Linux kernel maintainers pitch emergency killswitch after CopyFail and Dirty Frag chaos
Instead of waiting for patch cycles, admins could simply shut down vulnerable functions before attackers get there
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring
The company topped revenue and earnings forecasts for the first quarter of 2026, but its shares plunged more than 20%. The post Cloudflare Lays Off 1,100 Employees in AI-Driven Res…
LLMs and Text-in-Text Steganography
Turns out that LLMs are really good at hiding text messages in other text messages.
SailPoint Discloses GitHub Repository Hack
The incident occurred on April 20 and did not affect customer data in the company’s production and staging environments. The post SailPoint Discloses GitHub Repository Hack appeare…
Classic Outlook's Quick Steps trip over Microsoft bug
Client's handy automations get grayed out unless you know the keyboard shortcut
Europe wants out from under US tech – but first it has to find the exits
Report maps the weak points in cloud, identity, and public sector procurement
Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack
A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first o…
The latest innovation in UK public transport: Schrödinger's trains
Who knows what is going where. Might as well have a lovely beer instead.
TrickMo Android banker adopts TON blockchain for covert comms
A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy com…
Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools
Tens of thousands of students studying for final exams around the world have regained access to a key online learning system after a cyberattack had earlier knocked it offline. The…
Taiwan's train cyber-trauma reveals a global system that’s coming off the tracks
That’s not a radio. THIS is a radio
New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks
Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released. The post New ‘Dirty Frag’ Linux Vulnerability Possi…
Lab worker built a fake PC to nuke his lunch
The office sink is always a horror. Managers worried this one glowed
Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested
The second iteration of the German-speaking online crime marketplace had over 22,000 users and more than 100 sellers. The post Resurrected ‘Crimenetwork’ Marketplace Taken Down, Ad…
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based inform…
Mythos Finds a Curl Vulnerability
Article URL: https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=48091737 Points: 703 # Comments: 282
Sovereign cloud is only possible if you’re Chinese or American: Gartner
Which is awkward for European orgs who fear US clouds might leave the continent
Over 500 Organizations Hit in Years-Long Phishing Campaign
Victims span across the aviation, critical infrastructure, energy, logistics, public administration, and technology sectors. The post Over 500 Organizations Hit in Years-Long Phish…
ASIA IN BRIEF: China’s agentic AI policy wants to keep humans in the loop
PLUS: Robot becomes Buddhist monk in Korea; TikTok spending $25bn in Thailand; Baidu floating chip biz; and more!
Yes, local LLMs are ready to ease the compute strain
In The Register's Kettle podcast we discuss how Anthropic might be thinking about space to ease computing pain, but Claude Code on your laptop is way more practical
Hackers abuse Google ads, Claude.ai chats to push Mac malware
Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for "Claude mac download" may come across sponsored searc…
Incident Report: CVE-2024-YIKES
Article URL: https://nesbitt.io/2026/02/03/incident-report-cve-2024-yikes.html Comments URL: https://news.ycombinator.com/item?id=48086082 Points: 712 # Comments: 179
Police shut down reboot of Crimenetwork marketplace, arrest admin
German authorities have shut down a relaunch version of the criminal marketplace 'Crimenetwork' that generated more than 3.6 million euros, and arrested its operator. [...]
Memory godboxes could offer relief from the RAMpocalypse
Amid the AI-fueled memory crunch, will Compute Express Link finally have its moment to shine?
Both Fedora and Ubuntu will get AI support – soon
Furores are fermenting in the forums
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its ent…
HP stuffed a PC into a keyboard. We took it for a spin
It's not much cheaper than an equivalent laptop, so who's this for, exactly?
JDownloader site hacked to replace installers with Python RAT malware
The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found depl…
Google tweaks Chrome AI privacy wording, insists processing stays on-device
Deletion of a longstanding privacy assurance sparks concerns
Fake OpenAI repository on Hugging Face pushes infostealer malware
A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project to deliver information-stealing malware to Windows user…