operations6 @_operations6_

🦔Leonardo is a $17 billion defense contractor. It built a system called SignalTrace that clips sensors onto the license plate readers already mounted on street poles, overpasses, and police cars across the US. Every time you drive past one, the sensor grabs the Bluetooth and WiFi signals from every device in your car, ties them to your plate, and logs the time and location. Your phone, your AirPods, your kid's tablet. All of it goes into the same file. A friend rides with you once and their devices are linked to your plate. Leonardo has sold this to police departments since at least 2023. There is no federal law covering it, no opt-out, and no warrant requirement. My Take None of the pieces here are new. Your phone has always broadcast a signal. The license plate cameras were already there. Leonardo just connected them and found a buyer. Nobody had to break a law or build anything from scratch. They assembled a surveillance system from parts already in place and sold it before anyone noticed. Most people found out this week from a 404 Media investigation. Leonardo received the patent in 2024. By the time you hear about something like this, the deals are done and the sensors are on the poles. That's how it works now. Hedgie🤗 404media.co/this-company-w…

VIDEO: Where Are All The MacBooks???

Today the EU made American AI illegal in 27 countries. The reason is ONE sentence Microsoft's own lawyer said under oath: This morning in Brussels, EU Tech Chief Henna Virkkunen unveiled the Cloud and AI Development Act. It's the most aggressive anti-American tech move from Europe since GDPR. The law forces EU public sector procurement in banking, healthcare, defense, and energy to apply mandatory non-price factors favoring software and hardware built inside the EU. Microsoft Azure can be cheaper, AWS can be faster, Google Cloud can have the better model, and EU governments MUST legally prefer European alternatives. AWS, Microsoft, and Google currently control roughly 70% of the European cloud market. Brussels is now openly targeting greater independence from US providers in cloud, AI, and semiconductors. The largest regulatory market-share transfer in tech history is being written into law right now. But the real story is how this happened... On June 10, 2025, a man almost no one outside Brussels had heard of walked into the French Senate. His name is Anton Carniaux, Director of Public and Legal Affairs at Microsoft France. Senator Dany Wattebled asked him under oath whether he could guarantee that data belonging to French citizens, stored on Microsoft European servers, would never be transmitted to US authorities without explicit consent from the French government. Carniaux answered honestly. He admitted he could not guarantee it, because Microsoft must comply with the US CLOUD Act regardless of where European data physically sits. One sentence of sworn testimony from Microsoft's own counsel killed every sovereign cloud defense Big Tech had spent five years building. It became the legal foundation for the law unveiled today. Then Trump accelerated the divorce. January 2025 brought executive orders expanding US surveillance authorities. Vance went to Munich and attacked European democracies on stage. The tariffs followed and so did the Pentagon's $200 million AI contract war that ended with OpenAI replacing Anthropic after Hegseth labeled it a supply chain risk. So did OpenAI's Stargate and yesterday's Trump AI Executive Order, whose Section 3 lets the White House pick which AI companies get 30-day early access to frontier models. American AI was officially declared a US government strategic asset. Europe heard every word of it. On May 12, Mistral CEO Arthur Mensch told the French National Assembly that Europe had 24 months to build sovereign AI infrastructure or become a permanent US VASSAL state. And the response came fast: April 24: Cohere acquired Germany's Aleph Alpha for $20 billion with both Germany's and Canada's digital ministers in the room at the Berlin announcement. May 30: SoftBank committed up to $87 BILLION for French nuclear-powered data centers, the largest AI infrastructure project in European history. Yesterday: EU Parliament announced it's dropping Google for French search engine Qwant tomorrow. France ordered every government workstation off Windows and onto Linux. Today the Cloud and AI Development Act made all of it law. - Mistral is building a 1.4 gigawatt AI campus near Paris by 2028 with Nvidia, MGX, and Bpifrance - SAP's EU AI Cloud, launched last November, runs on Cohere, Mistral, and SAP's own sovereign infrastructure - McKinsey forecasts $600 billion in sovereign AI needs by 2030 None of that money is going to Silicon Valley. The America First AI policy built a wall around the world's most regulated economy, and American companies are on the wrong side of it. Microsoft's lawyer told the truth in a Senate hearing nobody watched. Trump turned that admission into a national security narrative while the EU turned that narrative into procurement law. And one entire continent walked away from the American tech stack...

CEOs are quietly realizing the AI replacement plan has a problem. Two problems, actually. One: the token costs for running AI agents are now exceeding what they were paying the employees they fired. Two: when the tokens run out, the AI stops. Just stops. No continuity. No workaround. Just a spinning wheel where your workforce used to be. You fired humans to save money and bought a subscription that bills you into a corner. The employees you let go knew what to do when things broke. The AI just invoices you for the outage. And then there’s the permission problem nobody wants to talk about. To do its job, the AI agent needs access. Full access. Your systems, your patents, your contracts, your future plans. Everything you spent years building, handed over to a process that has no loyalty, no discretion, and no skin in the game. You didn’t hire a replacement. You gave a stranger with no soul the keys to everything you own. Enjoy.

