spreading across networks and then silently manipulating computation processes
in certain software applications that perform high-precision mathematical
calculations and simulate physical phenomena, Fast16 can alter the results of
those programs to cause failures that range from faulty research results to
catastrophic damage to real-world equipment.?

Another news article.

Lots of interesting details at the links.

** *** ***** ******* *********** *************
A Ransomware Negotiator Was Working for a Ransomware Gang

[2026.05.01] Someone pleaded guilty to secretly working for a ransomware gang as
he negotiated ransomware payments for clients.

** *** ***** ******* *********** *************
Hacking Polymarket

[2026.05.04] Polymarket is a platform where people can bet on real-world events,
political and otherwise. Leaving the ethical considerations of this aside (for
one, it facilitates assassination), one of the issues with making this work is
the verification of these real-world events. Polymarket gamblers have threatened
a journalist because his story was being used to verify an event. And now,
gamblers are taking hair dryers to weather sensors to rig weather bets.

There?s also insider trading: a lot of it.

** *** ***** ******* *********** *************
DarkSword Malware

[2026.05.05] DarkSword is a sophisticated piece of malware -- probably
government designed -- that targets iOS.

    Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain
exploit that leveraged multiple zero-day vulnerabilities to fully compromise
devices. Based on toolmarks in recovered payloads, we believe the exploit chain
to be called DarkSword. Since at least November 2025, GTIG has observed multiple
commercial surveillance vendors and suspected state-sponsored actors utilizing
DarkSword in distinct campaigns. These threat actors have deployed the exploit
chain against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine.

    DarkSword supports iOS versions 18.4 through 18.7 and utilizes six different
vulnerabilities to deploy final-stage payloads. GTIG has identified three
distinct malware families deployed following a successful DarkSword compromise:
GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER. The proliferation of this single exploit
chain across disparate threat actors mirrors the previously discovered Coruna
iOS exploit kit. Notably, UNC6353, a suspected Russian espionage group
previously observed using Coruna, has recently incorporated DarkSword into their
watering hole campaigns.

A week after it was identified, a version of it leaked onto the internet, where
it is being used more broadly.

This news is a month old. Your devices are safe, assuming you patch regularly.

** *** ***** ******* *********** *************
Rowhammer Attack Against NVIDIA Chips

[2026.05.06] A new rowhammer attack gives complete control of NVIDIA CPUs.

    On Thursday, two research teams, working independently of each other,
demonstrated attacks against two cards from Nvidia?s Ampere generation that take
GPU rowhammering into new -- and potentially much more consequential --
territory: GDDR bitflips that give adversaries full control of CPU memory,
resulting in full system compromise of the host machine. For the attack to work,
IOMMU memory management must be disabled, as is the default in BIOS settings.

    ?Our work shows that Rowhammer, which is well-studied on CPUs, is a serious
threat on GPUs as well,? said Andrew Kwong, co-author of one of the papers.
?GDDRHammer: Greatly Disturbing DRAM RowsCross-Component Rowhammer Attacks from
Modern GPUs.? ?With our work, we... show how an attacker can induce bit flips on
the GPU to gain arbitrary read/write access to all of the CPU?s memory,
resulting in complete compromise of the machine.?

    Update Friday, April 3: On Friday, researchers unveiled a third Rowhammer
attack that also demonstrates Rowhammer attacks on the RTX A6000 that achieves
privilege escalation to a root shell. Unlike the previous two, the researchers
said, it works even when IOMMU is enabled.

The second paper is GeForge: Hammering GDDR Memory to Forge GPU Page Tables for
Fun and Profit:

    ...does largely the same thing, except that instead of exploiting the
last-level page table, as GDDRHammer does, it manipulates the last-level page
directory. It was able to induce 1,171 bitflips against the RTX 3060 and 202
bitflips against the RTX 6000.

    GeForge, too, uses novel hammering patterns and memory massaging to corrupt
GPU page table mappings in GDDR6 memory to acquire read and write access to the
GPU memory space. From there, it acquires the same privileges over host CPU
memory. The GeForge proof-of-concept exploit against the RTX 3060 concludes by
opening a root shell window that allows the attacker to issue commands that run
unfettered privileges on the host machine. The researchers said that both
GDDRHammer and GeForge could do the same thing against the RTC 6000.

** *** ***** ******* *********** *************
Smart Glasses for the Authorities

[2026.05.07] ICE is developing its own version of smart glasses, with facial
recognition tied to various databases.

** *** ***** ******* *********** *************
Insider Betting on Polymarket

[2026.05.08] Insider trading is rife on Polymarket:

    Analysis by the Anti-Corruption Data Collective, a non-profit research and
advocacy group, found that long-shot bets -- defined as wagers of $2,500 or more
at odds of 35 percent or less -- on the platform had an average win rate of
around 52 percent in markets on military and defense actions.

    That compares with a win rate of 25 percent across all politics-focused
markets and just 14 percent for all markets on the platform as a whole.

It is absolutely insane that this is legal. We already know how insider betting
warps sports. Insider betting warping politics -- and military actions -- is
orders of magnitude worse.

** *** ***** ******* *********** *************
LLMs and Text-in-Text Steganography

[2026.05.11] Turns out that LLMs are really good at hiding text messages in
other text messages.

** *** ***** ******* *********** *************
Copy.Fail Linux Vulnerability

[2026.05.12] This is the worst Linux vulnerability in years.

    TL;DR

        copy.fail is a Linux kernel local privilege escalation, not a browser or
clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC.
        It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write
four bytes at a time straight into the page cache of a file the attacker does
not own.
        The exploit works unmodified across Ubuntu, RHEL, Debian, SUSE, Amazon
Linux, Fedora and most others. No race condition, no per-distro offsets.
        The file on disk is never modified. AIDE, Tripwire and checksum-based
monitoring see nothing.
        Kubernetes Pod Security Standards (Restricted) and the default
RuntimeDefault seccomp profile do not block the syscall used. A custom seccomp
profile is needed.
        The mainline fix landed on 1 April. Distros are rolling kernels out now.
Patch.

    ?Local privilege escalation? sounds dry, so
--- FMail-lnx 2.3.2.6-B20251227
 * Origin: TCOB1 A Mail Only System (618:500/1)