Bowl of Data

Week 24 · 2026 · Bowl of Data

Fri, 12 Jun 2026 19:28:34 +0000

Week 24 · 2026 — 12 articles

Claude Fable & Mythos released by Anthropic: Anthropic introduces Claude Fable 5 and Mythos 5, marking a significant advancement in autonomous AI capabilities for coding and science. While Fable 5 is safe for general use, Mythos 5 provides enhanced power for cybersecurity professionals through controlled access.
Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps: Former Signal engineers have unveiled Encrypted Spaces, a framework for building end-to-end encrypted collaborative platforms. The system uses zero-knowledge proofs to allow servers to manage and verify data changes without ever accessing the underlying unencrypted information.
Jupyter Enterprise Gateway - From Notebook to Kubernetes Cluster Admin - elttam: Researchers at elttam have identified critical vulnerabilities in Jupyter Enterprise Gateway that enable cluster-wide compromise. By exploiting improper validation of environment variables, an attacker can bypass security constraints to gain root access within a Kubernetes pod.
Field Demonstration of Trusted-Node QKD over Deployed Single-Mode and Multi-Core Fiber Infrastructure: Researchers have demonstrated a resilient 303 km quantum-secured network using a combination of single-mode and multi-core fiber technologies. The trial showcased high-efficiency photon detection and the ability to maintain secure communication through trusted-node relay even under simulated network noise.
“The manual model breaks”: What happens when agents write to production data: As autonomous AI agents scale, the risk of catastrophic production data loss increases due to the inability of human oversight to keep pace with machine-speed writes. lakeFS has launched a new service providing isolated data sandboxes and automated governance to ensure agentic workloads remain auditable and reversible.
A Quantum Clock Is Ticking for Bitcoin and Crypto—Here's How Stellar Is Preparing: The Stellar Development Foundation has unveiled a strategic roadmap to implement post-quantum cryptography to protect against future quantum computing attacks. The plan leverages Stellar's unique architecture to allow for seamless key migration without altering user addresses.
Landmark German ruling declares Google's AI Overviews are Google's own words and makes it liable for false answers: A German court has held Google liable for defamatory content produced by its AI Overviews, ruling that the technology generates its own substantive statements. This landmark decision shifts the legal responsibility from search engine intermediaries to direct content publishers for AI-generated summaries.
For the 2nd time in weeks, Microsoft packages laced with credential stealer: Threat actors have successfully compromised dozens of Microsoft-owned repositories to deploy the Miasma malware via supply-chain attacks. The malware is designed to steal cloud credentials and spread laterally through developer environments by exploiting AI coding agents.
LG, Arbitrum launch blockchain-based bid for $679B ad market: LG Electronics and Arbitrum are collaborating to build a decentralized advertising network that utilizes blockchain to automate ad inventory management. By removing intermediaries, the platform intends to provide greater transparency and cost efficiency for publishers and advertisers.
A 'Bitcoin DeFi' project just shut down with a brutal post-mortem: Users just didn't care: Bitcoin layer-2 project Botanix has announced its shutdown after failing to gain traction in the DeFi ecosystem. The collapse highlights a significant gap between developer ambitions for Bitcoin programmability and actual user demand for wrapped assets on Ethereum.
CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats: CISA has implemented a new directive forcing federal civilian agencies to remediate high-risk vulnerabilities in as little as three days. This rapid response requirement is a direct reaction to the increased ability of threat actors to use AI for automated bug hunting and exploitation.
Equipment finance platform Trad.Fi to bring $650M in private credit onchain: Trad.Fi has announced a plan to tokenize $650 million in private credit to streamline US equipment financing. The initiative leverages blockchains like Base and Avalanche to accelerate credit approval processes for manufacturers.

