Ursify

🚨Update: President Trump is considering designating the Mexican Morena Party (party of the Mexican President) as a foreign terrorist organization or an entity supporting narcoterrorism. Several Mexican politicians from the Morena Party have been indicted by the US DOJ! When that happens, the consequences would be profound in the political, legal, migratory, and even economic spheres for Mexico!!

Daedalus 8.0.0 is a bigger release than it looks. Lower memory usage from the new LSM UTxO backend. Faster fresh syncs using Mithril bootstrap. Native Apple Silicon installer for M1/M2/M3 Macs. Cardano-node updated to 10.7.1. If you’ve avoided Daedalus because it felt too slow or too resource-heavy, this one is worth another look. Is the full-node wallet experience finally becoming practical again? *Not a paid promotion

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

🎙️ Inside Iagon — Back-to-Back AMA: Discussion is governance Two sessions. One topic. Let’s talk governance — structure, direction, transparency and how the community fits into what’s next. We’re hosting back-to-back AMAs across Discord and X to open the discussion and hear your perspective. Join both. Stay in the loop. 💬 🗓️ April, 26th | 8PM UTС / 10PM CET - live on Discord 🗓️ April, 27th | 7PM UTС / 9PM CET - live on X

It’s a relief these days when you go to a function and there is no Welcome to Country. For 90 years it was never part of Anzac Day services. Where did it come from? While Aboriginal kids are being sexually abused by their drunk uncles in Western NSW, their lives destroyed, and no one does anything about it, the wanky woke PC urban elites have tried to cleanse their consciences with the virtue signaling of Welcome to Country. Even at events like Anzac Day which have got nothing to do with land rights. The RSL is saying that some of those who booed this morning were veterans. Who can blame them? They didn’t risk their lives to protect Leftwing political bullshit‼️

🔥 BREAKING 🔥 The Australia Defence Force supports Australians Freedom of Speech & Freedom of expression which was displayed today by Aussies including Veterans that fought & bled for Australia while being ‘Welcomed to their own country’. Labor has disrespected ALL Aussies with this shame ritual on one of our most sacred days.

🇫🇷 A French tax official was arrested for selling crypto investors' home addresses and financial records to criminal networks. 41 kidnappings followed. One every 2.5 days since January 2026. The criminals didn't need to hack anything. They bought a list from someone inside the government. France is the most dangerous country in the world right now if you hold crypto and someone knows about it 💀 Source: Le Mond

My laptop got hacked yesterday by someone claiming to be Pierre from the Cardano Foundation. I have had a relationship with Pierre in the past, we've talked, we've video called. He reached out to me for a new call, asking about Atrium. I responded and setup a call for the next day. In the invite, there was a Microsoft Teams link to join. I joined, I saw Pierres face, his voice, and two other CF members in the call.(I now think this was AI) It was lagging a bit, and said my Teams software was out of date. It kicked me out and said that I needed to install the new Teams software through the Microsoft Terminal. I stupidly did this, but my laptop was dying so I shut it off immediately. I never use Teams so I thought this was normal. I messaged him and told him let's just use Google Meets, created the call, and sent the link. He said he got busy and asked me to reschedule. I have now realized that this was all fake, and a scam. Moral of the story, be careful. Trust nothing, trust no one. AI is making scamming more sophisticated, and as someone who is quite technical savvy, I just got cooked.