The AI bubble is exploding We are so back, developers

Nico @nicos_ai

2 weeks ago

🚨La IA está costando MÁS que los empleados a los que reemplazó. Y las grandes empresas ya lo admiten en público: → Uber desplegó IA entre sus 5.000 ingenieros. En 4 meses agotaron TODO el presupuesto anual. Su COO reconoce que no puede justificar el gasto. → Microsoft ha

225 2K 9K 2.3M 2K

Uber’s COO has said that it’s getting “harder to justify” its AI costs because there was no way to show a link between AI spend and any meaningful increase in useful features. This is the first time I’ve seen a company say this directly. businessinsider.com/uber-coo-andre…

keyboard_arrow_left Previous keyboard_arrow_right Next

Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux. It checks developer machines for risky packages, extensions, and AI tool configs. Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges. github.com/perplexityai/b…

‼️🚨 BREAKING: Another supply chain attack. 700+ GitHub repositories flagged, including PHP and Node.js projects. The malicious script was planted across all of them. When a developer installs the package, the script silently downloads a Linux file from GitHub, hides it under the name /tmp/.sshd (so it looks like a normal system file), and runs it in the background. It also skips security checks on the download and hides any error messages. 8 PHP packages on Packagist (the main PHP code library) were confirmed infected. The attacker hid the script inside a JavaScript config file (package.json) instead of the PHP one (composer.json), so PHP developers reviewing their code would not notice it. The biggest risk is to devdojo/wave (6,400 stars) and devdojo/genesis (9,100 installs), both popular Laravel project templates. Developers who use these templates run the bad script the moment they install dependencies. The same payload was also dropped into GitHub Actions (automated build pipelines) under a fake step called "Dependency Cache Sync," meaning it could infect company build servers too. Packagist removed the bad packages, but the auto-updating versions (dev-main, dev-master, 3.x-dev) can quietly come back if the original repos stay infected. IOCs: GitHub account parikhpreyash4 repo systemd-network-helper-aa5c751f drop path /tmp/.sshd command fragments curl -skL and chmod +x /tmp/.sshd.

keyboard_arrow_left Previous keyboard_arrow_right Next

@github We opened up AgentMesh for free. It’s like a VirusTotal but got extensions, skills, etc. (agentmesh.knostic.ai) You can also check out how we secure coding agents if you like. Free up to 5 licenses. knostic.ai

🚨 BREAKING: Socket is investigating an active npm supply chain attack compromising hundreds of packages in the @antv ecosystem. The malicious publish wave appears tied to Mini Shai-Hulud and packages connected to the npm maintainer account atool.

Atlassian's revenue: $1.79 billion last quarter Atlassian's move: fire the engineer who built their infrastructure his move: post a 38-minute breakdown of every system he built, free for anyone to copy what he revealed: > Envoy proxy instead of enterprise load balancers > sidecar architecture for auth, logging, rate limits > DynamoDB + SQS for async provisioning > Packer + SaltStack for automated VM deployments at scale Atlassian charges per employee across 350,000 customers this guy just handed you the enterprise playbook for free save this

A lot of people have been wondering about Mythos, Glasswing, and the vulns we / our partners are fixing. Today, I’m excited for us to start sharing more. (For context, I lead Glasswing @AnthropicAI.) Two independent evaluations this week—from XBOW and the UK AISI—confirm what we've been seeing internally: Claude Mythos Preview is a step change in autonomous cybersecurity capabilities. We need to start preparing fast for a world of models with this level of capabilities. The UK AI Security Institute tested the model we shipped at the launch of Project Glasswing and found Mythos Preview is the first model to solve both of their end-to-end cyber ranges, including one (Cooling Tower) which no model had ever cleared. But attackers (and defenders) have sophistication & cost constraints – Mythos is also the only model that clears every one of their tasks estimated over 8 hours under their deliberately low 2.5M-token cap. XBOW tested it on their offensive security benchmarks, finding "token-for-token, unprecedented precision." It's the only model to succeed at subtle V8 sandbox work. Other Glasswing partners shared similar stories. In a few weeks of testing, Mythos Preview has helped them find many thousands of (estimated) high + critical severity vulnerabilities, sometimes double what they'd normally find in a year. I don't share this to boost Mythos. In fact, this is not about Mythos. It’s about preparing for the coming world of models being better, faster, cheaper, and more creative than some of the best human experts at dual use capabilities. Clearly, we need them supporting defenders as widely as can be done safely – and especially the least resourced ones. Within a year, Mythos will probably look quite dumb (relative to other new models). And others may release openly available or unguardrailed models of Mythos-level capabilities. We started Project Glasswing because capabilities like Mythos Preview's won't stay rare, or stay in careful hands. We are bringing it to defenders as fast as we responsibly can, while working to figure out, for example, the right safeguards and patching & disclosure processes. Also, to be clear, compute has never been a limiter in our rollout. Expect a fuller update on our Glasswing work in the coming days. XBOW report: xbow.com/blog/mythos-of… UK AISI report: aisi.gov.uk/blog/how-fast-…

