惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threat Research - Cisco Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Register - Security
The Register - Security
A
About on SuperTechFans
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LangChain Blog
N
Netflix TechBlog - Medium
量子位
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
H
Help Net Security
D
Docker
D
DataBreaches.Net
T
Tailwind CSS Blog
阮一峰的网络日志
阮一峰的网络日志
B
Blog
博客园 - 聂微东
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
The Cloudflare Blog
F
Full Disclosure
GbyAI
GbyAI
F
Fortinet All Blogs
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
人人都是产品经理
人人都是产品经理
Recent Announcements
Recent Announcements
博客园 - Franky
MongoDB | Blog
MongoDB | Blog
有赞技术团队
有赞技术团队
博客园 - 叶小钗
小众软件
小众软件
V
Visual Studio Blog
月光博客
月光博客
Stack Overflow Blog
Stack Overflow Blog
The GitHub Blog
The GitHub Blog
Recorded Future
Recorded Future
J
Java Code Geeks
雷峰网
雷峰网
P
Privacy & Cybersecurity Law Blog
C
Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
AWS News Blog
AWS News Blog
Webroot Blog
Webroot Blog
美团技术团队
N
News | PayPal Newsroom
G
Google Developers Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
博客园_首页
V
Vulnerabilities – Threatpost

Latest from Tom's Hardware in Tech-industry

Samsung engineer sentenced to 7 years in prison for selling chipmaking trade secrets to Chinese chipmaker — ex-employee supplied 10nm DRAM data to CXMT for $2 million Microsoft facing $2.8 billion UK lawsuit for overcharging 60,000 businesses using Microsoft Server on other clouds — Azure users allegedly received lower wholesale pricing Ransomware negotiator pleads guilty after leaking victims' insurance details to 'BlackCat' hackers — perp gave attackers a precise picture of exactly how much each target could afford to pay Congress moves to strip the DoC of chip-export discretion with the MATCH Act — DUV lithography machines among those targeted in chipmaking tool crackdown Anthropic's Model Context Protocol includes a critical remote code execution vulnerability — newly discovered exploit puts 200,000 AI servers at risk Iran claims US exploited networking equipment backdoors during strikes — says devices from Cisco and others failed despite blackout in attack that 'indicates deep sabotage' Cerebras files for IPO — company remains unprofitable despite 20x revenue growth Scientists solve decades-old 2D physics puzzle — Chaotic growth in a 2D quantum system obeys statistical laws Anthropic nuked a company's access to Claude, stopping 60 employees dead in their tracks — support via Google Form is the only recourse for vague usage policy violation Biohacker claims to have sequenced their own genome at the kitchen table with M3 Ultra Mac Studio, Claude, and a $3,200 sequencer — DIY project requires 100GB of data storage per run, oodles of RAM New Jersey datacenter expansion got $77m in tax breaks to create exactly one permanent job — JPMorgan's site already scored $35m and currently employs just 25 workers Chinese chipmakers made record profit in 2025, despite slipping margins — U.S shipments fall 34% as Beijing shores up local chipmaking efforts AI cloud company Vercel breached after employee grants AI tool unrestricted access to Google Workspace — hacker… Every SK hynix employee could receive $477,000 bonuses this year, almost $900,000 next year — 35,000 workers reportedly set to benefit from share of $169 billion projected operating profit US gov't blocks China's largest LED chipmaker's $239 million bid to acquire Dutch lighting firm Lumileds… Tokyo court rules movie and anime 'spoiler articles' are copyright infringement in landmark criminal case — detailed, monetized plot summaries land man in Japanese prison Voyager 1 gets emergency instrument shutdown to solve escalating power crisis and give it ‘about a year of breathing room’ — interstellar spacecraft's nuclear power source is dying, leading to intensifying countermeasures Russian-made Shahed drones are ‘disintegrating in the air before reaching their targets’ due to shoddy manufacturing, video shows — commentators call Russian clones of Iran's drones 'flying garbage' Inventor showcases 3D printer filament dryer that mines Bitcoins and dries filament with waste heat, capable of 6 TH/s at 140W — joins Bitcoin-mining 3D printer in hobbyist-focused miner lineup Bluetooth tracker hidden in a postcard and mailed to a warship exposed its location — $5 gadget put a $585 million… Techie buys fake Ledger Nano S+ hardware crypto wallet and almost falls for phishing — a convincing clone would… Nvidia CEO Jensen Huang ‘nearly lost his composure’ when pressed on selling chips to China — ‘You’re not talking to someone who woke up a loser’ US lawmakers amend new restrictions on Chinese chipmakers — MATCH Act Analytics group signals possible delays at 40% of AI data center construction sites — companies deny schedule holdups, but satellite imagery indicates otherwise Local political revolts threaten to derail US data center projects — mounting delays are already costing AI hyperscalers billions Intel hires tenured Samsung exec to lead Foundry Services — signals company focus on winning business from potential Foundry suitors Elon Musk pushing forward with Terafab at TSMC ups revenue guidance and CapEx, buoyed by Google and Pentagon in talks to run custom AI chips inside classified environments — Google pushes for tight controls for TPUs surrounding use for mass surveillance and autonomous weapons TSMC warns of Intel Foundry Quantum photonics roadmap — how Xanadu and PsiQuantum are looking to transfer qubits