Zero-days, blacklisted RAM, and local LLM clusters

An anonymous GitHub account using the username 'bikini' has shocked the cybersecurity community by publishing a repository of active zero-day exploits.

The repository, titled 'exploitarium', contains functional exploit code targeting various software packages and system components.

Because these vulnerabilities were disclosed without notifying the affected vendors, security teams have had no time to prepare patches.

Security researchers are currently working to analyze the payloads, identify the impacted software, and mitigate potential active exploitation.

The company can legally buy RAM from CXMT, but it would carry serious reputational risks.

Apple is looking to alleviate some of the pressure on its supply chain by seeking an exception from the Trump administration to buy RAM chips from CXMT, a company blacklisted by the Pentagon over ties to the People’s Liberation Army, according to the Financial Times .

Legally, Apple isn’t barred from buying chips from CXMT, but doing business with a company tied to the Chinese military would carry serious reputational risks. It’s possible that CXMT could still find itself the target of export controls for undermining US security.

It’s unclear if the administration would give its blessing to Apple. Tim Cook has spent significant time trying to build bridges with the Trump administration, presenting the president with gaudy statues and attending a screening of the Melania movie, directed by accused rapist Brett Ratner. But if the White House granted Apple permission, such a decision would likely face significant blowback.

“Apple choosing to partner with a Chinese military company would be a grave mistake... Helping the [Chinese Communist Party] succeed in its plans to dominate critical supply chains will make our country’s tech industry and economy more dependent on China at a time when we must build secure tech supply chains with our allies,”

A new evaluation reveals that Z.ai's GLM-5.2 open model is highly proficient at detecting security vulnerabilities, performing on par with leading U.S. models.

The model's strong performance highlights the rapid advancement of open-source AI models originating from Chinese research labs.

Critics are questioning the effectiveness of current U.S. export controls, which focus heavily on proprietary models while leaving open models largely unrestricted.

Meanwhile, the software security industry is exploring GLM-5.2 as a cost-effective, self-hosted alternative for automated static analysis.

A new technical guide outlines how to construct a high-performance local LLM cluster using consumer-grade AMD Strix Halo APUs.

By combining the vLLM inference engine with RDMA, developers can split large models across multiple physical machines with minimal latency overhead.

The setup leverages RoCE (RDMA over Converged Ethernet) to enable direct memory access between the clustered AMD chips over standard network cards.

This approach provides an affordable, highly capable alternative to enterprise-grade NVIDIA server setups for developers running local AI workloads.

ClickHouse has open-sourced WAL-RUS, a modern Rust-based rewrite of the widely used WAL-G backup utility for PostgreSQL.

The tool is designed to securely and efficiently ship PostgreSQL Write-Ahead Logs (WAL) to cloud storage providers like AWS S3.

By rewriting the core logic in Rust, the developers have improved memory safety and reduced CPU overhead during intense database backup cycles.

WAL-RUS is intended to be a drop-in replacement, allowing teams to upgrade their disaster recovery pipelines with minimal configuration changes.