May 22, 2026 tech news: TeamPCP's Massive Supply Chain Blitz; Linux Kernel's 9-Year-Old Root Flaw; xAI's $40B Compute Monetization Deal; Google's Botched Chromium Exploit Leak; Microsoft Defender Zero-Days in the Wild; Local AI Video Indexing at Scale; Seattle's Private Surveillance Network.

TeamPCP’s Massive Supply Chain Blitz

The hacking group TeamPCP has executed an unprecedented series of supply chain attacks, compromising over 3,800 internal GitHub repositories and hundreds of other organizations including OpenAI. The breach was triggered by a single employee installing a poisoned VS Code extension, highlighting a critical security blind spot in developer workstation tooling.

• https://www.wired.com/story/teampcp-software-supply-chain-attack-spree-github/
• https://www.securityweek.com/github-confirms-hack-impacting-3800-internal-repositories/
• https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/

Linux Kernel’s 9-Year-Old Root Flaw

A vulnerability (CVE-2026-46333) that existed undetected since 2016 allows local attackers to execute arbitrary commands as root and steal sensitive files like /etc/shadow on major distributions including Ubuntu, Debian, and Fedora.

• https://thehackernews.com/2026/05/9-year-old-linux-kernel-flaw-enables.html

xAI’s $40B Compute Monetization Deal

Anthropic will pay xAI $1.25 billion per month through 2029 to use the Colossus 1 data center. The deal, revealed in SpaceX’s IPO filing, suggests xAI overbuilt its capacity as Grok usage declined, turning a competitor into a primary revenue source.

• https://techcrunch.com/2026/05/20/anthropic-will-pay-xai-1-25-billion-per-month-for-compute/

Google’s Botched Chromium Exploit Leak

Google prematurely published exploit code for a Chromium vulnerability that has remained unpatched for 42 months. The flaw allows websites to turn millions of devices into a botnet for DDoS attacks and user monitoring, affecting Chrome, Edge, and Brave.

• https://arstechnica.com/security/2026/05/google-publishes-exploit-code-threatening-millions-of-chromium-users/

Microsoft Defender Zero-Days in the Wild

Microsoft is patching two zero-day vulnerabilities in Defender that are being actively exploited. One allows attackers to gain SYSTEM privileges, while the other can trigger denial-of-service states on Windows devices.

• https://www.bleepingcomputer.com/news/security/microsoft-warns-of-new-defender-zero-days-exploited-in-attacks/

Local AI Video Indexing at Scale

A developer successfully indexed a year of raw video footage locally using a five-year-old M1 Max MacBook, proving that local 31B-parameter models can replace expensive cloud AI for bulk semantic indexing of personal archives.

• https://blog.simbastack.com/indexed-a-year-of-video-locally/

Seattle’s Private Surveillance Network

An investigation revealed ‘Seattle Shield,’ a secretive network where the Seattle Police Department shares intelligence with private companies like Amazon and Facebook. The system is used to monitor protests and report ‘suspicious activity,’ effectively creating a private-sector informant apparatus.

• https://prismreports.org/2026/05/20/seattle-shield-private-companies-surveillance/