The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: anthropic.com/news/fable-myt…

Go get this book: microsoftpressstore.com/stor…

Today @rapid7 and Cisco are disclosing CVE-2026-20182, a critical (CVSS 10.0) auth bypass affecting Cisco Catalyst SD-WAN Controller, found by @_CryptoCat and I when we were researching CVE-2026-20127 last Feb. An unauth attacker can become the vmanage-admin and issue arbitrary NETCONF commands. Cisco has also disclosed that the new CVE is already EITW as of this month. Read our blog here with full technical details: rapid7.com/blog/post/ve-cve-…

PoCs for Apache Tomcat Unauth RCE (CVE-2026-34486) and Apache httpd Pre-auth RCE (CVE-2026-23918) are now public on our Github. Tomcat exploit is fully reliable. httpd chain works in a controlled lab setup with a known info leak. github.com/striga-ai/CVE-202… github.com/striga-ai/CVE-202…

That’s true, but not every company can realistically afford security by default. The real shift is that, before Mythos and similar players, the assumption was that, economically, these exploits would only be used against high-value targets. That assumption has now fundamentally changed.