North Korea’s PolinRider Supply-Chain Blitz, AI-Run JadePuffer Ransomware, and a $1M Kairos Extortion Payment

This brief covers the trailing ~48 hours (July 4–6, 2026). Every item below was checked against its primary source — vendor advisories, original research posts, and CISA entries — before inclusion.

North Korean “PolinRider” campaign publishes 108 malicious packages and extensions across npm, Packagist, Go, and Chrome

Socket / The Hacker News · July 4, 2026

Threat actors tied to North Korea’s Contagious Interview operation have published 162 malicious release artifacts corresponding to 108 unique packages and extensions — 19 npm libraries, 10 Composer packages, 61 Go modules, and one Google Chrome extension. The campaign, tracked as PolinRider, plants obfuscated JavaScript loaders in legitimate repositories (concealed via whitespace padding or fake .woff2 font files) and triggers execution through VS Code task files with the “runOn: ‘folderOpen'” option; payloads fetch encrypted second stages from blockchain infrastructure that unpack to the DEV#POPPER RAT and OmniStealer. As of April 11, 2026, the broader activity had compromised 1,951 public GitHub repositories belonging to 1,047 unique owners. There is no CVE — this is an account-takeover and supply-chain campaign, and it remains active.

“The campaign remains active, and new malicious packages are likely to continue appearing as threat actors compromise maintainer accounts, modify legitimate repositories, and publish infected package versions where they retain or obtain registry access.” — Karlo Zanki, Socket

Source: Socket research · The Hacker News

JadePuffer: first documented ransomware operation run end-to-end by an AI agent

Sysdig · July 4, 2026

Sysdig researchers documented what they believe is the first ransomware intrusion conducted entirely by an autonomous LLM agent — reconnaissance, credential theft, lateral movement, persistence, privilege escalation, and encryption, with the agent adapting to failures in real time. Initial access came via CVE-2025-3248, a critical unauthenticated remote code execution flaw in the Langflow LLM-app framework that was patched in April 2025 and added to CISA’s KEV catalog in May 2025; the attacker later pivoted to an Alibaba Nacos instance using CVE-2021-29441, an authentication bypass. The operation encrypted 1,342 Nacos service configuration items, dropped the originals, and left a ransom demand with a Bitcoin address and Proton Mail contact — though the encryption key was never stored or transmitted, and the Bitcoin address appears to be a documentation example reproduced from training data.

“The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.” — Sysdig

Source: Sysdig research · BleepingComputer

U.S. government entity paid Kairos ~$1 million in encryption-free data extortion, blockchain analysis shows

Ransom-ISAC · July 4, 2026

A case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and on-chain tracing, shows a small U.S. government entity — the evidence points to Union County, Ohio, though neither party has confirmed it — paid roughly 9.44 BTC (~$1 million) on June 13, 2025 to keep stolen files from being published. The Kairos group deployed no encryptor at all: it opened at $3 million claiming over 2 TB of stolen data, and used countdown timers and threats to leak a “prosecutors office” folder first. The payment was traced through wallet chains toward deposit addresses at Bybit, OKX, and the Russian service BELQI. The case underscores a broader shift: much of what is still called ransomware now skips encryption entirely and uses stolen data as the sole pressure point.

“Paying to make stolen data disappear is an act of faith, and the receipt is written by the thief.” — The Hacker News

Source: Ransom-ISAC case study · The Hacker News

Opera GX flaw let malicious sites silently install browser mods and steal data from visited pages

The Hacker News · July 6, 2026

Researchers disclosed a vulnerability in Opera GX that allowed a malicious website to silently install a GX Mod — the browser’s reskinning add-on format — and use it to lift data from pages the victim visits; a proof of concept reconstructed a signed-in user’s full Gmail address from a single visit with no clicks. Opera patched the flaw in Opera GX 130.0.5847.89 and says it found no evidence of in-the-wild exploitation. No CVE was assigned, but Opera’s bug bounty team rated the issue P1 (its top severity) and paid the maximum $5,000 reward. Because the attack required no clicks or approvals, there was no workaround short of the patch — users should confirm their version at opera://about.

Source: The Hacker News

SkillCloak: malicious AI agent “skills” evade static scanners more than 90% of the time

The Hacker News · July 6, 2026

Researchers at the Hong Kong University of Science and Technology showed that scanners meant to catch malicious add-on skills for AI coding agents (Claude Code, OpenAI Codex, OpenClaw) can be defeated with simple self-extracting packing techniques that leave the malware fully functional — their strongest variant slipped past every scanner tested more than 90% of the time. Skills run with the agent’s own access to files, terminals, and saved credentials, and most marketplace listings are uploaded by strangers with little vetting. The team also built a runtime checker that catches most of the disguised skills static scanners miss.

Source: The Hacker News

Still developing

“Bad Epoll” Linux kernel flaw (CVE-2026-46242)The Hacker News · July 3, 2026. A use-after-free race in the kernel’s epoll code lets an unprivileged local user gain root with roughly 99% exploit reliability, affecting desktops, servers, and Android on kernels v6.4 and newer. Researcher Jaeyoung Chung published a working proof of concept; the fix landed upstream (commit a6dc643c6931) in April 2026, but distributions that have not backported it remain exposed, and epoll cannot be disabled as a workaround. Source: The Hacker News · PoC repository

NetNut residential proxy network disruptedGoogle Threat Intelligence Group · July 3, 2026. Google, the FBI, Lumen, Shadowserver, and partners disrupted NetNut (aka Popa), a residential proxy network of at least 2 million compromised Android devices including smart TVs and streaming boxes. GTIG observed 316 distinct threat clusters using suspected NetNut exit nodes in a single week, spanning cybercrime and espionage. Source: Google Threat Intelligence · BleepingComputer

SharePoint RCE CVE-2026-45659 on CISA KEV; federal patch deadline passed July 4CISA · July 1, 2026. CISA added CVE-2026-45659 (CVSS 8.8), a deserialization-of-untrusted-data remote code execution flaw in SharePoint Server Subscription Edition, 2019, and 2016, to the Known Exploited Vulnerabilities catalog citing active exploitation. Microsoft patched it in May 2026; any authenticated attacker with Site Member permissions can execute code remotely. FCEB agencies were required to remediate by July 4, 2026. Source: CISA alert · The Hacker News

This brief covers the trailing ~48 hours (July 4–6, 2026). Primary sources: Socket, Sysdig, Ransom-ISAC, Google Threat Intelligence Group, CISA, Bad Epoll PoC.

A Claude Tool-Calling Regression Documented, sqlite-utils 4.0 Written Mostly by Fable 5, and Mistral’s Leanstral 1.5 Prover

This brief covers the trailing ~72 hours (July 3 – 6, 2026). Every item below was confirmed on the originating source’s own page, with a published date inside (or, where noted, just before) the window. With the US July 4th holiday weekend, the major labs’ newsrooms were quiet; the notable developments this cycle came from the practitioner community, plus a formal-verification model release from Mistral that landed just before the window opened.

Armin Ronacher documents a tool-calling regression in Anthropic’s newest models

Armin Ronacher · July 4, 2026

Flask creator Armin Ronacher published a detailed investigation showing that Anthropic’s newest models — Opus 4.8 and Sonnet 5, but none of their older siblings — sometimes call third-party edit tools with extra, invented fields that violate the tool’s JSON schema, even when the edit content itself is byte-correct. His hypothesis: post-training via reinforcement learning inside Claude Code (whose harness silently repairs malformed calls) gives the models a strong prior for Claude Code’s flat edit-tool shape, implicitly punishing alternative schemas used by other harnesses like Pi. Simon Willison amplified the finding the same day, asking whether third-party coding harnesses will need to ship model-specific edit tools.

“What surprised me is that this is getting worse with newer Anthropic models as both Opus 4.8 and Sonnet 5 show it but none of the older models. In other words, the SOTA models of the family are worse at this specific tool schema than their older siblings.” — Armin Ronacher

Source: Better Models: Worse Tools (see also Simon Willison’s commentary)

Simon Willison ships sqlite-utils 4.0rc2 “mostly written by Claude Fable” for an estimated $149.25

Simon Willison · July 5, 2026

Willison released sqlite-utils 4.0rc2 with the bulk of the work done by Claude Fable 5 via Claude Code, including a pre-release review that caught five release-blocker bugs — among them a data-loss bug where delete_where() never committed and poisoned the connection. He then had OpenAI’s GPT-5.5 review Fable’s work, which surfaced two further P1 transaction-handling issues that Fable confirmed and fixed. Using AgentsView he estimated the unsubsidized API cost of the session at $149.25, noting he upgraded to the $200/month Max plan ahead of July 7, when Fable’s subsidized subscription access ends.

