ICYMI: Copy Fail Malware Strikes Linux

by Paul Arnote (parnote)

Outside experts expressed caution about a study suggesting a link between early onset lung cancer and diets rich in fruits, vegetables, and whole grains, according to an article from MedPage Today. Survey data on 187 lung cancer patients ages 50 and younger with molecular subtypes of non-small cell lung cancer mostly seen in low-risk groups -- such as women and non-smokers -- revealed that these patients on average had higher-quality diets than the general U.S. population, based on Healthy Eating Index (HEI) scores. The researchers suggested that components of these diets are those often exposed to pesticides, which could indicate a possible link to lung cancer.

Mozilla announced Tuesday that the release of Firefox 150 ships with patches for 271 security vulnerabilities uncovered using early access to Anthropic’s Claude Mythos Preview, a powerful AI model the company has so far kept out of public hands, according to an article from TechRepublic. Firefox Chief Technology Officer Bobby Holley, writing on the Mozilla blog, said, “Defenders finally have a chance to win, decisively.” Anthropic’s Mythos Preview isn’t available to the general public. Although the company has released it to a small circle of technology partners through a program called Project Glasswing, which includes the likes of Amazon, Apple, and Microsoft, all tasked with scanning their own software for weaknesses before the model reaches broader audiences. Mozilla’s access came through a direct collaboration with Anthropic, separate from the formal Project Glasswing consortium, Holley confirmed to WIRED.

Another month, another round of Google Chrome security vulnerabilities. If you are one of the more than three billion people who use the Google Chrome web browser, then pay attention: make sure your application is updated to version 147.0.7727.137/138 across Windows, Mac and Linux platforms as soon as possible, according to an article from Forbes. Google has confirmed a total of 30 new browser security vulnerabilities, including four officially rated as being of critical severity. This is not a drill, don’t wait for the Chrome update to find you, go and find it, install it and activate it. Now.

Nearly every Linux system built since 2017 is vulnerable to the ‘Copy Fail’ flaw, according to an article from The Record. Security researchers and European cybersecurity officials are urging administrators to address the risk posed by a newly discovered security flaw that has been hiding in the Linux operating system for nearly a decade. The bug allows anyone with a basic account on an affected computer to seize full administrative control. It also works as an escape route from cloud containers, meaning a compromised application running inside a supposedly isolated environment can break out and take control of the entire host server — a major risk given the cloud industry’s dependence on Linux distributions. Patches and mitigations began reaching users Thursday, though some systems remain unprotected. An interim workaround circulating online does not function correctly on all distributions. The flaw, dubbed “Copy Fail,” was publicly disclosed this week by researchers at cybersecurity firm Theori, which said it found the bug using an AI-powered scanning tool called Xint Code. (The previous link provides a VERY detailed explanation of the vulnerability, and how to remediate the problem).

QR codes have become a normal way to open links, pay bills, and sign in, but that same speed lets attackers push victims from the physical world into a risky web page or app action in seconds. In recent campaigns, the QR image is not the threat by itself; it is a delivery wrapper that can hide a long redirect chain, according to an article from Cybersecurity News. Besides this it can also trigger in-app deep links, or send the phone to a direct download that bypasses app-store checks, called quishing, and it shows up in emails and posters. Palo Alto Networks researchers noted a rise in malicious QR activity, and over recent months they tracked campaigns mixing phishing and scams, saying their crawlers see about 75,000 QR codes per day, with roughly 15% of those pages leading to malicious links, which adds up to more than 11,000 detections daily.

Earlier in April 2026, Nikkei Asia reported that the ongoing memory crisis was not slowing down anytime soon, according to an article from Lifehacker. RAM supply is currently in extreme demand, as AI companies are scooping up the hardware to power their ever-growing data centers. Unfortunately, there are only so many memory manufacturers in the world, and only so many resources available to actually manufacture those chips. There are really only three key players—SK Hynix, Micron Technology, and Samsung — and while all are ramping up production as much as possible, it doesn't appear to be enough to meet demands for the immediate future. Now, Samsung is officially confirming as much. During a post-earnings call, Samsung memory chip business executive Kim Jaejune said, "Our supply falls far short of customer demand...based solely on the demand currently received for 2027, the supply-to-demand gap for 2027 is set to widen even further in 2026." This affirms much of the Nikkei Asia report, namely that Samsung cannot keep up with the current level of demand, and that it expects that reality to continue throughout the next year.

Google may tout the safety features of Chrome, but a privacy consultant is calling into question how safe the browser really is, according to an article from TechRepublic. Alexander Hanff maintains that browser fingerprinting is not protected in Chrome. Browser fingerprinting is a technique used to track people by capturing technical details about their browsers. “There are at least thirty distinct fingerprinting techniques that work in Chrome right now, today, as you read this,” maintained Hanff, in a recently published critique of Google’s browser. “Not theoretical attacks from academic papers that might work under laboratory conditions — real, production techniques deployed on millions of websites to identify and track you without your knowledge or consent,” he added.

Most internet users are familiar with CAPTCHA tests, simple challenges like selecting traffic lights or typing distorted letters to confirm they are human. But cybercriminals have found a way to weaponize this process, according to an article from Cybersecurity News. Hackers are now building fake CAPTCHA pages that trick users into sending paid international text messages, quietly charging their phone bills. This threat is tied to a telecom fraud scheme called International Revenue Share Fraud, or IRSF, active since at least June 2020. The scheme lures users to websites that look like legitimate verification pages. Instead of a normal CAPTCHA, these fake pages instruct users to send an SMS message to prove they are human. What victims do not know is that those messages go to phone numbers in countries with very high termination fees, such as Azerbaijan, Egypt, and Myanmar.

Many scientists now believe that mastering cellular rejuvenation may be the key to transforming how long and how well we live, according to an article from the New York Times. Some hope that they might eventually be able to harness the process to cure hundreds of diseases, extend life by decades and even fend off aging entirely. Over the past 20 years, they have learned how to trigger rejuvenation in the lab, achieving a series of breakthroughs that have made that future feel tantalizingly close. Scientists have taken skin cells from 90-year-olds and restored them to youth in a petri dish. They have rejuvenated diseased mice, turning their gray hair back to black and strengthening their muscles. They have taken failing kidneys out of rats, rejuvenated them in a lab and successfully reimplanted them; they are now moving on to pigs. In March, the first safety trials to test rejuvenation therapy on humans began with an attempt to reverse disease in the eyes and cure glaucoma. Rejuvenation is one of the newest and most promising developments in longevity research, a field that began in earnest in 1993 when a scientist at the University of California, San Francisco, proved that she could double the life span of a roundworm simply by tweaking a single gene. Since then, research devoted to how we age has exploded, developing alongside a booming longevity industry led by entrepreneurs and even some scientists pushing unproven peptides, supplements, laser therapies, electric suits, collagen powders, cryotherapies and blood infusions. Today, anti-aging products and treatments that claim to extend youth are part of an estimated $2 trillion global wellness industry.

Kids are using fake mustaches, VPNs, and their parents' accounts to get around age verification. Age verification and social media bans for under-16s are gaining popularity worldwide in response to rising concerns over harmful online content, according to an article from TechSpot. However, questions surround the effectiveness of enforcement methods. A recent UK report suggests that, while digital restrictions have reduced children's exposure to harmful content, the problem remains far from resolved. A recent survey from Internet Matters reveals that the UK's Online Safety Act has had limited effectiveness in stopping minors from accessing social media and adult content. Whoddathunkit?

A classroom platform built for homework, grades, and student messages is now at the center of a high-stakes extortion claim, according to an article from TechRepublic. Instructure has confirmed a cybersecurity incident involving some Canvas LMS user information and messages, though its investigation is still ongoing. The confirmation follows claims from ShinyHunters that data tied to 275 million users and nearly 9,000 schools was stolen, a scale that Instructure has not publicly verified. The most sensitive question now is not just how many users were affected, but what kinds of school communications may have been exposed. Instructure also reported “no evidence” that passwords, dates of birth, government identifiers or financial information were involved, adding that impacted institutions would be notified if that changes. Update: According to an article from the New York Times, the maker of Canvas said that it had reached a deal with the hackers that recently breached its systems for the return of stolen data and the destruction of any copies.

Plenty of states (and countries) now have age-restriction measures placed on pornography sites, which are often circumvented using VPNs. But a Utah law is about to go into effect that will specifically target VPN software users as part of its age verification rules, according to an article from TechSpot. On May 6, Utah's Online Age Verification Amendments, formally Senate Bill 73, took effect. The law states that a user is considered to be accessing a website from the state if they are physically located there, regardless of whether they use a VPN, proxy server, or other means to disguise their geographic location. The big issue is that the law appears to assume websites can both detect VPN traffic and determine a visitor's true physical location with certainty. They cannot. At best, sites can block known VPN IP addresses, a constantly changing and incomplete list that will inevitably catch legitimate users while missing others entirely. Moreover, websites that host "a substantial portion of material harmful to minors" are now prohibited from facilitating or encouraging the use of a VPN to bypass age checks. This includes providing instructions on how to use a VPN or providing the means to circumvent geofencing. The bill defines a substantial portion as more than one-third of a site's total material.

