Feed aggregator
Foxconn confirms cyberattack – confidential Apple, Nvidia files stolen
My security research PoC was confirming exploits that didn't exist
Article URL: https://stuart-thomas.com/are-you-there/the-harness-that-lied/
Comments URL: https://news.ycombinator.com/item?id=48120449
Points: 1
# Comments: 1
What is the 'zero-point energy' (or 'vacuum energy') in quantum physics?
Article URL: https://www.scientificamerican.com/article/follow-up-what-is-the-zer/
Comments URL: https://news.ycombinator.com/item?id=48120434
Points: 1
# Comments: 0
Recursive Superintelligence – 6 months old and valued at $4 billion
WinMerge 2.16.56 – A Windows tool for visual difference display and merging
Article URL: https://github.com/WinMerge/winmerge/releases/tag/v2.16.56
Comments URL: https://news.ycombinator.com/item?id=48120424
Points: 1
# Comments: 0
Alibaba's core profit plunges 84% even as AI and cloud growth accelerate
Article URL: https://www.cnbc.com/2026/05/13/alibaba-earnings-march-quarter-ai-cloud-growth.html
Comments URL: https://news.ycombinator.com/item?id=48120423
Points: 1
# Comments: 1
MFKVault – npx mfkvault install [skill] for Claude, Cursor and Codex
Article URL: https://mfkvault.com/show-hn
Comments URL: https://news.ycombinator.com/item?id=48120420
Points: 1
# Comments: 0
Glide Design AI
Article URL: https://www.glidedesign.ai/
Comments URL: https://news.ycombinator.com/item?id=48120414
Points: 1
# Comments: 0
There Are No Machines of Loving Grace Without People
Article URL: https://www.techpolicy.press/there-are-no-machines-of-loving-grace-without-people/
Comments URL: https://news.ycombinator.com/item?id=48120407
Points: 1
# Comments: 0
Another day, another universal Linux LPE
Article URL: https://twitter.com/v12sec/status/2054491454064746629
Comments URL: https://news.ycombinator.com/item?id=48120406
Points: 2
# Comments: 0
The companies making billions from the Iran war
Article URL: https://www.bbc.com/news/articles/ce8pyyz5e0ro
Comments URL: https://news.ycombinator.com/item?id=48120389
Points: 2
# Comments: 0
OpenAI Chief Sam Altman Makes Appearance in High-Stakes Court Bout v Elon Musk
Using OR-Tools CP-SAT for Scheduling Problems
Article URL: https://atalaykutlay.com/or-tools-cp-sat-for-scheduling-problems.html
Comments URL: https://news.ycombinator.com/item?id=48120351
Points: 2
# Comments: 0
A plan to make drugs in orbit is going commercial
Article URL: https://www.technologyreview.com/2026/05/13/1137153/varda-united-therapeutics-drug-manufacturing-in-space/
Comments URL: https://news.ycombinator.com/item?id=48120343
Points: 1
# Comments: 0
Apple Project Files Allegedly Stolen in Foxconn Ransomware Attack
Article URL: https://www.macrumors.com/2026/05/13/apple-files-stolen-foxconn-ransomware-attack/
Comments URL: https://news.ycombinator.com/item?id=48120335
Points: 1
# Comments: 0
May 2026 Patch Tuesday: no zero-days but plenty to fix
This month’s Patch Tuesday remedies 137 security vulnerabilities, including 31 marked critical by Microsoft, with no zero-days actively exploited in the wild.
Microsoft defines a zero-day as “a flaw in software for which no official patch or security update is available yet.” This month, Microsoft has not observed any included vulnerability being exploited in production environments.
Still, this release is far from low-risk. A large chunk of the critical bugs allow remote code execution (RCE) across Windows services, Office, Azure, SharePoint, and graphics components. That means attackers who trick a user into opening a malicious document or lure them into connecting to a malicious service could gain full control of a system.
Two vulnerabilities to prioritizeFrom that list, we selected two that look like they could cause some trouble.
First is CVE-2026-40361, which has a CVSS score of 8.4 out of 10. It’s described as a critical use-after-free vulnerability in Microsoft Word that could allow an attacker to execute code locally on the affected system.
Use-after-free is a class of vulnerability caused by incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker may be able to use the error to manipulate the program.
So, if an attacker convinces a user to open a malicious Word document, or even previews the file, they could execute arbitrary code with the privileges of the current user. That’s often enough to install malware, steal credentials, or move laterally through a network.
Second is CVE-2026-35421 (CVSS score 7.8 out of 10). This is a critical heap-based buffer overflow in Windows Graphics Device Interface (GDI). A buffer overflow occurs when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. Microsoft notes:
“For this vulnerability to be exploited, a user would need to open or otherwise process a specially crafted Enhanced Metafile (EMF) file using Microsoft Paint. This action is necessary to trigger the affected graphics functionality in the Windows component.”
Real-time protection. Zero effort. How to apply fixes and check if you’re protectedThese updates fix security problems and keep your Windows PC protected. Here’s how to make sure you’re up to date:
1. Open Settings
- Click the Start button (the Windows logo at the bottom left of your screen).
- Click on Settings (it looks like a little gear).
2. Go to Windows Update
- In the Settings window, select Windows Update (usually at the bottom of the menu on the left).
3. Check for updates
- Click the button that says Check for updates.
- Windows will search for the latest Patch Tuesday updates.
- If you have selected to get the latest updates as soon as they’re available, you may see this under More options.
- In which case you may see a Restart required message. Restart your system and the update will complete.
- If not, continue with the steps below.
4. Download and Install If updates are found, they’ll start downloading automatically. Once complete, you’ll see a button that says Install or Restart now.
- Click Install if needed and follow any prompts. Your computer will usually need a restart to finish the update. If it does, click Restart now.
5. Double-check you’re up to date
- After restarting, go back to Windows Update and check again. If it says You’re up to date, you’re all set!
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises
CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”.
The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek.
