Security News

Recent breaches, zero-days, and vulnerabilities worth knowing about. Updated as significant incidents occur.

Last updated: July 9, 2026
Notable AI & Industry June 2026

AI Is Getting Good at Finding Software Bugs, and the Government Just Stepped In

AI is changing how software vulnerabilities get found. In February 2026, Anthropic reported that its Claude Code Security tool, running on the Opus 4.6 model, found more than 500 vulnerabilities in widely used open-source projects, including bugs that had gone unnoticed for decades despite years of expert review. The same capability that helps defenders patch faster can also help attackers, so it cuts both ways.

Those capabilities are now drawing government attention. Anthropic launched two newer models, Fable 5 and Mythos 5, on June 9, 2026. Three days later, on June 12, the company says the U.S. government issued an export-control directive, citing national security, that barred any foreign national from accessing the two models, including Anthropic's own foreign-national employees. Because there is no practical way to separate foreign nationals from U.S. users in real time, Anthropic disabled both models for everyone to comply.

The government did not publicly state a specific reason. Anthropic's understanding is that officials were shown a way to jailbreak Fable 5, and the company has pushed back, saying the technique only surfaced a few minor, already-known issues. Anthropic says it believes the order is a misunderstanding and is working to restore access.

Why it matters for your business: the tools that find vulnerabilities are improving quickly on both the defensive and the offensive side. The practical advice has not changed, it has just gotten more urgent. Keep your systems patched, keep backups current, and do not sit on security updates. Staying on top of that is exactly what our managed IT and security service handles.

AI Anthropic Vulnerabilities Export Controls Patch Management
High Malware / Social Engineering April 2026

Malware Injected Into Steam Itself Uses the Platform's Own Notifications to Scam Players Out of Their Items

Reports surfacing in Chinese-language communities in April 2026 exposed a new strain of malware that targets Steam, the largest PC gaming platform. Once on a victim's machine, the malware injects a DLL into steam.exe and hijacks Steam's own toast-notification dispatcher to display a fake alert, seemingly from Steam itself, claiming the victim's account is "associated with the theft of other users' Steam accounts" and that account functionality has been restricted.

From there it's a pressure campaign. Using scare and urgency tactics, the attackers coerce victims into "protecting" themselves by trading away all of their in-game skins to an account the attackers control. These cosmetics are real money: individual items sell on third-party markets for anywhere from a few cents to hundreds of thousands of dollars, and they can be converted directly into real-world currency.

What makes this one stand out is the delivery. Steam has a sophisticated authentication and trust system for trades, including 2FA confirmation on every item transfer, and the malware doesn't break any of it. Instead, it makes the warning come from an application the victim already trusts, and the victim then walks their 2FA-protected items out the door themselves. It's a clean demonstration that when an attacker can piggyback on a trusted application, the strongest account security in the world can be talked around.

Why it matters for your business: the same playbook works outside of gaming. A convincing alert inside a trusted app, a claim that your account is in trouble, and an urgent "fix" that requires you to move something valuable, that pattern shows up in banking scams, Microsoft 365 phishing, and tech-support fraud every day. Treat any unexpected alert that pressures you to transfer assets or credentials as hostile until verified through a separate channel, and keep endpoint protection on machines where valuable accounts stay logged in.

Malware DLL Injection Steam Social Engineering Account Fraud 2FA Bypass
This page covers incidents we consider significant enough to be worth knowing about. It is not a comprehensive threat feed. For real-time vulnerability tracking, refer to the CISA Known Exploited Vulnerabilities catalog or the NVD.