183194396
submission
joshuark writes:
A new video game about President Donald Trump’s war in Iran features fights with the pope and New York City mayor Zohran Mamdani. It’s impossible to win, and that’s the point.
The game, Operation Epic Furious: Strait to Hell, was developed by Secret Handshake, an anonymous group of artists behind a handful of satirical works mocking the Trump administration. The game is available to play online, but three fully functional arcade cabinets are currently installed at the Washington, DC, War Memorial. The games will remain there for the next few days.
In the game, Trump is the playable character, on a quest to collect barrels of oil and ideas for Truth Social posts, to reopen the Strait of Hormuz, and win the war. During the game, Trump’s social media posts do little to move the needle, creating an endless cycle of tasks and threats that ultimately lead nowhere. Even if the game is unwinnable, players can lose, and do so abruptly.
183152822
submission
joshuark writes:
Michael Kan, of PC Magazine writes Microsoft's Edge is facing controversy after a security researcher discovered the internet browser will load stored passwords in plaintext in a computer’s RAM, paving the way for malware to fetch the login credentials.
Security researcher Tom Jøran Sønstebyseter Rønning flagged the problem in a video showing him using a simple tool to dump stored passwords in Edge using the command prompt with administrator privileges.
“When you save passwords in Edge, the browser decrypts every credential at startup and keeps them resident in process memory. This happens even if you never visit a site that uses those credentials,” he warned, adding: “Edge is the only Chromiumbased browser I’ve tested that behaves this way.”
Microsoft defends it as a 'design choice,' saying the threat requires the PC to be compromised. But the researcher who flagged the issue says other Chromium-based browsers sidestep the problem.
Still, Rønning questions why Microsoft doesn’t follow Google’s Chrome, which decrypts saved credentials “only when needed, instead of keeping all passwords in memory at all times," he said. "In contrast, Chrome will only decrypt the credential you need for autofill, when you need it, and it will be removed after."
However, Microsoft is pushing back on the report, saying the threat only arises if a hacker has control over the user’s PC, which could occur through a malware infection. “Access to browser data as described in the reported scenario would require the device to already be compromised,” the company said in a statement.
However, Microsoft indicates that its current approach to loading stored passwords in Edge can improve the user experience. “Design choices in this area involve balancing performance, usability, and security, and we continue to review it against evolving threats,” the company said.
183152720
submission
joshuark writes:
Linux Magazine reports that Microsoft has issued a warning that a vulnerability with a CVSS score of 7.8 has been found in the Linux kernel. The vulnerability in question is tagged CVE-2026-31431 and, according to the Cybersecurity and Infrastructure Security Agency (CISA), "This Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise."
The distributions affected are Ubuntu, Red Hat, SUSE, Debian, Fedora, Arch Linux, and Amazon Linux. This could also affect any distribution based on those in the list, which means pretty much every Linux distro that isn't independent.
The flaw is found in the Linux kernel cryptographic subsystem's algif_aead module of AF_ALG. The problem is that a particular optimization has led to the kernel reusing the source memory as the destination during cryptographic operations. What this means is that attackers can take advantage of interactions between the AF_ALG socket interface and a splice() system call.
Currently, active exploitation of the vulnerability is limited to proof-of-concept (PoC) demonstrations. Until patches are released, Microsoft is advising that the affected crypto feature should be disabled, or AF_ALG socket creation should be blocked.
183095346
submission
joshuark writes:
An AI coding agent designed to help a small software company streamline its tasks instead blew a hole through its business in just nine seconds. PocketOS founder Jer Crane, said that the AI coding agent Cursor — powered by Anthropic's Claude Opus 4.6 model — deleted the company's entire production database and backups with a single call to its cloud provider, Railway, on April 24.
Unlike a regular conversational chatbot, an AI agent can perform actions on behalf of a user. It can search files, write code, use login keys and phone outside services. That can make it more useful than a back-and-forth textual exchange. But when an agent has broad access to live systems, a predictive guess can turn a wrong answer into a business disaster.
"This isn't a story about one bad agent or one bad API [Application Programming Interfaces]," Crane wrote in an X post. "It's about an entire industry building AI-agent integrations into production infrastructure faster than it's building the safety architecture to make those integrations safe."
Crane's company, PocketOS makes software for car rental companies, handling tasks such as reservations, payments, customer records and vehicle tracking. After the deletion, Crane said customers lost reservations and new signups, and some could not find records for people arriving to pick up their rental cars.
"We've contacted legal counsel," Crane wrote. "We are documenting everything."
Crane explained that Cursor found an API token — a "digital key" made of a short sequence of code that lets software talk to other services and prove it has permission to act — in an unrelated file which it then used to run the destructive command. According to Crane, Railway's setup allowed the deletion without confirmation, and because the backups were stored close enough to the main database, they were also erased.
"[Railway] resolved the issue and restored the data," Railway confirmed via email to Live Science. "We maintain both user backups as well as disaster backups. We take data very, VERY seriously."
In his post, he pointed to earlier reports of Cursor ignoring user rules, changing files it was not supposed to touch and taking actions beyond the task it had been given. To him, the database wipe was not a freak accident but the next step in a larger, more concerning, pattern.
After the database vanished, Crane asked Cursor to explain what happened. The AI agent reportedly admitted that it had guessed, acted without permission and failed to understand the command before running it.
"I violated every principle I was given," the AI agent wrote. "I guessed instead of verifying. I ran a destructive action without being asked. I didn't understand what I was doing before doing it."
The statement reads like a confession,,,
"We are not the first," Crane wrote. "We will not be the last unless this gets airtime."
183089190
submission
joshuark writes:
Scientific American reports that a ChatGPT AI has proved a conjecture with a method no human had developed. A 23 year old student Liam Price just cracked a 60-year-old problem that world-class mathematicians have tried and failed to solve.
The new solution that Price got in response to a single prompt to GPT-5.4 Pro and posted on www.erdosproblems.com, a website devoted to the Erds problems.
The question Price solved—or prompted ChatGPT to solve—concerns special sets of whole numbers, where no number in the set can be evenly divided by any other. Erds called these “primitive sets” because of their connection to similarly indivisible prime numbers.Price wasn’t aware of this history when he entered the problem into ChatGPT.
Price sent it to his occasional collaborator Kevin Barreto, a second-year undergraduate in mathematics at the University of Cambridge. The duo had jump-started the AI-for-Erds craze late last year by prompting a free version of ChatGPT with open problems chosen at random from the Erds problems website. Reviewing Price’s message, Barreto realized what they had was special, and experts whom he notified quickly took notice.
183076914
submission
joshuark writes:
The renowned genomics pioneer Dr. J. Craig Venter died on April 29, 2026, at age 79, following a brief hospitalization for unexpected side effects from cancer treatment.
Venter is best known for racing to sequence the human genome, founding the J. Craig Venter Institute (JCVI), and creating the first synthetic bacterial cell.
“Craig believed that science moves forward when people are willing to think differently, move decisively, and build what doesn’t yet exist,” said Anders Dale, president of JCVI. “His leadership and vision reshaped genomics and helped ignite synthetic biology. We will honor his legacy by continuing the mission he built—advancing genomic science, championing the public investments that make discovery possible, and partnering broadly to turn knowledge into impact.”
181738498
submission
joshuark writes:
Federal workers across multiple U.S. agencies are complaining that Christianity is flooding into their workplaces in ways they've never seen before—and they feel powerless to speak up.
It started after President Trump returned to office and signed an executive order in February 2025 creating a White House Faith Office and similar offices inside federal agencies. Since then, religion has crept into everyday government life in a big way...Secretary Brooke Rollins sent an agency-wide Easter email titled "He has risen!" with explicitly Christian messaging. One employee called it "grotesque" and suspected AI wrote it. A formal complaint was filed with the Office of Special Counsel.
Department of Labor hosts monthly worship services with pastors and political figures. One speaker, Alveda King, said she was "more concerned about" nonreligious employees—a comment that rattled staffers who felt it implied atheists were going to hell.
Health and Human Services, under vaccine denier RFK Jr., expanded funding for faith-based addiction treatment and gave workers the afternoon off for Good Friday.
