Moszeed

Today Instagram had this massive exploit where hackers were just stealing rare handles left and right. Hundreds of accounts gone. People losing handles they’ve owned since 2010, some worth hundreds of thousands. I own a few rare ones so I was actually stressed watching this happen in real time, which I haven’t been in years. Obama White House account got hit. These aren’t some random new accounts, these are verified, locked down accounts and they still got compromised. The thing is the exploit is so simple it’s almost funny. Attacker goes to Forgot Password, says their account is hacked, turns on a VPN to match the target’s location (which now you can find on the about section of the page). Instagram’s AI support flow asks them to verify with a selfie. They grab a photo from the target’s profile, run it through an AI video generator to make an animation of the person’s face moving around, upload that to Meta’s AI as proof. And Meta’s AI just accepts it because it can’t tell the difference between a real selfie and an AI-generated video of someone’s face . Once verified they change the email to theirs. Password reset link goes to their email. They own it now. 2FA gets bypassed somehow in the process but honestly I don’t know exactly how, just that it did. Point is even locked down accounts went down. Then you try to recover your account and you’re talking to a chatbot that has zero ability to help. You can’t escalate to a human. You’re just stuck. Your asset is gone and there’s no one to call. The whole thing just highlighted how stupid it is to automate account security without any human in the loop. One AI fooling another AI while there’s literally no person anywhere to catch it. Meta took hours to even acknowledge it while accounts were getting stolen every minute. Now thankfully it’s patched but I don’t think it will be the last one. Stay safe!

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

IT'S NOT JUST A COMMAND. MICROSOFT SHIPPED SOMETHING WINDOWS DEVELOPERS HAVE NEEDED FOR YEARS sudo natively, on windows no more closing your terminal and relaunching as admin just to run one command it's built into windows 11...written in rust & it actually ships in the os, not as a third-party workaround the caveat..? it's not a linux sudo port different OS, different permission model... Some unix scripts won't transfer directly but for 95% of day-to-day dev tasks, this is the fix windows has needed for years enable it: settings → developer features → sudo for windows → https://t.co/8F4QlHnDRQ

🚨 BREAKING: Berkeley just proved that AI doesn’t save you time. It makes you work MORE. Researchers Aruna Ranganathan and Xingqi Maggie Ye from Berkeley’s Haas School of Business spent 8 months embedded inside a 200-person tech company. Twice-weekly observations. 40+ deep interviews across engineering, product, design, and operations. This wasn’t a survey. They watched what actually happens when a company gives everyone AI tools and says “go.” What they found contradicts everything AI vendors have been selling you. Employees worked at a faster pace, took on a broader scope of tasks, and extended work into more hours of the day. Nobody asked them to. The company didn’t even mandate AI use. People just voluntarily did more because AI made “doing more” feel possible. One employee put it perfectly: “You had thought that maybe you save some time, you can work less. But then really, you don’t work less.” That quote should be taped to every monitor running Cursor, Claude, or ChatGPT right now. And a 2024 Upwork study backs it up: 77% of employees using AI said the tools had actually INCREASED their workload. Nearly half didn’t even know how to achieve the productivity gains their employers expected. The researchers found 3 patterns destroying work-life balance. First, task expansion. Product managers started writing code. Researchers took on engineering work. The scope of “my job” widened because AI made everything feel doable. Hiring got postponed because employees absorbed work that would have justified new headcount. Second, blurred boundaries. Workers sent prompts during lunch, before meetings, at 9pm. AI dropped the friction of starting any task to near zero, and natural stopping points in the workday just dissolved. Third, cognitive overload. People ran multiple AI agents simultaneously while reviewing code, drafting docs, and sitting in meetings. Both human and machine constantly in motion. Here’s the cycle that traps you. AI speeds up a task → expectations for speed rise → you rely more on AI → you take on wider scope → workload intensifies → repeat. The researchers call it “workload creep.” No manager told anyone to work harder. The tools just made doing more feel accessible and rewarding. So people kept going until they couldn’t. The most dangerous part: in the moment, it feels amazing. Workers described momentum, expanded capability, the thrill of building things they never could before. But when they stepped back and looked at the full picture, they felt busier, more stretched, unable to disconnect. By month 6 of the study, reports of burnout, anxiety, and decision paralysis had spiked. Short-term momentum. Long-term strain. There’s also a competitive dynamic nobody talks about. When your colleague uses AI to take on extra responsibilities, standing still feels like falling behind. Nobody formally raises expectations. But informal norms shift fast. Within months, doing what AI makes possible becomes what’s expected. The people who set healthy boundaries start looking like underperformers. That’s a toxic dynamic where sustainable work becomes career-limiting. The researchers propose something they call “AI Practice.” Not “use AI more” or “use AI less.” Intentional habits. Structured reflection intervals built into workflows, not “take breaks when you need to” because nobody does. Scheduled reviews where teams assess if AI-enabled expansion has crossed sustainable limits. Clear guidelines on when NOT to use AI and which tasks shouldn’t expand just because they can. I felt this in my own workflow. AI gives you superpowers. But superpowers without discipline just mean you never stop working. The fix isn’t to stop using AI. It’s to stop letting AI decide how much work you do. Set the scope BEFORE you prompt. Define “done” BEFORE the tool makes everything feel possible.

I used to work with this programmer who was super stressed out, attended loads of meetings and was always putting out fires. He also created 5+ pull requests a day, and they were always shit. One time he created a PR for a API that sent out some JSON. But instead of using a library to create the JSON he did it manually with string interpolation. Like this: I said to him "Why didn't you use a JSON generation library like Jackson? It's already in the project and used by other APIs, just copy the way they did it. This manual JSON creation works for the data you have, but if it includes quotes characters it's going to result in malformed JSON" He replied "Oh I did it like that to save time, I just wanted to code it more quickly and move onto something else" That was kind of his mentality, he did everything as quickly as possible so he could move onto the next issue he had. Except he coded so badly he created multiple future bugs for everyone. We should have fired him, but management loved him because he implemented their bug reports and feature requests very quickly.