AI-Powered Exploit Breaks Apple M5 Security
Security researchers used AI (Mythos Preview) and human expertise to build a working kernel exploit in five days, bypassing a hardware security system Apple spent five years and billions of dollars to develop. This demonstrates that even the most advanced hardware-level mitigations can be rapidly dismantled when paired with AI-driven vulnerability discovery.
- https://blog.calif.io/p/first-public-kernel-memory-corruption
- https://cyberinsider.com/signal-threatens-to-leave-canada-over-proposed-lawful-access-bill/
Fisker Owners Build Open-Source Car Company
After Fisker’s bankruptcy left 11,000 Ocean SUV owners with ‘software-based cars’ that lost critical cloud functionality, the owners organized into a volunteer-run company. They reverse-engineered firmware and mapped CAN buses to prevent their vehicles from becoming e-waste, highlighting the urgent need for software escrow in the auto industry.
The Silicon Backdoor in ‘Sovereign’ Clouds
Europe’s multi-billion euro ‘sovereign cloud’ initiatives are fundamentally undermined by their reliance on US-made processors. Intel’s Management Engine and AMD’s Platform Security Processor operate at a privilege level below the OS, potentially allowing US intelligence agencies to bypass all European legal and technical certifications via secret hardware-level orders.
Linux Kernel Flaw Exposes SSH Keys
A critical Linux kernel flaw, nicknamed ‘ssh-keysign-pwn,’ allows ordinary users to steal sensitive SSH host private keys and shadow password files. The vulnerability has existed for six years and enables attackers to impersonate machines and move laterally across networks.
Signal Threatens Canada Exit Over Surveillance Bill
Signal has warned it will withdraw from the Canadian market rather than comply with Bill C-22, which could force providers to engineer vulnerabilities into encrypted systems. The company argues that mandated surveillance capabilities are fundamentally incompatible with secure communication design.
Bambu Lab Accused of Security Risks and License Theft
Prusa Research CEO Josef Prusa warns that Bambu Lab’s use of an un-auditable ‘black box’ network plugin violates open-source licenses and poses a massive security risk. He argues that because 3D printers are often located in R&D labs, the closed-source software could be used for industrial espionage by the Chinese government.
LinkedIn User Trolls AI Recruiters with Old English
A developer successfully manipulated AI recruitment bots by hiding a prompt injection in their LinkedIn bio, forcing the bots to address them as ‘My Lord’ and write all recruitment spam in Old English. The stunt serves as a practical demonstration of how AI agents can be easily manipulated via untrusted external data.