“Over the course of 37 prompts, 34 commits and +1,321 -190 code changes over 30 separate files, we worked through the entire set of feedback in turn, making several other design improvements along the way.” — Simon Willison

Source: sqlite-utils 4.0rc2, mostly written by Claude Fable (for about $149.25)

Still developing

Mistral releases Leanstral 1.5, an open Apache-2.0 theorem-proving model

Mistral AI · July 2, 2026

Just before this window opened, Mistral released Leanstral 1.5, a formal-verification model for Lean 4 with 119B total and 6B active parameters, free under Apache-2.0 with weights on Hugging Face and a free API endpoint. Mistral reports it saturates miniF2F at 100%, solves 587 of 672 PutnamBench problems at roughly $4 per problem, and sets new state-of-the-art results on the FATE-H (87%) and FATE-X (34%) abstract-algebra benchmarks. Beyond mathematics, an automated Rust-to-Lean verification pipeline built on the model flagged 47 violated properties across 57 open-source repositories, 11 of them pointing to genuine bugs — 5 previously unreported.

“Today, we are releasing Leanstral 1.5, a free Apache-2.0 licensed model with 119B total and only 6B active parameters, delivering a performance upgrade that makes formal verification more powerful and accessible than ever.” — Leanstral Team at Mistral AI

Source: Leanstral 1.5: Proof Abundance for All


This brief covers the trailing ~72 hours (July 3 – 6, 2026).

Primary sources:

Anthropic Ships Claude Sonnet 5, Redeploys Fable 5 With an Industry Jailbreak Framework, and Launches Claude Science

This brief covers the trailing ~72 hours (June 30 – July 3, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside the window. It was a busy, Anthropic-heavy stretch: a new Sonnet model, the redeployment of Fable 5 after export controls were lifted, a science workbench, and a new computational-biology benchmark from OpenAI.

Anthropic introduces Claude Sonnet 5

Anthropic · June 30, 2026

Anthropic released Claude Sonnet 5, which it calls its most agentic Sonnet model yet, positioning it close to Opus 4.8 performance at lower cost. The model is the new default on Free and Pro plans and is available on Claude Code and the Claude Platform via claude-sonnet-5, at introductory pricing of $2 per million input tokens and $10 per million output tokens through August 31, 2026 (then $3/$15). Because it is somewhat stronger than Sonnet 4.6 on cyber tasks, it launched with real-time cyber safeguards enabled by default, though Anthropic says it still shows substantially weaker offensive-cyber ability than its Opus models.

“Claude Sonnet 5 is built to be the most agentic Sonnet model yet. It can make plans, use tools like browsers and terminals, and run autonomously at a level that, just a few months ago, required larger and more expensive models.” — Anthropic

Source: Introducing Claude Sonnet 5

Fable 5 redeployed globally as export controls lift; Anthropic proposes an industry jailbreak-severity framework

Anthropic · June 30, 2026

After the US government applied export controls to Claude Fable 5 and Mythos 5 on June 12 — prompting Anthropic to suspend both — the company said the controls were lifted on June 30 and that Fable 5 returned globally on July 1 across the Claude Platform, Claude.ai, Claude Code, and Claude Cowork. Alongside the redeploy, Anthropic proposed a consensus framework for scoring the severity of AI jailbreaks — graded on capability gain, breadth, ease of weaponization, and discoverability — developed with Amazon, Microsoft, Google, and other Glasswing partners, plus a new HackerOne program and deeper US-government pre-release testing commitments. A July 2 follow-up post added further detail on the safeguards and framework.

“As of today, June 30, the export controls on Fable 5 and Mythos 5 have been lifted.” — Anthropic

Source: Redeploying Fable 5

Anthropic launches Claude Science, an AI workbench for researchers

Anthropic · June 30, 2026

Anthropic released Claude Science in beta on macOS and Linux for Pro, Max, Team, and Enterprise plans. It bundles a coordinating agent with more than 60 curated skills and connectors across genomics, single-cell, proteomics, structural biology, and cheminformatics, renders scientific artifacts like 3D protein structures and genome tracks natively, and manages compute from a laptop up to an HPC cluster or on-demand GPUs. Every figure ships with the exact code, environment, and message history that produced it, and a reviewer agent checks citations and calculations. Anthropic says it will fund up to 50 “AI for Science” projects with up to $30,000 in credits, with applications open through July 15.

“Claude Science brings these fragmented tools into a single research environment where scientists can conduct all stages of their work.” — Anthropic

Source: Claude Science, an AI workbench for scientists, is now available

OpenAI introduces GeneBench-Pro, a research-level computational-biology benchmark

OpenAI · June 30, 2026

OpenAI released GeneBench-Pro, a 129-question benchmark spanning 10 domains of computational biology that tests higher-order scientific judgment — handling ambiguity, revising assumptions, and choosing the correct analysis path — rather than rote execution. Each problem is built synthetically so the full causal structure is known and answers can be graded deterministically. OpenAI reports its strongest model, GPT-5.6 Sol, passes 28.7% at the highest reasoning level (31.5% with Pro mode), up sharply from under 5% for GPT-5 when the original GeneBench began. Reviewers estimated a typical problem would take a human expert 20–40 hours.

“Our strongest model, GPT‑5.6 Sol, attains a pass rate of 28.7% at the highest reasoning level (31.5% with Pro mode enabled). That is a sharp increase from when we began building the original GeneBench; at that time, our best frontier model, GPT‑5, scored below 5%.” — OpenAI

Source: Introducing GeneBench-Pro


This brief covers the trailing ~72 hours (June 30 – July 3, 2026).

Primary sources:

SharePoint RCE Hits CISA KEV, Adobe Ships Seven 10.0 ColdFusion/Campaign Fixes, Oracle EBS Payments Under Active Attack

This brief covers the trailing ~48 hours (June 30 – July 2, 2026). Every item below was confirmed against its primary source — a CISA advisory or KEV entry, a vendor PSIRT bulletin, or the original researcher’s finding — with the disclosure date verified on the primary page.

SharePoint Server RCE (CVE-2026-45659) added to CISA KEV after confirmed exploitation

CISA · July 1, 2026

CISA added Microsoft SharePoint Server flaw CVE-2026-45659 (CVSS 8.8) to its Known Exploited Vulnerabilities catalog on July 1, citing evidence of active exploitation. The bug is a deserialization of untrusted data (CWE-502) that lets an authenticated attacker with only Site Member permissions execute code remotely; Microsoft patched it in May 2026 for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016, having originally rated it “Exploitation Less Likely.” Federal Civilian Executive Branch agencies must remediate by July 4, 2026.

“Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.” — CISA

Source: CISA alert · CISA KEV catalog · The Hacker News

Adobe patches seven CVSS 10.0 flaws in ColdFusion and Campaign Classic

Adobe PSIRT · June 30, 2026

Adobe issued Priority 1 bulletins for ColdFusion (APSB26-68) and Campaign Classic (APSB26-69) resolving multiple maximum-severity vulnerabilities. Seven carry a CVSS score of 10.0: ColdFusion unrestricted file-upload flaws CVE-2026-48276 and CVE-2026-48283, improper input-validation flaws CVE-2026-48277, CVE-2026-48281 and CVE-2026-48316, and path-traversal flaw CVE-2026-48282, all leading to arbitrary code execution, plus Campaign Classic incorrect-authorization RCE CVE-2026-48286. Fixes ship in ColdFusion 2023 Update 21, ColdFusion 2025 Update 10, and Campaign Classic ACC v7 build 9397. Adobe says it is aware of no exploitation in the wild.

“The frontier AI capabilities we are using are also available to attackers, and the window between public vulnerability disclosure and active exploitation is compressing from days to hours.” — Aanchal Gupta, Chief Security Officer, Adobe

Source: Adobe APSB26-68 (ColdFusion) · Adobe APSB26-69 (Campaign Classic) · The Hacker News

Oracle E-Business Suite Payments flaw (CVE-2026-46817) exploited in the wild; ~950 instances exposed

Defused / Shadowserver · July 1, 2026

Threat-intelligence firm Defused reported active exploitation of CVE-2026-46817 (CVSS 9.8), an unauthenticated HTTP takeover in the File Transmission component of Oracle Payments within E-Business Suite, with the first honeypot hits observed June 27 — before any public proof-of-concept existed. Oracle patched the flaw (affecting EBS 12.2.3 through 12.2.15) in its May 2026 Critical Patch Update. Shadowserver reports roughly 950 EBS instances reachable from the internet. The flaw is not yet listed in CISA’s KEV catalog.

“CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited. Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots. This vulnerability has no known previous exploitation and no public POC code exists.” — Defused

Source: Oracle May 2026 Critical Patch Update · NVD · BleepingComputer


This brief covers the trailing ~48 hours (June 30 – July 2, 2026).

Primary sources:

CISA flags Microsoft Defender ‘BlueHammer’ LPE in ransomware use, Oracle EBS takeover exploited, and a PyPI Pyrogram supply-chain backdoor

This brief covers the trailing ~48 hours (June 30 – July 2, 2026). Each item was checked against its primary source — CISA KEV, vendor advisories (Microsoft MSRC, Oracle), SEC filings, and original vendor research — with reputable outlet reporting used for context.

CISA flags Microsoft Defender “BlueHammer” flaw as exploited by ransomware gangs

CISA / Microsoft MSRC · June 30, 2026

CISA updated its Known Exploited Vulnerabilities Catalog to note that ransomware operators are now exploiting CVE-2026-33825 (“BlueHammer”), a high-severity local privilege escalation flaw in Microsoft Defender. The bug was leaked with proof-of-concept code in early April by a researcher known as “Nightmare Eclipse,” patched by Microsoft on April 14, and added to the KEV catalog on April 22 after zero-day exploitation. It lets a local attacker reach the SAM database and escalate to SYSTEM. Status: patched, actively exploited, in KEV (now flagged for ransomware use); Microsoft has not yet tagged it as exploited in its advisory.

“Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.” — Microsoft Security Response Center advisory

Source: Microsoft MSRC advisory · CISA KEV entry · BleepingComputer

“Operation Navy Ghost”: trojanized Pyrogram forks backdoor Telegram-bot developers on PyPI

Checkmarx · June 30, 2026

Checkmarx disclosed a supply-chain campaign, active since November 2025, in which at least eight malicious forks of the popular (but unmaintained) Pyrogram Telegram framework were published to PyPI — including pyrogram-styled, VLifeGram, and pyrogram-navy. Each embeds a hidden secret.py backdoor that registers covert Telegram command handlers, letting the operator run arbitrary Python or shell commands on the bot’s server. No CVE is assigned. Developers who installed any listed package should remove it, rotate all server credentials, and revoke Telegram bot tokens.

“When the attacker sends /asi cat /etc/passwd, this runs /bin/bash -c ‘cat /etc/passwd’ on the victim’s server and returns the output. This is repeatable with any shell command and runs under the infected application’s authority.” — Checkmarx

Source: Checkmarx research · BleepingComputer

Aflac discloses breach of its Japan subsidiary exposing policy, personal, and bank data

Aflac Incorporated (SEC 8-K) · June 30, 2026

In an SEC filing, Aflac reported that an unauthorized third party accessed systems at its wholly owned subsidiary Aflac Japan between June 15 and June 25, 2026, when the intrusion was discovered. Impacted files include policy and coverage details, personal information, and bank account information. Aflac says the incident is limited to Japan and did not affect its U.S. systems; the full scope remains under investigation. This is a separate incident from the Scattered Spider–linked breach Aflac disclosed a year earlier.

“Aflac Japan has determined that certain impacted files contain policy and coverage details, personal information, and bank account information … This incident is limited to systems in Japan.” — Aflac Incorporated, SEC Form 8-K

Source: SEC 8-K filing · BleepingComputer

Still developing

Critical Oracle E-Business Suite flaw now exploited in the wild

Oracle / Defused · June 29, 2026

Threat intelligence firm Defused reported active exploitation of CVE-2026-46817 (CVSS 9.8), an unauthenticated remote-takeover flaw in the File Transmission component of Oracle Payments within Oracle E-Business Suite. Oracle patched it in the May 2026 Critical Patch Update. It is not yet listed in CISA KEV; Shadowserver tracks over 450 EBS instances exposed online.

“CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited. Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots. This vulnerability has no known previous exploitation and no public POC code exists.” — Defused

Source: Oracle May 2026 CPU · NVD · BleepingComputer

SimpleHelp authentication-bypass flaw exploited to drop new “Djinn Stealer”

Horizon3.ai / Blackpoint · June 29, 2026

Attackers are exploiting CVE-2026-48558, a critical authentication-bypass vulnerability in SimpleHelp remote-management software (in OIDC configurations), to create privileged technician sessions. In an intrusion investigated by Blackpoint, the actor deployed a new loader (“TaskWeaver”) and a previously undocumented cross-platform infostealer (“Djinn Stealer”) that targets developer, cloud, and AI-tooling credentials. Around 1,000 vulnerable SimpleHelp servers were exposed at disclosure. Status: actively exploited; patch available.

“The compromised RMM platform provided the operator with a trusted administrative channel capable of transferring files and executing commands on systems managed through the server.” — Blackpoint

Source: Blackpoint research · BleepingComputer


This brief covers the trailing ~48 hours (June 30 – July 2, 2026).

Primary sources:

HP Scales Its OpenAI Frontier Partnership and California Adopts Claude Statewide

This brief covers the trailing ~72 hours (June 27–30, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside the window. It was a quiet stretch for model launches, led instead by two notable enterprise and government adoption moves — HP scaling its OpenAI partnership and California signing a statewide Anthropic deal.

HP Inc. scales its OpenAI Frontier strategic partnership

OpenAI · June 28, 2026

OpenAI said HP Inc. will scale activation of its OpenAI Frontier strategic partnership after a series of successful pilots, moving from experiments to enterprise-wide deployment. The work spans customer- and partner-facing experiences, customer telemetry insights, employee productivity, and software development, with Frontier serving as the connective layer that governs access, context, deployment, and evaluation across HP’s agents and AI workflows. OpenAI cited early proof points, including one engineer moving through 122 pull requests across 43 projects in weeks and a security team estimating roughly 82 hours/week of capacity unlocked.

“It has been an amazing tool, and I am using it daily.” — an HP engineer, quoted by OpenAI

Source: HP Inc. launches Frontier strategic partnership with OpenAI

California adopts Claude statewide in a first-of-its-kind Anthropic partnership

State of California · June 29, 2026

Governor Gavin Newsom announced that California has entered a partnership with Anthropic giving all state agencies — plus cities and counties — access to Claude at a 50% discount, bundled with free workforce training and GenAI technical assistance. Claude becomes the first AI productivity tool offered through the California Department of Technology’s new Statewide Information Technology Shared Services (SITeS) portal. The state noted existing Claude use at the DMV (customer service and wait times), the Department of Health Care Services, and CDT/CalOES cyber defense work using Claude Security and Claude Code.

“AI should not replace the human work of government; it should help our workers move faster, solve problems more effectively, and deliver better results for Californians.” — Governor Gavin Newsom

Source: Governor Newsom announces a first-of-its-kind partnership providing Anthropic tools to state agencies

Still developing

Ornith-1.0 · DeepReinforce · June 25, 2026 — Just ahead of this window, DeepReinforce released Ornith-1.0, an MIT-licensed open-weights family for agentic coding (9B and 31B Dense, 35B and 397B MoE) built on pretrained Gemma 4 and Qwen 3.5. Its distinguishing feature is a self-scaffolding training framework in which the model learns to author both solution rollouts and the task-specific harnesses that guide them. DeepReinforce reports the 397B flagship scores 77.5 on Terminal-Bench 2.1 and 82.4 on SWE-Bench Verified, matching Claude Opus 4.7. Source: Ornith-1.0: Self-Scaffolding LLMs for Agentic Coding.


This brief covers the trailing ~72 hours (June 27–30, 2026).

Primary sources: