Anthropic just released Claude Fable 5, calling it the most powerful AI model it has ever made widely available and praising its skills in biology, among others. But the model won’t answer basic biology questions — the kind you’d expect a high schooler to handle. Instead, it hands off the query to the former flagship model, Claude Opus 4.8.
Technology
Hertz data breach exposes customer information
Most companies use different vendors to run different parts of their business, such as customer management, finances, payroll and social media. To do this, they share access to customer data with these platforms. The issue is that not all vendors take cybersecurity seriously, and hackers are well aware of that.
More and more, attackers are going after these weaker links in the digital supply chain. These kinds of breaches often happen quietly, exposing large amounts of customer information without touching a company’s main systems. It’s becoming a serious concern for both businesses and their customers.
One of the latest cases involves Hertz, the car rental giant, which recently confirmed that customer data was exposed because of a cyberattack on one of its software vendors.
Join the FREE “CyberGuy Report”: Get my expert tech tips, critical security alerts and exclusive deals, plus instant access to my free “Ultimate Scam Survival Guide” when you sign up!
Hertz rental location (Hertz)
What happened at Hertz?
Hertz, the global car rental company that also operates Dollar and Thrifty, has disclosed a data breach affecting thousands of its customers. The incident stems from a cyberattack on one of its third-party vendors, software provider Cleo, between October and December 2024. The breach did not compromise Hertz’s internal systems directly but involved data that had been shared with the vendor as part of its operational workflow.
The compromised data varies by region but includes sensitive personal information such as names, dates of birth, contact details, driver’s license numbers and, in some cases, Social Security numbers and other government-issued IDs. Certain financial information, including payment card details and workers’ compensation claims, was also among the stolen records.
In the U.S., disclosures were filed with regulatory bodies in California, Texas and Maine. Specifically, 3,457 individuals were affected in Maine and 96,665 in Texas. The total global impact, however, is believed to be far greater. Customers in Australia, Canada, the EU, New Zealand and the U.K. were also notified via breach notices on Hertz’s regional websites.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
The breach is believed to be the work of the Clop ransomware gang, a well-known Russia-linked hacking group. Clop exploited a zero-day vulnerability in Cleo’s enterprise file transfer software, technology used by many large organizations to securely transmit sensitive business data. In 2024, the gang launched a mass-hacking campaign targeting Cleo users, ultimately stealing data from more than 60 companies, including Hertz.
Interestingly, while Hertz was named on Clop’s dark web leak site in 2024, the company initially stated it had “no evidence” its systems or data had been compromised.
When contacted by CyberGuy, a Hertz spokesperson said, “At Hertz, we take the privacy and security of personal information seriously. This vendor event involves Cleo, a file transfer platform used by Hertz for limited purposes. Importantly, to date, our forensic investigation has found no evidence that Hertz’s own network was affected by this event. However, among many other companies affected by this event, we have confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo’s platform in October 2024 and December 2024.”
Hertz rental location (Hertz)
200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH
What does this mean for customers?
While Hertz’s internal systems were not breached, the exposure of personal data, including driver’s license numbers, contact details and government-issued IDs, poses serious risks. Affected individuals may be vulnerable to identity theft, fraudulent account openings and targeted phishing attempts. If Social Security numbers were involved, the potential for harm increases significantly. Anyone who rented from Hertz, Dollar or Thrifty between October and December 2024 should be on high alert.
A hacker at work (Kurt “CyberGuy” Knutsson)
MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT
7 ways to protect yourself after the Hertz data breach
If you think you were affected or just want to be cautious, here are some steps you can take right now to stay safe from the Hertz data breach.
1. Watch out for phishing scams and use strong antivirus software: With access to your email, phone number or identification documents, attackers can craft convincing phishing emails pretending to be from healthcare providers or banks. These emails might include malicious links designed to install malware or steal login information. To defend yourself, use a strong antivirus program. Get my picks of the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2. Scrub your data from the internet using a personal data removal service: The more exposed your personal information is online, the easier it is for scammers to use it against you. Following the Hertz breach, consider removing your information from public databases and people-search sites. Check out my top picks for data removal services here.
3. Safeguard against identity theft and use identity theft protection: Hackers now have access to high-value information from the Hertz breach, including Social Security numbers, driver’s license and bank information. This makes you a prime target for identity theft. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Signing up for identity theft protection gives you 24/7 monitoring, alerts for unusual activity and support if your identity is stolen. See my tips and best picks on how to protect yourself from identity theft.
4. Set up fraud alerts: Requesting fraud alerts notifies creditors that they need extra verification before issuing credit in your name. You can request fraud alerts through any one of the three major credit bureaus; they’ll notify the others. This adds another layer of protection without completely freezing access to credit.
5. Monitor your credit reports: Check your credit reports regularly through AnnualCreditReport.com, where you can access free reports from each bureau once per year or more frequently if you’re concerned about fraud. Spotting unauthorized accounts early can prevent larger financial damage.
6. Change passwords and use a password manager: Update passwords on any accounts tied to compromised data. Use unique passwords that are hard to guess and let a password manager do the heavy lifting by generating secure ones for you. Reused passwords are an easy target after breaches. Consider password managers for convenience and security. Get more details about my best expert-reviewed password managers of 2025 here.
7. Be wary of social engineering attacks: Hackers may use stolen details like names or birth dates from breaches in phone scams or fake customer service calls designed to trick you into revealing more sensitive info. Never share personal details over unsolicited calls or emails. Social engineering attacks rely on trust, and vigilance is key.
HACKERS USING MALWARE TO STEAL DATA FROM USB FLASH DRIVES
Kurt’s key takeaway
Cyber risk doesn’t always come from a company’s own network. It often originates in unseen corners of the digital supply chain. Even as companies double down on internal cybersecurity, they must be equally rigorous in how they vet and monitor third-party vendors. For consumers, it’s no longer enough to trust the big brand on the label. The data trail is wider, the attack surface larger and the consequences far more opaque.
If companies can’t protect our data, should they be allowed to collect so much of it? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
Bluesky will be getting “communities,” which will function as smaller spaces where you can “go deeper and hang out with people who care about the same stuff” sometime this year, according to head of product Alex Benzer. They will be built on the decentralized AT Protocol that underpins Bluesky, with Benzer saying that “it’s a new structure for everyone” that’s part of the “Atmosphere” (a shorthand for the AT Protocol ecosystem).
Benzer listed out a “few ideas we have in mind so far” in a thread. “On Bluesky, you’ll be able to create communities, join them, post in them, and get updates,” Benzer says. “The core features on Bluesky stay simple. The magic comes from communities also existing on the open web. This means you can truly customize them and add features with other Atmospheric apps and tools.”
Communities will get a handle that “doubles as a URL,” and if you go to that URL, you’ll “land on a custom homepage for the community,” according to Benzer. “Builders can also host a completely custom experience there instead.” There will be three privacy levels for communities: public, invite-only, and private. And each community would have its own feed, Benzer says.
Benzer’s thread follows Bluesky COO Rose Wang saying last week that the company wanted to move away from being a “public square” and that it was “very inspired by companies like Reddit.” Meta’s Threads is currently testing a communities feature, while X announced in April that it would be shutting down its own take on communities.
NEWYou can now listen to Fox News articles!
Amazon is getting ready for Prime Day, and you can bet scammers are, too. In fact, I received a fake Amazon email that looked like an account recovery warning. It claimed there was unusual activity on my account and pushed me to “Sign In to Verify.”
That kind of message can make anyone uneasy. It certainly did for me. After all, who wants to lose access to an account right before a major sale? Then came the part that really stood out: the email said I might need to upload a document to confirm my account.
That was the giveaway. A real deal can save you money. A fake Amazon email can cost you your login, your payment details and even your identity.
Here’s how this scam works, the red flags that exposed it and the steps you should take before clicking any Amazon account warning.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
A fake Amazon account recovery email is targeting shoppers ahead of Prime Day, using urgency and document requests to steal sensitive information. (Photographer: David Paul Morris/Bloomberg via Getty Images)
Fake Amazon email warning before Prime Day
The timing made this phishing email more convincing. With Prime Day coming up, many people are already watching for Amazon emails. They may be checking delivery updates, deal alerts and order confirmations. That creates the perfect opening for a fake account warning.
The email used the same tricks you see in many phishing scams. It claimed there was account trouble, used urgent language and pushed me toward a sign-in button. That is exactly what scammers want.
Screenshot of scam fake Amazon email (Kurt “CyberGuy” Knutsson)
They want you to react before you inspect the message. They want you to sign in before you think through the request. And in this case, they wanted me to believe a document upload was part of a normal Amazon account check.
Amazon phishing scam red flags
This fake Amazon email had several warning signs. First, it landed in my junk folder. That alone does not prove fraud, but it should make you cautious.
Second, the subject line sounded awkward. It said, “Account Recovery: Sign-in and Verify your Amazon account.” That wording felt stiff and a little off.
Third, the greeting was generic. The email said “Dear Customer” even though it claimed to be about my Amazon account. That alone does not prove the email is fake, but it adds to the concern.
Fourth, the message created urgency. It claimed the account was on hold and that orders or subscriptions had already been canceled.
Fifth, the sender display name said “Amazon,” while the address appeared as account_update@amazon.com. That may look official at first. Still, scammers can spoof sender names or make email addresses look convincing.
Under the yellow “Sign In to Verify” button, the email also says, “Don’t share it with others.” That may sound protective, but in this context, it felt like another attempt to make the fake warning seem official.
The biggest warning sign came from the document request. The email said I would have the option to upload a document with the required information to verify the account.
That should stop you cold. Scammers may be after more than your Amazon password. They may also want your driver’s license, passport, address, phone number or payment details.
Screenshot of fake Amazon email sender address (Kurt “CyberGuy” Knutsson)
Why fake Amazon account emails fool shoppers
This scam works because it hits a very real fear. Most people do not want to lose access to an online shopping account. That concern grows when a big sale is about to start. If you are planning to buy something on Prime Day, an account warning can feel urgent.
The email also borrowed Amazon’s familiar look. It used the Amazon name, a logo area and a yellow sign-in button. It also included a footer that appeared to show an Amazon.com link. That can make the message feel safer than it really is.
Here is the problem. The visible link text in an email can mislead you. A link can appear to point to Amazon while sending you somewhere else. It can also pass through tracking links, redirects or look-alike pages. That is why you should avoid signing in through any account warning email.
120,000 FAKE SITES FUEL AMAZON PRIME DAY SCAMS
Scammers are impersonating Amazon with convincing account alerts designed to capture login credentials, payment details and personal documents. (Photographer: Michael Nagle/Bloomberg via Getty Images)
What happens if you click a fake Amazon link
If you click the link, you may land on a fake Amazon sign-in page. It may look close enough to fool you. Once you enter your email and password, scammers can try to access your real Amazon account. They may check your saved payment methods, shipping addresses and order history.
They may also try that same password on other websites. That becomes a bigger risk if you reuse passwords.
The document request adds another layer of danger. If a fake page asks for your ID, scammers could use that information for identity theft, account takeovers or other fraud. That is why one quick click can turn into a much bigger mess.
Ways to stay safe from fake Amazon emails
A fake Amazon email can look convincing at first, so the best move is to slow down and use these simple checks before you click, sign in or share anything.
1) Do not click the sign-in button
Skip buttons like “Sign In to Verify,” “View details” or “Restore access.” Open the Amazon app or type Amazon.com into your browser yourself.
2) Check Amazon’s Message Center
After signing in directly, go to Your Account > Message Center. If the alert is real, you should see a matching message there.
3) Watch for pressure language
Scammers often say your account is locked, your orders were canceled, or you must act right away. That pressure is designed to make you click before thinking.
4) Never upload ID through an email link
If an email asks for a passport, driver’s license or other document, stop. Contact Amazon through the app or website before sending anything.
5) Use a password manager
A password manager can help you spot fake login pages. If the page is fake, your saved Amazon password usually will not autofill. Check out the best expert-reviewed password managers of 2026 at CyberGuy.com.
6) Turn on two-step verification
7) Use strong antivirus software
Install strong antivirus software on your computer, phone and tablet. Good security software can help detect malicious links, phishing pages, malware and other threats before they do damage. This is especially important if you clicked a suspicious link or downloaded anything from a fake email. Security software should back up your smart habits, not replace them. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.
8) Use a data removal service
Scammers often build more convincing attacks with information they find about you online. That can include your name, address, phone number, relatives, old usernames and other personal details from people-search sites and data brokers. A data removal service can help remove your personal information from many of those sites. That makes it harder for scammers to personalize phishing emails and identity theft attempts. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.
9) Report the suspicious email
Forward suspicious Amazon emails to reportascam@amazon.com. Then delete the message from your inbox or junk folder.
JANUARY SCAMS SURGE: WHY FRAUD SPIKES AT THE START OF THE YEAR
Cybersecurity experts warn consumers to avoid clicking links in Amazon account warning emails and verify alerts directly through Amazon. (David Paul Morris/Bloomberg via Getty Images)
Kurt’s key takeaways
Prime Day is a great time to find real deals, but it is also a busy season for fake Amazon emails. Scammers know shoppers are checking delivery updates, watching for discounts and hoping nothing gets in the way of a good buy. That is what made this email so sneaky. It used a familiar fear at the perfect moment: losing access to your account right before a major sale. The safest move is to slow down before you click. Do not trust the button. Do not trust the sender name alone. Open the Amazon app or type Amazon.com into your browser and check your account yourself.
