Haveno Brought Back the Arbitrator Multisig and Attackers Just Hijacked It
At 03:43 UTC on May 20, woodser opened an eight-line patch in TradeProtocol.java, and by the time it went up the exploit was already running against live RetoSwap trades.
At 03:43 UTC on May 20, woodser opened an eight-line patch in TradeProtocol.java, and by the time it went up the exploit was already running against live RetoSwap trades.
Ageless Linux is a Debian-based operating system project that has declared "full, knowing, and intentional noncompliance" with California's Digital Age Assurance Act, Cal. Civ. Code § 1798.501(a). Where most Linux distributions are quietly building age verification into their installers ahead of the January 2027
A class action complaint alleges Perplexity shipped complete conversation transcripts to Meta and Google, even when Incognito Mode was switched on.
Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the government when asked. Proton hid them from their privacy policy.
This week Apple pulled VPN apps in Russia at Roskomnadzor's request and forced UK users to hand over government ID to keep using their phones normally.
A stolen npm token was all it took to poison axios, the package with 100 million weekly downloads, and drop a cross-platform RAT on every developer who ran npm install this morning.
A Chinese national collected €345,000 from 10,000 people trying to buy CSAM, delivered nothing, and is still free — while 440 of his customers are now criminal suspects.
The White House app ships with a sanctioned Chinese tracking SDK, the FBI app serves ads, and FEMA wants 28 permissions to show you weather alerts.
Julian Klode has been systematically stripping features from GRUB since 2021, and he built the replacement a decade ago.
Every I2P packet takes 12 hops just to complete a round trip, and the streaming library has to fake TCP on top of all that latency.
Tails 7.6 uses domain fronting to hide Tor bridge requests from censors, replaces KeePassXC with GNOME Secrets for accessibility, and catches up on 18 months of Electrum releases.
Microsoft spent four years stuffing Windows 11 with ads, forced Copilot integrations, and bloatware, now they want applause for promising to remove it.
age verification
Dylan, useful idiot with commit access, pushed age verification PRs to systemd, Ubuntu & Arch, got 2 Microslop employees to merge it, called it 'hilariously pointless' in the PR itself, then watched Lennart personally block the revert. Unpaid compliance simp.
privacy
Amazon just canceled Ring's partnership with Flock Safety, a surveillance company operating over 100,000 automated license plate reader cameras across 49 states that scan more than 20 billion plates per month. The deal would have allowed law enforcement to request Ring doorbell footage through Flock's
dark web
James Ettleson ordered meth through dark web markets then advertised it on Facebook, earning 100 months in federal prison.
privacy
Proton has handed over user data in response to over 40,000 government orders since 2017. Their own transparency report shows a 94% compliance rate. Here's everything they don't want you to know, sourced from their own documents.
OpenClaw
OpenClaw has racked up over 160 security advisories in the past year, excludes the primary attack vector from their security model, and has no bug bounty program. This is security in name only.
garlic routing
The unidirectional tunnel requirement in I2P means a simple request-response involves four distinct paths, and garlic routing optimizes this architecture by packaging multiple messages together for efficient transport.
dread
Dread is running a writing contest with $1,750 in Monero prizes and one very specific ban: AI-generated content.
apple
Apple rolled identity verification into iOS 26.4 for UK users under the Online Safety Act, requiring credit card scans or government photo ID to confirm users are over 18. If you decline, app downloads and in-app purchases get restricted on a phone you already own. The system is
tails
Tails 7.5 upgrades to Tor 0.4.9.5 with Counter Galois Onion encryption and patches over 30 high-severity Firefox vulnerabilities through Tor Browser 15.0.7.
botnet
On February 3, 2026, the I2P anonymity network was flooded with 700,000 hostile nodes in what became one of the most devastating Sybil attacks an anonymity network has ever experienced. The network normally operates with 15,000 to 20,000 active devices. The attackers overwhelmed it by a factor
Tor
Tor Browser 15.0.6 ships with Counter Galois Onion circuit encryption that eliminates tagging attacks, plus a heap buffer overflow patch from Firefox ESR 140.7.1.
whonix
Whonix 18.1.4.2 disables VirtualBox dynamic resolution by default after developers discovered the auto-resize feature creates unique fingerprints that persist across reboots.
cybersecurity
A criminal proxy service openly bragged "Working since 2004!" on its homepage while the FBI apparently had other priorities for two decades.
