Florian Roth ⚡️

Compromised npm packages ([email protected], [email protected]) are abusing Hugging Face repos as exfiltration infrastructure. The packages deploy a remote access trojan (RAT) that captures keystrokes, screenshots, and crypto wallet credentials. Indicators of compromise (IOCs): - npm user: hexalpha10 / author: toskypi - 195.201.194[.]107:8010 (WebSocket C2) - c2-toskypi.onrender[.]com (HTTP C2) - huggingface[.]co/api (exfiltration endpoint) - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MicrosoftSystem64 (persistence) - MicrosoftSystem64.service (Linux systemd persistence) - \MicrosoftSystem64 (Windows scheduled task) - MicrosoftSystem64/payload.js (payload directory) Defenders: treat unexpected huggingface[.]co/api calls from non-ML workloads as suspicious.

Block High Risk AI Agents in Microsoft 365! So many AI Agents are available to use in your Microsoft tenant without you even knowing. More and more agents are becoming available, and this trend will continue. The first thing you should do is block the high-risk AI agents from accessing your organization's resources. Read more: https://t.co/6ixle7ED96 #Microsoft365 #EntraID #Cybersecurity

Yeah, so pretty much this guy is releasing an exploit in solidarity with Nightmare Eclipse guy. He said he notified GitHub about the exploit 60 minutes before releasing this paper. I don't do web stuff, and I'm not a VSCode nerd, so I'm confused by the underlying technologies. If you're a stinky GitHub and VSCode nerd maybe you'll understand. tl;dr click github dev, github dev opens editor, in github dev editor have javascript, javascript does shortcuts automatically. github treats javascript shortcuts as real human input, or something. use javascript shortcut stuff to automatically install vscode extension. the vscode extension steals your data tl;dr tl;dr user clicks 1 link, 1 click steals all data from your github https://t.co/uh17usZeEH

🚨 Google Quantum result was just rediscovered and IMPROVED! On March 31, 2026, Google Quantum AI published a paper showing that 256-bit ECDLP, the hard problem behind ECDSA and therefore behind Bitcoin, Ethereum, TLS, and most of the world's authentication, can be solved with fewer than 1,200 logical qubits and ~90M Toffoli gates. Under 20 minutes on ~500,000 physical qubits. BUT, they didn't publish the circuits. They published a zero-knowledge proof that the circuits hit those numbers. The standard read at the time: clever responsible disclosure, elegant. Two months later, that read needs an update. Two things happened, in opposite directions. 1. The ZKP wasn't a stylistic choice. Google was stopped from publishing. What was speculation in April is no longer. Google did not choose to keep the circuits private. The U.S. government prevented publication. The blog post phrased it politely ("we engaged with the U.S. government"). Call it what it is: diplomatic cover for a publication block. This is the line Scott Aaronson warned about. At some point, the people estimating the resources needed to break deployed cryptosystems would stop publishing. We just watched it happen, and the actor enforcing the silence isn't Google's PR team. It's a government. 2. The ZKP turned out to be a reward function. AI used it. Here's the part that's almost funny. A ZK proof that "this hidden circuit achieves these resource counts" is, when you flip it, a public verifier of any candidate circuit. Submit a circuit, get back: does it compute ECC point addition correctly, and at what cost. Pass/fail plus a number. That is exactly the shape of a reinforcement-learning reward function. The ZKP was designed to hide the attack. What it actually published is the reward function for rediscovering it. The research community wired the verifier into an automated AI-driven search loop. They reproduced Google's numbers. Then they improved them by 11.5%. Two months, from outside Google, no access to the circuits, using the very artifact Google released to keep them proprietary. Both of these are true at once. Hiding the circuits worked: nobody outside Google has Google's exact circuits. And hiding the circuits did not slow the frontier; it changed who is doing the search, and arguably accelerated it, because the verifier industrialized the search loop. Let's NOT PANIC! Neither of these is a working CRQC. There is still no quantum computer that can run this circuit. The headline state of the world has not changed. What has changed is the honesty of every public PQC timeline. Cryptography exists to create mathematical trust in the security of systems. Trust isn't broken when an attack runs. It is eroded when the foundation looks thinner than the public record suggests, and the public record is now demonstrably thinner than reality in two ways: by classification on one end, by AI-driven re-derivation on the other. In security, the moment you start doubting the foundation is the moment you start rebuilding it. Not the moment you panic. The moment you plan. This isn't a moment to rush. It's a moment to commit to a migration plan and execute against it, knowing the threat model is shaped by what governments are willing to classify, not by what researchers are allowed to publish. Stay safe. Stay honest about your trust assumptions.

Another supply-chain compromise worm. Multiple packages in the official Red Hat redhat-cloud-services npm scope were compromised in a supply-chain attack distributing a credential-stealing worm. Affected packages added a preinstall hook that ran a script. The malware harvested npm, GitHub, AWS, Azure, GCP, Vault, Kubernetes, SSH, CI/CD, and local secrets, then attempted to propagate by abusing stolen credentials to publish additional malicious packages and modify repositories. Any environment that installed affected versions should be treated as compromised. https://t.co/gGXcaHySOV https://t.co/4D4qa7M1uc

🦔GitHub Copilot switched to token-based billing this morning and users are already out of credits. Pro+ subscribers paying $39 a month are reporting 60% of their credits gone in two hours of normal use. One user lost 20% of their allowance from a single file review with no code changes. Another hit their monthly cap before the calendar even flipped to June. Orgs with shared token pools have no way to see individual usage, so entire teams get cut off when one person runs a heavy prompt. Users are canceling and moving to Claude Code and Codex. GitHub community forums are on fire. My Take Flat-rate AI subscriptions were always subsidized. Everyone in the industry knew it. Today the subsidy ran out for a few million developers at once. The problem is a lot of companies already restructured around these tools. They cut headcount and told remaining engineers to lean on Copilot instead of building skills internally. Those companies now depend on a tool whose cost just became unpredictable and whose usefulness completely changes when you have to ration prompts to stay under budget. The developers moving to Claude Code and Codex will hit the same wall eventually. Every AI provider faces the same unit economics. Anthropic filed its S-1 this morning, and the durability of its revenue depends on whether customers stick around once real pricing kicks in everywhere. If a $39 subscriber cancels after one day because the tool became unusable, multiply that across millions of seats and the churn risk becomes very real. Today showed what happens when AI pricing meets reality. The companies that built their workflows around cheap tokens just discovered the tokens aren't cheap anymore and the people who knew how to do the work without them are already gone. Hedgie🤗