As Director-General of UNESCO, Khaled El-Enany has not issued an official, standalone quote or statement directly condemning Russia. Will he do it now? Ever? Drop him a line @UNESCO_DG

Loyal to the end. To Putin.

‼️ UPDATE: It just doesn't stop: Almost 900 Arch Linux packages infected now. lists.archlinux.org/archives…

Brick by brick, we are collapsing the foundations of Russia's war economy. Today, we are presenting our proposals for a 21st sanctions package against Russia. This includes a temporary freeze of the Russian oil price cap and designations of institutions used by Moscow to generate revenues and circumvent EU sanctions. It will target banks, weapons manufacturers, oil traders, refineries, and crypto operators in third countries.

‼️🚨 He's back: Nightmare Eclipse just dropped RoguePlanet, a new Windows Defender local privilege escalation 0day PoC. The RCE paths broke after Microsoft's Defender patch. NE suspects the BitLocker bypass may still work but isn't certain. He has a new GitHub btw, let's see how long the account will last: github.com/MSNightmare/Rogue…

The closer the Russian frontline is to collapse, the louder the Russian trolls get. They are like an indicator of just how bad it's going for Putin. Keep it up.

Zelenskyy: let’s meet and end the war. Putin: no reason to meet.

A researcher found critical Windows zero-days. Reported them to Microsoft. Microsoft denied the bug bounty. Deleted their account. Banned them from GitHub. Then threatened criminal charges. The researcher dropped six zero-days in six weeks. Three got used in real attacks within days. Other researchers are now handing them free vulnerabilities as a gift. Microsoft’s Digital Crimes Unit is considering legal action. Against the person whose bugs they refused to pay for. This is Microsoft’s bug bounty program.

Attacks on hospitals, schools & 🇩🇪 TV studios, calling on our embassy staff to leave #Kyiv: #Russia is doubling down on threats, terror & escalation. That is why today we summoned the Russian ambassador. 1/2

There is a major campaign against @kajakallas underway. It is being spearheaded by Russian intelligence, but, interestingly, MAGA and pro-Israel slop accounts have joined in. The objective is to remove her from her position in the EU; she poses a threat to their operations.

Ukraine’s fight is our fight, their cause is our cause, and their independence will be our victory. To the Ukrainian communities in Canada and around the world celebrating their culture, identity, and traditions this Vyshyvanka Day: Canada stands with you.

Much respect, Prime Minister Meloni.

As it should be.

StarFucks™ everybody

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

King Charles to President Trump: “Indeed you recently commented, Mr. President, that if it were not for the United States, European countries would be speaking German. Dare I say that if it wasn't for us, you'd be speaking French”

Forty years ago, the world faced one of the largest nuclear disasters – the fourth reactor of the Chornobyl Nuclear Power Plant exploded. A significant amount of radioactive material was released. Hundreds of thousands of people have been dealing with the consequences of that tragedy for years. To contain the radiation, a sarcophagus was built over the destroyed reactor. Later, more than 40 countries enclosed it with the New Safe Confinement to prevent further disasters. These two structures are what protect against radioactive releases and contamination. Their maintenance and protection are in everyone’s interest. But through its war, Russia is once again bringing the world to the brink of a man-made disaster – Russian-Iranian “shaheds” regularly fly over the plant, and one of them struck the confinement last year. The world must not allow this nuclear terrorism to continue, and the best way is to force Russia to stop its reckless attacks. We remember everyone who gave their lives while dealing with the aftermath of this tragedy. May all the victims of the Chornobyl disaster rest in peace. @United24media

Very interesting video showing the launches of Ukrainian P1-SUN interceptor drones from an Antonov An-28 turboprop plane. The guidance takes place on board the aircraft as the targets, Russian Shahed/Geran OWA-UAVs, can be seen being tracked.