All Articles

NemoClaw and Stripe MPP for OpenClaw agent billing security

NVIDIA's NemoClaw secures OpenClaw agents with a four-layer sandbox, while Stripe's Machine Payments Protocol lets agents make payments without handing over private keys. The open question is how to charge safely from inside the sandbox.

GNU Inetutils telnetd CVSS 9.8 pre-authentication remote code execution vulnerability (CVE-2026-32746)

A buffer overflow was discovered in the LINEMODE SLC handler of GNU Inetutils telnetd. No authentication required - root privileges can be gained just by connecting to port 23. All versions (~2.7) are affected and no patch has been released.

CLI-Anything turns almost any software into something AI agents can operate

CLI-Anything, released by HKUDS at the University of Hong Kong, automatically generates a CLI harness from GUI software source code so AI agents can drive it directly. It passed all 1,720 tests across 16 apps including GIMP, Blender, and LibreOffice.

Cisco FMC CVSS 10.0 zero-day CVE-2026-20131 was exploited by Interlock ransomware for 36 days

Cisco Secure FMC's unauthenticated RCE flaw CVE-2026-20131 (CVSS 10.0) was added to CISA's KEV catalog after Interlock ransomware had been abusing it for 36 days before Cisco's public disclosure. Amazon Threat Intelligence later dissected the toolkit in detail.

Holotron-12B Makes PC-Operation AI 1.7× Faster, and Unsloth Studio Lets You Tune Models Without Code

H Company's Holotron-12B uses a memory-efficient new design to lift PC-operation AI throughput to 8,900 tokens per second. Unsloth has released the beta of 'Studio,' a browser tool for no-code model fine-tuning.

Oracle proposes ``Project Detroit'' to OpenJDK to fully incorporate V8 and CPython into Java

Project Detroit announced by Oracle at JavaOne 2026. We proposed to OpenJDK the idea of ​​​​directly incorporating V8 and CPython into Java builds and calling them using the javax.script API. After the abolition of Nashorn and GraalVM's withdrawal from the Java cycle, why did they now turn to ``embedding the native runtime'' instead of ``in-house implementation''?

How to get ComfyUI running on Blackwell GPUs, and what can go wrong

A guide to why ComfyUI fails on NVIDIA Blackwell (sm_120) GPUs and how to fix it with PyTorch Nightly, xformers removal, SageAttention, and NVFP4 quantization.

NVIDIA announces “Vera” CPU for agent-based AI

Vera CPU announced by NVIDIA at GTC 2026. The 88-core custom design realizes twice the efficiency and 50% faster speed than the previous model, and is scheduled to be available from the second half of 2026.

Why Codex Security does not emit SAST reports

OpenAI explains the AI-driven constraint-reasoning approach behind Codex Security and how it differs from traditional SAST.

Merriam-Webster and Britannica sue OpenAI over copyright infringement

Two long-standing reference publishers sued OpenAI, alleging that roughly 100,000 articles were used without permission to train LLMs.

GLM-OCR (0.9B) sets a new SOTA for document parsing, so I checked columns, vertical text, and math support

Zhipu AI's GLM-OCR reaches 94.62% on OmniDocBench v1.5 despite using only 0.9B parameters. I dug into its layout parsing, vertical text handling, and math recognition.

LuxTTS - lightweight ZipVoice-based voice cloning that runs in 1 GB of VRAM

An open-source TTS model distilled from the ZipVoice architecture into four inference steps, delivering voice cloning with 1 GB of VRAM and 150x real-time speed. It also compares itself with the other TTS models covered on this blog.