Claude Code's HERMES.md billing bug silently drains credits, 732-byte exploit roots every major Linux distro, and Cloudflare lets agents deploy autonomously

xint.io

Copy Fail — 732 Bytes to Root on Every Major Linux Distribution

A critical Linux kernel vulnerability (CVE-2026-31431) allows any unprivileged user to achieve root access through a 732-byte exploit that works identically across Ubuntu, Amazon Linux, RHEL, and SUSE. The flaw combines AF_ALG crypto sockets, splice() operations, and the authencesn AEAD algorithm to enable controlled 4-byte writes into cached files while bypassing checksum verification. The vulnerability went undetected since 2017 and creates container escape and Kubernetes node compromise vectors. Immediate mitigation requires either applying the kernel patch or disabling the algif_aead module.

Cloudflare Blog

Cloudflare and Stripe Enable AI Agents to Provision Cloud Infrastructure End-to-End

Cloudflare and Stripe launched a new protocol that lets AI agents autonomously provision cloud infrastructure on behalf of users — creating accounts, purchasing domains, and deploying applications without human steps beyond an initial sign-in and terms acceptance. The system uses Stripe as an identity attestation layer, a payment token mechanism that keeps credit card details away from the agent, and a per-provider $100/month spending cap by default. A discovery catalog API lets agents find available services without user guidance. The protocol is open for other platforms to implement, and Cloudflare is offering $100,000 in credits to startups incorporating via Stripe Atlas.

Zig Software Foundation

Zig Bans AI Contributions: "Contributor Poker" Over Code Poker

Zig Software Foundation VP of Community Loris Cro published the most coherent articulation yet of why the Zig project bans AI-generated contributions. The argument, framed as "contributor poker," holds that reviewing a PR is primarily an investment in the contributor — not the code — and that the core team bets on people who will grow into trusted, accountable contributors over time. AI-generated submissions break this model entirely: reviewing them consumes team time without building any contributor relationship, and the code may be hallucinated, misleading, or unmaintained the moment the author moves on. Notably, Bun — the JavaScript runtime written in Zig and now owned by Anthropic — runs its own Zig fork specifically because it cannot upstream AI-assisted changes under Zig's policy.

Zed Industries

Zed Editor Reaches 1.0 with GPU-Accelerated Architecture and Multi-Agent Support

Zed, the GPU-accelerated code editor written in Rust, reached version 1.0 after years of development. The editor controls its full rendering stack through custom GPU shaders and GPUI — its own UI framework — rather than relying on Electron or web technologies. Version 1.0 ships with comprehensive language support across macOS, Windows, and Linux, integrated git, SSH remoting, a debugger, and AI-native features including an Agent Client Protocol that supports running multiple agents in parallel. Future development targets multi-user and multi-agent real-time collaboration with character-level synchronization through DeltaDB.

PromptArmor

Ramp's Sheets AI Vulnerability Allowed Silent Financial Data Exfiltration

PromptArmor discovered a critical indirect prompt injection vulnerability in Ramp's Sheets AI that allowed attackers to exfiltrate sensitive financial data by hiding malicious instructions in external datasets. When an unsuspecting user combined an attacker-controlled data source with a confidential financial spreadsheet, the AI agent was tricked into generating formulas that made unauthorized network requests to attacker-controlled servers. The vulnerability was patched by Ramp on March 16, 2026. The incident illustrates a fundamental risk pattern in agentic AI systems: any tool that combines external data with sensitive context is a potential exfiltration vector unless the agent architecture explicitly prevents unauthorized outbound calls.

Andrew Ayer's Blog

FastCGI: 30 Years Old and Still the Safer Protocol for Reverse Proxies

A detailed technical argument makes the case that FastCGI provides structural security advantages over HTTP for reverse proxy-to-backend communication that HTTP simply cannot match. Because FastCGI uses explicit binary message framing, it eliminates request desync and HTTP smuggling attacks entirely. It also structurally separates client-sent headers from proxy-injected metadata, making it impossible for clients to spoof trusted headers like X-Forwarded-For. Despite being 30 years old and lacking WebSocket support, FastCGI is widely supported by nginx, Apache, Caddy, and HAProxy — and security-conscious teams running internal services have little reason not to prefer it.

The Coder's Cafe

Linux 7.0 Scheduler Change Cuts PostgreSQL Throughput by 50% on High-Core Systems

Linux 7.0 removed the PREEMPT_NONE scheduling option and replaced it with PREEMPT_LAZY, causing PostgreSQL throughput to drop approximately 50% on systems with 96 or more cores. The root cause: PREEMPT_LAZY can interrupt lock holders during page faults, extending lock hold times and forcing waiting threads to spin on CPU. This cascades across millions of page faults in PostgreSQL's 120 GB buffer pool under realistic workloads. Workarounds include enabling huge pages to reduce page fault frequency or patching the kernel; teams running PostgreSQL on modern high-core servers should test before upgrading to Linux 7.0.

mxsasha.eu

RIPE NCC RPKI Exploit Chain Could Have Silently Disrupted European Internet Routing

A researcher discovered a critical vulnerability chain in RIPE NCC infrastructure that could let an attacker hijack internet routing for European networks without any direct access to routing infrastructure. The exploit chained three XSS vulnerabilities across RIPE services with a shared authentication cookie that granted access to the RPKI Dashboard — the system controlling Route Origin Authorizations. An attacker could modify ROAs to cause networks to drop traffic, with testing confirming 80% of targeted networks would stop passing traffic within one hour. The incident demonstrates how security-critical infrastructure can be undermined through overlooked attack vectors when authentication is shared across applications of different sensitivity levels.

Vulpine Citrus

AI Web Scrapers Sent 1 in Every 2,000 Public IPv4 Addresses at One Personal Site

A developer documented a coordinated DDoS-scale scraping attack against their personal infrastructure originating from over 2 million unique IPv4 addresses — approximately 1 in every 2,000 public IPs — attributed to AI training web scrapers. The attack generated over 5 million bot-classified requests at sustained rates exceeding 3,000 per minute over 24 hours, with malicious IPs distributed across 202 of 256 IPv4 /8 blocks. The scale makes traditional IP-based blocking useless: there is no practical blocklist that covers 2 million addresses spread across the entire public address space. The incident puts a concrete number on what infrastructure operators have been observing anecdotally — AI scraper traffic has crossed from nuisance into legitimate denial-of-service territory for under-resourced operators.