Zero Tweet

The EU's new tech sovereignty package devotes significant attention to Open Source, addressing procurement barriers and committing to make the public sector an anchor consumer for Open Source solutions. The Open Source Initiative praised the package for incorporating their feedback, including funding through the European Competitiveness Fund, new business accelerators, and the creation of an Open Source Maintenance Instrument for critical software.

A former IBM cybersecurity executive filed a lawsuit accusing the company of covering up multiple data breaches by Chinese state-sponsored hackers between 2013 and 2016, including one incident where IBM's network was allegedly breached over 56,000 times. The whistleblower claims IBM never disclosed these breaches to government authorities or the public, despite being a major cybersecurity vendor to the U.S. federal government.

NASA briefly ordered five astronauts aboard the ISS to shelter in a docked SpaceX Crew Dragon spacecraft while Russian cosmonauts attempted to repair a leaking service module. The precautionary measure lasted about an hour before Roscosmos paused repairs to gather more data, allowing astronauts to resume normal operations. The incident highlights ongoing concerns with the aging Russian service module as NASA pushes to replace the ISS with commercial modules later this decade.

CISA has added a high-severity SolarWinds Serv-U denial-of-service vulnerability (CVE-2026-28318) to its Known Exploited Vulnerabilities catalog due to active exploitation. The flaw allows unauthenticated attackers to crash the service using specially crafted POST requests and has been patched in version 15.5.4 HF1, with federal agencies required to remediate by June 19, 2026.

An autonomous AI agent discovered 21 zero-day vulnerabilities in FFmpeg, including some latent bugs dating back 15-20 years, for a cost of about $1,000. In the same week, Google Chrome 149 patched a record 429 security bugs, with Google adjusting its bounty program to handle the flood of AI-generated vulnerability reports. The trend highlights how AI is accelerating vulnerability discovery faster than the human triage and patching infrastructure can keep up.

Cisco warns that a high-severity flaw in Catalyst SD-WAN Manager is being actively exploited with no current patch available. Attackers with netadmin privileges can use the vulnerability to execute root commands, often chaining it with previously exploited authentication bypass flaws. Users are urged to apply fixes for related vulnerabilities and check logs for specific indicators of compromise.

A new Android spyware called Asin has been targeting Arabic-speaking users since early 2025 through fake apps disguised as government news sources, PDF editors, and war map utilities. ESET researchers believe journalists and OSINT researchers in Arabic-speaking regions are the primary targets, though the campaign remains unattributed. The malware spreads via dedicated websites and social media accounts offering apps that combine legitimate functionality with covert spyware capabilities.

A newly discovered China-linked threat cluster dubbed OP-512 has been targeting Microsoft IIS servers with a sophisticated custom web shell framework designed for espionage operations. The framework employs advanced evasion techniques including timestamp manipulation and cryptographic access controls, making it more difficult to detect than commodity malware used by other threat groups. This marks the fourth China-aligned threat group specifically targeting IIS servers in the past year, highlighting a concerning trend of these legacy systems being exploited as entry points for espionage activities.

The SOC-CMM 2026 Maturity Report reveals that only 10% of SOCs report excellent value from AI deployments, with 71% seeing limited or no value despite record adoption rates. The root cause is architectural—most SOCs deployed AI as isolated features within individual tools rather than as an integrated fabric connecting threat intel, detection, investigation, and remediation. The article argues that "second wave" AI solutions must operate across the full SOC lifecycle with shared context, institutional knowledge, and built-in governance to deliver the value most organizations aren't seeing from their current AI investments.

Hackers are actively exploiting a critical remote code execution vulnerability (CVE-2026-3300) in the Everest Forms Pro WordPress plugin, allowing unauthenticated attackers to take over sites by injecting malicious PHP code through form fields. A patch exists in version 1.9.13, but over 29,300 exploit attempts have been blocked since April 2026. Separately, security researchers uncovered skimmer campaigns abusing trusted services like Stripe and Google Tag Manager as command-and-control infrastructure to steal payment card data from e-commerce sites.

Security researchers warn that FIFA World Cup 2026 scams are already active, with over 4,300 fraudulent domains, phishing sites stealing login credentials, and banking malware hidden in pirate streaming apps. A Chinese-speaking group called GHOST STADIUM operates more than 300 cloned FIFA sites that mimic the real login page to hijack accounts and resell tickets, with estimated losses potentially reaching billions. Fans should only buy through fifa.com, avoid any seller asking for cryptocurrency, and never grant accessibility permissions to streaming apps.

Cisco has patched a critical vulnerability (CVE-2026-20230) in Unified Communications Manager that allows unauthenticated attackers to write arbitrary files and escalate to root privileges. Proof-of-concept exploit code is already public, though no active attacks have been reported yet. The flaw only affects systems with the WebDialer service enabled, which is disabled by default.

