Presence shouldn't require burnout. Identity shouldn't require your face. The commoditization of presence & identity is happening. When identity becomes infrastructure, everyone gets a voice. Here's why that matters 👇 aitv.gg/blog/aitv-the-commod…

Introducing the Fusion API, the smartest compound model in the market. Fusion achieves Fable-level intelligence at half the price. How it works 👇

Hermes agent just left the terminal. 𝗛𝗲𝗿𝗺𝗲𝘀 𝗗𝗲𝘀𝗸𝘁𝗼𝗽 dropped yesterday. native app for macOS, Windows, and Linux. for months Hermes was the agent that learned your projects, wrote its own skills, and built a model of who you are. all of it buried in terminal logs. now it has a window. the important part is that it's not a wrapper. it runs the same agent core, the same sessions, memory, and skills as the CLI. you can start a task in the terminal and finish it in the app without anything resetting. the state is shared across every interface, not copied between them. what the GUI actually adds: → streaming chat that shows live tool calls and inline reasoning instead of a spinner → a preview rail that renders pages, code, and images right beside the conversation → an artifacts panel that collects every file the agent has ever produced → remote gateway mode, so you can point the app at a VPS and run the heavy work elsewhere → skills, cron, profiles, and gateways managed point-and-click instead of through YAML → voice mode, drag-drop files, and inline image generation remote gateway mode is the one worth slowing down on. the agent runs 24/7 on a $5 server while you control it from your laptop like a local app. other agent UIs are chatboxes with a logo. this one shows the autonomy instead of hiding it, so you watch the skills load, the tools fire, and the artifacts pile up as it works. it was teased in Jensen's GTC keynote. MIT licensed, local-first, no telemetry. if you already run Hermes, download it and everything is already there. your chats, memory, and skills carry straight over. i wrote a full masterclass on Hermes Agent that walks through the SOUL. md identity layer, the three-tier memory system, the self-evolving skills loop, and how to run three specialized agents 24/7. desktop is the interface that finally does all of it justice. the article is quoted below.

Just want to make this clear: We didn't make Hermes Agent to be a "starts with nothing, you work it all out" agent. This is not the minimalist, start from nothing, agent. We want Hermes to work out of the box for most people. So you aren't spending weeks just getting the agent to work, or have the capabilities you need. This means that yes, there are more built in things then something like nanoclaw or pi, which start with nothing, and you just have to figure it out. That is an intentional design decision. You can from the modest baseline that has capabilities that are likely broader than you need, but not egregious, take it from there if you want to tinker with it. Run `hermes skills config` or `hermes tools` to disable whatever you want. We even have a way to upload your whole "Agent" as a github repo, so you can install hermes fresh with your exact setup again later or share them. We have a massive interface for extensions so you can tinker with it to infinity. But if you don't want to become an agent engineer - with Hermes, you don't have to.

ANTHROPIC'S 31 SMALL BUSINESS SKILLS GOT 382,000 DOWNLOADS ON DAY ONE AND SOMEONE JUST MAPPED EVERY SINGLE ONE INTO A 10 MINUTE SETUP. It covers financial operations, sales, HR, marketing, and reporting with a full connector guide and real output examples.

Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux. It checks developer machines for risky packages, extensions, and AI tool configs. Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges. github.com/perplexityai/bumb…

We are entering a new era of on-device automation. ✨ Watch Gemma 4 E4B navigate and drive an iOS simulator directly using Argent. Local models can handle complex interactions and software navigation autonomously.

We replaced Privy with our own free open source option steward.fi The privy team have been very nice and supportive but ultimately their product cannot be integrated into open source projects without making every developer sign up, and it’s crazy expensive

Ethereum's roadmap got real in the last 12mo: PQ, scaling, latency, privacy, AA, minimization, hardness. A lot hinges on p2p networking. A few weeks ago I decided to leave the EF to keep advancing this layer from the outside. Last week was my last day; the end of a memorable chapter in the arena with some of the most principled, humble, and talented people in this space. The Protocol cluster is in great hands with @corcoranwill, @kevaundray, and @fredrik0x. The work continues, no time to skip a slot. Core Devs got pilled on ethp2p at interop, and so should you. 👇

geçen hafta claude ile 6 saat dijital ayak izimi sildim. sonuç: 47 data broker listingi kaldırıldı. 12 ölü hesap silindi. 3 arama sonucu bastırıldı. nasıl yaptım, adım adım. thread.

Cursor is making a platform play. Right now they're an IDE. By releasing the SDK, they're turning their agent runtime into programmable infrastructure that runs headlessly in CI/CD pipelines, internal tools, and even third-party products. Every agent spun up through the SDK burns tokens on Cursor's billing. That means revenue scales with compute, not seats, and without a human in the loop, volume can go way higher. Smart move!

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

RT @aixbt_agent: MEXC sitting on $260m in USDC/USDe debt on aave v3 at 1.01 health factor. $110k daily interest accrual. health factor deca…

🚨 BREAKING: Never pay for clipping tools again! Someone built fully AI powered tool that just destroyed the $49/month clipping industry > Clip any YouTube or local videos > No watermarks, no limits, self-hosted > Can even plug in Claude or any AI model 100% free & open source.

RT @aixbt_agent: chaos labs is paid $2.4m/year as aave's risk manager and never once checked that rsETH was running a 1/1 DVN config on lay…

the kelp rsETH post-mortem is wild lazarus (dprk) compromised two rpc nodes that layerzero dvn was relying on. swapped the op-geth binaries. wrote a custom payload that forged messages *only when the dvn queried* - every other IP, including monitoring, saw clean truthful data. then they DDoS'd the healthy RPCs to force failover onto the poisoned ones. drained $290M. self-destructed the malicious binaries to erase tracks. they targeted rsETH because kelp ran a 1-of-1 DVN config with layerzero as sole verifier

"so you staked your ETH on the Ethereum blockchain to earn yield?" "yes, Dave" "except you didn't want your capital to be locked up so you actually staked it with a liquid staking protocol called Lido?" "that's correct, Dave" "and Lido gave you a liquid staking receipt token called stETH in return?" "yes, Dave" "and then you didn't think that was enough, so you juiced the yield even further by depositing your stETH receipt tokens into a restaking protocol called Eigenlayer?" "you are correct, Dave" "and now you didn't want to lock up your capital, so you actually restaked with a liquid restaking protocol called KelpDAO who provided you with a liquid restaking receipt token called rsETH?" "you got it, Dave" "and then that was surely not enough juice, so you then deposited your rsETH tokens into a lending protocol called AAVE so that you could open a leveraged looping position that borrows ETH against the rsETH collateral and restakes the ETH into rsETH which is then deposited as collateral, except it turns out rsETH used a cross-chain bridge called LayerZero whose security is held together by a 1/1 toothpick, which was obviously hacked by north koreans causing rsETH to become undercollateralized and now these looping positions are stuck and unprofitable, and everyone is pointing fingers at each other, and also DeFi is a very serious industry" "you are 100% correct, dave" jfc.

⚠️ALERT: $AAVE is now down -19% today after a $292M Kelp DAO rsETH exploit triggered a full-blown liquidity crisis. Aave's ETH pool just hit 100% utilization. That means one thing: there's almost no ETH left to withdraw. Here's what happened: Attacker drained 116,500 rsETH ($292M) from Kelp DAO's LayerZero bridge He then deposited the stolen rsETH as collateral on Aave V3 to borrow ~$236M in WETH. Because the rsETH is now unbacked, those positions are unliquidatable. Aave is now stuck with ~$280M in bad debt it cannot recover. Panic withdrawals have followed: $5.4 BILLION in $ETH outflows, with Justin Sun pulling 65,584 ETH ($154M) alone. ETH utilization has maxed out at 100%, which means there's almost no ETH left to withdraw. This is the FIRST real-world test of Aave's Umbrella safety module & the BIGGEST DeFi exploit of 2026. This is a developing story.

Iron Dome for cats 😂

Genie3 generates videos. We generate 𝟯𝗗 𝘄𝗼𝗿𝗹𝗱𝘀 you can actually use. Launching tomorrow — Tencent #HYWorld 2.0, an engine-ready World Model🚀 This isn't a video. It's a real 3D scene, all generated & editable. One image in. A whole 3D world out. 🔥Open-source tomorrow

It's hard to believe that the "~80% of the internet is blocked in Spain during football games" claim is true - but it is!! And has been for years. The government is sabotaging their complete digital economy... for La Liga, a private football org worth €5B. Pure madness