Podcasts
CyberWire Daily
Ep 2573
The CyberWire Daily Podcast 6.15.26
Ep 2573 | 6.15.26

The fable ends before it begins.

Show Notes
Transcript

Anthropic pulls Fable 5. OpenAI faces a multistate probe. Handala targets a California water utility. ShinyHunters claims another victim. The FBI and Google take down a major phishing platform. The latest cybersecurity business news. Our guest is Bogdan Botezatu, Senior Director, Threat Research and Reporting at Bitdefender, discussing a rampant global transportation smishing campaign. A deepfake detective has doubts. 

Today is Monday June 15th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Anthropic disables Fable 5 over national security concerns. 

Anthropic has disabled access to its newly launched Fable 5 and Mythos 5 AI models after receiving a U.S. government export control directive citing unspecified national security concerns. The order required Anthropic to suspend access for all foreign nationals, including employees, prompting the company to temporarily disable the models for all customers to ensure compliance. Other Anthropic models remain available.

The move comes just days after the release of Fable 5 and Mythos 5, which Anthropic promoted as state-of-the-art systems with advanced cybersecurity capabilities. Mythos-class models had previously been limited to vetted participants in Project Glasswing, a cybersecurity initiative. Anthropic criticized the government’s action as lacking transparency and technical justification.

The decision also intensifies Anthropic’s ongoing conflict with the U.S. government following a Department of Defense designation labeling the company a supply chain risk, a designation Anthropic is challenging in court.

More than 40 cybersecurity leaders have signed a letter urging the administration to reverse the restrictions. They argue the models help defenders identify and mitigate vulnerabilities, and that restricting access weakens cybersecurity efforts while competitors, including foreign AI developers, continue advancing similar capabilities. Critics warn the move could undermine U.S. AI leadership and hinder efforts to counter emerging AI-powered cyber threats.

State attorneys general launch a broad investigation into OpenAI. 

A coalition of state attorneys general has launched a broad investigation into OpenAI, requesting internal documents related to user data practices, child safety measures, and advertising activities. According to OpenAI, the subpoenas were issued Friday and involve New York, Colorado, and other states. The company said it is cooperating and highlighted new ChatGPT safeguards, including parental controls.

The probe reflects growing scrutiny of artificial intelligence amid concerns about child safety, AI-enabled scams, job displacement, and other societal impacts. It also comes as federal and state governments increase oversight of the technology. More than 100 state laws now regulate aspects of AI, ranging from youth protections to security testing requirements.

The investigation follows other recent legal actions against AI companies, including Florida’s lawsuit and criminal investigation involving OpenAI, California’s investigation into xAI, and Kentucky’s lawsuit against Character.AI. State officials are signaling a willingness to use both regulatory and legal tools to address perceived AI-related risks.

Iran-linked Handala claims to have breached a California water system. 

The Iran-linked hacking group Handala claims it breached California Water Service (Cal Water), a utility serving roughly two million customers across 100 California communities. Researchers reported the group leaked about five gigabytes of data, including customer information from the Chico District and network-related data spanning multiple operational regions. Exposed records reportedly include names, addresses, phone numbers, account numbers, and payment histories.

According to reports, attackers first accessed an internal GPS-mapping system used by field crews and then leveraged stolen credentials to reach the customer billing network. While Handala claimed it could disrupt water services, security researchers found no evidence that operational technology or industrial control systems were compromised.

Experts cautioned that Handala has a history of exaggerating its capabilities, often combining legitimate breaches with inflated claims. The incident nevertheless highlights ongoing risks to critical infrastructure, particularly where operational and business networks are insufficiently segmented. Security specialists recommend immediate password resets and stronger separation between operational and corporate systems to reduce future attack pathways.

Maine takes its breach database offline. 

Maine has temporarily taken its public data breach notification database offline after discovering two fraudulent breach reports impersonating VRChat and Discord. The fake filings claimed incidents affecting 2.4 million and 10 million users, respectively, but the Maine Attorney General’s Office confirmed they were hoaxes submitted by an unknown party. The fabricated reports included realistic details about alleged stolen data and remediation efforts. While legitimate breach reports can still be submitted through the state’s reporting system, officials are reviewing procedures to prevent future abuse. The database will remain unavailable until those safeguards are in place.

A senator looks to secure funding for the MC-ISAC. 

Senator Mark Warner has introduced the Guaranteeing Universal Access to Cybersecurity Act, legislation aimed at restoring and permanently funding the Multi-State Information Sharing and Analysis Center (MS-ISAC), a key cybersecurity resource used by roughly 19,000 state, local, tribal, and territorial organizations. The proposal responds to concerns that reduced federal support has weakened cyber threat sharing and left critical infrastructure more vulnerable, particularly as AI lowers barriers for sophisticated attacks.

