Ali 🇦🇺

Humanity, created by God in all its grandeur, is today facing a pivotal choice: either to construct a new Tower of Babel or to build the city in which God and humanity dwell together. In Jesus Christ, this humanity in its grandeur becomes the Way, the Truth and the Life, opening the path for each of us to grow toward fullness. #MagnificaHumanitas https://t.co/6i9MWs6LJl

🦔Microsoft canceled its internal Claude Code licenses this week after token-based billing made the cost untenable, even for a company with effectively infinite cloud resources. Uber's CTO sent an internal memo warning the company burned through its entire 2026 AI budget in just four months. American AI software prices have jumped 20% to 37%, and GitHub (owned by Microsoft) is dropping flat-rate plans for usage-based billing across its products. My Take The AI subsidy era is ending in real time. The same company that put $13 billion into OpenAI and built the Azure infrastructure powering most of Anthropic's compute just looked at the bill from a competitor's coding tool and decided it was not worth paying. That is not a productivity failure on Anthropic's end. Token-based pricing is forcing every enterprise customer to confront the actual cost of running these models at scale, and the number turns out to be far higher than the flat-rate experiments suggested. This ties directly to my Gemini Flash post yesterday. Anthropic, OpenAI, and Google all raised effective prices in the last six months. Enterprises that built workflows assuming AI costs would keep falling are now watching annual budgets evaporate in months. Two outcomes look likely from here. Either enterprises scale back AI usage to fit budgets, which slows the revenue ramp the labs need to justify their valuations ahead of IPOs, or the labs cut prices and absorb the losses, which makes the unit economics worse at exactly the wrong moment. Both paths land in the same place, the numbers stop working, and somebody has to take the writedown. Hedgie🤗

🚨Data Breach Alert ‼️ 𝗧𝗲𝗮𝗺𝗣𝗖𝗣 𝗖𝗹𝗮𝗶𝗺𝘀 𝗦𝗮𝗹𝗲 𝗼𝗳 𝗚𝗶𝘁𝗛𝘂𝗯 𝗜𝗻𝘁𝗲𝗿𝗻𝗮𝗹 𝗦𝗼𝘂𝗿𝗰𝗲 𝗖𝗼𝗱𝗲 TeamPCP hacking group claimed the compromise and sale of GitHub internal data, allegedly including around 4,000 private repositories containing source code related to GitHub’s main platform and internal organizations. Threat actor: TeamPCP Sector: ICT Data exposure (claimed): Approximately 4,000 private repositories Data type: Source code Observed: May 19, 2026 Status: Pending verification ESIX©: 7.96 Full details and impact assessment on https://t.co/eB7qgxKFAa

‼️🚨 Microsoft has patched a critical Windows DNS Client remote code execution vulnerability that allows an unauthorized attacker to execute code over a network. All it takes is a malicious DNS response. The vulnerability is tracked as CVE-2026-41096 with a CVSS score of 9.8. It is a heap-based buffer overflow in dnsapi.dll, the Windows component that processes DNS answers on every machine. To trigger it, an attacker needs a position where they can influence DNS responses: a rogue DNS server, a poisoned resolver, a compromised router, hostile WiFi, or a man-in-the-middle placement. That puts ordinary Windows DNS activity in the blast radius. Browsers, VPN clients, enterprise apps, update checks, and background services constantly ask DNS where to connect. The vulnerable processing sits in the Windows DNS Client path, not an edge-facing server product. Microsoft assessed exploitation as "less likely," and Rapid7 lists the issue as not publicly disclosed and not known to be exploited at release. On the contrary, a 9.8 unauthenticated network RCE in DNS client handling is exactly the kind of bug defenders should assume will be reverse-engineered quickly. Defenders should: - Deploy the May 2026 cumulative updates and confirm coverage across endpoints and servers - Restrict DNS traffic to trusted resolvers where possible - Monitor Dnscache and svchost.exe for abnormal child processes or unexpected outbound activity - Treat public WiFi and untrusted resolver paths as higher-risk until patching is complete

‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you. The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads. The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate. Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.