Hi there!

🛡️ Security & Privacy

• 🚨 Bitwarden CLI 2026.4.0 compromised in supply chain attack — Attackers abused a GitHub Action in Bitwarden's CI/CD pipeline as part of the ongoing Checkmarx campaign; update immediately and rotate credentials. More
• Pack2TheRoot (CVE-2026-41651): cross-distro Linux privilege escalation — CVSS 8.8; exploits default configurations across multiple distros to escalate local user privileges to root; disclosed by Telekom Security. More
• GoGra Linux backdoor hides C2 inside Microsoft Outlook — The Harvester APT group's new Linux malware polls an Outlook folder named "Zomato Pizza" via Microsoft Graph API to receive encrypted commands. More
• Surveillance vendors abuse SS7/Diameter to geolocate phones — Citizen Lab exposes two multi-year campaigns where ghost telcos piggybacked on real carrier infrastructure to silently track targets' physical locations. More
• Prompt injection in Antigravity AI escalates to RCE and sandbox escape — Researchers chained a prompt injection attack into full remote code execution and broke out of the tool's sandbox entirely. More
• Atlassian turns on AI training data collection by default — Starting August 17, Jira and Confluence metadata feeds Atlassian's AI models; Free and Standard plan users cannot opt out of metadata collection. More
• Firefox integrates Brave's adblock engine — Firefox quietly ships Brave's high-performance Rust-based adblock engine, significantly boosting tracking and ad-blocking capabilities out of the box. More
• Firefox + Tor users can be de-anonymized via IndexedDB — A stable cross-context browser identifier links all your Tor Browser identities; a critical privacy vulnerability for high-risk users. More
• iOS 26.4.2 patches flaw that let FBI extract deleted Signal messages — The notification database bug allowed recovery of messages users believed were permanently gone; patch immediately. More
• StealTok: 130,000 TikTok users hit by fake video downloaders — Malicious browser extensions disguised as TikTok downloaders stole session tokens and personal data from over 130,000 victims. More
• Google Cloud + Wiz redefine security for the AI era at Next '26 — Integrated AI-native security posture management and threat detection across hybrid cloud environments takes center stage at Google's flagship cloud event. More

🛸 Tech

• Asahi Linux: Linux 7.0 progress report on Apple Silicon — After three years of 6.x kernels, Linux 7.0 arrives with major Asahi installer overhaul and ongoing Apple Silicon hardware support improvements. More
• X launches XChat: a standalone encrypted messaging app for iOS — End-to-end encrypted, ad-free, with disappearing messages, screenshot blocking, group chats, and audio/video calls; Android version coming soon. More
• Zed editor now runs parallel AI agents in one window — A new Threads Sidebar lets you orchestrate multiple independent agents simultaneously, each working on different tasks in the same project. More
• Framework Laptop 13 Pro: Ubuntu outsells Windows at launch — Ground-up redesign with Intel Core Ultra Series 3, 74Wh battery (20-hour life), custom 2880×1920 touchscreen, and backward-compatible modularity. More
• SpaceX secures option to buy AI startup Cursor for $60bn or partner for $10bn. More
• Anthropic quietly tests removing Claude Code from the Pro plan — A ~2% new-user experiment sparked significant backlash; Anthropic confirmed existing subscribers are unaffected and promised prior notice for any real changes. More
• EU mandates user-replaceable batteries in phones and tablets by 2027 — A major right-to-repair milestone: all EU-sold smartphones and tablets must ship with easily replaceable batteries starting next year. More
• Tailscale co-founder is building a new cloud (exe.dev) — David Crawshaw raises a Series A to build exe.dev, a developer-centric cloud that prioritizes simplicity and good computing experiences over abstraction layers. More

🤖 AI

• OpenAI releases GPT-5.5 and ChatGPT Images 2.0 — GPT-5.5 is a powerful agentic model excelling at coding, computer use, and multi-step professional work. Images 2.0 adds "thinking" to image generation: web search, 2K resolution, and up to 8 images per prompt. More (GPT-5.5) | More (Images 2.0)
• OpenAI Privacy Filter: PII redaction that runs on your laptop — Open-weight (Apache 2.0) 1.5B-parameter model with only 50M active parameters; strips personally identifiable information locally before any cloud call. More | Hugging Face
• Alibaba's Qwen3.6-27B outperforms its own 397B MoE on coding — Dense, Apache 2.0, multimodal, and fits in 16.8 GB quantized; matches Claude 4.5 Opus on Terminal-Bench 2.0. More
• Simon Willison's AI week digest: GPT-5.5, Images 2.0, and Qwen3.6-27B — Hands-on notes including running Qwen3.6-27B locally at ~25 tokens/sec; concise signal-to-noise field report on the week's model drops. More
• DeepSeek API documentation published — DeepSeek's full developer API reference is now live, making it straightforward to integrate their open-weight models into production pipelines. More
• How to build a Personal Agentic Operating System — AIDB's Nufar Gaspar introduces Agent OS: a free training program for orchestrating personal AI agents as a unified operating system. More
• What Claude Design is actually good for (and why Figma isn't dead) — Lenny's Newsletter builds a landing page, slides, and a redesign with Claude Design; also examines GPT Images 2.0's design implications. More
• Meta is capturing employee keystrokes to train AI agents — Meta's "Model Capability Initiative" records mouse movements, clicks, and keystrokes from employee computers across hundreds of websites to train computer-use models. More

🛠️ Tools

• ZCAM: a cryptographic camera that proves your photo is real — Succinct uses ZK proofs to generate unforgeable authenticity certificates for photos, fighting AI deepfakes at the capture layer. More
• Fusion Power Plant Simulator — An interactive web tool for adjusting gain, pulse rate, and conversion efficiency to visualize how a real fusion power plant would perform. More

💻 Misc

• The West forgot how to build things — and now it's forgetting how to code — A sharp essay on how outsourcing manufacturing eroded Western know-how, and how AI-assisted coding may be triggering the same cycle in software. More
• USB Cheat Sheet — A no-nonsense reference table decoding the chaotic marketing names (USB 3.2 Gen 2×2, SuperSpeed+) into actual speeds, wire counts, and cable lengths. More
• Coffee shapes your gut microbiome and cognition — A Nature Communications study links habitual coffee consumption to distinct microbiome profiles and measurable effects on host physiology and cognitive performance. More
• 56 Laws of Software Engineering in one place — A curated, searchable collection of timeless engineering principles (Conway's Law, Goodhart's Law, Postel's Law) organized by level and category. More
• I'm never buying another Kindle — After a decade of loyalty, Amazon's 2026 content-control changes make clear that you never truly own your Kindle library. More
• The beauty of bonsai styles — Longwood Gardens explores the artistry, philosophy, and classical forms behind bonsai — from formal upright to cascading and windswept styles. More

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan