Anthropic just released Claude Fable 5, calling it the most powerful AI model it has ever made widely available and praising its skills in biology, among others. But the model won’t answer basic biology questions — the kind you’d expect a high schooler to handle. Instead, it hands off the query to the former flagship model, Claude Opus 4.8.
Technology
FBI warns over 1 million Android devices hijacked by malware
NEWYou can now listen to Fox News articles!
Everything that connects to the internet can be hacked by malware.
This includes your phones (both Android and iPhones) and laptops (whether Windows, Mac or even lesser-known systems like Linux). Devices like your Wi-Fi router and security cameras aren’t safe either.
But who would have thought hackers are now targeting your smart TVs, streaming boxes, projectors and tablets, too? That’s right, the FBI warns that bad actors have hijacked over a million of these devices with malware, turning them into unwitting participants in a global cybercrime network.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join.
Remote control and smart TV (Kurt “CyberGuy” Knutsson)
FBI warns: Over 1 million smart devices infected with BadBox 2.0 malware
The FBI is warning that more than a million smart TVs, streaming boxes, projectors and tablets have been infected by a massive malware operation called BadBox 2.0. The malware turns home electronics into participants in a global network of cybercrime, often before the user even powers them on.
In a statement, the FBI says BadBox 2.0 is commonly found on cheap Android-based devices manufactured in mainland China. These include uncertified tablets, connected TV boxes and other Internet of Things hardware. Many of the infected devices ship with the malware preinstalled. Others are compromised during setup, often through malicious firmware updates or sideloaded apps from unofficial marketplaces.
FBI WARNS OF HACKERS EXPLOITING OUTDATED ROUTERS. CHECK YOURS NOW
Once infected, the devices connect to a command and control server, allowing hackers to reroute malicious traffic through home networks, load fraudulent ads in the background and carry out credential-stuffing attacks without the user knowing. Essentially, your smart TV could be quietly helping someone break into other people’s accounts.
The botnet is primarily used to turn infected devices into residential proxy nodes, providing hackers with anonymous access to real home IP addresses. That means your TV or projector might unknowingly be helping cybercriminals bypass security systems, commit ad fraud or brute-force online accounts while hiding behind your internet connection.
A person holding a tablet (Kurt “CyberGuy” Knutsson)
DON’T CLICK THAT LINK! HOW TO SPOT AND PREVENT PHISHING ATTACKS IN YOUR INBOX
Badbox malware history: From TV boxes to over 1 million infected devices
BadBox first appeared in 2023 on generic TV boxes, such as the T95. The original botnet was briefly disrupted in Germany in 2024 when security researchers “sinkholed” the malware’s command servers. That wiped out part of the operation, but not for long. Just a week later, the malware reappeared on nearly 200,000 devices, including more recognizable brands like Hisense smartphones and Yandex TVs.
By March 2025, BadBox had evolved into BadBox 2.0, with more than 1 million active infections detected by HUMAN’s Satori Threat Intelligence team. The majority of devices are uncertified Android Open Source Project builds. These are not official Android TV OS products and are not protected by Google Play Protect.
Researchers say the malware has been spotted in 222 countries. A significant number of infections are concentrated in Brazil, followed by the United States, Mexico and Argentina.
The FBI, working with Google, Trend Micro, HUMAN and the Shadowserver Foundation, recently disrupted communications between more than 500,000 infected devices and their control servers. However, the botnet continues to grow as more compromised products reach consumers and remain unnoticed.
Symptoms of infection include strange app marketplaces, disabled Play Protect settings or devices advertised as being unlocked or capable of free streaming. Many of these products come from unknown brands and are sold through unofficial sellers. If you have recently purchased a budget Android TV box or projector, especially one that is not certified by Google, you may want to take a closer look.
Smart TV (Kurt “CyberGuy” Knutsson)
ANDROID SCAM LETS HACKERS USE YOUR CREDIT CARD REMOTELY
How to tell if your device might be infected with BadBox 2.0
If you’re wondering whether your smart TV, streaming box, projector or tablet could be part of the BadBox 2.0 botnet, here are some warning signs and checks you can do.
