Hi there!

🛡️ Security & Privacy

• Microsoft details an exploit chain in AutoGen Studio's pre-release builds, letting a malicious web page hijack a local AI agent for remote code execution. More
• A new BootROM exploit, "usbliter8," permanently compromises Apple's A12 and A13 chips via a USB controller flaw — unfixable by software update. More
• FortiBleed: researchers exposed a verified credential database for roughly 74,000 Fortinet firewalls across 194 countries, hitting Samsung, Oracle, Siemens, and other global firms. More
• A blogger found roughly 10,000 fake GitHub repos that clone real projects' commit histories and quietly add malware-laced zip downloads to their READMEs. More
• A developer traced a fake LinkedIn recruiter to a GitHub repo whose npm "prepare" script secretly executed remote code on install, using stolen identities. More
• Apple is moving Hide My Email and Sign-in-with-Apple aliases onto one shared subdomain, making it trivial for sites to block all of them at once. More

🛸 Tech

• Git can ignore files three ways beyond .gitignore: per-repo via .git/info/exclude, or globally via ~/.config/git/ignore. More
• Ubiquiti launched ENAS, a license-free ZFS-based enterprise NAS with petabyte-scale storage, UniFi management, and native iSCSI block storage for virtualization clusters. More
• RealSense unveiled its D585 Pro depth camera with on-device AI processing and a Perception Studio SDK beta, targeting humanoid robots and industrial vision. More
• Iroh hit version 1.0: a peer-to-peer networking library that dials cryptographic keys instead of IP addresses, now with Python, Node, Swift, and Kotlin bindings. More
• GrapheneOS already ported its hardened Android fork to Android 17, with public alpha testing starting almost immediately after Google's own release. More
• SpaceX agreed to acquire Cursor-maker Anysphere for $60 billion in an all-stock deal, days after its blockbuster Nasdaq IPO, to boost AI coding. More
• A neat trick: bash's /dev/tcp pseudo-device lets you craft raw HTTP requests for quick connectivity checks inside minimal containers with no curl. More

🤖 AI

• Stanford's new benchmark finds local LLMs answer 88.7% of real queries correctly, with efficiency up 5.3x since 2023 — bloggers confirm local coding is now viable. More · More · More
• Zhipu's GLM-5.2 topped Artificial Analysis's open-weights Intelligence Index under an MIT license, with its lead researcher framing this as resistance to abrupt model-access cutoffs. More · More
• Midjourney announced Midjourney Medical: a 60-second full-body ultrasonic scanner rivaling MRI detail, paired with public "scan spas" opening in San Francisco by 2027. More
• Lenny's podcast breaks down AI agent "loops" — heartbeats, crons, hooks, and goals — then live-builds two autonomous loops in Claude Code and Codex. More
• Anthropic released a Swift package letting Claude plug into Apple's on-device Foundation Models framework, so apps can swap between local and cloud models. More

🛠️ Tools

Epic shipped Unreal Engine 5.8 and announced "the road to UE6," unifying Unreal Engine and UEFN into a single engine going forward. More

🐧 Misc

• Cornell offers its PhD-level compilers course "self-guided" online for free, with videos, papers, and open-source LLVM/Bril implementation tasks for anyone. More
• Anthropic published a founder's playbook mapping Idea, MVP, Launch, and Scale stages of an AI-native startup, with prompts and frameworks for using Claude. More
• A developer built a single-file WebGL watercolor simulator largely AI-coded with Claude, with a detailed write-up of its fluid-dynamics and rendering tricks. More
• A developer indexed 669GB of GoPro footage locally on an M1 Max using open ML models, then searched clips by description into DaVinci Resolve. More

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan