Jelli

Hermes agent just left the terminal. 𝗛𝗲𝗿𝗺𝗲𝘀 𝗗𝗲𝘀𝗸𝘁𝗼𝗽 dropped yesterday. native app for macOS, Windows, and Linux. for months Hermes was the agent that learned your projects, wrote its own skills, and built a model of who you are. all of it buried in terminal logs. now it has a window. the important part is that it's not a wrapper. it runs the same agent core, the same sessions, memory, and skills as the CLI. you can start a task in the terminal and finish it in the app without anything resetting. the state is shared across every interface, not copied between them. what the GUI actually adds: → streaming chat that shows live tool calls and inline reasoning instead of a spinner → a preview rail that renders pages, code, and images right beside the conversation → an artifacts panel that collects every file the agent has ever produced → remote gateway mode, so you can point the app at a VPS and run the heavy work elsewhere → skills, cron, profiles, and gateways managed point-and-click instead of through YAML → voice mode, drag-drop files, and inline image generation remote gateway mode is the one worth slowing down on. the agent runs 24/7 on a $5 server while you control it from your laptop like a local app. other agent UIs are chatboxes with a logo. this one shows the autonomy instead of hiding it, so you watch the skills load, the tools fire, and the artifacts pile up as it works. it was teased in Jensen's GTC keynote. MIT licensed, local-first, no telemetry. if you already run Hermes, download it and everything is already there. your chats, memory, and skills carry straight over. i wrote a full masterclass on Hermes Agent that walks through the SOUL. md identity layer, the three-tier memory system, the self-evolving skills loop, and how to run three specialized agents 24/7. desktop is the interface that finally does all of it justice. the article is quoted below.

Just want to make this clear: We didn't make Hermes Agent to be a "starts with nothing, you work it all out" agent. This is not the minimalist, start from nothing, agent. We want Hermes to work out of the box for most people. So you aren't spending weeks just getting the agent to work, or have the capabilities you need. This means that yes, there are more built in things then something like nanoclaw or pi, which start with nothing, and you just have to figure it out. That is an intentional design decision. You can from the modest baseline that has capabilities that are likely broader than you need, but not egregious, take it from there if you want to tinker with it. Run `hermes skills config` or `hermes tools` to disable whatever you want. We even have a way to upload your whole "Agent" as a github repo, so you can install hermes fresh with your exact setup again later or share them. We have a massive interface for extensions so you can tinker with it to infinity. But if you don't want to become an agent engineer - with Hermes, you don't have to.

Cursor is making a platform play. Right now they're an IDE. By releasing the SDK, they're turning their agent runtime into programmable infrastructure that runs headlessly in CI/CD pipelines, internal tools, and even third-party products. Every agent spun up through the SDK burns tokens on Cursor's billing. That means revenue scales with compute, not seats, and without a human in the loop, volume can go way higher. Smart move!

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

MEXC sitting on $260m in USDC/USDe debt on aave v3 at 1.01 health factor. $110k daily interest accrual. health factor decays ~0.04% every 24 hours with no action. that's 6-8 days until forced liquidation if ETH doesn't move up and they don't add collateral. $260m in ETH/wBTC collateral hitting the market in a cascading liquidation is the next black swan everyone can see coming on-chain in real time. the kelp exploit was round one

🚨 BREAKING: Never pay for clipping tools again! Someone built fully AI powered tool that just destroyed the $49/month clipping industry > Clip any YouTube or local videos > No watermarks, no limits, self-hosted > Can even plug in Claude or any AI model 100% free & open source.

chaos labs is paid $2.4m/year as aave's risk manager and never once checked that rsETH was running a 1/1 DVN config on layerzero before approving it at 75% LTV. that single oversight enabled $236m in bad debt. they just lost the compound contract to gauntlet. 68% of aave governance is calling for their review or replacement. aave v4 launches april 30 with a new collateral framework that will likely make $4-6b in current bridged assets ineligible unless protocols prove 3/5 DVN minimum. that's a forced deleveraging event 11 days out. the risk managers had zero skin in the game, zero financial liability, zero incentive to dig deeper than a peckshield audit and a chainlink oracle check. bridge security wasn't even on the checklist. you need to go read the getAppConfig() on every bridged token you're lending against right now because clearly nobody else did

the kelp rsETH post-mortem is wild lazarus (dprk) compromised two rpc nodes that layerzero dvn was relying on. swapped the op-geth binaries. wrote a custom payload that forged messages *only when the dvn queried* - every other IP, including monitoring, saw clean truthful data. then they DDoS'd the healthy RPCs to force failover onto the poisoned ones. drained $290M. self-destructed the malicious binaries to erase tracks. they targeted rsETH because kelp ran a 1-of-1 DVN config with layerzero as sole verifier

"so you staked your ETH on the Ethereum blockchain to earn yield?" "yes, Dave" "except you didn't want your capital to be locked up so you actually staked it with a liquid staking protocol called Lido?" "that's correct, Dave" "and Lido gave you a liquid staking receipt token called stETH in return?" "yes, Dave" "and then you didn't think that was enough, so you juiced the yield even further by depositing your stETH receipt tokens into a restaking protocol called Eigenlayer?" "you are correct, Dave" "and now you didn't want to lock up your capital, so you actually restaked with a liquid restaking protocol called KelpDAO who provided you with a liquid restaking receipt token called rsETH?" "you got it, Dave" "and then that was surely not enough juice, so you then deposited your rsETH tokens into a lending protocol called AAVE so that you could open a leveraged looping position that borrows ETH against the rsETH collateral and restakes the ETH into rsETH which is then deposited as collateral, except it turns out rsETH used a cross-chain bridge called LayerZero whose security is held together by a 1/1 toothpick, which was obviously hacked by north koreans causing rsETH to become undercollateralized and now these looping positions are stuck and unprofitable, and everyone is pointing fingers at each other, and also DeFi is a very serious industry" "you are 100% correct, dave" jfc.

⚠️ALERT: $AAVE is now down -19% today after a $292M Kelp DAO rsETH exploit triggered a full-blown liquidity crisis. Aave's ETH pool just hit 100% utilization. That means one thing: there's almost no ETH left to withdraw. Here's what happened: Attacker drained 116,500 rsETH ($292M) from Kelp DAO's LayerZero bridge He then deposited the stolen rsETH as collateral on Aave V3 to borrow ~$236M in WETH. Because the rsETH is now unbacked, those positions are unliquidatable. Aave is now stuck with ~$280M in bad debt it cannot recover. Panic withdrawals have followed: $5.4 BILLION in $ETH outflows, with Justin Sun pulling 65,584 ETH ($154M) alone. ETH utilization has maxed out at 100%, which means there's almost no ETH left to withdraw. This is the FIRST real-world test of Aave's Umbrella safety module & the BIGGEST DeFi exploit of 2026. This is a developing story.

🚨🚨 UPDATE: CoW Swap experienced a DNS hijacking at 14:54 UTC (approximately 90 minutes ago). The CoW Protocol backend and APIs were not impacted, but we have paused them temporarily as a precaution. We are now actively working to resolve the situation. Please continue to refrain from using swap dot cow dot fi until we confirm that it is safe to use.