The UK government is banning children from YouTube, Twitch, TikTok, Instagram, Reddit, games... Basically every service online & web with social interaction. Only people above 16 years will be able to access. How is this going to work? Nobody knows! 🤡 🫏

last one

How much is Claude Fable paying you for going to your website and getting information while answering questions to their paid users?

Quasars are alien GPS technology for space travelling.

The Meta AI Hack Is a DISASTER youtu.be/wlMgNtBipe4?si=KdBi… via @YouTube

X is the best place to analyze global idiocy in real time

Did anyone notice that most negative posts on X against AI services are coming from accounts out of India? You would expect Indian users being more tech-savvy inclined to embrace AI. Seems the opposite is happening. They are not fans. 😧

Just tested Grok Build vs. Claude Code to find a real bug with a project. Simple to solve but not finding as codebase is large and complex. * Claude Code knows the project fully from memory * Grok Build, it's the first time reading it * Claude explained the fix more human friendly * Grok was more technical, going directly to the fix * Claude took several minutes to find it * Grok took seconds Both fixed it correctly.

A worm just ate its way through the NPM registry youtu.be/gwTQLZSIlsU?si=Cfk1… via @YouTube

Another week, another Linux root exploit. No patches available from any distros.

Edge Stores Passwords in Plain Text youtu.be/NA9AE_n4YgI?si=GTxQ… via @YouTube

Without datacenters, you would not be reading this. You would not have YouTube or Netflix. No apps on your smartphone, no social networks. No digital payments. No internet !

The future of political ads, ready or not. (Personally I hope he wins.)

The PC Industry Is BREAKING! youtu.be/zDcERbCK6_8?si=-J6q… via @YouTube

Canonical under sustained DDoS attack as Ubuntu 26 releases — Iranian group 313 Team claims responsibility tomshardware.com/tech-indust…

🚨 cPanel 0-Day Vulnerability Actively Exploited in the Wild — PoC Released Source: cybersecuritynews.com/cpanel… A critical authentication bypass vulnerability in cPanel & WHM has been confirmed to be actively exploited in the wild, sending shockwaves through the global web hosting industry. The flaw, tracked as CVE-2026-41940, allows unauthenticated attackers to bypass login mechanisms entirely, potentially granting root-level access to affected hosting control panels. A public proof-of-concept (PoC) exploit has since been released, raising the urgency for immediate patching. The vulnerability resides in the authentication layer of cPanel & WHM software, including DNSOnly deployments. #cybersecuritynews #Cpanel

🚨 BREAKING: cPanel and WHM, the control panels behind an estimated 70 million websites, have a critical security flaw that lets anyone become root admin without a password. CVE-2026-41940 affects every supported version. It’s already being exploited in the wild. watchTowr Labs published the full attack today, after the hosting company KnownHost confirmed the bug was already being used to break into a significant chunk of the internet. If you've never heard of cPanel: it's the dashboard that hosting providers and millions of website owners use to manage their servers, domains, email accounts, databases, and SSL certificates. WHM is the admin version that controls the entire server. If someone gets root access to WHM, they get the keys to the kingdom and to every apartment inside it. How the attack works, in plain English: 🔴 Step 1: The attacker sends a deliberately wrong login. cPanel still creates a temporary "you tried to log in" record on disk and gives the attacker a cookie tied to it. 🔴 Step 2: The attacker tweaks the cookie to disable cPanel's password encryption. Normally cPanel encrypts the password field on disk. With one small change to the cookie, cPanel just stores it as plain text instead. 🔴 Step 3: The attacker sends a fake login attempt where the password field secretly contains hidden line breaks. cPanel does not strip these line breaks out, so they get written straight to the session file. Each line break creates a brand new fake record. The attacker uses this to inject lines that say "this user is root" and "this user already authenticated successfully." 🔴 Step 4: The attacker visits one more random page on the site to nudge cPanel into re-reading the file. cPanel then promotes the injected fake lines into its main session memory. 🔴 Step 5: On the next request, cPanel sees a flag that says "this user already passed the password check." cPanel trusts that flag, skips checking the actual password, and lets the attacker in as root. From start to finish, the attack takes a handful of HTTP requests. If you run cPanel or WHM, the patched versions are: 🔴 cPanel/WHM 110.0.x → 11.110.0.97 🔴 cPanel/WHM 118.0.x → 11.118.0.63 🔴 cPanel/WHM 126.0.x → 11.126.0.54 🔴 cPanel/WHM 132.0.x → 11.132.0.29 🔴 cPanel/WHM 134.0.x → 11.134.0.20 🔴 cPanel/WHM 136.0.x → 11.136.0.5 If your version is older than these, assume someone has already broken in and act accordingly. Patch right now, then rotate every password and key the server touched: root passwords, API tokens, SSL private keys, SSH keys, mail passwords, and database passwords.

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

This is what happens when you use a Chinese AI model to code.