AI and IT News Recap: June 19, 2026: US Keeps Anthropic's Fable 5 Offline, a Critical Splunk Flaw, and an Earbuds Wiretap Fix

By Noah Smith, Owner & Consultant, KeyChange Technologies · June 19, 2026

Pen-and-ink editorial sketch of an AI chatbot on a computer monitor being chained and padlocked shut by a hand, with a power-off symbol, illustrating a frontier AI model forced offline by government order.

Welcome to your AI and IT news for June 19, 2026. Here is what actually matters for your business today, in plain English and without the hype. The short version: Washington is keeping one of the most powerful AI models on the planet switched off, a critical hole in a tool many companies use to watch their networks is being attacked right now, and a flaw in popular wireless earbuds could turn them into a hidden microphone. If you missed it, yesterday's recap has the prior context.

📌 The AI and IT news at a glance

  • Fable 5 stays dark: the US government is keeping Anthropic's top Claude models offline, though the company now says they could return "within days."
  • Patch Splunk now: a perfect-storm Splunk Enterprise flaw (CVSS 9.8) is under active attack, with federal agencies ordered to fix it by Sunday.
  • Your earbuds as a wiretap: Apple patched a Beats Studio Buds flaw that let a nearby attacker listen through the mic, and the same chip bug touches Sony, Bose, and more.
  • A crypto-stealing USB worm: Microsoft detailed malware that swaps crypto wallet addresses on your clipboard and spreads itself through USB drives.
  • Google's Gemini speaker: Google launched its first smart speaker in roughly six years, built around its Gemini assistant, at $99.99.

🔝 Top story: the US keeps a frontier AI model switched off

Washington keeps Anthropic's Fable 5 offline, but the company signals a return "within days"

The biggest AI story of the week is not a launch, it is a shutdown. On June 12 the US government directed Anthropic to cut off access to its most capable Claude models, Fable 5 and Mythos 5, for all foreign nationals. Because filtering users by nationality in real time is not practical, Anthropic responded by disabling both models for everyone, days after Fable 5 had launched to the public. This week the picture got clearer and a little more hopeful. Speaking at the opening of Anthropic's new Seoul office on June 18, the company's Managing Director of International, Chris Ciauri, said he was "very confident that in the coming days, the models will become available again," the most specific timeline signal Anthropic has given since the ban.

Reporting from WIRED and The Washington Post this week also filled in what actually triggered the order. By those accounts it was a two-step sequence: the White House first flagged SK Telecom, a major Korean carrier and Anthropic investor, as a possible national-security risk and asked Anthropic to revoke its access, which the company did. Separately, Amazon researchers reported potential ways to bypass Fable 5's safety guardrails, and the administration concluded it could not be confident the model's most sensitive capabilities were under control. SK Telecom has firmly denied any ties to China. For now the models remain offline, refunds are being processed for affected subscribers, and the restoration timeline rests on negotiations rather than a published date.

In short: The US government is keeping Anthropic's Fable 5 and Mythos 5 models disabled, and Anthropic says it expects them back "within days."

What it means for your business: If your team or your vendors built anything on Fable 5 or Mythos 5, you have already felt the outage, and this is a live reminder that a cloud-hosted AI model can be switched off by forces outside your control. Keep a fallback model wired in and avoid betting a critical workflow on a single provider's single model.

My take: Set aside the politics and the lesson for buyers is simple: concentration is the risk. A model you do not host can disappear with no notice and no code change on your end. If an AI feature is load-bearing for your business, have a second option you can switch to, and test that you actually can.

Source: Korea JoongAng Daily

🤖 AI: in your living room next

Google launches its first smart speaker in years, built for Gemini

Google opened orders this week for the Google Home Speaker, its first new smart speaker in roughly six years and the first built from the ground up around its Gemini assistant. It is priced at $99.99, ships June 25, and leans on Gemini for natural back-and-forth conversation rather than rigid command phrases, plus the usual smart-home controls and a noticeably bigger driver than the old Nest Mini. Google first teased the device back in October 2025 but held it until Gemini was rolled out and stabilized on its existing speakers.

The bigger picture is that the always-listening speaker on the kitchen counter is becoming a frontier-AI device. Amazon is rebuilding Alexa on its own models and Apple is reworking Siri, so all three big home platforms are upgrading their voice assistants at the same time. For most businesses this is not a buy-it-today decision, but it is a sign of where conversational AI is heading: cheap, ambient, and everywhere.

In short: Google released a $99.99 Gemini-powered Home Speaker, its first new smart speaker in about six years, shipping June 25.

What it means for your business: Voice is quietly becoming a real AI interface again. If customers interact with you by voice, or if your staff would benefit from hands-free AI in a shop, warehouse, or clinic, this category is worth watching over the next year.

My take: Hardware like this matters less for the speaker and more for the habit it builds. Once people expect to just talk to capable AI and get a useful answer, they will expect the same from your apps and support. That bar is rising fast.

