AI Recall, Mistral Money, and Zero-Day Weekend

Anthropic posted a statement on a US government directive to suspend access to Fable 5 and Mythos 5.

TechCrunch reports the government pulled the plug on Anthropic's most powerful AI after safety warnings.

Anthropic says it disagrees that a narrow potential jailbreak should trigger a recall of a commercial model deployed to hundreds of millions of people.

Ars Technica frames the move as Anthropic shutting down Fable and Mythos following a Trump administration directive.

The Hacker News thread around the statement has 2,491 upvotes and 1,799 comments.

French AI lab Mistral AI is in early discussions to raise about €3 billion ($3.5 billion), Bloomberg reported Friday, citing anonymous sources.

The funding round would value the company at around €20 billion (about $23.15 billion), nearly double the €11.7 billion valuation it received in a Series C funding round last September.

One of Europe’s leading AI startups, Mistral launched in 2023 with the stated ambition to “put frontier AI in the hands of everyone.” The company has taken a more open approach to its AI development compared to its American rivals, offering some foundational large language models with open weights, allowing anyone t…

The company also offers closed models tailored for use cases such as programming, voice cloning and generation, and optical character recognition.

Lately, with European countries distancing themselves from American tech, Mistral has positioned itself as a friendlier, “sovereign” and homegrown alternative. The company is setting up a data center near Paris and has partnered with France’s army , the government of Luxembourg , and several major European companies .

The group, tracked as ShinyHunters, had been exploiting the PeopleSoft vulnerability for more than two weeks before Oracle flagged it. CVE-2026-35273, as the vulnerability is tracked, carries a severity rating of 9.8 out of 10, making the former zero-day one of the year’s most critical vulnerabilities to be exploited.

Google’s Mandiant security team said it’s an SSRF (server-side request forgery), a vulnerability that allows attackers to send requests from a susceptible server to systems used by the targeted organization. Oracle said the SSRF is remotely exploitable, and the company has issued a stopgap mitigation but has yet to …

The University of Nottingham confirmed on Wednesday that it was the victim of a hack that put a “significant” amount of student data in the hands of a threat actor. The confirmation came after ShinyHunters claimed the university was one of its recent victims and published gigabytes of data it claimed to have stolen …

Mandiant said ShinyHunters has been exploiting the vulnerability since May 27. As of Wednesday, the group had targeted roughly 300 endpoints belonging to 100 user organizations. About 68 percent of the organizations operated within the higher education sector. A researcher said on Tuesday that the group responsible …

“While several organizations successfully blocked the activity or remediated the vulnerabilities, others experienced compromise, resulting in stolen data being published on the ShinyHunters DLS,” Mandiant said. (DLS is short for data leak site.)

A Hacker News post points to DeepFirst Research's "Twenty One Zero-Days in FFmpeg."

The thread has 232 upvotes and 143 comments.

The research title says there are 21 zero-days in FFmpeg.

For teams that run media processing, that makes the codec stack part of the security boundary.

Innovative Genomics Institute reports a CRISPR technique that selectively shreds cancer cells.

The Hacker News post highlights that the approach includes "undruggable" cancers.

The thread has 848 upvotes and 190 comments.

The story is an early science result, not a shipping announcement, but it points toward more precise cancer targeting.