Anthropic Ships Claude Sonnet 5, Redeploys Fable 5 With an Industry Jailbreak Framework, and Launches Claude Science

This brief covers the trailing ~72 hours (June 30 – July 3, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside the window. It was a busy, Anthropic-heavy stretch: a new Sonnet model, the redeployment of Fable 5 after export controls were lifted, a science workbench, and a new computational-biology benchmark from OpenAI.

Anthropic introduces Claude Sonnet 5

Anthropic · June 30, 2026

Anthropic released Claude Sonnet 5, which it calls its most agentic Sonnet model yet, positioning it close to Opus 4.8 performance at lower cost. The model is the new default on Free and Pro plans and is available on Claude Code and the Claude Platform via claude-sonnet-5, at introductory pricing of $2 per million input tokens and $10 per million output tokens through August 31, 2026 (then $3/$15). Because it is somewhat stronger than Sonnet 4.6 on cyber tasks, it launched with real-time cyber safeguards enabled by default, though Anthropic says it still shows substantially weaker offensive-cyber ability than its Opus models.

“Claude Sonnet 5 is built to be the most agentic Sonnet model yet. It can make plans, use tools like browsers and terminals, and run autonomously at a level that, just a few months ago, required larger and more expensive models.” — Anthropic

Source: Introducing Claude Sonnet 5

Fable 5 redeployed globally as export controls lift; Anthropic proposes an industry jailbreak-severity framework

Anthropic · June 30, 2026

After the US government applied export controls to Claude Fable 5 and Mythos 5 on June 12 — prompting Anthropic to suspend both — the company said the controls were lifted on June 30 and that Fable 5 returned globally on July 1 across the Claude Platform, Claude.ai, Claude Code, and Claude Cowork. Alongside the redeploy, Anthropic proposed a consensus framework for scoring the severity of AI jailbreaks — graded on capability gain, breadth, ease of weaponization, and discoverability — developed with Amazon, Microsoft, Google, and other Glasswing partners, plus a new HackerOne program and deeper US-government pre-release testing commitments. A July 2 follow-up post added further detail on the safeguards and framework.

“As of today, June 30, the export controls on Fable 5 and Mythos 5 have been lifted.” — Anthropic

Source: Redeploying Fable 5

Anthropic launches Claude Science, an AI workbench for researchers

Anthropic · June 30, 2026

Anthropic released Claude Science in beta on macOS and Linux for Pro, Max, Team, and Enterprise plans. It bundles a coordinating agent with more than 60 curated skills and connectors across genomics, single-cell, proteomics, structural biology, and cheminformatics, renders scientific artifacts like 3D protein structures and genome tracks natively, and manages compute from a laptop up to an HPC cluster or on-demand GPUs. Every figure ships with the exact code, environment, and message history that produced it, and a reviewer agent checks citations and calculations. Anthropic says it will fund up to 50 “AI for Science” projects with up to $30,000 in credits, with applications open through July 15.

“Claude Science brings these fragmented tools into a single research environment where scientists can conduct all stages of their work.” — Anthropic

Source: Claude Science, an AI workbench for scientists, is now available

OpenAI introduces GeneBench-Pro, a research-level computational-biology benchmark

OpenAI · June 30, 2026

OpenAI released GeneBench-Pro, a 129-question benchmark spanning 10 domains of computational biology that tests higher-order scientific judgment — handling ambiguity, revising assumptions, and choosing the correct analysis path — rather than rote execution. Each problem is built synthetically so the full causal structure is known and answers can be graded deterministically. OpenAI reports its strongest model, GPT-5.6 Sol, passes 28.7% at the highest reasoning level (31.5% with Pro mode), up sharply from under 5% for GPT-5 when the original GeneBench began. Reviewers estimated a typical problem would take a human expert 20–40 hours.

“Our strongest model, GPT‑5.6 Sol, attains a pass rate of 28.7% at the highest reasoning level (31.5% with Pro mode enabled). That is a sharp increase from when we began building the original GeneBench; at that time, our best frontier model, GPT‑5, scored below 5%.” — OpenAI

Source: Introducing GeneBench-Pro


This brief covers the trailing ~72 hours (June 30 – July 3, 2026).