1. You bought a low-cost Android-based device from an unknown or no-name brand: Devices sold online through third-party sellers or unknown brands, especially if advertised as “unlocked,” “jailbroken” or offering free streaming, are at higher risk. Models like the T95 box or other generic Android TV boxes are known carriers. Specifically, the following devices have been identified as impacted by BadBox malware:
Device model: TV98, X96Q_Max_P, Q96L2, X96Q2, X96mini, S168, ums512_1h10_Natv, X96_S400, X96mini_RP, TX3mini, HY-001, MX10PRO, X96mini_Plus1, LongTV_GN7501E, Xtv77, NETBOX_B68, X96Q_PR01, AV-M9, ADT-3, OCBN, X96MATE_PLUS, KM1, X96Q_PRO, Projector_T6P, X96QPRO-TM, sp7731e_1h10_native, M8SPROW, TV008, X96Mini_5G, Q96MAX, Orbsmart_TR43, Z6, TVBOX, Smart, KM9PRO, A15, Transpeed, KM7, iSinbox, I96, SMART_TV, Fujicom-SmartTV, MXQ9PRO, MBOX, X96Q, isinbox, Mbox, R11, GameBox, KM6, X96Max_Plus2, TV007, Q9 Stick, SP7731E, H6, X88, X98K, TXCZ
2. Your device is not Google-certified: If your Android device doesn’t support Google Play Protect or doesn’t show the Play Protect certification in the Play Store settings, it’s likely running on an uncertified version of Android. That’s a major red flag. To check:
- Open the Google Play Store.
- Tap your profile icon > Settings > About.
- Look for Play Protect certification. If it says “Device is not certified,” that’s a problem.
3. Suspicious behavior or strange apps: Look for unfamiliar apps you didn’t install, apps labeled with foreign characters or alternative app stores on your device. BadBox-infected devices often come with shady apps preloaded.
4. Google Play Protect is disabled: If Play Protect has been turned off without your knowledge or is missing altogether, your device may be vulnerable to compromise.
5. Your home internet is acting strange: If your network is unusually slow or your router shows unknown devices connected, one of your smart devices may be hijacked and rerouting traffic as part of a residential proxy network.
6. The device came with outdated or unofficial firmware: If your device doesn’t receive software updates or has a strange update process, that’s another potential sign it’s not legit or may be compromised.
FBI WARNS OF SCAM TARGETING VICTIMS WITH FAKE HOSPITALS AND POLICE
8 ways to protect your devices from BadBox 2.0 and Android malware
Want to stay safe? Here are eight practical steps you can take to protect your smart devices from BadBox 2.0 malware and other hidden Android threats.
1. Use strong antivirus software: Protecting your devices starts with powerful antivirus protection. Malware like BadBox 2.0 often comes preinstalled on cheap, uncertified Android devices, infecting them before you even power them on. A trusted antivirus app can help detect hidden threats, block malicious traffic and warn you about suspicious behavior that might otherwise go unnoticed. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2. Only buy certified and trusted devices: Stick to devices certified by Google or other recognized platforms. Avoid generic or off-brand Android boxes, tablets and projectors, especially if they are advertised as unlocked or include free streaming. Cheap, uncertified devices are more likely to come with malware preinstalled.
3. Avoid sideloading apps from unofficial sources: Do not install apps from third-party app stores or download APK files from unknown websites. These files can contain hidden malware. Use only official app stores like the Google Play Store that scan apps for threats.
4. Check your device settings for tampering: Look for signs like Google Play Protect being turned off, the presence of unfamiliar app stores or suspicious apps running in the background. These are possible signs your device is compromised.
5. Monitor your network for unusual activity: If your internet slows down suddenly, or you notice unknown devices on your Wi-Fi, investigate. Use your router’s settings or a network monitoring app to track strange behavior or unauthorized connections.
6. Disconnect and replace suspicious hardware: If a device is behaving oddly or was purchased from an untrusted source, unplug it from your network. Consider replacing it with a product from a reputable brand and a verified seller.
7. Keep your devices and apps updated: Install system and app updates regularly. Even though cheap devices may not always offer updates, keeping your software current reduces your risk. Choose brands that are known for providing reliable security patches.
8. Secure your router and home network: Your devices are only as safe as the network they’re connected to. Set a strong, unique password for your Wi-Fi router and update its firmware regularly. Disable remote access unless absolutely necessary and use WPA3 encryption if available. Consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed password managers of 2025 here.