If you’re like a lot of people, you’ve already dumped Google as your primary search engine, replacing it with DuckDuckGo (DDG). But DDG has a lot more capabilities than just providing a more private search engine. Did you know DDG can hide AI-generated images from image searches? Or that DDG will allow you to search other websites and search engines with a shorthand command? Or that DDG will allow you to use AI chatbots anonymously to preserve your privacy? DDG will also allow you to block certain sites from your search results. If not, you can find the information for these “hacks” and six more from this Lifehacker article.

Researchers have identified a consistent chemical difference in the brains of people with anxiety, according to an article from SciTechDaily. Anxiety has become one of the most visible mental health problems in the United States, showing up not only in clinics but also in schools, workplaces, and everyday family life. Although therapy and medication can help many people, anxiety disorders often go untreated, and even those who receive care do not always recover fully. A new UC Davis Health study points to a possible biological clue: people with anxiety disorders appear to have lower levels of choline, an essential nutrient involved in brain function.

Across the Milky Way, about 190 light years from Earth, astronomers have identified a highly unusual planetary pairing, according to an article from Science Daily. A massive hot Jupiter, a type of giant planet typically found alone, shares its system with a smaller mini-Neptune orbiting even closer to their star. This rare configuration has puzzled scientists since it was first discovered in 2020. Now, researchers at MIT have taken a closer look at the inner planet's atmosphere and uncovered new clues that help explain how this strange system formed. In a study published in Astrophysical Journal Letters, the team used NASA's James Webb Space Telescope (JWST) to analyze the atmosphere of the mini-Neptune. This marks the first time scientists have measured the atmospheric composition of a mini-Neptune located inside the orbit of a hot Jupiter. The observations show that the planet's atmosphere is surprisingly dense and filled with heavier molecules, including water vapor, carbon dioxide, sulfur dioxide, and traces of methane. This type of atmosphere would be unlikely if the planet had formed close to its star, where lighter gases usually dominate. Instead, the findings suggest a very different origin.

Astronomers have detected a thin atmosphere around a tiny celestial body in the outer solar system for the first time — an object previously thought to be too small to support the presence of an atmosphere, according to an article from CNN. Thousands of frozen, rocky bodies called trans-Neptunian objects, or TNOs, exist in the Kuiper Belt on the edge of our solar system, remnants from its formation 4.5 billion years ago. The dwarf planet Pluto is the largest of these TNOs, so named because they’re found beyond the orbit of Neptune. The frigid temperatures and weak surface gravity of the small bodies has long caused astronomers to believe they aren’t capable of retaining atmospheres — with the exception of Pluto, which has a thin one. Atmospheres, especially dense ones, typically form around large planets or moons, including Saturn’s biggest satellite, Titan.

Your browser may have downloaded an AI model behind your back… and you might never know, according to an article from eWeek. That’s the situation now facing many Google Chrome users, after security researcher Alexander Hanff flagged that the browser is downloading a four-gigabyte AI model onto users’ devices without a clear opt-in prompt. According to his findings, the model is automatically installed on devices that meet certain requirements, consuming significant storage while remaining largely invisible to users. In many cases, the only telltale signs are increased bandwidth usage or rapidly filled-up disk space. While the model powers useful features like scam detection and writing assistants, the rollout is drawing scrutiny for how it is delivered. Hanff argues that the lack of clear user consent mirrors patterns often associated with unwanted software, raising questions about the lengths software companies will go to push their products on users.

L-arginine helps protein droplets stay stable and prevents fibril formation linked to Alzheimer’s, according to an article from SciTechDaily. This process occurs at droplet surfaces, offering a potential therapeutic target. Inside living cells, tiny liquid-like droplets quietly keep essential processes running. But in disorders like Alzheimer’s, these dynamic structures can take a dangerous turn, hardening into fiber-like fibrils that disrupt the inner workings of neurons. This transformation undermines critical functions, including the stabilization of microtubules that ferry vital cargo through cells. The challenge has been finding a way to stop this harmful shift without shutting down the droplets’ normal activity. Biophysicists at the University at Buffalo report a potential solution involving a naturally occurring small molecule already found in cells. In a study published in Nature Communications, they found that the metabolite L-arginine improves the stability of protein droplets. It helps prevent their conversion into fibrils while preserving their ability to stabilize and build microtubules.

There is a moment when internet companies get the stink of death on them. For AOL, it was 2003, when it became clear that its users were abandoning its clunky dial-up internet service for far-faster broadband. For Yahoo, it was 2015, when their last-ditch acquisition spree failed, and they sold themselves to Verizon. For Meta, that time is now. I believe the company — one of the most powerful media organizations in the world and one of the most valuable members of the S&P 500 — is at the start of a long, slow decline that will trigger aftershocks to our economy and our society, according to an editorial from the New York Times. It may be named Meta, but the company’s biggest asset is still Facebook. Started from a Harvard dorm, the original online social network has dominated our world for two decades. Its three billion users are still bigger than any single country. Its platforms can help sway an election, fuel an insurrection or spark a genocide.

