‼️ The alienation continues: more security researchers are sticking up the middle finger after feeling squeezed by Microsoft and GitHub. MSRC emailed Black Hat USA 2026 presenters asking which MSRC cases, VULN-IDs, or CVEs their talks would cover. GitHub told a researcher to delete his public PoC repos and flagged his accounts under ToS.

❗️🚨 Zcash crashes nearly 50% after an AI-powered white-hat researcher, using Claude Opus, found a critical flaw in Zcash's privacy pool (Orchard) that could mint unlimited, undetectable counterfeit ZEC.

It went unnoticed for 4 years until the emergency patch on June 1...

❗️🚨 An Israeli company has backdoored hundreds of millions of households through countless Smart TV apps, and they're quietly turning Samsung and LG TVs into exit nodes for AI web-scraping. Your TV is relaying strangers' web traffic from your home IP, your bandwidth, your address attached to whatever those scraping jobs touch.

Roku, Fire TV and Google TV banned the practice. Samsung and LG didn't. The culprit is Bright Data's proxy SDK, which rides inside Tizen and webOS apps, 200+ on webOS alone. Datacenter IPs get blocked, home IPs don't.

Include Security reverse-engineered the SDK and found its relay protocol has no message signing, authentication, or device attestation. Their words: less secure than typical malware command-and-control.

To make things worse, they found that in iOS the relay tunnel binds straight to the physical network interface, so it routes around any VPN the user is running.

Bright Data's config also ships per-country tiers. Devices in Uzbekistan and Oman are cleared to relay down to 1% battery, with data caps up to 60x the worldwide default.

Before the BaCkDoOrEd replies land: technically you agreed. In practice you were enrolled into a global proxy network you were never given the information to refuse. And these exit nodes drag down your IP's reputation, potentially leaving you with blocks from providers.

Read: https://blog.includesecurity.com/2026/06/the-smart-tv-in-your-livingroom-is-a-node-in-the-aiscraping-economy/

Same guy btw

‼️🚨 BREAKING: Sony PlayStation's age-verification partner Yoti is reporting GrapheneOS users to authorities for using GrapheneOS, due to "past security concerns."

Yoti is also used by Instagram, Facebook Dating, Epic Games, the UK Post Office, and major retailers across the UK, US and EU, but this particular case reportedly involves Sony PlayStation age verification.

‼️🚨 Yet another Meta fuck-up: its account recovery function allows unauthenticated access to full account PII, including emails and phone numbers, from just a username. We verified the claim and found social media and wine-app accounts belonging to several public figures. We'll start with footballer Kylian Mbappé, who has a hidden TikTok account.

Then on to footballer Cristiano Ronaldo's wife, Georgina Rodríguez, who has a Vivino account ;-) I thought her husband only endorsed drinking water.

And she also has a hidden TikTok account.

That said, this looks real to us.

Let's see what Meta has to say.

We were also able to confirm the accounts of Meta CEO Mark Zuckerberg. Someone exploited the same vulnerability, which allegedly gave them access to the PII of any Meta user.