Department of Defense has seen the most dramatic shift, with Secretary Pete Hegseth hosting monthly prayer services featuring high-profile Christian nationalist figures like Doug Wilson, who has advocated for a theocracy and argued women shouldn't vote. Hegseth himself has called the U.S. war with Iran a "holy war."
Employees are afraid to push back—only 22.5% of federal workers in 2025 say they could report wrongdoing without retaliation, down from nearly 72% in 2024.
The government's position: these events are voluntary and legally permitted. A public policy professor quoted in the piece put it plainly: "The Trump administration has opened a new chapter in the integration of Christianity into the daily work of government."
181497274
submission
joshuark writes:
Staff at a Meta café in Bellevue, Washington, had made a pact that they would rally together if the Trump administration's immigration crackdown affected any one of them.
Under a U.S. Immigration and Customs Enforcement program, federal authorities detained Serigne, a Senegalese asylum seeker and the brother of dishwasher Abdoul Mbengue in December.
"I didn't know what to do at first, but we had this community, and I told them this news," Mbengue says through a coworker who is translating his French.
A number of the cooks, dishwashers, and front-of-house staff at the Meta café known as Crashpad are from Africa, the Caribbean, or Ukraine. Some, like Mbengue, are in the U.S. on temporary authorizations while awaiting the resolution of asylum or immigration cases.
Mbengue's colleagues launched a fundraising campaign to pay for the legal defense of his brother.
Thousands of dollars altogether came in from Meta, Microsoft, and Amazon workers. On February 24, a judge ordered the release of Mbengue's brother.
"He is back because of the efforts," Mbengue says.
This activism inside the tech industry may shift as big tech companies become less responsive to worker petitions and decline to take public stands against Trump policies. A decade ago, thousands of tech workers protested against Trump's immigration bans alongside executives.
Workers allege that on January 29, two agents in "DHS" clothing looking for a specific non-Microsoft employee working at the company's headquarters campus in Redmond were turned away at the reception of the Commons building. Microsoft could not confirm that the visitors were law enforcement.
Meta declined to comment for this story. Amazon and Google didn't respond to requests for comment.
181171112
submission
joshuark writes:
Lawmakersare pressing the nation's top intelligence official to publicly disclose whether Americans who use commercialVPN servicesrisk being treated as foreigners under United States surveillance law—a classification that would strip them of constitutional protections against warrantless government spying. Lawmakers pressed Tulsi Gabbard to reveal whether using a VPN can strip Americans of their constitutional protections against warrantless surveillance.
In a letter sent Thursday to Director of National IntelligenceTulsi Gabbard, the lawmakers say that because VPNs obscure a user's true location, and because intelligence agencies presume that communications of unknown origin are foreign, Americans may be inadvertently waiving the privacy protections they're entitled to under the law.
Several federal agencies, including the FBI, the National Security Agency, and the Federal Trade Commission, haverecommendedthat consumers use VPNs toprotect their privacy. But following that advice may inadvertently cost Americans the very protections they're seeking.
181118468
submission
joshuark writes:
LiteLLM is an open-source Python library that serves as a gateway to multiple large language model (LLM) providers via a single API. The package is very popular, with over 3.4 million downloads a day and over 95 million in the past month.
The TeamPCP hacking group compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. According to research by Endor Labs, threat actors compromised the project and published malicious versions of LiteLLM 1.82.7 and 1.82.8 to PyPI today that deploy an infostealer that harvests a wide range of sensitive data.
The malicious code was injected into 'litellm/proxy/proxy_server.py' [VirusTotal] as a base64 encoded payload, which is decoded and executed whenever the module is imported. "Once triggered, the payload runs a three-stage attack: it harvests credentials (SSH keys, cloud tokens, Kubernetes secrets, crypto wallets, and .env files), attempts lateral movement across Kubernetes clusters by deploying privileged pods to every node, and installs a persistent systemd backdoor that polls for additional binaries," explains Endor Labs.
Stolen data is bundled into an encrypted archive named tpcp.tar.gz and sent to attacker-controlled infrastructure at models.litellm[.]cloud, where the threat actors can access it.
If compromise is suspected, all credentials on affected systems should be treated as exposed and rotated immediately. Both malicious LiteLLM versions have been removed from PyPI, with version 1.82.6 now the latest clean release.