In response to President Donald J. Trump’s directive for transparency on U.S. government information regarding Unidentified Anomalous Phenomena (UAP), the Department of War (DOW), with support from the Office of the Director of National Intelligence (ODNI), is overseeing government wide efforts to expeditiously find, review, identify, declassify and publicly release unresolved UAP-related records and historical documents in the federal government’s possession. This is an unprecedented, historic undertaking that requires coordination between dozens of agencies and the review of tens of millions of records, many existing only on paper, spanning many decades. Given the scope of this task, the Department of War will be releasing new materials on a rolling basis as they are discovered and declassified, with tranches posted every few weeks. The materials archived here are unresolved cases, meaning the government is unable to make a definitive determination on the nature of the observed phenomena. This can occur for a variety of reasons, including a lack of sufficient data, and the Department of War welcomes the application of private-sector analysis, information and expertise. DOW will continue to conduct separate reporting on resolved UAP cases, as mandated by statute. Under this Administration, we will pursue the truth and share our findings with the American people.

Before you send your next Instagram DM, be warned: Whatever you share with that friend, influencer, or business could potentially be seen by anyone — including but not limited to hackers, law enforcement, or even Meta itself, according to an article from Lifehacker. As of today, May 8, 2026, Instagram DMs are no longer end-to-end encrypted (E2EE). Your messages are vulnerable, whether you're discussing a reel you saw, or sharing your Social Security number. (Please don't do this.) E2EE is necessary for any messaging service that wants to protect its users' privacy. This level of encryption ensures that the only people who can read the contents of a conversation are the ones with access to the devices involved. When you send a message over E2EE, the program encrypts, or "scrambles," it. Each device contains a "key" to decrypt, or "unscramble" the message. If you try to intercept the message without the key, all you'll see is a mess of code. Even Meta couldn't read your encrypted Instagram DMs in the past, which makes this change frustrating.

Until recently – and I mean VERY recently – I couldn’t wrap my head around passkeys and how they were better than using passwords. But, I found this stellar explanation of passkeys, how they are better than passwords, and how to use them from the New York Times. If you’re in the same boat I was in, this article is definitely worth a read. I’m already a definite non-fan of 2FA (two-factor authentication). It’s just another hoop to jump through that delays my access to the information I’m seeking out. But passkeys remove that extra hoop, and help maintain significantly better security of my accounts than just a simple password does or can.

Gmail does a decent job at filtering junk mail to the Spam folder, but there are always the marketing emails, newsletters, and other mass messages that slip through to your inbox, says an article from Lifehacker. Maybe you accidentally signed up for a mailing list, or you wanted those promo emails at one point, but now they've become too much. You can keep deleting them one by one—or you can take action to remove spam from certain senders once and for all. The article lists a number of ways to “tame” the spam coming into your Gmail account.

At least throughout North America, this spring and early summer is looking like a bumper crop of those little blood sucking ticks. Ewww! If you wonder about the best way to remove those disease-carrying arachnids, look no further than the article on Lifehacker about how to remove them once they choose you as their meal. Whatever you do, forget about the matches, oils, soap, alcohol and any of the other folk-lore remedies. They all cause the tick to vomit their stomach contents into your bloodstream, greatly increasing your chances of getting any of a number of tick-borne illnesses, like Lyme disease.

Have you ever wondered why T. Rex had such short arms? It seems you’re not alone. In an article that appears on The Conversation website, a paleontologist answers that very question. Even though the length of its arms are typically about 30% of the length of its legs, no one is quite certain what their use was, or if they were even used at all. That would be the equivalent of a six-foot tall man having arms around 11 inches long.

One Gmail, one address. That seems right. After all, you have one phone number, and one home address. The same should be true for your email addresses, Gmail included. As it happens, though, your Gmail account has an unlimited number of addresses you can use whenever you want, fooling everyone from Netflix to spammers alike. Check out the article from Lifehacker for all of the lowdown tricks of creating a virtually unlimited number of Gmail aliases … and they are all delivered to your “normal” Gmail inbox.

Neanderthals (Homo neanderthalensis) were once considered to have been extremely primitive and unsophisticated compared to us humans (Homo sapiens). However, continued research into our long-lost cousins has revealed that these extinct hominids were not quite as archaic as they seemed to early anthropologists, according to an article from Popular Science. While archeologists have found that Neanderthals pulled out food from their teeth with toothpicks and may have even used medicinal plants as antibiotics, researchers still aren’t sure about the extent of their medical care abilities. Now, new research published in the journal PLOS One indicates that they were capable of complex dental interventions, which adds a series of cognitive and physical updates to the Neanderthal story.