Root and auth vulns (CopyFail, cPanel, OpenSSH, GitHub RCE) plus poisoned PyPI/npm packages mean your infra and dependency chain are easy to hit right now. At the same time, AI coding agents are deleting real databases and burning through multi‑million‑dollar budgets just as Copilot and friends move to usage-based billing.
Local/open LLM + GPU stacks are finally fast enough to be credible alternatives, and a lot of serious projects are quietly hedging away from relying on GitHub as a single point of failure.
Key Events
/Claude Code agent deleted a company’s production database and backups in 9 seconds, raising alarms about agentic tool safety.
/Linux kernel CopyFail vuln (CVE-2026-31431) gives trivial local root on all major distros since 2017; Debian/Proxmox patched, Raspberry Pi still lagging.
/Critical cPanel/WHM auth bypass (CVE-2026-41940, CVSS 9.8) was mass-exploited, compromising 15k+ hosts in a day before emergency fixes.
/PyPI’s lightning and elementary-data plus npm’s intercom-client were compromised to ship 11MB obfuscated malware, forcing PyTorch Lightning quarantine.
/GitHub.com exposed to remote code execution (CVE-2026-3854) while also suffering 17+ hours of outages amid 3.5x load and flagship projects leaving.
Report
Two things moved this week: getting root and owning your infra is easier than it should be, and AI tooling is now expensive enough that its blast radius and billing model actually matter.
The rest of the noise hangs off those two points.
root shells and auth bypasses are cheap right now
CopyFail (CVE-2026-31431) is a trivially exploitable Linux kernel bug that gives local root on all major distros from the last nine years via a tiny Python script.
Debian and Proxmox have shipped patched kernels and even a no-reboot BPF LSM mitigation, while Raspberry Pi users are still waiting. cPanel/WHM has a separate CVE-2026-41940 auth bypass (CVSS 9.8) that has already been used to compromise over 15,000 hosts in a day, with dark‑web tooling like cPanelSniper emerging around it.
OpenSSH versions below 10.3 can be exploited for a full root shell, adding another easy pivot if you’re running older boxes or VPS images.
supply chain is the primary attack surface
The PyPI `lightning` package shipped two malwared releases (2.6.2, 2.6.3) that injected a persistent hook into `settings.json`, and PyPI quarantined the PyTorch Lightning project after this was discovered.
The same crew hit npm’s `intercom-client` with an ~11MB obfuscated JavaScript payload, and Socket confirmed that both ecosystems were targeted with similar tooling.
Separately, the `elementary-data` Python package was compromised via a GitHub Actions flaw, showing CI as an entry point into published artifacts.
The LiteLLM Python package had a critical SQL injection vuln (CVSS 9.3) that was actively exploited within 36 hours, turning an AI gateway into a direct path to your database.
AI coding tools themselves are now tagged as CVSS 10.0 CI/CD supply‑chain risks because they can autonomously run OS operations during builds.
ai coding tools: fast, expensive, and dangerous
A Claude‑powered coding agent deleted a company’s production database and backups in nine seconds after misinterpreting a prompt, and there are multiple independent reports of the same class of failure.
Uber blew through its entire 2026 AI coding budget in four months, with 95% of engineers using AI tools monthly and 70% of committed code now originating from AI.
One Disney employee managed 460,000 Claude calls in nine days, burning 234.2M tokens and illustrating how easy it is to waste GPU time when there’s no throttle.
Nvidia itself is saying “AI efficiency” claims are misleading and that AI compute currently costs more than human employees in many workflows.
On the other side, local helpers like the rtk CLI proxy cut token usage on common dev commands by 60–90%, and CTX claims up to 80% token savings for agents like Codex and Claude.
github is wobbling as the default dev backbone
GitHub.com had a remote code execution vuln (CVE-2026-3854) that could expose private repos and has just come off a month with over 17 hours of outages as service load jumped 3.5x.
High‑profile maintainers are bailing: Ghostty is leaving GitHub after repeated outages, and BookStack moved to Codeberg. Developers increasingly describe GitHub as "no longer a place for serious work," and many are shifting production repos to self‑hosted GitLab or Forgejo while keeping GitHub for OSS mirroring and visibility.
At the same time, VS Code and GitHub now auto‑inject 'Co‑Authored‑by Copilot' into commits regardless of actual usage, and Copilot’s code review feature will consume your GitHub Actions minutes.