I2P
A botnet that broke DDoS records at 31.4 terabits per second accidentally crippled I2P's anonymity network while trying to use it as a backup command infrastructure, and the developers responded with post-quantum cryptography enabled by default.
tails
Tails 7.4.2 ships as the second emergency release in 12 days, patching 169 Linux kernel CVEs that could let an attacker escalate from a compromised application to full system control.
Ubuntu
Canonical pulled the Software & Updates GUI from Ubuntu 26.04 because they decided the checkboxes were "dangerous" for you, a person who somehow managed to install Linux.
tor browser
Tor Browser 16.0a2 lands with a Firefox 147 base, OpenSSL 3.5.5 security patches, and the first glimpse of life after ESR.
europol
A Macron loyalist filed a complaint because he didn't like X's algorithm, and now Europol is calling it a child exploitation investigation.
Tor
The Tor Project released Arti 2.0.0 on February 2, 2026, advancing relay infrastructure and eliminating legacy configuration options as the Rust-based implementation moves toward replacing C tor entirely.
darknet
A 33-year-old Slovakian man who ran Kingdom Market has pleaded guilty after customs inspectors at Newark Airport found crypto wallets and devices linking him directly to the darknet marketplace.
darknet
The two men who ran Empire Market, one of the largest darknet marketplaces ever, have both pleaded guilty to drug conspiracy charges and now face sentences ranging from 10 years to life.
darknet
A British national faces life in prison after a four-day trial connected his Dream Market fentanyl operation to the overdose deaths of two Navy submariners in Georgia.
privacy
The FTC claims behavioral age verification protects children while requiring continuous monitoring of every user's online activity.
News
A malicious contributor vandalized Vietnamese translations in Tor Browser 15.0.4, prompting an unscheduled release that also backports 14 Firefox 147 security fixes including sandbox escapes.
tailsos
Linux 6.12.63, Tor Browser 15.0.4, and critical bug fixes arrive in Tails 7.4 alongside a controversial feature cut.
Monero
Monero 0.18.4.5 arrives with Ledger Nano Gen5 compatibility and patches for daemon synchronization problems.
threema
Your encrypted messages sit on infrastructure controlled by a German private equity firm whose previous acquisitions include Cloud7 premium dog beds and The Tofoo Company.
arrest
Hiding 53.5 kilograms of cocaine in a vehicle's exhaust system worked exactly as well as anyone with basic OPSEC knowledge would expect Revenue officers found it in minutes.
GNUnet
GNUnet 0.26.2 shipped December 22, 2025 with two targeted bugfixes: NULL reporting in the post-quantum cryptography layer and UTF-8 case conversion API repair.
Tor
Every Tor circuit travels through exactly three relays, but the algorithm selecting those relays determines whether your traffic stays anonymous or gets correlated.
qubes
The latest Qubes release eliminates disposable VM boot delays while introducing self-identity device assignment for hardware you actually control.
briefings
(link at the bottom)
privacy
Color laser printers have contained hidden surveillance technology since the mid-1980s. Xerox and Canon developed Machine Identification Code, a system of microscopic yellow dots that encode your printer's serial number and the exact date and time of every print job. This technology was implemented through a secret
tails
The update includes Tor Browser 15.0.3 with vertical tabs and tab groups, the first major interface change to hit the anonymous browser in years.
btc
The 176 transactions over 12 hours suggest either someone methodically testing wallet access or an automated sweep consolidating legacy addresses into modern bech32 format.
tor browser
The Tor Project now hosts its own NoScript builds, versioned with ".1984" suffixes to mark independence from Mozilla's Add-ons infrastructure.