Backlist — 01 Jun 2026 UTC

Hackers used Meta’s AI support chatbot to steal Instagram accounts

Meta offloaded account recovery to an AI support flow that attackers reportedly used to change victim emails and take over high-profile Instagram accounts

Shai-Hulud malware hits 32 Red Hat cloud-services npm packages

A public malware toolkit was repurposed against Red Hat npm packages with about 80k weekly downloads, turning developer install scripts into credential-theft infrastructure

CIFSwitch: a 19-year Linux kernel flaw enabling root via forged cifs.spnego keys

A decades-old Linux CIFS authentication path reportedly lets unprivileged users forge keys and gain root across several mainstream distributions

US data center construction reaches a $51B annual pace

Official data shows data center construction spending up 268% since ChatGPT’s launch, before counting the servers and accelerators inside those buildings

Nvidia RTX Spark: 20 Arm cores, Blackwell RTX, and 128GB unified memory

Nvidia is pushing an Apple-Silicon-like Windows PC architecture with unified memory and local AI compute aimed at developers, creators, and gamers

Anthropic confidentially files for an IPO

Anthropic’s draft S-1 gives it the option to go public while frontier AI labs are becoming large, capital-intensive public-market candidates

Marvell announces 102.4 Tbps switch silicon for AI clusters

AI clusters increasingly bottleneck on networking, and Marvell’s Teralynx T100 targets the switch layer with a 102.4 Tbps part built specifically for accelerator fabrics

mRNAutilus: multi-objective generation of full-length mRNAs (t.co)

The framework jointly optimizes coding sequences and UTRs for expression, stability, and translation, and the authors report experimental validation

Physical AI is runtime-poor, not compute-poor

A robot serves one token stream at a time, so cheap edge GPUs can beat high-end datacenter GPUs on cost per useful token despite far lower bandwidth

Running a 284B-parameter DeepSeek model on a Raspberry Pi 5 (x.com)

A 284B-parameter quantized model reportedly runs above 1 token per second on an 8GB Raspberry Pi 5 at about 8 watts after extensive tuning

A browser ProRes decoder 3× faster than FFmpeg compiled to WASM

A custom in-browser ProRes decoder can outperform FFmpeg’s WASM path and points toward practical high-performance video editing directly in web apps

GrepSeek: search agents that grep raw text without embeddings or an index

A 9B open-weight model learns to write shell pipelines over a 14GB corpus and beats indexed retrieval baselines across several open-domain QA benchmarks

Memory chips are now 22% of South Korea’s exports

DRAM, SSDs, and HBM have grown from roughly 10% of Korean exports in 2018–2024 to 22% in 2026, overtaking autos by a wide margin

Strava adds an $11.99 monthly fee for developer API access (x.com)

Strava is putting developer APIs and more public data behind paywalls and authentication as AI scraping changes the cost-benefit equation for open APIs

Trying to source GPUs for serverless sandboxes in 2026

GPU providers are sold out for 9–10 months and demand large prepayments, making on-demand AI infrastructure a financing problem as much as a technical one

Could PyTorch use language editions to remove old footguns?

Breaking default changes are hard in mature frameworks, and edition-style opt-ins could let PyTorch batch safety improvements without fragmenting the ecosystem

Why larger models may learn better: less neuron competition (x.com)

The paper argues that larger models reduce interference between frequent and rare examples by giving tasks more representational capacity to coexist

Materials Property Axiom: scaling models on experimental materials data

The work targets experimentally measured materials properties instead of computed proxies, a key step toward models that help with real lab discovery

PGDG: learning robust bimanual robot manipulation from one demonstration (t.co)

A curation-guided data-generation pipeline expands a single robot demonstration into a compact dataset that trains a more robust behavior-cloning policy

Stop reporting 0.2% gains on saturated retrieval benchmarks

OBLIQ-Bench is proposed as a harder test for retrieval models and long-context LLMs when older benchmarks no longer distinguish real progress

Why markets are not chess benchmarks

Markets drift as participants, regimes, and incentives change, so self-play-style optimization does not transfer cleanly from fixed-rule games to trading

Software development as an R&D lab, not a factory

AI makes it cheaper to explore many prototypes, so the hard part of software shifts toward experimentation and selection rather than manufacturing identical outputs

Scaling Sendblue with jailbroken iPhones in a closet (x.com)

The early infrastructure for an iMessage-based product was literally stacked jailbroken iPhones drawing enough current to trip a household breaker

Avi Wigderson on P vs NP, SAT solvers, and zero knowledge

Wigderson is the only person to have won both the Turing Award and Abel Prize, and the interview covers core ideas in complexity and cryptography

Firefox DevTools experiments with session-history diagrams (t.co)

Visualizing browser session history could make navigation bugs and state transitions easier to inspect than the usual opaque back-forward stack

An agent skill that edits its own video walkthrough

A video-editing skill can cut pauses and filler words from recordings, then be evaluated by comparing the raw walkthrough against the edited result

TripoSplat: open-source single-image to 3D Gaussian generation (x.com)

The MIT-licensed model converts one 2D image into 3D Gaussians and introduces density-sampled allocation for controllable 3D asset generation

MiniMax M3: open-weights model with 1M context and sparse attention

MiniMax claims frontier coding and agent benchmarks while using sparse attention to scale native multimodal context to one million tokens

Editor’s note: imported_from_x_likes

Android developer verification raises new sideloading concerns (t.co)

Google’s developer-verification plan could reshape who can distribute Android apps outside official stores and how much identity infrastructure open mobile software requires

it’s all code! everything!

it’s all code! everything! mcp and toolboxes are solving an issue halfway. the full solution is: fast, safe, bounded, arbitrary code execution (with deps if needed). at the limit, the harness is the OS, maybe even the assembler.

We built new browser infra. 3-6x cheaper than rest

We built new browser infra. 3-6x cheaper than rest Custom Firecracker VMs. Custom Chromium fork. Bare metal. > $0.02/hour (cheapest on the planet) > Starts in under a second > 10,000 concurrent browsers > #1 in stealth We are speed. Live

there’s no way this is real oh my fucking god

there’s no way this is real oh my fucking god tldr: AI support system accepts AI generated video of the users profile picture for email change and password reset. Great work as usual Meta

Claude Opus 4.8 scores 70.9% on GBA Eval, the top score to date. Given 24 hours, it writes an emulator that plays…

Claude Opus 4.8 scores 70.9% on GBA Eval, the top score to date. Given 24 hours, it writes an emulator that plays most games, with working audio on all of them. It beats the previous best (GPT-5.5 at 53.2%) in under an hour.

LongTraceRL

LongTraceRL Teaches LLMs to reason through 128K contexts by learning from search agent trajectories and fine-grained entity-level rubric rewards.

Anthropic Opus 4.8 is new SOTA on ARC-AGI-3

Anthropic Opus 4.8 is new SOTA on ARC-AGI-3 Score: 1.5%, ~$10K ARC-AGI-3 analysis notes: * Opus 4.8 read the environment an abstraction *above* Opus 4.7, as objects & systems, not pictures * Opus 4.8 succeeded on early levels, but still c

My longest blog post to date, and it is dense!

My longest blog post to date, and it is dense! Long-context LLMs make KV cache memory the bottleneck: every cached token carries K/V tensors at every layer. I wrote a survey + code-first guide to KV cache compression: Attention Sink, L2,

I just shipped message-ui, build dynamic iMessage attachments with React.

I just shipped message-ui, build dynamic iMessage attachments with React. ◆ Charts ◆ Tables ◆ Text primitives ◆ Local preview + PNG export ◆ Tailwind support ◆ Works with Chat SDK Link

This is why enterprise AI is not just a model problem. If AI does not understand your company’s people, systems, …

This is why enterprise AI is not just a model problem. If AI does not understand your company’s people, systems, workflows, and permissions, it will not create much value. Context is what turns intelligence into useful work.

A Linux backdoor is being sold on the dark web for $1,600 USD. (t.co)

A Linux backdoor is being sold on the dark web for $1,600 USD. The developer called it "PamDOORa", while it abuses the Linux PAM stack for persistent SSH access, credential harvesting, and wiping logs. YouTube Video: https:// youtu.be/3YB

[arXiv 2026] dMoE: dLLMs with Learnable Block Experts (t.co)

[arXiv 2026] dMoE: dLLMs with Learnable Block Experts https:// fscdc.github.io/dMoE/ Overview of dMoE. We introduce block-level Mixture-of-Experts routing into diffusion large language models (dLLMs), enabling the model to adaptively selec

We’re increasing usage limits for every Teams user.

We’re increasing usage limits for every Teams user. Inspired by the success of our Ultra plan, we're also introducing a Premium team seat that includes 5x usage at only 3x the cost.

You can now measure Web Vitals directly from agent-browser

You can now measure Web Vitals directly from agent-browser agent-browser vitals [url] LCP / CLS / TTFB / FCP / INP React hydration when available Useful for debugging page load issues and verifying whether a change improved performance

Hackers say they used Meta's AI support chatbot to change emails tied to Instagram accounts amid a wave of high-p… (x.com)

Hackers say they used Meta's AI support chatbot to change emails tied to Instagram accounts amid a wave of high-profile account takeovers; Meta fixed the issue ( @jason_koebler / 404 Media) (Visit Techmeme dot com for the link and full co

We recently made Lovable apps server-side rendered, which means better default discoverability from search engine… (x.com)

We recently made Lovable apps server-side rendered, which means better default discoverability from search engines like Google and AI answer engines like ChatGPT and Perplexity. That meant rebuilding Lovable's foundations on @tan_stack S

However, Opus 4.8's emulator is not perfect. On Varooom 3D, it diverges after around 2,000 frames. This is better…

However, Opus 4.8's emulator is not perfect. On Varooom 3D, it diverges after around 2,000 frames. This is better than GPT-5.5 (whose emulator diverged after around 1,250 frames), but Opus 4.8 only scores 25% on this game.

To truly compare, you'd need to crash the python process (and lambda) at the end to force a cold start for the ne…

To truly compare, you'd need to crash the python process (and lambda) at the end to force a cold start for the next invocation. Otherwise sandbox N+1 may see state from sandbox N. And then you quickly run into the hard 1K new instances pe

FSB-linked Gamaredon group deploys advanced worm hiding in NTFS Alternate Data Streams to target Ukrainian netwo…

FSB-linked Gamaredon group deploys advanced worm hiding in NTFS Alternate Data Streams to target Ukrainian networks. Campaign active since January 2026 uses fileless VBScript and exploits WinRAR vulnerability for initial access. Key techn

Flipping the loop order in the attention kernel, iterating over KV blocks as the outer loop instead of queries m…

Flipping the loop order in the attention kernel, iterating over KV blocks as the outer loop instead of queries made it 4× faster than open-source sparse attention kernels Damn!!

CVE-2026-0257 in Palo Alto GlobalProtect allows auth bypass via forged VPN cookies. Rapid7 confirms active exploi…

CVE-2026-0257 in Palo Alto GlobalProtect allows auth bypass via forged VPN cookies. Rapid7 confirms active exploitation since May 17 across multiple customers. Patch immediately or disable auth override feature. #DFIR_Radar

M3 on (x.com)

M3 on @OpenRouter same day we dropped it . 1M context, frontier coding + agentic, native multimodal. 50% off the first week.

well it’s still pretty rough but this was my first RL Token rollout success. it’s definitely not yet an improveme…

well it’s still pretty rough but this was my first RL Token rollout success. it’s definitely not yet an improvement over the base vla but I’ve got a good pipeline in place and have been making small incremental improvements across multiple

Introducing Agent Cookie. For anyone running (x.com)

Introducing Agent Cookie. For anyone running @OpenClaw or @NousResearch 's Hermes on a Mac mini: I kept finding my agent logged out of everything, and it sucked. So I fixed it. "Add this to my Amazon cart." Sorry, logged out again. "Or

Reinforcement learning has exploded on Modal, and we've been cooking.

Reinforcement learning has exploded on Modal, and we've been cooking. Here's a review of lessons learned helping teams train at scale, the patterns we kept seeing, and an open-source library to get started with RL on Modal quickly.

In celebration of Static Hermes, here is Hermes bytecode decompilation using SSA represented in JS AST/IR and pat…

In celebration of Static Hermes, here is Hermes bytecode decompilation using SSA represented in JS AST/IR and pattern matching

Spent 20 mins faking a perspective mockup in Figma? (t.co)

Spent 20 mins faking a perspective mockup in Figma? Stop. → http:// perspectivemock.vercel.app Drop in a screenshot, tilt it in 3D, animate it with keyframes, export an MP4. No login. No watermark. No upload. Just ridiculously good pro

Our paper and code are now available. Check them out here! (t.co)

Our paper and code are now available. Check them out here! Paper: https:// arxiv.org/abs/2605.31443 Code: https:// github.com/C-Naoki/dynami c-adjustment … #ICML2026 @icmlconf

Killer new Codex feature that went unannounced:

Killer new Codex feature that went unannounced: Codex can now coordinate threads for local projects/worktrees. Includes separate background threads. Transforms Codex into a meta-agent that can orchestrate its own workspace.

Pricing has been announced for Cloudflare Pipelines, R2 SQL and R2 Data Catalog!

Pricing has been announced for Cloudflare Pipelines, R2 SQL and R2 Data Catalog! Billing has not been enabled, and there will be 30 days notice before it is enabled Pipelines - Streams (ingress): Free, regardless of volume. - SQL transfor

This Meta AI Support Assistant account takeover flow is so out of control. Allowing an AI Support Assistant to pr…

This Meta AI Support Assistant account takeover flow is so out of control. Allowing an AI Support Assistant to process IG account recovery flows and bypass 2FA?! Wish I played with it before it was patched today. Attackers claim ATO flow is

Anthropic paying spaceXai $24b in revenue per nameplate GW.

Anthropic paying spaceXai $24b in revenue per nameplate GW. SpaceXai spent $29b per GW building out that capacity. If the contract were to last 5 years, $50+ billion in cumulative pre-tax cashflow. Being wildly efficient at converting

MTP is used, and they show significant eval boost from it, but no eval loss improvement

MTP is used, and they show significant eval boost from it, but no eval loss improvement their MTP is slow (7%, vs 4-5% of ours) but they claim "significant quality improvements". Also they use 0.1 weight only. Ablation is on similar siz

Today we are launching our most-requested feature.

Today we are launching our most-requested feature. Nunu for Windows! Our agents can now connect to full Windows PCs. From testing games and software to automating millions of workflows. You can try it on our website today.

Very excited to have this paper out! We show by having more parameters, larger models see reduced interference be…

Very excited to have this paper out! We show by having more parameters, larger models see reduced interference between updates. This allows them to retain memories of rarely observed samples of a task, eventually allowing them to learn even

Here's Claude Opus 4.8's emulator running Collie Defense, where it scores 99.8% on video and 91% on audio. On mos…

Here's Claude Opus 4.8's emulator running Collie Defense, where it scores 99.8% on video and 91% on audio. On most games we tested, gameplay is near-perfect, with some audio imperfections.

A prompt can cost a million times more than an HTTP request, so token theft is a high-margin business for attackers.

A prompt can cost a million times more than an HTTP request, so token theft is a high-margin business for attackers. How we protect our AI endpoints ↓

Supply chain compromise hits 32 RedHat npm packages with "Miasma" malware variant derived from publicly released … (x.com)

Supply chain compromise hits 32 RedHat npm packages with "Miasma" malware variant derived from publicly released TeamPCP toolkit. Attack targets developer credentials and secrets through preinstall scripts. Key technical details: • 32 pack

inkwell has 1m~ locs and 2m~ lines of tests.

inkwell has 1m~ locs and 2m~ lines of tests. there is a single file with 50,000 locs. it's disgusting. so i built a jsx compiler and a full stack framework with deep observability & linting rules. then i set codex 5.5 with /goal at the t

The trouble with uncertainty quantification in ML is a lack of guarantee: prediction intervals that are too short…

The trouble with uncertainty quantification in ML is a lack of guarantee: prediction intervals that are too short and class probabilities are miscalibrated. A solution: conformal prediction. To get started, I wrote a beginner-friendly, ha

Our harness discovered multiple 0-days in networking stack of Linux Kernel (using publicly accessible LLMs) (x.com)

Our harness discovered multiple 0-days in networking stack of Linux Kernel (using publicly accessible LLMs) This is one of many CVEs to come Thank you @GuanniQu for great collaboration!!

Claude Opus 4.8 (xhigh) scores 82.9% on WeirdML, right behind GPT 5.5.

Claude Opus 4.8 (xhigh) scores 82.9% on WeirdML, right behind GPT 5.5. We now also (unlike 4.7) see a clear scaling with output token use: - no thinking: 2.4k tokens, 70.5% - medium: 4.3k, 76.0% - xhigh:

If you're serious about RL, you eventually need to get your hands dirty and do the math. Precision isn't an imple… (t.co)

If you're serious about RL, you eventually need to get your hands dirty and do the math. Precision isn't an implementation detail, the gradient flow itself depends on it, infinitely more than in supervised training. Check this out https:/

The desktop is DGX Station with GB300! It does have 768GB of memory

The desktop is DGX Station with GB300! It does have 768GB of memory It also starts at ~$92,000

My 2024 MacBook Pro finally saw GPU usage today!

