingComputer
• Critical Fortinet FortiSandbox flaws now exploited in attacks | BleepingComputer
• CISA orders feds to patch actively exploited Ivanti flaw by Sunday | BleepingComputer
• CISA to require federal agencies to patch some cyber vulnerabilities within 3 days | therecord.media
• Path traversal flaw in AI dev platform Langflow exploited in attacks | BleepingComputer
• Microsoft: Some Windows PCs fail to install latest monthly updates | BleepingComputer
• Microsoft fixes BitLocker recovery bug on Windows Server 2025 | BleepingComputer
• Microsoft fixes Windows update failures linked to WUSA installer | BleepingComputer
• New attack turned Microsoft 365 Copilot into 1-click data theft tool | BleepingComputer
• Over 73,000 French govt employees affected in Tchap messenger breach | BleepingComputer
• Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps | wired.com
• FBI disrupts massive AI-powered phishing service using a million URLs | BleepingComputer
• Cyberattack shuts down major Australian sugar mills, disrupting harvest | The Record
• Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts, Report Finds | wired.com
• It Is Trivially Easy to Use Reddit to Manipulate AI Search, Research Suggests | 404.feed.press
• Who Runs the Ransomware Group ‘The Gentlemen?’ | krebsonsecurity.com
• :brdKnife: (@[email protected]) | Infosec Exchange