Formal spec tool Quint finds over 10 bugs in SQLite while hardening Turso

Turso community member Pavan Nambi modeled the SQLite C API using Quint, a formal specification tool based on Temporal Logic of Actions (TLA). By generating traces from the Quint model and running them against real SQLite via small C programs, the process uncovered over 10 bugs in SQLite itself — including a crash in sqlite3_deserialize() when a read transaction was in progress. The approach complements Turso's existing testing arsenal (DST, fuzzers, differential testers, Antithesis) by exploring state-space regions that random SQL-based simulators miss. All found bugs were reported and fixed upstream in SQLite.

Google accidentally deletes Railway's cloud account in recurring incident

Google accidentally deleted Railway's cloud account, and notably this is not the first time Google has done something like this to a customer. The incident highlights recurring reliability and trust concerns with Google Cloud's account management.

GitHub investigates unauthorized access to its internal repositories

<p>We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.</p>
<p>If any impact is discovered, we will notify customers via established incident response and notification channels.</p>

GitHub is investigating unauthorized access to its internal repositories. No evidence of impact to customer data stored outside GitHub's internal systems has been found so far. The company is monitoring infrastructure for follow-on activity and will notify affected customers through established incident response channels if any impact is discovered.

ChromaDB max-severity RCE CVE-2026-45829 affects 14M monthly download package with no patch

A maximum-severity vulnerability (CVE-2026-45829) in ChromaDB's Python FastAPI server allows unauthenticated attackers to execute arbitrary code on exposed servers. The flaw exists because a vulnerable API endpoint loads and executes a malicious model from Hugging Face before authentication is checked, meaning the payload runs even though the server ultimately returns a 500 error. The bug was introduced in ChromaDB 1.0.0 and affects the PyPI package with ~14 million monthly downloads. Despite being reported in February, the maintainer has not responded to HiddenLayer's disclosure attempts, and it remains unclear whether version 1.5.9 patches the issue. About 73% of internet-exposed ChromaDB instances run a vulnerable version. Mitigations include switching to the Rust frontend, avoiding public exposure of the Python server, restricting network access to the API port, and scanning ML model artifacts before runtime.

Ruby 4.0.5 patches use-after-free in getaddrinfo timeout handler

A use-after-free vulnerability (CVE-2026-46727) has been found in Ruby's pthread-based getaddrinfo timeout handler. A race condition in the timeout cancellation path of rb_getaddrinfo, used by Addrinfo.getaddrinfo and Socket.tcp, can allow a remote attacker who delays DNS responses near the timeout threshold to cause the Ruby process to dereference freed memory and crash. Affected versions are Ruby 4.0.0 through 4.0.4 and 4.1.0-dev before the fix. Ruby 3.4 and earlier are not affected. The fix is included in Ruby 4.0.5. As a workaround, avoid passing timeout: to Addrinfo.getaddrinfo or resolv_timeout: to Socket.tcp.

Nvidia launches verified agent skills framework with cryptographic signing and governance

NVIDIA introduces a verified agent skills framework that brings capability governance to AI agents. Verified skills are portable instruction sets (SKILL.md files) that teach agents how to use NVIDIA tools correctly. They go through a publishing pipeline involving automated scanning via SkillSpector (checking for prompt injection, tool poisoning, excessive agency, and other agent-native risks), cryptographic signing using OpenSSF Model Signing, and documentation via machine-readable skill cards. Skill cards capture ownership, dependencies, licensing, known limitations, and verification status. The framework is compatible with Claude Code, Codex, and Cursor, and builds on the open agentskills.io specification. Developers can clone skills from the NVIDIA/skills GitHub repo, verify signatures locally, and inspect skill cards before deployment.

Amazon MWAA adds Apache Airflow 3.2 support with asset partitioning and Human-in-the-Loop

Amazon Managed Workflows for Apache Airflow (MWAA) now supports Apache Airflow 3.2. Key new features include asset partitioning for triggering downstream DAGs based on specific data slices (e.g., date-partitioned S3 paths), expanded Human-in-the-Loop capabilities with full audit history and AgenticOperator support, Grid View virtualization for faster large DAG rendering, full XCom management from the UI, and async callable support in PythonOperator. Users can launch new environments or upgrade from Airflow 2.11+ via the AWS Management Console.

US banking regulators pause cyber exams to let banks patch Mythos-discovered vulnerabilities

US banking regulators, including the Federal Reserve and OCC, are pausing cyber examinations of major banks to allow institutions time to patch vulnerabilities uncovered by Anthropic's Mythos AI model. Mythos, released in limited access in April, demonstrated the ability to identify thousands of zero-day flaws across major operating systems and browsers. Wall Street firms including JPMorgan, Goldman Sachs, and Morgan Stanley have mobilized hundreds of staff to triage and remediate flagged vulnerabilities. Anthropic CEO Dario Amodei has warned of a 6-12 month window to patch tens of thousands of flaws before adversarial actors or rival AI labs develop similar capabilities.

Cloudflare CSO details Claude Mythos exploit chain construction and adversarial review capabilities

Cloudflare's CSO published findings from Project Glasswing, Anthropic's initiative giving select companies access to Claude Mythos for defensive security research. Key capabilities demonstrated include exploit chain construction (chaining primitives like use-after-free bugs into full system takeovers), proof generation (writing and running code to verify exploitability), and adversarial review (running two agents in deliberate disagreement to improve accuracy). The newsletter also covers npm package compromises, Julia Evans moving away from Tailwind, Andrej Karpathy joining Anthropic, and a JavaScript destructuring trick for grabbing first and last array elements.

Microsoft shuts down illegal code-signing operation used by ransomware groups

<p>Microsoft’s Digital Crimes Unit has taken down Fox Tempest, a malware-signing-as-a-service operation that was selling signed malware to ransomware affiliates through Microsoft’s own Azure platform.</p>
<h2>What Fox Tempest was doing</h2>
<p>The group abused Azure Artifact Signing to generate fraudulent code-signing certificates at scale. They created over 1,000 certificates and hundreds of Azure tenants using stolen identities, then sold access to ransomware affiliates for $5,000–$9,000 per use, paid in bitcoin via Telegram.</p>
<p>To avoid detection, they relied on short-lived 72-hour certificates that expired before security teams could flag them. Signed malware looks legitimate to Windows and many security tools, which is the whole point — a valid signature is often enough to slip past defenses that would otherwise block an unknown executable.</p>
<p>Customers included affiliates of INC, Qilin, Akira, and Rhysida ransomware gangs, as well as campaigns distributing Lumma Stealer and Oyster. The operation generated millions in profits before Microsoft intervened.</p>
<h2>What Microsoft did</h2>
<p>Microsoft seized the group’s website (signspace[.]cloud), revoked the abused certificates, and took hundreds of Azure VMs offline. The company also filed a legal case in the Southern District of New York. Among the victims were over 12 machines owned by Microsoft itself.</p>
<h2>Why this matters</h2>
<p>Fox Tempest is a clear example of how cybercrime has become modular. Rather than ransomware groups building every capability themselves, they buy what they need — initial access, malware, signing services — from specialized vendors. Disrupting one of those vendors doesn’t stop ransomware, but it does raise costs and force affiliates to find alternatives, which creates friction.</p>
<p>The more interesting detail here is that the operation ran on Microsoft’s own infrastructure. The stolen-identity approach let Fox Tempest blend in as legitimate Azure customers, which is harder to catch than external attacks. Microsoft’s response — revoking certificates and pulling the VMs — is the kind of platform-level action that third-party security tools can’t replicate.</p>


Microsoft's Digital Crimes Unit dismantled Fox Tempest, a malware-signing-as-a-service operation that abused Azure Artifact Signing to generate fraudulent code-signing certificates. The group created over 1,000 certificates using stolen identities and sold signed malware to ransomware affiliates — including INC, Qilin, Akira, and Rhysida — for $5,000–$9,000 per use via Telegram. They used short-lived 72-hour certificates to evade detection. Microsoft seized the group's website, revoked certificates, took hundreds of Azure VMs offline, and filed a legal case in the Southern District of New York. The takedown highlights the modular nature of modern cybercrime, where ransomware groups purchase specialized services rather than building capabilities in-house.