Hi there!

🛡️ Security & Privacy

• TanStack supply chain taken down by chained GitHub Actions exploit: An attacker combined a pull_request_target Pwn Request, GitHub Actions cache poisoning across fork/base trust boundaries, and in-memory OIDC token extraction to silently publish 84 malicious versions across 42 @tanstack/* npm packages — stealing AWS, GCP, Kubernetes, Vault, GitHub, and SSH credentials and exfiltrating via the Session P2P network. The malware also self-propagated and persisted via .claude/ and .vscode/ hooks. Detection by external researchers took ~20 minutes; Socket has been tracking it as the "Mini Shai-Hulud" campaign, which has since expanded to OpenSearch, Mistral AI, and Guardrails AI packages. Rotate credentials immediately if you ran any @tanstack/* install on May 11. [TanStack postmortem · More]
• Third Linux kernel LPE in two weeks (Fragnesia / CVE-2026-46300): Researcher William Bowling found yet another local-root flaw in the IPsec ESP / rxrpc stack: skb_try_coalesce() drops the SKBFL_SHARED_FRAG marker, allowing in-place AES-GCM decryption over page-cache pages — an unprivileged user can XOR a chosen keystream into /usr/bin/su and get root. Public PoC is already live. AlmaLinux shipped patches for AL8/9/10 ahead of Red Hat; stable kernels 7.0.6 and 6.18.29 carry the Dirty Frag fix. Patch and reboot. [More · LWN]
• Google Project Zero: 0-click Pixel 10 exploit via VPU driver: The Tensor G5's WAVE677DV video accelerator driver maps its MMIO region into userspace with remap_pfn_range but places no bounds on the mapping size — letting a caller map all physical memory starting from the VPU base. Since the kernel image lives at a known offset above the VPU region, arbitrary kernel read/write requires just five lines of code. The full 0-click chain (Dolby CVE-2025-54957 → VPU LPE) was patched in 71 days — a meaningful improvement in Android's triage speed. More
• First public macOS M5 kernel memory corruption exploit surviving MIE: Calif and Mythos Preview built a working data-only kernel LPE on macOS 26.4.1 running M5 with Memory Integrity Enforcement enabled — Apple's hardware ARM MTE-backed mitigation that supposedly disrupts every known public exploit chain. Two bugs, discovered by AI assistance and exploited in under a week. The 55-page report drops after Apple patches. More
• Windows 11 and Microsoft Edge both fell on day one of Pwn2Own Berlin 2026, with researchers successfully demonstrating exploits against Microsoft's flagship OS and browser during the competition's opening day. More
• Researcher publicly drops YellowKey and GreenPlasma Windows zero-days, releasing unpatched exploit code for two Windows vulnerabilities. The public disclosure puts pressure on Microsoft to patch fast. More
• CVE-2026-46333 (ssh-keysign-pwn): ptrace exit race condition in the Linux kernel allows privilege escalation via a race between ptrace detach and process exit. AlmaLinux bundled the fix with Fragnesia in the same kernel update — one dnf upgrade and reboot covers both. More
• iOS 26.5 ships default end-to-end encrypted RCS between iPhone and Android users, based on the GSMA Universal Profile spec. A padlock icon indicates encrypted conversations; the feature is on by default for both platforms — a long-overdue win for cross-platform secure messaging. More
• MongoDB critical patch released May 2026 — users are strongly encouraged to apply the update immediately. More
• Google now requires you to send an SMS instead of receiving one for new account registration. The QR code flow triggers an outbound SMS from your phone to Google, killing SMS pool services and most anonymous account creation workarounds. Privacy-minded users are scrambling for alternatives. More
• Engineer removes modem and GPS from his 2024 RAV4 Hybrid — step-by-step guide with photos, covering DCM removal, bypass kit installation to preserve the microphone, and GPS antenna disconnect to fix CarPlay location bugs. Bluetooth still phones home; USB only. More

🛸 Tech

• DuckDB launches "Quack" — a new HTTP-based client-server protocol enabling multiple concurrent writers for the first time. Built from scratch in 2026 with single-round-trip query execution, custom serialization, and token-based auth. Benchmarks are impressive: 60M rows transferred in under 5 seconds (vs 158 seconds for PostgreSQL), and 5,434 tx/s on small writes across 8 threads (beating Postgres). Available today as a core_nightly extension in DuckDB v1.5.2. More
• How one developer migrated their entire digital stack to Europe: Comprehensive walkthrough swapping Google Analytics → Matomo, Google Workspace → Proton Mail, DigitalOcean → Scaleway, AWS S3 → Scaleway Object Storage, Backblaze → OVH, SendGrid → Lettermint, Sentry → Bugsink, and OpenAI → Mistral API. Honest about trade-offs; a solid blueprint for digital sovereignty. More
• Fedora Hummingbird Linux introduced as "Agentic Linux for Builders" — a new Fedora variant focused on AI-native and agentic workflows for developers building the next wave of autonomous software. More
• Mullvad VPN exit IPs are a fingerprinting vector: Because Mullvad's exit node IPs are public and well-documented, websites can reliably identify Mullvad users simply by checking whether the client IP appears in Mullvad's known exit pool — bypassing the privacy benefit the VPN was supposed to provide. More

🤖 AI

• Local AI should be the norm, not cloud API calls: A sharp engineering essay arguing that defaulting to on-device AI (e.g., Apple FoundationModels API) is strictly better for privacy, reliability, and trust — no data retention questions, no network dependency, no distributed system overhead. Reserve cloud models for what they're genuinely needed for. More
• Anthropic publishes Claude Code best practices for large codebases: The enterprise playbook covers layered CLAUDE.md files (root → subdirectory), hooks for self-improvement, on-demand skills, LSP integrations for symbol-level navigation, MCP servers for internal tooling, and subagents for parallel exploration vs editing. TLDR: the harness matters as much as the model. More
• Running local LLMs on Apple Silicon costs ~3× more than cloud: On an M5 Max at 10–40 tokens/second, amortized hardware cost puts you at roughly $0.40–$4.79 per million tokens, versus ~$0.38–$0.50/M on OpenRouter for comparable models — and cloud is 2–7× faster. Hardware depreciation dominates. Makes economic sense only at the 10-year lifespan optimistic end. More
• OpenAI Codex now accessible from anywhere — mobile and web interfaces bring the agentic coding assistant beyond the desktop, enabling async background coding tasks from any device. More

🛠️ Tools

• Ratty — a GPU-rendered terminal emulator with a spinning rat cursor, inline 3D graphics, and presentation modes. Built in Rust with Ratatui, inspired by TempleOS. Weird, delightful, and probably the most visually ambitious terminal emulator around right now. More
• Start9 Router — privacy-first self-sovereign networking and app hosting layer from Start9, letting you run services without cloud dependency. More
• Osaurus AI — a local-first AI harness for macOS that lets you run agents, memory, tools, and models from your Mac while keeping data on-device by default. More

📚 Misc

Software Internals Book Club — Phil Eaton's 2,500+ member email club currently reading Operating Systems: Three Easy Pieces. Past reads include Database Internals, Systems Performance, and Concurrency Control and Recovery in Database Systems. No Zoom, purely async via Google Groups. Open to everyone. More

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan