mazeman

⚠️ Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords Source: https://t.co/wzp6CCp2lT A newly disclosed Linux kernel vulnerability is raising serious concerns across the security community, as it allows attackers to access highly sensitive data, including SSH private keys and password hashes, on affected systems. Tracked as CVE-2026-46333, the flaw has been nicknamed “ssh-keysign-pwn” and impacts a wide range of Linux distributions. The GitHub PoC ssh-keysign-pwn demonstrates exactly how to weaponize this race condition on pre‑31e62c2ebbfd kernels. #cybersecuritynews #Linux

🚨 Critical Linux Kernel Vulnerability Alert Qualys has disclosed ssh-keysign-pwn: a 6-year race condition in __ptrace_may_access() that lets unprivileged local users read root-owned files. A privileged process (e.g. ssh-keysign or chage) opens sensitive FDs. During do_exit(), after exit_mm() (mm=NULL) but before exit_files(), pidfd_getfd() can steal those FDs. Impact: • Theft of host SSH private keys → real impersonation & MitM risk until keys are rotated
• Full read access to /etc/shadow → offline password cracking Affected: All kernels before 31e62c2ebbfd (May 14, 2026) — Ubuntu, Debian, Arch, CentOS, Raspberry Pi OS and more. Immediate action required: Apply the kernel patch NOW. 🔗 PoC: https://t.co/UZJyKb6Szj
🔗 Patch: https://t.co/rNU2YB4mVv…/31e62c2ebbfd
🔗 Full analysis: Phoronix & Qualys oss-security #LinuxSecurity #KernelVulnerability #CyberSecurity #InfoSec #OpenSSH #PrivilegeEscalation #ThreatIntelligence #Linux #CyberThreat #PatchNow

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: https://t.co/9nqku4svkY

do you understand what just happened to your computer.. Google Chrome secretly downloaded a 4GB AI model onto your device. Without asking.. Without telling you.. It's called weights.bin. It lives deep in your system folders. It powers Gemini Nano - Google's on-device AI. And if you delete it? Chrome re-downloads it automatically. Like nothing happened. Just Google deciding your hard drive is their storage unit. At 1 billion Chrome users - that's 4 BILLION gigabytes of data pushed silently across the internet. The carbon footprint alone equals tens of thousands of cars running for a year. Check your disk right now: 📁 %LOCALAPPDATA%\Google\Chrome\User Data\OptGuideOnDeviceModel To stop it: chrome://flags → disable Optimization Guide On Device Model → restart Chrome → delete the folder. Reshare so people know what's sitting on their computers.

MiniMax M2.7 costs money to access. Kimi K2 costs money. GLM-4.7 costs money. DeepSeek V3.2 costs money. NVIDIA is giving you all of them. Right now. For free. No credit card. No trial period. No expiry date. Just a free API key and immediate access to some of the most powerful AI models on the planet. NVIDIA has quietly made its NIM — NVIDIA Inference Microservices — APIs available to the public through https://t.co/9uWRLwcE0e. You receive an actual API key, choose a model, send requests, and pay nothing. And the models are not toys. MiniMax M2.7 is a 230 billion parameter model with a Sparse Mixture-of-Experts architecture — 256 local experts, 8 activated per token — with a 204,800 token context window, excelling in coding, reasoning, and complex office tasks. This is a model companies are paying per token to access through MiniMax's own API. NVIDIA is serving it for nothing. GLM-5.1 is a flagship LLM for agentic workflows, coding, and long-horizon reasoning tasks. GLM-4.7 is a multilingual agentic coding partner with stronger reasoning, tool use, and UI skills. DeepSeek V3.2 — the model that caused a global market panic in January 2025 when it proved Chinese AI could match American labs for a fraction of the cost — is in the catalog. Free. The full list keeps going. GPT-OSS-120B. Sarvam-M. Llama 4 Maverick. Mistral Large. Qwen3-Coder. The full catalogue lives at https://t.co/9uWRLwcE0e and grows regularly. Here is how to set it up in 60 seconds. Grab your API key at https://t.co/E8fuchBY08. Set your base URL to https://t.co/JCNho62vQC. Set your API key to your NVIDIA key starting with nvapi-. Select your model — for example, minimaxai/minimax-m2.7. That is the entire setup. Because it uses the standard OpenAI SDK format, it plugs directly into every tool you already use. Cursor, Zed, OpenCode, Hermes agent, Claude Code — all of them work without any code changes. Now here is the part nobody is saying out loud. NVIDIA is not doing this out of generosity. The catalog is a top-of-funnel play for NVIDIA AI Enterprise, their paid inference platform. The path is designed to be frictionless: prototype on the free API, test on GPU sandbox instances, then deploy self-hosted NIM containers in your own data center with a paid license. Every developer who builds on NVIDIA's free tier is a developer who learns NVIDIA's API conventions, runs experiments on NVIDIA hardware, and builds deployment pipelines around NVIDIA's infrastructure. When they need to scale to production — they already know which chips to buy. The free tier is not the product. The enterprise contract that follows is. It is the smartest customer acquisition strategy in enterprise technology. Let you try the best hardware in the world for free. Make it trivially easy to integrate. Then sell you the infrastructure when you need to scale. Here are the honest limitations. Developers get 1,000 free inference credits on signup with a rate limit of 40 requests per minute — enough for meaningful prototyping before committing to self-hosted deployment. The larger models eat through credits surprisingly fast. 40 requests per minute is a prototyping budget — it is not enough to run a production application. But for evaluation, development, learning, personal projects, and running production-grade frontier models without needing an H100 cluster in your garage? Since https://t.co/JCNho62vQC is OpenAI-compatible, OpenClaw, OpenCode, Zed, and Cursor can call it directly. Swapping in NVIDIA's endpoint is a base URL change and an API key. Nothing more. 100+ models. Real API key. No credit card. No expiry. The X post that went viral asking "why is nobody talking about this?" hit 31,000 reposts in 48 hours. Now you know. https://t.co/9uWRLwcE0e Source: NVIDIA NIM · https://t.co/E8fuchBY08 · Medium/Coding Nexus · https://t.co/HcnfU5GXXQ · April 2026

Detoxing your house 101: ✔ HEPA air filter ✔ Incandescent lights ✔ Waterfall ✔ Negative ion generator ✔ Glass tupperware ✔ Cotton clothing ✔ Cotton sheets / pillowcases ✔ Shower filter ✔ RO water filter ✔ Wooden cutting boards ✔ Ceramic cookware ✔ Keep humidity down ✔ Non synthetic soaps / dishwashing tools