Stefano Di Paola @WisecWisec

someone made a fork of opencode that routes through the unsecured ai endpoints from chipotle

Blackhat and whitehat are bad terms. We should be using denyhat and allowhat.

I’ve left Google DeepMind after an amazing chapter. I’m incredibly grateful for the people I worked with, the things we built, and the lessons I learned from taking frontier AI research into production. DeepMind shaped how I think about research, product, evaluation, and what it takes to build AI systems at real scale. As I wrap up this chapter, I wrote down something I’ve been thinking about a lot: evals. We’re good at evaluating the models we have. We’re much worse at evaluating the models we’re about to build — especially if they cross into a new capability regime. We will have self-evolving models, but before that, we need self-evolving evaluations. wanglun1996.github.io/blog/your-eval…

BREAKING: US CPI inflation is on track to exceed +5.0% as early as this year. Over the last 6 months, CPI inflation has averaged +0.4% on a MoM basis, with March and April readings as high as +0.9% and +0.6%, respectively. If this trend continues, this puts YoY inflation on pace to surge to +5.2% by the November midterms. That would be the highest level since February 2023 and more than double the February 2026 print. Even if monthly inflation prints ease to +0.3%, the YoY inflation rate would still rise to +4.4%, the highest since April 2023. Inflation is back in full swing.

In 2001, Hugh Jackman delivered the most realistic computer hacking scene in film history. To this day, it is used for training at the Cybercrime Division of the FBI.

@WisecWisec @lcamtuf There is indeed a set of regression tests, which the rust coreutils team has been expanding. And during the course of this rewrite have found bugs and vulnerabilities in the original GNU implementation.

@lcamtuf I am quite surprised that in 2026 there’s no set of regression tests representing all the sec issues from the past that could be used against the new code.

🤗🤗🤗introducing Hugging Science -- the home of AI for science 🤗🤗🤗 open models and datasets are the powerhouse of science (see the PDB), but finding the models and data you actually need for your breakthrough is hard af you shouldn't need to scrape arxiv, own your own wetlab, fight a custom HDF5 parser, build a fusion stellarator, and beg for compute before you've trained a single epoch so we're changing that we've put all the best science on @huggingface in one place: - 78GB of genomics data - 11TB of PDE simulations - 100M cell profiles - 9T DNA base pairs - 13M molecular trajectories - 400k medical QA pairs and much more, all open, and all ready for training (+ you can also now filter and search by domain, task, and keyword) we've put together all the biggest releases from our partners at NASA, Google, OpenAI, Meta FAIR, Arc Institute, Ginkgo, SandboxAQ, Proxima Fusion, NVIDIA, Ai2, OpenADMET, InstaDeep, Future House, Polymathic AI, LeMaterial, Earth Species Project, Merck, and Eve Bio if you're not sure where you fit in -- work on open challenges for problems that matter: including fusion stellarator design, ADMET, antibody developability, multilingual medicine, catalysis and materials, and scientific reasoning. we're already changing how science gets done: a fusion startup needed a benchmark for stellarator plasma confinement that didn't exist. @proximafusion shipped ConStellaration on Hugging Science: a leaderboard, dataset, and eval metrics, all in one place. a drug discovery team wanted to predict hPXR induction. OpenADMET put up a blind challenge: 11,000+ compounds assayed at Octant, 513 held out, two tracks (pEC50 + structure). Anyone in the world can train and submit. an antibody team at @Ginkgo released GDPa1, a developability dataset for stability, manufacturability, and immunogenicity prediction, with a live leaderboard scoring every submission. if you know a problem the ML community should be working on, let us know. make a challenge! this is about putting all the tools for solving science in one place. so we can hillclimb! → huggingscience.co

Exploiting llama.cpp’s RPC Server - From Null Buffer to RCE Against PIE + Full RELRO + NX | CVE-2026-34159: The vulnerability is a one-line logic bug in the RPC server’s tensor deserialization pipeline. Youtube: youtube.com/@NullSecurityX Blog: pwntricks.com/ZeroClick-RCE-…