Primary sources:

SharePoint RCE Hits CISA KEV, Adobe Ships Seven 10.0 ColdFusion/Campaign Fixes, Oracle EBS Payments Under Active Attack

This brief covers the trailing ~48 hours (June 30 – July 2, 2026). Every item below was confirmed against its primary source — a CISA advisory or KEV entry, a vendor PSIRT bulletin, or the original researcher’s finding — with the disclosure date verified on the primary page.

SharePoint Server RCE (CVE-2026-45659) added to CISA KEV after confirmed exploitation

CISA · July 1, 2026

CISA added Microsoft SharePoint Server flaw CVE-2026-45659 (CVSS 8.8) to its Known Exploited Vulnerabilities catalog on July 1, citing evidence of active exploitation. The bug is a deserialization of untrusted data (CWE-502) that lets an authenticated attacker with only Site Member permissions execute code remotely; Microsoft patched it in May 2026 for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016, having originally rated it “Exploitation Less Likely.” Federal Civilian Executive Branch agencies must remediate by July 4, 2026.

“Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.” — CISA

Source: CISA alert · CISA KEV catalog · The Hacker News

Adobe patches seven CVSS 10.0 flaws in ColdFusion and Campaign Classic

Adobe PSIRT · June 30, 2026

Adobe issued Priority 1 bulletins for ColdFusion (APSB26-68) and Campaign Classic (APSB26-69) resolving multiple maximum-severity vulnerabilities. Seven carry a CVSS score of 10.0: ColdFusion unrestricted file-upload flaws CVE-2026-48276 and CVE-2026-48283, improper input-validation flaws CVE-2026-48277, CVE-2026-48281 and CVE-2026-48316, and path-traversal flaw CVE-2026-48282, all leading to arbitrary code execution, plus Campaign Classic incorrect-authorization RCE CVE-2026-48286. Fixes ship in ColdFusion 2023 Update 21, ColdFusion 2025 Update 10, and Campaign Classic ACC v7 build 9397. Adobe says it is aware of no exploitation in the wild.

“The frontier AI capabilities we are using are also available to attackers, and the window between public vulnerability disclosure and active exploitation is compressing from days to hours.” — Aanchal Gupta, Chief Security Officer, Adobe

Source: Adobe APSB26-68 (ColdFusion) · Adobe APSB26-69 (Campaign Classic) · The Hacker News

Oracle E-Business Suite Payments flaw (CVE-2026-46817) exploited in the wild; ~950 instances exposed

Defused / Shadowserver · July 1, 2026

Threat-intelligence firm Defused reported active exploitation of CVE-2026-46817 (CVSS 9.8), an unauthenticated HTTP takeover in the File Transmission component of Oracle Payments within E-Business Suite, with the first honeypot hits observed June 27 — before any public proof-of-concept existed. Oracle patched the flaw (affecting EBS 12.2.3 through 12.2.15) in its May 2026 Critical Patch Update. Shadowserver reports roughly 950 EBS instances reachable from the internet. The flaw is not yet listed in CISA’s KEV catalog.

“CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited. Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots. This vulnerability has no known previous exploitation and no public POC code exists.” — Defused

Source: Oracle May 2026 Critical Patch Update · NVD · BleepingComputer


This brief covers the trailing ~48 hours (June 30 – July 2, 2026).

Primary sources:

CISA flags Microsoft Defender ‘BlueHammer’ LPE in ransomware use, Oracle EBS takeover exploited, and a PyPI Pyrogram supply-chain backdoor

This brief covers the trailing ~48 hours (June 30 – July 2, 2026). Each item was checked against its primary source — CISA KEV, vendor advisories (Microsoft MSRC, Oracle), SEC filings, and original vendor research — with reputable outlet reporting used for context.

CISA flags Microsoft Defender “BlueHammer” flaw as exploited by ransomware gangs

CISA / Microsoft MSRC · June 30, 2026

CISA updated its Known Exploited Vulnerabilities Catalog to note that ransomware operators are now exploiting CVE-2026-33825 (“BlueHammer”), a high-severity local privilege escalation flaw in Microsoft Defender. The bug was leaked with proof-of-concept code in early April by a researcher known as “Nightmare Eclipse,” patched by Microsoft on April 14, and added to the KEV catalog on April 22 after zero-day exploitation. It lets a local attacker reach the SAM database and escalate to SYSTEM. Status: patched, actively exploited, in KEV (now flagged for ransomware use); Microsoft has not yet tagged it as exploited in its advisory.

“Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.” — Microsoft Security Response Center advisory

Source: Microsoft MSRC advisory · CISA KEV entry · BleepingComputer

“Operation Navy Ghost”: trojanized Pyrogram forks backdoor Telegram-bot developers on PyPI

Checkmarx · June 30, 2026

Checkmarx disclosed a supply-chain campaign, active since November 2025, in which at least eight malicious forks of the popular (but unmaintained) Pyrogram Telegram framework were published to PyPI — including pyrogram-styled, VLifeGram, and pyrogram-navy. Each embeds a hidden secret.py backdoor that registers covert Telegram command handlers, letting the operator run arbitrary Python or shell commands on the bot’s server. No CVE is assigned. Developers who installed any listed package should remove it, rotate all server credentials, and revoke Telegram bot tokens.

“When the attacker sends /asi cat /etc/passwd, this runs /bin/bash -c ‘cat /etc/passwd’ on the victim’s server and returns the output. This is repeatable with any shell command and runs under the infected application’s authority.” — Checkmarx

Source: Checkmarx research · BleepingComputer

Aflac discloses breach of its Japan subsidiary exposing policy, personal, and bank data

Aflac Incorporated (SEC 8-K) · June 30, 2026

In an SEC filing, Aflac reported that an unauthorized third party accessed systems at its wholly owned subsidiary Aflac Japan between June 15 and June 25, 2026, when the intrusion was discovered. Impacted files include policy and coverage details, personal information, and bank account information. Aflac says the incident is limited to Japan and did not affect its U.S. systems; the full scope remains under investigation. This is a separate incident from the Scattered Spider–linked breach Aflac disclosed a year earlier.

“Aflac Japan has determined that certain impacted files contain policy and coverage details, personal information, and bank account information … This incident is limited to systems in Japan.” — Aflac Incorporated, SEC Form 8-K

Source: SEC 8-K filing · BleepingComputer

Still developing

Critical Oracle E-Business Suite flaw now exploited in the wild

Oracle / Defused · June 29, 2026

Threat intelligence firm Defused reported active exploitation of CVE-2026-46817 (CVSS 9.8), an unauthenticated remote-takeover flaw in the File Transmission component of Oracle Payments within Oracle E-Business Suite. Oracle patched it in the May 2026 Critical Patch Update. It is not yet listed in CISA KEV; Shadowserver tracks over 450 EBS instances exposed online.

“CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited. Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots. This vulnerability has no known previous exploitation and no public POC code exists.” — Defused

Source: Oracle May 2026 CPU · NVD · BleepingComputer

SimpleHelp authentication-bypass flaw exploited to drop new “Djinn Stealer”

Horizon3.ai / Blackpoint · June 29, 2026

Attackers are exploiting CVE-2026-48558, a critical authentication-bypass vulnerability in SimpleHelp remote-management software (in OIDC configurations), to create privileged technician sessions. In an intrusion investigated by Blackpoint, the actor deployed a new loader (“TaskWeaver”) and a previously undocumented cross-platform infostealer (“Djinn Stealer”) that targets developer, cloud, and AI-tooling credentials. Around 1,000 vulnerable SimpleHelp servers were exposed at disclosure. Status: actively exploited; patch available.

“The compromised RMM platform provided the operator with a trusted administrative channel capable of transferring files and executing commands on systems managed through the server.” — Blackpoint

Source: Blackpoint research · BleepingComputer


This brief covers the trailing ~48 hours (June 30 – July 2, 2026).

Primary sources:

HP Scales Its OpenAI Frontier Partnership and California Adopts Claude Statewide

This brief covers the trailing ~72 hours (June 27–30, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside the window. It was a quiet stretch for model launches, led instead by two notable enterprise and government adoption moves — HP scaling its OpenAI partnership and California signing a statewide Anthropic deal.

HP Inc. scales its OpenAI Frontier strategic partnership

OpenAI · June 28, 2026

OpenAI said HP Inc. will scale activation of its OpenAI Frontier strategic partnership after a series of successful pilots, moving from experiments to enterprise-wide deployment. The work spans customer- and partner-facing experiences, customer telemetry insights, employee productivity, and software development, with Frontier serving as the connective layer that governs access, context, deployment, and evaluation across HP’s agents and AI workflows. OpenAI cited early proof points, including one engineer moving through 122 pull requests across 43 projects in weeks and a security team estimating roughly 82 hours/week of capacity unlocked.

“It has been an amazing tool, and I am using it daily.” — an HP engineer, quoted by OpenAI

Source: HP Inc. launches Frontier strategic partnership with OpenAI

California adopts Claude statewide in a first-of-its-kind Anthropic partnership

State of California · June 29, 2026

Governor Gavin Newsom announced that California has entered a partnership with Anthropic giving all state agencies — plus cities and counties — access to Claude at a 50% discount, bundled with free workforce training and GenAI technical assistance. Claude becomes the first AI productivity tool offered through the California Department of Technology’s new Statewide Information Technology Shared Services (SITeS) portal. The state noted existing Claude use at the DMV (customer service and wait times), the Department of Health Care Services, and CDT/CalOES cyber defense work using Claude Security and Claude Code.

“AI should not replace the human work of government; it should help our workers move faster, solve problems more effectively, and deliver better results for Californians.” — Governor Gavin Newsom

Source: Governor Newsom announces a first-of-its-kind partnership providing Anthropic tools to state agencies

Still developing

Ornith-1.0 · DeepReinforce · June 25, 2026 — Just ahead of this window, DeepReinforce released Ornith-1.0, an MIT-licensed open-weights family for agentic coding (9B and 31B Dense, 35B and 397B MoE) built on pretrained Gemma 4 and Qwen 3.5. Its distinguishing feature is a self-scaffolding training framework in which the model learns to author both solution rollouts and the task-specific harnesses that guide them. DeepReinforce reports the 397B flagship scores 77.5 on Terminal-Bench 2.1 and 82.4 on SWE-Bench Verified, matching Claude Opus 4.7. Source: Ornith-1.0: Self-Scaffolding LLMs for Agentic Coding.


This brief covers the trailing ~72 hours (June 27–30, 2026).

Primary sources:

CISA Flags Exploited Cisco CUCM SSRF and PTC Windchill RCE; JFrog Releases DirtyClone Linux Root Exploit

This brief covers cyber/InfoSec developments from the trailing ~48 hours (June 25–27, 2026). Every item below was confirmed against its primary advisory or the CISA KEV catalog, and only items with a primary-source disclosure inside the window are included.

CISA adds actively exploited Cisco Unified CM SSRF flaw (CVE-2026-20230) to KEV

Cisco · June 25, 2026

CISA added CVE-2026-20230 to its Known Exploited Vulnerabilities catalog on June 25, 2026, with a June 28 remediation deadline for federal agencies. The flaw is a server-side request forgery (CWE-918) vulnerability in Cisco Unified Communications Manager and Unified CM SME, carrying a CVSS 3.1 base score of 8.6 and a Cisco Security Impact Rating of Critical. An unauthenticated, remote attacker can send a crafted HTTP request to write files to the underlying OS and later escalate to root; exploitation requires the WebDialer service, which is disabled by default. Cisco first published the advisory on June 3 and has released fixed software (14SU6, 15SU5/COP1); public PoC code exists and outlets reported in-the-wild exploitation over the weekend prior to the KEV listing.

“A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root.” — Cisco Security Advisory cisco-sa-cucm-ssrf-cXPnHcW

Source: Cisco advisory · CISA KEV alert · BleepingComputer

PTC Windchill / FlexPLM RCE (CVE-2026-12569) added to KEV as web-shell attacks continue

PTC · June 25, 2026

CISA also added CVE-2026-12569 to the KEV catalog on June 25, 2026, with a June 28 deadline. The vulnerability is a critical remote code execution flaw (reported CVSS 9.3) in PTC’s Windchill PDMLink and FlexPLM product lifecycle management software, exploitable by an unauthenticated, remote attacker via deserialization/improper input validation. Attackers are dropping persistent JSP web shells (named with 16 hex characters under the Windchill login directory) for remote command execution and data exfiltration. PTC began releasing version-specific patches on June 17 and, in a June 25 update, published new indicators of compromise amid escalating activity. Given Windchill’s deployment across automotive, aerospace, defense, and manufacturing, the flaw poses a notable supply-chain risk.

“Over the last several hours, we’ve received continued reports of heightened threat activity. We urge you to apply all patches and remediations immediately.” — PTC Trust Center advisory, June 25, 2026 update

Source: PTC advisory · CISA KEV alert · The Hacker News

JFrog publishes working “DirtyClone” Linux kernel root exploit (CVE-2026-43503)

JFrog Security Research · June 25, 2026

JFrog Security Research published a full exploit walkthrough on June 25, 2026 for CVE-2026-43503, a high-severity (CVSS 8.8) local privilege escalation in the Linux kernel they dubbed “DirtyClone,” the first public demonstration for this DirtyFrag-family variant. The bug lives in the XFRM/IPsec path: cloning via __pskb_copy_fclone() drops the SKBFL_SHARED_FRAG safety flag, letting in-place IPsec decryption overwrite file-backed page-cache memory (e.g., patching /usr/bin/su in RAM) to gain root. Any local user able to acquire CAP_NET_ADMIN—often via unprivileged user namespaces—can exploit it, making multi-tenant cloud, Kubernetes, and container hosts the highest-risk environments. The fix was merged to mainline on May 21 (v7.1-rc5); Debian, Ubuntu, and Fedora are confirmed affected absent the full patch chain. No in-the-wild exploitation has been reported.

“The severity of this issue is significant because it allows any unprivileged local user to gain root access (LPE) by manipulating the Linux page cache. The attack is silent, leaves no kernel logs or audit traces, and bypasses common on-disk integrity monitoring tools.” — JFrog Security Research

Source: JFrog Security Research · CVE.org


This brief covers the trailing ~48 hours (June 25–27, 2026).

Primary sources:

OpenAI Previews the GPT-5.6 Family (Sol, Terra, Luna) and Grok Integrates With Interactive Brokers

This brief covers the trailing ~72 hours (June 25–28, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside the window. It was a quieter stretch than last week, led by OpenAI’s next-generation model preview and a notable new finance integration from xAI.

OpenAI previews the GPT-5.6 family: Sol, Terra, and Luna

OpenAI · June 26, 2026

OpenAI began a limited preview of a new model generation: GPT-5.6 Sol (its flagship), Terra (a balanced everyday model OpenAI says matches GPT-5.5 at 2x lower cost), and Luna (its fastest, most affordable tier). The release pairs stronger coding, biology, and cybersecurity capabilities with what OpenAI calls its most robust safety stack to date, including a new max reasoning effort and an ultra mode that uses subagents. Notably, the rollout is gated: at the U.S. government’s request, the models are starting with a small group of trusted partners via the API and Codex before broader availability, and are not in ChatGPT during the preview. Pricing runs from Luna at $1/$6 per million input/output tokens up to Sol at $5/$30.

“We don’t believe this kind of government access process should become the long-term default. It keeps the best tools from users, developers, enterprises, cyber defenders, and global partners who need them.” — OpenAI

Source: Previewing GPT-5.6 Sol: a next-generation model

Grok integrates with Interactive Brokers

xAI · June 25, 2026

xAI announced that Interactive Brokers now integrates with Grok, letting clients link an existing IBKR account to Grok at no cost and without opening a new account. Once connected, users can ask Grok to analyze their portfolio, run scenario models for sector and regional exposure, research market trends, and build trading strategies that generate order instructions in real time. The integration is set up through a connector inside Grok that redirects to Interactive Brokers’ login for authorization.

“From portfolio analysis to order instructions, these tools unify data, insight, and action so you can move from idea to decision instantly.” — xAI

Source: Explore the markets with Interactive Brokers and Grok

Still developing

Mistral OCR 4 · Mistral AI · June 23, 2026 — Just ahead of this window, Mistral released OCR 4, its latest document-intelligence model, adding bounding boxes, block classification, and inline confidence scores alongside extracted text, with support for 170 languages and single-container self-hosting. Source: Introducing Mistral OCR 4.


This brief covers the trailing ~72 hours (June 25–28, 2026).

Primary sources: