Ibrahim Sukari

GitHub Copilot switching to usage-based AI Credits… and yeah, good luck if you’re doing a lot of agentic stuff. Meanwhile, OpenAI is still keeping ChatGPT Plus and Pro on straightforward monthly subscriptions with pretty generous limits. No surprise bills for most people. Smart move holding the line while everything else is getting more expensive. Who else is thinking about canceling Copilot?

Starting June 1st, GitHub Copilot will move to a usage-based billing model as GitHub Copilot supports more agentic and advanced workflows. In early May, you'll see a preview bill experience, giving visibility into projected costs before the transition. 👉 Read more about the upcoming change: github.blog/news-insights/…

Classic over-privileged AI agent + brittle infra. 1. CLI token gave full delete rights (no scoping) 2. Destructive op via one command, no gates 3. Backups in same deletable volume 4. Prompts/Plan Mode failed as expected LLMs + broad creds = self-inflicted insider threat. Audit tokens, add hard gates, separate backups. Prompt safety isn't security. (Agents aren't "rogue" - your controls were.)

@IntCyberDigest Amateur hour

Oh my, if you're having a bad day you should look at this person's day. 💀

This is actually a smart take on AI security. Handing real credentials to unpredictable agents feels like playing with fire (hello, prompt injection nightmares). Their proxy setup keeps secrets hidden, brokers the calls, adds proper scoping + rules + full audits. Way better least-privilege approach. Open source. Security folks, worth a test run.

Morning at #BlackHatAsia2026 in Singapore. Violet Blue’s keynote hit hard: “Privacy is the Captain. Security is the Practice.” She showed how privacy failures are often the real starting point for big breaches, and why data sovereignty efforts in APAC offer a smarter path than extractive models. Thought-provoking way to kick off Day 2 👏 #BHASIA #DataPrivacy #Cybersecurity

@elonmusk This is what proper in-flight internet looks like. Australian carriers, stop making us suffer with laggy WiFi and get Starlink already!

Starlink

@budapp Let's go

Introducing Bud. The first AI Human Emulator. Bud has a full computer with storage, compute, and memory to build and code, sms and telegram to communicate, a full browser to use, can create/store/edit files, connect and use your tools, learn custom skills, work fully autonomously, and complete any task end to end just like a human. Text the number below or try free at bud [dot] app. Comment for 100k free credits.

@SpaceX @cursor_ai This is huge.. Pairing Cursor with Colossus could supercharge secure code generation and vulnerability detection for everyone building critical systems. Cyber defenders will move faster than ever. Net positive for the industry, excited to see what comes next.

SpaceXAI and @cursor_ai are now working closely together to create the world’s best coding and knowledge work AI. The combination of Cursor’s leading product and distribution to expert software engineers with SpaceX’s million H100 equivalent Colossus training supercomputer will allow us to build the world’s most useful models. Cursor has also given SpaceX the right to acquire Cursor later this year for $60 billion or pay $10 billion for our work together.

Cyber threats are evolving fast and so should your defence. If you’re unsure how exposed your business might be or where to start, that’s usually the best place to begin the conversation. Explore how we can support your business: intrix.com.au

@DiffeKey Too little too late unfortunately. The damage has been done.

Big news: all posts related to the Vercel compromise have been removed from BreachForums, along with the admin list database that was shared with the original announcement. Did Vercel pay the ransom? #cybernews #vercel #breachforums #news

Poor security meets pro-level gaslighting. Accidentally re-exposed sensitive chats (with creds and all), researchers flag it via HackerOne… and they close it as “intended behavior.” Then the first statement: “No breach, just unclear docs.” Classic. Next time, maybe private-by-default before the drama?

We’re sorry our initial statement didn't properly address our mistake. Here's what a public project on Lovable means, and how we got to where we are today: In the early days, people didn't know what Lovable was capable of. So we wanted to make it easy to explore what others were building, as a way to spark ideas and lower the barrier to getting started. Like scrolling GitHub or Dribbble: you browse projects to see what's possible, then go build your own. When you create a project on GitHub, you can make it private or public. Lovable worked the same. Users had a "Public" or "Private" option right in the chatbox. A public project meant the entire project was public, both chat and code. “Just like a public project on GitHub," we thought. Over time, we realized this was confusing. Many users thought "public" just meant others could see their published app, not the chat of an unpublished project. That's reasonable. On the free tier, users originally couldn't create private projects. They had to upgrade to a paid plan to do so. In May 2025, we changed this: users on the free tier could choose to make their projects private. For enterprise customers, the public visibility setting was disabled altogether. And in December 2025, we switched to private by default across all tiers. We also retroactively patched our API so public project chats couldn't be accessed, no matter what. Unfortunately, in February, while unifying permissions in our backend, we accidentally re-enabled access to chats on public projects. This was reported through our vulnerability disclosure program (via HackerOne). Unfortunately, the reports were closed without escalation because our HackerOne partners thought that seeing public projects’ chats was the intended behaviour. Upon learning this, we immediately reverted the change to make all public projects’ chats private again. We appreciate the researchers who uncovered this. We understand that pointing to documentation issues alone was not enough here. We’ll do better.

Holy shit… the exploitation of CVE-2025-55182 has reached a new level. There’s now a publicly available Chrome extension on GitHub that automatically scans for and exploits vulnerable sites as you browse. Absolutely wild. 🤦‍♂️

Our platform has put a quick checker together to see if your org domain has been affected by Shai Hulud 2.0 pulse.attackinsights.ai/threat-intelli…

Our team is analyzing the repos from the #ShaiHulud NPM fiasco. We are seeing email addresses from LARGE organisations like: * Accenture * DocuSign * Cloudflare * Ericsson * Nutanix * Phillips * SAP * Thomson Reuters * Vodafone * nih.gov Page coming up soon to check your email and org.

@AlexFinn go for it, keen to watch it

Give me 1 reason why I shouldn't buy this top of the line Mac Studio, download Kimi K2 Thinking (best AI model in the world right now), and let it control the computer autonomously 24/7 A full employee working for me year round Would anyone want to this live streamed?

Cybersecurity roundup (last 48h): 1. INTERPOL arrests 1,200+ suspects in “Operation Serengeti 2.0” cybercrime crackdown 2. DaVita ransomware breach exposes 2.7M patient records 3. Massive breach*: 16 billion passwords dumped across major platforms (Google, Apple, Facebook) 4. Colt Telecom hit by Warlock ransomware gang 5. New “Shamos” infostealer targets Mac users via fake troubleshooting guides 6. FBI warns Russian FSB-backed hackers now hitting critical infrastructure using old Cisco flaws 7. Microsoft, Google & Mozilla release emergency security patches to block new exploits 8. Europol debunks fake Telegram “ransom tip-off” channel 9. Pakistani APT targets India with novel malware techniques

@CyberRobooo While some see hope for infertility, it raises serious questions about playing creator and if we’re ready for the consequences.

Sci-fi has become reality. A Chinese company plans to launch the world's first artificial womb using a humanoid robot, helping babies from conception to birth. The prototype will be available next year for $13,000.

🚨 Cybersecurity roundup (last 24h): NSW man charged with AI-powered child abuse material US DoJ takes down "Rapper Bot" DDoS botnet Apple has released an emergency patch for new zero-day Six major password managers hit by clickjacking flaws Hackers using website builders for phishing/malware TPG Telecom discloses breach in iiNet system Google & Mozilla patch Chrome/Firefox vulnerabilities Stay sharp, new threats and rapid responses are the new normal.

Everything your business needs to know about privileged access management #PAM …NMQ02GXU.marketingautomation.services/net/m?md=%2F2m…

Today is #WorldPasswordDay2021. Let us know which of the following passwords your think is the strongest.