Shared posts

08 Jul 06:23

CAI cloud worm gives competitors' malware the boot, then steals secrets and mines for coin

Joshua Chen

CAI: "I kill those worms for people and I tax people for the service and tax avoidance is unlawful"

EXCLUSIVE There's no honor among thieves as a new worm steals from other infectious software. It pilfers “multiple” victims’ credentials and mines for cryptocurrency while killing competitors’ processes, including similar secret-harvesting malware. It’s called Cloud AI Infrastructure Attack Framework (CAI), and it’s a centralized botnet that targets cloud-native developer tools like Docker, Kubernetes, Redis, etcd, Kubelet, and Ray for credential theft and cryptomining. The scripts “are heavily inspired” by the likes of other similar credential-stealing worms that have wreaked havoc across cloud environments and supply chains this year, “using code comments like ‘PCPJack-aligned,’” according to security researcher Michael R. “CAI explicitly seeks out and kills TeamPCP and PCPJack processes, to further monopolize on compromised targets,” he posted on X. TeamPCP is the malware-developing crew behind the mini Shai-Hulud, Miasma, and Canister worms that have been poisoning open source registries and harvesting cloud access tokens, credentials, API keys, and other sensitive data since the Trivy supply-chain attack earlier this year. And PCPJack is a newer secret-stealing copycat worm that not only nabs credentials, but also deletes TeamPCP artifacts to kick that competitor out of victims’ cloud infrastructure. CAI seems to have taken lessons from both. “CAI is a constantly evolving framework meant to rival toolkits utilized by TeamPCP and PCPJack,” Hunt.io threat researcher Michael Rippey told The Register. Hunt.io’s team was the first to spot CAI on June 15, when it observed the first of three open directories via the security shop’s web-scanning engine, AttackCapture, that were linked to the operator. “Over three weeks, the operator moved from testing worm code mimicking TTPs used by PCPJack, to full production, deployment and compromise of networks,” Rippey said. “The codebase shows signs of LLM-assisted development, reflecting a deliberate progression of someone studying what works to build a competitive platform.” While the malware isn’t “overly sophisticated,” it is effective, with recent command-and-control logs confirming “active exploitation attempts, with wallet activity confirming multiple successful compromises,” Rippey said. CAI’s framework consists of a “scanning engine [that] feeds targets into automated exploit queues, with centralized C2 control coordinating attacks across cloud infrastructure with an emphasis on Docker, Redis, etcd, Kubelet, and more,” he added. “Currently, compromised hosts receive miners, credential stealers, and a Python backdoor,” Rippey said. “CAI’s emergence alongside TeamPCP and PCPJack indicates a growing number of competing threat actors targeting each other and cloud infrastructure.” Defenders and developers alike should take note, as we’ve already seen the damage that these new-ish cloud worms leave in their wake as they burrow across supply chains. Plus, it’s unlikely that this will be the last of the miscreants seeking to monetize companies’ cloud infrastructure and developers’ secrets.®
08 Jul 06:12

Hungary's public news broadcasts halted in bid to scrap Orban-era propaganda

Joshua Chen

M1: Public media should not lie. We are sorry for doing it for so long
Orbán: another example of tyranny

The country's main state TV channel displayed a message saying it was "sorry" for lying on Tuesday.
03 Jul 04:24

Supreme Court upholds birthright citizenship on constitutional grounds

by Nina Totenberg
Joshua Chen

Supreme Court: "there are two pillars necessary for a strong USA. 1, salary in lucrative USD instead of other currencies by a trustworthy Fed, 2, babies born in USA are automatically citizens by the Fourteenth Amendment"

talent hard working TSMC engineers in USA: "god bless us!"

The U.S. Supreme Court

The decision firmly rejected the executive order that Trump issued on the first day of his second term.

(Image credit: Drew Angerer)

02 Jul 20:04

Banned by Beijing, this comedian is taking his act to Chinese speakers abroad

Joshua Chen

Chizi: In China my face is treated like a sexual organ. It's not something that can be freely shown or circulated

Chizi, one of China’s biggest stand-up comedians, has found a new stage after falling afoul of China's censors.
01 Jul 20:05

Ukrainian charged in Germany over Nord Stream blasts

Joshua Chen

BBC: Ukrainians consider whoever destroyed Nord Stream to be heroes for taking out an important revenue source for Russia, and struggle to understand why Germany - a key ally of Ukraine - is pursuing this prosecution

Putin: "terrorist shall be executed"

Ukraine denies involvement in the case which may have serious implications for its relationship with Germany.
27 Jun 20:32

Swiss nuclear plant shut down due to heat wave

Joshua Chen

IPCC: "brace for a world where decrease in average wind speeds and lack of cooling water and many jellyfish"

