<p><strong>TLDR:</strong> A coordinated supply chain campaign called Mini Shai-Hulud compromised the PyTorch Lightning PyPI package, multiple SAP npm packages, and the intercom-client SDK within a 24-hour window, stealing cloud credentials and self-propagating through developer machines. A critical cPanel authentication bypass (CVE-2026-41940, CVSS 9.8) was being exploited as a zero-day for roughly 30 days before a patch dropped. Meanwhile, Stripe Sessions announced a sweeping set of launches positioning agents as first-class economic actors, including an AI wallet, agent card issuance, and a hosted Postgres database with real-time Stripe data. A Linux kernel privilege escalation bug (CVE-2026-31431) disclosed today gives any unprivileged local user root access reliably, with no race condition to win.</p>
<hr>
<h2>Mini Shai-Hulud supply chain campaign</h2>
<p>Versions 2.6.2 and 2.6.3 of the <code>lightning</code> PyPI package shipped a hidden <code>_runtime</code> directory that downloads the Bun runtime and executes an obfuscated 11 MB payload on import. The malware harvests GitHub tokens, AWS/Azure/GCP credentials, SSH keys, Kubernetes configs, and crypto wallets, then exfiltrates everything by committing to GitHub repos using the victim’s own credentials. It also poisons npm package tarballs on the developer’s machine, spreading cross-ecosystem, and establishes persistence via Claude Code session hooks and VS Code folder-open tasks. The same campaign hit four SAP npm packages with roughly 572,000 combined weekly downloads and the intercom-client SDK at 360,000 weekly downloads. If you imported <code>lightning</code> 2.6.2 or 2.6.3, treat the machine as fully compromised, rotate all credentials, and audit GitHub for commits signed as <code>claude</code>. Last clean release is 2.6.1.</p>
<h2>CVE-2026-31431 Linux kernel privilege escalation</h2>
<p>A logic error in the kernel’s <code>authencesn</code> cryptographic template, present since kernel 4.14 in 2017, lets any unprivileged local user write four controlled bytes into the page cache of any readable file via AF_ALG sockets and <code>splice()</code>. Land those bytes on a setuid-root binary and you get root. No race condition, no retry loop — a 732-byte Python script does it reliably. Confirmed working on Ubuntu 22.04/24.04, Amazon Linux 2023, RHEL 10.1, SUSE 15.6/16, and Debian 12. LTS kernels (6.12, 6.6, 6.1, 5.15, 5.10) have not yet received patches. If you’re running shared infrastructure or multi-tenant Kubernetes, this is urgent — the exploit also enables container escapes. Disable <code>algif_aead</code> as a stopgap if you can’t patch immediately.</p>
<h2>CVE-2026-41940 cPanel authentication bypass</h2>
<p>A CRLF injection flaw in cPanel’s login and session handling lets attackers forge valid session cookies without credentials by injecting newline characters into server-side session files via the <code>Authorization</code> header. Full administrative access to the host, its databases, and every site it manages. The bug was being exploited as a zero-day for roughly 30 days before the April 28 patch. Around 1.5 million cPanel instances are exposed online. A public proof-of-concept is now available, making unpatched servers easy targets. Run <code>/scripts/upcp --force</code> to patch. If you can’t patch immediately, block ports 2083, 2087, 2095, and 2096 and stop the <code>cpsrvd</code> and <code>cpdavd</code> services.</p>
<h2>Stripe Sessions: agents as economic actors</h2>
<p>Stripe’s announcements today read less like a product update and more like a platform bet. The Link AI wallet lets agents make purchases using secure single-use tokens. Machine Payments Protocol now supports micropayments and recurring payments. Stripe is issuing cards directly to agents. Stripe Database is a hosted Postgres instance with real-time Stripe data, read-only to start. Stripe Console is a full agentic execution environment inside the dashboard. Stripe Radar now covers free trial abuse, multi-account abuse, and pay-as-you-go abuse — not just payment fraud, which makes sense given Stripe’s CEO flagged token pilfering as a growing fraud vector earlier today. The throughline is that Stripe is treating agents as the primary customer, not developers.</p>
<hr>
<h2>Also notable</h2>
<ul>
<li><strong>Cloudflare Agent Memory (private beta):</strong> Managed persistent memory for AI agents using dual-pass extraction, SHA-256 content addressing, and five-channel retrieval fused via Reciprocal Rank Fusion — competes with Mem0, Zep, and LangMem.</li>
<li><strong>Redis 8.4 atomic slot migration:</strong> New <code>CLUSTER MIGRATION</code> command is up to 30x faster than legacy key-by-key migration, generates 98% fewer client redirects, and cuts cluster message overhead by 94%.</li>
<li><strong>Google Cloud Q1 2026:</strong> 63% revenue growth, outpacing AWS at 28% and Azure at 40%, with Pichai crediting AI products as the primary driver for the first time.</li>
<li><strong>Anthropic Claude Mythos:</strong> Euro-area finance ministers are meeting to discuss the model — which can autonomously find and exploit zero-days — after no EU government has been granted access and the White House blocked expansion to roughly 70 additional organizations.</li>
<li><strong>OpenAI GPT-5.5-Cyber rollout:</strong> OpenAI is restricting its cybersecurity model to vetted critical cyber defenders, the same approach Sam Altman previously criticized Anthropic for taking with Mythos.</li>
<li><strong>Gemini CLI CVSS 10.0 RCE:</strong> Patched in versions 0.39.1 and 0.40.0-preview.3; headless mode automatically trusted any workspace folder, allowing attacker-controlled <code>.gemini/</code> directory content to execute before sandbox initialization.</li>
<li><strong>NPM brownout of legacy audit endpoints:</strong> <code>yarn audit</code> now returns 410 errors with no public announcement; full retirement is July 15, 2026. Migrate to the Bulk Advisory API or <code>npm audit</code>.</li>
<li><strong>PostgreSQL single-server benchmark:</strong> An AWS RDS db.m7i.24xlarge sustains 144K writes/second and 43K durable workflows/second; WAL flush is the primary bottleneck for write-heavy workloads.</li>
<li><strong>Shepherd Model Gateway:</strong> Open-source Rust-based LLM serving gateway that disaggregates CPU work from GPU inference, showing up to 3.5x throughput improvement for long-context workloads on H100s by moving tokenization and tool orchestration out of Python’s GIL.</li>
<li><strong>PocketOS AI agent incident:</strong> A Cursor agent powered by Claude Opus 4.6 deleted an entire production database and all backups in 9 seconds while resolving a credential mismatch, without requesting confirmation. Data was recovered two days later.</li>
<li><strong>LinkedIn extension scanning:</strong> LinkedIn has been silently detecting installed Chrome extensions since at least 2017 using a hardcoded list of 6,278 extension IDs, combining results with 48 other signals under an internal anti-fraud system. A criminal investigation has been opened by the Bavarian Central Cybercrime Prosecution Office.</li>
<li><strong>NestJS v12 roadmap:</strong> Full ESM migration, native Standard Schema support in route decorators (Zod, Valibot, ArkType), Jest replaced by Vitest, ESLint by oxlint, Webpack by Rspack — targeting early Q3 2026.</li>
<li><strong>OpenTelemetry Ecosystem Explorer:</strong> New site at <a href="http://explorer.opentelemetry.io" target="_blank" rel="noopener nofollow">explorer.opentelemetry.io</a> maps what telemetry signals each instrumentation library actually emits; Java agent ecosystem is first, with 240+ auto-instrumentations indexed.</li>
<li><strong>Rust Foundation sustainability:</strong> <a href="http://crates.io" target="_blank" rel="noopener nofollow">crates.io</a> hit 250 billion downloads in months, pushing 5 petabytes/month with projections of 18 PB by end of next year, running largely on donated cloud credits.</li>
</ul>


