Netcrook
13 Junio 2026
npm 12 Tightens the Gates on Dependency Scripts
A coming default change will stop dependency scripts from running during npm install unless they are explicitly allowed, shifting a long-standing trust decision from automatic to deliberate.
Reported AI Export Clampdown Points to a Bigger Battle Over Jailbreakable Cyber Models
A claimed U.S. restriction on access to Anthropic’s Fable 5 and Mythos 5 suggests that safety bypasses are now being treated as a technology-transfer risk, not just an AI bug.
The Splunk Flaw That Turned a Quiet Service Boundary Into a Critical Risk
A pre-authentication file-operation bug in Splunk Enterprise shows how one overlooked control can push an observability platform from watchtower to attack surface.
CNAPP’s Real Test: What Gets Unified, and What Still Lives in the Gaps
CNAPP is often framed as a single answer to cloud security sprawl, but the useful question is narrower: does it genuinely connect posture, workload, identity, and runtime, or only place them under one label?
When Model Access Becomes a Border Check, AI Vendors Lose the Easy Options
A government move to restrict foreign-national access to two Anthropic models pushed the company into a worldwide suspension, showing how frontier AI can become a compliance problem as quickly as a technical one.
When an Extortion Claim Points at GitHub, the Real Target Is Identity
A Lapsus$-attributed claim tied to github.com is unverified, but it highlights why developer platforms are prized for secrets, access tokens, and account control.
Leak Threats, Not Locks: A Lapsus$-Branded Post Targets a GitHub Internal Label
An unverified extortion claim tied to GitHub-branded internal material shows how leak pressure can matter even when no ransomware encryption is in sight.
Triple X’s Claim Lands on an Immigration Law Domain - But the Proof Gap Matters More Than the Post
A public extortion claim tied to immigrationonline.com shows how legal-sector targets can be pressured by reputation alone, even when the underlying intrusion is still unverified.
Leak-Site Claim Pushes Immigration Records Into the Extortion Economy
A public victim listing names an immigration-law domain and alleges 1.5 terabytes of sensitive files, but the technical significance is bigger than the headline: identity documents are now prime leverage in data-extortion campaigns.
The Real Choke Point in Frontier AI Is Permission, Not Performance
A reported U.S. stop on Fable 5 and Mythos 5 shows how quickly AI access can turn into a revocable jurisdictional decision, not a permanent capability.
When a Model’s Hidden Instructions Become the Story
A reported 24-hour jailbreak around Anthropic’s Fable 5 and Mythos 5 points to a harder truth: in modern AI, safety layers are part of the attack surface.
Microsoft Edge Slams Into a Faster Clock, Forcing Security Teams to Move With It
Microsoft Edge is set to shift to a two-week release rhythm starting with Edge 152 in August, a change that may compress testing and rollout timelines for organizations that depend on predictable browser updates.
When a New AI Launch Becomes a Governance Stress Test
A disputed jailbreak claim, a vendor denial, and a later export-control suspension turned one model release into a reminder that AI security now spans code, controls, and policy.
Splunk’s New Sidecar Layer Puts Pre-Login Trust Boundaries Under Pressure
A critical flaw in Splunk Enterprise 10-era sidecar architecture underscores how a network-reachable helper service can become a high-value target before anyone logs in.
Why a Model Pause Can Matter More Than a Model Launch
A forced access change for two Claude variants shows how quickly AI availability can turn into a security and governance issue when jailbreak risk enters the picture.
When AI Helpers Trust the Wrong Text, Code Execution Can Follow
A new agent-risk label is pushing a familiar security lesson into a more dangerous setting: if a coding assistant treats untrusted tool output like instructions, the boundary between data and action can collapse.
Splunk Sidecar Flaw Turns a Support Service Into a Critical Attack Surface
CVE-2026-20253 puts Splunk Enterprise 10’s PostgreSQL sidecar under the microscope after a 9.8-rated bug was tied to unauthenticated file operations and a possible RCE path.
When AI Access Becomes a Security Order
Anthropic’s abrupt model restriction turns a frontier-AI access dispute into a compliance problem with real technical consequences for identity, entitlement, and auditability.
When Compliance Can Pull the Plug on an AI Model
A regulatory boundary can become an availability problem when a provider cannot enforce user restrictions fast enough to keep a model online.
When AI Access Meets Export Law, the Product Can Disappear Overnight
Anthropic’s move to take Fable 5 and Mythos 5 offline shows how frontier AI is now governed not just by model quality, but by compliance boundaries that can shut access down at the service layer.