Hacking Google with A.I. for $500,000 brutecat.com/r/hacking-googl…

I really don't think enough people fully comprehend the worlds that are about to collide here. You already have people in geopolitical circles warning about the threat of famine based on surging prices / availability of fertilizer components, and you also have long-term weather modeling all converging on a worst case scenario for a building El Nino event, which will peak near the end of the year. These are two slow moving but entirely predictable disasters that when coupled together will each make the other orders of magnitude worse. (This will take months to fully unfold, but at this point, the die is cast.) There's no event in our history books that combines the current global population with the impending fertilizer shortage and the strength of the El Nino that's coming. We are about to witness an unprecedented event that will push crops around the globe to their limit.

【AIセキュリティ・脆弱性研究】月300ドルとAIエージェントで「自動N-day製造ライン」が完成、1人の研究者が実証した現実 「Claude Mythos Previewのような能力は、特別な機関だけの話ではない」——セキュリティ研究者Tyler Holmwoodが構築したパッチ差分解析パイプラインは、この命題を費用明細付きで証明した。毎月第2火曜日のMicrosoft Patch Tuesdayを自動処理し、AIエージェントがN-dayエクスプロイトのPoC（概念実証コード）を自律生成するこのシステム「PatchWatch Pocsmith」の総コストは、APIトークン代約300ドルとTeamサブスクリプションのみだ。 システムの核心は2段構成だ。PatchWatchはMSRC APIからCVEリストを取得し、GhidriffでWindowsバイナリのパッチ前後の差分を解析して「どの関数に脆弱性が存在するか」をLLM用レポートに変換する。そのレポートを受け取ったPocsmithは、Claude Agent SDKで動作するエージェントがHyper-V仮想マシン上でカーネルデバッガを操作しながら仮説検証サイクルを回し、実際に動作するエクスプロイトを生成する。2026年4月のCVE（Microsoft Management ConsoleにおけるMOTWバイパスによる権限昇格）では「完全なコード実行」レベルのPoC生成に成功した。 Holmwoodが強調するのは「モデルではなくシステムがモートになる」という点だ。単一のフロンティアモデルの性能よりも、ツール・環境・自動化ループの組み合わせが実用性を左右する。PatchTuesdayからエクスプロイト生成までの時間軸が1人の研究者に手が届く水準にある今、防御側に残された現実的な回答はパッチ速度の最大化と攻撃到達面の最小化の徹底にある。 originhq.com/research/patch-…

🦔GitHub Copilot switched to token-based billing this morning and users are already out of credits. Pro subscribers paying $39 a month are reporting 60% of their credits gone in two hours of normal use. One user lost 20% of their allowance from a single file review with no code changes. Another hit their monthly cap before the calendar even flipped to June. Orgs with shared token pools have no way to see individual usage, so entire teams get cut off when one person runs a heavy prompt. Users are canceling and moving to Claude Code and Codex. GitHub community forums are on fire. My Take Flat-rate AI subscriptions were always subsidized. Everyone in the industry knew it. Today the subsidy ran out for a few million developers at once. The problem is a lot of companies already restructured around these tools. They cut headcount and told remaining engineers to lean on Copilot instead of building skills internally. Those companies now depend on a tool whose cost just became unpredictable and whose usefulness completely changes when you have to ration prompts to stay under budget. The developers moving to Claude Code and Codex will hit the same wall eventually. Every AI provider faces the same unit economics. Anthropic filed its S-1 this morning, and the durability of its revenue depends on whether customers stick around once real pricing kicks in everywhere. If a $39 subscriber cancels after one day because the tool became unusable, multiply that across millions of seats and the churn risk becomes very real. Today showed what happens when AI pricing meets reality. The companies that built their workflows around cheap tokens just discovered the tokens aren't cheap anymore and the people who knew how to do the work without them are already gone. Hedgie🤗

Google Chrome is rolling out device-bound session credentials to all users. Session cookies get cryptographically tied to your device, so stolen cookies can't be replayed from a different machine. Attackers who exfiltrate your cookie database get nothing usable.

This is unfortunately how the Catholic Church has been running communications for two millennia.

A strong and extensive westerly wind burst is forecast near the equator over the coming weeks. It should amplify the warming effects of a Kelvin wave crossing the basin, push warm surface waters eastward into the Niño 3.4 region and elevate chances for a super El Niño this year.

Tomorrow, I will drop Chrome exploit code showing how an attacker can execute arbitrary Javascript within the context of a domain they control.