As of 2026, the world population is approximately 8.3 billion

The global dog population is estimated to be 700–900 million

That's a bullshit ratio.

Japanese lawmakers have passed a law to establish a national intelligence agency.

While several intelligence bureaus exist under several ministries, Japan has operated without a central intelligence agency since 1952

www3.nhk.or.jp/nhkworld/en/new…

The Composer PHP package manager will scan all new libraries for malware to avoid future supply chain attacks: blog.packagist.com/composer-2-…

Packagist also intends to enable MFA by default for all Composer packages in the near future: blog.packagist.com/an-update-o…

Canon has released firmware updates for more than 200 enterprise printer models to fix a bug that let you dump configs with plaintext domain/network passwords

praetorian.com/blog/canon-prin…

Russia's FSTEC military technical agency has published a guide to help local companies mitigate DDoS attacks

fstec.ru/dokumenty/vse-dokumen…

Tech Force set out to hire 1,000 technologists last year — it’s onboarded 10 so far

😂

nextgov.com/people/2026/05/tec…

The Zig programming language has updated its code of conduct to ban LLM-generated code, vulnerability research, text-generation, and about anything AI at all

businessinsider.com/zig-progra…

ziglang.org/code-of-conduct/

France's privacy watchdog issued and collected €487 million from 83 fines last year

Most came from just two fines, against Google (€325m) and Shein (€150m), which accounted for 97% of the collected funds

cnil.fr/fr/rapport-annuel-2025

PostHog says it's currently experiencing a security incident. The analytics company said it's "rotating keys after a security research team was able to confirm an exploit in one of our AWS environments," referring to Amazon Web Services.

Incident page: posthogstatus.com/incidents/01…

Some infosec conference talks

SANS AI Cybersecurity Summit 2026 videos: youtube.com/playlist?list=PLtg…

SISAP 2026 videos: youtube.com/playlist?list=PLfj…

RWC 2026 videos: youtube.com/playlist?list=PLee…

There's open-source traffic distribution systems now? Ha?!?

silentpush.com/blog/drivesurge…

The Chinese government will assign unique digital IDs to humanoid-shaped robots.

The IDs will be assigned through a new website named the Humanoid Full Lifecycle Management Service Platform.

The IDs will be used to track robots from production to sale and recycling

scmp.com/tech/policy/article/3…

There's another branded Linux LPE bug, this one named CIFSwitch

This was also found with AI, but it's not universal as it only affects a handful of distros and under certain conditions.

Unlike all the other Linux LPEs, this one received a patch ahead of release

heyitsas.im/posts/cifswitch/

NIST is looking for a new round of PQC algorithms in case the first 3 selected ones get cracked and to provide better performance alternatives

csrc.nist.gov/Projects/pqc-dig…

CommsRisk shuts down 😑

commsrisk.com/this-is-the-fina…

The Linux Foundation launched DNS-AID, a new open-source project to enable AI agents to use the DNS infrastructure to discover and talk to each other

linuxfoundation.org/press/linu…

dns-aid.org/

Oracle's first monthly security updates are out

Company recently switched from a quarterly to a monthly update scheme

oracle.com/security-alerts/csp…

Cybersecurity agencies from eight EU countries have launched a shared Security Operations Center (named ENSOC)

linkedin.com/feed/update/urn:l…

ensoc.eu/index.html#about

The amount of fuckery going on when you put something online is absolutely mindboggling to me.

Internet, truly, is a rather hostile place.

So... they're gonna tank their whole economy?

Ha?

One reason that Microsoft might be issuing such harshly worded language here to describe the researcher may be that, according to Nightmare Eclipse, they until recently worked as a security researcher at Microsoft.

Scroll back far enough through their Xitter account (to June 2020) and you will see they claimed CVE-2019-1385 was theirs.

On July 1, 2021, Nightmare Eclipse complained that Microsoft failed to fix one of the weaknesses they reported in CVE-2021-24084. Microsoft credits both of these flaws to the same researcher, whose LinkedIn account says they are in Germany and worked full time at Microsoft from Sept. 2022 to June 2025.

For the record, I think @GossiTheDog called it that this person was a former MS employee.

x.com/ChaoticEclipse0/with_rep…

Chuck Darwin

2026-05-30 00:47:56

After a security researcher published a series of unpatched bugs in Microsoft products, along with code to exploit them,
the company is now threatening to take legal action and call the cops on them.

Microsoft’s threat reignites a long-running argument over what responsibility, if any, security researchers have to disclose vulnerabilities affecting large and wealthy tech giants.

On Wednesday, Microsoft published a blog post criticizing the researcher, who goes by the handle
“Nightmare Eclipse,”
for publicly disclosing a series of bugs, including BlueHammer, RedSun, UnDefend, and YellowKey.

The flaws affected products such as the Windows built-in antivirus engine Defender and the disk-encryption tool BitLocker.

Katie Moussouris warned that the consequences of security researchers losing trust with Microsoft could result in a chilling effect of fewer people coming forward to report bugs,
“making it less safe for all of us.”

Security researcher and former Microsoft employee Kevin Beaumont also called out Microsoft in a blog post,
describing the company’s position a “dumpster fire of its own making.”

“Proof of concept exploit creation and distribution for zero days is ‘criminal activity’ now?”
wrote Beaumont.

“Responsible disclosure quite often is framed to protect the product owner, not the customer
— using it to try to criminally prosecute people is a new low.”
techcrunch.com/2026/05/29/micr…

Microsoft under fire for threatening security researcher with criminal investigation | TechCrunch

A public spat between Microsoft and an independent security researcher reopens a long-running debate over who is responsible for securing software.

^{Lorenzo Franceschi-Bicchierai (TechCrunch)}

This Week in Package Management: 30 May 2026

nesbitt.io/2026/05/30/this-wee…

SentinelOne's stock closes down 8% after the company announced plans to lay off 8% of its workforce and forecasted Q2 and FY revenue guidance below estimates (Samantha Subin/CNBC)

cnbc.com/2026/05/29/sentinelon…
techmeme.com/260529/p31#a26052…

Wikipedia went from "do not cite" to "the last trustworthy source on the internet" in the past 25 years and now it looks like they want to throw it all away because they want to break a union.
The largest community driven project in the world, relying directly on volunteers, and they still do not see the value of their own people.

I hate capitalism

Big Tech’s Anti-Labor Playbook Has Come for Wikipedia | by Jake Orlowitz | May, 2026 | Medium
medium.com/@jakeorlowitz/wikip…

-Dutch police take down giant botnet of 17 million devices
-US military staff tracked with adtech location data
-Google engineer arrested for Polymarket bets
-Unpatched bugs in Gogs, Casdoor IAM
-SuperFortune hacked for $15m
-VentraIP hit by DDoS attack
-UK Visa Portal leak
-Amadeus gets massive GDPR fine
-EU fines Temu
-IBM announces Project Lightwell
-C# improves memory safety
-Sextortionist gets 33 years

Podcast: risky.biz/RBNEWS570/
Newsletter: news.risky.biz/risky-bulletin-…

📰 Risky Bulletin: Dutch police take down giant botnet of 17 million devices

risky.biz/risky-bulletin-dutch…