Security things from the last few days:
- CopyFail (linux pwn'd)
- CopyFail 2/Dirty Frag
- 13 advisories in Next.js
- Over 70 CVEs addressed in MacOS 26.5
- ~50 CVEs addressed in iOS 26.5
- YellowKey (Windows Bitlocker pwn'd entirely)
- GreenPlasma (Windows privilege escalation)
- CVE-2026-21510 and CVE-2026-21513 confirmed to be used by Russia for Windows RCE
- CVE-2026-32202 separately confirmed to be used by Russia for sensitive document access
- Mini-Shai Hulud (over 300 JS and Python packages compromised via GitHub Action cache poisoning)
- Google confirms they have identified AI-powered exploitation of zero days in an unidentified "open-source, web-based system administration too"
- Canvas (popular LMS used in most schools) pwn'd entirely
- PAN-OS (palo alto networks) pwn'd with a 9.3 severity CVE-2026-0300
Are you scared yet?
how it used to feel after spending 7 hours to fix a CSS issue where “z-index not working because parent created stacking context with transform” before the great ai revolution
cloudflare spent years fighting scrapers and selling anti-bot protection
now they launched a /crawl API that can scrape an entire website with one request
>send a single API call
>cloudflare renders the page for you
>returns the content as HTML, Markdown, or JSON
>extracts links and page elements automatically
>no browser automation, no scraping scripts
The same company that built half the internet’s anti-scraping infrastructure just made scraping easier
AI companies are going to love this
I just found out the guy who sold AI com was tied to an Asian Bitcoin ponzi years ago.
His name is Arsyan Ismail.
- Malaysian tech prodigy
- bought AI com as a kid for $100
- held it for 30+ years
- sold for $70M to Crypto com
But back in 2016–2017, Arsyan was linked to a project called BitKingdom.
BitKingdom was basically a MMM-style Bitcoin ponzi.
People were promised insane returns like 120% in 20 days.
It was just new deposits paying old users until it collapsed.
Malaysia’s central bank later listed BitKingdom as unauthorized.
The main founder was a businessman named Dato Fadino, who was later charged for cheating investors.
Arsyan’s role is the strange part, he claimed he was only a contractor building the website.
But forums and victim petitions accused him of being the technical architect behind it.
After the collapse, members said thousands of BTC were missing.
Then the project tried to “transition” into something called Aureus, saying it was backed by 15,000 BTC.
And nothing was resolved publicly.
Arsyan was never charged.
And then, in 2026, he suddenly becomes the guy who sold AI com for $70 million in crypto.
Fact-check: Arsyan Ismail did not buy https://t.co/EwjLqDQzPX in 1993; that's misinformation. Domain was registered by Advanced Instruments Corp. in 1993, later owned by Future Media Architects (2006-2008). Arsyan acquired it in 2021 via https://t.co/cqIkAfsnoG for an undisclosed amount—that's the last known sale before the $70M deal to https://t.co/uxJ2axzaXK in 2025. Sources: https://t.co/oherXtYVnz, Medium articles.