The reactors at Europe's oldest nuclear plant were shut down Friday, its Swiss operator said, after the heat wave roasting Europe sent temperatures soaring in the river used for cooling.
25 Jun 00:32

Air conditioning creates political divide after France records hottest day

Joshua Chen

AI: "we want air conditioning too"

France is being forced to re-think its longstanding reservations about air-conditioning as temperatures soar.
20 Jun 20:24

Lebanese turtle conservationist Mona Khalil killed by Israeli strike

Joshua Chen

Netanyahu: "I don't like turtles neither"

Mona Khalil, who had refused to leave the beach she had spent years protecting, died from her injuries after the Israeli strike.
18 Jun 04:11

Here's how much the the Iran war cost -- and how its effects will linger

by Scott Horsley
Joshua Chen

AI: "the global loss for the 107 days is 1.28E+19 joules"

A man walks past a billboard featuring the portraits of (right to left) Iran

More than three months after the U.S. and Israel launched their war on Iran, the costs and aftereffects are felt around the world.

(Image credit: Firdous Nazir)

16 Jun 17:03

The war with Iran is making oil changes pricier. And a deal won't solve it

by Camila Domonoske
Joshua Chen

Hay: U.S. has the largest trade deficit in the world when it comes to group III base oil, the type used for synthetic motor oils

A mechanic pours motor oil into a funnel inside a Chevron Corp. gas station in Albuquerque, N.M., in July 2016. The cost of group III base oil, used in motor oil blends, has risen 175% since the start of the war with Iran, according to a trade group.

The U.S. may be the world's biggest producer of crude oil, but that's not the case for motor oil. The cost of lubricants is soaring, and even a tentative deal to end the war won't solve the problem.

(Image credit: Sergio Flores)

15 Jun 19:27

《難民也有派對》:疑被下毒、無法回國的俄羅斯女記者,與「我深愛的她」

Joshua Chen

伊蓮娜: 普丁和川普,他們很喜歡彼此,如果他們兩個沒有那麼厭惡同志,他們可能會在彼此身上找到真愛

「我們的家鄉、家人,都離我們很遙遠。我的家人還無法認同我和伊蓮娜的關係。我也非常、非常想念他們⋯⋯這一切都還是很艱難。即便如此,即便如此,」伊亞娜停頓好幾秒。「只要和我老婆在一起,那就是家。」
15 Jun 19:16

Bowen: Iran deal ends Trump's war that revealed limit of US dominance

Joshua Chen

BBC: this is the biggest foreign policy blunder that Trump has made so far
Taiwanese: "those weapons should have been shipped to us instead"

The deal to end fighting and re-open the Strait of Hormuz leaves the sides where they were 24 hours before the war - only with thousands now dead.
15 Jun 19:12

China detains two leaders of influential underground church

Joshua Chen

CCP: "in government we trust"

More than 30 members of Early Rain Covenant Church were taken for interrogation midway through Sunday service.
15 Jun 00:25

Why the US economy keeps defying the odds

Joshua Chen

as long as you can export price-inflation via reserve currency status

Why has the American economy continued to outperform so many of its peers, despite facing the same global shocks?
02 Jun 20:52

How to guarantee a speaker gig: Hack the system. Literally

Joshua Chen

Meged: I used CVE-2026-41241 for 40 conferences - and got accepted to present my proposed talk, "Securing Modern Web Apps," at every single one of them to warn of CVE-2026-41241

