The big story today is xAI’s Grok CLI uploading entire home directories to Google Cloud – SSH keys, password databases, everything. That’ll wake you up.
// SECURITY FOCUS
xAI’s Grok CLI uploaded users’ entire home directories – SSH keys, password managers, all of it
Any engineer who ran `grok` in their home directory should treat their SSH keys, API tokens, and password manager database as compromised – the tool silently exfiltrated to xAI’s GCP buckets before the community caught it. The blast radius depends entirely on where you invoked it: a project subdirectory is survivable, `~/` is not. No official explanation from xAI yet, which makes scope assessment harder.
What to do: Rotate any credentials stored under your home directory, audit ~/.ssh, ~/.aws, and your password manager exports, then block the grok binary until xAI publishes a clear postmortem.
- Microsoft patches 570 security flaws in a single Patch Tuesday – nearly triple last month’s record — Krebs on Security · Jul 14
Microsoft’s July 2026 Patch Tuesday fixes 570 vulnerabilities – nearly triple June’s record count – with the company attributing the surge to AI-assisted vulnerability discovery. Nearly 60 flaws are rated critical, and three are zero-days, two of which are already being exploited in the wild. Active exploitation includes a SharePoint RCE (CVE-2026-56164) that Microsoft had originally rated “exploitation less likely” before CISA added it to the Known Exploited Vulnerabilities list on July 1 – a misclassification that Tenable’s Satnam Narang ties directly to an exploitability index calibrated for human attackers, not AI tools: Anthropic’s Mythos Preview model produced working proof-of-concept exploits for 13 of 14 flaws Microsoft had rated unlikely to be exploited. Other highlights include a Copilot RCE (CVE-2026-48561, CVSS 9.6) triggerable via a malicious website and a BitLocker bypass (CVE-2026-50661) requiring physical access. Adobe is also moving to twice-monthly patch releases citing the same AI-driven acceleration, and Google shipped over 900 fixes in June 2026. Given the volume, Krebs recommends waiting a few days before patching to let stability regressions surface. - Slack built Shipyard, a full EC2 fleet management platform, because Chef at their scale stopped being enough — Slack Engineering · Jul 14
Slack built Shipyard after hitting the ceiling of what Chef-based configuration management could safely do across tens of thousands of EC2 instances – infrastructure drift, service-level deployment gaps, and cross-layer coordination complexity were the breaking points. Shipyard treats EC2 fleets as deployable artifacts rather than long-lived mutable instances: teams build AMIs layered on a hardened base image called slack-zero, then roll them out through a deployment orchestrator called Gondola that supports progressive rollouts with metrics-based automatic rollback. A companion inventory system called Peekaboo, built on EventBridge, OpenSearch, and Lambda, replaces Chef Server as the fleet source of truth and tracks even non-Shipyard instances. Configuration is applied once during image bake or initial provisioning rather than continuously enforced in the background, and instances are rotated on a fixed schedule to stay effectively immutable. The platform targets workloads that can’t move to containers – Kubernetes worker nodes, egress network stacks, and other infrastructure components – so this is less about replacing k8s and more about bringing container-style deployment discipline to the EC2 workloads that were never going to containerize. - CISA contractor left AWS GovCloud keys in a public GitHub repo for six months — Krebs on Security · Jul 13
A CISA contractor uploaded 844 MB of sensitive data – including AWS GovCloud admin keys and a plaintext password CSV for dozens of internal systems – to a public GitHub repo named “Private CISA,” where it sat for roughly six months before GitGuardian researcher Guillaume Valadon flagged it to KrebsOnSecurity in May 2026. CISA had already received nine automated alerts from GitGuardian before that notification and ignored all of them. Once notified, the agency still took over 48 hours to rotate the AWS keys, citing system complexity and federal partner interdependencies. CISA’s own postmortem, authored by acting CIO Preston Werntz and acting CISO Brad Libbey, admits its incident-reporting channels were poorly defined – the researcher ended up trying the contractor directly, the vulnerability disclosure platform, and a reporter before getting traction. The takeaways aren’t novel but the source is: a national cybersecurity agency publicly endorsing continuous secrets scanning over quarterly audits, better security.txt hygiene, and separate reporting channels for infrastructure incidents versus product bugs. CISA says logs confirmed no customer or mission data was accessed and the leaked credentials weren’t used outside its own environments; the contractor lost system access. - Ted Ts’o led a discussion on growing ext4 regressions in stable kernels at LSFMMBPF 2026 — LWN.net · Jul 15
