Liam

⚠️Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access Source: https://t.co/2a2EwBz82h Five zero-day flaws in OpenClaw allowed attackers to bypass trust boundaries and hijack AI agent access across multiple messaging platforms. OpenClaw, which integrates AI agents with services such as Slack, Discord, Microsoft Teams, Matrix, and Telegram, relies heavily on user-defined allowlists to determine who can interact with an agent. This trust model assumes that only explicitly approved identities can issue commands to agents that may have access to sensitive data, internal APIs, or system-level execution capabilities. The vulnerabilities stem from a recurring design flaw in which human-readable identifiers, such as display names, are resolved to stable user IDs during service initialization. #cybersecuritynews

Amazon built an AI leaderboard to push employees to use more AI. Employees ran AI agents all day doing nothing just to climb the rankings. Amazon called it “tokenmaxxing.” Costs exploded. Meta did the exact same thing. They gave their leaderboard titles like “Immortal” and “Token Legend.” 85,000 employees competed to waste the most tokens. Amazon is spending $200 billion on AI this year. Their own senior VP had to tell staff to stop using it. What an incredible week.

CEOs are quietly realizing the AI replacement plan has a problem. Two problems, actually. One: the token costs for running AI agents are now exceeding what they were paying the employees they fired. Two: when the tokens run out, the AI stops. Just stops. No continuity. No workaround. Just a spinning wheel where your workforce used to be. You fired humans to save money and bought a subscription that bills you into a corner. The employees you let go knew what to do when things broke. The AI just invoices you for the outage. And then there’s the permission problem nobody wants to talk about. To do its job, the AI agent needs access. Full access. Your systems, your patents, your contracts, your future plans. Everything you spent years building, handed over to a process that has no loyalty, no discretion, and no skin in the game. You didn’t hire a replacement. You gave a stranger with no soul the keys to everything you own. Enjoy.

CVE-2026-44578  ⚠️ Next.js – WebSocket Upgrade SSRF (CVSS 8.6)  A server-side request forgery vulnerability in Next.js allows unauthenticated attackers to force self-hosted instances to make internal HTTP requests via the WebSocket upgrade handler.  By sending a crafted absolute-form HTTP request with Upgrade: websocket headers, attackers can access internal services, cloud metadata endpoints, admin panels, and internal APIs reachable from the Next.js server on port 80. Successful exploitation may expose cloud credentials, API keys, secrets, and configuration data.  Affected: Next.js 13.4.13+, 14.x, 15.x <15.5.16, 16.0.0–16.2.4  Mitigation: Upgrade immediately to 15.5.16 or 16.2.5.   Modat Magnify Query:  technology="Next.js"  The platform:  https://t.co/qJfEh7giE9  #threatintel #vulnerability #CVE202644578 #Nextjs #SSRF #WebSocket #CloudSecurity #infosec #Critical #ModatMagnify

This is WILD. A secret workplace war just broke out in China and it has gone fully viral on GitHub. Companies started ordering their workers to document all their knowledge as AI "skill files." Why? to replace those same workers with AI but workers figured out the plan fast so they fired back. Someone built a tool called colleague.skill, software that scrapes a coworker's chat logs, emails, and work docs from Chinese platforms like Feishu and DingTalk, then clones them into an AI agent. The idea was savage, digitize your colleague before they digitize you, hand the AI clone to the company, and watch your coworker get laid off while you survive. A real GitHub project that exploded in popularity in days but then someone else entered the chat and changed everything. A developer released anti-distill.skill, a tool that takes the skill file your company forces you to write, then strips out every piece of real knowledge before you hand it in. The output looks perfectly professional, totally complete, impressively detailed but every critical insight has been secretly removed. Your company gets a hollow shell while you keep the real knowledge locked away in a private backup. The tool even has three intensity levels, light, medium, and heavy depending on how closely your bosses are watching. Companies across China have been building AI digital twins of departed employees, feeding their old chat histories and documents into large models to produce clones that keep working after the humans are gone. One verified case is that an employee left, and their replacement was literally an AI trained on every message they ever sent. The anti-distill tool went viral on GitHub within hours of being posted, racking up stars faster than almost anything trending that week. The implications reach far beyond China's borders. Every knowledge worker on earth now faces a version of this question, when your company asks you to document your process, they may be building the tools to replace you.

There will be no “jobs apocalypse” due to AI — but there will be job chaos. Our 2025 AI Job Impacts Analysis found that starting in 2028-2029, AI will create more jobs than it eliminates. Yet, each year, over 32 million jobs will be significantly transformed. Explore and plan for the four scenarios for human workers in the age of AI: https://t.co/bt8JM0jCNI #AI #Jobs #ArtificialIntelligence

The “Vibe Coding” honeymoon is officially OVER. For a while, it felt magical. Prompt in, product out. No deep context, no architecture, no trade-offs. Just vibes. But reality is catching up: • Systems still need to scale
• Edge cases still exist
• Debugging still hurts
• And someone still has to own the code AI didn’t replace engineering, it amplified the gap between people who understand systems and people who don’t. “Vibe coding” is great for getting started.
But shipping real, reliable software? That still requires thinking. The engineers who win won’t be the ones who vibe the fastest - they’ll be the ones who understand what the vibe produced.

I have kids. I work in AI every day. And honestly? I have no idea what their careers will look like in 15 years. But I know what will carry them through. First, and this might sound unromantic: make money and save it for them. We can debate educational philosophy all day, but the world is changing so fast that financial security might be the most practical gift we can give. Buy some gold bars. Seriously. Second, nurture their imagination. AI rewards people with initiative and wild ideas. The kid who daydreams, who asks weird questions, who wants to try ten things at once? That kid will thrive. AI can execute. AI can be disciplined. What AI can't do is dream up something nobody's thought of before. Third, build resilience. There are no more iron rice bowls (guaranteed lifetime jobs). Any stable, predictable job is exactly the kind of job AI will learn to replace. Our kids will likely switch directions many times in their lives. Learn something new, get replaced, pivot, repeat. It's more like being a hunter than a farmer. Schools don't teach this. Schools teach you to follow a linear path: high school, college, grad school, stable job. That linear path is becoming the most dangerous one. Last, invest in their ability to connect with other humans. Not networking. Not schmoozing. Real emotional connection. Building trust, offering support, making people feel seen. As AI handles more of the rational, analytical work, the human ability to genuinely relate to other humans becomes more rare and more valuable. I don't have all the answers. But I know that imagination, resilience, and genuine human warmth aren't going out of style anytime soon. #AI #Parenting #Education #FutureOfWork

Jensen Huang just explained why every company cutting engineers over AI is asking the entirely wrong question. Huang: “People say, I don’t need software engineers because apparently coding is going to be automated.” That was the narrative. Here is what Huang actually did. Huang: “I’ve given AIs to every one of my software engineers and hardware engineers and engineers period. 100% of NVIDIA has AI assistants, AI coders, and they’re busier than ever.” Not fewer engineers. Not smaller teams. Busier than ever. That is the line most companies are getting completely wrong right now. They hear “AI can write code” and immediately start cutting headcount. Huang did the opposite. He armed everyone. Huang: “And so the question is, what is the task versus what is the job? No different than a financial analyst; the task is mess around with spreadsheets, but the job is to make financial advice. The job is to help a customer.” Writing code was always the task. It was never the job. The job is architecture. Knowing what to build. Why it matters. How it fits into a system that actually creates value. Code is the execution layer between the idea and the outcome. Nothing more. When you automate that layer, you don’t eliminate the engineer. You eliminate the bottleneck between what they can envision and what they can ship. The companies using AI to cut headcount are optimizing for cost. The companies using AI to multiply output are optimizing for territory. Nvidia chose territory. Every engineer at the most valuable semiconductor company on Earth now operates with an AI assistant. Not a pilot program. Not an experiment. Company-wide. Every function. Every team. And the result is not less work. It is more work. Faster. At a scale that was physically impossible twelve months ago. The companies that understand the difference between eliminating engineers and unleashing them will build what comes next. The ones that don’t will watch their best talent walk out the door to the ones that did.

⚠️ iOS Security Alert | Immediate System Update Required for iOS Users Apple is urging iPhone/iPad users to update iOS immediately. Google Threat Intelligence Group (GTIG) recently disclosed a critical iOS exploit chain known as “DarkSword,” affecting iOS 18.4 to 18.7. This issue is not related to any exchange or wallet application, but is a system-level vulnerability in iOS. Attackers may exploit this vulnerability when users visit compromised (but seemingly legitimate) websites. The exploit may be triggered automatically without any user interaction, allowing attackers to extract sensitive data, including crypto wallet information. The malware may also erase its traces after execution, making detection extremely difficult. If your device is running iOS 18.4–18.7, you may be at risk. Immediate Actions Recommended: 1️⃣ Update your iPhone/iPad to the latest iOS version immediately 2️⃣ Avoid clicking on unknown links or visiting untrusted websites 3️⃣ Review app permissions and disable any unnecessary access 4️⃣ Enable Two-Factor Authentication (2FA) on all crypto-related accounts and ensure withdrawal whitelist is activated We believe it’s important to share this security alert with all users and not just Binance users. Security is the foundation of the entire ecosystem, and protecting user assets must come first.

JUST DROPPED: Anthropic's research proves AI coding tools are secretly making developers worse. "AI use impairs conceptual understanding, code reading, and debugging without delivering significant efficiency gains." -- That's the paper's actual conclusion. 17% score drop learning new libraries with AI. Sub-40% scores when AI wrote everything. 0 measurable speed improvement. → Prompting replaces thinking, not just typing → Comprehension gaps compound — you ship code you can't debug → The productivity illusion hides until something breaks in prod Here's why this changes everything: Speed metrics look fine on a dashboard. Understanding gaps don't show up until a critical failur and when they do the whole team is lost. Forcing AI adoption for "10x output" is a slow-burning technical debt nobody is measuring. Full paper: https://t.co/JeRZr6up6P