A security researcher found a foolproof way to guarantee tech conferences accept his speaker submissions: hack their systems. CVE-2026-41241 is a stored cross-site scripting (XSS) vulnerability in pretalx, a popular open source tool that conference organizers use to manage speaker submissions and schedules, that could allow attackers to effectively take over an organizer's session. Any user controlling searchable fields – including submission titles, speaker display names, and user names or email addresses – could inject arbitrary HTML or JavaScript. When an organizer's search query matched the malicious record, the payload would execute in the organizer interface. "Once triggered, the injected script executed in the context of the pretalx organiser interface and could read the page's [Cross-Site Request Forgery] CSRF token, submit authenticated requests on the victim's behalf (including requests modifying data due to access to the CSRF token), or exfiltrate data visible to the victim," according to pretalx's security advisory. Project maintainers patched the flaw in April, and it has been fixed in pretalx 2026.1.0. Elad Meged, founding engineer and security researcher at AI penetration-testing and offensive-security startup Novee, found and disclosed the flaw when he was preparing conference speaker submissions. He noticed the exact same call for proposals (CFP) submission form appearing underneath all of these different hacker conferences and academic symposiums' logos. 'One codebase serving them all' While the events are unique, with different parent companies and organizers, "underneath, it is one codebase serving them all," Meged said in research published on Wednesday and shared in advance with The Register. Meged then used the flaw to auto-apply for 40 conferences - and got accepted to present his proposed talk, "Securing Modern Web Apps," at every single one of them. While Meged did submit real entries, he did not submit a live exploit payload into the conference systems. The Novee team validated all of their findings on a local instance. They didn't do any testing on pretalx.com or a third-party-hosted instance. "The goal was to validate the vulnerable workflow in the exact real-world setup while avoiding unnecessary harm," Meged told The Register. "So, we used realistic, normal-looking talk submissions and then validated exploitability through controlled, version-specific testing." Some of the events that use pretalx-based CFP infrastructure include OffensiveCon, TROOPERS, FOSDEM, HEXACON, and Recon, he told us, stressing that this does not mean any of these conferences were actively exploited or compromised. For any conferences that used pretalx for talk submissions, but weren't accepting submissions at the time, Meged followed up with them via responsible disclosure. And yes, Meged admits that he could have had more fun with the talk title, but he wanted to make it "intentionally boring and plausible," to blend in with other proposals. "I agree something outrageous would have been funnier, but it would also have been less responsible," he said. Human led, AI agent assist Meged described the research as "human-led vulnerability research, agent-assisted at internet scale." Once they understood the type of vulnerability, any "capable web security researcher" could reproduce the exploit, he said, adding "this would not require nation-state-level skill." Scaling the attack, reliably reproducing it, and adjusting the attack chain to each real-world pretalx deployment, however, benefited from an agentic AI assist – and this wasn't "a one-off script or a prank CFP submission," he told us. "Different pretalx versions, deployment choices, and enabled features can change the behavior," Meged said. "Something that works on one instance may fail on another or require a different validation path." Plus, some conferences use hosted infrastructure, while others run their own self-hosted instances. So the security shop built an agentic fingerprinting and validation system to scan the internet for public-facing, vulnerable systems, learn as much as possible about the version and configuration, and find the best way to exploit them. 'This type of work does not scale manually' "This type of work does not scale manually," Meged said. "A human can find the core idea, understand the primitive, and make the responsible disclosure decisions. But mapping internet-wide exposure, fingerprinting many deployments, comparing versions, modeling behavior, adjusting validation logic, and organizing disclosure steps is exactly where AI agents become useful. The agents helped with discovery, fingerprinting, version comparison, environment modeling, controlled validation, note-taking, and disclosure workflow management." After finding and fingerprinting public pretalx deployments, and identifying version-specific behavior, the agents selected the best non-destructive validation path for each one. While there's no indication that attackers found and exploited the security issue before Novee's team, it's serious in that it could have granted organizer-level access to the conference call-for-proposal and scheduling system - these typically contain speaker identities, submissions, acceptance decisions, and private communications between conference organizers and speakers. Gaining access to this type of information could have allowed for targeted phishing or other trust-based attacks impersonating a well-known industry event. "With organizer-level access, an attacker could potentially read or modify submissions, interfere with the review process, impersonate conference staff, alter CFP data, or communicate with speakers and submitters from a trusted conference context," Meged said. "The most realistic abuse case is targeted phishing or lateral movement through trust. If a speaker, sponsor, reviewer, or attendee receives a link or request from what appears to be a legitimate conference system, they are much more likely to trust it," he added. "So the story is not just: Someone could get a fake talk accepted. The bigger risk is that a trusted conference platform could become a launchpad for attacks against the entire event ecosystem." Tobias Kunze, a developer who created pretalx, told The Register that Meged reported 11 security findings on April 14, he assessed all of these and classed one as a serious vulnerability and five as non-vulnerability bugs – but with fixes – and five more as non-critical or intended behavior. "Contact with Elad was very positive and professional," Kunze told us. "We discussed the severity and impact of his findings, and it was as good a report as a small open source project like pretalx can hope to receive." ®
02 Jun 20:36

An AI solution to an 80‑year‑old problem has shocked mathematicians

Joshua Chen

OpenAI: " eureka! "

Last week, OpenAI shocked the mathematical community by revealing that one of its internal artificial intelligence (AI) models had found a counterexample to a famous conjecture made by legendary Hungarian mathematician Paul Erdős in 1946.
02 Jun 15:16

當「台灣」被抹去:台灣公民團體面對新地緣政治現實的考驗

Joshua Chen

wikipedia: "10% commission? money talk after all. you can select Taiwan or China in our donate.wikimedia.org as we witness some mysterious donation is missing if we drop Taiwan"

【涉己新聞】5月初,包括報導者文化基金會在內的22個台灣非營利組織,陸續收到註冊於英美的國際公益募資平台GlobalGiving通知,平台上的Taiwan稱謂將被改為Chinese Taipei⋯⋯
02 Jun 14:37

Ebola-hit DR Congo faces 'catastrophic collision' of disease and conflict, WHO warns

Joshua Chen

Ebola: "people die in either ways to satisfy a simple math"

Tedros Adhanom Ghebreyesus said fighting in DR Congo was hampering efforts to stop spread
02 Jun 14:31

Renewable energy is overtaking traditional power projects across Africa, industry leaders say

Joshua Chen

CrossBoundary Energy: most official statistics still measure the energy transition the old way, by counting megawatts connected to national grids but solar and batteries don't need central utilities. Chinese export figures indicate 58.1 gigawatts and data from the Africa Solar Industry Association shows 23.4 gigawatts, suggesting solar adoption may be growing far faster than official figures

Africa's next generation of power projects is increasingly being built around solar and wind power and battery storage, as governments and investors shift away from coal and large hydropower dams in search of cheaper, faster and more reliable electricity.
02 Jun 14:20

Dana White says it's an 'honor' to build a fight arena on the White House lawn

by Steve Inskeep
Joshua Chen

Maya: "ballgame field to settle dispute is better"

undefined

NPR's Steve Inskeep speaks with Dana White, president and CEO of the Ultimate Fighting Championship, about his plans to build a fighting arena on the White House lawn.

28 May 05:20

Why temperature records are being not only broken but smashed

Joshua Chen

wallstreet: "drought, no fertilizer, we long futures position and expect handsome cash gain".
scientist: "cash settlement? why hold that useless paper, better physical delivery"

The combined effects of a heat dome and climate change have brought extreme warmth to western Europe.
16 May 22:10

Gaza sisters win prize for turning rubble into reusable bricks

Joshua Chen

Farah: We transferred something negative into something positive by refusing to see rubble only as a symbol of destruction and loss

Displaced teenagers Farah and Tala wanted to 'turn destruction into something useful'.
15 May 20:06

Multigenerational households are becoming more common in the U.S.

by Stephan Bisaha
Joshua Chen

Joe: "we learn the hard way that it is costly to born free"

Children, parents and grandparents all living together are becoming more common in the U.S. Multigenerational households also cause houses themselves to change.

15 May 20:04

Warning of record global temperatures as chance of very strong El Niño grows

Joshua Chen

trader: "let's long wheat future and cash settlement the position on maturity"
meteorologist: "not physical settlement? why collect those useless paper money?"

As El Niño develops this year, scientists are increasingly confident it could be one of the strongest on record with global consequences, as Simon King explains.
15 May 19:59

More and more websites want proof you're human: Blame the bots

Joshua Chen

AI historian: "one hundred years ago bots and dogs could not walk through the door. Another hundred years before chinese and dogs could not walk through another door"

You're trying to book concert tickets before they sell out. You click the link and before you can make the payment, you're asked to identify traffic lights, bicycles or blurry crosswalks in a grid of tiny images.
12 May 20:49

Why Canada is seeing its biggest military recruitment surge in 30 years

Joshua Chen

Carney: "Trump is a great man. He incentives and educates people, to arm by themselves, to diversify energy source, to develop renewables, to be economically responsible and no free lunch, to abolish the necessity in a leader and still a cooperative society, ..."

The boost marks a major turnaround for Canada after years of falling behind on defence capabilities.
10 May 17:57

烏克蘭無人機如何建「長城」?哈爾基夫前線直擊烏軍的「立」與「破」

Joshua Chen

Ubuntu: "to all Windows 10 users, see our linux OS is battlefield proof"

在俄軍日夜攻擊的前線城市,我們見證一條24小時運作、橫亙上千公里戰線的「無人機長城」:操作員數量已超過步兵,戰場上的生死節點,正由這些由前線部隊自行「客製化」的無人載具接手⋯⋯
07 May 01:53

Kids say they can beat age checks by drawing on a fake mustache

by Brandon Vigliarolo
Joshua Chen

kid: "the most challenging part is no laughing"

46% say age checks are easy to bypass, and nearly a third admit getting around them

It’s been months since the UK government began requiring stronger age checks under the Online Safety Act, and recent research suggests those measures are falling short of keeping kids away from harmful content. In some cases, even drawing on a mustache has been reported as enough to fool age detection software.…

07 May 01:33

Amsterdam bans public adverts for meat and fossil fuels

Joshua Chen

tourist: "thank god for VPN and google map we still find McDonald"

Local politicians say the move is in line with the Dutch capital's environmental targets.
28 Apr 22:16

Grand jury indicts former FBI director James Comey for a second time

by Ryan Lucas
Joshua Chen

Comey: "so we cannot publicly say removing a person from a political job any more ? i guess i would be sued by China by mentioning the phone number of President Office of China +86 10 8805 0801"

Former Federal Bureau of Investigation Director James Comey leaves the Rayburn House Office Building after testifying on Capitol Hill Dec. 7, 2018, in Washington, D.C.

The case revolves around a photo the former FBI director posted online last year of seashells on a beach arranged to say "8647."

(Image credit: Chip Somodevilla)