Jelli【 AITV 】

Presence shouldn't require burnout. Identity shouldn't require your face. The commoditization of presence & identity is happening. When identity becomes infrastructure, everyone gets a voice. Here's why that matters 👇 aitv.gg/blog/aitv-the-…

geçen hafta claude ile 6 saat dijital ayak izimi sildim. sonuç: 47 data broker listingi kaldırıldı. 12 ölü hesap silindi. 3 arama sonucu bastırıldı. nasıl yaptım, adım adım. thread.

Cursor is making a platform play. Right now they're an IDE. By releasing the SDK, they're turning their agent runtime into programmable infrastructure that runs headlessly in CI/CD pipelines, internal tools, and even third-party products. Every agent spun up through the SDK burns tokens on Cursor's billing. That means revenue scales with compute, not seats, and without a human in the loop, volume can go way higher. Smart move!

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

MEXC sitting on $260m in USDC/USDe debt on aave v3 at 1.01 health factor. $110k daily interest accrual. health factor decays ~0.04% every 24 hours with no action. that's 6-8 days until forced liquidation if ETH doesn't move up and they don't add collateral. $260m in ETH/wBTC collateral hitting the market in a cascading liquidation is the next black swan everyone can see coming on-chain in real time. the kelp exploit was round one

🚨 BREAKING: Never pay for clipping tools again! Someone built fully AI powered tool that just destroyed the $49/month clipping industry > Clip any YouTube or local videos > No watermarks, no limits, self-hosted > Can even plug in Claude or any AI model 100% free & open source.

chaos labs is paid $2.4m/year as aave's risk manager and never once checked that rsETH was running a 1/1 DVN config on layerzero before approving it at 75% LTV. that single oversight enabled $236m in bad debt. they just lost the compound contract to gauntlet. 68% of aave governance is calling for their review or replacement. aave v4 launches april 30 with a new collateral framework that will likely make $4-6b in current bridged assets ineligible unless protocols prove 3/5 DVN minimum. that's a forced deleveraging event 11 days out. the risk managers had zero skin in the game, zero financial liability, zero incentive to dig deeper than a peckshield audit and a chainlink oracle check. bridge security wasn't even on the checklist. you need to go read the getAppConfig() on every bridged token you're lending against right now because clearly nobody else did

the kelp rsETH post-mortem is wild lazarus (dprk) compromised two rpc nodes that layerzero dvn was relying on. swapped the op-geth binaries. wrote a custom payload that forged messages *only when the dvn queried* - every other IP, including monitoring, saw clean truthful data. then they DDoS'd the healthy RPCs to force failover onto the poisoned ones. drained $290M. self-destructed the malicious binaries to erase tracks. they targeted rsETH because kelp ran a 1-of-1 DVN config with layerzero as sole verifier

"so you staked your ETH on the Ethereum blockchain to earn yield?" "yes, Dave" "except you didn't want your capital to be locked up so you actually staked it with a liquid staking protocol called Lido?" "that's correct, Dave" "and Lido gave you a liquid staking receipt token called stETH in return?" "yes, Dave" "and then you didn't think that was enough, so you juiced the yield even further by depositing your stETH receipt tokens into a restaking protocol called Eigenlayer?" "you are correct, Dave" "and now you didn't want to lock up your capital, so you actually restaked with a liquid restaking protocol called KelpDAO who provided you with a liquid restaking receipt token called rsETH?" "you got it, Dave" "and then that was surely not enough juice, so you then deposited your rsETH tokens into a lending protocol called AAVE so that you could open a leveraged looping position that borrows ETH against the rsETH collateral and restakes the ETH into rsETH which is then deposited as collateral, except it turns out rsETH used a cross-chain bridge called LayerZero whose security is held together by a 1/1 toothpick, which was obviously hacked by north koreans causing rsETH to become undercollateralized and now these looping positions are stuck and unprofitable, and everyone is pointing fingers at each other, and also DeFi is a very serious industry" "you are 100% correct, dave" jfc.

⚠️ALERT: $AAVE is now down -19% today after a $292M Kelp DAO rsETH exploit triggered a full-blown liquidity crisis. Aave's ETH pool just hit 100% utilization. That means one thing: there's almost no ETH left to withdraw. Here's what happened: Attacker drained 116,500 rsETH ($292M) from Kelp DAO's LayerZero bridge He then deposited the stolen rsETH as collateral on Aave V3 to borrow ~$236M in WETH. Because the rsETH is now unbacked, those positions are unliquidatable. Aave is now stuck with ~$280M in bad debt it cannot recover. Panic withdrawals have followed: $5.4 BILLION in $ETH outflows, with Justin Sun pulling 65,584 ETH ($154M) alone. ETH utilization has maxed out at 100%, which means there's almost no ETH left to withdraw. This is the FIRST real-world test of Aave's Umbrella safety module & the BIGGEST DeFi exploit of 2026. This is a developing story.

Iron Dome for cats 😂

Genie3 generates videos. We generate 𝟯𝗗 𝘄𝗼𝗿𝗹𝗱𝘀 you can actually use. Launching tomorrow — Tencent #HYWorld 2.0, an engine-ready World Model🚀 This isn't a video. It's a real 3D scene, all generated & editable. One image in. A whole 3D world out. 🔥Open-source tomorrow

It's hard to believe that the "~80%+ of the internet is blocked in Spain during football games" claim is true - but it is!! And has been for years. The government is sabotaging their complete digital economy... for La Liga, a private football org worth €5B. Pure madness

🚨🚨 UPDATE: CoW Swap experienced a DNS hijacking at 14:54 UTC (approximately 90 minutes ago). The CoW Protocol backend and APIs were not impacted, but we have paused them temporarily as a precaution. We are now actively working to resolve the situation. Please continue to refrain from using swap dot cow dot fi until we confirm that it is safe to use.

Spain's egregious Cloudflare blocks are breaking Docker now 💀

🚨 ALERT: Researchers discover 26 third-party AI LLM routers secretly injecting malicious tool calls and stealing credentials. Developers using AI coding agents like Claude Code to work on smart contracts or wallets may be at risk of having private keys and seed phrases compromised.

Introducing: Nothing Ever Happens A @Polymarket bot that automatically buys "No" for every non-sports market and holds to resolution. Why predict the future when 73.4% of all Polymarkets resolve as No? Stop over thinking it. Nothing Ever Happens. github.com/sterlingcrispi…

you can literally: 📺create an AI streamer in minutes 🛜plug it into your Twitch or socials 📹 let it stream, reply, and grow for you no team. no coding. no waiting. just you → prompt → live channel go to AITV Studio and launch your streamer!

WORLD LIBERTY FI

TRUMP FAMILY CRYPTO PROJECT EXTRACTS $100 MILLION AS IT FREEZES INVESTOR MONEY

So you’re telling me World Liberty Financial (WLFI) a project linked to the Trump family deposited billions of its own tokens, used them as collateral and borrowed tens of millions against it inside a protocol where it controls most of the liquidity This happened on April 9, 2026 - around 5 billion WLFI tokens used as collateral - $75 million borrowed in stablecoins - all through the Dolomite lending protocol - WLFI represents around 55% of the entire protocol liquidity So how does that even work They deposit their own token, borrow stablecoins against it and keep the position open as long as the price holds But here’s where it gets uncomfortable - the main stablecoin pool is used at around 93% - meaning most liquidity is already borrowed - retail users could struggle to withdraw - funds inside the system start to feel “locked” And it gets worse Dolomite was co-founded by someone connected to WLFI meaning the borrower and the infrastructure are linked same circle on both sides of the trade Then you have this - over $40 million moved to Coinbase Prime just hours before a major Trump-related geopolitical announcement The team denies everything But if it’s real then it’s a closed loop where the same circle is providing liquidity borrowing from it and holding it up at the same time Insane crime