M. Maali 🔑

@Giveth crossbar FTW

If people are really curious about copy.fail, @5unKn0wn is the GOATed researcher who is responsible!

❗️ Apple accidentally shipped Claude[.]md files in the Apple Support app update (v5.13). For context, Claude[.]md is the instruction file Anthropic's Claude Code uses to understand a project's structure, conventions, and developer guidance. They typically live in source repos and are not meant to ship inside production apps. Source: @aaronp613

The best cryptographer in the world

The Stanford, a16z, Mysten & Sui code for batch threshold encryption from partial fractions is now public: github.com/entrohpy/batch… The paper is also updated with shorter ciphertexts: eprint.iacr.org/2026/674.pdf

⚠️ Linux Kernel 0-Day "Copy Fail" Roots Every Major Distribution Since 2017 Source: cybersecuritynews.com/linux-kernel-0… A critical zero-day vulnerability in the Linux kernel has been publicly disclosed, enabling any unprivileged local user to obtain root access on virtually every major Linux distribution shipped since 2017. Copy Fail is a straight-line logic bug not a race condition in the Linux kernel's authencesn cryptographic template, reachable via the AF_ALG socket interface combined with the splice() system call. A single 732-byte Python script using only standard library modules achieves deterministic root on every tested distribution and architecture. #cybersecuritynews #linux #CopyFail

Genuinely WTF is going on with DeFi this month? Just an insane number of code exploits, oracle exploits, bridge hacks, and key compromises: LayerZero | $292M | April 18 | rsETH bridge exploit Drift Trade | $285M | April 1 | Compromised Admin + Fake Token Price Manipulation Rhea Lend | $18.4M | April 16 | Fake Collateral Exploit Grinex | $15M | April 16 | Hot wallet hack Sweat Foundation | $3.5M | April 29 | Refund_first & Refund_second Logic Exploit Volo Vault | $3.5M | April 21 Hyperbridge | $2.5M | April 12 | Fake State Proof BSC TMM/USDT | $1.67M | April 4 | Reserve Manipulation Attack Purrlend | $1.5M | April 25 | Fake Bridge Address Giddy | $1.3M | April 23 | Incomplete EIP-712 Signature Coverage Aftermath Perps | $1.14M | April 29 | Fee-Accounting Logic Flaw Aethir | $423K | April 9 | Acces Control Exploit Singularity Finance | $413K | April 27 | Oracle Misconfiguration Exploit Dango | $410K | April 13 | Donate Negative Amounts Hack Silo V2 | $392K | April 3 | Misconfigured Oracle Exploit Syndicate | $330K | April 29 | Commons Bridge Exploit ZetaChain | $300K | April 27 | GatewayEVM Contracts Exploit JUDAO | $228K | April 28 | Flashloan Exploit Scallop Lend | $150K | April 26 Quant | $138K | April 28 | Access Control Exploit Zerion Wallet | $100K | April 14 | Hot Wallet Compromise via Social Engineering Kipseli | $80K | April 22 | Flawed Quoting Logic MONA | $60K | April 13 | BurnAddress Accounting Exploit SubQuery Network | $60K | April 12 | Acces Control Exploit Juicebox V3 | $52K | April 20 | borrowFrom Spoof Attack Thetanuts Finance | $50K | April 20 | First Depositor Attack Litecoin | April 26 | Zero-Day Bug & DDoS Exploit

> be taeyang lee > read kernel crypto and notice a 2017 optimization in algif_aead > realize any user can overwrite /usr/bin/su in ram > any user can become root in 2 seconds on every linux box since 2017 > every cloud. every k8s cluster. every ai sandbox. > give the bug to an llm > ai produces a 732-byte exploit working on all of them

🚨 ALERT: Wasabi Protocol exploited for $5M+ across multiple chains, including Ethereum and Base, per PeckShield.

‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017. Website: copy.fail Write-up: xint.io/blog/copy-fail… GitHub: github.com/theori-io/copy… It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su. Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise. Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.

Grimace shake Grimace shake is back! is back...

back in 2021 bullshit news like this would’ve meant an instant 88% pump

Rocket Power: Beach Bandits (2002)

BREAKING: Vibe-coding platform Lovable reportedly suffered a breach that exposed users’ AI chat histories, source code, & database credentials.

RIP Figma 😭 Claude just dropped Claude Design.

WTF JUST HAPPENED

Hyperliquid front end be like I see you've arrived in the Netherlands in the past 30 seconds, carry on then.

BREAKING: Iran officially reopens Strait of Hormuz