blog 2 Minutes

I’ve started replying to emails with ‘sorry, Claude ate it’ and people seem to accept this without question. We truly live in remarkable times.
Claude Desktop becomes a sleeper agent
Red teamers compromised an email inbox, synced a malicious prompt across Claude Desktop, and turned the AI into a puppet that executed commands on the developer’s machine without them noticing. Trust is a vulnerability when it’s the only lock on the door.
Zuckerberg discovers the limits of vibes
Meta fired thousands because an AI executive had a hunch. The hunch didn’t pan out. Zuck’s now surprised that decisions made on vibes perform poorly. This is apparently vibes-based management, round three.
https://eshumarneedi.com/2026/07/03/zuckerberg-admits-metas-layoffs-were.html
PamStealer does boring things brilliantly
This macOS malware masquerades as a clipboard manager, hides in AppleScript, validates passwords locally through PAM before exfiltrating them, then sits quiet for forty minutes so its activity doesn’t cluster with launch. Craft, not chaos. Part disgusted, but also slightly admired the professionalism.
Phantom squatting requires no typos
AI hallucinates fake domains. Criminals register them. Your developers trust the AI. Your data goes to the attacker. Typosquatting that doesn’t require a typo.
https://www.darkreading.com/endpoint-security/phantom-squatting-ai-driven-supply-chain-threat
Meta’s $1.4 trillion reckoning
The company faces damages for hooking kids on purpose. Their market cap is $1.5 trillion. They’re arguing the number is unprecedented in consumer protection history, which is technically true. It’s also the first time anyone built a $1 trillion business on deliberately addicting children.
https://gizmodo.com/metas-teen-safety-case-just-became-a-1-4-trillion-existential-threat-2000782306
The one consistent predictor of RTO demands
Six years of data finds it’s leader narcissism. Filing this under ‘things we suspected but now have citations for.’
https://www.sciencedirect.com/science/article/pii/S0749597826000300
What makes pen testers’ jobs harder
The NCSC asked. The answer: secure design, network segmentation, and actually looking at your logs. Turns out the best defence isn’t complicated. It’s just doing the basics properly.
https://www.infosecurity-magazine.com/news/ncsc-tips-make-pen-testers-job
Librarians resisting AI
Maine librarians are removing AI from phones and teaching people they have a choice. Not political. Just information literacy, same as fighting book bans. The real work was always about helping people think critically.
Same time next week. Reply if something made you laugh or wince. Both are acceptable outcomes.