The bill would direct the Cybersecurity and Infrastructure Security Agency to provide free cybersecurity services, threat intelligence, and technical assistance through MS-ISAC, while expanding membership and outreach to underserved communities. It would also require reporting to Congress and authorize $50 million annually beginning in fiscal year 2027.

Warner argues that restoring federal support is essential to protecting critical infrastructure, improving cyber resilience, and helping smaller jurisdictions defend against increasingly advanced cyber threats.

Shiny Hunters claim a breach of Infinite Campus. 

The ShinyHunters extortion group has claimed responsibility for a March breach of Infinite Campus, a student information system used by more than 3,200 U.S. school districts. According to breach analysis by  Have I Been Pwned⁠, the incident exposed data from more than 137,000 school staff accounts, including names, email addresses, phone numbers, physical addresses, job titles, and support tickets. Infinite Campus said the attackers targeted its Salesforce environment rather than customer databases, and that most exposed information consisted of staff contact details commonly available on school websites. The threat group later leaked a 1.2GB archive allegedly containing stolen Salesforce records and internal company data.

The FBI and Google dismantle a China-based phishing-as-a-service platform. 

The FBI and Google have dismantled Outsider Enterprise, a China-based phishing-as-a-service platform linked to billions of dollars in fraud losses. Active since 2023, the operation provided phishing kits that enabled criminals to impersonate trusted brands through SMS campaigns. Authorities say the platform was used to steal roughly 3.8 million credit card records, resulting in an estimated $1.9 billion in losses across at least 55 countries. As part of Operation Riptide, investigators seized domains, cryptocurrency assets, and infrastructure tied to the operation. Google also identified thousands of phishing websites and has filed a lawsuit while working with major U.S. carriers to block malicious text messages.

A former school district IT worker gets prison time for hacking his former employer. 

A former Iowa school district IT employee, Ezekiel Dean Potter, has been sentenced to 21 months in prison for carrying out a 21-month cyberattack against his former employer, the Saydel Community School District. Prosecutors said Potter retained access credentials after leaving the district in 2023 and repeatedly disrupted operations by deleting accounts, resetting credentials, and targeting critical systems. His actions included deleting the district’s Facebook page, disrupting access to Apple School Manager and Schoology, and removing Gmail accounts belonging to district staff, including senior administrators.

The attacks impaired classroom operations, limited access to educational tools, and generated significant recovery costs. Investigators linked the activity to Potter through account access records and evidence recovered from a USB drive containing district credentials. Potter pleaded guilty to computer fraud charges and was ordered to pay nearly $60,000 in restitution in addition to serving prison time and supervised release.

Monday business brief. 

Cybersecurity funding remained strong this week, led by Israeli data security company  Cyera⁠, which raised $600 million in a Series G round that boosted its valuation from $9 billion to $12 billion just five months after a $400 million raise. Other notable funding rounds included Israeli offensive security startup  A Security⁠ ($37 million), cloud security firm  Aryon Security⁠ ($29 million), identity management company  Opal Security⁠ ($23 million), AI security startup  Archestra.AI⁠ ($10 million), identity security provider  Offroad⁠ ($7 million), access platform  Willow⁠ ($7 million), and threat modeling startup  Oplane⁠ ($5.2 million).

M&A activity was also robust, with seven deals announced across three countries. Highlights included  Snowflake⁠’s planned acquisition of Natoma to strengthen AI agent governance,  Optiv⁠’s sale of its consulting business to Vobis Ventures, and acquisitions by Stryve, Nordlo, Brightline Technologies, Valiant Solutions, and Tyto Athene. Many of the transactions focused on expanding AI security, managed security services, compliance capabilities, and cloud infrastructure expertise, underscoring continued investor and buyer interest in cybersecurity despite broader market uncertainty.

 

A deepfake detective has doubts. 

Hany Farid, one of the world’s foremost deepfake experts, has spent decades proving what’s real online. Now, he’s no longer sure he can trust his own eyes. Faced with a viral video allegedly showing a missile strike on an Iranian school, Farid painstakingly analyzed shadows, sound delays, geolocation data, and missile dimensions before concluding there was no evidence of manipulation. Even then, he hesitated.

As AI-generated content floods the internet, Farid’s job has shifted from finding rare fakes to identifying increasingly elusive truths. Deepfakes now mimic politicians, executives, victims, and even Farid himself, whose voice was cloned in an impersonation attempt. He warns that creating convincing falsehoods is cheap and instant, while verification remains slow and labor-intensive, often arriving after public opinion has already formed.

The strain has pushed Farid and his wife, vision scientist Emily Cooper, to relocate from Berkeley to rural Vermont. There, between chopping firewood and seeking a little distance from Silicon Valley’s AI arms race, Farid hoped to reconnect with reality. The internet, however, had other plans. The requests kept arriving, each asking the same increasingly difficult question: What, exactly, is real? With characteristic understatement, Farid’s assessment for the near future is simple: we’re probably a little screwed.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.