Digest · 14 stories · 30 sources
2026-06-28
Updated
Top stories
- Anonymous GitHub account dumps exploit PoCs framed as undisclosed 0-days An anonymous GitHub account ("exploitarium") published a single archive of working exploit proof-of-concepts with a note that none were reported at posting time, inviting readers to report them and claim any assigned CVE. A FemtoSec threat-intelligence writeup assessed the archive as rederived public exploits for already documented vulnerabilities, not genuine unpatched 0-days, naming CVE-2026-55200 (libssh2 heap overflow, CVSS 9.2), CVE-2026-20896 (Gitea auth bypass, CVSS 9.8), and CVE-2025-62408 (c-ares DoS), and noting the PoCs remain highly functional against unpatched systems.
- Asian AI labs ship Mythos-style cyber models as Anthropic export ban persists TechCrunch reported 2026-06-27 that at least two non-US labs launched security-focused models into the gap left by the US foreign-access ban on Anthropic Mythos 5 and Fable 5: Tokyo-based Sakana AI released Fugu, an agent-oriented model it claims stands alongside Fable 5 and Mythos Preview and can orchestrate other models through their APIs, and Chinese security firm 360 unveiled Tulongfeng for vulnerability discovery. The capability claims are the vendors' own and are not independently verified.
- Codeberg offline after power loss at primary location Codeberg, the nonprofit Forgejo-based code-hosting platform, went fully offline early 2026-06-28 (reported from ~00:18 CEST) after a power outage at its primary location took down most of its servers. The provider attributed the outage to the power event on its status page; no restoration time was given at run time.
ML research
Agentic coding
Linux and kernel
Infrastructure
Engineering posts
- Fintech Engineering Handbook A practitioner write-up collecting patterns for payment and financial systems, covering idempotency keys, monetary-amount representation, and ledger design. It reached the Hacker News front page with substantive technical discussion.
- Teardown of Reddit's anti-spam internals Independent researcher Lyra (rebane2001) published a 2026-06-27 reconstruction of Reddit's spam-detection stack, assembled partly from an accidental internal exposure encountered while moderating subreddits in 2021. It describes layered systems: an integration of Google's Perspective API scoring an experimental spam attribute, a likelihood scorer the author calls Spammit, a Lua rules engine with a keyword-filter subsystem, and newer streaming pipelines built on Flink Stateful Functions with OCR, alongside TLS and browser fingerprinting and live URL inspection that follows redirects to correlate embedded analytics identifiers.
- Clustering two AMD Strix Halo machines over RDMA for local LLM inference A practitioner setup guide documents clustering two AMD Strix Halo machines (Framework Desktop boards, 128 GB unified memory each) over RDMA using ConnectX-5 100G NICs to run larger open-weight models such as DeepSeek V4 Flash and GLM 5.2 via tensor parallelism. The guide notes the PCIe 4.0 x4 slot (about 64 Gbps) bottlenecks the 100G NIC and that Strix Halo memory bandwidth (around 300 GB/s) trails Apple Silicon (600+ GB/s), with Thunderbolt offered as a lower-latency alternative interconnect.
Markets and companies
- Google caps Meta's Gemini capacity amid compute shortage The Financial Times reported 2026-06-28 that Google limited Meta's use of its Gemini models after Meta sought more capacity than Google could supply, telling Meta around March it could not meet the full purchase. The shortfall disrupted and delayed some Meta AI projects, and Meta told staff to use AI tokens more efficiently. Other Google cloud customers faced capacity limits too, but Meta was hit hardest because its demand was especially high. Reuters and CNBC carried the FT report; Google and Meta did not confirm specifics.
- Austria lobbies EU to host Anthropic after US foreign-access curbs Bloomberg reported 2026-06-28 that Austrian State Secretary for Digitalization Alexander Proell wrote to European Commission Executive Vice President Henna Virkkunen proposing the EU explore "the strategic establishment and participation of Anthropic within the European Union," offering legal certainty, market access, and capital. The move responds to the 2026-06-12 US export-control directive that blocked all foreign-national access to Anthropic Fable 5 and Mythos 5.
Hacker News
- DeepSeek DSpark speculative-decoding paper tops Hacker News The DSpark speculative-decoding paper PDF reached the top of Hacker News (728 points, ~300 comments), extending the 2026-06-27 coverage of DeepSeek's DeepSpec release and the DSpark draft module for DeepSeek-V4 checkpoints. The new signal is the paper itself and the practitioner discussion; speculative decoding is lossless and DeepSeek frames DSpark as a module attached to an existing checkpoint, not a new model.
- Crates.io maintainer dissects a fake-recruiter supply-chain lure Matt Mastracci (crates.io maintainer) published a teardown of a fake-VC ("Lua Ventures") job-interview lure delivering a TypeScript "ferry app" repo whose patched typescript dependency ran a staged loader (base64/XOR stub, hidden image chunk, WebAssembly, a detached Node RAT) on execution. He avoided compromise by inspecting the repo with an AI agent before running it. The thread reinforces the recurring developer-targeted fake-recruiter supply-chain vector tracked since the 2026-06-16 npm-backdoor item.