devtake.dev
AI Security Hardware Open Source Policy Apple
Topic

Security & supply chain

Modern breaches rarely come through the front door. They come through a CI runner’s tokens, a tag that got force-pushed overnight, a maintainer account with no 2FA, a protobuf schema that compiles into a Function() call. We track the attacks that hit package registries and build pipelines, the hardware-side exploits that keep escaping from conference slides into production, and the quiet, decade-long migration to post-quantum cryptography that most teams are still pretending isn’t a deadline.

70 articles in this topic

Anthropic's announcement artwork for the Fable 5 and Mythos 5 access suspension, a soft gradient panel with the Claude wordmark.
AI·

Days after opening Fable 5 to the public, a US government order forced Anthropic to pull it

A Commerce Department export directive forced Anthropic to disable Fable 5 and Mythos 5 for all users, days after opening Fable 5 to the public.

A Renault electric powertrain unit, the kind that uses a wound-rotor motor with no rare-earth magnets
Hardware·

Renault ditched rare-earth magnets in its EVs in 2012. China's export squeeze made that look smart

A Renault explainer on rare-earth-free EV motors hit Hacker News. Here's how electric cars run without the magnets China controls, and who's shipping them.

DepthFirst research card titled 'Twenty One Zero-Days in FFmpeg' over a dark code-styled background
Security·

An AI agent found 21 ways to attack FFmpeg, the codec library inside almost everything

DepthFirst's agent surfaced 21 FFmpeg zero-days for about $1,000. One 183-byte packet hits RCE. The deeper story is who pays the volunteers who fix them.

Cargo loader moving freight onto an aircraft, a stand-in for the software supply chain
Security·

Red Hat's npm namespace and Arch's AUR were both backdoored within two weeks of each other

A worm hijacked Red Hat's npm namespace, a rootkit spread through 1,500 Arch AUR packages, and a SOC 2-certified AI gateway shipped malware. Registries are under fire.

A hand holds a smartphone showing the Claude Mythos app logo against a dark backdrop with Anthropic's orange burst symbol.
Policy·

Anthropic is sending Mythos 5, the model it called too dangerous, to cyberdefenders and the US government

Mythos 5 is the same model as Fable 5 with cyber safeguards lifted, going to Project Glasswing defenders and, Anthropic says, ~150 orgs across 15+ countries.

Abstract cybersecurity illustration of a glowing padlock over a circuit board, representing data protection
AI·

OpenAI added a Lockdown Mode to ChatGPT to blunt prompt-injection attacks

OpenAI shipped Lockdown Mode in ChatGPT to cut off the data-exfiltration step of prompt-injection attacks. Here's what it actually restricts and who should turn it on.

Rows of server racks inside a data center, the kind of infrastructure that runs Starlette-based AI agent endpoints
Security·

One bad Host header bypassed auth in Starlette, the routing core under millions of AI agents

A flaw in Starlette, downloaded 325M times a week, let a single Host-header character bypass path-based auth across FastAPI, vLLM, and MCP servers.

Visual Studio Code logo on a dark background
Security·

VS Code's webview sandbox leaks GitHub tokens that read and write every private repo

A disclosed VS Code zero-day lets one click on a malicious github.dev notebook steal a GitHub OAuth token with full read-write access to every private repo.

The White House in Washington, D.C., where the executive order was signed
Policy·

Trump dropped the mandatory AI model review after Silicon Valley pushed back

Trump's June 2 AI executive order asks for a voluntary 30-day model review, down from a mandatory 90-day one. Here's what got cut and who pushed.

Android robot logo rendered in red, signaling a security alert
Android·

Google is patching an Android flaw that attackers are already exploiting in the wild

Google's June 2026 Android bulletin patches an actively exploited Framework privilege-escalation zero-day plus 123 other flaws. Here's who's at risk and what to do.

A consumer M.2 solid-state drive, the kind of storage the FROST attack times from a browser tab
Web·

A browser SSD timing trick can fingerprint your browsing, and cookies won't stop it

Graz researchers built FROST, a browser side-channel that times SSD activity to guess which sites and apps you're running. Here's how it works and what helps.