through beams of light Chinese fabs import record volumes of US chipmaking equipment via Singapore and Malaysia — homegrown tool makers booked record 2025 revenues as price competition squeezes margins Two US citizens get combined 16 years in prison for running North Korean laptop farms — fake remote IT work scheme netted DPRK $5 million in around three years Intel launches Wildcat Lake as Core Series 3 for value laptops and edge systems — six consumer SKUs built on 18A promise Broadcom to supply Meta with custom silicon through 2029 — Broadom CEO Hock Tan departs Meta Anonymous perps behind 86 million files scraped from Spotify hit with $322 million court judgement — Anna Oklahoma farmer arrested and jailed for trespassing during AI data center town hall — removed by officers after going a few seconds over allotted speaking time, trying to hand paperwork to counselors Virginia voter support for new data centers collapses from 69% in 2023 to 35% in new poll — Multi-gigawatt, 37-building Digital Gateway project abandoned Struggling shoemaker and apparel brand Albird pivots to AI data centers, stock jumps 580% in a single day — sells core business and leveraging $50 million in financing to become a GPU-as-a-Service and AI cloud solutions provider Elon Musk demonstrates first sample of Tesla AI5 processor, accidentally thanks TSC rather than TSMC  — claims 40X performance boost over the predecessor YMTC China tests deep-sea electro-hydrostatic actuator that can cut undersea cables at a depth of 3,500 meters — state hails successful trial and hints at deployment readiness Iran reportedly bought an in-orbit Chinese satellite to target US military sites in the Middle East — purchase agreement included ongoing ground control services based in China Our lifestyle tech colleagues at Tom's Guide have overhauled their site for smarter shopping — more video and access to experts make it 'the biggest relaunch in our history' Nvidia releases open AI models for quantum computing tasks — 'Ising' said to be 2.5x faster and 3x more accurate than existing tools for decoding Anthropic Nvidia quashes rumor it’s planning to purchase a major PC manufacturer — says that it’s ‘not engaged in discussions to acquire any PC maker’ China News outlets are blocking Wayback Machine from archiving their pages — 23 outlets concerned AI companies might abuse fair use and use it to train their models Mark Zuckerberg reportedly working on AI clone of himself — Meta insiders claim 3D photoreal animated Zuck will be able to engage with employees on his behalf Veteran Windows dev shows off AI running on 47-year-old PDP11 with 6 MHz CPU and 64KB of RAM — 'gloriously absurd' project runs transformer model written in PDP-11 assembly language Half of all US employees now use artificial intelligence at work, crossing landmark threshold for first time — Gallup data shows daily and weekly usage hitting all-time high of 28% in Q1 2026, with 65% feeling positive about its impact on productivity China has spent 3.6 times more than the US on chipmaking subsidies over the past decade — $142 billion and counting, easily outweighs CHIPS Act FAA approves military use of drone-killing laser weapons in US airspace — decision comes after it was decided ‘systems do not present an increased risk to the flying public’ Nvidia says AI cuts 10-month, eight-engineer GPU design task to overnight job — company is still 'a long way' from AI designing chips without human input Small Missouri town ousts half its city council after $6 billion AI data center approval — petition calls for mayor's removal as frustration (and violence) over AI data centers mounts NZXT to cough up $3.45 million over 'predatory' Flex PC rental scheme in RICO class-action settlement — in-debt customers to get up to $5,000 of relief, eligible renters to be granted ownership Approvals for Nvidia and AMD AI chip exports to China stall under government bottleneck —  20% staff turnover… Iran's forced nationwide internet blackout becomes second-longest on record as it passes 1,000 hours offline — possessing Starlink terminals punishable by death, country using 'military-grade jamming' against service South Korea’s telecom giants surprise 7 million users with unlimited, universal internet — net access declared a 'basic telecommunications right,' 400 Kbps data after monthly plans run out Rockstar Games confirms it was hacked by malicious group — 'ShinyHunters' takes credit, gives until April 14 to pay ransom or it will release confidential data Chinese Nvidia Cloud Partner procured 300 servers with banned AI GPUs worth $92 million — shares of data center supplier Sharetronic plummet following Super Micro smuggling arrest Anthropic's Claude Mythos isn't a sentient super-hacker, it's a sales pitch — claims of 'thousands' of severe zero-days rely on just 198 manual reviews HWMonitor and CPU-Z developer CPUID breached by unknown attackers — cyberattack forced users to download malware… Framework founder says that ‘personal computing as we know it is dead’ — vows to keep building ‘computers that you can own at the deepest level’ After jumping 2,200% over the last twelve months, DDR4 spot prices fall 5%, the first decline in nearly a year — DDR5 pricing sees some relief in China channel market US cybersecurity agency issues an urgent alert as Iranian hackers attack critical infrastructure — CISA guidance warns organizations to immediately shield certain programmable logic controllers from the internet to thwart future attacks Intel's EMIB-T packaging technology set for fab rollout this year — as TSMC CoWoS capacity remains limited, EMIB-T is preparing for advanced AI accelerator designs UK navy tracked three Russian submarines near undersea cables, damage would 'have serious consequences,' Putin warned — US and allies expand seabed protection efforts Korean government to take action over soaring DRAM costs, including monitoring markets and pricing — internet data plans to be restructured and recycled PCs to be distributed to vulnerable groups Go maintainer joins collective klaxon about encryption-breaking quantum computers — developer urges immediate switch to post-quantum methods to prevent worldwide disaster Steam files suggest Valve is developing  internal 'SteamGPT' AI bot — aimed at tackling customer support tickets and CS2 anti-cheat $21 billion stolen from more than 1 million Americans due to cybercrime in 2025 — $11 billion come from stolen crypto, $8.6 billion taken from investment scams, while AI-related attacks cost $893 million 10 petabytes of sensitive data stolen from China's National Supercomputing Center, hackers claim — daring heist would be largest ever China hack, covering 6,000 clients across science, defense, and beyond Intel and SambaNova team up on heterogenous AI inference platform — different hardware performs different… China intensifies efforts to poach semiconductor talent from Taiwan, claims report — international restrictions… Bain Capital's data center unit removes disgraced tenant suspected of smuggling Nvidia GPUs to China — Megaspeed previously alleged to have spent roughly $2 billion on AI processors for illicit distribution British cryptographer Adam Back is the secret creator of Bitcoin, claims new report — Back refutes investigation, says parallels to Satoshi are just a coincidence Tech industry lays off nearly 80,000 employees in the first quarter of 2026 — almost 50% of affected positions cut… Taiwanese chip makers call on government to stockpile helium, liquid natural gas — TSIA pleads for strategic supplies as US and Iran sign ceasefire in Middle East Russian state hackers are hijacking TP-Link and MicroTik routers to steal Outlook credentials, cybersecurity center warns — APT28 group targets DNS and redirects traffic to attacker-controlled servers Anthropic's latest AI model identifies 'thousands of zero-day vulnerabilities' in 'every major operating system and every major web browser' — Claude Mythos Preview sparks race to fix critical bugs, some unpatched for decades Intel joins Elon Musk's TeraFab project — 'Intel is proud to join the Terafab project with SpaceX, xAI, and Tesla to help refactor silicon fab technology' Indianapolis politician's home shot at 13 times over data center dispute — police and FBI investigating 'isolated, targeted incident' after city councilor backed project Broadcom to supply Anthropic with 3.5 gigawatts of Google TPU capacity from 2027 — Claude pioneer says its annual revenue run rate has passed $30 billion Intel reportedly in talks with Google and Amazon over advanced packaging — major customers could take advantage of… Amazon, Microsoft, and Google under investor pressure to disclose site-specific data center water and power consumption — more than a dozen shareholders ask for transparency ahead of annual investor meetings US lawmakers aim to ban export of DUV chipmaking and etching tools to leading firms in China — bipartisan proposal would ban lithography equipment for Huawei, SMIC, and others Why TSMC grew four times faster than its foundry rivals in 2025 — price hikes, vertical integration, and commanding technology lead pay dividends UK confirms drone-killing DragonFire laser weapon for Royal Navy destroyers by 2027 —laser downs 400mph high‑speed drones, costs $13 per shot Iran threatens ‘complete and utter annihilation’ of OpenAI's $30B Stargate AI data center in Abu Dhabi — regime posts video with satellite imagery of ChatGPT-maker's premier 1GW data center Researchers train living rat neurons to perform real-time AI computations — experiments could pave the way for new… LinkedIn is spying on you, according to a new 'BrowserGate' security report — scripts stealthily scan visitors' browsers for over 6,000 Chrome extensions and harvest hardware data Half of planned US data center builds have been delayed or canceled, growth limited by shortages of power infrastructure and parts from China — the AI build-out flips the breakers America’s AI chip rules keep changing — and the rest of the world is paying the price Microsoft says Copilot is for entertainment purposes only, not serious use — firm pushing AI hard to consumers and businesses tells users not to rely on it for important advice TSMC reportedly plans to build 12 fabs, four packaging facilities in Arizona — plan purportedly part of Taiwan's agreed $500 million investment in the US Iran says it has struck Oracle data center in Dubai, Amazon data center in Bahrain — country has threatened to attack Nvidia, Intel, and others, too The largest programming community on Reddit just banned all content related to AI LLMs — r/programming is prioritizing only high-quality discussions about AI China's homegrown silicon suppliers gain traction as Nvidia struggles to get its chips into the market — Huawei, Cambricon and more step up to fill crucial market gap
Standard 90-day vulnerability disclosure policy is likely dead thanks to AI, expert warns that AI can weaponize patches in 30 minutes — LLM-assisted bug-hunting ushers in a new cyberworld order
editors@toms · 2026-05-12 · via Latest from Tom's Hardware in Tech-industry
Running robot
(Image credit: Getty Images)

In case you haven't been in the cybersecurity news lately, here's a quick summary: discoveries and exploits of high-profile software vulnerabilities are becoming faster than ever, in part due to AI-assisted code scanning tools. For example, most every Linux distribution recently found itself on the wrong end of the Copy Fail and Dirty Frag privilege escalation vulnerabilities (gaining administrator access with a local account), for which patches hadn't been made widely available as there wasn't enough time between their disclosure and publication.

Go deeper with TH Premium: AI and data centers

The crux of the matter is the fact that although a bot isn't necessarily any smarter than a human at programming or hunting for security vulnerabilities, a LLM that can do so at full mental capacity 24/7 and is brutally effective at pattern recognition (built with pattern recognition, if we must). The vast majority of security exploits are rooted in specific bad programming habits, something a bot excels at noticing quickly and repeatedly.

Both aforementioned exploits for the Linux kernel took advantage of insecure zero-copy mechanisms (performing calculations on data in-place instead of copying/calculating/replacing). In both cases, although the issues were communicated to the kernel team in advance, they were made public far before the usual 90-day period — just over a week, in the case of Dirty Frag.

Although nobody said it out loud, the general assumption was that white-hat reveals were done with little to no advance warning because the exploits were already in the wild, so there was nothing to gain and everything to lose by keeping them under wraps.

To illustrate this point, Anand presents one of his own bug reports to an unnamed e-shop, wherein he found and reported an unpatched security bug that would let attackers buy expensive items for the princely sum of $0. Much to his surprise, he got a reply stating that 10 (!) other researchers had already reported the issue over six weeks. Conferring with a colleague, they noticed that "LLM-assisted hunters were converging on the same bugs almost simultaneously."

This conclusion is further backed up by triage engineer @d0rsky, who notes that once a new vulnerability is found, he immediately sees "a wave of duplicate reports within days." Quite poignantly, Dorsky posits: "if researchers can replicate these findings so quickly, what's stopping black-hats from doing the same before the issue is fixed?" Anand further drives the point home by saying he made an exploit for a published and patched vulnerability in the React framework in just 30 minutes using LLM tools.

Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.

In his conclusion, Anand doesn't mince words, stating that in this new world where non-ethical hackers can so quickly analyze code using AI, the 90-day window protects nobody, and that the usual monthly patch cycles are equally dead, as "[the] 30 day window between vulnerability and fix assumes attackers are slower than your release train." He urges developers to treat "every critical security issue as P0 and fix it immediately," as they can assume that said vulnerability is already under active exploitation. To wit, "if you are reading CVE descriptions while attackers are reading git log --diff-filter=M, you are already behind."

Ironically enough, open-source software enjoys high security standards due to code being publicly available for scrutiny and correction, but LLMs are turning that characteristic into a double-edged sword. Having said that, in the OSS world, a patch can also be created and distributed within hours, something the Mozilla team recently proved by posting 423 security fixes in April alone.

As for closed-source software, well, let's just say that tireless bots are equally good at decompiling and network scanning as they are at source code analysis, and it's likely enough that Microsoft, Apple, or Google will have their Copy Fail moments sooner rather than later. Do read the entirety of Anand's post, as it's quite elucidative.

Google Preferred Source

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals.