AUR Malware Hits 408 Packages with eBPF Rootkit—Act Now
On June 11, 408 AUR packages were backdoored with an eBPF rootkit that steals SSH keys, GitHub tokens, and dev credentials. Check your ...
Solana FakeFix: 25 Malicious npm and PyPI Packages Steal Wallet Keys
25 malicious npm and PyPI packages target Solana developers in the FakeFix campaign — stealing ...
Surface RTX Spark Dev Box: Run 120B Models Locally
Microsoft’s Surface RTX Spark Dev Box runs 120B models locally with 128 GB unified memory ...
AI Agent Racked Up $6,531 in AWS Charges Overnight
An AI agent with uncapped AWS access cost its operator $6,531 scanning a hobbyist network. ...
HTTP/2 Bomb CVE-2026-49160: Patch Your Servers Now
OpenAI Codex discovered the HTTP/2 Bomb — CVE-2026-49160 and CVE-2026-49975 hit nginx, Apache, IIS, and ...
runC Container Escape: Patch CVE-2025-52565 and CVE-2025-52881 Now
Three critical runC vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) enable container escape to host root. Every Docker and Kubernetes user must patch now.
Pokémon Go’s 30B Scans Now Power Military Drones
Pokémon Go players' 30 billion scans quietly trained military drone navigation AI. The sublicensable ToS ...
Miasma Worm Hit 73 Microsoft GitHub Repos — What AI Developers Must Do Now
On June 5, a single malicious commit hit one of Microsoft’s GitHub repositories. Within 105 ...
Azure Cobalt 200 VMs: 50% Faster Agentic Workloads Now
Azure Cobalt 200 VMs hit early access at Build 2026 with 50% better CPU performance ...
GitHub Copilot CLI /security-review: Catch Vulnerabilities Before You Commit
GitHub Copilot CLI's new /security-review scans your diff for OWASP Top 10 vulnerabilities before you ...