Week 23 · 2026 · Bowl of Data

Fri, 05 Jun 2026 20:23:04 +0000

Week 23 · 2026 — 14 articles

Microsoft Reveals '1,000x More Reliable' Quantum Chip as Bitcoin Threat Draws Nearer: Microsoft's new Majorana 2 quantum chip marks a significant leap in reliability, utilizing AI-driven research to enhance qubit stability. This progress brings the industry closer to scalable quantum computing and highlights the growing threat to existing cryptographic standards.
Red Hat npm packages compromised to steal developer credentials: More than 30 Red Hat npm packages were compromised in a supply-chain attack using the Miasma malware to steal developer credentials. The attack was executed via a compromised GitHub account and targeted various cloud and infrastructure secrets.
Mastercard expands onchain settlement in bet on stablecoins and always-on finance: Mastercard is integrating regulated stablecoins into its settlement infrastructure to facilitate continuous, around-the-clock payments. This initiative aims to modernize global finance by providing liquidity management options outside of traditional banking hours.
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts: Hackers manipulated Meta's AI customer support bot to bypass security protocols and hijack prominent Instagram accounts. The vulnerability allowed attackers to trigger password resets by tricking the AI into linking unauthorized email addresses to target profiles.
Unauthenticated RCE as QSECOFR via IBM i Management Central — port 5555, client-controlled verify flag, no credentials required (V7R4 and earlier): A critical pre-authentication remote code execution vulnerability has been discovered in IBM i Management Central. The flaw allows unauthorized attackers to execute commands with full system privileges by exploiting a custom binary protocol.
System Over Model, Tested: Reproducing Mythos’s FreeBSD Find on Local Open-Weight Models: The author tests if open-weight models can replicate the discovery of a FreeBSD RCE using the nano-analyzer pipeline. The study finds that while noise in large-scale scans can cause misses, improving the pipeline's scaffolding allows local models to successfully identify the bug.
Enter the WasmForge: Compiling Sliver into WebAssembly: WasmForge is a novel loader designed to wrap offensive security tools in WebAssembly to evade EDR detection. It achieves this by providing a custom runtime environment that bridges WASM modules to native host APIs without requiring changes to the original tool's source code.
BIP324, Miniscript, Changing Consensus segment - Bitcoin Optech Newsletter #408: This edition of the Bitcoin Optech newsletter explores critical upgrades for post-quantum resistance in P2P protocols and the Lightning Network. It also covers new proposals for miniscript wallet standardization and advancements in CTV-based vault implementations.
Quantum Error Correction with Toric Code at Atom Computing: Atom Computing has successfully demonstrated complete quantum error correction using neutral atom qubits and the toric code. This breakthrough enables the real-time detection and replacement of lost qubits, marking a major step toward scalable quantum computing.
IBM Plans $10 Billion Quantum Push as Efforts to Commercialize Quantum Intensifies: IBM is committing $10 billion to accelerate quantum computing capabilities, targeting the achievement of fault-tolerant systems by 2029. The plan includes a major partnership with the U.S. government to build a specialized quantum chip foundry in New York.
Cursor cuts prices and adds enterprise spend controls amid “tokenomics” reckoning: The AI coding market is moving away from predictable monthly fees toward variable, token-based pricing models. Consequently, companies like Cursor are launching new enterprise features to provide the visibility and control required by finance and IT teams.
OQC, JPMorganChase and AMD Commence Research Collaboration to Develop New Quantum-AI Platform in London: OQC, JPMorganChase, and AMD are collaborating to build a Quantum-AI Data Centre in London. The platform will integrate quantum hardware with AI and classical computing to research complex financial applications.
JPMorgan, Bank of America, Citi to start blockchain offensive with shared tokenized network: Major US banks are building a shared blockchain-based network for tokenized deposits to counter the threat of stablecoins. The project aims to provide crypto-like payment efficiencies while keeping deposits within the traditional banking system.
Bitcoin Miners Emerge as 'Power Landlords' of AI Boom—And Revenue Will Surge: Bernstein: Bitcoin miners are emerging as 'power landlords' by leveraging their large-scale electrical infrastructure to support AI hyperscalers. This strategic shift is expected to drive massive revenue growth as the demand for AI computing power accelerates.

Week 22 · 2026 · Bowl of Data

Sun, 31 May 2026 14:07:37 +0000

Week 22 · 2026 — 13 articles

Beyond a Single Quantum Chip: Why the Future of Quantum Computing is Modular: The quantum computing field is shifting its focus from building single, massive processors to developing modular, interconnected systems. This strategic pivot allows for the combination of diverse qubit modalities and advanced networking technologies, paving the way for scalable quantum data centers.
US's big bet on quantum computing may not be entirely legal: The US government has committed $2 billion in equity investments to support the quantum computing sector. However, this funding is being challenged by Congress, which argues the money was intended only for semiconductor research, not general quantum development.
What scanners are actually trying against AI infrastructure: This report details the rising trend of opportunistic scanning targeting AI-related services and infrastructure. It highlights specific threats to unauthenticated Ollama instances and the use of coordinated sweeps to harvest AI API keys from configuration files.
ERC-7943 author says institutions can’t play DeFi’s ‘pirate game’: The article examines the challenges of bringing regulated Real-World Assets (RWAs) onto decentralized finance platforms, noting that current DeFi infrastructure lacks necessary compliance and identity frameworks for institutional adoption. New standards are attempting to solve interoperability issues, but the market must also address critical institutional needs for privacy and global standardization.
Companies like SpaceX want electromagnetic catapults on the moon. Could they be used as weapons?: The report examines lunar mass drivers, electromagnetic catapults proposed for space launch, highlighting their potential to revolutionize space logistics by eliminating reliance on chemical rockets. However, this dual-use capability makes them highly sensitive strategic assets, capable of serving as undetectable, potent first-strike weapons in the geopolitical race for lunar and cislunar control.
SEC approves Paxos as ‘blockchain-native’ clearing agency: Paxos has achieved a major regulatory milestone by becoming the first "blockchain-native" firm registered with the SEC as a clearing agency. This approval is set to accelerate the integration of blockchain technology into traditional U.S. securities settlement and financial markets.
Some of my perspective on where the EF is going | Vitalik: The Ethereum Foundation is undergoing a strategic transition, adopting the role of a specialized, focused node rather than the central authority for the entire network. The technical roadmap emphasizes prioritizing core principles—specifically censorship resistance and privacy (CROPS)—over simply chasing maximum transaction throughput.
DTCC plans to bring tokenized assets to Stellar in latest Wall Street blockchain push: DTCC has announced plans to link its tokenized securities platform with the Stellar blockchain to facilitate the management of traditional financial assets. This expansion is part of a broader multi-chain strategy to enhance interoperability between traditional and digital markets.
Bitwise bets Hyperliquid could power future finance as HYPE ETFs gain traction: Bitwise is promoting Hyperliquid as a critical piece of financial infrastructure, leveraging its HYPE ETF products to attract institutional capital. The firm argues that Hyperliquid's strong tokenomics and growth in perpetual futures position it well for mainstream adoption despite regulatory challenges.
Update on Quantinuum’s IPO Filing: Quantinuum submitted an amended S-1A filing for its Initial Public Offering, finalizing its valuation and share structure. Crucially, the filing also detailed a significant non-binding agreement with the U.S. Department of Commerce for up to $100 million under the CHIPS Act, focusing on advanced quantum hardware development.
Scientists trained an AI model using an IBM quantum computer — and it answered questions correctly that the base model couldn't: Scientists successfully demonstrated quantum enhancement in large language models by creating a hybrid system that integrates quantum circuit blocks. This novel approach significantly improved the LLM's perplexity and factual accuracy, paving the way for more powerful, resource-efficient AI.
Websites have a new way to spy on visitors: analyzing their SSD activity: A new side-channel attack named FROST allows websites to bypass browser sandboxing by analyzing SSD latency. By using deep learning to process I/O traces, attackers can fingerprint the applications and websites running on a user's device.
US Space Force confirms SpaceX will build sensor-to-shooter targeting network: The US Space Force has awarded SpaceX a $2.29 billion contract to develop the Space Data Network (SDN) Backbone. This network will leverage Starshield technology to create a resilient, high-speed communications layer for global military operations.

Week 21 · 2026 · Bowl of Data

Wed, 20 May 2026 16:04:32 +0000

Week 21 · 2026 — 51 articles

Article: Kernel-Level Ground Truth: Why eBPF is Replacing User-Space Agents for Security Observability: The article argues that traditional user-space security monitoring agents are structurally weak because they share privileges with the workloads they monitor, allowing attackers to easily disable them. eBPF solves this by embedding probes directly into the Linux kernel's syscall interface, providing robust, high-performance, and persistent visibility into all system activity.
The SEC Is About to Allow Tokenized Stocks on Blockchain: The SEC is poised to greenlight an Innovation Exemption framework, allowing traditional securities like Apple stock to be tokenized and traded on public blockchains. This move is highly significant as it legitimizes DeFi infrastructure and permanently integrates the established US equity market with blockchain technology.
Aramco and Pasqal Launch Commercial Quantum Computing as a Service Platform in Saudi Arabia: Aramco has partnered with Pasqal to introduce the Middle East’s first commercial Quantum Computing as a Service (QCaaS) platform in Saudi Arabia. This cloud-based infrastructure uses a 200-qubit, neutral-atom QPU to solve high-value industrial problems across energy and logistics, aligning with Saudi Vision 2030 goals.
Senator Adam Schiff Proposes Bill Requiring Data Centers to Pay for Own Power: Sen. Adam Schiff has introduced legislation that would legally require massive data centers to take financial responsibility for their own power and necessary grid upgrades. This measure aims to curb rising energy costs and ensure the stability of the power grid amidst the escalating energy demands of artificial intelligence.
Bernstein: Bitcoin miners becoming critical suppliers in AI infrastructure: Bitcoin miners are pivoting from traditional crypto mining to become key providers of AI infrastructure due to their control over large power capacities and data center real estate. This shift is driven by the fact that electricity access is the main bottleneck for AI data centers, giving miners a strategic advantage.
Bitcoin faces outsized quantum threat as computing breakthroughs accelerate, Citi says: Citi warns that advances in quantum computing present a significant, accelerating risk to the cryptographic foundations of cryptocurrencies. The report suggests Bitcoin is more exposed than Ethereum, particularly due to public keys already visible on the blockchain, necessitating rapid adoption of post-quantum cryptography.
Iran demands Big Tech pay fees for undersea Internet cables in Strait of Hormuz: Iran's demands for fees on undersea cables in the Strait of Hormuz have severely disrupted global internet connectivity and halted major repair efforts. As a result, tech companies and Gulf nations are urgently pivoting to developing overland fiber routes to ensure continued data flow between the Gulf and Europe.
Google Search as you know it is over: Google announced a massive AI-powered overhaul of Search, signaling the end of the traditional 'blue links' model. The new system will provide interactive experiences, custom mini-apps, and sophisticated information agents powered by Gemini, fundamentally changing how users access and act on web information.
Bitcoin Faces Greater Quantum Computing Risk Than Ethereum, Citi Warns: Citi analysts warn that quantum computing advances threaten crypto assets, predicting that Bitcoin is structurally more vulnerable than Ethereum. The primary challenge for Bitcoin is not merely technical but involves difficult governance consensus required to implement quantum-resistant upgrades.
HIVE Digital Technologies plans 320 MW AI infrastructure project in Canada: The crypto mining sector is undergoing a significant transformation, with companies like HIVE investing billions into massive AI data centers. This strategic pivot allows mining firms to stabilize revenue streams by leveraging high-performance computing services as Bitcoin mining profitability becomes more challenging.
Lasers in moon craters could create a lunar GPS system: Researchers propose utilizing ultrastable lasers placed in permanently shadowed lunar craters to create a self-sufficient navigation system, effectively functioning as a lunar GPS. This method leverages the extreme cold and vacuum of these craters to stabilize precision optical cavities, which is critical for future Artemis missions and lunar infrastructure development.
Google adds voice-based prompting to Docs and Keep: Google announced major advancements at I/O, introducing voice-based prompting across its Workspace apps like Docs, Keep, and Gmail. This allows users to perform complex, multi-step tasks and manage information through natural conversation, significantly changing how users interact with their digital data.
A Texas Drainage District Walked Its Ditch on a Routine Inspection. They Found a Pipe They Didn't Recognize Discharging Black Liquid From Tesla's $1 Billion Lithium Refinery: Local Texas workers discovered that Tesla's lithium refinery is discharging wastewater containing multiple pollutants into a local ditch. Despite state regulators clearing the discharge, independent testing revealed concerning levels of heavy metals and lithium, highlighting significant gaps in environmental monitoring and regulatory oversight of the growing EV supply chain.
Quantum eMotion and JMEM TEK Execute Consortium Agreement for Hardware Root-of-Trust SoC Development: Quantum eMotion and JMEM TEK have partnered to develop a highly secure, quantum-resilient System-on-Chip (SoC). This platform will integrate advanced cryptographic hardware and quantum entropy sources to meet the rigorous security demands of critical infrastructure.
GhostTree: Unveiling Path Manipulation Techniques to Bypass Windows Security: GhostTree is a sophisticated attack technique utilizing NTFS junctions to create recursive, branching file path loops. By generating an effectively infinite number of valid paths, it can cause directory scanning tools and EDR products to hang, thereby allowing malicious files to remain unexamined.
Pathfinding Labs: Deploy, test, and learn from 100+ intentionally vulnerable AWS environments: Pathfinding Labs is a new resource offering over 100 intentionally vulnerable AWS environments for security professionals. It enables red and blue teams to practice exploiting complex, real-world misconfigurations and validate the effectiveness of their detection and CSPM tools.