I tested @huggingface ml-intern, given the prompt "Fine-tune a Segment Anything Model (SAM) on a useful medical dataset. Train the model, and provide a comprehensive tutorial in a Jupyter Notebook file. Additionally, create a Hugging Face article/blog post documenting everything you have done." It did it all autonomously: - Researched via hf_papers & searched GitHub/HF Hub - Found an HF dataset & wrote the finetuning script - Trained it using HF compute (took ~1 hour) - Pushed the weights & wrote the article Here are the model weights, code, and the blog it generated: hf article huggingface.co/Mayank022/blog… model weights huggingface.co/Mayank022/sam-… Awesome stuff @akseljoonas , looking forward to use this. 🔥

Aksel @akseljoonas

a month ago

Introducing ml-intern, the agent that just automated the post-training team @huggingface It's an open-source implementation of the real research loop that our ML researchers do every day. You give it a prompt, it researches papers, goes through citations, implements ideas in GPU

136 639 5K 1.2M 6K

do NOT give claude cart blanche for interfacing with your printer

keyboard_arrow_left Previous keyboard_arrow_right Next

How Axios was compromised 🤯

Finally figured out how to set custom spinner verbs for Claude Code Just add spinnerVerbs to ~/.claude/settings.json: { "effortLevel": "high", "voiceEnabled": true, "skipDangerousModePermissionPrompt": true, "spinnerVerbs": { "mode": "replace", "verbs": ["Hacking", "Pwning", "Exploiting", "Bypassing", "Hunting bugs", "Reversing"] } } #ClaudeCode #BugBounty

keyboard_arrow_left Previous keyboard_arrow_right Next

this guy has 29 models on huggingface at page 2 ranking. no lab behind him. no sponsorship. $2,000 from his own pocket on GPU rentals. he compressed GLM-4.7 to run on a MacBook and quantized Nemotron Super the week it dropped. all public. all free. nvidia is a trillion dollar company with hundreds of teams but they are not the ones quantizing models middle of the night and pushing them out before sunrise. if nvidia stopped tomorrow their employees stop working. people like @0xSero would not. that is the difference between a paycheck and a mission. @NVIDIAAI you talk about making AI accessible. the people actually doing it are right here. 29 models deep burning their own compute with no ask except more hardware to keep going. you do not need to build another program. just look at who is already building for you. one GPU to this man would produce more public value than a hundred internal sprints. i am not asking for charity. i am asking you to invest in someone who already proved it.

0xSero @0xSero

3 months ago

Putting out a wish to the universe. I need more compute, if I can get more I will make sure every machine from a small phone to a bootstrapped RTX 3090 node can run frontier intelligence fast with minimal intelligence loss. I have hit page 2 of huggingface, released 3 model

177 469 4K 928K 1K

Send help. plz

Jeremy KD8TUO 🇺🇸⏦⎓⎎⎍⏚ @ElectronicsbyJH

3 months ago

Yea I need to convert this to python, I really don't want to use MATLAB/Simulink tbh

19 8 278 44K 108

A friend had Claude spend all night trying to hack into an e-ink display, and gave Claude camera access so it could verify whether an attempt worked. He told Claude to show him a message if it won. My friend woke up to this victory lap, which Claude didn't realize was backwards

Now available: The @trailofbits Curated Skills Marketplace. We're reviewing, cleaning, and improving 3rd party skills into a trusted marketplace. github.com/trailofbits/sk…

BREAKING: US Olympian Chloe Kim, who has immigrant parents, speaks out: “In moments like these it’s really important for us to unite. We are allowed to voice our opinions on what’s going on. I think we need to lead with love and compassion.” I’m so happy that so many Olympians are not hesitant to speak out for what they believe in even when they know the president could try to bully them.

People: "Let me give this AI agent access to my files, browser, terminal, and credentials, then install community skills from a registry with zero vetting." Attackers: "Thank you." The top @openclaw skill was an infostealer. Shocking absolutely nobody. 1password.com/blog/from-magi…

Diagrams are becoming my primary way of reasoning about code with Agents. And I didn't find anything there that I'm happy to look at all day long. Mermaid as a format is amazing - so we built something beautiful on top of it. It's called Beautiful Mermaid agents.craft.do/mermaid