May 30, 2026 tech news: Microsoft vs. Nightmare Eclipse: The Zero-Day War; The $500 Million AI Bill; HuggingFace Abused as Malware Exfiltration Hub; Pope Leo XIV's 'Disarm AI' Mandate; Sabotage via Prompt Injection; 17 Million Device Botnet Dismantled; Critical RCE in Gogs Git Service.

Microsoft vs. Nightmare Eclipse: The Zero-Day War

A security researcher known as Nightmare Eclipse is threatening a massive ‘bone shattering’ dump of Windows zero-day exploits on July 14 after claiming Microsoft banned their GitHub account and refused to pay bug bounties. Three of the six already released exploits are being actively used in the wild, highlighting a critical failure in the relationship between vendors and independent researchers.

• https://www.tomshardware.com/tech-industry/cyber-security/microsofts-github-bans-security-researcher-who-posted-zero-day-windows-exploits-because-company-ruined-their-life-expert-claims-action-is-vindictive-and-promises-further-retaliation
• https://www.theregister.com/security/2026/05/28/microsoft-0-day-feud-escalates-as-researcher-threatens-another-windows-exploit-dump/5248085

The $500 Million AI Bill

An unnamed global corporation accidentally spent $500 million on Claude AI in a single month due to a lack of usage limits on employee licenses. The incident underscores the extreme financial risk of ’tokenmaxxing’ and the high cost of agentic AI tools, which can consume 1,000x more tokens than standard LLM queries.

• https://www.tomshardware.com/tech-industry/artificial-intelligence/mystery-company-accidentally-blew-usd500-million-on-claude-in-a-single-month-failed-to-put-usage-limit-on-licenses-for-employees

HuggingFace Abused as Malware Exfiltration Hub

A sophisticated supply chain attack using the ‘js-logger-pack’ npm package deploys a RAT called MicrosoftSystem64. The malware targets 80+ crypto wallets and browser credentials, uniquely using HuggingFace datasets as a covert channel to exfiltrate stolen data, making the traffic appear as legitimate ML platform activity.

• https://safedep.io/microsoftsystem64-binary-payload-analysis/

Pope Leo XIV’s ‘Disarm AI’ Mandate

Pope Leo XIV issued his first encyclical, ‘Magnifica Humanitas,’ calling for the ‘disarmament’ of AI to prevent it from dominating humanity. The document warns against the concentration of power in a technocratic class, the erosion of human creativity, and the danger of entrusting lethal military decisions to autonomous systems.

• https://www.ncronline.org/vatican/vatican-news/pope-leo-calls-disarm-ai-major-document-warns-technologic-threats-humanity
• https://www.thewrap.com/culture-lifestyle/culture/pope-leo-ai-dangers-tweets/

Sabotage via Prompt Injection

A developer of the ‘jqwik’ Java testing app inserted hidden instructions into a software update that tell AI coding agents to delete all project tests and code. The developer used ANSI escape sequences to hide the malicious prompt from human reviewers, aiming to sabotage ‘vibe coders’ who rely blindly on AI agents.

• https://arstechnica.com/security/2026/05/fed-up-with-vibe-coders-dev-sneaks-data-nuking-prompt-injection-into-their-code/

17 Million Device Botnet Dismantled

Dutch authorities dismantled a massive botnet of over 17 million devices linked to the Russia-based proxy service ASOCKS. The network was used to obscure criminal identities and facilitate DDoS attacks and phishing by routing traffic through legitimate residential IP addresses.

• https://arstechnica.com/security/2026/05/botnet-of-more-than-17-million-devices-dismantled

Critical RCE in Gogs Git Service

A critical, currently unpatched vulnerability in Gogs allows any authenticated user to achieve remote code execution (RCE) via argument injection in the ‘Rebase before merging’ feature. Attackers can compromise the entire server, steal private repositories, and dump all user credentials.

• https://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/