A prompt-injection attack in a GitHub issue title tricked an AI triage bot into stealing npm tokens, which were then used to publish a malicious package in a five-step supply-chain attack chain.
Using tori29umai’s LoRA to automatically split facial parts, results from batching 28 images, and a log of running into the limits when attempting finer hair separation
North Korea's Famous Chollima released 26 npm packages as part of the Contagious Interview campaign, hiding C2 URLs in zero-width Unicode characters inside Pastebin essays and delivering a 9-module RAT through Vercel deployments.
AWS has made OpenAI API compatibility for the Bedrock Mantle distributed inference engine generally available, letting existing OpenAI SDK code run against open-weight models such as DeepSeek and Mistral.
Claude Code's Cowork feature has been reported to create VM bundles as large as 21GB on macOS without warning. Deleting them only causes regeneration, and CPU usage can climb to 55%. On macOS 26.x, some users also hit VM startup failures caused by vsock connection issues.
In March 2026, Iran's retaliatory attack physically destroyed the AWS Bahrain/UAE region. There is no compensation due to the force majeure clause. RI continues to be charged even though it has stopped. Consider cloud physical risks and DR strategies.
Russian APT28 started exploiting URL validation flaw in ieframe.dll (CVE-2026-21513, CVSS 8.8) in January 2026. We have laid out the technical mechanics of an attack chain that bypasses Mark-of-the-Web via LNK files and executes code outside the browser sandbox.
JPEG-XL revival in Chrome 145 and how to use cjxl, RSA → Elliptic Curve → PQC cryptography transition and Merkle Tree Certificates, WebMCP implementation examples, Chrome zero-day trends, and customizable select elements.
Running LTX-2 and Wan 2.2 on an M1 Max 64GB. FP8 doesn't work on Metal, bypassed with GGUF. Wan 2.2 takes 82 minutes for a 2-second video. LTX-2's official pipeline produces NaN on MPS, and the KSampler fallback doesn't reach usable quality.
Five new features for Copilot coding agent — model selection, self-review, security scanning, custom agents, and CLI integration — plus bidirectional Figma-Codex integration via MCP. Also covers Copilot CLI GA and comparison with Claude Code Figma integration.
W3C WebAuthn L3 co-editor Tim Cappalli warns against using the PRF extension to derive encryption keys. This article lays out the structural risk of making data permanently unrecoverable if the authenticator is lost, along with Bitwarden, WhatsApp, and other implementations and the recommended Envelope Encryption pattern.