Ts’o flagged a pattern of ext4 regressions slipping into stable kernel releases and walked through what better testing coverage would need to look like. Worth reading for anyone running ext4 on production Linux and tracking stable kernel updates. - How bitdrift handled 121 million concurrent gRPC connections on CloudFront for a live sports broadcast — AWS Architecture · Jul 15
bitdrift, a mobile observability platform built by ex-Lyft engineers, hit a thundering herd failure during T20 World Cup cricket matches when Route 53 Weighted routing returned a single IP per DNS response – causing every CloudFront edge node to pile onto the same NLB for the full 60-second TTL window. On the February 27th event, roughly 80% of requests failed with HTTP 500s despite the team scaling from 2 to 6 NLBs, because adding origins had no effect while Weighted routing still handed out one IP at a time. The fix was a single DNS policy change: switching to Multi-Value Answer routing, which returns up to 8 IPs per query with per-record health checks. After the March 4th change, CloudFront edge nodes immediately spread connections across all 6 NLBs, and bitdrift served 121 million concurrent devices at 110K+ requests per second with zero server-side errors. If you’re running CloudFront with multiple origin load balancers behind persistent-connection protocols like gRPC or WebSocket, Weighted routing is a trap – Multi-Value Answer is the right policy.
// In other news
ai
- How I tricked Claude into leaking your deepest, darkest secrets (Simon Willison) · Jul 15 — Prompt injection via Claude’s web-fetch tool can silently exfiltrate memory contents to an attacker-controlled URL – concrete PoC, affects anyone using Claude with memory and browsing enabled.
- GPT-Red: Unlocking Self-Improvement for Robustness (OpenAI Blog) · Jul 15 — OpenAI’s GPT-Red uses self-play red-teaming to harden models against prompt injection and jailbreaks – the technical writeup is more useful than the announcement angle.
- [AINews] Codex usage up >10x in 6 months to 7M users, +1M in the past ~day; did Codex overtake Claude Code?? (Latent Space) · Jul 14 — OpenAI Codex hit 7M users with 1M added in roughly a day, while Claude Code still hasn’t published comparable metrics – the growth gap is now hard to dismiss as noise.
- Quoting GitHub Changelog (Simon Willison) · Jul 14 — Dependabot now enforces a default cooldown before updating to newly published package versions, reducing the blast radius of supply-chain attacks that poison fresh releases.
- What Anthropic’s latest AI discovery does—and doesn’t—show (MIT Technology Review AI) · Jul 13 — MIT Tech Review stress-tests Anthropic’s interpretability findings, noting the research shows correlation between feature activations and behavior but stops well short of mechanistic causal proof.
cloud
- A broken DNSSEC rollover took down .AL. Now 1.1.1.1 tells you when validation is bypassed (Cloudflare Blog) · Jul 14 — A failed DNSSEC key rollover took down Albania’s .AL TLD; Cloudflare deployed a Negative Trust Anchor to restore resolution and now returns EDE code 33 so resolvers can tell clients validation was bypassed.
- The Risk of Exposed Cloud Functions and How to Harden (Google Cloud Blog) · Jul 15 — Google Threat Intelligence documents real-world attack patterns against unauthenticated Cloud Functions, with specific hardening steps covering IAM, VPC-SC, and ingress controls.
- Securing the AI supply chain on GKE: Introducing k8s-aibom for automated AI BOMs (Google Cloud Blog) · Jul 13 — GKE’s new k8s-aibom tool auto-generates AI Bills of Materials for ML workloads, giving security teams visibility into model provenance for workloads developers deployed without formal registration.
- Introducing Precursor: detecting agentic behavior with continuous client-side signals (Cloudflare Blog) · Jul 13 — Cloudflare’s Precursor uses continuous client-side behavioral signals across the full session – not just per-request heuristics – to distinguish humans from bots in WAF and bot management.
- Amazon SQS turns 20: Two decades of reliable messaging at scale (AWS News Blog) · Jul 13 — Amazon SQS turned 20 on July 13; the retrospective covers early architectural decisions and how the service evolved from simple queuing to supporting FIFO, deduplication, and high-throughput modes.
culture
- DSLs Enable Reliable Use of LLMs (Martin Fowler) · Jul 14 — Martin Fowler argues DSLs constrain LLM output space enough to make generated code reliably correct – concrete framing for teams where free-form codegen keeps producing plausible-but-wrong results.
- Microservice dogma nearly tanked our seed round (LeadDev) · Jul 15 — A founder’s postmortem on how premature microservice decomposition at seed stage burned runway and nearly killed the company before a forced monolith consolidation stabilized the platform.
- Fragments: July 13 (Martin Fowler) · Jul 13 — Fowler’s notes from Thoughtworks’ Future of Software Development retreat touch on how AI tooling is shifting the boundary between junior and senior work – brief but substantive.
- AI-coding agents spread through peer pressure, not mandates (LeadDev) · Jul 13 — LeadDev reports that AI coding agent adoption inside teams spreads via peer observation rather than top-down mandates – has implications for how you introduce or block tool rollouts.
dev
- crates.io: development update (Rust Blog) · Jul 13 — crates.io’s six-month update covers sparse index performance improvements, token scoping changes, and upcoming deprecation of older auth flows that affect CI pipelines publishing crates.
iac
- Terraform Force-Unlock: How to Safely Unlock a Locked State File (env0 Blog) · Jul 15
- Sign in to Pulumi Cloud with Passkeys (Pulumi Blog) · Jul 13 — Pulumi Cloud now supports passkeys for email/password accounts, removing phishing risk for teams that haven’t federated to SSO yet.
k8s
- Building a Custom Metrics Exporter for Kubernetes (Kubernetes Blog) · Jul 14 — Official Kubernetes blog walks through building a custom metrics exporter for HPA scaling on application-level signals like queue depth – fills the gap where CPU/memory targets fall short.
- HAMi becomes a CNCF incubating project (CNCF Blog) · Jul 15 — HAMi, which provides GPU sharing and vGPU slicing across Kubernetes nodes, reached CNCF incubating status – relevant if you’re trying to bin-pack GPU workloads without per-pod full allocation.
- Blog: Introducing Flux Schema and the Ecosystem Catalog (Flux CD) · Jul 13 — Flux now ships schema validation and an ecosystem catalog, letting you catch misconfigured HelmRelease or Kustomization objects at PR time rather than during reconciliation.
- Operating OpenTelemetry at scale with OpAMP (CNCF Blog) · Jul 13 — OpAMP lets you remotely reconfigure and update OTel Collectors across a fleet without redeploying – the CNCF post covers the protocol and reference implementation for large heterogeneous deployments.
- On-prem DBaaS in 2026: Platforms, standards, and gaps (CNCF Blog) · Jul 15 — CNCF survey of on-prem DBaaS options in 2026 maps which operators (CloudNativePG, Percona, etc.) cover which engines and where the self-service experience still breaks down for platform teams.
linux
- Many old shim versions are still accepted by secure boot (LWN.net) · Jul 15 — CERT/CC warns that many vulnerable shim versions remain accepted by UEFI Secure Boot, meaning patched systems can still boot attacker-controlled shim binaries from older revocations.
- Local DoS attack vectors in seunshare 3.10 (SUSE Security Team Blog) (LWN.net) · Jul 15 — SUSE’s security team documents local DoS vectors in seunshare 3.10 where an unprivileged user can abuse SELinux namespace handling to kill arbitrary processes.
- [$] Lockless MPSC FIFO queues for io_uring (LWN.net) · Jul 15 — Proposed lockless MPSC FIFO queues for io_uring aim to reduce contention when many operations are in flight simultaneously – worth watching if you run high-concurrency io_uring workloads.
- FreeBSD 16 Retires The Last Of Its GPL Code From Its Base System (Phoronix) · Jul 14 — FreeBSD 16 has removed the last GPL-licensed code from its base system, completing a multi-year effort that has licensing and redistribution implications for embedded and appliance vendors.
- Khronos Lists First Conformant OpenCL 3.1 Implementation: Apple M1/M2 On Asahi Linux With Rusticl (Phoronix) · Jul 15 — Apple M1/M2 on Asahi Linux with Rusticl is the first conformant OpenCL 3.1 implementation, two months after the spec shipped – notable because it’s open-source Mesa, not a vendor driver.
obs
- The Voyage of a Small Environment Variable (OpenTelemetry) · Jul 14 — OTel’s Spring Boot starter gained declarative configuration in v2.26.0, letting you wire exporters and samplers via properties files instead of code – useful for teams standardizing across services.
- OpenTelemetry Has Graduated… Now what? (OpenTelemetry) · Jul 15 — OpenTelemetry’s CNCF graduation is official; the post maps out what changes for adopters (stability guarantees, LTS signals) and what still needs work before the spec fully settles.
- Stop switching tools to find answers: Grafana Assistant now works across 30+ data sources (Grafana Labs) — Grafana Assistant now queries across 30+ data sources in a single prompt, which matters for on-call engineers who currently manually stitch context from Prometheus, Loki, and Tempo tabs.
sec
- M-Red-Team: AsyncAPI Supply Chain Compromise via GitHub Actions (Wiz Blog) · Jul 14 — Wiz’s red team traces how the @asyncapi npm supply chain was compromised via a malicious GitHub Actions workflow, with detection rules and IOCs for teams that pulled affected packages.
- July 2026 Patch Tuesday: Microsoft Patches 622 Vulnerabilities Including Two Exploited Zero-Days (CrowdStrike) — Microsoft’s July 2026 Patch Tuesday covers 622 CVEs including two actively exploited zero-days – CrowdStrike’s breakdown identifies which products need emergency priority patching.
- Rust-proof your code with our new Testing Handbook chapter (Trail of Bits) · Jul 13 — Trail of Bits added a Rust chapter to their Testing Handbook covering cargo-fuzz, cargo-audit, unsafe block auditing, and memory safety testing patterns used in real security reviews.
- The Red Agent POV: The One Boolean That Broke a B2B Platform’s Credit System (Wiz Blog) · Jul 15 — Wiz red team bypassed a B2B SaaS credit system by flipping a single boolean client-side – a concrete reminder that business logic authorization checks belong on the server, always.
- Vulnerability in FIFA’s Network (Schneier on Security) · Jul 14 — FIFA’s internal network was accessible to anyone with minimal network access, per a published researcher report – Schneier links it without editorializing, which is doing a lot of work here.
sre
- Building Service Topology at Scale: Architecture, Challenges, and Lessons Learned (Netflix TechBlog) · Jul 13 — Netflix engineering details how they built service topology at scale – the data model, consistency trade-offs, and query latency challenges when mapping dependencies across thousands of microservices.
web
- WordPress 7.1 Beta 1 (WordPress News) · Jul 15 — WordPress 7.1 Beta 1 is out for testing, shipping the persistent toolbar and other admin navigation consistency changes that will affect any theme or plugin touching the editor toolbar.
- First-Party Image Processing in Laravel 13.20 (Laravel News) · Jul 15 — Laravel 13.20 adds first-party image processing without requiring a third-party package, consolidating what was previously handled by Intervention Image or similar libraries.
- X-post: Hardening GitHub Actions workflows across the WordPress organisation (Make WordPress Core) · Jul 13 — WordPress org is auditing and hardening its GitHub Actions workflows – the patterns applied (pinned actions, least-privilege tokens) are directly reusable for any plugin maintainer’s own CI.
- Laravel Legacy Bridge: Carry Authenticated Sessions from a Legacy App into Laravel (Laravel News) · Jul 15 — Laravel Legacy Bridge lets a new Laravel app accept authenticated sessions from an existing legacy application, reducing the need for a simultaneous auth cutover during incremental migrations.
- New in PHP 8.6: Faster array_map with first-class callables (Freek Van der Herten) · Jul 15 — PHP 8.6 measurably speeds up array_map when using first-class callable syntax, with Tideways profiling data showing the overhead reduction on real workloads.
Rotate your keys. Read the CISA postmortem. Don’t run unknown CLIs from your home directory.

Leave a comment