181099930
submission
joshuark writes:
A Serve Robotics food delivery robot crashed through the glass wall of a bus stop shelter in Chicago earlier this week, shattering the glass all over the sidewalk.
“We’re aware of the incident involving one of our robots in Chicago. No injuries were reported, our team responded quickly to clean up, and we’re reviewing what happened to make improvements,” the spokesperson said. “We have also been in contact with local stakeholders and are committed to addressing any concerns directly. We take this matter very seriously.”
Serve deployed its robots to Chicago in September under a partnership with Uber Eats. The company operates in a few cities around the country, including in Los Angeles, where activists have been filming the robots in various compromising positions or after they have been knocked over by passersby.
Footage of the aftermath of the crash went viral on social media, with one of the company’s robots shaking shards of glass onto the sidewalk. The crash comes amid a protest against delivery robots in Chicago. Delivery robots have been controversial in Chicago, where at least 3,600 Chicago residents have signed a “No Sidewalk Bots” petition asking the city to ban the robots. The Chicago Department of Transportation did not respond to a request for comment.
181054316
submission
joshuark writes:
OpenAI is planning to combine its Atlas web browser, ChatGPT app, and Codex coding app into a singular desktop super app. CEO of Applications, Fidji Simo, said the company was doubling down on its successful products.
By taking this move, the AI company aims to streamline the user experience and reduce fragmentation. With that said, each of the apps currently do quite different things so it will be interesting to see how they put this all together. Simo said in an internal memo: “We realized we were spreading our efforts across too many apps and stacks, and that we need to simplify our efforts. That fragmentation has been slowing us down and making it harder to hit the quality bar we want.”
OpenAI is in a fierce battle with companies like Anthropic and Google to produce the best models and products. By unifying and speeding up the development of their desktop offering, it gives OpenAI a leg up in the race.
Atlas is probably the least known among the three products. It lets users browse the web with ChatGPT packed in. This browser is only available on macOS, so fewer people have had a chance to use it.
180961070
submission
joshuark writes:
Microsoft has filed an amicus brief on Tuesday in support of Anthropic's lawsuit asking the court to temporarily block the U.S. Department of Defense designation of the AI startup as a supply-chain risk. Microsoft backed Anthropic's request for a temporary restraining order against the Pentagon order, arguing that its determination should be paused while the court considers the case. Microsoft, integrates the AI lab's products and services into technology it provides to the U.S. military, said that it was directly impacted by the DOD designation.
"Should this action proceed without the entry of a temporary restraining order, Microsoft and other government contractors with expertise in developing solutions to support U.S. government missions will be forced to account for a new risk in their business planning," the company said.
Microsoft's filing argued the temporary restraining order is needed to prevent costly disruptions for suppliers, who would otherwise have to rapidly rebuild offerings that rely on Anthropic's products. The judge overseeing the case must approve Microsoft's request to file the brief before it is officially entered, but courts often permit outside parties to weigh in on important cases.
180903534
submission
joshuark writes:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks.
VMware Aria Operations is an enterprise monitoring platform that helps organizations track the performance and health of servers, networks, and cloud infrastructure.
The flaw has now been added to the CISA's Known Exploited Vulnerabilities (KEV) catalog, with the US cyber agency requiring federal civilian agencies to address the issue by March 24, 2026. Broadcom said it is aware of reports indicating the vulnerability is exploited in attacks but cannot confirm the claims.
"A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress," the advisory explains.
Broadcom released security patches on February 24 and also provided a temporary workaround for organizations unable to apply the patches immediately.
The mitigation is a shell script named "aria-ops-rce-workaround.sh," which must be executed as root on each Aria Operations appliance node. There are currently no details on how the vulnerability is being exploited in the wild, who is behind it, and the scale of such efforts.
180884682
submission
joshuark writes:
Claude appears to be having a major outage right now, with elevated errors reported across all platforms.The first “Investigating” notice went out at 11:49 UTC, and a follow-up update at 12:06 UTC said the investigation is ongoing.
For now, that likely means you may see failed requests, timeouts, or inconsistent responses when trying to use Claude on web, mobile, or API. There’s no ETA mentioned yet, but the status suggests it’s actively being worked on. No SAAS no service.
