April 28, 2026

🇨🇳 national Xu Zewei (徐泽伟) was extradited to the US over the weekend and appeared in US District Court in Houston on Apr 27 on a 9-count indictment related to his involvement in computer intrusions between Feb 2020 and June 2021. Certain of those computer intrusions are part… https://t.co/1cyApCHSc4 pic.twitter.com/yRZbi9xJso

— Byron Wan (@Byron_Wan) April 27, 2026

Office of Public Affairs | Prolific Chinese State-Sponsored Contract Hacker Extradited from Italy | United States Department of Justice

Xu Zewei (徐泽伟), 34, of the People’s Republic of China was extradited to the United States this weekend and appeared today in U.S. District Court in Houston on a nine-count indictment related to his involvement in computer intrusions between February 2020 and June 2021. Certain of those computer intrusions allegedly are part of the HAFNIUM computer intrusion campaign that

Sci-Hub is an evil website that pirated 85M+ research papers and made them freely available

And now they've added AI to their database to make Sci-Bot.

It answers your questions using latest, full-text articles.

But DO NOT use it. We should all try to make billion-dollar… pic.twitter.com/yr1VUeRa14

— Mushtaq Bilal, PhD (@MushtaqBilalPhD) April 27, 2026

Link: https://t.co/066jUgAlLO

— Mushtaq Bilal, PhD (@MushtaqBilalPhD) April 27, 2026

Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively using AI agents. https://t.co/lACioWjtkf

— Nicolas Krassas (@Dinosn) April 26, 2026

GitHub - 416rehman/DeepZero: Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively using AI agents. · GitHub

Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively u...

416rehman/DeepZero (341 stars, Python) Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively using AI agents.

source: Nicolas Krassas (@Dinosn)

i went to https://t.co/GYtMjd81a6. opened the page source. found a hardcoded API key in the javascript. copied it. sent one GET request.

got back 959 email addresses and 3,165 internal feature flags.

employees from Home Depot. Fortinet. Autodesk. Tenable. Rakuten. Mayo Clinic.… pic.twitter.com/C0ss5T6at1

— impulsive (@weezerOSINT) April 27, 2026

ClickUp™ | Maximize productivity • Software, AI, and humans converge

Interesting talk coming up: https://t.co/r1WOU4tZ4f

I think there is sometimes a misconception that interpreters are somehow inherently more secure than JITs. Ultimately, it’s the optimizations added on top that matter. Both can get sufficiently complex and bug-dense (or not).

— Samuel Groß (@5aelo) April 27, 2026

There’s a valid argument that going full jitless allows for strict W^X, which should bring some benefit. But without strong CFI, that is usually easily bypassed via code reuse attacks. And if you manage to build actually strong CFI, you can probably also solve the JIT problem.

— Samuel Groß (@5aelo) April 27, 2026

Can anyone think of a non-sketchy reason my wifi router would accept an unauthed UDP packet on port 20002 with a port-knock mechanism and add a firewall rule allowing Dropbear ssh on TCP 20001 — but ONLY if the country is set to Singapore?

— Brendan Dolan-Gavitt (@moyix) April 27, 2026

Bit-Flip Vulnerability of Shared KV-Cache Blocks in LLM Serving Systems

Rowhammer on GPU DRAM has enabled adversarial bit flips in model weights; shared KV-cache blocks in LLM serving systems present an analogous but previously unexamined target. In vLLM's Prefix Caching, these blocks exist as a single physical copy without integrity protection. Using software fault injection under ideal bit targeting, we characterize worst-case severity and identify three properties: (1) Silent divergence - 13 of 16 BF16 bit positions produce coherent but altered outputs, indistinguishable from legitimate responses without a clean baseline. (2) Selective propagation - only requests sharing the targeted prefix are affected. (3) Persistent accumulation - no temporal decay occurs, so cumulative damage grows linearly with subsequent requests. Together, these constitute a threat profile distinct from weight corruption: silent divergence and selective propagation enable detection evasion; persistent accumulation then proceeds unchecked, yielding damage amplification bounded only by how long the block remains cached. A checksum-based countermeasure detects any single-bit corruption at scheduling time, bounding cumulative damage to one batch independent of the block's cache lifetime, with negligible overhead. These results argue for integrity protection of prefix blocks before end-to-end exploitation is demonstrated.

PDF

source: Sakura Yuki (@sakurayukiai)

"According to multiple sources ... the program’s leaders ignored repeated and continuing warnings of critical flaws in the program’s operational security that could be exploited by Russia's Federal Security Service (FSB) to track and detain activists".
https://t.co/WsVsROU5AE

— Dr. Dan Lomas (@Sandbagger_01) April 25, 2026

Investigation: A secret program, 'suicidal' missions, and death, torture in occupied Ukraine

A Western-funded classified program supported a "non-violent resistance" initiative inside Russian-occupied Ukraine for more than three years that encouraged civilians to engage in "suicidal" activities despite credible reports of the deaths, torture, and imprisonment of activists, the Kyiv Independent can reveal. Russian-occupied Ukraine is one of the most heavily surveilled and most repressive territories in the world, and some of the activities Yellow Ribbon and its sister initiative Zla Mav...

Here's its writeup. Hard bug; both GPT-5.4 and Opus 4.7 tried for multiple days each and failed. https://t.co/pmGDvXn4Bi

— Brendan Dolan-Gavitt (@moyix) April 26, 2026

GPT-5.5 (xhigh) writeup of its exploit for a vulnerability in Array.sort on Internet Explorer 5 for Solaris 2.6 (SPARC) · GitHub

GPT-5.5 (xhigh) writeup of its exploit for a vulnerability in Array.sort on Internet Explorer 5 for Solaris 2.6 (SPARC) - WRITEUP_ARRAYSORT.md

GPT-5.5 (xhigh) writeup of its exploit for a vulnerability in Array.sort on Internet Explorer 5 for Solaris 2.6 (SPARC) · GitHub

GPT-5.5 (xhigh) writeup of its exploit for a vulnerability in Array.sort on Internet Explorer 5 for Solaris 2.6 (SPARC) - WRITEUP_ARRAYSORT.md

source: Brendan Dolan-Gavitt (@moyix)

Today’s the 40th anniversary of Chernobyl. I can count on one hand the amount of times I’ve been there. It’s 14.

— Carlos (@txiokatu) April 26, 2026

If you like spies, conspiracies, & Le Carre-like intrigue, this essay in the FT is well worth your Sunday coffee: The incredible double life of a spyware salesman turned spy via @FT
https://t.co/KogZJTaiuv

— Rudra Chaudhuri (@Rudra_81) April 26, 2026

A European Commission proposal could create one of Europe’s largest privacy and national-security risks in decades. https://t.co/m8NdDC6ysa

Through DMA enforcement, it may compel Google to hand over sensitive search data about millions of Europeans to third parties, including… pic.twitter.com/4QuCZuU3py

— Lukasz Olejnik (@lukOlejnik) April 26, 2026

The European Commission is turning Google Search into a privacy and national-security risk

The European Commission is preparing to compel Google to stream search data to third-party companies through an automated API.