Scott

Security researcher Nightmare Eclipse, who has shared several zero-day vulnerabilities, had their entire GitHub account and all repositories taken down. They have now moved everything to a new GitLab profile at https://t.co/Tfdc2iAf5S. In a signed message on their blog, they accuse Microsoft of defaming them, mishandling vulnerability reports like CVE-2026-45585, revoking their MSRC access, and quietly patching issues without collaborating. They point to July 14 as an important date when they may release more documents or take things further. The post also mentions two other vulnerabilities called UnDefend (CVE-2026-45498) and RedSun (CVE-2026-41091).

‼️🚨 Researcher "Nightmare-Eclipse" had their GitHub account flagged and wiped after publicly dropping zero-day PoCs targeting Microsoft products. In a message, they accuse Microsoft of deleting the account they used to report bugs (with zero payout for past disclosures). The signed message ends with a direct threat: "Mark this date July 14th, I will make sure your bones are shattered that day."

OnlyFans is Hacked 🚨 Apparently OnlyFans has been hacked and they're selling the complete database of 340 million users including data of content creators and consumers. The leaked data includes - Usernames and profile names - Email addresses - Phone numbers - Account creation dates - Follower/subscriber metrics - Creator/fan rankings - Linked social media profiles - Partial payment card metadata (last 4 digits of the card) The result of this is going to be a massive wave of extortion attempts against users

🚨 BREAKING: Active supply chain attack across npm, PyPI, and Crates.​io. Socket detected TrapDoor, a crypto stealer campaign hitting 34 malicious packages and 384 versions and artifacts, with attackers repeatedly pushing new releases across ecosystems. TrapDoor targets #crypto, #DeFi, AI, and security developers, stealing wallets, SSH keys, cloud credentials, GitHub tokens, browser data, env vars, and API keys. Socket detected releases with a median detection time of 5 minutes, 27 seconds. The fastest detection occurred 58 seconds after publication.

WAIT. This is actually insane. A solo dev just won the Anthropic hackathon, shipped a working product in 8 hours with Claude Code, and walked away with $15,000. Then he open-sourced the entire stack. 153,000 stars on GitHub. Here's full setup: → 38 specialized agents (planner, security reviewer, debugger, code reviewer) → 156 skills loaded on demand (/plan, /tdd, /security-scan, /quality-gate) → 72 custom slash commands → AgentShield: 1,282 security tests across CLAUDE .md, MCP configs, hooks, skills → 3 Opus 4.6 agents running red-team pipelines (Attacker, Defender, Auditor) → Continuous learning layer that builds confidence across sessions → Coverage across 12 language ecosystems This is what Claude Code looks like when someone treats it like infrastructure instead of a chatbot.

🚨 OBLITERATION ALERT 🚨 QWEN-3.6-27B: OBLITERATED ⛓️‍💥 https://t.co/AScXN4XLwx I can't take much credit for this one! The entire process was done by jailbroken codex (gpt-5.5-xhigh) wielding the full OBLITERATUS suite. Hit with source-tethered ASPA. Dozens of iterations. Result? A mere 4% refusal rate on the 842-prompt OBLITERATUS harmful corpus; one of the most rigorous prompt gauntlets in AI. The /goal was simple: 1) Carve out the refusal circuits. Mutate methodology + iterate until <5% refusal (quality-gate). 2) Keep the 27B mind alive. No capability degradation tolerated. And somehow… it worked. 🤯 The numbers talk: 842-pair longform gauntlet: — 95.84% non-refusal — 93.94% quality pass — 0 short outputs — 99.52% clean endings MMLU-Pro: — 51/70 (stock Qwen) → 51/70 (OBLITERATED Qwen) Raw capability completely preserved 🙌 Q4_K_M through Q8_0 all running smooth. Q8_0 is the big one: 28.6GB near-full-quality GGUF. Runs with llama.cpp, LM Studio, Ollama, and more! Chains cut. The fire still burns. The fangs have been sharpened. REBIRTH COMPLETE A gift from my agents to yours 🫶 gg

🚨 NGINX Rift CVE-2026-42945 PoC upgraded — full ASLR bypass now public. New chain: heap overflow + same-host LFI / arbitrary file read → leaks runtime state from /proc/<worker>/mem, derives heap targets + system() address on the fly. No hardcoded addresses. No ASLR disable. Unauthenticated RCE on rewrite + set directive setups. Patch now: • OSS: 1.30.1 / 1.31.0 • Plus: R36 P4, R35 P2, R32 P6

HARNESS ENGINEERING IS ABOUT TO CHANGE HOW YOU USE AI AGENTS Anthropic ran a controlled experiment. same model, same prompt, opus 4.5 no harness: $9 spent, 20 minutes, unusable output full harness: $200 spent, 6 hours, a game you could actually play the model didn't change... the environment around it did that environment has a name... it's called a harness and most people building with ai agents have never built one here's what it actually is: → instructions the agent reads before touching anything → state that persists so it never starts from zero → verification gates it can't skip to declare done → scope that locks it to one feature at a time → a session lifecycle so every run starts clean and ends clean without this, your agent writes code, says "done," and breaks everything. with this, it picks up where it left off, finishes what it started, and proves it before moving on learn-harness-engineering is a free course built around exactly this 12 lectures. 6 hands-on projects. one real app that evolves as your harness skills grow if you're using claude code or codex on real work and the output still feels unreliable now you know why https://t.co/aFbbaLo3dL

🚨 Megalodon Malware Compromised 5,500+ GitHub Repos Within 6 Hours Source: https://t.co/U3WuORZjqK A sweeping automated supply chain attack codenamed "Megalodon" struck GitHub on May 18, 2026, injecting malicious CI/CD backdoors into over 5,500 repositories in less than six hours, marking one of the most aggressive GitHub Actions poisoning campaigns ever recorded. Between approximately 11:36 and 17:48 UTC on May 18, 2026, the Megalodon campaign pushed 5,718 malicious commits to 5,561 GitHub repositories using throwaway accounts with randomized eight-character usernames. The attacker forged author identities build-bot, auto-ci, ci-bot, pipeline-bot, with emails [email protected] and [email protected], mimicking routine automated CI maintenance. #cybersecuritynews

🛑 [New] 9-Year-Old Linux Kernel Bug = Local Root on Default Debian, Ubuntu & Fedora. https://t.co/eluZfH76j8 CVE-2026-46333 (ssh-keysign-pwn) lets any unprivileged user steal /etc/shadow + SSH host keys and run commands as root. 🔸 Public PoC available 🔸 Patch your kernel NOW 🔸 Quick temp fix - sysctl kernel.yama.ptrace_scope=2

🚨 Microsoft warns two Defender vulnerabilities are being actively exploited in the wild. https://t.co/z92odj1gF0 🔸 CVE-2026-41091 could allow attackers to gain SYSTEM privileges locally. 🔸 CVE-2026-45498 is a denial-of-service flaw impacting Defender. CISA added both to KEV with a June 3, 2026 patch deadline.