A security researcher discovered a critical flaw in Anthropic's Claude Code GitHub Action that allowed attackers to hijack repositories by opening a malicious GitHub issue, exploiting a bypass in the bot-verification check. The vulnerability enabled prompt injection attacks that could steal OIDC tokens and gain write access to repositories, including potentially poisoning the action itself for downstream users. Anthropic fixed the issue in claude-code-action v1.0.94, awarded a bug bounty, and users are urged to update and audit workflows that allow untrusted input.

This article argues that deploying agentic AI in defense networks requires robust security infrastructure to manage risks around data integrity, access controls, and cross-domain operations. The author emphasizes three critical considerations: securing training data inputs, governing who can access AI systems, and protecting outbound connections to databases and partners. The piece advocates for building security into AI deployments from the start rather than adding it afterward, positioning secure network infrastructure as essential for mission-critical AI operations.

Ladybird browser has stopped accepting public pull requests, citing that AI tools have made it too easy to generate substantial-looking contributions without the effort that previously indicated good faith. The project is concerned about "trojan horse" attacks where bad actors build trust over time, and will now only allow maintainers to submit changes, effectively ending all public contribution. Engagement level: Medium. Comments are mixed but lean skeptical—some understand the security rationale (citing the XZ Utils backdoor as an example), while others criticize the move as an overreaction that shuts out genuine contributors and question whether avoiding code review work is the right solution.

A security researcher found that the US military has been using an obscure GPS message field for nearly 20 years to broadcast encrypted key-distribution data, effectively turning GPS satellites into a global "numbers station." By analyzing over 12 million archived GNSS observations dating back to 2007, Steven Murdoch matched repeating patterns in Subframe 4, Page 17 to declassified documents about the military's Over-the-Air Rekeying system rollout in 2010-2011.

Bitcoin dropped below $60,000 with weekly losses nearing 20%, while Zcash plunged over 40% after a critical vulnerability was disclosed that could have allowed undetected counterfeit token creation. The bug was discovered with help from Anthropic's AI model, though the Zcash Foundation confirmed no exploitation occurred and supply remained intact.

The author launched a side project called "False 9" to explore Claude's capabilities while combining their passion for football statistics. What started as a quick few-day project to gather interesting stats quickly grew into something bigger, beginning with manual data syncing from a data provider.

The S&P 500 maintained its existing rules requiring profitability and market seasoning, rejecting a fast-track entry for SpaceX, OpenAI, and Anthropic. This decision shields passive index funds from being forced to buy into these mega-IPOs immediately, allowing time for proper financial scrutiny. The move contrasts with other indices like Nasdaq that have adjusted rules to accommodate these high-valuation companies.

S&P Dow Jones Indices rejected proposals to fast-track mega-cap IPOs like SpaceX, Anthropic, and OpenAI into the S&P 500, maintaining existing requirements for profitability and public float. The decision means these companies won't be eligible for rapid index inclusion, unlike Nasdaq and Russell indexes which created accelerated entry pathways. Critics had warned that fast-tracking would force passive investors into potentially overvalued stocks before proper price discovery.

This blog post reimagines the classic "They're Made Out of Meat" story to question if LLMs, made of neural network "weights," can be conscious. Engagement is High, with hundreds of comments debating AI sentience and philosophy. The sentiment is deeply divided, with users arguing whether the analogy is insightful or flawed.

Google released Gemma 4 12B, a compact multimodal model using an encoder-free architecture that processes raw inputs directly, enabling it to run on consumer hardware with 16GB RAM. The model reportedly matches GPT-4.1 in specific coding benchmarks, positioning it as a strong contender for local inference against competitors like Qwen.

A new macOS malware campaign called Operation FlutterBridge is spreading the FlutterShell backdoor through malicious Google and YouTube advertisements using a network of shell companies. The malware, built on the Flutter framework, uses a WebView-based architecture that allows attackers to dynamically modify its behavior in real-time, and has been signed with valid Apple Developer IDs to bypass security checks. Active since at least 2023, this campaign targets macOS users in the U.S., Canada, Australia, France, and Germany through trojanized applications.

Cybersecurity researchers uncovered a large-scale malware campaign using fake websites that mimic popular open-source tools like Ghidra and dnSpy, ranking high on Google to trap users searching for these utilities. These sophisticated sites use Traffic Distribution Systems (TDS) with anti-bot filtering to selectively deliver malware such as Remus Stealer and AnimateClipper, while showing benign downloads to analysts or repeat visitors. The operation, active since September 2025 and repurposed for malware distribution in January 2026, leverages legitimate-looking pages that preserve real GitHub links to pass visual checks before redirecting users through gated malware delivery chains.

CISA added a critical Magento extension flaw (CVE-2026-45247) to its Known Exploited Vulnerabilities catalog after active attacks were spotted targeting gaming and business sites. The deserialization vulnerability in Mirasvit Cache Warmer allows unauthenticated remote code execution via crafted cookies, with patches available in version 1.11.12. Federal agencies have until June 6, 2026 to apply fixes.

Fedora 43's Dovecot update exposed a flaw where older Outlook POP3 configurations ignored SSL/TLS settings, potentially leaving email traffic unencrypted for decades. Stricter defaults in the update broke these connections, revealing the security failure.

