AI ‘Vibe-Coding’ Triggers Massive Data Leaks

Over 5,000 AI-generated web applications are exposing sensitive corporate and personal data—including medical records and financial strategy documents—because ‘vibe-coding’ allows users to deploy apps without any security vetting or knowledge of authentication protocols.

Taiwan Rail System Hacked via 19-Year-Old Crypto Keys

A 23-year-old student stopped four high-speed trains for 48 minutes by broadcasting a General Alarm signal, exploiting a critical security failure where the rail network’s encryption keys had not been rotated in 19 years.

Chinese Grey Market Sells Discounted Claude API Access

Proxy networks in China are reselling Claude API access at 90% discounts, using the low cost as a lure to harvest proprietary source code and reasoning chains from users to train competing domestic AI models.

EU Targets VPNs as ‘Loophole’ for Age Verification

European regulators are labeling VPNs as a ’loophole’ that allows minors to bypass age-restricted content laws, leading to proposals that could force VPN providers to implement their own age verification systems.

Zig 0.16 Redesigns Async I/O to Kill ‘Function Coloring’

Zig 0.16 is introducing a rearchitected async I/O subsystem that solves ‘function coloring’—the problem where async functions can only be called by other async functions—allowing the same code to run on thread pools or event loops without recompilation.

Meta Scraps End-to-End Encryption for Instagram DMs

Meta is removing end-to-end encryption from Instagram DMs, citing low opt-in rates and directing users to WhatsApp for encrypted messaging, while facing lawsuits over the inability to detect child exploitation in encrypted chats.

GrapheneOS Patches Android VPN Leak Ignored by Google

GrapheneOS fixed a critical Android 16 vulnerability that leaked a user’s real IP address even when ‘Always-On VPN’ was enabled; Google declined to patch the flaw, labeling it ‘Won’t Fix’.