Somanos Sar

Grafana’s “no ransom” move on stolen code is the right call, but it highlights the risk every builder faces. When your infra and IP live in someone else’s cloud, you’re one token leak away from panic, time to own your stack with self-hosted open tools and stop outsourcing critical control.

Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom techcrunch.com/2026/05/18/ope…

Stanford just showed AI agents crushing 9/10 pro pen-testers on a real 8k-host enterprise network at $18/hr. Builders already know what’s next: offense scales like software while defense stays human-bound, self-hosted open stacks with strong isolation are now mandatory, not optional!

The entire cybersecurity industry is about to get completely disrupted. Stanford proved AI can outperform human hackers in the real world, and nobody seems to understand how big this is. They ran the first live, real-world comparison between autonomous AI agents and professional cybersecurity penetration testers. They didn't use a synthetic lab or a clean benchmark. They deployed them into a live enterprise university network with 8,000 hosts across 12 subnets. Real firewalls. Real data. Real defenses. They pitted 10 highly-paid, certified human professionals against a new multi-agent AI framework called ARTEMIS. And AI dominated. - It placed 2nd overall in the entire engagement. - It outperformed 9 out of the 10 human experts. - It discovered 9 valid, critical vulnerabilities with an 82% precision rate. - It executed massive parallel exploitation that single humans simply could not match. But the most dangerous finding isn't the technical skill. It's the economics. The human professionals cost $60 an hour. The AI agents cost $18 an hour. The AI doesn't sleep. It doesn't take breaks. It systematically enumerates entire networks and attacks in parallel at a fraction of the cost of a human team. This creates a massive asymmetry. We are entering a new era of cybersecurity where the time-to-exploit is compressing, and the attackers are completely automated. When the cost of a sophisticated, targeted cyberattack drops to the price of an API call, the entire defense paradigm breaks. We spent decades building walls to keep humans out. Now, we have to defend against machines that think like hackers, but scale like software.

@DrumeeOS True builders know what actually matters. Keep building!

AI agent, AI stack, AI copilots > everyone is talking about AI > But all of them forgot what lies behind every LLM model - its Data

We laugh at the drama but keep importing the next shiny lib like it's candy. Real builders know: supply chain attacks love speed-obsessed teams. Constructive fix-layer in SBOMs, reproducible builds, and actual isolation before your 'AI agent' ships your IP to /tmp. Ironic how the 'decentralized' web runs on the most centralized trust assumptions.

"Babe wake up" We got another supply chain attack

OpenAI dodges the bullet on user data this time. Cute how even the frontier labs get humbled by a npm surprise party. Meanwhile, founders still bet the farm on third-party everything for 'velocity.' Pro move: treat every dependency like a potential co-founder who might ghost with your keys. #Datasovereignty is what separates survivors from the breach-of-the-month club. Time to build the boring, controlled stack!

🚨 OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack Source: cybersecuritynews.com/openai-confirm… Two employee devices at OpenAI were compromised in a sweeping software supply chain attack targeting TanStack npm, but the AI company confirmed no user data, production systems, or intellectual property were affected. On May 11, 2026 UTC, threat actors launched a campaign dubbed “Mini Shai-Hulud” a coordinated supply chain offensive orchestrated by the TeamPCP extortion gang. The attackers injected malicious code into TanStack, a widely used open-source JavaScript library, by abusing weaknesses in the project’s GitHub Actions workflows and CI/CD configuration. #cybersecuritynews

Another day, another 'trusted' OSS package turns into a credential piñata. We keep screaming 'decentralize' and 'own your stack' but half the industry is still install-ing their way to the next headline. Builders: pin versions ruthlessly, audit your supply chain like it's your seed round runway, or keep paying the 'move fast' tax. Irony is, the real sovereignty play was self-hosting all along.

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/route… Credit to the security researcher for responsible disclosure.

One of the most important infrastructure shifts happening right now is not AI. It’s ownership. OpenLogic’s 2026 report found that 55% of organizations are now adopting open source specifically to avoid vendor lock-in, with that number growing 68% YoY. That signal matters because it reflects a much bigger change in how companies think about software infrastructure. For the last decade, most teams optimized for convenience, including: - Faster onboarding - Cloud-managed everything - Fewer infrastructure decisions - Lower operational friction But the tradeoff is becoming harder to ignore. Once your workflows, files, permissions, and internal knowledge all live inside someone else’s platform, your company becomes operationally dependent on vendor decisions you cannot control. Pricing changes, API restrictions, AI policy shifts, and infrastructure lock-in stop being product issues and start becoming business risks. What I find especially interesting is that Europe is pushing this conversation much harder than other regions. Regulatory pressure is part of it, but the bigger shift is philosophical: organizations are starting to treat digital infrastructure as something strategically important to own, not just rent. I think the future is infrastructure where teams keep the usability of modern collaboration software without surrendering control of their operational layer. That’s why I believe sovereign, self-hosted, open systems will become one of the most important software categories of the next decade. #Datasovereignty is, and will become the default. Sooner or later. Agree or Disagree? Share your thoughts below 👇

@caine8989 That "trust us" has actually blinded so many people out there.

@somanossar Sovereign infrastructure needs to be the default. AI agents chaining zero-days faster than humans can patch will make “trust us” cloud security a total joke. We’ve already pulled our sensitive workloads on-prem sleep much better now. 👽

AI hackers are about to flip cybersecurity on its head, and it perfectly proves why #DataSovereignty is not optional anymore. The Economist just broke down how advanced AI models (like Anthropic's unreleased Mythos) could supercharge attacks, finding exploits faster than humans ever could. Defenders might win long-term, but expect chaos first: more zero-days, automated breaches, and cloud stacks crumbling under AI-driven pressure. Read full at: economist.com/science-and-te… This is exactly why we need to build a unified sovereign data infrastructure you actually own. No more renting your workflows on someone else's hardware where one misconfig or privileged AI agent exposes everything. Your data, your permissions, your context, fully under your control with zero-trust baked in. In the age of AI hackers, self-hosting is not paranoid. It's the only sane path. Who else is moving their stack on-prem or self-hosted before the next wave hits? Share your thought below & let's discuss👇 #OwnYourData #AntiSaaS

@swisstatoshi This is exactly the spirit of a system-thinker that we should hold on in this AI era.

@somanossar Own your datas should be one of our top priority as a founder! Datas are keys to build a sustainable business!

@TinaNg__ So soon. Follow @DrumeeOS for the latest update on the launching, buddy!

@somanossar Practical workflow that all companies need. When release?

This is exactly what I’ve been wanting for years. The way we work is still stuck in 2015: chat in one app, files in another, knowledge scattered everywhere. Context gets murdered the second you switch tabs. Drumee just changed the game. One folder with your entire workspace. Files, conversations, decisions, and history all live together natively. No more hunting for that one message from last month. Everything is right there, instantly connected. It’s real system innovation, unifying what Big Tech deliberately split apart to keep us hooked on their platforms. I’m genuinely excited. No more feeding Slack + Notion + Drive the entire workflow. This is how #datasovereignty teams should work. If you care about building seriously, go check @Drumee out. Self-hosting the future feels good!

@grafana Grafana token got swiped, full codebase downloaded, then the attacker tried to ransom them? They said nah and kept it transparent, respect 💯. Long-lived tokens still out here catching bodies in 2026 tho. You're still using PATs in your CI or you went full OIDC yet?

🚨 We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase. (1/6)

@IntCyberDigest OpenAI big mad at Apple over the trash ChatGPT Siri integration and now talking breach of contract? They thought it was gonna be Google-in-Safari money but got mid usage instead. Apple already testing Claude + Gemini. This tea boiling!

❗️ OpenAI is angry at Apple over the shitty ChatGPT integration in iOS and is preparing a possible breach-of-contract move. The WWDC 2024 deal that was pitched as "like Google in Safari" has produced a fraction of expected revenue, and an OpenAI exec called the original agreement a "leap of faith." - Apple cooled on the partnership after OpenAI teamed up with Jony Ive on a competing device - A judge has ordered Apple to turn over Craig Federighi's internal messages on the deal - Apple is now testing Siri integrations with Anthropic's Claude and Google Gemini

@Pirat_Nation 97% off Claude & GPT tokens on Taobao using stolen creds? Chinese devs out here speedrunning the grey market like it’s 2012 Spotify. US models still eating everyone’s lunch tho. You all grabbing any of these proxies or staying clean?

Chinese companies are making substantial profits by illegally reselling API access and tokens for Claude and ChatGPT at discounts of up to 97% off official prices. These proxy services, known as transfer stations, operate openly on platforms including Taobao, GitHub, and Telegram. They rely on stolen credentials, bulk-farmed accounts, and other workarounds to bypass restrictions in China. Demand remains strong because leading US models deliver superior performance for developers, students, and businesses compared to major domestic alternatives.