As BadBox 2.0 continues to evolve, protecting your entire home network, not just individual devices, has become essential to staying one step ahead of cybercriminals.
THIS IS WHAT YOU ARE DOING WRONG WHEN SCAMMERS CALL
Kurt’s key takeaway
It’s alarming how something as simple as a budget streaming box or projector could be quietly working for cybercriminals. As smart devices become part of almost everything we do, being a careful and informed consumer matters more than ever. Small steps like buying from trusted brands and avoiding unofficial downloads can make a big difference in keeping your home and personal data safe.
With over a million devices infected, who should be held accountable: manufacturers, governments or consumers? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
Bluesky will be getting “communities,” which will function as smaller spaces where you can “go deeper and hang out with people who care about the same stuff” sometime this year, according to head of product Alex Benzer. They will be built on the decentralized AT Protocol that underpins Bluesky, with Benzer saying that “it’s a new structure for everyone” that’s part of the “Atmosphere” (a shorthand for the AT Protocol ecosystem).
Benzer listed out a “few ideas we have in mind so far” in a thread. “On Bluesky, you’ll be able to create communities, join them, post in them, and get updates,” Benzer says. “The core features on Bluesky stay simple. The magic comes from communities also existing on the open web. This means you can truly customize them and add features with other Atmospheric apps and tools.”
Communities will get a handle that “doubles as a URL,” and if you go to that URL, you’ll “land on a custom homepage for the community,” according to Benzer. “Builders can also host a completely custom experience there instead.” There will be three privacy levels for communities: public, invite-only, and private. And each community would have its own feed, Benzer says.
Benzer’s thread follows Bluesky COO Rose Wang saying last week that the company wanted to move away from being a “public square” and that it was “very inspired by companies like Reddit.” Meta’s Threads is currently testing a communities feature, while X announced in April that it would be shutting down its own take on communities.
NEWYou can now listen to Fox News articles!
Amazon is getting ready for Prime Day, and you can bet scammers are, too. In fact, I received a fake Amazon email that looked like an account recovery warning. It claimed there was unusual activity on my account and pushed me to “Sign In to Verify.”
That kind of message can make anyone uneasy. It certainly did for me. After all, who wants to lose access to an account right before a major sale? Then came the part that really stood out: the email said I might need to upload a document to confirm my account.
That was the giveaway. A real deal can save you money. A fake Amazon email can cost you your login, your payment details and even your identity.
Here’s how this scam works, the red flags that exposed it and the steps you should take before clicking any Amazon account warning.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
A fake Amazon account recovery email is targeting shoppers ahead of Prime Day, using urgency and document requests to steal sensitive information. (Photographer: David Paul Morris/Bloomberg via Getty Images)
Fake Amazon email warning before Prime Day
The timing made this phishing email more convincing. With Prime Day coming up, many people are already watching for Amazon emails. They may be checking delivery updates, deal alerts and order confirmations. That creates the perfect opening for a fake account warning.
The email used the same tricks you see in many phishing scams. It claimed there was account trouble, used urgent language and pushed me toward a sign-in button. That is exactly what scammers want.
Screenshot of scam fake Amazon email (Kurt “CyberGuy” Knutsson)
They want you to react before you inspect the message. They want you to sign in before you think through the request. And in this case, they wanted me to believe a document upload was part of a normal Amazon account check.
Amazon phishing scam red flags
This fake Amazon email had several warning signs. First, it landed in my junk folder. That alone does not prove fraud, but it should make you cautious.
Second, the subject line sounded awkward. It said, “Account Recovery: Sign-in and Verify your Amazon account.” That wording felt stiff and a little off.
Third, the greeting was generic. The email said “Dear Customer” even though it claimed to be about my Amazon account. That alone does not prove the email is fake, but it adds to the concern.
Fourth, the message created urgency. It claimed the account was on hold and that orders or subscriptions had already been canceled.
Fifth, the sender display name said “Amazon,” while the address appeared as account_update@amazon.com. That may look official at first. Still, scammers can spoof sender names or make email addresses look convincing.
Under the yellow “Sign In to Verify” button, the email also says, “Don’t share it with others.” That may sound protective, but in this context, it felt like another attempt to make the fake warning seem official.
