Malware hits PyTorch Lightning, Claude Code penalizes competitor mentions, and LinkedIn scans your browser extensions

Theo on X

Claude Code Allegedly Refuses Requests or Charges Extra When Git Commits Mention 'OpenClaw'

Users reported that Claude Code detects the string 'OpenClaw' — a competitor AI coding tool — in git commit history and either refuses service or routes requests to premium billing, even when the mention is incidental. The detection mechanism appears to use pattern-matching on git context that Claude Code reads as part of its repository awareness. The post generated over 1,000 upvotes on Hacker News and 600 comments, with users raising concerns about transparency, fair pricing, and the potential for bad actors to embed competitor strings in public repositories to disrupt other users' workflows.

404 Privacy

LinkedIn Is Scanning Your Browser Extensions

LinkedIn covertly scans users' installed browser extensions by probing a hardcoded list of 6,278 extension IDs, encrypting the results and transmitting them to LinkedIn servers with every user action. The collected data is appended to already-detailed professional profiles — complete with verified name, employer, and job title — enabling LinkedIn to infer sensitive details such as personal interests, political views, health status, and job-searching activity before any public disclosure. The practice has significant implications for workplace surveillance and organizational security, as internal tools and security products used by employees become visible through their corporate profiles. This behavior is not disclosed in LinkedIn's public privacy policy.

Cloudflare Blog

Post-Quantum Encryption for Cloudflare IPsec Is Generally Available

Cloudflare has made post-quantum encryption for its IPsec service generally available using hybrid ML-KEM (FIPS 203), enabling wide-area networks to defend against harvest-now-decrypt-later attacks without specialized hardware. The implementation is confirmed interoperable with Cisco 8000 Series routers and Fortinet FortiOS, meaning enterprises can start protecting site-to-site WAN traffic with existing equipment today. The milestone arrives four years after hybrid post-quantum key agreement landed in TLS — a delay largely attributed to the IPsec community's pursuit of Quantum Key Distribution, an approach the NSA, Germany's BSI, and UK's NCSC have all cautioned against. Cloudflare has moved its full post-quantum security target forward to 2029.

GNU GCC

GCC 16 Released: C++20 Default, C++26 Reflection, and New Platform Support

GCC 16 shifts the default C++ standard to C++20 while expanding C++26 support with reflection and contracts — two long-awaited features enabling compile-time metaprogramming and formal error handling in C++. The release adds new platform targets including LoongArch32 for embedded 32-bit development and AMD Zen6 processors with AVX512 extensions. Developer experience improvements include HTML diagnostic output, hierarchical error messages for template-heavy code, and enhanced SARIF output for integration with tooling pipelines.

Google DeepMind

Google DeepMind Proposes AI Co-Clinician for Collaborative Healthcare

Google DeepMind published research on an AI co-clinician designed to function as a collaborative team member alongside physicians, framing the model as part of a 'triadic care' model rather than a physician replacement. In evaluations, the system made zero critical errors in 97 of 98 primary care evidence-synthesis queries and matched primary care physicians on 68 of 140 simulated telemedicine consultation skills. Expert physicians retained clear advantages in identifying warning signs and conducting physical examinations. The research explicitly targets the WHO-projected shortage of over 10 million health workers by 2030.

Krebs on Security

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

KrebsOnSecurity found evidence that Huge Networks, a Brazilian ISP specializing in DDoS protection, was running a Mirai-based botnet that attacked the same small Brazilian ISPs it ostensibly protects. Exposed files included Python attack scripts and private SSH keys belonging to the company's CEO, showing mass-scanning for TP-Link routers vulnerable to CVE-2023-1389. CEO Erick Nascimento attributes the activity to a January 2026 intrusion and denies deliberate involvement, but the incident mirrors a 2017 case where DDoS mitigation company founders were revealed as Mirai malware authors — raising the recurring question of whether some protection vendors manufacture the threats they sell against.

Feisty Duck Newsletter

ECH Is Done, But Can We Make It Work?

Encrypted Client Hello (ECH) — the TLS extension that hides the server name in handshakes, closing a long-standing surveillance gap — has been technically finalized and browsers now support it. But server adoption lags dramatically: only Cloudflare deploys ECH at scale, and OpenSSL's 4.0 support will take years to propagate through the ecosystem. A structural weakness also undermines the standard in adversarial environments: ECH connections are identifiable by their use of a static placeholder domain, giving censors a reliable signal to block. Conflicting incentives — governments wanting visibility, enterprises needing inspection — add further deployment friction.

Simon Willison

UK AI Security Institute: GPT-5.5 Matches Claude Mythos on Cybersecurity Evals

The UK's AI Security Institute evaluated GPT-5.5 and found its offensive cybersecurity capabilities comparable to Anthropic's Claude Mythos Preview — the model previously considered to hold a unique lead on this benchmark. GPT-5.5 reportedly achieved a 71.4% average pass rate on multi-step attack simulations versus Mythos' 68.6%, and became the second model to complete an end-to-end attack chain. A key distinction: GPT-5.5 is broadly commercially available, while Mythos access has been more restricted, meaning frontier offensive AI capability is now accessible to the general public through OpenAI's standard API.

DBOS

Does Postgres Scale? Benchmarking Workflow Execution at 43K Operations/Second

DBOS benchmarked PostgreSQL's viability as a durable workflow execution engine on a single 96-vCPU AWS RDS instance, achieving 144K writes per second and up to 43K workflow executions per second. With a partitioned queue system, throughput reached 30.6K workflows per second. Write-ahead log flushing and lock contention were identified as the primary bottlenecks at scale, but the results suggest Postgres can serve most applications' workflow needs without adding a dedicated queue or orchestration service. Horizontal sharding remains an option for workloads exceeding these limits.