Anthropic's Claude Mythos is too dangerous for public release, APT28 silently hijacks 18,000 routers for OAuth theft, and Cloudflare plots a 2029 post-quantum deadline

Krebs on Security

APT28 Hijacked 18,000 Routers to Silently Intercept Microsoft OAuth Tokens

Russia's Forest Blizzard (APT28/Fancy Bear) compromised approximately 18,000 mostly end-of-life MikroTik and TP-Link routers by modifying their DNS settings to point at attacker-controlled servers — no malware required. Because the hijacked DNS resolved Microsoft Outlook on the Web domains to adversary infrastructure, the group intercepted OAuth tokens after users had already completed multi-factor authentication, effectively bypassing MFA entirely. The campaign hit over 200 organisations and 5,000 consumer devices, primarily targeting government foreign ministries and law enforcement. Black Lotus Labs notes the group switched to this DNS-hijacking approach immediately after a prior NCSC report exposed their earlier malware-based router campaign.

Trail of Bits

What Trail of Bits Learned Auditing WhatsApp's Private AI Inference in TEEs

Trail of Bits published findings from a pre-launch security audit of Meta's WhatsApp Private Inference system, which processes encrypted messages for AI features like summarisation inside AMD SEV-SNP trusted execution environments. Of 28 identified issues — including 8 high-severity findings — the most instructive were: configuration files loaded after the attestation measurement was taken (allowing LD_PRELOAD injection by a malicious insider), ACPI tables excluded from measurement (allowing a hypervisor to map attacker-controlled devices into VM memory), patch levels verified against firmware's self-reported values rather than AMD's signed certificates, and attestation reports lacking freshness guarantees (enabling replay of a single compromise indefinitely). Meta patched all critical issues before launch. The post argues that TEE security reduces to hundreds of individually small but collectively critical implementation details — not architectural choices.

All Things Distributed

AWS Launches S3 Files, Bridging Object Storage and Filesystem Semantics

Werner Vogels describes S3 Files, a new AWS capability that integrates EFS with S3 to let existing file-oriented workloads — analytics pipelines, ML training jobs, scientific computing — operate directly over S3 data without migration. Rather than merging object and filesystem semantics, the design maintains a clean boundary: users work in an EFS filesystem view and explicitly commit changes back to S3 as complete objects. The post frames S3 Files as the resolution to years of customer "data friction" caused by the impedance mismatch between posix-expecting tools and S3's object model.

Z.ai Blog

Z.ai Releases GLM-5.1, a 754B MIT-Licensed Model Built for Long-Horizon Tasks

Chinese AI lab Z.ai launched GLM-5.1, a 754-billion parameter open-weights model released under the MIT licence and available on Hugging Face (1.51 TB). The release targets long-horizon agentic tasks requiring sustained multi-step reasoning, building on the same architecture as the earlier GLM-5. The model is immediately accessible via OpenRouter. In initial testing by Simon Willison, GLM-5.1 produced unprompted HTML with CSS animations alongside SVG output, and when told the animation was broken, correctly diagnosed the root cause — transform attribute conflicts between positioning and CSS — and produced a working fix, showing notably stronger reasoning and self-correction compared to its predecessor.

Cloudflare Blog

Cloudflare Commits to Full Post-Quantum Security by 2029

Cloudflare announced an accelerated post-quantum roadmap targeting complete protection across all products by 2029, citing recent breakthroughs suggesting cryptographically-relevant quantum computers may arrive sooner than previously modelled. The company is shifting its near-term focus from encryption (already deployed for over 65% of Cloudflare traffic) to post-quantum authentication, which it identifies as the more immediately exploitable gap — authentication tokens harvested today remain useful even before long-term encryption keys can be broken. The commitment includes providing free post-quantum cryptography across all Cloudflare products, with the stated goal of moving the broader industry rather than just the company's own infrastructure.

RedMonk

Two Years of Valkey: Healthier Commit Velocity Than Redis, Far More Diverse Contributors

Two years after forking from Redis in response to its 2024 licence change, Valkey has maintained slightly higher commit velocity than Redis and shows no signs of stagnation. The more significant difference is organisational: Valkey's contributor base spans Amazon, Aiven, Alibaba, ByteDance, and others, while Redis remains concentrated around Redis Ltd. The analysis notes that Antirez, Redis's original creator, has returned to the Redis project — a credible intangible asset — but concludes that Valkey's multi-vendor foundation gives it structural sustainability that Redis, as a single-company project, cannot easily replicate.

OpenSSH

OpenSSH 10.0 Makes Post-Quantum Key Exchange the Default and Warns on Legacy Algorithms

OpenSSH 10.0 promotes mlkem768x25519-sha256 — a hybrid classical/post-quantum key exchange combining X25519 with ML-KEM-768 — to the default algorithm, and begins issuing deprecation warnings when connections fall back to non-post-quantum key exchange methods. The primary threat driving the change is "store now, decrypt later": adversaries capable of harvesting today's encrypted traffic can retroactively decrypt it once sufficiently powerful quantum computers exist. The release urges operators to upgrade servers and clients to OpenSSH 9.0+ to ensure hybrid post-quantum key exchange is negotiated and to identify legacy systems that cannot yet support it.

Martin Fowler

Principles of Mechanical Sympathy: Four Rules for Hardware-Aware Software

Caer Sanders distills mechanical sympathy — the discipline of writing software that cooperates with its underlying hardware — into four practical principles: predictable memory access patterns that allow CPU prefetchers to stay ahead of the program; cache line awareness to prevent false sharing between threads operating on adjacent data; the single-writer principle, which eliminates lock contention by routing all mutations to one thread and propagating results asynchronously; and natural batching, which groups work by its natural arrival rhythm rather than waiting for a timeout. The article argues these principles apply uniformly from single-process applications to distributed systems, and that most performance problems trace back to violations of one of them.

NixOS Discourse

Nix Patches Privilege Escalation via Symlink Following in Fixed-Output Derivations

A privilege escalation vulnerability (CVE-2026-39860) affecting Nix 2.21 and later allows any user permitted to submit builds to perform arbitrary file overwrites as root via symlink following during fixed-output derivation (FOD) output registration. The impact covers all default NixOS configurations and any system that builds untrusted derivations with sandboxing enabled on Linux. Patched versions — 2.28.6, 2.29.3, 2.30.4, 2.31.4, 2.32.7, 2.33.4, and 2.34.5 — have been released and are being integrated into nixpkgs for both the unstable and 25.11 branches. Users building untrusted code should update immediately.