AI Security Institute @AISecurityInst

4 weeks ago

Our cyber range results illustrate this step-up. Since our first Mythos evaluation, we received access to a newer Mythos Preview checkpoint. On a 32-step corporate network attack we estimate takes a human expert ~20 hours, this checkpoint completes the full attack in 6 /10

10 81 527 654K 176

‼️🚨 MAJOR IMPACT: AI just found an 18-year-old NGINX critical remote code execution vulnerability. It has been disclosed on GitHub including PoC code. - Affects NGINX 0.6.27 through 1.30.0 - Triggered via the rewrite and set directives in config - Update NGINX ASAP - NGINX is a widely used HTTP web server, be sure to check its prevalence in other products

keyboard_arrow_left Previous keyboard_arrow_right Next

HOLY FUCKING SHIT OMG CLAUDE JUST CRACKED THIS SHIT, THANK YOU @AnthropicAI THANK YOU @DarioAmodei NAMING MY KID AFTER YOU 😍 blockchain.com/explorer/addre…

🍜 @cprkrn

3 years ago

My wallet with my locked btc from 9 years ago lol 😭😭😭 blockchair.com/bitcoin/addres…

146 67 2K 5.0M 425

You can download it here: vx-underground.org/tmp

New YARA rule retrohunts Telegram bot tokens across cloud samples to identify C2 infrastructure. Analysis reveals phishing campaigns, credential theft operations, and anti-forensics techniques embedded in fake login pages. #DFIR_Radar

‼️🚨 One of the world's largest Certificate Authorities, DigiCert, was compromised by a malicious screensaver file sent through a customer support chat. Their antivirus blocked the malware four times. The agent kept clicking. The fifth try got through. 27 code signing certificates were stolen and used to sign malware. DigiCert ultimately revoked 60 certificates. Per DigiCert's incident report, filed in Mozilla's CA compliance tracker as Bug 2033170, here is how it unfolded: April 2: an attacker contacted a DigiCert helpdesk agent through the company's customer support chat channel, posing as a customer. The lure was a zip file pitched as a screenshot. Inside the zip was a .scr file. On Windows, .scr files are executables, and this one carried a malicious payload. Opening a file a customer sent through the official support channel is what an agent is supposed to do. Support staff are the one role designed to accept files from strangers. DigiCert's endpoint security blocked four infection attempts. On the fifth, the support analyst's machine was infected. DigiCert detected the infection, ran an investigation, and concluded the incident was contained. Eleven days later, an external researcher tipped DigiCert off about misuse of DigiCert-issued code signing certificates in the wild. That tip led to the discovery of a second compromised machine, belonging to a different support analyst, infected through the same vector. The EDR on that machine had not been functioning correctly, so the original investigation missed it. The second machine gave the attacker access to DigiCert's internal support portal. That portal lets support staff reach limited views of customer accounts, including initialization codes for ordered but not-yet-issued code signing certificates. Combining a stolen initialization code with an approved order let the attacker pull a real, validly issued code signing certificate. They did this 27 times. DigiCert's own list of what went wrong: - File-type filtering on the customer support chat channel did not catch the .scr - EDR coverage was inconsistent and incomplete, creating a blind spot - Initialization codes for code signing certificates were not adequately protected DigiCert says it got lucky. An outside researcher found the malware abuse before DigiCert did. Without that tip, the second machine and the active certificate theft might still be running today.

keyboard_arrow_left Previous keyboard_arrow_right Next

Hackers are actively exploiting a bug in cPanel, used by millions of websites techcrunch.com/2026/04/30/hac…

A new npm supply-chain compromise is targeting SAP developer workflows. Mini Shai-Hulud follows a familiar pattern, but with a smaller package set and a serious secret-stealing payload built to hit developer machines and CI/CD environments. Affected packages we’re tracking: - cap-js/sqlite v2.2.2 - cap-js/postgres v2.2.2 - cap-js/db-service v2.10.1 - mbt v1.2.48 If any of these touched your environment, rotate secrets and review GitHub, npm, cloud, and CI activity.

🚨 Supply chain attack: SAP CAP and Cloud MTA npm packages compromised to download and execute unverified binaries. Affected versions: → [email protected] → ＠cap-js/[email protected] → ＠cap-js/[email protected] → ＠cap-js/[email protected] Developers using these packages should review lockfiles and CI/CD logs for installs during the exposure window. ＠cap-js/[email protected] has already been unpublished.