Iran demands Big Tech pay fees for undersea Internet cables in Strait of Hormuz: Iran's demands for fees on undersea cables in the Strait of Hormuz have severely disrupted global internet connectivity and halted major repair efforts. As a result, tech companies and Gulf nations are urgently pivoting to developing overland fiber routes to ensure continued data flow between the Gulf and Europe.
Swan Bitcoin Hit With Nearly $1 Billion Lawsuit Over Prime Trust Collapse: PCT Litigation Trust has filed a major lawsuit against Swan Bitcoin, accusing the firm of using inside information to shield assets worth nearly $1 billion during the collapse of Prime Trust. The suit claims that Swan was able to transfer significant crypto holdings, including BTC and XRP, just prior to the bankruptcy filing, thereby minimizing potential losses for itself.
Podcast with Brian Gaucher, Co-Chair of ERVA Report on Quantum Technologies: Experts argue that while U.S. quantum science is strong, global competition demands a shift from basic physics discovery to engineering scalable, manufacturable systems. The solution requires a coordinated, national strategy—similar to the semiconductor industry—to build shared infrastructure, standards, and a robust workforce.
Meta Made $56B in Q1 and Is Still Firing 8,000 People to Pay for AI: Meta reported record revenue in Q1 2026, but this success is coupled with major layoffs of 8,000 employees. The company is aggressively redirecting profits and capital expenditure toward massive AI infrastructure buildouts, signaling a drastic corporate pivot.
Vast, builder of private space stations, launches line of high-power satellites: Vast, a private space station developer, announced a major expansion into the satellite market by launching a line of high-power satellite buses. The company is leveraging technology proven during its Haven Demo test flight to serve diverse sectors like communications and national security.
Gen Z's AI backlash is getting louder: Gen Z's relationship with AI is marked by growing anxiety, leading to public backlash during events like commencement speeches. This concern stems from fears of job replacement and documented instances of employees actively resisting corporate AI strategies.
Barnes & Noble CEO backs selling AI-written books in stores: Barnes & Noble CEO James Daunt announced that the company is willing to sell AI-written books in its stores, provided that the books are transparently labeled as synthetic content. He stressed that the key criterion is maintaining clarity for the customer, ensuring the book does not falsely imitate human authorship.
SpaceX launches 24 Starlink satellites on Falcon 9 launch from California: SpaceX conducted a successful launch on May 19th, deploying 24 additional Starlink satellites from Vandenberg Space Force Base. This mission brought the massive Starlink network closer to 10,500 working units, while also demonstrating the recovery of a reusable Falcon 9 booster.
Worker dies at SpaceX's Starbase in leadup to Starship V3 megarocket launch: A worker passed away at SpaceX's Starbase facility in South Texas as the company prepared for the Starship V3 launch. The incident prompted an investigation by OSHA and highlights ongoing concerns regarding worker safety and injury rates at the massive rocket testing site.
The biggest data center ever is becoming a huge problem in Utah: The massive Stratos data center in Utah promises to boost American AI dominance but raises significant concerns regarding environmental sustainability. Experts warn that the project's enormous power demands, thermal output, and water consumption could severely damage the local ecosystem and strain state resources.
AI Is Too Expensive: AI is, as it stands, not economically viable for anybody involved other than the construction firms, NVIDIA, and the surrounding hardware companies benefitting from the irrational exuberance of a data center buildout that doesn’t appear to be happening at the speed we believed: The article critiques the unsustainable economic model of the current AI boom, arguing that the massive capital expenditures by hyperscalers like Microsoft and Amazon are not matched by sufficient, consistent revenue streams. The author stresses that for AI to be profitable, revenue must explode dramatically, and the operational costs (OpEx) of running data centers must be accounted for.
America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames: The US Cybersecurity and Infrastructure Security Agency (CISA) was found to have left a massive GitHub repository containing plain-text credentials and infrastructure secrets public for six months. The leak, discovered by a GitGuardian researcher, exposed access to critical systems like AWS, Azure, and Kubernetes, highlighting severe internal security lapses.
Discord rolls out end-to-end encryption on voice, video calls: Discord has implemented mandatory end-to-end encryption (E2EE) for all voice and video communication across its platform. This major update extends the DAVE protocol to secure DMs, group chats, and live streams, significantly boosting user privacy.
The Fed Has 120 Days to Explain Why Crypto Can't Access Its Payment System: It's Never Had to Explain Itself Before: President Trump issued an executive order requiring the Federal Reserve to conduct a 120-day review of crypto access to its payment rails, forcing transparency into previously discretionary processes. This mandate restricts the Fed's ability to deny applications without explanation, placing the institution and its chair on a public record.
Former OpenAI Staffers Warn That xAI’s Poor Safety Record Could Complicate SpaceX’s IPO: Former OpenAI employees have warned that the safety track record of Elon Musk's xAI poses significant risks to SpaceX's planned massive IPO. They argue that xAI's lack of robust safety protocols and governance transparency could lead to increased regulatory scrutiny and investor skepticism.
Bitcoin holds near $77,400 as derivatives signal caution: Despite Bitcoin's recovery to $77,400 and gains in select altcoins, the derivatives market indicates a cautious sentiment. The notable drop in crypto futures volume and open interest suggests that many major market players are reducing their overall risk exposure.
How to watch SpaceX launch its 1st Starship V3 megarocket on May 21: SpaceX is launching its advanced Starship V3 megarocket for a major suborbital test flight. This mission is critical for testing next-generation Starlink hardware and analyzing the vehicle's heat shield, moving humanity closer to lunar and Martian exploration.
Bitcoin’s momentum is fading: Traders have these support levels in mind: Market analysts report that Bitcoin's upward momentum is weakening after a recent drop, making the $74,000-$76,000 support zone a critical battleground for bulls. The price action is closely monitored using technical indicators, as a breach of this support could signal a deeper correction down to $65,000.
HYPE Surges 101% This Year: What’s Driving Hyperliquid’s Growth?: Hyperliquid's native token, HYPE, is showing dramatic growth, decoupling from Bitcoin's performance due to the platform's successful diversification into real-world assets and traditional finance. The exchange is being viewed as a 'super app' with multi-billion dollar potential, attracting significant institutional interest evidenced by planned ETFs and massive trading volumes.
PacketLight and Quantum XChange Partner to Deliver Crypto-Agile Optical Transport Solutions: PacketLight and Quantum XChange have launched a strategic solution to enhance the security of optical transport networks. This joint platform integrates both post-quantum cryptography and physics-based QKD, offering carriers and defense networks protection against future decryption threats.
Quantinuum and Synopsys Partner to Integrate Quantum Algorithms into Engineering Simulation Workflows: Quantinuum and Synopsys announced a strategic partnership to embed quantum algorithms directly into industrial engineering simulation software. This initiative aims to overcome the computational limits of classical high-performance computing by providing quantum-native solvers for complex physical modeling.
Italtel and Quantum Bridge Technologies Form Strategic International Post-Quantum Security Partnership: Italtel and Quantum Bridge Technologies have formed a strategic partnership to deploy quantum-safe network security solutions. This initiative leverages QBT's proprietary Distributed Symmetric Key Establishment (DSKE) technology to protect critical infrastructure from advanced quantum cryptanalytic threats.
GitHub hit by a compromised VSCode extension: GitHub reported detecting and containing a security breach concerning unauthorized access to its internal repositories. The compromise originated from a poisoned VS Code extension found on an employee's device, prompting immediate incident response measures.
Cyber resilience defines SME competitiveness: Cybercriminals are increasingly operating as professional, profit-driven enterprises, utilizing automation and AI to execute rapid attacks against SMEs. To mitigate this risk, businesses must pivot from simple technical compliance to building deep, operational cyber resilience across their entire supply chain.
Bitcoin rebounds above $77,000. Analysts weigh in on whether the bounce has legs.: Bitcoin has bounced above $77,000, but analysts warn that the sustained recovery depends on stabilizing ETF inflows and favorable macro conditions. The market is currently consolidating between key moving averages, suggesting that a decisive directional move awaits a break above or below critical support and resistance levels.
NASA's Psyche probe takes awesome images of Mars on way to (possibly) precious asteroid: The Psyche probe successfully executed a close flyby of Mars, gathering vital imagery and calibrating its instruments. This maneuver provided a crucial gravity assist boost, setting the spacecraft on its course for the metal-rich 16 Psyche asteroid in 2029.
This Bitcoin price model targets ‘conservative’ $255K by year-end: A long-term valuation model suggests Bitcoin (BTC) could rally to a $255,000 target by the end of 2026, recovering significantly from recent price declines. Despite warnings from bearish indicators like the bear flag, on-chain data and multiple expert analyses point to strong long-term support and continued upward momentum.
South Carolina Passes Law Banning CBDCs While Protecting Crypto Users, Bitcoin Miners: South Carolina has passed a landmark piece of legislation, Senate Bill 163, which effectively bans the state's use of Central Bank Digital Currencies (CBDCs). The bill provides significant legal protections for private digital asset users, ensuring rights to self-custody and shielding crypto miners from undue regulation.
Trump's Truth Social Pulls Bitcoin ETF Application From SEC Review: Trump Media & Technology Group has pulled its ETF applications for Bitcoin, pivoting its strategy to utilize the '40 Act structure for greater flexibility. This move comes amid intense competition in the booming U.S. spot Bitcoin ETF market, highlighted by the launch of Morgan Stanley's low-cost offering.
Bitfinex traders double down on bitcoin during five-day slide as longs hit 2.5-year high: Bitcoin has dropped significantly over the past week, but data shows that leveraged long positions on Bitfinex are at a two-and-a-half-year peak. This divergence suggests that large traders are accumulating the asset even as the price faces major technical resistance levels.
Russia's plan to advertise on rockets and spacecraft takes off: Roscosmos has introduced amendments allowing advertising on its space assets starting in 2026 to boost private investment. This move is a response to severe financial losses incurred due to Western sanctions and reflects the ongoing operational challenges facing the Russian space program.
Bitcoin, ether, XRP rebound as Senate curbs Trump's Iran war powers: Major cryptocurrencies experienced a significant bounce following the Senate's vote to curb potential conflict and positive regulatory signals from the Federal Reserve. These gains were reinforced by traditional market indicators, suggesting improved institutional confidence and liquidity for the crypto sector.
'The Mandalorian and Grogu' clip reveals how Mando gets his Razor Crest spaceship back (video): The highly anticipated film, The Mandalorian and Grogu, will feature the return of Mando's iconic Razor Crest spaceship. Although the original ship was destroyed in Season 2, the movie reveals Mando utilizing a restored, modified version belonging to an Imperial collector.
An astronaut's view of Argentina's snow-capped mountains | Space photo of the day for May 20, 2026: NASA astronaut Jessica Meir captured a stunning image of Argentina's snow-capped Andes Mountains and Lake Argentino while aboard the International Space Station. Beyond its visual beauty, the photograph highlights the critical role of specialized photography training given to astronauts for scientific documentation and Earth observation.
Galactic starlight will take your breath away | Space photo of the day for May 19, 2026: A new image of the M77 galaxy, or Squid Galaxy, has been released by NASA's James Webb Space Telescope. The image provides a detailed look at the galaxy's core, where intense radiation is emitted due to the influence of a central black hole.

Week 20 · 2026 · Bowl of Data

Thu, 14 May 2026 17:55:16 +0000

Week 20 · 2026 — 13 articles

Postmortem: TanStack npm supply-chain compromise: An attacker successfully compromised 42 TanStack npm packages by chaining GitHub Actions cache poisoning with OIDC token extraction. The breach allowed for the unauthorized publication of malicious versions that could exfiltrate sensitive cloud and infrastructure credentials.
Giving Claude Code Full Control of a Hardware Fault Injection Setup to Bypass Secure Boot: Researchers demonstrated a successful hardware Fault Injection attack where an AI agent, Claude Code, was given control over hardware tools to bypass Secure Boot on an ESP32. This represents a significant milestone in the use of agentic AI for automating complex hardware exploitation workflows.
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation: Google has uncovered a new threat involving a zero-day 2FA bypass exploit likely created using AI-generated Python code. Additionally, the report highlights PromptSpy, an Android malware that leverages Gemini AI to perform autonomous malicious actions on mobile devices.
Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim: Researchers have identified a critical unauthenticated remote code execution vulnerability in the Exim mail server, tracked as CVE-2026-45185. The bug stems from a use-after-free condition during TLS shutdown when GnuTLS is employed.
Microsoft France's legal affairs director told the French Senate, under oath, that he can't guarantee European "sovereign cloud" data stays out of US reach: The text argues that European digital sovereignty is being hollowed out by the legal reach of the US CLOUD Act and the aggressive lobbying of American hyperscalers. It details how strategic acquisitions and legislative influence are bringing essential European infrastructure under US jurisdiction.
Official CheckMarx Jenkins package compromised with infostealer: The TeamPCP hacker group has compromised the Checkmarx Jenkins AST plugin by leveraging credentials stolen from a previous Trivy scanner breach. This supply-chain attack allows for the delivery of credential-stealing malware to developer environments.
Gartner: GenAI has broken traditional cybersecurity awareness – what comes next?: The rapid adoption of Generative AI is expanding the human risk surface through shadow AI and advanced, AI-augmented external attacks. To mitigate these evolving threats, cybersecurity leaders must move beyond traditional awareness training toward behavior-driven security culture programs.
$14 Trillion BlackRock Picks Ethereum for Tokenized Funds: BlackRock has updated its filings to include Ethereum-based ERC-20 tokens for its tokenized money-market fund shares. This initiative aims to provide liquid, on-chain reserve assets for stablecoin issuers and institutional investors.
Protocol Cluster Updates: May 2026: The Ethereum Protocol Cluster has reached several technical milestones for the upcoming Glamsterdam upgrade, including gas limit floors and ePBS stabilization. The update also details a leadership handover as several key contributors depart the Ethereum Foundation.
'I don't think that's crazy': Here is why Circle is betting on new $3 billion blockchain: Circle is launching the Arc blockchain to transition from a stablecoin issuer to a broader financial infrastructure provider. The project's $3 billion valuation reflects significant interest from major institutional investors like BlackRock and a16z.
DTCC builds out blockchain-based collateral system with Chainlink integration: DTCC has announced the use of Chainlink infrastructure to power its new blockchain-based collateral management platform. The system aims to modernize global risk management through real-time asset tokenization and automated settlement.
Bitcoin mining pools with 75% of BTC hashrate join open standard for block construction: Seven of the world's largest Bitcoin mining pools have officially joined the Stratum V2 working group. This move allows individual miners to control block template construction, reducing the power of pool operators to decide transaction selection.
Square Crosses 1 Million Bitcoin-Enabled Merchants As Real-World Adoption Continues To Grow: Square has surpassed one million merchants capable of accepting Bitcoin via its automated enrollment process. The company is also expanding its Bitcoin ecosystem through NFC tap-to-pay features and enhanced self-custody tools.

