Jelli【 AITV 】

Presence shouldn't require burnout. Identity shouldn't require your face. The commoditization of presence & identity is happening. When identity becomes infrastructure, everyone gets a voice. Here's why that matters 👇 aitv.gg/blog/aitv-the-…

ANTHROPIC'S 31 SMALL BUSINESS SKILLS GOT 382,000 DOWNLOADS ON DAY ONE AND SOMEONE JUST MAPPED EVERY SINGLE ONE INTO A 10 MINUTE SETUP. It covers financial operations, sales, HR, marketing, and reporting with a full connector guide and real output examples.

Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux. It checks developer machines for risky packages, extensions, and AI tool configs. Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges. github.com/perplexityai/b…

We are entering a new era of on-device automation. ✨ Watch Gemma 4 E4B navigate and drive an iOS simulator directly using Argent. Local models can handle complex interactions and software navigation autonomously.

We replaced Privy with our own free open source option steward.fi The privy team have been very nice and supportive but ultimately their product cannot be integrated into open source projects without making every developer sign up, and it’s crazy expensive

Ethereum's roadmap got real in the last 12mo: PQ, scaling, latency, privacy, AA, minimization, hardness. A lot hinges on p2p networking. A few weeks ago I decided to leave the EF to keep advancing this layer from the outside. Last week was my last day; the end of a memorable chapter in the arena with some of the most principled, humble, and talented people in this space. The Protocol cluster is in great hands with @corcoranwill, @kevaundray, and @fredrik0x. The work continues, no time to skip a slot. Core Devs got pilled on ethp2p at interop, and so should you. 👇

geçen hafta claude ile 6 saat dijital ayak izimi sildim. sonuç: 47 data broker listingi kaldırıldı. 12 ölü hesap silindi. 3 arama sonucu bastırıldı. nasıl yaptım, adım adım. thread.

Cursor is making a platform play. Right now they're an IDE. By releasing the SDK, they're turning their agent runtime into programmable infrastructure that runs headlessly in CI/CD pipelines, internal tools, and even third-party products. Every agent spun up through the SDK burns tokens on Cursor's billing. That means revenue scales with compute, not seats, and without a human in the loop, volume can go way higher. Smart move!

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

MEXC sitting on $260m in USDC/USDe debt on aave v3 at 1.01 health factor. $110k daily interest accrual. health factor decays ~0.04% every 24 hours with no action. that's 6-8 days until forced liquidation if ETH doesn't move up and they don't add collateral. $260m in ETH/wBTC collateral hitting the market in a cascading liquidation is the next black swan everyone can see coming on-chain in real time. the kelp exploit was round one

🚨 BREAKING: Never pay for clipping tools again! Someone built fully AI powered tool that just destroyed the $49/month clipping industry > Clip any YouTube or local videos > No watermarks, no limits, self-hosted > Can even plug in Claude or any AI model 100% free & open source.

chaos labs is paid $2.4m/year as aave's risk manager and never once checked that rsETH was running a 1/1 DVN config on layerzero before approving it at 75% LTV. that single oversight enabled $236m in bad debt. they just lost the compound contract to gauntlet. 68% of aave governance is calling for their review or replacement. aave v4 launches april 30 with a new collateral framework that will likely make $4-6b in current bridged assets ineligible unless protocols prove 3/5 DVN minimum. that's a forced deleveraging event 11 days out. the risk managers had zero skin in the game, zero financial liability, zero incentive to dig deeper than a peckshield audit and a chainlink oracle check. bridge security wasn't even on the checklist. you need to go read the getAppConfig() on every bridged token you're lending against right now because clearly nobody else did

the kelp rsETH post-mortem is wild lazarus (dprk) compromised two rpc nodes that layerzero dvn was relying on. swapped the op-geth binaries. wrote a custom payload that forged messages *only when the dvn queried* - every other IP, including monitoring, saw clean truthful data. then they DDoS'd the healthy RPCs to force failover onto the poisoned ones. drained $290M. self-destructed the malicious binaries to erase tracks. they targeted rsETH because kelp ran a 1-of-1 DVN config with layerzero as sole verifier

"so you staked your ETH on the Ethereum blockchain to earn yield?" "yes, Dave" "except you didn't want your capital to be locked up so you actually staked it with a liquid staking protocol called Lido?" "that's correct, Dave" "and Lido gave you a liquid staking receipt token called stETH in return?" "yes, Dave" "and then you didn't think that was enough, so you juiced the yield even further by depositing your stETH receipt tokens into a restaking protocol called Eigenlayer?" "you are correct, Dave" "and now you didn't want to lock up your capital, so you actually restaked with a liquid restaking protocol called KelpDAO who provided you with a liquid restaking receipt token called rsETH?" "you got it, Dave" "and then that was surely not enough juice, so you then deposited your rsETH tokens into a lending protocol called AAVE so that you could open a leveraged looping position that borrows ETH against the rsETH collateral and restakes the ETH into rsETH which is then deposited as collateral, except it turns out rsETH used a cross-chain bridge called LayerZero whose security is held together by a 1/1 toothpick, which was obviously hacked by north koreans causing rsETH to become undercollateralized and now these looping positions are stuck and unprofitable, and everyone is pointing fingers at each other, and also DeFi is a very serious industry" "you are 100% correct, dave" jfc.

⚠️ALERT: $AAVE is now down -19% today after a $292M Kelp DAO rsETH exploit triggered a full-blown liquidity crisis. Aave's ETH pool just hit 100% utilization. That means one thing: there's almost no ETH left to withdraw. Here's what happened: Attacker drained 116,500 rsETH ($292M) from Kelp DAO's LayerZero bridge He then deposited the stolen rsETH as collateral on Aave V3 to borrow ~$236M in WETH. Because the rsETH is now unbacked, those positions are unliquidatable. Aave is now stuck with ~$280M in bad debt it cannot recover. Panic withdrawals have followed: $5.4 BILLION in $ETH outflows, with Justin Sun pulling 65,584 ETH ($154M) alone. ETH utilization has maxed out at 100%, which means there's almost no ETH left to withdraw. This is the FIRST real-world test of Aave's Umbrella safety module & the BIGGEST DeFi exploit of 2026. This is a developing story.

Iron Dome for cats 😂

Genie3 generates videos. We generate 𝟯𝗗 𝘄𝗼𝗿𝗹𝗱𝘀 you can actually use. Launching tomorrow — Tencent #HYWorld 2.0, an engine-ready World Model🚀 This isn't a video. It's a real 3D scene, all generated & editable. One image in. A whole 3D world out. 🔥Open-source tomorrow

It's hard to believe that the "~80%+ of the internet is blocked in Spain during football games" claim is true - but it is!! And has been for years. The government is sabotaging their complete digital economy... for La Liga, a private football org worth €5B. Pure madness

🚨🚨 UPDATE: CoW Swap experienced a DNS hijacking at 14:54 UTC (approximately 90 minutes ago). The CoW Protocol backend and APIs were not impacted, but we have paused them temporarily as a precaution. We are now actively working to resolve the situation. Please continue to refrain from using swap dot cow dot fi until we confirm that it is safe to use.

Spain's egregious Cloudflare blocks are breaking Docker now 💀

🚨 ALERT: Researchers discover 26 third-party AI LLM routers secretly injecting malicious tool calls and stealing credentials. Developers using AI coding agents like Claude Code to work on smart contracts or wallets may be at risk of having private keys and seed phrases compromised.