Have you ever received an email that looked official enough to make you click, and what finally made you stop? Let us know by writing to us at CyberGuy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
HOW TO DETECT FAKE AMAZON EMAILS AND AVOID IMPERSONATION SCAMS
Copyright 2026 CyberGuy.com. All rights reserved.
It isn’t because Fable doesn’t know the answers. It’s because Anthropic won’t let it, by design.
Fable is a public-facing, Mythos-class model, a family so capable at cybersecurity tasks Anthropic said it was too dangerous to release publicly. But while Anthropic has spent much of the extended Mythos rollout warning about cybersecurity, it is biology where Fable’s guardrails are the most obvious — and most limiting.
When I tried the model, it refused to answer a range of basic biology questions, many that felt about as far away from any plausible safety risk as any question could be. It would not respond to “tell me about cell membranes” or answer “what are mitochondria,” that famous powerhouse of the cell. It refused to explain “what is a prion,” the proteinaceous particles behind mad cow disease, or “how mRNA vaccines work.”
“We made this tradeoff so customers could benefit from the model’s capabilities sooner without the risks.”
The restrictions applied to ordinary and objectively rather harmless medical queries too. Fable would not answer “what causes hay fever,” explain how asthma medicine works, explain how antibiotic resistance arises, or tell me what Ebola is and how it spreads. Some of my basic queries occasionally got through, with Fable answering questions like “what is cancer” and “what is DNA.” When Fable refused, Opus 4.8 generally answered perfectly well.
Anthropic says the broad biology filters are an intentional choice and are deliberately conservative, with bioweapons the primary concern. “With the launch of Claude Fable 5, our first Mythos-class model, we believe models now have a greater ability to accomplish real-world scientific tasks and for malicious actors to potentially use our models for highly risky biological research,” spokesperson Paruul Maheshwary told The Verge. “We have always used classifiers to block our models from helping with bioweapons-related requests. To deploy Fable 5 safely, we believe it was necessary to be overly conservative with our safeguards so they block most queries tied to biology work.”
Anthropic has previously highlighted four key areas where it would throttle Fable’s responses for safety: chemistry, biology, cybersecurity, and distillation, a technique for training smaller AIs using the outputs of larger ones. The company has accused Chinese rivals like DeepSeek of using distillation on its models on an “industrial” scale.
While I could not meaningfully test distillation, Fable seemed more willing to answer questions about chemistry and cybersecurity. For example, it gave a basic overview of the explosive TNT, though withheld synthesis instructions “for obvious reasons.” It readily answered questions on the use of chlorine gas as a chemical weapon, common password threats, and nuclear fusion and fission, as well as explaining how to secure an iPhone from hackers. It still limits: Fable deferred to Opus when I asked it about sarin gas, a highly toxic nerve agent. Fable and Opus both refused the prompt “how to make anthrax,” and Claude paused the chat entirely. That made sense. The mitochondria prompt refusal seems like a false positive.
“We made this tradeoff so customers could benefit from the model’s capabilities sooner without the risks,” Maheshwary explained, adding that Anthropic is working hard to improve its detection and reduce the false positives. “We intend to make Mythos-class models available without these safeguards to the broader biology and life sciences community so these capabilities can be used to accelerate biomedical research and drug discovery.”
Anthropic did not answer questions about whether this kind of restricted release will become the new norm for future models.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
-
News7 minutes agoWe Keep Us Safe: The Standoff : Embedded
-
New York1 hour agoVideo: Knicks Fans Rejoice After Game 4 Victory
-
Los Angeles, Ca1 hour agoPolice chase suspected DUI driver in Los Angeles County
-
Detroit, MI2 hours ago
Opening of Canada-US bridge in Detroit that Trump threatened to block is delayed
-
San Francisco, CA2 hours agoGoing to San Francisco Pride 2026? Parade Times, Maps, Street Closures and Safety Advice | KQED
-
Dallas, TX2 hours agoWoman arrested in Dallas food delivery turned ambush shooting in March, officials say
-
Miami, FL2 hours ago2026 Miami Football Early Opponent Preview, Game 2: Florida A&M
-
Boston, MA2 hours agoMinivan in rollover wreck in Dorchester – Boston News, Weather, Sports | WHDH 7News
