Pope Leo XIV Issues AI Manifesto Pope Leo XIV released ‘Magnifica Humanitas,’ an encyclical warning that AI controlled by a few powerful companies risks ‘dehumanization’ and fueling global conflict. The Pope calls for the ‘disarmament’ of AI—removing it from military and monopolistic control—and argues that technology is never neutral, reflecting the priorities of its creators. In an unusual move, he presented the document alongside Anthropic co-founder Chris Olah, signaling a direct effort to influence AI developers. ...

AI’s Cost Paradox: Tokens vs. Human Labor Major tech firms like Microsoft and Uber are scaling back internal AI tool usage after discovering that the cost of compute tokens can exceed the cost of human employees. This ’tokenmaxxing’ trend is creating a financial paradox where increased efficiency and the use of AI agents drive aggregate costs up even as unit prices for tokens drop. https://fortune.com/2026/05/22/microsoft-ai-cost-problem-tokens-agents/ WiFi Signals Now Used for Invisible Surveillance Researchers have developed a method to identify individuals with nearly 100% accuracy simply by recording WiFi communication patterns in their surroundings. Because the system uses existing router feedback signals, it can track people who aren’t even carrying a device, effectively turning every standard WiFi router into a potential invisible surveillance tool. ...

TeamPCP’s Massive Supply Chain Blitz The hacking group TeamPCP has executed an unprecedented series of supply chain attacks, compromising over 3,800 internal GitHub repositories and hundreds of other organizations including OpenAI. The breach was triggered by a single employee installing a poisoned VS Code extension, highlighting a critical security blind spot in developer workstation tooling. https://www.wired.com/story/teampcp-software-supply-chain-attack-spree-github/ https://www.securityweek.com/github-confirms-hack-impacting-3800-internal-repositories/ https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/ Linux Kernel’s 9-Year-Old Root Flaw A vulnerability (CVE-2026-46333) that existed undetected since 2016 allows local attackers to execute arbitrary commands as root and steal sensitive files like /etc/shadow on major distributions including Ubuntu, Debian, and Fedora. ...

AI Solves 80-Year-Old Geometry Mystery An OpenAI model has disproved the planar unit distance problem, a central conjecture in discrete geometry posed by Paul Erdős in 1946. Unlike previous AI efforts, this was achieved by a general-purpose reasoning model rather than a specialized math system, demonstrating a level of original ingenuity and complex reasoning that allows AI to move beyond a helper role to a primary researcher in frontier mathematics. ...

CISA Contractor Leaks High-Privilege Cloud Keys A CISA contractor accidentally exposed highly privileged AWS GovCloud keys and plaintext passwords for internal systems on a public GitHub repository. The leak, described as one of the most egregious government data exposures in recent history, included credentials to the agency’s secure code development environment and internal artifactory, potentially allowing attackers to inject backdoors into government software. https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/ Massive npm Supply Chain Attack via ‘Mini Shai-Hulud’ Over 300 npm packages, including high-traffic libraries like size-sensor and echarts-for-react, were compromised in a rapid automated burst. The malware harvests a vast array of credentials (AWS, GCP, Azure, GitHub, Kubernetes) and employs advanced persistence techniques, including hijacking AI coding agents and escaping Docker containers to gain host filesystem access. ...

AI-Powered Exploit Breaks Apple M5 Security Security researchers used AI (Mythos Preview) and human expertise to build a working kernel exploit in five days, bypassing a hardware security system Apple spent five years and billions of dollars to develop. This demonstrates that even the most advanced hardware-level mitigations can be rapidly dismantled when paired with AI-driven vulnerability discovery. https://blog.calif.io/p/first-public-kernel-memory-corruption https://cyberinsider.com/signal-threatens-to-leave-canada-over-proposed-lawful-access-bill/ Fisker Owners Build Open-Source Car Company After Fisker’s bankruptcy left 11,000 Ocean SUV owners with ‘software-based cars’ that lost critical cloud functionality, the owners organized into a volunteer-run company. They reverse-engineered firmware and mapped CAN buses to prevent their vehicles from becoming e-waste, highlighting the urgent need for software escrow in the auto industry. ...

AI-Driven Exploits Breach Apple M5 Security Security researchers used Anthropic’s Claude Mythos to discover a privilege escalation exploit on Apple’s M5 chip, granting root access to macOS. The exploit successfully bypasses Memory Integrity Enforcement (MIE), a hardware-level security feature designed to prevent buffer overflows and use-after-free vulnerabilities. https://www.tomshardware.com/tech-industry/cyber-security/apple-m5-architecture-suffers-first-privilege-escalation-exploit-anthropics-claude-mythos-helps-researchers-bypass-memory-integrity-enforcement Pixel 10 Zero-Click Root Exploit Uncovered Google Project Zero discovered a 0-click exploit chain for the Pixel 10 that grants root access. The vulnerability lies in the VPU driver, which fails to bound mmap syscalls, allowing an attacker to map the entire kernel image into userspace and overwrite kernel functions. ...

The Secret ‘Quirks’ Files in Your Browser Modern browsers like Safari and Firefox ship hidden ‘quirks’ files containing thousands of lines of code that specifically target domains like TikTok, Netflix, and Instagram to fix bugs the sites themselves won’t repair. This creates a systemic asymmetry where the web is built for Chrome, and other browsers must either let sites break or write custom workarounds to maintain a functional user experience. ...

AI Data Centers Spark National Backlash A growing ‘Not In My Backyard’ movement is emerging as AI data centers strain local resources. In Utah, a project twice the size of Manhattan is facing fierce opposition for its 9GW power demand; in Nevada, 49,000 residents may lose power as utilities redirect energy to AI hubs; and in Georgia, a facility drained 30 million gallons of water without payment. A Gallup poll confirms 71% of Americans now oppose local AI data center construction. ...

Massive Supply Chain Attack Hits AI and Dev Ecosystems A massive coordinated attack compromised over 170 packages across the TanStack, Mistral AI, and UiPath ecosystems. The malware targets AWS, GitHub, and HashiCorp Vault credentials and uses a self-spreading vector by poisoning IDE configurations for Claude Code and VS Code users. https://safedep.io/mass-npm-supply-chain-attack-tanstack-mistral/ Google Warns of AI-Driven Zero-Day Exploits Google has disrupted a criminal operation that used AI to find a previously unknown security flaw, signaling a shift toward ‘industrial-scale’ AI-driven cyberattacks. The report highlights a race between defenders and attackers as AI lowers the barrier for reverse-engineering and exploit generation. ...