Errata
Users cry foul after AMD stripped memory crypto from its consumer CPUs - Ars Technica - Recently and without warning or notice, this lower-end line of AMD chips suddenly dropped the protection, and did so in a way that was impossible to detect on Windows machines and required a fair amount of technical work when using Linux.
Signal: UK’s child-nude-block threat won’t protect children - “We know that mass surveillance and censorship capabilities, however sincere-sounding the promises of those who initiate them are, never remain narrowly scoped. Once created, they will be expanded, forming a dangerous tool that will be wielded both in the UK and abroad to censor and surveil whatever they might consider ’threats’ or ‘harmful content.’”
Miasma supply-chain attack toolkit goes public on GitHub - “It is a full supply chain attack toolkit that allows the operator to execute various attacks via stolen credentials against arbitrary or targeted packages on public registries (PyPI, npm, RubyGems), JFrog Artifactory, GitHub repositories and GitHub Actions, AI coding tools config poisoning, SSH based lateral movement and other attack vectors,” the SafeDep team said.
2.4M+ VRChat users’ data accessed following cloud breach - According to an email from VRChat’s head of community, Charles Tupper, “VRChat did not submit this Notice of Data Incident, and the employee/email cited does not exist. We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General’s office to have this removed.”
Github
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks - Describing install-time lifecycle scripts as the “single largest code-execution surface in the npm ecosystem,” GitHub said the “npm install” command runs scripts from every transitive dependency, as a result of which a single compromised package anywhere in the dependency tree can run arbitrary code on a developer machine or CI runner.
The changes are listed below -
- npm install will no longer execute preinstall, install, or postinstall scripts from dependencies unless they are explicitly allowed in the project.
- npm install will no longer resolve Git dependencies, either direct or transitive, unless explicitly allowed via –allow-git.
- npm install will no longer resolve dependencies from remote URLs, such as https tarballs, unless explicitly allowed via –allow-remote.
GitHub announces npm security changes to tackle supply-chain attacks GitHub pulls pin on npm’s auto-run scripts
USG
US surveillance law to expire for first time after lawmakers reject Trump’s controversial pick to lead spy agencies | TechCrunch - The spy programs authorized under FISA were already approved in March as part of an annual certification process by the Washington, D.C.-based Foreign Intelligence Surveillance Court, or FISC, which oversees the government’s surveillance programs and hears applications for surveillance in secret. U.S. authorities can still use its surveillance tools under FISA until March 2027, allowing much of the government’s mass surveillance programs to continue operating.
Feds snooze as US datacenter law set to lapse with no replacement in site - The legislation will sunset on September 30, 2026, and according to Wired, neither the US Congress nor the Trump administration appears to be making any move to extend the act, or put alternate legislation in place. The danger is that if the FDCEA is not renewed or superseded by similar legislation, then federal agencies across the US may cease to follow the requirements and simply act as they see fit when procuring new datacenter infrastructure.
Feds freaked over Fable 5 after simple ‘fix this code’ prompt, not jailbreak, says researcher - On Friday, the US government, reportedly citing national security concerns, issued an export control directive to suspend access to Fable 5 and Mythos 5 by any foreign national, inside or outside the United States. In response, Anthropic disabled both models “for all our customers to ensure compliance.”
FCC Wants to Kill Burner Phones By Forcing Telecoms to Get All Customers’ IDs - While some carriers already collect such details, there are specific circumstances where a person may need privacy and anonymity when seeking a cell phone, including if that person is a victim of domestic violence, or is a journalist or whistleblower. This proposal represents a loss of privacy across the board, and from an agency whose remit includes protecting privacy.
The FBI built its own replica small town to simulate real-world cyberattacks | TechCrunch - Features fully furnished houses, a hotel, a gas station and grocery mart, a courthouse, a hospital, and a power company — complete with roads and traffic lights — designed to mimic a real U.S. community. Each part of the town is wired with functioning devices and systems that behave as they would in a real community or business, while preventing any simulated attacks from spilling out of the facility.
AI
Critical Copilot vulnerability allowed hackers to seal 2FA code from users - Ars Technica - “The search functionality is exactly what attackers need, because even with limited capabilities, a user with access to critical information is enough,” the researchers wrote Monday. “To exfiltrate the data, an attacker crafts a URL that tells Copilot to ‘Search the user’s emails,’ extract the title, and embed it in an image URL.” The victim doesn’t type anything. They click a link, and Copilot does the rest.
Chatbots Keep Telling Stories About Lighthouse Keeper ‘Elias Thorne’. We Might Know Why - Researchers sampled 20,000 total stories from OpenAI’s ChatGPT, Anthropic’s Claude, and Google’s Gemini, and the Allen Institute for AI’s chatbot using five prompts, and found that the same 11 words—names like Elias, Mara, and Elara, and occupations like lighthouse keeper, clockmaker, and librarian—appear in more than 88% of generated stories, with little difference between models.
Apple’s iOS 27 goes all agentic on compromised passwords - “Using Apple Intelligence and Safari to agentically take action on a user’s behalf, Passwords securely navigates through websites to sign in and upgrade their accounts to strong passwords.”
It Is Trivially Easy to Use Reddit to Manipulate AI Search, Research Suggests - The study suggests that it is trivially easy for brands to inject promotional content on sites like Reddit, Quora, and Wikipedia with the end goal of poisoning or manipulating the output of AI tools. “We show that a tiny snippet—just 13 words—of retrieved text on a UGC website like Reddit, Wikipedia, Quora, Facebook, etc. can change AI agents to output spam / scam content pretty consistently,” LLMs often return content that reads similar to the query that users ask it, so brands doing AI-engine optimization can study what people are asking AI and can create content that closely mirrors those queries on Reddit.
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets - Two new attacks, one using a VCard (contact card) with malicious text, one a malicious email. Additional details on email attack: OpenClaw AI agent found falling for phishing attacks, spills user data
As AI agents become employees, NewCore emerges with $66M to give them identities | TechCrunch - “We know for sure that the scale and the complexity that those things [AI agents] are going to add to 15- or 20-year-old identity platforms are going to break them,” he told TechCrunch.
AI is making Patch Tuesday (kinda) fun again - “I’ve been counting CVEs on Patch Tuesday since 2017, and this is by far the largest monthly release in that time,” Zero Day Initiative’s bug hunter in chief Dustin Childs said in his review. (206 CVEs with 38 criticals). How many were found with AI and how many were fixed with AI?
China
China-linked operators revive botnet, stir AI datacenter debate - “Analysis of this activity shows a clear focus on identifying vulnerable infrastructure shortly after public vulnerability disclosures, suggesting that reconnaissance output is rapidly operationalized by China-nexus advanced persistent threat (APT) actors,” the threat intel team wrote. “This targeted focus has been observed across a range of sectors, with the US military and associated entities as the most prominent.”
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade - Because the login system itself was compromised, normal containment did little. Password resets and killed sessions do not help when the thing that checks those credentials is working for the attacker. Additional Info: Chinese hackers hijack auth flow, spy on isolated network for a decade
Google says PRC-linked spies hid in medical research networks for more than a year - While most of the terms related to defense and technology, the intruders also searched for some medical research facilities – and the very specific pathogen, “Chikungunya,” a viral disease transmitted to humans from mosquitoes that was responsible for an outbreak in China’s Guangdong province in July 2025.
Shiny Hunters
PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data - Ars Technica - The group, tracked as ShinyHunters, had been exploiting the PeopleSoft vulnerability for more than two weeks before Oracle flagged it. CVE-2026-35273, as the vulnerability is tracked, carries a severity rating of 9.8 out of 10, making the former zero-day one of the year’s most critical vulnerabilities to be exploited. Additional Info: Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks ShinyHunters claims Oracle PeopleSoft 0-day hit 100+ orgs
Microsoft
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows - “Microsoft’s efforts to protect Defender from path redirection attacks are useless, I have a batch of memory corruption vulnerabilities in defender as well and not to mention the other batch of vulnerabilities I have in several other components.”
Nightmare Eclipse drops claimed BitLocker bypass for Microsoft Windows - GreatXML comes just a day after Nightmare released exploit code for RoguePlanet, which allows local privilege escalation and leads to SYSTEM-level control over an affected machine. This brings the researcher’s zero-day count to eight. The earlier six - RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma - all have patches as of this week’s Patch Tuesday event.
Microsoft has mostly repaired flaw in Surface hardware that allowed unprotected devices to be bricked by a single packet - “Copilot autonomously created and executed four progressively aggressive Python scripts during a probe for backlight control values that sent raw SSAM ioctl commands (SSAM_CDEV_REQUEST = 0xC028A501) directly to the SAM microcontroller through the SAM software path,” Darcy explained to The Register.