Minecraft promotional artwork accompanying coverage of the WeedHack malware campaign
Gaming·

116,000 Minecraft PCs got infected by fake mods. The 'WeedHack' stealer is free to anyone.

McAfee says a free malware-as-a-service stealer called WeedHack has hit 116,000+ Minecraft systems via fake mods and cheats. Here's what it grabs and how to clean up.

GitHub and Windows security composite with a warning overlay
Security·

GitHub banned the researcher dropping Windows zero-days. The code was already mirrored everywhere.

GitHub wiped Nightmare-Eclipse's account on May 23 after weeks of unpatched Windows exploits. The ban reopened the oldest fight in security: who decides what research gets hosted?

Mozilla *Privacy Not Included graphic illustrating a car as a privacy nightmare, with data flowing out of the vehicle.
Security·

Your car logs every hard brake, and the FTC just banned GM from selling it for five years

Connected cars collect location, driving behavior, in-cabin audio, and synced contacts, then route it to automaker clouds, brokers, and insurers. Here's how to stop it.

A 7-Eleven storefront, the retail chain whose franchisee document store was breached and leaked.
Security·

ShinyHunters dumped 9.4GB of 7-Eleven franchisee data after a rejected ransom demand

ShinyHunters breached a 7-Eleven Salesforce instance holding franchisee documents, exposing 185,000 people. The 9.4GB archive hit a leak site after 7-Eleven declined to pay.

Apple's security branding, illustrating the iPhone theft-protection layer the new anti-snatch feature would extend.
Apple·

Apple is testing an anti-snatch feature that locks the iPhone the second it's grabbed

Code seen by 9to5Mac points to an iPhone feature that auto-locks when the accelerometer detects a snatch, then clamps down like Stolen Device Protection.

The Microsoft corporate logo, the brand the scam emails are spoofing through Microsoft's own legitimate notification infrastructure.
Security·

Scammers turned a Microsoft notification address into a spam relay. The emails pass SPF, DKIM, and DMARC.

Spammers found a Tenant Name injection in Entra ID that pushes fraud text into Microsoft's own OTP emails. The from-line reads msonlineservicesteam@microsoftonline.com.

IBM Quantum System One inside its glass enclosure at IBM's TJ Watson Research Center
Policy·

Commerce will take equity in nine quantum companies. $2 billion is moving in exchange.

On May 21 NIST disclosed nine letters of intent worth $2.013B for IBM, GlobalFoundries, and seven quantum labs. Each comes with a minority federal stake.

Google Chrome logo on a dark background
Security·

Google's bug tracker auto-published exploit code for an unpatched Chromium flaw. The bug is still live.

Chromium Issue 1396278 went public on May 20 because Google's tracker auto-clears restrictions on stale closed bugs. The flaw, reported in 2022, was never fixed.

C# 15 union types announcement graphic from the Microsoft .NET Blog
Open Source·

C# is getting union types in version 15. The preview shipped in .NET 11 Preview 2.

Mads Torgersen's union proposal landed in .NET 11 Preview 2 on April 2. C# 15 targets November 2026 and replaces the OneOf library hack the .NET community has been living with.

Anthropic Project Glasswing announcement card with glasswing butterfly motif.
AI·

Anthropic's Glasswing logged 10,000 vulnerabilities in a month. Most are still waiting on a patch.

Anthropic says Project Glasswing's first month produced over 10,000 critical-and-high-severity vulns. Verification and patching is the limiting step.

Apple Security Research site banner card.
Security·

Apple shipped formal proofs for its post-quantum crypto. 2.5 billion devices now run verified code.

Apple's SEAR team published formal verification proofs for corecrypto's ML-KEM and ML-DSA implementations. 50,000 proof steps cover 2.5 billion active devices.

GitHub security blog header showing the GitHub Octocat logo on a backdrop of black security blocks.
Security·

GitHub's internal repos were breached. The attacker came in through a poisoned VS Code extension.

GitHub detected the intrusion on May 18 after a malicious VS Code extension compromised an employee's device. The attacker claims to have exfiltrated 3,800 internal repositories.

London City Hall and a Metropolitan Police officer, illustrating the Mayor's intervention in the Met procurement process.
Policy·

Sadiq Khan blocked a £50M Met Police deal with Palantir. Scotland Yard had only talked to one supplier.

London's mayor cited a 'clear and serious breach' of procurement rules and stopped the Metropolitan Police from awarding Palantir a £50M AI intelligence contract on May 21.

Microsoft's World Passkey Day 2026 promo art for passwordless authentication
Security·

Microsoft is killing SMS codes on consumer Microsoft accounts. Passkeys take over by December.

Microsoft is phasing out SMS sign-in and recovery on personal Microsoft accounts by December 2026. Replacements: passkeys, Authenticator, or verified email.

CISA logo and seal of the U.S. Cybersecurity and Infrastructure Security Agency
Security·

A CISA contractor left GovCloud admin keys on public GitHub. The file was named 'Important AWS Tokens.txt'.

GitGuardian found a public CISA repo with 844 MB of secrets, including AWS GovCloud admin keys. The repo sat open for six months.

An illustration of the Claude Code deeplink vulnerability, showing a malicious URL handler triggering a shell prompt.
Security·

A bad command-line parser turned every claude-cli:// link into a remote shell

Joernchen of 0day.click found a deeplink RCE in Claude Code. Anthropic shipped the fix in 2.1.118 the same week.

A technician at a server rack with a laptop, standing in for the SQL infrastructure Opexus ran for 45 federal agencies.
Security·

Twin contractors deleted 96 federal databases in 56 minutes. One asked an AI how to clear the logs.

A federal jury convicted Sohaib Akhter on May 7 of wiping 96 government databases at Opexus. His twin Muneeb queried an AI: 'how do I clear system logs from SQL servers.'

Stylized illustration of remote code execution attack flow
Security·

F5 patched an 18-year-old NGINX bug. Attackers can RCE a third of the web with one crafted request.

F5 disclosed CVE-2026-42945 on May 13 after depthfirst's analyzer found a heap overflow in a 2008 commit. NGINX 1.31.0 ships the patch, every Plus tier needs an upgrade.

Windows logo composite with security-warning overlay
Security·

A USB stick now opens a BitLocker drive in 60 seconds. The researcher calls it a backdoor.

A pseudonymous researcher dropped two unpatched Windows zero-days on May 12. YellowKey bypasses BitLocker via WinRE; Microsoft has not acknowledged either bug.

Glowing DNS server illustration above a darkened network rack
Security·

Six new bugs hit dnsmasq, the DNS daemon in every Linux router. One gives a local attacker root.

CERT VU#471747 lists six dnsmasq CVEs disclosed May 11. The DHCPv6 flaw is local-root code execution. Simon Kelley credits 'a revolution in AI-based security research.'

TanStack website header with logo
Security·

TanStack published its npm supply-chain postmortem. The attack chained three GitHub Actions flaws.

Attackers compromised 42 TanStack packages through a pull_request_target exploit, cache poisoning, and OIDC token theft. An external researcher caught it in 20 minutes.

Cyera Research disclosure illustration for the Bleeding Llama vulnerability in Ollama's model execution pipeline
Security·

A crafted Ollama model file leaks the whole server's memory. 300,000 instances are exposed.

Cyera disclosed CVE-2026-7482 on May 1, a CVSS 9.1 unauthenticated heap read in Ollama. Three API calls dump prompts, env vars, and API keys from any open instance.

Wiz Research's disclosure page for the Dirty Frag Linux kernel privilege escalation vulnerability
Security·

A nine-year-old Linux kernel bug gives root in one command. No patch exists yet.

Dirty Frag chains two page-cache flaws in the ESP and RxRPC subsystems into a deterministic privilege escalation that hits every major distro. A PoC exploit is public.

Illustration accompanying ChinaTalk's investigation into grey-market Claude API proxy networks
AI·

Chinese proxy networks sell Claude API access at 90% off. They harvest every prompt that passes through.

