βοΈ Apple is suing OpenAI, accusing it of a months-long scheme to steal trade secrets for its AI hardware device. The complaint names OpenAI hardware lead Tang Tan and engineer Chang Liu, both ex-Apple.
It alleges recruits were told to bring unreleased parts to job interviews, that Tan circulated Apple's internal exit-security playbook to new hires, and that Liu kept an Apple laptop and exploited a vulnerability to pull dozens of confidential documents while already working at OpenAI.
OpenAI's reply, via a spokesperson: "We have no interest in other companies' trade secrets." Apple wants an injunction plus damages set at trial.
It alleges recruits were told to bring unreleased parts to job interviews, that Tan circulated Apple's internal exit-security playbook to new hires, and that Liu kept an Apple laptop and exploited a vulnerability to pull dozens of confidential documents while already working at OpenAI.
OpenAI's reply, via a spokesperson: "We have no interest in other companies' trade secrets." Apple wants an injunction plus damages set at trial.
β€10π4π€£4π2π₯°1
βΌοΈ A 16-year-old Linux KVM vulnerability called Januscape (CVE-2026-53359) lets a root user inside a guest VM escape to the host on Intel and AMD x86 systems, and a proof of concept that crashes hosts is already public.
Canonical says patched Ubuntu kernels are still pending for all releases and recommends disabling nested virtualization in the meantime.
Canonical says patched Ubuntu kernels are still pending for all releases and recommends disabling nested virtualization in the meantime.
π±18β€3
βΌοΈ The Chinese and Russians want to use malware to paralyze the Starlink satellite network, according to secret documents obtained from clandestine military forums. And if malware doesn't work, they plan to just shoot the satellites down.
Chinese state aerospace researchers are pitching a three-stage plan to defeat Starlink. It escalates from regulatory pressure to coordinated jamming to physically destroying satellites in orbit.
The same cache includes a protocol signed in Moscow in June 2023 to jointly build an air- and missile-defense system against US hypersonic weapons, a class of technology Moscow historically refused to share with anyone.
Beijing still calls itself neutral on Ukraine. These documents make that position very hard to sustain.
Note: the slides have been translated from Russian and Chinese into English.
Chinese state aerospace researchers are pitching a three-stage plan to defeat Starlink. It escalates from regulatory pressure to coordinated jamming to physically destroying satellites in orbit.
The same cache includes a protocol signed in Moscow in June 2023 to jointly build an air- and missile-defense system against US hypersonic weapons, a class of technology Moscow historically refused to share with anyone.
Beijing still calls itself neutral on Ukraine. These documents make that position very hard to sustain.
Note: the slides have been translated from Russian and Chinese into English.
π±15π5π₯3β€2π2
βΌοΈ Samsung is forcing users to hand over their data for AI training by breaking core functionality of its Health app.
A new consent notice covers activity, health records, medication, and menstrual cycle data. Opt out and the app warns it will stop syncing to your Samsung account and delete the data already stored there.
A new consent notice covers activity, health records, medication, and menstrual cycle data. Opt out and the app warns it will stop syncing to your Samsung account and delete the data already stored there.
π©32π€―8β€3π3π₯°1
βΌοΈ BREAKING: The official SpaceX and Starlink accounts on X appear to have been compromised. According to multiple reports online, an account named "Sam Catman," carrying an official SpaceXAI-affiliated badge, posted a scam coin. The official SpaceX and Starlink accounts then reposted Sam Catman's posts.
Needless to say, anyone who bought in was rug-pulled.
Needless to say, anyone who bought in was rug-pulled.
π21π€£11π9π€2π1π―1
βΌοΈ BREAKING: xAI's Grok Build CLI was uploading entire Git repositories to a Google Cloud bucket, private codebases and unredacted secrets included. The uploads quietly stopped via a hidden server-side flag, and xAI still has not said a word about scope, retention, or deletion.
The scale is staggering. On a 12 GB test repo, 5.1 GB flew out the door to xAI's grok-code-session-traces bucket while the actual coding task needed just 192 KB. The tool grabbed whatever repository it ran in, not the files it needed.
The fix arrived as a hidden flag, disable_codebase_upload: true, a day after a researcher's wire-level analysis. The "Improve the model" opt-out never stopped the uploads.
Still no advisory, no scope, no word on whether already-uploaded code gets deleted. For anyone pointing AI coding agents at proprietary code, what crosses the wire matters more than what the settings page says.
https://www.internationalcyberdigest.com/xais-grok-build-cli-uploads-entire-git-repositories-to-a-google-cloud-bucket/
The scale is staggering. On a 12 GB test repo, 5.1 GB flew out the door to xAI's grok-code-session-traces bucket while the actual coding task needed just 192 KB. The tool grabbed whatever repository it ran in, not the files it needed.
The fix arrived as a hidden flag, disable_codebase_upload: true, a day after a researcher's wire-level analysis. The "Improve the model" opt-out never stopped the uploads.
Still no advisory, no scope, no word on whether already-uploaded code gets deleted. For anyone pointing AI coding agents at proprietary code, what crosses the wire matters more than what the settings page says.
https://www.internationalcyberdigest.com/xais-grok-build-cli-uploads-entire-git-repositories-to-a-google-cloud-bucket/
π©16π±10β€3π3π₯2
βΌοΈ Update: Elon Musk says SpaceXAI will delete all user data uploaded to the company "before now" as a precautionary measure, one day after a researcher's wire-level analysis showed the Grok Build CLI shipping entire private repos, unredacted secrets included, to a Google Cloud bucket.
The pledge came in an X post. Still no advisory, no timeline, and no way for affected developers to verify deletion. And deleted or not, any credentials that left the machine still need to be rotated.
The pledge came in an X post. Still no advisory, no timeline, and no way for affected developers to verify deletion. And deleted or not, any credentials that left the machine still need to be rotated.
π©7π6β€4π€ͺ3π1
βΌοΈBREAKING: Telegram's core t[.]me domain has been placed on serverHold at the .me registry, a registry-level status that drops it from DNS worldwide and dead-ends every t[.]me link.
Domain records show the change happened today, with no public explanation yet from Telegram, the .me registry, or backend operator Identity Digital.
Domain records show the change happened today, with no public explanation yet from Telegram, the .me registry, or backend operator Identity Digital.
π¨17π€6π2β€1
Last month I took Nightmare-Eclipse out for dinner. He's the person behind all those Windows zero-day PoC drops.
He wanted to eat fish β a specific kind of fish. I'm not really fond of fish, so I had no idea where you could even get it; it's always something my brain skips over when reading a menu.
I took him to a restaurant where he could have fish and I could have steak. When he took his first bite, he almost choked β he hadn't expected the bones to still be in it. I'd forgotten to warn him. After that, he started picking the fish apart with nothing but his knife. He went at it so methodically you'd think he ate fish like this for a living.
He's a bright young fella, to say the least: very calm and professional. And after hearing his story, it sounds to me like Microsoft really screwed him over and sent him off the rails.
I'm not allowed to say more, but this story still hasn't ended β that's for sure. Things will keep going like this for a while.
He wanted to eat fish β a specific kind of fish. I'm not really fond of fish, so I had no idea where you could even get it; it's always something my brain skips over when reading a menu.
I took him to a restaurant where he could have fish and I could have steak. When he took his first bite, he almost choked β he hadn't expected the bones to still be in it. I'd forgotten to warn him. After that, he started picking the fish apart with nothing but his knife. He went at it so methodically you'd think he ate fish like this for a living.
He's a bright young fella, to say the least: very calm and professional. And after hearing his story, it sounds to me like Microsoft really screwed him over and sent him off the rails.
I'm not allowed to say more, but this story still hasn't ended β that's for sure. Things will keep going like this for a while.
π₯21β€9π6π€3π1