#Apple has enabled age verification in UK following 26.4 update

All foreign #routers were banned yesterday.

WIRED

Why Has the US Banned Foreign-Made Routers?

The FCC just banned the sale of new consumer-grade Wi-Fi routers manufactured outside the US. Here’s what it means for you.

Vibe #coding usually works until it doesn't. 97 million devices is quite the crash report.

Your favorite AI apps probably run on a piece of software called LiteLLM. It gets downloaded 97 million times a month. Yesterday, someone poisoned it. Here's what happened. LiteLLM is like a universal adapter that lets companies plug into AI models like ChatGPT and Claude. If you've used any AI tool in the last year, there's a decent chance LiteLLM was running somewhere behind it. A hacking group called TeamPCP uploaded a fake update to the online store where developers download it. If anyone installed that update, the malware quietly scooped up every password, secret key, and login credential on their computer, packaged it, and sent it to the hackers. You didn't even need to download LiteLLM yourself. If you downloaded any app that uses LiteLLM in the background, the same thing. You got hit without knowing LiteLLM existed. The only reason anyone caught it is that the malware had a bug. One developer's computer ran out of memory and crashed. That crash is the only reason the attack got noticed. Without that bug, this could've run for weeks. But the scariest part is how the hackers got in. Five days before, TeamPCP broke into a security tool called Trivy. Trivy's job is literally to scan code and find weaknesses. They turned the guard dog into the burglar. Then they used stolen passwords from that hack to break into another security company. Then they used passwords from that hack to steal the login that lets someone publish new versions of LiteLLM, because LiteLLM used Trivy in its own security checks. The lock on the front door was the thing that was compromised. When developers tried to report the break-in on GitHub (where the code lives), the hackers used the stolen account to shut down the report. Then they flooded it with 88 fake comments from 73 hijacked accounts in 102 seconds to drown out anyone trying to warn people. In five days, TeamPCP broke into five different software platforms. Each break-in gave them the password to the next one. A domino chain. The poisoned update was live for about 3 hours before it got pulled. LiteLLM gets 3.4 million downloads per day. And TeamPCP posted on Telegram, saying more attacks on open-source tools are coming in the months ahead. The entry point was the security scanner that was supposed to keep LiteLLM safe. That's the part I keep coming back to.

X (formerly Twitter)

Andrej Karpathy (@karpathy) on X

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds,...

This is actually extremely spooky 👻 #malware

Get a YubiKey

💩 Google backs down on Android developer verification mandate after user backlash

SC Media

Google reverses Android developer verification requirement amidst user backlash

The original plan, set to take effect in September 2026, mandated that apps on certified Android devices be linked to a verified developer account,...

🚨 CRITICAL: update your #UniFi network applications CVE: CVE-2026-22557 (n00r3(@izn0u)) Base Score: 10.0 (Critical) A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account. CVE-2026-22558 — Base Score: 7.7 (High) An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges. Patch now : https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b

😂

Brazilians can't access #ArchLinux32 — same deal for plebs in California.

META IS BEHIND ONLINE AGE VERIFICATION! META IS BEHIND ONLINE AGE VERIFICATION! META IS BEHIND ONLINE AGE VERIFICATION! META IS BEHIND ONLINE AGE VERIFICATION! META IS BEHIND ONLINE AGE VERIFICATION! META IS BEHIND ONLINE AGE VERIFICATION! META IS BEHIND ONLINE AGE VERIFICATION!

#privacy

I’m kinda wondering what @Edward Snowden thinks about age checks and chat restrictions.

I'm curious about @npub1sn0wdenkukak0d9dfczzeacvhkrgz92ak56egt7vdgzn8pv2wfqqhrjdv9 thoughts on age verification and chat control.

Translation: "we're reading your messages soon"

Privacy’s been eaten away over time — now it’s gone! #tor #onion

We really need Linux phones.

iOS user? Check this 👇

Wanted a quick way to check where a username exists online without running Sherlock locally every time… so I built one 😅 free, real-time, downloads as CSV too — link 👇 🔗

OSINT Username Tool

OSINT Username Tool: scan social networks fast and surface Google insights to find matching profiles and investigate digital footprints.

#OSINT #CyberSecurity #Privacy #InfoSec

The FBI has been unable to access Washington Post reporter Hannah Natanson’s iPhone so far because it’s protected by Lockdown Mode.

404 Media

FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled

Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might ...