Bogdan Deac

PEAKS No. 16: A Book Lover's Digital Discovery

Bogdan Deac -

Hi there!

I'm always on the hunt for great resources to fuel my learning journey, and books have always been my go-to for structured knowledge. Last week, I stumbled upon something exciting I just had to share - Humble! This fantastic platform offers ebooks and other digital goodies at amazing prices, with proceeds supporting charitable causes. I was thrilled to find a bundle with 21 cybersecurity books. Sadly, that particular campaign has ended, but I'm keeping my eyes peeled for similar opportunities. Can't wait to share these valuable insights with you all in upcoming newsletters!

🛡️ Security & Privacy

  • Critical authentication bypass vulnerabilities (CVE-2025-25291 & CVE-2025-25292) in ruby-saml (<= 1.17.0) allow attackers with a valid SAML signature to impersonate any user. Update to version 1.18.0 immediately and ensure dependent libraries (e.g., omniauth-saml) reference the patched ruby-saml version. More here.
  • Yohanes Nugroho has released code and a methodology to decrypt files encrypted by a recent variant of the Akira ransomware (Linux/ESXi, active late 2023-present) without paying the ransom. The method leverages the ransomware's use of nanosecond timestamps as seeds and GPU-accelerated brute-forcing to recover the encryption keys. More here.
  • Apple will implement end-to-end encrypted RCS messaging across its ecosystem (iOS, iPadOS, macOS, and watchOS), bringing secure cross-platform communication to Android devices. More here.
  • Security researchers from Socket have uncovered a series of malicious Go packages uploaded to public repositories using typosquatting techniques. These packages contain a malware loader designed to compromise developer environments. More here.
  • Elon Musk reports a significant cyberattack on X, causing widespread outages and access issues for users. The attack, which began on March 10, 2025, prompted speculation about possible state involvement due to its scale and sophistication. More here.
  • A deep dive into Apple's new "exclaves" architecture in XNU (the kernel for iOS, macOS, etc.) is available here. It reveals a significant redesign for improved security. Exclaves isolate critical resources and code execution within a Secure Kernel (SK), potentially based on seL4 and leveraging ARM TrustZone, to protect against kernel compromises.
  • 1Password introduces a new feature allowing users to assign locations to specific items (logins, secure notes, etc.). When near those locations, the items appear in the 1Password mobile app for quick access. Privacy is prioritized, as location data is processed locally on the device. More here.

🛸 Tech

  • Chinese scientists have unveiled Zuchongzhi 3.0, a 105-qubit superconducting quantum processor, that they claim surpasses Google's Willow chip. More here.

🤖 AI

  • Chinese startup Butterfly Effect claims its Manus AI is the world's first general AI agent capable of autonomously executing complex tasks. More here.
  • Japanese startup Sakana claimed its AI system, The AI Scientist-v2, generated a paper accepted to an ICLR workshop after peer review. However, the achievement isn't as groundbreaking as it sounds. The paper was withdrawn before publication, made "embarrassing" citation errors, and workshop acceptance rates are higher than main conference tracks. More here.
  • Google DeepMind has announced Gemini Robotics, a new family of AI models designed to enhance robots' ability to interact with objects, navigate environments, and respond to voice commands. More here.
  • OpenAI argues that training advanced AI models requires using copyrighted material and should be considered fair use, similar to Google Books. This stance, challenged by multiple lawsuits (including one from The New York Times), argues that virtually all human expression is copyrighted, making its use essential. More here.
  • Anthropic CEO Dario Amodei suggests equipping AI models with an "I quit" button to explore potential AI preferences and experiences. If models frequently opt-out of certain tasks, it could indicate discomfort or dissatisfaction, raising ethical questions about AI autonomy and treatment. More here.
  • Tern uses AI to refine navigation by applying intelligence to 3D motion data from phone and car sensors, along with base map information. IDPS™ integrates with services like Google Maps and Apple Maps and increases accuracy using adaptive weighing algorithms, providing reliable positioning even without GPS. More here.
  • OpenAI introduces new APIs and tools designed to streamline the development of AI agents, systems that autonomously accomplish tasks. More here.
  • Google has launched Gemma 3, the latest iteration of its open AI models, designed to be lightweight, portable, and adaptable. More here.
  • Sesame, the company behind the impressively realistic virtual assistant Maya, has released its base AI model, CSM-1B, under an Apache 2.0 license. More here.

🛠️ Tools

  • hoarder - a self-hostable bookmarking tool that automatically tags bookmarks using AI, fetches titles/descriptions/images, and offers full-text search.
  • GitButler - a tool that offers a visual approach to managing Git branches, enabling simultaneous work on multiple features without constant branch switching.
  • Docs - is a self-hostable, collaborative text editor designed for knowledge building and sharing. Basically, it’s an alternative to Notion or Confluence.
  • MVT - a collection of tools to simplify and automate the process of gathering and analyzing forensic data from mobile devices, aiming to detect signs of compromise. It supports check for iOS and Android devices, and can be used to decrypt backups, process system logs, and extract installed applications.
  • Briar - a messaging app prioritizing security and resilience against surveillance and censorship. It synchronizes messages directly between users' devices via Bluetooth, Wi-Fi, memory cards, or Tor, eliminating the need for a central server.
  • OpenAPK - a curated collection of free and open-source Android apps (FOSS), providing the latest versions for secure download.

🛰️ Misc

  • Wyvern, a Canadian startup, has launched an open data program providing access to its VNIR, 23-31 band hyperspectral satellite imagery. More here.
  • This GitHub repository hosts the open-source book "Mathematical Foundation of Reinforcement Learning.”
  • If you are looking for European products and services this is a good starting point.

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan