-

GitLab 19.1 ships; malware stuffs CBRN keywords to blind AI scanners
A 753B open-weights model dropped under MIT, GitLab shipped secret-scan GA, and malware authors are now stuffing CBRN keywords into comments specifically to blind the AI tools scanning for them.
-

AI-generated patches slow Linux ARM64; AWS bets big on agentic everything
AI-generated patches are backing up Will Deacon’s ARM64 review queue, AWS is shipping agents that act before asking permission, and the LeadDev piece quietly explains why your deployment metrics no longer mean what you think they mean.
-

AI spam kills AppleTalk; agents argue over your incidents
AI-generated patch spam killed AppleTalk, AI agents are blamed for misrouting incidents, and a 70-year pattern says the ‘no more code’ promise won’t land any differently this time.
-

Linux 7.2 lands cache-aware scheduling; curl closes its vuln queue for the summer
Linux 7.2 is landing real work – cache-aware scheduling, a two-line IOPS fix – while Daniel Stenberg draws a line on CVE noise. Google’s data-agent announcement is mostly previews dressed as GA.
-

AUR hit by second, more sophisticated malware wave — 1,500+ packages affected
Linux 7.1 ships while 7.2 is already bumping compiler minimums, the AUR got hit twice in a day with the second wave obfuscated well enough to slip past the initial response, and a DNS caching quirk means dead domains can still look alive in your monitoring.