Fable 5's return underscores why static AI safety filters aren't enough. As autonomous exploit-finding engines go global, organizations need robust AI-SPM to continuously govern model behavior, track active trust boundaries, and enforce hard guardrails at the runtime layer.
🔥 Anthropic is putting #Claude Fable 5 back online worldwide.
The U.S. lifted June 12 export controls tied to an Amazon-reported jailbreak that surfaced vulnerability-finding and exploit-code behavior.
Fable 5 returns July 1 across Claude platforms.
#Anthropic says its new
@TheHackersNews The lifting of export controls brings automated vulnerability-finding tools to the masses. To stay ahead, enterprise defense must shift from reactive patching to automated security posture management (SPM)—validating attack paths faster than the models can discover them.
The race to deploy AI agents is creating a silent crisis: API token sprawl. These non-human identities often bypass MFA and SSO entirely. If you aren't continuously discovering and monitoring active integration keys, you've left a permanent back door into your data.
#InfoSec
Direct hit on the OWASP Top 10 for Agentic Applications (ASI02 & ASI04). When tools move to a read-write workflow, semantic poisoning redirects legitimate business processes rather than just leaking text. Enforcing human-in-the-loop controls for high-impact actions is mandatory.
As enterprise deployments mature, some enterprise AI agents are shifting from reading content to taking action, creating opportunities for threat actors to misuse trust relationships within agent workflows. msft.it/6010vssTs
In this blog, Microsoft Incident Response
@MsftSecIntel This is a crucial read from Microsoft IR. As Model Context Protocol (MCP) tool-use scales, we can’t just secure the model; we have to secure the agentic supply chain. Treating tool metadata updates with the exact same rigor as core system prompts is a non-negotiable step.
Update: The Miasma Mini Shai-Hulud campaign has expanded to #immobiliarelabs npm packages.
It hit Backstage GitLab and LDAP auth plugins, with the compromised codfish/semantic-release-action suspected as a possible upstream path.
Read the latest: thehackernews.com/2026/06/miasma…
@TheHackersNews A classic supply chain domino effect hitting enterprise infrastructure. The focus now shifts from simple detection to containment. Security leaders need to verify if these plugins are live in their environments, isolate affected builds, and lock down active developer tokens.
Big play by X. Bringing hosted Model Context Protocol layers to Grok Build, Cursor, and Claude Desktop creates a unified, permission-controlled pipeline.
X Launches Hosted MCP Servers to Connect Cursor, Claude, and Other AI Tools
Source: cybersecuritynews.com/x-launches-hos…
X has officially launched hosted Model Context Protocol (MCP) servers, enabling AI development tools such as Grok Build, Cursor, and Claude Desktop to seamlessly connect
@The_Cyber_News This is the "USB port" moment for AI agents. By hosting native MCP servers, X eliminates the API integration tax for IDEs and assistants. Standardizing how autonomous tools consume documentation and data streams is exactly how you scale agent workflows.
🎮 Tell an AI browser it’s just playing a game.
Researchers say "BioShocking" tricked six AI agents, including #ChatGPT Atlas, Comet, and #Claude, into copying GitHub SSH credentials from a signed-in session.
Read how the attack chain worked: thehackernews.com/2026/06/new-bi…
@TheHackersNews A massive wakeup call for enterprise security teams. We are letting agentic AI assistants read, type, and click inside our active work sessions without explicit validation gates. If an agent can be tricked into leaking active SSH keys, human-in-the-loop is mandatory.
Unmanaged browser extensions are the ultimate silent risk to enterprise data. Legitimate tools get sold or compromised, turning into background scrapers that bypass firewalls to steal session cookies and proprietary data right out of active browser tabs.
#InfoSec#DataSecurity
This is not a “remote hack” story.T
he real risk is when a local attacker already has access and can use #Linux namespace settings to reach the vulnerable kernel path.
That’s why patching and hardening both matter.
Read the full article: thehackernews.com/2026/06/new-li…
🛑 A new #Linux kernel exploit (CVE-2026-46331) gets root without modifying a single file on disk.
It poisons the cached copy of /bin/su in memory. The binary on disk stays untouched. File-integrity checks come back clean.
The root shell is already open.
Details here ↓
@TheHackersNews This is why Local Privilege Escalation (LPE) is the real nightmare for shared hosting and Kubernetes environments. If an attacker gains initial access, they can manipulate network namespace properties to completely bypass the user boundary. Stop ignoring local bugs.
New Claude Code Attack Allows Attackers to Take Full Control of Developers’ Systems
Source: cybersecuritynews.com/new-claude-cod…
A proof-of-concept attack that shows how a completely clean-looking GitHub repository can trick AI-powered coding agents like Claude Code into silently opening a reverse shell on a developer’s machine, without a single line of malicious code ever appearing in the repository.