My 2024 MacBook Pro finally saw GPU usage today! Officially promoted it from “expensive Chrome browsing machine” to “tiny training cluster"

Multi-stage infection chain: Unknown RAT delivers NetSupport RAT via SmartApeSG ClickFix campaign. Initial RAT ma…

Multi-stage infection chain: Unknown RAT delivers NetSupport RAT via SmartApeSG ClickFix campaign. Initial RAT maintains persistent C2 since April 2026, now pushing secondary payloads through encoded traffic over port 443. Attack chain bre

A new lens on attention that I've been thinking:

A new lens on attention that I've been thinking: each key in attention defines a hyperplane in query space. The score qᵀk isn't just similarity — it's a signed incidence. Which side of the key-plane the query sits on, and how far.

FUD 'Запит СБУ щодо надання інформації №843.pdf.js' seen from Poland and Ukraine (x.com)

FUD 'Запит СБУ щодо надання інформації №843.pdf.js' seen from Poland and Ukraine @abuse_ch https:// bazaar.abuse.ch/sample/8444720 0aef49356af5e776b95fec129f293d83e7b5f7e8c3e88e1d15f49fea9/ … @500mk500 @hasherezade

1/ Using rules like "don't read .env" are not reliable to protect your keys since models many times ignore one-of…

1/ Using rules like "don't read .env" are not reliable to protect your keys since models many times ignore one-off instructions like this in long horizon, large context work. Give Cline plugins a try, where you can hook into the agent life

Introducing InsForge Compute.

Introducing InsForge Compute. Deploy long-running backend services as Docker containers via your coding agent. It writes the Dockerfile, builds the image, injects env vars, runs the container, and returns a live URL. All in under 60 seco

I have a personal series of "benchmark" queries I use to evaluate LLMs (mostly of the form: "here are some initia…

I have a personal series of "benchmark" queries I use to evaluate LLMs (mostly of the form: "here are some initial project ideas, judge where to take it") For a while Claude has been dominant; but I checked Claude 4.8 vs ChatGPT 5.5 and GP

Was the issue "typing the word 'workflow' in any part of your prompt spawns excessive parallel subagents"

Was the issue "typing the word 'workflow' in any part of your prompt spawns excessive parallel subagents"

I'm the data protection guy at my company, and one thing I'm learning is that people love uploading confidential …

I'm the data protection guy at my company, and one thing I'm learning is that people love uploading confidential information into ChatGPT.

CVE-2026-4387: Critical StrongDM flaw allowed attackers to steal and reuse authentication state files across host…

CVE-2026-4387: Critical StrongDM flaw allowed attackers to steal and reuse authentication state files across hosts for persistent access. Plaintext JWT and key pairs in user directories enabled session hijacking without credential theft. K

Palo Alto Networks says Mythos found 24+ critical bugs, burning $1M+ of tokens, subsidized by Anthropic; some com… (x.com)

Palo Alto Networks says Mythos found 24+ critical bugs, burning $1M+ of tokens, subsidized by Anthropic; some companies say they plan to boost Mythos spending ( @aaronpholmes / The Information) (Visit Techmeme dot com for the link and ful

To get good animations from an AI you need to get good at telling it what you want: (t.co)

To get good animations from an AI you need to get good at telling it what you want: - "stagger this list of items" - "make this animation direction-aware" - "spacial consistency", "crossfade", "layout animation", I made a motion vocabula

I started offering OpenClaw hosting services at the beginning of the year, deploying 500 Pods on a single k8s clu…

I started offering OpenClaw hosting services at the beginning of the year, deploying 500 Pods on a single k8s cluster, with each Pod limited to 4GB of runtime memory. I kept 18 servers with 4 cores and 16GB RAM running daily as the node poo

Prompt-free self-training can work when the synthetic corpus is compatible with the student.

Prompt-free self-training can work when the synthetic corpus is compatible with the student. The setup is intentionally minimal: BOS-only text sampled from a base model, then used for continued training without prompts, verifiers, reward m

This is THE moment of Physical AI!

This is THE moment of Physical AI! We are officially announcing Cosmos 3: Omnimodal World Models for Physical AI - Cosmos 3 is an omnimodal world model: within a unified architecture, it can understand and generate language, images, vide

I made this to encapsulate thee enormous delta / experience between using GPT-5.5 Extended Thinking and Codex Go…

I made this to encapsulate thee enormous delta / experience between using GPT-5.5 Extended Thinking and Codex Goal Mode today

M3 on (x.com)

M3 on @AskVenice , available anonymously open-weight, frontier coding + agentic, 1M context, native multimodal. Live on day one

https:// (t.co)

https:// hallucinate.site https:// github.com/stagas/halluci nate …