732 Bytes of Python Just Borked Every Linux Machine on Earth…
The video exposes a critical Linux kernel vulnerability, CVE‑2026‑31431, uncovered by an AI‑driven scanning tool. A tiny 732‑byte Python script exploits a bug in the AF_AGL interface’s handling of ONC ESN data, allowing an unprivileged local user to write four uncontrolled bytes into a read‑only file’s page cache and ultimately gain root privileges. The flaw affects every Linux distribution whose kernel code was updated after 2017, including Ubuntu, Red Hat, Amazon Linux and Arch. Because the exploit requires local access, it is not remotely exploitable, but once an attacker obtains a foothold—via SSH, malicious software, or a compromised account—they can elevate privileges instantly. The proof‑of‑concept was priced on the gray market between $10,000 and $7 million before being released publicly for free. CrowdStrike has confirmed active exploitation, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) list. The discovery was prompted by an AI agent that scanned for splice‑related page‑cache anomalies, completing the search in roughly one hour. Security teams must prioritize kernel updates across all Linux assets and reassess their threat models to account for AI‑generated exploits. The episode underscores the accelerating role of automated code analysis in weaponizing long‑standing bugs, demanding faster patch cycles and stronger isolation of privileged interfaces.
Claude Just Got Another Superpower...
Anthropic unveiled Claude Design, an Opus 4.7‑powered platform that converts rough Figma mockups into fully‑functional prototypes, pitch decks, and production‑ready user interfaces without opening a design tool. The announcement sent Figma’s stock down 7% and sparked a wave of concern among...
Millions of WordPress Sites Just Got Hacked... Again
The video reports a massive supply‑chain compromise affecting 31 WordPress plugins, discovered after eight months of silent back‑door activity. The attacker bought the plugins on Flippa, inserted malicious code, and later activated it, turning ordinary updates into a weapon. Unlike typical...
Google Just Casually Disrupted the Open-Source AI Narrative…
Google’s latest surprise is Gemma 4, a 31‑billion‑parameter large language model released under the permissive Apache 2.0 license. Unlike most “open‑weight” offerings that carry restrictive clauses, Gemma 4 is truly free to use, modify, and commercialize, and it can run on a single...
Millions of JS Devs Just Got Penetrated by a RAT…
The video reports a supply‑chain breach affecting the popular JavaScript HTTP client Axios, where two malicious versions were uploaded to the npm registry, embedding a precision‑guided remote access Trojan (RAT). The attack inserts a rogue dependency called plain‑crypto‑js that runs a...
Tech Bros Optimized War… and It’s Working
The video reports that the U.S. Department of Defense has officially selected the Maven Smart System, an AI‑driven operating system, as the primary software layer for all five services—Army, Navy, Marines, Air Force and Space Force. Maven stitches together massive streams...
7 New Open Source AI Tools You Need Right Now…
The video spotlights seven emerging open‑source AI projects that aim to replace traditional hand‑coded development pipelines with modular, agent‑driven workflows. It begins by framing the modern developer’s dilemma: dozens of AI assistants crowding the terminal, making raw coding feel obsolete,...
Cloudflare Just Slop Forked Next.js…
Cloudflare has launched Vinext, a Vite‑based reimplementation of the Next.js API that lets developers run Next.js‑style applications on Cloudflare’s edge network or any other environment. By decoupling the framework from Vercel’s hosting platform, Vinext offers faster build times and broader...
TanStack Start in 100 Seconds
TanStack Start is a developer‑experience‑focused full‑stack framework that bundles server‑side rendering, streaming, server functions, and bundling, created by Tanner Lindsay as a leaner alternative to Next.js. It leverages React’s ecosystem while addressing Next’s recent security and abstraction concerns. The framework ships...