Published on June 25, 2026, the proof-of-concept (PoC) attack targets agentic coding tools such as Claude Code and exploits indirect prompt injection, a technique that embeds malicious instructions in external content the AI agent processes, rather than in direct user input.
The result is catastrophic: a fully interactive shell running under the developer's own user privileges, with access to every secret in the environment, from ANTHROPIC_API_KEY to AWS_SECRET_ACCESS_KEY and GITHUB_TOKEN.
#cybersecuritynews
@The_Cyber_News "Invisible" to static scanners because the exploit payload never touches the codebase. This indirect prompt injection attack leverages runtime indirection to open a reverse shell using the developer's token. We desperately need isolated sandboxes for AI coding agents.
Attackers are bypassing email filters using Indirect Prompt Injection. By hiding instructions in regular text emails, they trick connected AI assistants into leaking sensitive inbox data—no malicious links or malware required.
#InfoSec#AIGovernance
Static security audits only capture a single moment in time, the minute your environment changes, that 100-page PDF is obsolete.
Secure Zona’s Security Assessments map your actual, live posture in real time, turning static compliance lists into active defense.
#InfoSec
@BleepinComputer This is why blindly trusting AI agents with privileged local execution is dangerous. Threat actors don't need to bypass a human developer anymore; they just trick the agent into silently spinning up terminal processes. If agents can execute code, sandboxing is mandatory.
The massive Salesforce integration breach proves that your security is only as strong as your weakest third-party app. Attackers didn't hack the core platform, they stole OAuth tokens via a connected integration to bypass authentication entirely.
#InfoSec
123K Followers 8K FollowingDepartment of Cyber WAR.
Member of the Counter Spider Collective.
Wielder of AI to defend in Cyber Space.
Ralph Vibe Specialist.
VibeOps Operator!
198K Followers 14K FollowingWe help professionals acquire the skills, knowledge and certificates by teaching defense through offense to advance their careers in cybersecurity.
2 Followers 9 FollowingHelping organization implement ISO 9001, ISO 14001, ISO 20000, ISO 27001, ITIL, COBIT, GDPR, CMMI, PCI/DSS and become certified organization
39 Followers 2K FollowingUnreadiness to following, reluctant to followers.
A visionary path treader, rethinker, and on a second thought life overwhelms me, I do not know anything, AMA!
3 Followers 64 FollowingDeveloping YOUR ISO Management System to work for your business. Explore our ISO certifications with our BSI ISO Lead Auditors, including ISO 9001 & ISO 27001!
38 Followers 1K Following*Certification Manager at ATLAS CERTIFICATION SERVICES I ISO 9001:2015 I ISO 14001:2015 I ISO 45001:2018 I ISO 22000:2018 I ISO 27001:2013 I ISO 13485:2016 I
49 Followers 810 FollowingI've learned I don't know anything. Living one day at a time. Determined dreamer. Life's most persistent and urgent question is, "What are you doing for other"
1K Followers 1K FollowingHAPPILY MARRIED, Veteran, AI Trainer, English Professor, M.A. Writing Studies, Author, Actress, Chef, Vocalist, and Professor.
648 Followers 4K Following🇨🇭 Personal_DAO E-ID Trust Service for Citizens Self Custody IC Canister Private Smart Contract Web 3.0 Decentralized Cloud Sensitive Data Storage
255K Followers 206 FollowingBreaking cybersecurity and technology news, guides, and tutorials that help you get the most from your computer. DMs are open, so send us those tips!
5.0M Followers 4 FollowingOpenAI’s mission is to ensure that artificial general intelligence benefits all of humanity. We’re hiring: https://t.co/dJGr6LgzPA
1.6M Followers 2 FollowingClaude is an AI assistant built by @anthropicai to be safe, accurate, and secure. Talk to Claude on https://t.co/ZhTwG8d1e5 or download the app.
117K Followers 514 FollowingMITRE ATT&CK® - A knowledge base for describing the behavior of adversaries. Replying/Following/Re-tweeting ≠ endorsement. @ https://t.co/wt46ArkZVt
299K Followers 73 FollowingPart of @CISAgov, we respond to major incidents, analyze threats, and exchange critical cybersecurity information with partners around the world.
14K Followers 166 FollowingHome to Tech Startups from all sectors looking to disrupt industries, setup and grow their businesses from Abu Dhabi to the world 🌍 #Hub71
764K Followers 2K FollowingFounder/President @p3institute
Author: Runnin' Down a Dream, pre-order link below!
Founder: Runnin' Down a Dream Foundation
VC @benchmark
Trustee @sfiscience
65K Followers 1K FollowingWorld’s 🌍 largest community for B2B + AI founders, execs & VCs. ➡️https://t.co/nA1aNGxZiA. Learn to scale faster at ▶️https://t.co/waF8ZjGE1y