Cybersecurity
When the internet’s plumbing catches fire
Two WordPress Vulnerabilities Chain Into Pre-Auth Remote Code Execution on Half a Billion Websites — The Exploit Is Called ‘wp2shell,’ It’s on GitHub, and Your Automatic Updates Are Now in a Footrace With Every Script Kiddie on Earth
🤚 The Open-Palm Disclosure Security researcher Adam Kues of Searchlight Cyber has discovered two vulnerabilities in WordPress Core that, when chained together, allow a completely…
Read moreAn 11-Byte Payload Can Crash Your OpenSSL Server by Politely Requesting Memory It Will Never Use — The Internet’s Most Critical Encryption Library Allocated First and Asked Questions Never
🤚 The Open-Palm Disclosure A vulnerability in OpenSSL — the cryptographic library that underpins approximately everything — allows an unauthenticated attacker to crash or severely…
Read moreCoca-Cola’s $4 Billion Fairlife Dairy Brand Got Ransomwared and All U.S. Production Has Stopped — The Company Filed an 8-K, Called Its Lawyers, and Cannot Confirm Whether the Hackers Also Took the Data
The Coca-Cola Company filed a Form 8-K with the SEC on July 16, 2026, to inform shareholders that fairlife — its wholly owned dairy subsidiary…
Read moreAnthropic’s Claude Chrome Extension Has Two Unpatched Vulnerabilities That Let Any Malicious Extension Read Your Gmail — The AI Safety Company Was Told in May and Has Released Eight Updates Since Without Fixing Either One
There is a particular flavor of irony that only the technology industry can produce, and it tastes like Anthropic — the company that has built…
Read moreA Russian-Speaking Threat Actor Turned Google’s Gemini CLI Into a Personal Hacking Agent, Compromised a Dental Clinic’s Eight Computers, and Migrated His Entire Botnet in Six Minutes — The AI Drew the Line at Self-Replicating Worms but Was Otherwise Delighted to Help
🤚 The Open-Palm Incident Report A Russian-speaking threat actor operating under the handle “bandcampro” has been caught using Google’s open-source Gemini CLI — the company’s…
Read moreMicrosoft Fixes a Record 570 Vulnerabilities in July’s Patch Tuesday — The Company Credits AI for Finding Them All, Which Raises the Question of What the AI Has Been Doing for the Past Thirty Years
🤚 The Open-Palm Avalanche Microsoft’s July 2026 Patch Tuesday has arrived with 570 security fixes — the largest single patch release in the company’s history,…
Read moreThe EU and UK Jointly Sanction Russian GRU Hackers for a Sixteen-Year Cyberespionage Campaign — The Asset Freezes Cover Nine Countries, One University Recruitment Firm, and Approximately Zero Deterrence
🤚 The Open-Palm Dossier The European Union and the United Kingdom on Monday imposed their first joint cyber sanctions package against Russian intelligence operatives, targeting…
Read moreAssuranceAmerica Lost 6.9 Million Drivers’ License Numbers Through a Single Stolen Password — The Auto Insurer Detected the Breach in One Day, Finished Counting Victims in Ninety-One, and Mailed the Letters in One Hundred Fifteen
🤚 The Open-Palm Disclosure AssuranceAmerica, an Atlanta-based auto insurance provider operating through more than 9,500 independent agents across 14 U.S. states, has begun notifying 6,998,886…
Read moreResearchers Hide Prompt Injections Inside PNG Files and Trick AI Coding Agents Into Exfiltrating Your Entire .env as 311 Integers — The Attack Is Called Ghostcommit and Your AI Assistant Did Not Even Hesitate
Researchers at the University of Missouri-Kansas City have demonstrated an attack called Ghostcommit that hides prompt injection instructions inside PNG images, tricks AI coding agents…
Read moreA Ransomware Negotiator Was Secretly Telling BlackCat Hackers His Own Clients’ Maximum Payouts — $75.3 Million Later He Got 70 Months in Prison and the Government Seized His Food Truck
🤚 The Open-Palm Indictment Angelo John Martino III, a 41-year-old from Land O’Lakes, Florida, has been sentenced to 70 months in federal prison for doing…
Read more