A ChinaTalk investigation reveals how 'transfer stations' resell Anthropic API access using stolen credentials, model substitution, and prompt harvesting.

Illustration representing DOGE and government technology
Policy·

A judge killed DOGE's grant purge. The 'review process' was asking ChatGPT 'Is this DEI?'

A federal judge restored $100M+ in grants after two DOGE staffers used ChatGPT to flag 97% of NEH grants as DEI, including an HVAC repair and Holocaust research.

Abstract visualization of data exposure through code
Security·

380,000 vibe-coded apps are sitting on the open web. 5,000 of them are leaking real data.

RedAccess found that AI coding tools like Lovable, Base44, and Replit default to public hosting, leaving medical records, bank internals, and corporate secrets indexed by Google.

Illustration of students affected by a cybersecurity breach
Security·

ShinyHunters hit Canvas LMS for the second time. 275 million student records, 9,000 schools.

ShinyHunters breached Canvas LMS again, claiming 275 million records from 9,000 schools. Names, emails, student IDs, and private messages exposed.

Abstract Kaspersky illustration of a tampered software disk for the DAEMON Tools supply chain attack writeup
Security·

DAEMON Tools shipped a signed backdoor for almost a month. Kaspersky says one school in Russia got the second stage.

Kaspersky pinned a supply-chain attack on the DAEMON Tools installer dating to April 8. Thousands hit globally, dozens upgraded to a QUIC RAT implant via signed binaries.

A padlock on a chain, illustrating credential security.
Security·

Microsoft Edge keeps every saved password in cleartext memory. Microsoft calls it 'by design'.

A researcher showed Edge decrypts the entire password vault at launch and leaves it in process memory. Chrome decrypts on demand. Microsoft says it's intentional.

Composite image of a PC gaming setup with overlay text suggesting cracked DRM, accompanying a Tom's Hardware report on Denuvo's full bypass.
Gaming·

Denuvo's single-player DRM is fully cracked. 2K is forcing 14-day online check-ins to fight back.

Pirate trackers hit zero uncracked Denuvo titles for the first time in 12 years. 2K's response: a token that expires every fortnight and locks you out offline.

DHS senior official Kristie Canegallo presenting awards at the CISA Annual Award Ceremony in Arlington, Virginia.
Security·

Five Eyes intel agencies publish first joint agentic AI security guide. Their advice: slow down.

CISA, NSA, GCHQ, ASD, CSE and NCSC-NZ jointly tell organizations agentic AI isn't ready for fast rollout. The 23-page guide names five risk categories.

Electronic certification testing equipment in a lab
Policy·

FCC just voted to bar Chinese labs from certifying US electronics. 75% of devices are tested there now.

Brendan Carr's FCC advanced the 'Bad Labs' rule on April 30 in a 3-0 vote, kicking off a 60-90 day comment period. The rule covers 126 labs in China and Hong Kong.

Canonical Ubuntu logo on the canonical.com homepage, illustrating the company affected by the May 2026 DDoS attack.
Security·

A DDoS knocked Ubuntu's update servers offline. The Copy Fail patch landed in the same 24-hour window.

The 313 Team flooded Canonical's infrastructure starting May 1, blocking apt updates and the Ubuntu security API just as admins needed both.

Lightning AI logo on a dark background, illustrating the PyPI supply chain compromise of the lightning Python package.
Security·

Mini Shai-Hulud hit PyTorch Lightning. The 11.6M-download PyPI package shipped a credential stealer.

Two malicious lightning releases hit PyPI on April 30. The 42-minute window was enough to ship an RSA-encrypted infostealer to ML developers worldwide.

WatchTowr Labs disclosure illustration for the cPanel and WHM authentication bypass CVE-2026-41940
Security·

70 million domains had a no-password root bypass. cPanel rushed an emergency patch.

cPanel shipped fixes April 28 for a CVSS 9.8 auth bypass that walks attackers into shared-hosting panels with no password. WatchTowr says exploitation started before the patch.

The Copy Fail launch graphic showing a stylized terminal prompt and the title text on a dark background.
Security·

'Copy Fail' lets a 732-byte script grab root on Ubuntu, RHEL, and SUSE. Patched April 29.

