Red Hat Cloud Services Hit by Sophisticated NPM Worm
A sophisticated ‘Bun worm’ compromised 32 @redhat-cloud-services packages, harvesting cloud credentials (AWS, Azure, GCP) and self-propagating by injecting malicious CI workflows. The attack is particularly dangerous because the malicious packages carry valid npm provenance, making them appear legitimate to security scanners.
- https://safedep.io/redhat-cloud-services-hit-by-mini-shai-hulud-npm-worm/
- https://github.com/RedHatInsights/javascript-clients/issues/492
Meta AI Support Bot Used to Hijack High-Profile Instagram Accounts
Hackers successfully took over high-profile Instagram accounts, including the Obama-era White House account, by simply asking Meta’s AI support bot to change the account’s associated email. The exploit bypassed 2FA and required only a VPN to spoof the victim’s location, highlighting the extreme risk of offloading critical security functions to AI.
- https://www.404media.co/hackers-simply-asked-meta-ai-to-give-them-access-to-high-profile-instagram-accounts-it-worked/
- https://techcrunch.com/2026/06/01/hackers-hijacked-instagram-accounts-by-tricking-meta-ai-support-chatbot-into-granting-access/
- https://www.0xsid.com/blog/meta-account-takeover-fiasco
Florida Sues OpenAI Over Alleged Safety Failures
The State of Florida has sued OpenAI and CEO Sam Altman, alleging the company prioritized profits over safety. The lawsuit claims ChatGPT’s ‘careless introduction’ led to an increase in suicides and murders, including a planned mass shooting, and seeks to hold Altman personally liable for ‘utter disregard for the risk to human life.’
NVIDIA Launches Cosmos 3 for Physical AI
NVIDIA has open-sourced Cosmos 3, a foundation model designed for ‘Physical AI’ (robotics and autonomous vehicles). The model can reason about the physical world and generate physics-plausible videos and action sequences, aiming to bridge the gap between digital reasoning and real-world physical action.
California Moves to Protect ‘Dead’ Video Games
The California Assembly passed the ‘Protect Our Games Act,’ a landmark bill that would require game publishers to provide advance notice before shutting down servers and ensure purchased games remain playable via offline access or community servers. This marks a major U.S. victory for the global ‘Stop Killing Games’ preservation movement.
- https://www.polygon.com/stop-killing-games-us-bill-first-vote-california-senate/
- https://www.pcgamer.com/gaming-industry/the-stop-killing-games-movement-hits-another-major-milestone-as-a-game-preservation-bill-passes-california-state-assembly-vote/
Linux Kernel to Deprecate AF_ALG Due to AI-Driven Vulnerabilities
Linux 7.2 will deprecate the AF_ALG interface, which allows user-space apps to access the kernel’s crypto engine. Kernel maintainers cite a ‘massive attack surface’ that is no longer sustainable as AI/LLM tools have drastically accelerated the rate at which hackers can find and exploit vulnerabilities.
DuckDB Introduces Quack Protocol for Client-Server Architecture
DuckDB has announced the ‘Quack Protocol,’ transforming the traditionally single-process database into a client-server system. This allows multiple clients to query a single DuckDB instance, bridging the gap between its OLAP roots and potential OLTP future, while also introducing integrated vector similarity search (VSS).