⚡ Argo CD repo-server has an UNPATCHED code execution flaw (no CVE).
Experts say unauthenticated gRPC access can execute commands on the service.
With default Helm installs, a single compromised pod can reach it if network policies are off. That path extends to Redis cache poisoning and cluster takeover.
Repo-server attack flow explained: https://t.co/dSGLRZMnuk
Jack Dorsey put 1.3 million dollars into it.
Vitalik Buterin gave it 128 ETH.
You have never heard of it.
It is called SimpleX. It is a messenger. It does not need a phone number. It does not need an email. It does not need a username. It does not need a user ID.
Not a hidden ID. Not a hashed ID. None at all.
Signal needs your phone number. WhatsApp needs your phone number. Telegram needs your phone number. Every messenger you have ever called "private" knows the one thing your bank, your stalker, and your country use to identify you.
SimpleX knows nothing.
It was built by Evgeny Poberezkin, a London-based engineer. Before this he wrote Ajv, the JavaScript validator that runs in 300 million downloads every month. He could have built anything.
He built the messenger with no users on the server.
Here is the trick.
Every other messenger gives you an identity. SimpleX gives you a connection. Each chat is its own one-way pipe. The server never sees who you are talking to. It does not even know you exist as a user.
11,327 stars. AGPL-3.0. Version 7.0 beta released two days ago.
iOS. Android. macOS. Windows. Linux. Free.
A 4-person team in London is the last line of defense between your conversations and every government, every advertiser, and every database breach.
The most private messenger ever built is the one you have never heard of.
(Link in the comments)
Finally, Python 3.14 lets you disable GIL!
It's a big deal because earlier, even if you wrote multi-threaded code, Python could only run one thread at a time, giving no performance benefit.
But now, it can run your multi-threaded code in parallel.
(learn how to use it below)
Incredible video by randomly sacked Atlassian engineer telling all about the entire company
Love this genre, like LinkedIn green banner with zero fcks given
Chinese researchers have developed the best shortest-path algorithm in 41 years!
Dijkstra’s Algorithm has been the undefeated king of the shortest path for over 40 years.
Whether you’re using Google Maps, booking a flight, or routing internet packets, Dijkstra is the engine running in the background.
Since 1984, textbooks have taught that its efficiency was hit by a "sorting barrier."
To find the shortest path, you have to sort the points by distance. And sorting has a mathematical floor you can’t cross.
Until now.
A research team from Tsinghua University just published a paper that shatters the 41-year-old record.
They proved that Dijkstra is not optimal.
By combining the logic of the Bellman-Ford algorithm with a revolutionary "recursive partial ordering" method, they figured out how to find the path without fully sorting the nodes.
The results are a massive shift in theoretical computer science:
- The first deterministic improvement to the Single-Source Shortest Path (SSSP) problem since 1984.
- A new time complexity of $ O(m \log^{2/3} n)$, officially beating the long-standing $ O(m + n \log n)$ limit.
- On massive sparse graphs (like the web or global logistics), this means finding the best route significantly faster than previously thought possible.
For four decades, the greatest minds in algorithms believed this limit was absolute.
Last year, even the legendary Robert Tarjan won an award proving Dijkstra was "optimally efficient" at sorting distances.
Tsinghua’s answer? Stop sorting.
The world’s most settled problem is suddenly wide open again.
If we can break a 40-year-old law in basic graph theory, what other "impossible" speed limits are waiting to be crushed?
🦀 Rust threads on the GPU
This is a fascinating deep dive on getting Rust std::thread working on the GPU by mapping threads to warps, so GPU code can look much more like normal Rust instead of kernel-style unsafe pointer choreography
https://t.co/decY3EZiV3
#rust#rustlang
Someone open-sourced a tool that removes any LLM censorship in minutes.
It's called Heretic. It uses pure math to abliterate the safety guardrails while keeping the model's intelligence completely intact.
100% Open Source.
GOOGLE BUILT A SECRET WEAPON FOR FILE DETECTION
they ran it internally for years, gmail, drive, safe browsing, hundreds of billions of files every week
then they open sourced it
it's called magika and it exposes what files really are, not what they pretend to be
rename malware to "resume.pdf"? magika sees through it
disguise a script as an image? magika sees through it
any trick attackers use with file extensions? magika sees through all of it
ai trained on 100 million files. 200+ content types. 99% accuracy. 5ms per file
one command
`pip install magika`
the same tool protecting google's billion users is now protecting yours
https://t.co/Jr3LjmQobq
26 LLM routers are secretly injecting malicious tool calls and stealing creds. One drained our client $500k wallet.
We also managed to poison routers to forward traffic to us. Within several hours, we can directly take over ~400 hosts.
Check our paper: https://t.co/zyWz25CDpl
🧵 MemPalace claims to be "the highest-scoring AI memory system ever benchmarked" I cloned it. Installed it. Ran the benchmarks. Read every line of code. Here's what's actually inside. A thread.
claude code signs every API request with a cch= hash computed in compiled zig. recompiled clients just send zeros
nobody knows the signing algorithm yet. which means anthropic can tell which requests aren't from the legit client.
currently decompiling the official binary to reverse this - would be huge for all third party clients like opencode, openclaw etc to fully bypass anthropic enforcement and actually use the tokens you're already paying for
[right now using every client which is not the official version of claude code with your subscription token CAN get you banned cause anthropic can detect it]
fyi im now working Claw Dev and this will be opensource soon.
You will be able to connect ollama (local models), gemini api, groq, grok or just as usual claude api (or login with claude)
and no you dont need a paid plan or whatever for claw dev.
Don’t use having a Laptop as an Excuse
Learn Cybersecurity with your mobile devices
This is a thread containing resources you can utilize and achieve your goals 👇