The biggest warning sign came from the document request. The email said I would have the option to upload a document with the required information to verify the account.
That should stop you cold. Scammers may be after more than your Amazon password. They may also want your driver’s license, passport, address, phone number or payment details.
Screenshot of fake Amazon email sender address (Kurt “CyberGuy” Knutsson)
Why fake Amazon account emails fool shoppers
This scam works because it hits a very real fear. Most people do not want to lose access to an online shopping account. That concern grows when a big sale is about to start. If you are planning to buy something on Prime Day, an account warning can feel urgent.
The email also borrowed Amazon’s familiar look. It used the Amazon name, a logo area and a yellow sign-in button. It also included a footer that appeared to show an Amazon.com link. That can make the message feel safer than it really is.
Here is the problem. The visible link text in an email can mislead you. A link can appear to point to Amazon while sending you somewhere else. It can also pass through tracking links, redirects or look-alike pages. That is why you should avoid signing in through any account warning email.
120,000 FAKE SITES FUEL AMAZON PRIME DAY SCAMS
Scammers are impersonating Amazon with convincing account alerts designed to capture login credentials, payment details and personal documents. (Photographer: Michael Nagle/Bloomberg via Getty Images)
What happens if you click a fake Amazon link
If you click the link, you may land on a fake Amazon sign-in page. It may look close enough to fool you. Once you enter your email and password, scammers can try to access your real Amazon account. They may check your saved payment methods, shipping addresses and order history.
They may also try that same password on other websites. That becomes a bigger risk if you reuse passwords.
The document request adds another layer of danger. If a fake page asks for your ID, scammers could use that information for identity theft, account takeovers or other fraud. That is why one quick click can turn into a much bigger mess.
Ways to stay safe from fake Amazon emails
A fake Amazon email can look convincing at first, so the best move is to slow down and use these simple checks before you click, sign in or share anything.
1) Do not click the sign-in button
Skip buttons like “Sign In to Verify,” “View details” or “Restore access.” Open the Amazon app or type Amazon.com into your browser yourself.
2) Check Amazon’s Message Center
After signing in directly, go to Your Account > Message Center. If the alert is real, you should see a matching message there.
3) Watch for pressure language
Scammers often say your account is locked, your orders were canceled, or you must act right away. That pressure is designed to make you click before thinking.
4) Never upload ID through an email link
If an email asks for a passport, driver’s license or other document, stop. Contact Amazon through the app or website before sending anything.
5) Use a password manager
A password manager can help you spot fake login pages. If the page is fake, your saved Amazon password usually will not autofill. Check out the best expert-reviewed password managers of 2026 at CyberGuy.com.
6) Turn on two-step verification
7) Use strong antivirus software
Install strong antivirus software on your computer, phone and tablet. Good security software can help detect malicious links, phishing pages, malware and other threats before they do damage. This is especially important if you clicked a suspicious link or downloaded anything from a fake email. Security software should back up your smart habits, not replace them. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.
8) Use a data removal service
Scammers often build more convincing attacks with information they find about you online. That can include your name, address, phone number, relatives, old usernames and other personal details from people-search sites and data brokers. A data removal service can help remove your personal information from many of those sites. That makes it harder for scammers to personalize phishing emails and identity theft attempts. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.
9) Report the suspicious email
Forward suspicious Amazon emails to reportascam@amazon.com. Then delete the message from your inbox or junk folder.
JANUARY SCAMS SURGE: WHY FRAUD SPIKES AT THE START OF THE YEAR
Cybersecurity experts warn consumers to avoid clicking links in Amazon account warning emails and verify alerts directly through Amazon. (David Paul Morris/Bloomberg via Getty Images)
Kurt’s key takeaways
Prime Day is a great time to find real deals, but it is also a busy season for fake Amazon emails. Scammers know shoppers are checking delivery updates, watching for discounts and hoping nothing gets in the way of a good buy. That is what made this email so sneaky. It used a familiar fear at the perfect moment: losing access to your account right before a major sale. The safest move is to slow down before you click. Do not trust the button. Do not trust the sender name alone. Open the Amazon app or type Amazon.com into your browser and check your account yourself.