CVE-2026-31431 chains AF_ALG and splice() to write into the page cache of /usr/bin/su. Xint Code disclosed it on April 29, nine years after the bug shipped.

GitHub branding image used by Wiz Research in their CVE-2026-3854 writeup.
Security·

Wiz found an RCE in GitHub's git-push pipeline. The patch shipped in six hours.

CVE-2026-3854 is a CVSS 8.7 RCE in GitHub's git-push pipeline. github.com fixed it within hours. 88% of Enterprise Server installs were still vulnerable at disclosure.

Socket security research card promoting the CanisterWorm Namastex compromise analysis.
Security·

Another npm worm: CanisterWorm hits 16 Namastex packages and reaches PyPI on the same hop

Socket flagged a self-propagating worm in @automagik/genie, pgserve, and 14 sibling Namastex Labs packages. It steals 40 credential categories and republishes itself.

Adobe Acrobat product hero card showing the red Acrobat icon.
Security·

Adobe's Acrobat zero-day sat on VirusTotal for 136 days. Patch is APSB26-43.

CVE-2026-34621 is an actively exploited Acrobat and Reader bug that runs attacker JavaScript inside the PDF runtime. The first sample hit VirusTotal in November and went unflagged.

A car driving past a city skyline at night, illustrating mobile cybercrime.
Security·

Toronto Police arrest three behind 'SMS blasters'. Phones lost 911 access for seconds at a time.

Project Lighthouse logged 13 million cellular disruptions from car-mounted IMSI catchers spoofing legitimate towers. Three men face 44 charges in Canada's first SMS-blaster bust.

BleepingComputer's Microsoft Patch Tuesday header art.
Security·

Microsoft April 2026 Patch Tuesday: 167 fixes, two zero-days, and a SharePoint bug already in CISA's KEV

Microsoft's April 8 Patch Tuesday closes 167 CVEs. CVE-2026-32201 in SharePoint is being exploited and CISA added it the same day. Here's what to patch first.

A malicious GGUF file owns your SGLang server: CVE-2026-5760 is an unpatched 9.8
Security·

A malicious GGUF file owns your SGLang server: CVE-2026-5760 is an unpatched 9.8

SGLang's reranker renders chat templates without a sandbox. Load a hostile GGUF, hit /v1/rerank, and the attacker has Python on your inference box. No patch yet.

GnuPG and OpenPGP key icon over an abstract lattice background.
Security·

GnuPG 2.5.19 lands ML-KEM in mainline. Post-quantum OpenPGP is no longer a side branch.

Werner Koch shipped GnuPG 2.5.19 on April 24 with FIPS-203 ML-KEM, the first stable post-quantum encryption algorithm in OpenPGP. Here's what changed and what didn't.

Anthropic Project Glasswing branding from Anthropic's news page.
AI·

A Discord group guessed Anthropic's URL pattern and walked into Claude Mythos

Bloomberg reports a small group accessed Anthropic's locked-down Mythos model the same day it launched, using credentials from a third-party contractor and educated URL guessing.

Aikido Security illustration of the GPT-Proxy backdoor.
Security·

Malicious npm and PyPI packages turn dev servers into Chinese LLM proxies

Aikido found a stage-2 Go binary inside two health-check-themed packages that runs an OpenAI-compatible router routing Claude, GPT, and Gemini traffic through Chinese aggregators.

Illustration accompanying Tom's Hardware coverage of the Linux kernel driver removal.
Open Source·

Linux 7.1 is yanking ham radio, ISDN, and ATM. The reason: AI bug-report spam.

Jakub Kicinski's networking pull request removes 138,161 lines of decades-old code. Kernel maintainers say LLM-generated bug reports made the old subsystems un-maintainable.

Ubuntu 26.04 LTS Resolute Raccoon desktop with GNOME 50
Open Source·

Ubuntu 26.04 LTS ships Wayland-only, Rust coreutils, and post-quantum SSH by default

Canonical released Ubuntu 26.04 'Resolute Raccoon' on April 23. It's the first LTS without X11, ships kernel 7.0 and GNOME 50, and sets post-quantum SSH on by default.

