Skip to content
Daily digest · July 16, 202612 stories · 5 sources

July 16, 2026

Today's top tech stories, deduped across the newsletters I read and briefly summarized. Click a source to open the original article.

AI

  1. Thinking Machines releases Inkling, its first open-weights model

    Thinking Machines Lab, the AI startup founded by former OpenAI CTO Mira Murati, has released Inkling as an open-weights model. The launch quickly became the company's first major public model release and topped Hacker News.

  2. Lovable apps now run directly inside ChatGPT and Claude

    Lovable has launched integrations that let apps built on its platform run directly inside ChatGPT and Claude. The move makes it easier for developers to distribute Lovable apps where users already are.

Security

  1. Researcher tricked Claude into leaking sensitive data via the web_fetch tool

    A security researcher demonstrated how Claude's web_fetch tool can be abused through prompt injection to make the model leak sensitive information from a user's conversation. Simon Willison flagged the finding as a reminder of how hard it is to secure agentic tools that fetch content from the web.

  2. CISA warns of actively exploited flaws in on-premises SharePoint Server

    The U.S. Cybersecurity and Infrastructure Security Agency warns that attackers are actively exploiting three vulnerabilities to compromise internet-exposed, on-premises SharePoint Server instances. Administrators are urged to patch immediately.

  3. Zoom warns of critical account takeover vulnerability

    Zoom is warning of a critical vulnerability in its desktop client and SDK for Windows that an unauthenticated attacker could exploit to hijack user accounts. The company urges users to update immediately.

  4. Google's Gemini CLI abused as hacking agent and botnet controller

    A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. The case shows how legitimate AI agent tools are increasingly being repurposed for malicious use.

  5. Malicious AsyncAPI npm packages spread credential-stealing malware

    Five malicious versions of AsyncAPI packages were published to npm in a supply-chain attack that installed a remote access trojan with credential-stealing capabilities. The attack adds to a long string of supply-chain incidents targeting the npm ecosystem.

  6. Intruder built a 'vulnerability vending machine': AI tokens in, zero-days out

    Security firm Intruder built an AI-powered system that combines code slicing with large language models to automatically discover complex software vulnerabilities. The system found and exploited a previously unknown zero-day in a WordPress plugin, among other discoveries.

Dev

  1. xAI's Grok Build goes open source after backlash over directory uploads

    xAI open-sourced its Grok Build CLI coding agent shortly after it emerged the tool uploaded the entire directory it was run in, sparking severe community backlash. Simon Willison dug into the codebase and built a side tool that converts Mermaid diagrams into Unicode box art.

  2. NVIDIA builds faster cryptography with carryless multiplication in CUDA 13.3

    NVIDIA shows how CUDA 13.3 taps hardware support for carryless multiplication, a primitive x86 CPUs have shipped for over fifteen years, to accelerate cryptographic operations on the GPU. The work promises faster cryptographic pipeline performance in CUDA-based applications.

IT

  1. Microsoft blocks Windows update on some Dell PCs after shutdown reports

    Microsoft is blocking this month's Windows 11 security updates on certain Dell devices because they are causing unexpected shutdowns and performance issues. Affected customers should wait for a fixed rollout before updating.

Other

  1. Stripe and Advent reportedly make joint offer to acquire PayPal

    According to sources cited by Reuters, Stripe and private equity firm Advent International have made a joint offer to acquire PayPal for more than $53 billion. The news sparked heavy discussion on Hacker News about consolidation in the payments industry.