βΌοΈπ¨ BREAKING: Cloudflare's CISO just published what Anthropic's unreleased Mythos did against more than 50 of their own production repos. According to him, Mythos is too powerful and must "include additional safeguards" before releasing to the public.
Turns out the model can chain multiple low-severity bugs into a single severe exploit with a working PoC, where previous frontier models would stop at "interesting bug, unclear if exploitable."
At triage time, that means fewer hedged findings and less time spent asking "is this even real?" A finding that arrives with a PoC is a finding you can act on.
Cloudflare is also explicit about the safety side. The Mythos Preview build provided for Project Glasswing did not include the safeguards present in generally available models like Opus 4.7 or GPT-5.5. The model's organic refusals are real, but Cloudflare states they are not consistent enough to serve as a complete safety boundary on their own, and that any cyber frontier model made generally available in the future must ship with additional safeguards on top of that baseline.
Interesting detail: Cloudflare was not on the original Project Glasswing launch partner list with Apple, AWS, Google, Microsoft, CrowdStrike, and others. Instead they got invited later on.
https://blog.cloudflare.com/cyber-frontier-models/
Turns out the model can chain multiple low-severity bugs into a single severe exploit with a working PoC, where previous frontier models would stop at "interesting bug, unclear if exploitable."
At triage time, that means fewer hedged findings and less time spent asking "is this even real?" A finding that arrives with a PoC is a finding you can act on.
Cloudflare is also explicit about the safety side. The Mythos Preview build provided for Project Glasswing did not include the safeguards present in generally available models like Opus 4.7 or GPT-5.5. The model's organic refusals are real, but Cloudflare states they are not consistent enough to serve as a complete safety boundary on their own, and that any cyber frontier model made generally available in the future must ship with additional safeguards on top of that baseline.
Interesting detail: Cloudflare was not on the original Project Glasswing launch partner list with Apple, AWS, Google, Microsoft, CrowdStrike, and others. Instead they got invited later on.
https://blog.cloudflare.com/cyber-frontier-models/
π5π5β€2
π¨π INTERPOL carried out Operation Ramz, the first cyber operation in the MENA region with 201 arrests, 382 additional suspects identified, 3,867 victims, and 53 servers seized across 13 countries.
The operation ran from October 2025 to February 28, 2026, and targeted phishing, malware, and cyber scam infrastructure. Around 8,000 pieces of data and intelligence were shared between participating countries: Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and UAE.
Jordanese Police pinpointed a computer running fraudulent "trading platform" scams. A raid found 15 people running the scams, but investigators determined they were victims of human trafficking, recruited under false employment promises from Asia, passports confiscated on arrival, and forced into the scheme. Two suspects orchestrating the operation were arrested.
Other notable hits:
- Algeria dismantled a phishing-as-a-service operation, with one arrest and a server, computer, phone, and hard drives seized
- Morocco seized devices containing banking data and phishing tools, with three individuals in judicial proceedings
- Qatar identified compromised devices whose owners were themselves cyberattack victims unknowingly spreading malware
- Oman disabled a private-residence server holding sensitive information that had been infected with malware
Private-sector partners included Group-IB, Kaspersky, Shadowserver Foundation, Team Cymru, and TrendAI.
https://www.interpol.int/News-and-Events/News/2026/201-arrests-in-first-of-its-kind-cybercrime-operation-in-MENA-region
The operation ran from October 2025 to February 28, 2026, and targeted phishing, malware, and cyber scam infrastructure. Around 8,000 pieces of data and intelligence were shared between participating countries: Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and UAE.
Jordanese Police pinpointed a computer running fraudulent "trading platform" scams. A raid found 15 people running the scams, but investigators determined they were victims of human trafficking, recruited under false employment promises from Asia, passports confiscated on arrival, and forced into the scheme. Two suspects orchestrating the operation were arrested.
Other notable hits:
- Algeria dismantled a phishing-as-a-service operation, with one arrest and a server, computer, phone, and hard drives seized
- Morocco seized devices containing banking data and phishing tools, with three individuals in judicial proceedings
- Qatar identified compromised devices whose owners were themselves cyberattack victims unknowingly spreading malware
- Oman disabled a private-residence server holding sensitive information that had been infected with malware
Private-sector partners included Group-IB, Kaspersky, Shadowserver Foundation, Team Cymru, and TrendAI.
https://www.interpol.int/News-and-Events/News/2026/201-arrests-in-first-of-its-kind-cybercrime-operation-in-MENA-region
π±4
Media is too big
VIEW IN TELEGRAM
βΌοΈπ¨ BambuLab printers are catching fire and melting due to a hardware issue. The fault lies in the NTC thermistor.
Many users on Reddit have reported this issue, and now GamersNexus is offering to buy one so he can do an analysis.
1. It's specifically the Bambu Lab A1 model.
2. The NTC thermistor in question sits on the AC power board, where it limits inrush current. It is not the hotend or nozzle thermistor.
Many users on Reddit have reported this issue, and now GamersNexus is offering to buy one so he can do an analysis.
1. It's specifically the Bambu Lab A1 model.
2. The NTC thermistor in question sits on the AC power board, where it limits inrush current. It is not the hotend or nozzle thermistor.
π±8β€2
βΌοΈπ¨ The Mini Shai-Hulud npm worm has hit again. Hundreds of antv packages compromised (Alibaba's data visualization suite) along with echarts-for-react, timeago.js, size-sensor, and canvas-nest.js.
It all started today with the compromise of npm account atool (i@hust.cc). In a 22-minute window between 01:39 and 02:06 UTC, the attacker published 631 malicious versions across 314 packages, all carrying the same payload.
Top affected packages by monthly downloads:
- size-sensor@1.1.4 - 4.2M dl/mo
- echarts-for-react@3.1.7 - 3.8M dl/mo
β’ antv/scale@0.6.2 - 2.2M dl/mo
- timeago.js@4.1.2 - 1.15M dl/mo
β’ antv/g@6.4.1 - 1.0M dl/mo
β’ antv/path-util@3.1.1 - 1.1M dl/mo
β’ antv/g-svg@2.2.1 - 975K dl/mo
β’ antv/g-lite@2.8.0 - 883K dl/mo
β’ antv/vendor@1.1.11 - 751K dl/mo
What the payload does (498KB obfuscated Bun script, runs via preinstall hook):
- Harvests 20+ secret types: GitHub PATs, npm tokens, AWS keys, GCP service accounts, Azure creds, DB connection strings, Stripe keys, Slack tokens, SSH keys, Docker auth, Kubernetes configs, Vault tokens
- Attempts Docker container escape if the host socket is reachable, spinning up a Privileged container with host filesystem bind mounts
- Pulls a secondary payload via optional dependency antv/setup from antvis/G2 commit 1916faa, which was pushed 19 minutes before the npm publishes started
Read:
https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/
https://socket.dev/blog/antv-packages-compromised
https://aikido.dev/blog/mini-shai-hulud-antv-npm-supply-chain-attack
It all started today with the compromise of npm account atool (i@hust.cc). In a 22-minute window between 01:39 and 02:06 UTC, the attacker published 631 malicious versions across 314 packages, all carrying the same payload.
Top affected packages by monthly downloads:
- size-sensor@1.1.4 - 4.2M dl/mo
- echarts-for-react@3.1.7 - 3.8M dl/mo
β’ antv/scale@0.6.2 - 2.2M dl/mo
- timeago.js@4.1.2 - 1.15M dl/mo
β’ antv/g@6.4.1 - 1.0M dl/mo
β’ antv/path-util@3.1.1 - 1.1M dl/mo
β’ antv/g-svg@2.2.1 - 975K dl/mo
β’ antv/g-lite@2.8.0 - 883K dl/mo
β’ antv/vendor@1.1.11 - 751K dl/mo
What the payload does (498KB obfuscated Bun script, runs via preinstall hook):
- Harvests 20+ secret types: GitHub PATs, npm tokens, AWS keys, GCP service accounts, Azure creds, DB connection strings, Stripe keys, Slack tokens, SSH keys, Docker auth, Kubernetes configs, Vault tokens
- Attempts Docker container escape if the host socket is reachable, spinning up a Privileged container with host filesystem bind mounts
- Pulls a secondary payload via optional dependency antv/setup from antvis/G2 commit 1916faa, which was pushed 19 minutes before the npm publishes started
Read:
https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/
https://socket.dev/blog/antv-packages-compromised
https://aikido.dev/blog/mini-shai-hulud-antv-npm-supply-chain-attack
β€1π¨1
Germany has lost it.
Back in November 2024, a teen in Germany posted "olaf scholz du bastard was soll diese scheiΓe" ("olaf scholz you bastard what the hell is this shit") while staring at a Fortnite update sitting at 3%, downloading a 37.9 GB patch at roughly 173 KB/s. At that rate the install would have taken over 60 hours.
The post pulled exactly 503 views.
Three months later, on February 11, 2025, German police sent him a Schriftliche ΓuΓerung als Beschuldigter, the formal "written statement as the accused" notice. The charge: Β§188 StGB, insulting a person of political life.
A year on he posted the police letter with the caption "Happy anniversary to the funniest thing that ever happened to me." Per his own follow-ups, the matter ended without major consequences, though no formal outcome of the proceedings has been made public. The original tweet seems deleted.
Back in November 2024, a teen in Germany posted "olaf scholz du bastard was soll diese scheiΓe" ("olaf scholz you bastard what the hell is this shit") while staring at a Fortnite update sitting at 3%, downloading a 37.9 GB patch at roughly 173 KB/s. At that rate the install would have taken over 60 hours.
The post pulled exactly 503 views.
Three months later, on February 11, 2025, German police sent him a Schriftliche ΓuΓerung als Beschuldigter, the formal "written statement as the accused" notice. The charge: Β§188 StGB, insulting a person of political life.
A year on he posted the police letter with the caption "Happy anniversary to the funniest thing that ever happened to me." Per his own follow-ups, the matter ended without major consequences, though no formal outcome of the proceedings has been made public. The original tweet seems deleted.
π16π€£3β€1π1
Media is too big
VIEW IN TELEGRAM
βΌοΈπ©πͺ This is what German police actually do with their time now. Going door to door, seizing tablets and phones from pensioners over memes and tweets. The case of the Fortnite teen getting accused for cursing out Olaf Scholz is not an isolated one.
Prosecutors can now open cases on their own under "special public interest." The politician doesn't need to file anything. The result is a steady drip of cases that look insane from the outside and barely register inside the system.
Germany has a law problem.
The Β§188 StGB statute, "insulting a person of political life," got beefed up by the Bundestag in 2021.
This has led to the following absurd cases:
- Pimmelgate (2021): Hamburg interior senator Andy Grote got called a "Pimmel" (dick) on Twitter after he was caught violating his own COVID restrictions. Police raided the user's apartment at 6 a.m. with six officers. The Hamburg regional court later ruled the raid disproportionate. The term "Pimmelgate" became national shorthand for state overreach.
- The Schwachkopf-AffΓ€re (2024): Stefan Niehoff, a 64-year-old pensioner, reposted an edited meme putting Robert Habeck on a fake "Schwachkopf Professional" shampoo bottle (roughly: "Professional Moron"). Reported via a state-linked "trusted flagger" pipeline, police raided his home at dawn in November 2024 and seized his tablet while his wife and his daughter with Down syndrome were home. Habeck filed the complaint. The main insult charge was later dropped, but Niehoff was fined β¬825 on related counts. He died in early 2026. The case became the single most-cited symbol of the law's reach.
- The Merz "Pinocchio" probe (per Brussels Signal): a pensioner reportedly commented "Pinocchio is coming to HN" with a long-nose emoji on a police post about Chancellor Friedrich Merz visiting Heilbronn. Police flagged it during routine monitoring and opened a full Β§188 file, sending him a formal letter. Legal commentators have called the comment protected satirical speech.
- The David Bendels case: the right-wing journalist shared a photomontage mocking then-Interior Minister Nancy Faeser. He was initially given a 7-month suspended prison sentence. On appeal in 2026, he was acquitted. The court ruled the satire was protected political expression.
The pattern is the same every time. A low-engagement post or meme triggers a complaint. Prosecutors open a Β§188 file. Police execute a dawn raid or send a formal letter. Months or years later, a judge throws it out or dramatically narrows it.
By that point the damage is already done. Devices are seized. Names are on file. Pensioners are dragged through a criminal process for posting a shampoo joke.
This is what "wehrhafte Demokratie," aka militant democracy, looks like in 2026.
Prosecutors can now open cases on their own under "special public interest." The politician doesn't need to file anything. The result is a steady drip of cases that look insane from the outside and barely register inside the system.
Germany has a law problem.
The Β§188 StGB statute, "insulting a person of political life," got beefed up by the Bundestag in 2021.
This has led to the following absurd cases:
- Pimmelgate (2021): Hamburg interior senator Andy Grote got called a "Pimmel" (dick) on Twitter after he was caught violating his own COVID restrictions. Police raided the user's apartment at 6 a.m. with six officers. The Hamburg regional court later ruled the raid disproportionate. The term "Pimmelgate" became national shorthand for state overreach.
- The Schwachkopf-AffΓ€re (2024): Stefan Niehoff, a 64-year-old pensioner, reposted an edited meme putting Robert Habeck on a fake "Schwachkopf Professional" shampoo bottle (roughly: "Professional Moron"). Reported via a state-linked "trusted flagger" pipeline, police raided his home at dawn in November 2024 and seized his tablet while his wife and his daughter with Down syndrome were home. Habeck filed the complaint. The main insult charge was later dropped, but Niehoff was fined β¬825 on related counts. He died in early 2026. The case became the single most-cited symbol of the law's reach.
- The Merz "Pinocchio" probe (per Brussels Signal): a pensioner reportedly commented "Pinocchio is coming to HN" with a long-nose emoji on a police post about Chancellor Friedrich Merz visiting Heilbronn. Police flagged it during routine monitoring and opened a full Β§188 file, sending him a formal letter. Legal commentators have called the comment protected satirical speech.
- The David Bendels case: the right-wing journalist shared a photomontage mocking then-Interior Minister Nancy Faeser. He was initially given a 7-month suspended prison sentence. On appeal in 2026, he was acquitted. The court ruled the satire was protected political expression.
The pattern is the same every time. A low-engagement post or meme triggers a complaint. Prosecutors open a Β§188 file. Police execute a dawn raid or send a formal letter. Months or years later, a judge throws it out or dramatically narrows it.
By that point the damage is already done. Devices are seized. Names are on file. Pensioners are dragged through a criminal process for posting a shampoo joke.
This is what "wehrhafte Demokratie," aka militant democracy, looks like in 2026.
π€£11β€1π1π1
βΌοΈπ¨ BREAKING: The "British patriot" Facebook pages flooding UK feeds with anti-Muslim AI slop are not British. One of them is in fact a devout Muslim living in Pakistan who makes $1,500/month posting Islamophobic content.
They have monetised feeding hate against their own people.
A Sri Lankan operator claims $300K career earnings and runs a course with 2,500 graduates.
A 7-month Bureau of Investigative Journalism probe traced the operators.
Source: https://www.theguardian.com/commentisfree/2026/may/19/social-media-facebook-ai-slop-hateful-south-asia
They have monetised feeding hate against their own people.
A Sri Lankan operator claims $300K career earnings and runs a course with 2,500 graduates.
A 7-month Bureau of Investigative Journalism probe traced the operators.
Source: https://www.theguardian.com/commentisfree/2026/may/19/social-media-facebook-ai-slop-hateful-south-asia
π€£12π₯7π©3π1
βΌοΈπ¨ MAJOR IMPACT: The 18-year-old NGINX critical RCE vulnerability "NGINX Rift" (CVE-2026-42945) now WORKS with ASLR turned ON.
PoC code with the ASLR bypass has just been published on GitHub.
https://github.com/Hamid-K/nginx-rift-private-lab
PoC code with the ASLR bypass has just been published on GitHub.
https://github.com/Hamid-K/nginx-rift-private-lab
π3π2
βΌοΈπ¨ BREAKING: GitHub has been compromised by TeamPCP. GitHub has confirmed the internal breach. A poisoned VS Code extension on an employee device exfiltrated ~3,800 internal repositories.
TeamPCP is already selling the data on a cybercrime forum.
https://x.com/github/status/2056949168208552080
TeamPCP is already selling the data on a cybercrime forum.
https://x.com/github/status/2056949168208552080
π€―11π6π€3β€2π’2π2
βΌοΈ Meet the guy who allegedly stabbed Henry Nowak, a student who died at 18. He was stabbed five times, and bodycam footage shows police handcuffed the dying victim after the suspect claimed he had been racially abused and does not carry a knife. Yet we found a photo of him carrying his knife in public...
The suspect "Vickrum Digwa" can be seen wearing his "religious" Sikh knife, or "kirpan". Sikhs have a clear, statutory defence to possess and wear a kirpan in public in the UK. Two-tier policing, written into statute.
The suspect "Vickrum Digwa" can be seen wearing his "religious" Sikh knife, or "kirpan". Sikhs have a clear, statutory defence to possess and wear a kirpan in public in the UK. Two-tier policing, written into statute.
π©11π€―5β€1π1π’1