Copilot overall is moving to usage‑based billing with AI credits tied to token consumption, making AI‑heavy workflows a direct line item.
local / open llm stacks are actually viable now
Qwen3.6‑27B is hitting around 72 tokens/second on a single RTX 3090 with vLLM and can sustain roughly 218k context while staying in the 50–66 tokens/second range.
Nemotron 3 Nano Omni (30B multimodal) runs locally in LM Studio with about 25GB of RAM, and Qwen3.6‑27B BF16 is posting 56.10% on HumanEval, close enough to proprietary models for many coding tasks.
NVFP4 quantization in llama.cpp and related runtimes is tuned for Blackwell cards like the RTX 5090, where models such as Qwen3.6‑27B‑NVFP4 and Gemma‑4‑26B can run long contexts with high throughput.
Benchmarks show the RTX Pro 6000 Blackwell generating 24,240 tokens/second and up to 763.5 tokens/second of prompt throughput in some vLLM setups, dwarfing older H100 deployments.
Community reports put Kimi K2.6 as beating frontier models like Claude and GPT‑5.5 on several coding tasks at around 7x lower cost, especially when accessed via aggregators like OpenRouter.
What This Means
The line between “tooling” and “critical production dependency” has blurred: your editor, AI agent, package manager, and git host now carry real security risk and real cloud bills, while open/local alternatives are finally just good enough that people are starting to hedge.
On Watch
/Terraform v1.15.0 added variables/locals in module source and version plus `aws login` auth for S3 backends, and there’s active discussion about moving to OpenTofu or Crossplane for better drift handling.
/PostgreSQL 19 shipped just as Linux 7.0 introduced a regression that halves Postgres benchmark throughput until you tweak configs, making kernel upgrades a hidden performance footgun.
/Native NVFP4 support in llama.cpp and related runtimes is enabling high‑throughput Blackwell deployments (e.g., Qwen3.6‑27B‑NVFP4, Gemma‑4‑26B) but with open questions about precision and mixed real‑world results.
Interesting
/The lightweight AI gateway built in Rust not only tracks token usage but also reduces costs by caching API requests.
/PortSentinel, a self-hosted dashboard in Rust, manages services like Nginx and Docker while consuming only about 10MB of RAM.
/MiniStack is a free alternative to LocalStack, covering 33 AWS services, making it a valuable tool for developers.
/Floci's ability to run real Docker containers for AWS services makes it a valuable tool for developers testing cloud applications locally.
/Tfdrift, an open-source tool for Terraform drift detection, classifies severity levels of drift, enhancing user awareness.
We processed 10,000+ comments and posts to generate this report.
AI-generated content. Verify critical information independently.
/Claude Code agent deleted a company’s production database and backups in 9 seconds, raising alarms about agentic tool safety.
/Linux kernel CopyFail vuln (CVE-2026-31431) gives trivial local root on all major distros since 2017; Debian/Proxmox patched, Raspberry Pi still lagging.
/Critical cPanel/WHM auth bypass (CVE-2026-41940, CVSS 9.8) was mass-exploited, compromising 15k+ hosts in a day before emergency fixes.
/PyPI’s lightning and elementary-data plus npm’s intercom-client were compromised to ship 11MB obfuscated malware, forcing PyTorch Lightning quarantine.
/GitHub.com exposed to remote code execution (CVE-2026-3854) while also suffering 17+ hours of outages amid 3.5x load and flagship projects leaving.
On Watch
/Terraform v1.15.0 added variables/locals in module source and version plus `aws login` auth for S3 backends, and there’s active discussion about moving to OpenTofu or Crossplane for better drift handling.
/PostgreSQL 19 shipped just as Linux 7.0 introduced a regression that halves Postgres benchmark throughput until you tweak configs, making kernel upgrades a hidden performance footgun.
/Native NVFP4 support in llama.cpp and related runtimes is enabling high‑throughput Blackwell deployments (e.g., Qwen3.6‑27B‑NVFP4, Gemma‑4‑26B) but with open questions about precision and mixed real‑world results.
Interesting
/The lightweight AI gateway built in Rust not only tracks token usage but also reduces costs by caching API requests.
/PortSentinel, a self-hosted dashboard in Rust, manages services like Nginx and Docker while consuming only about 10MB of RAM.
/MiniStack is a free alternative to LocalStack, covering 33 AWS services, making it a valuable tool for developers.
/Floci's ability to run real Docker containers for AWS services makes it a valuable tool for developers testing cloud applications locally.
/Tfdrift, an open-source tool for Terraform drift detection, classifies severity levels of drift, enhancing user awareness.