June 23, 2026
Today's top tech stories, deduped across the newsletters I read and briefly summarized. Click a source to open the original article.
AI
Moebius: 0.2B inpainting model matches 10B-level performance, now runs in the browser
Moebius is a 200-million-parameter image inpainting model that rivals models ten times its size, and Simon Willison has now ported it to run entirely in the browser.
Prompt injection reframed as role confusion
New research reframes prompt injection attacks as a role confusion problem, where attackers exploit AI models' inability to distinguish trusted system instructions from untrusted content in user-supplied data.
Microsoft patches AutoJack vulnerability chain in AutoGen Studio
A vulnerability chain called 'AutoJack' in Microsoft's AutoGen Studio let attackers manipulate an AI agent into executing arbitrary commands on its host system simply by luring a user to a malicious webpage; Microsoft has now issued a fix.
NVIDIA introduces Halos: full-stack functional safety system for physical AI
NVIDIA launched Halos, a complete hardware-to-software safety system for autonomous robots designed to operate alongside humans in factories, warehouses, and hospitals.
Security
Police chiefs used Flock license plate readers to stalk women without warrants
An investigation reveals that police chiefs used Flock's license plate reader network to track women without obtaining warrants, renewing calls for mandatory court approval before deploying mass surveillance technology.
FortiBleed campaign used custom FortiGate sniffers to steal credentials
The large-scale FortiBleed campaign targeting Fortinet FortiGate firewalls deployed custom sniffers to intercept authentication secrets and steal credentials from compromised devices.
FFmpeg patches PixelSmash flaw affecting Jellyfin, Kodi, and OBS Studio
A newly disclosed FFmpeg vulnerability dubbed 'PixelSmash' can be exploited for remote code execution on Jellyfin servers and trigger denial-of-service in widely used apps including Kodi, Emby, Nextcloud, and OBS Studio.
JaredFromSubway MEV bot hacked for $15 million
The JaredFromSubway Ethereum MEV bot lost $15 million after an attacker created fake cryptocurrency trading opportunities to manipulate the bot's opportunity-detection logic and drain its funds.
Dev
Cloudflare launches temporary accounts for AI agents and one-off services
Cloudflare introduced temporary accounts that let users and AI agents spin up short-lived, isolated cloud environments without tying them to a permanent account — useful for testing, automation, and disposable services.
IT
Chevron and Microsoft sign 20-year power deal for West Texas data center
Chevron has signed a 20-year agreement to supply power to a new Microsoft data center in West Texas, highlighting the surging energy demands of large-scale AI infrastructure.
Other
Steam Machine officially launches today
Valve launched the Steam Machine today, marking the company's return to dedicated gaming hardware after years away. The announcement drew over 1,300 upvotes on Hacker News.
Canada plans nuclear renaissance with up to 10 reactors by 2040
The Canadian government unveiled a national nuclear strategy targeting up to 10 new reactors by 2040, aiming to secure energy supply and cut carbon emissions.