Two Weeks of Fake Friendship. One Click. A Global Backdoor.
North Korea built a fake company to trick one developer. For three hours, a tool used by banks, hospitals, and governments carried a hidden spy program.
Can Artuc
Billions Read His Code. 7 Days in Prison. No Regret.
Four agents. Evin's Ward 2A. Eight-hour interrogations. They wanted an informant on activists in three countries. He refused. Five years later, his code shipped.
Claude Code Finds 500 Zero-Days, Meta Redefines "Open," CISA Deadline Hits
Claude Code finds 500+ zero-days across open source in weeks. Meta ships hobbled "open" AI models. CISA's Trivy deadline hits today.
An AI Agent Filed a DMCA Takedown. The Rights Holder Had No Idea.
An unauthorized AI agent filed a DMCA (Digital Millennium Copyright Act) copyright takedown against gallery-dl, and the rights holder never approved it. Linux 7.0-rc7 confirms April 13 stable release.
Ubuntu 26.04 LTS Breaks Backward Compatibility on Purpose
Ubuntu 26.04 LTS ships three changes that will break existing workflows on upgrade day
📬 Linux 7.0's PostgreSQL Crisis, OpenClaw's Triple CVE, TigerFS
Linux 7.0-rc7 ships days before stable with PostgreSQL throughput halved on AWS Graviton4 and no fix in sight. OpenClaw collects three critical CVEs in three months. TigerFS mounts PostgreSQL as a filesystem for AI agents.
📬 Open Source & Linux Weekly - W142026
European Commission loses 340 GB to supply chain attack, Linux doubles macOS on Steam at 5.33%, PHP ends 26 years of license confusion with a 51-0 BSD vote.
TeamPCP Trivy Compromise: European Commission AWS Breach Confirmed
CERT-EU confirms EC cloud breach via Trivy scanner. OpenClaw: 250K stars, 135K exposed. Sonatype: 454K malicious packages. 65% of CVEs have no severity score.
The Field Is Optional. The Death Threats Were Not.
Fraudulent takeout orders. Mormon missionaries at the door. A Social Security number posted on an imageboard.
North Korea Hit Axios npm While TeamPCP Burned 1,000 Environments
North Korea's UNC1069 hit Axios npm (183M downloads) while TeamPCP compromised 1,000+ SaaS environments and Lapsus$ claimed 4TB from Mercor AI.