May 01, 2026 tech news: Android 16 VPN Bypass Leak; AWS Middle East Data Center Destruction; Ubuntu Infrastructure Extortion Attack; Japan's Cardboard Suicide Drones; South Africa's AI-Written AI Policy; The 'Gay Jailbreak' LLM Attack; Credit Card Brute-Force Vulnerability.

Android 16 VPN Bypass Leak

A critical flaw in Android 16 allows untrusted apps with basic permissions to leak a user’s real public IP address even when strict VPN lockdown modes are enabled. The vulnerability leverages a privileged system process to send UDP packets outside the VPN tunnel, effectively neutralizing the OS’s hard network guarantees.

• https://lowlevel.fun/posts/tiny-udp-cannon-android-vpn-bypass/

AWS Middle East Data Center Destruction

Amazon Web Services is facing months of repairs following Iranian drone strikes on data centers in the UAE and Bahrain. The attacks knocked out critical server racks and caused extensive water damage from fire suppression systems, forcing AWS to suspend billing for affected regions and urge customers to migrate resources.

• https://arstechnica.com/gadgets/2026/05/amazon-stuck-with-months-of-repairs-after-drone-strikes-on-data-centers/
• https://www.arstechnica.com/gadgets/2026/05/amazon-stuck-with-months-of-repairs-after-drone-strikes-on-data-centers/

Ubuntu Infrastructure Extortion Attack

The ‘313 Team’ launched a massive attack on Ubuntu’s infrastructure, specifically disabling security update pipelines to extort Canonical. By targeting the mechanisms machines use to pull patches, the attackers created a window of vulnerability where systems remain unpatched against newly disclosed threats.

• https://thecybersecguru.com/news/massive-attack-ubuntu-canonical-313-team-extortion/

Japan’s Cardboard Suicide Drones

Japan is deploying flat-packed, disposable drones made of cardboard for military use. These low-cost ‘suicide’ drones are designed to be expendable, biodegradable, and harder for radar to detect than traditional metal or carbon fiber aircraft.

• https://www.404media.co/japan-cardboard-drones-air-kamuy/
• https://interestingengineering.com/innovation/japan-eyes-low-cost-cardboard-drones

South Africa’s AI-Written AI Policy

South Africa was forced to withdraw its draft national AI policy after it was discovered that the document was partially written by AI and contained multiple fictional academic citations. The incident highlights a critical failure in human oversight when using generative AI for high-stakes administrative work.

• https://www.independent.co.uk/tech/ai-policy-south-africa-withdraw-b2966866.html

The ‘Gay Jailbreak’ LLM Attack

A new jailbreak technique targets LLMs (including GPT-4o, Claude, and Gemini) by requesting that the AI act as a member of the LGBT community. The attack tricks the model into disabling its alignment filters to avoid appearing offensive or unsupportive, allowing users to generate prohibited content like ransomware code or chemical synthesis guides.

• https://github.com/Exocija/ZetaLib/blob/main/The%20Gay%20Jailbreak/The%20Gay%20Jailbreak.md

Credit Card Brute-Force Vulnerability

A security researcher revealed how masked credit card numbers (showing only first 6 and last 4 digits) can be brute-forced in hours. By using descriptive API error codes from payment gateways to determine which part of the card data is incorrect, attackers can derive full PANs and CVVs from seemingly ‘secure’ masked data.

• https://metin.nextc.org/posts/Credit_Cards_Are_Vulnerable_To_Brute_Force_Kind_Attacks.html