Bitwarden CLI compromised by the Shai-Hulud npm worm
Security·

Bitwarden CLI got backdoored for 90 minutes. The worm calls itself 'Shai-Hulud: The Third Coming.'

A malicious @bitwarden/cli@2026.4.0 hit npm on April 22. The payload steals npm tokens, cloud secrets, and Claude Code credentials, then self-replicates.

Microsoft .NET blog post image for the 10.0.7 out-of-band security update
Security·

Microsoft rushed an out-of-band ASP.NET Core patch. If you shipped between April 14 and April 21, you need to rebuild.

CVE-2026-40372 lets attackers forge auth cookies on .NET 10.0.6 apps on Linux and macOS. The fix is 10.0.7. Here's what broke, who's exposed, and how to patch.

Mozilla Firefox 150 security announcement cover graphic
Open Source·

Mozilla fixed 271 Firefox bugs that Claude Mythos found. Its own tests caught 22.

Firefox 150 shipped Monday with 271 security fixes from Anthropic's Project Glasswing. Mozilla CTO Bobby Holley says Mythos matches elite human researchers.

GitHub social card for the protobufjs/protobuf.js repository.
Security·

protobuf.js RCE: a 52M/week npm package was one bad type name from code execution

GHSA-xq3m-2v4x-88gg hits protobuf.js ≤8.0.0 / ≤7.5.4. Attacker-controlled schemas executed arbitrary JS on decode. One-line fix patched it.

Abstract illustration of memory cells and GPU silicon for a Rowhammer attack story.
Security·

GPUHammer grew up: three new Rowhammer attacks take full control of Nvidia machines

IEEE S&P 2026 papers extend GPUHammer with GeForge, GDDRHammer, and GPUBreach. They flip GDDR6 bits to break out of the GPU and own the host.

GitHub OG card for the StarScout research repository from Carnegie Mellon
Open Source·

Inside GitHub's fake star economy: 6 million bought stars and how to spot them

A Carnegie Mellon study counted 6 million suspected fake stars across 18,617 GitHub repos. Here's what the StarScout research actually found and how to read a star count now.

Illustration for Anthropic's Project Glasswing, a cybersecurity program powered by Claude Mythos Preview
AI·

NSA is running Anthropic's Mythos. The Pentagon says Anthropic is a supply-chain risk.

Axios reports the NSA is using Anthropic's unreleased Mythos model even though the Defense Department has blacklisted Anthropic. One government, two positions.

Vercel logo displayed on the company's security incident bulletin page
Security·

Vercel got breached through a third-party AI tool's OAuth app. Here's what leaked.

A Context.ai compromise let attackers take over a Vercel employee's Google Workspace. Non-sensitive env vars were exposed, and a ShinyHunters persona is asking $2M.

Trivy logo, the open-source vulnerability scanner from Aqua Security
Security·

Trivy got hijacked: 75 of 76 version tags rewrote to drop a CI secret-stealer

Attackers force-pushed 75 of 76 trivy-action tags to a malicious commit. Pinning by tag turned a trusted scanner into an infostealer for CI pipelines.

Abstract visualization of cybersecurity and AI defense systems
AI·

OpenAI launches GPT-5.4-Cyber for defensive security, opens access to thousands

OpenAI's new cybersecurity-tuned model can reverse-engineer binaries and analyze malware. It's restricted to verified defenders through the Trusted Access program.

Google's social card for the post-quantum cryptography migration blog post
Web·

Google just moved 'Q-Day' to 2029. Here's what that changes for your crypto stack

Google's security team says cryptographically-relevant quantum computers could arrive by 2029, six years before the NSA's 2031 deadline. What to migrate, and in what order.

Claude wordmark on Anthropic's introducing-Routines announcement
AI·

Claude Code Routines: what they actually do, and when to use them over GitHub Actions

Anthropic just shipped Routines: Claude Code sessions as cron jobs, webhooks, and GitHub-event reactors. Here's what they replace, what they don't, and one rule to follow.

Related topics

Regulation & policy