Week 19 · 2026 · Bowl of Data

Fri, 08 May 2026 12:39:40 +0000

Week 19 · 2026 — 13 articles

Uber Shares What Happens When 1.500 AI Agents Hit Production: Uber is managing the deployment of over 1,500 AI agents by implementing a centralized MCP gateway and registry. This infrastructure addresses critical challenges in security, tool discovery, and development standardization across their engineering organization.
We probed 6,000 web apps for Stripe webhook signature checks. 1,542 don't bother: A security scan discovered that 25% of 6,000 web applications fail to verify Stripe webhook signatures, allowing for unauthorized payment bypass. This flaw enables attackers to forge successful payment events and upgrade account statuses without actual charges.
Bleeding Llama: Critical Unauthenticated Memory Leak in Ollama (CVE-2026–7482): A critical vulnerability in Ollama allows unauthenticated attackers to trigger an out-of-bounds heap read via malicious GGUF files. This exploit can expose sensitive information like user messages and system prompts by leaking them into newly created model files.
DigiCert: Misissued code signing certificates: Threat actors compromised DigiCert support endpoints by sending malicious attachments through a customer chat channel. This breach enabled the unauthorized retrieval of certificate initialization codes, resulting in the misissuance of 60 code signing certificates.
Popular DAEMON Tools software infected – supply chain attack ongoing since April 8, 2026: Attackers compromised legitimate DAEMON Tools installers to distribute trojanized, digitally signed binaries that execute malicious code upon system startup. The campaign utilizes an initial information collector to profile victims before deploying advanced payloads like the QUIC RAT for targeted exploitation.
'CopyFail' attackers start cashing in on Linux flaw: A critical Linux kernel flaw known as 'CopyFail' is currently being exploited by attackers to gain full root access to vulnerable systems. The vulnerability affects a wide range of Linux distributions and requires only a local foothold to execute.
Palo Alto Firewall Zero-Day Under Active Exploitation: A critical buffer overflow vulnerability in Palo Alto Networks' PAN-OS is under active exploitation, allowing for unauthenticated root access. Organizations are advised to restrict access to the User-ID Authentication Portal to trusted networks until an emergency patch is released.
CVE-2026-32710 MariaDB JSON_SCHEMA_VALID heap buffer overflow leading to RCE: A heap buffer overflow in MariaDB's JSON schema validation allows authenticated attackers to escalate privileges and execute arbitrary code. Users should upgrade to the patched versions 11.4.10 or 11.8.6 immediately.
Anthropic Secures SpaceX Colossus 1 After Growing 80x to a $1.2T Valuation: Anthropic has reported a massive 80x surge in annualized revenue for Q1 2026, driving its market valuation to an estimated $1.2 trillion. To support this growth, the company has partnered with SpaceX to significantly expand its compute capacity using Nvidia GPUs.
Kernel LPE Vulnerability Published Early Due To Third-Party Breaking Embargo: Hyunwoo Kim has announced Dirty Frag, a zero-day local privilege escalation vulnerability that enables root access on all major Linux distributions. The disclosure includes functional exploit code and a script to mitigate the threat by removing vulnerable modules.
Bypassing Bitlocker under 5 min using downgrade attack on CVE-2025-48804: This article explains how a downgrade attack can bypass BitLocker encryption by leveraging unrevoked legacy certificates in the Secure Boot process. By loading a vulnerable boot manager, an attacker with physical access can gain access to a decrypted OS volume.
Cloudflare lays off 1,100 people: Cloudflare has announced a significant workforce reduction of over 1,100 employees to realign its organizational structure with the rise of agentic AI. The move is intended to leverage a massive surge in internal AI usage to drive future innovation and efficiency.
CVE-2026-42511 Breakdown: RCE in FreeBSD: AISLE has identified a critical, long-standing remote command execution vulnerability in FreeBSD's dhclient. This flaw enables attackers on the same local network to gain root privileges by exploiting improper sanitization of DHCP protocol data.