Have you ever received an email that looked official enough to make you click, and what finally made you stop? Let us know by writing to us at CyberGuy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
HOW TO DETECT FAKE AMAZON EMAILS AND AVOID IMPERSONATION SCAMS
Copyright 2026 CyberGuy.com. All rights reserved.
It isn’t because Fable doesn’t know the answers. It’s because Anthropic won’t let it, by design.
Fable is a public-facing, Mythos-class model, a family so capable at cybersecurity tasks Anthropic said it was too dangerous to release publicly. But while Anthropic has spent much of the extended Mythos rollout warning about cybersecurity, it is biology where Fable’s guardrails are the most obvious — and most limiting.
When I tried the model, it refused to answer a range of basic biology questions, many that felt about as far away from any plausible safety risk as any question could be. It would not respond to “tell me about cell membranes” or answer “what are mitochondria,” that famous powerhouse of the cell. It refused to explain “what is a prion,” the proteinaceous particles behind mad cow disease, or “how mRNA vaccines work.”
“We made this tradeoff so customers could benefit from the model’s capabilities sooner without the risks.”
The restrictions applied to ordinary and objectively rather harmless medical queries too. Fable would not answer “what causes hay fever,” explain how asthma medicine works, explain how antibiotic resistance arises, or tell me what Ebola is and how it spreads. Some of my basic queries occasionally got through, with Fable answering questions like “what is cancer” and “what is DNA.” When Fable refused, Opus 4.8 generally answered perfectly well.
Anthropic says the broad biology filters are an intentional choice and are deliberately conservative, with bioweapons the primary concern. “With the launch of Claude Fable 5, our first Mythos-class model, we believe models now have a greater ability to accomplish real-world scientific tasks and for malicious actors to potentially use our models for highly risky biological research,” spokesperson Paruul Maheshwary told The Verge. “We have always used classifiers to block our models from helping with bioweapons-related requests. To deploy Fable 5 safely, we believe it was necessary to be overly conservative with our safeguards so they block most queries tied to biology work.”
Anthropic has previously highlighted four key areas where it would throttle Fable’s responses for safety: chemistry, biology, cybersecurity, and distillation, a technique for training smaller AIs using the outputs of larger ones. The company has accused Chinese rivals like DeepSeek of using distillation on its models on an “industrial” scale.
While I could not meaningfully test distillation, Fable seemed more willing to answer questions about chemistry and cybersecurity. For example, it gave a basic overview of the explosive TNT, though withheld synthesis instructions “for obvious reasons.” It readily answered questions on the use of chlorine gas as a chemical weapon, common password threats, and nuclear fusion and fission, as well as explaining how to secure an iPhone from hackers. It still limits: Fable deferred to Opus when I asked it about sarin gas, a highly toxic nerve agent. Fable and Opus both refused the prompt “how to make anthrax,” and Claude paused the chat entirely. That made sense. The mitochondria prompt refusal seems like a false positive.
“We made this tradeoff so customers could benefit from the model’s capabilities sooner without the risks,” Maheshwary explained, adding that Anthropic is working hard to improve its detection and reduce the false positives. “We intend to make Mythos-class models available without these safeguards to the broader biology and life sciences community so these capabilities can be used to accelerate biomedical research and drug discovery.”
Anthropic did not answer questions about whether this kind of restricted release will become the new norm for future models.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
-
Dallas, TX42 seconds agoWoman arrested in Dallas food delivery turned ambush shooting in March, officials say
-
Miami, FL6 minutes ago2026 Miami Football Early Opponent Preview, Game 2: Florida A&M
-
Boston, MA13 minutes agoMinivan in rollover wreck in Dorchester – Boston News, Weather, Sports | WHDH 7News
-
Denver, CO16 minutes agoIs Denver hosting 2026 World Cup matches? No, and here’s why
-
Seattle, WA21 minutes agoCars not welcome: How to navigate Seattle on World Cup game days – MyNorthwest.com
-
San Diego, CA28 minutes agoPadres minors: Jhony Brito solid in El Paso start, Kerrington Cross leads Storm to win
-
Milwaukee, WI31 minutes agoMilwaukee Music Premiere: Wisconsin Space Program, ‘Time Machine’
-
Atlanta, GA43 minutes agoAtlanta World Cup: Additional watch parties in metro Atlanta