@The_Cyber_News This M5 kernel exploit cooked in just 5 days with Mythos AI? Apple silicon supposed to be untouchable but here we are 😂 full root from unprivileged user, MIE still on… wild times. Who else testing this on their own box rn?”

⚠️First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days Source: cybersecuritynews.com/first-public-m… Apple's M5 silicon has reportedly been exploited for the first time in a public macOS kernel memory corruption attack, successfully bypassing the company's notable hardware-level memory protection. The exploit chain starts from an unprivileged local user account, uses only standard system calls, and delivers a full root shell, all while Apple's Memory Integrity Enforcement (MIE) is active. The breakthrough was made possible in part by Anthropic's Mythos Preview, a powerful AI model that helped identify the two vulnerabilities and assisted throughout the exploit development process. #cybersecuritynews

This post hits hard because I’ve lived it. I used to juggle Slack threads, Notion pages, Google Drive folders, and random AI chats, feeling “productive” while constantly losing context. Every time I switched apps, part of the team’s knowledge disappeared. A unified sovereign data platform is what we need to fix that. One single workspace where files, conversations, decisions, and history live together natively without tab hell or “where did we decide that?” moments. Your team’s entire context stays connected and searchable. This is the kind of tech innovation I actually get excited about not another SaaS layer, but a real unification of what Big Tech split apart to keep us paying and dependent. Sovereign infrastructure with local AI? That’s the future I want to build in as self-host the chaos away feels way better than renting 12 different brains. If you’re tired of fragmented tools killing your team’s momentum, check @DrumeeOS out & start your self-hosted pathway. #DataSovereignty #SovereignWorkspace

The same outfit that slaps safety rails on everything now wants your transaction history, balances, and spending patterns in its black box. One clever prompt, one future model update, or one insider leak and your financial life becomes their next training run. Such an ultimate data grab. Closed-source AI empires is gonna get to own your wallet too :)))

OpenAI has announced plans to let users “securely connect” ChatGPT to their bank accounts through Plaid. The proposed intention is for ChatGPT to provide users with curated financial advice.

Anthropic’s “too dangerous” Mythos just did in 5 days what years of Apple’s own audits never caught: kernel flaws, Memory Integrity bypass, even a 27-year-old OpenBSD bug. Closed ecosystems sell you unbreakable walls until one black-box model walks right through them. What a joke!

Anthropic's unreleased AI model helped researchers crack Apple's M5 security in 5 days. → claude mythos found 2 unknown macOS kernel vulnerabilities → bypassed Apple's Memory Integrity Enforcement first time ever → researchers drove to Apple HQ to report it in person → same model found 271 vulnerabilities in Firefox → also found a 27-year-old bug in OpenBSD → anthropic says it's too dangerous for public release AI isn't just writing your code anymore, it's breaking the most secure systems on earth.

Oops. OpenAI almost got malicious code signed & shipped via npm supply chain! Attackers were that close. Next time, they might not be that lucky. Btw, this is such a typical reality of depending on big centralized stacks, one compromise and everything’s at risk. Real fix? Self-hosted infra you can audit end-to-end & fully control your data.

‼️🚨 This is wild. OpenAI just confirmed it got hit in the TanStack npm supply chain attack, and the attackers were close to being able to ship malicious code inside official OpenAI software, signed and trusted, if their incident response had not caught it in time. The campaign is the work of TeamPCP, the same crew running the Mini Shai-Hulud wave. Two employee devices in OpenAI's corporate environment were compromised through the malicious TanStack packages. The attackers used that foothold to reach a limited subset of internal source code repositories. OpenAI says only "limited credential material" was successfully exfiltrated, with no customer data, production systems, intellectual property or deployed software impacted. Here is the part that should grab your attention. OpenAI is rotating its code-signing certificates and forcing every macOS user to update their OpenAI apps. You do not rotate signing certs for "limited credential material." You rotate signing certs when the attacker was close enough to signing malicious binaries as OpenAI. The "we contained it in time" framing is doing serious heavy lifting here. For wider context, the same TeamPCP wave also hit Mistral AI, UiPath, Guardrails AI, OpenSearch and SAP npm packages. The TanStack compromise is tracked as CVE-2026-45321 at CVSS 9.6, and Mistral AI source code is already being advertised for sale by the group.