spreading across networks and then silently manipulating computation processes in certain software applications that perform high-precision mathematical calculations and simulate physical phenomena, Fast16 can alter the results of those programs to cause failures that range from faulty research results to catastrophic damage to real-world equipment.?

Another news article.

Lots of interesting details at the links.

** *** ***** ******* *********** *************
A Ransomware Negotiator Was Working for a Ransomware Gang

[2026.05.01] Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients.

** *** ***** ******* *********** *************
Hacking Polymarket

[2026.05.04] Polymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside (for one, it facilitates assassination), one of the issues with making this work is the verification of these real-world events. Polymarket gamblers have threatened a journalist because his story was being used to verify an event. And now, gamblers are taking hair dryers to weather sensors to rig weather bets.

There?s also insider trading: a lot of it.

** *** ***** ******* *********** *************
DarkSword Malware

[2026.05.05] DarkSword is a sophisticated piece of malware -- probably government designed -- that targets iOS.

Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. Since at least November 2025, GTIG has observed multiple commercial surveillance vendors and suspected state-sponsored actors utilizing DarkSword in distinct campaigns. These threat actors have deployed the exploit chain against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine.

DarkSword supports iOS versions 18.4 through 18.7 and utilizes six different vulnerabilities to deploy final-stage payloads. GTIG has identified three distinct malware families deployed following a successful DarkSword compromise: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER. The proliferation of this single exploit chain across disparate threat actors mirrors the previously discovered Coruna iOS exploit kit. Notably, UNC6353, a suspected Russian espionage group previously observed using Coruna, has recently incorporated DarkSword into their watering hole campaigns.

A week after it was identified, a version of it leaked onto the internet, where it is being used more broadly.

This news is a month old. Your devices are safe, assuming you patch regularly.

** *** ***** ******* *********** *************
Rowhammer Attack Against NVIDIA Chips

[2026.05.06] A new rowhammer attack gives complete control of NVIDIA CPUs.

On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia?s Ampere generation that take GPU rowhammering into new -- and potentially much more consequential -- territory: GDDR bitflips that give adversaries full control of CPU memory, resulting in full system compromise of the host machine. For the attack to work, IOMMU memory management must be disabled, as is the default in BIOS settings.

?Our work shows that Rowhammer, which is well-studied on CPUs, is a serious threat on GPUs as well,? said Andrew Kwong, co-author of one of the papers. ?GDDRHammer: Greatly Disturbing DRAM RowsCross-Component Rowhammer Attacks from Modern GPUs.? ?With our work, we... show how an attacker can induce bit flips on the GPU to gain arbitrary read/write access to all of the CPU?s memory, resulting in complete compromise of the machine.?

Update Friday, April 3: On Friday, researchers unveiled a third Rowhammer attack that also demonstrates Rowhammer attacks on the RTX A6000 that achieves privilege escalation to a root shell. Unlike the previous two, the researchers said, it works even when IOMMU is enabled.

The second paper is GeForge: Hammering GDDR Memory to Forge GPU Page Tables for Fun and Profit:

...does largely the same thing, except that instead of exploiting the last-level page table, as GDDRHammer does, it manipulates the last-level page directory. It was able to induce 1,171 bitflips against the RTX 3060 and 202 bitflips against the RTX 6000.

GeForge, too, uses novel hammering patterns and memory massaging to corrupt GPU page table mappings in GDDR6 memory to acquire read and write access to the GPU memory space. From there, it acquires the same privileges over host CPU memory. The GeForge proof-of-concept exploit against the RTX 3060 concludes by opening a root shell window that allows the attacker to issue commands that run unfettered privileges on the host machine. The researchers said that both GDDRHammer and GeForge could do the same thing against the RTC 6000.

** *** ***** ******* *********** *************
Smart Glasses for the Authorities

[2026.05.07] ICE is developing its own version of smart glasses, with facial recognition tied to various databases.

** *** ***** ******* *********** *************
Insider Betting on Polymarket

[2026.05.08] Insider trading is rife on Polymarket:

Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets -- defined as wagers of $2,500 or more at odds of 35 percent or less -- on the platform had an average win rate of around 52 percent in markets on military and defense actions.

That compares with a win rate of 25 percent across all politics-focused markets and just 14 percent for all markets on the platform as a whole.

It is absolutely insane that this is legal. We already know how insider betting warps sports. Insider betting warping politics -- and military actions -- is orders of magnitude worse.

** *** ***** ******* *********** *************
LLMs and Text-in-Text Steganography

[2026.05.11] Turns out that LLMs are really good at hiding text messages in other text messages.

** *** ***** ******* *********** *************
Copy.Fail Linux Vulnerability

[2026.05.12] This is the worst Linux vulnerability in years.

TL;DR

copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC.
It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four bytes at a time straight into the page cache of a file the attacker does not own.
The exploit works unmodified across Ubuntu, RHEL, Debian, SUSE, Amazon Linux, Fedora and most others. No race condition, no per-distro offsets.
The file on disk is never modified. AIDE, Tripwire and checksum-based monitoring see nothing.
Kubernetes Pod Security Standards (Restricted) and the default RuntimeDefault seccomp profile do not block the syscall used. A custom seccomp profile is needed.
The mainline fix landed on 1 April. Distros are rolling kernels out now. Patch.

?Local privilege escalation? sounds dry, so
--- FMail-lnx 2.3.2.6-B20251227
* Origin: TCOB1 A Mail Only System (618:500/1)