Security researchers discovered a malspam campaign exploiting Google's DoubleClick domain to evade detection while delivering DesckVB RAT malware. The attack uses legitimate DoubleClick URLs to bypass security tools, then dynamically personalizes phishing pages using victim email addresses to increase credibility. The final payload is a .NET-based trojan that disables Windows security features, establishes persistence, and gives attackers full control over infected systems.

The author has added a "Smart paste" feature to Burp Hackvertor that handles multiple encodings from the clipboard. Users can press CMD+SHIFT+V to automatically convert the data and wrap it with encoding tags.

Wearable startup Ultrahuman confirmed hackers accessed wellness data for about 700 customers after stealing an employee's credentials via malware. The breach involved an internal analytics tool but did not compromise passwords or payment information. The company detected the intrusion quickly, took the system offline, and notified regulators.

Microsoft's new Majorana 2 quantum chip reportedly achieves 1,000x better reliability with qubits lasting 20 seconds instead of milliseconds, and the company targets a commercially viable quantum machine by 2029. However, significant scaling challenges remain—the current chip has just 12 qubits while commercial applications would require millions. Engagement: Low (only 4 comments). Comment sentiment is predominantly skeptical, with multiple users expressing doubt about quantum computing timelines and commercial viability. One commenter offers to bet against quantum success on prediction markets.

This article examines the major cybersecurity breaches of the first half of 2026, including DOGE's alleged mishandling of Social Security data, Russian and Iranian attacks on critical infrastructure, and destructive hacks by groups like ShinyHunters. Key incidents include the FBI surveillance system breach by Chinese spies, supply chain attacks targeting open source projects, and massive exposures of identity documents from various services. The piece highlights how cyber threats have evolved beyond financial gain to become tools of hybrid warfare and geopolitical retaliation.

A one-click attack targeting GitHub's GitHub.dev web-based editor allows attackers to steal users' full GitHub OAuth tokens, giving them complete read/write access to all repositories including private ones. The vulnerability exploits VS Code's message-passing mechanism between webviews and the main editor window to install malicious extensions that can exfiltrate OAuth tokens. Microsoft has acknowledged the issue and is working on a fix, clarifying that VS Code Desktop is not affected.

This webinar announcement featuring HD Moore argues that organizations must shift from trying to patch everything to understanding their network topology from an attacker's perspective. The core message is that hidden assets, unintended network bridges, and invisible connections create attack paths that static inventories miss but attackers exploit. Moore demonstrates how to find these blind spots and prioritize fixing the paths that actually enable attackers to reach critical systems.

Researchers have disclosed an unpatched Windows Search URI vulnerability that allows attackers to steal NTLMv2 hashes through specially crafted "search:" links, similar to a recently patched Snipping Tool flaw. Microsoft declined to fix the issue, stating it doesn't meet their severity threshold, leaving organizations to rely on workarounds like blocking outbound SMB traffic and enforcing SMB signing.

Ukraine's rapid integration of AI and robotics has shifted its war stance from survival to potential victory, surprising analysts with advanced autonomous systems and high interception rates. The country has developed sophisticated drone networks and ground robots, marking a significant leap in defense capabilities. Engagement is low with only four comments, which are largely cynical and critical, labeling the report as war propaganda and questioning the role of defense contractors.

The author explains their decision to leave Gmail due to intrusive, non-dismissible AI features that disrupt writing and reading, interpreting them as disrespectful to the user's intelligence. They argue that Google is forcing AI interactions to boost metrics at the expense of user experience and are migrating to Fastmail with a custom domain. Engagement is high, featuring a lengthy discussion where users compare alternatives like Fastmail and ProtonMail, complain about Gmail's sluggishness and UI clutter, and share migration tips. The sentiment is overwhelmingly supportive, with commenters agreeing that the forced AI features are annoying and validating the "user-hostile" nature of recent updates.

A newly discovered HTTP/2 Bomb vulnerability enables remote denial-of-service attacks against major web servers including NGINX, Apache, IIS, Envoy, and Cloudflare by exploiting HPACK header compression to consume massive server memory. The attack chains a compression bomb with a Slowloris-style connection hold, allowing a single client to hold 32GB of server memory in about 20 seconds. Patches are available for NGINX and Apache, while Microsoft IIS, Envoy, and Cloudflare Pingora remain unpatched as of the report date.

Cybersecurity researchers uncovered three major malware campaigns: Weedhack, a Minecraft-focused malware-as-a-service targeting players via YouTube with free infostealing and premium remote access capabilities; CountLoader, a JavaScript loader compromising 86,000 machines through cracked software sites to deliver crypto clippers; and a years-long campaign distributing cryptocurrency miners through pirated streaming sites using fake video player plugin updates.

Carto is an open-source tool that provides structural intelligence for AI coding agents, solving systematic failures above 10k LOC by offering automatic domain mapping, blast radius analysis before changes, and cross-domain violation detection. It runs entirely locally with MIT licensing and has been tested on large codebases like VSCode, Prisma, and Zed. The creator positions this as a shift from generating code faster to helping AI understand systems better.