Tech_God

⚠️Hackers Used Claude AI to Attack on Water and Drainage Utility Systems Source: https://t.co/d2rS0YabFu Hackers used a commercial AI tool to target the systems of a municipal water and drainage utility. The attack marks one of the earliest known real-world cases where an adversary used AI to identify and attempt to access industrial control systems tied to critical infrastructure. The adversary used Anthropic’s Claude as the primary tool for planning the intrusion, writing malicious code, mapping internal systems, and adapting in real time. OpenAI’s GPT models were also used in a supporting role to process collected data and produce structured intelligence reports. #cybersecuritynews #Calude

NVIDIA JUST TURNED YOUR HOUSE INTO A DATA CENTER Nvidia, PulteGroup, and Span are installing mini data centers on the walls of new homes. Each unit: 16 Blackwell GPUs, 4 AMD EPYC CPUs, 3TB of RAM - powered by your unused home electricity. You get: discounted power bills, free battery backup, optional solar. They get: distributed AI compute at 5x lower cost than a traditional data center - deployed 6x faster. This is the biggest shift in AI infrastructure since the cloud.

‼️ Polymarket, the decentralized prediction market platform, has allegedly been breached, with 300,000+ records and an exploit kit leaked on a popular cybercrime forum. The actor states Polymarket has no bug bounty program and was not notified. ⠀ ‣ Threat Actor: xorcat ‣ Category: Data Leak / Exploit Kit ‣ Victim: Polymarket ‣ Industry: Cryptocurrency / Prediction Markets ⠀ The actor states the data was pulled via undocumented API endpoints, pagination bypass, and CORS misconfiguration on Polymarket's Gamma and CLOB APIs. The pack also includes working POCs for multiple CVEs and an auto-dump script. Date of extraction: 2026-04-27. ⠀ What's in it: ⠀ ▪️ 300,000+ total records ▪️ ~750 MB extracted / ~8.3 MB compressed JSONs ▪️ 10,000 unique user profiles with full PII (name, pseudonym, bio, profile image, proxy wallet, base address) ▪️ 4,111 comments with attached profile objects ▪️ 1,000 report records containing 58 unique ETH addresses + admin_auth_addr indicator ▪️ 48,536 gamma markets with full metadata, condition IDs, token IDs ▪️ 250,000+ active CLOB markets with FPMM addresses ▪️ 292+ events with submitter/resolver ETH addresses and internal usernames ▪️ 100 reward configurations with USDC contract addresses and daily rates ▪️ 9,000 follower profiles with names, pseudonyms, proxy wallets ▪️ Internal user IDs exposed in createdBy/updatedBy fields ⠀ Vulnerabilities included (POCs in ZIP): ⠀ ▪️ CVE-2025-62718: Axios NO_PROXY Bypass (CVSS 9.9, SSRF to internal services) ▪️ CORS Misconfiguration on CLOB API (wildcard origin + credentials=true) ▪️ CVE-2024-51479: Next.js Middleware Auth Bypass (CVSS 7.5) ▪️ CLOB Pagination Validation Bypass (limit=999999 accepted, no rate limiting) ▪️ Unauthenticated /comments/{id} endpoint (brute-forceable, leaks full profiles) ▪️ Unauthenticated /reports endpoint (leaks user activity + admin indicator) ▪️ Unauthenticated /v1/data/followers/{address} (full social graph enumeration) ⠀ Pack contents: ⠀ ▪️ All dumped JSONs (markets, events, profiles, comments, reports, rewards, series) ▪️ 5 working POCs (CORS exploit, Axios SSRF, Next.js bypass, pagination DoS, WebSocket exploit) ▪️ Auto-dump script (continuously pulls fresh data until endpoints are patched) ▪️ Full redteam report with MITRE ATT&CK mapping ▪️ Additional 350MB data dump

Yup, platform activity is surging. There were 1 billion commits in 2025. Now, it's 275 million per week, on pace for 14 billion this year if growth remains linear (spoiler: it won't.) GitHub Actions has grown from 500M minutes/week in 2023 to 1B minutes/week in 2025, and now 2.1B minutes so far this week. So we're pushing incredibly hard on more CPUs, scaling services, and strengthening GitHub’s core features. And as a fine purveyor of hand-crafted shit code for many years, I'm not gonna weigh in on that. 🤣