Source: Google blog

🛡️ IT and security: patch these now

A critical Splunk flaw is under active attack, and the clock is short

CISA added CVE-2026-20253, a critical (CVSS 9.8) flaw in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog on June 18 after attacks were confirmed in the wild. The bug lives in a PostgreSQL "sidecar" service that fails to require authentication, and it lets an unauthenticated attacker reach exposed backup and restore functions, plant files in arbitrary locations, and ultimately run code on the server. Security firm WatchTowr published a working proof-of-concept shortly after disclosure, which is part of why exploitation ramped up so quickly.

Splunk is widely used to collect and monitor logs and security data, so a pre-authentication remote-code hole here is about as serious as it gets: the very tool many teams rely on to spot intruders can become the way in. The flaw affects Splunk Enterprise 10.2 before 10.2.4 and 10.0 before 10.0.7, and fixed builds are available (including 10.2.4, 10.0.7, 10.4.0, 9.4.12, and 9.3.13). CISA gave federal agencies only three days to patch, a deadline of roughly this Sunday, which tells you how urgent the agency considers it.

In short: A critical, actively exploited Splunk Enterprise flaw (CVE-2026-20253) lets unauthenticated attackers run code, and patches are already out.

What it means for your business: If you run Splunk Enterprise anywhere, especially anything reachable from the internet, treat this as a drop-everything update. An exploited monitoring server is a worst case, because attackers can both break in and watch you try to respond.

My take: When a 9.8 has public exploit code and CISA puts a three-day fuse on it, "next maintenance window" is not an answer. Patch to a fixed build now and check the box for any unexpected files or connections while you are in there.

Source: Help Net Security

Apple patches a Beats earbuds flaw that could turn them into a wiretap

Apple shipped a fix on June 19 for a high-severity flaw (tracked as CVE-2025-20701, CVSS 8.8) in its Beats Studio Buds. The bug sits in the Airoha Bluetooth audio chip software and lets an attacker within Bluetooth range pair with the earbuds without the owner's consent while they are unpaired and looking for a connection, then listen in through the microphone. Apple's fix arrives in firmware version 1B211, which installs automatically when the earbuds are near a paired iPhone, iPad, or Mac.

The catch is that the underlying chip is not unique to Beats. The same Airoha software reaches a long list of audio brands including Sony, Bose, JBL, Marshall, and Jabra, so this is really an industry-wide issue that Apple happened to patch first. It is a useful reminder that "small" accessories run real software with real microphones attached.

In short: Apple patched a Beats Studio Buds flaw that let nearby attackers eavesdrop through the mic, and the same chip bug affects many other audio brands.

What it means for your business: Wireless earbuds and headsets are part of your attack surface, especially for staff who take sensitive calls. Keep accessory firmware current and be mindful that the same class of bug likely affects whatever brand your team uses.

My take: The fix is basically automatic for Beats owners, so the action item is small: keep earbuds near a paired Apple device long enough to update. The broader point is bigger, namely that even your earbuds are a computer with a microphone, so treat them like one.

Source: The Hacker News

Microsoft details a crypto-stealing worm that spreads over USB

Microsoft this week detailed a Windows malware campaign, which it detects as Trojan:Win32/CryptoBandits.A, that has been quietly hitting users since February. At its core it is a clipboard "clipper," meaning it watches for cryptocurrency wallet addresses you copy and silently swaps in the attacker's address so funds go to the wrong place. It also hunts for seed phrases and private keys, can grab screenshots, and routes everything back to the attacker over the Tor network to stay hidden.

What makes this one nastier than a typical stealer is that it spreads on its own. The malware drops booby-trapped shortcut (LNK) files onto USB drives, so plugging an infected stick into another machine can carry it along, and it can act as a lightweight backdoor for remote control on top of the theft. That combination, self-spreading plus remote access, turns a simple wallet thief into a foothold inside a network.

In short: Microsoft detailed self-spreading Windows malware (CryptoBandits) that hijacks crypto payments via the clipboard and travels through USB drives.

What it means for your business: Anyone who touches crypto should slow down and verify wallet addresses before sending, and every business should be wary of unknown USB drives. A worm that hops between machines on a thumb drive can outrun a single cleanup.

My take: Two cheap habits beat this: confirm the first and last few characters of any wallet address before you hit send, and treat random USB sticks as hostile. Make sure Defender (or your endpoint tool) is on and updated, because it already detects this family.

Source: Microsoft Security Blog

The bottom line

Today's theme is control, or the lack of it. A government can switch off an AI model you depend on, an attacker can turn your monitoring server or even your earbuds against you, and malware can ride a USB stick from one machine to the next. None of that is cause for panic, but all of it rewards the basics: keep a fallback for critical AI, patch the urgent stuff (Splunk today, earbuds when they are near your phone), and treat unknown USB drives and copied wallet addresses with healthy suspicion.

That is your AI and IT news for June 19, 2026. See you in the next one.