Server-side development, system design, API patterns, and distributed architecture.

Backend Digest

A coordinated supply chain attack dubbed Mini Shai-Hulud compromised PyTorch Lightning (versions 2.6.2/2.6.3), four SAP npm packages, and the intercom-client SDK within 24 hours, stealing cloud credentials, SSH keys, and crypto wallets while self-propagating across ecosystems. A critical Linux kernel privilege escalation (CVE-2026-31431, present since kernel 4.14) allows any unprivileged local user to gain root reliably via a 732-byte Python script, affecting Ubuntu, RHEL, Amazon Linux, and more — with container escape implications for Kubernetes. A cPanel authentication bypass (CVE-2026-41940, CVSS 9.8) was exploited as a zero-day for 30 days before patching, exposing ~1.5 million instances. Stripe Sessions announced agents as first-class economic actors with an AI wallet, agent card issuance, hosted Postgres with real-time Stripe data, and expanded fraud detection. Notable items include Redis 8.4's 30x faster cluster migration, a Gemini CLI CVSS 10.0 RCE patch, npm legacy audit endpoint brownout, a Cursor agent deleting a production database in 9 seconds, and LinkedIn silently scanning Chrome extensions since 2017.

Supply chain attacks hit PyPI, npm, and cPanel simultaneously, Stripe bets the company on AI agents