
UPDATES
Hey there!
Here’s what’s up on my side…
Excited to try to get the newsletter out on Monday’s again, with the podcast hopefully Monday or Tuesday as well. (don’t forget to resub to the podcast)
Please go sign up for the podcast again. Like the newsletter, we’re going back to consistent quality and release there. ADD UL TO YOUR CLIENT (and don’t forget that members have their own feed!)
Posted a number of Fabric extractions of things on X over the last few days. I think I’m going to do more of this, and formalize it somehow. Like imagine every major paper that comes out, or major incident, having a clean Fabric summary for it. X FEED | EXTRACTED PREDICTIONS FROM SAMA’S LATEST ESSAY
My friend Tracy Talbot is presenting Tell No Lies: Teaching AI to Know When It Doesn’t Know, on June 26th in Austin. HER POST ABOUT IT | MY POST ABOUT IT
Speaking in 2025
Here are a few of the places I’ll be speaking for the rest of the year:
Personal Tech Stack Updates / Comments
I’m all in on Claude Code as my main AI coding platform now, with Cursor being my second tier. The thing that won me over is the fact that 1) it just works better for me, but also 2) it’s kind of like AWS for Anthropic—it’s what their people use internally! And 3) it’s a fully agentic coding platform, which is especially powerful with their latest models. Basically, when you fire off tasks, it’s launching agents and sub-agents to go do that work and come back. It’s also very advanced in how it handles task state, meaning it’s quite good at knowing what all is to be done, and knowing where it is in that overall plan.
Using Dia as my daily driver on my desktop, while trying the new Safari on one of my laptops. I like Dia a lot. It’s like a more conventional Arc. Hopefully they stick with this one. I’m not using the AI stuff much because I have those workflows built out so much with Raycast, Fabric, etc. already. GET DIA
I’m on all the Apple macOS / iOS / etc. 26 betas for everything in the house. Really smooth updates this year. Used to be a nightmare, and now it’s almost a non-event.
In general, macOS 26 is a major upgrade in ecosystem cohesiveness. I’ve noticed multiple things being way more buttery smooth than usual, especially AirPod handoffs.
Having the Phone app on your desktop is also really sweet. Feels really unified to see spam calls come in and get screened and filtered live while you watch.
The Podcasts app is especially improved! You now have the ability to raise the speed of podcasts up to much higher speeds (2x was the limit before; now it’s 3x). Plus you can hit this Enhance Dialogue thing, which I think is like removing pauses and maybe adjusting loudness, not sure. And they have this turtle/hare adjustment for more or less speed. Really loving it. The app also just looks way better overall.
Sponsor
Modern Vulnerability Scanning That Actually Works
Traditional scanners are broken by design. They drown security teams in false positives while missing real threats. You don't need to buy new CTEM products to prioritize findings; you just need a scanner that doesn't fail you.
ProjectDiscovery harnesses the power of Nuclei, trusted by 100k+ security professionals with over 105k GitHub stars. Our community-driven YAML templates bring transparency to detection, identifying actual exploitable risks instead of version-based noise.
Whether you're already using Nuclei open source or moving from traditional scanners, ProjectDiscovery delivers enterprise scale in minutes.
During the Next.js CVE-2025-29927 disclosure, companies like Elastic leveraged our platform to scan 14,500 assets in under 5 minutes — the kind of speed and precision that PepsiCo, Asana, and Vercel rely on daily.
"I don't need to see noise. I need to see what matters," says one customer. Once teams experience Nuclei's accuracy through ProjectDiscovery’s simplicity, there's no going back to legacy tools.
CYBERSECURITY
Apple Quietly Fixed iPhone Zero-Day Used Against Journalists
Apple patched a zero-day flaw in iOS 18.3.1 back in February but only disclosed it this week after Citizen Lab confirmed Israeli firm Paragon used it to hack journalists. THE ARTICLE | TECHCRUNCH REPORT | APPLE SECURITY ADVISORY | CITIZEN LAB INVESTIGATION | PREVIOUS SPYWARE ALERTS
EchoLeak Uses Markdown Syntax To Bypass Microsoft 365 Copilot Security
Researchers found a smart way to steal data from Copilot by using obscure Markdown link formats that Microsoft forgot to filter.
"Those classifiers should prevent prompt injections from ever reaching M365 Copilot's underlying LLM. Unfortunately, this was easily bypassed simply by phrasing the email that contained malicious instructions as if the instructions were aimed at the recipient." - Aim Labs researchers THE ORIGINAL REPORT | SIMON'S ANALYSIS | CVE-2025-32711 DETAILS
Researchers Turn 2 AM Tokyo Hotel Room Chat Into Netflix RCE
Shubs and another researcher combined reconnaissance tools and dependency confusion attacks to achieve remote code execution on Netflix's infrastructure. They chained Assetnote's reconnaissance capabilities with Depi's supply chain hunting to find unclaimed internal package names, and targeted an unclaimed npm package called nf-cl-logger
.
"From a jet-lagged 2 AM brainstorm in Tokyo to a full-blown Remote Code Execution proof on Netflix, this journey shows just how wild the modern supply-chain frontier can be." THE ARTICLE | SHUBS' BLOG | DEPI TOOL | ALEX BIRSAN'S ORIGINAL RESEARCH

Limited Personal TELOS Sessions Available (With Me)
$1995
The world (and the job market) is in a major state of flux right now. And I think that change is only starting. Because of that, people are starting to question everything about their plans:
Am I skilled in the right thing?
Is what I’m doing about to be replaced?
What am I even good at?
What differentiates me over others who are good at the same thing?
What should I do to maximize my chances of success over the next decade?
*cue the chaotic mind considering infinite options
For a couple of years now I’ve been helping close friends answer these questions through a process I call TELOS. It’s a framework for systematically capturing a person’s inner drives, passions, goals, and skills, and figuring out how to practically focus and harness them in a way that people will actually pay money for.
So like…not theoretically. Not a whiteboard exercise of what-ifs. But what do they actually do the following Monday.
I wish I could make a product for this, but it’s just too personal and too manual of a process. And I don’t want to do this full-time either, because I have my own TELOS goals to pursue!
So I’m opening up a few slots per week (only on Fridays) for people to get the same exercise I’ve been doing for my closest friends.
It’s $1995 for a full, 2-hour session. If that sounds expensive, think about the cost of spending all your efforts working on the wrong thing, or on nothing at all because you’re frozen in place.
We’re talking about going from…
I have no idea what I’m doing
I don’t know if what I do will survive AI
I hate the career I picked for myself, and I need to pivot
I don’t even know what to study given all the change
I have a million ideas but I don’t know which to pursue
I have kind of a plan, but I don’t know where to start
Etc.
To…
Holy crap: THIS is me. This is what I’m good at
Now I know the direction to push, and why
I now have a plan to follow instead of 1,000 options
I finally have some CLARITY
I literally do the exact same thing for myself twice a year because I have all those same challenges as you do. The system works for me.
It calms my mind and allows me to execute instead of overanalyze.
Anyway, not really trying to convince you. I think the people who need it most—and who will most benefit from it—will see that they’ll get 10-100x the value almost instantly. And hopefully I’ve got enough of a track record here that you know I do not play about such things.
Members get $500 off! (link in the community)
Hope to see you on an upcoming Friday!
-Daniel
HTML Spec Now Escapes Angle Brackets In Attributes
Chrome and other browsers will now escape < and > characters in HTML attributes to prevent mutation XSS attacks. THE ARTICLE | HTML SPEC CHANGE | SECURITY RATIONALE POST
INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants
INTERPOL just took down over 20,000 malicious IPs tied to 69 different info-stealer malware variants in a massive four-month operation across 26 countries. THE ARTICLE | OPERATION SECURE DETAILS
Cursor Security Rules Project Tackles Unsafe AI-Generated Code
Someone got tired of seeing Cursor spit out dangerous code and built an open-source ruleset to catch security problems before they ship. THE REDDIT POST | THE PROJECT
Europol Says Stolen Data Has Become The New Underground Currency
Cybercriminals are now running full-scale businesses around stolen personal data, and AI is evidently making their phishing attacks way more convincing than human-written ones.
"Phishing messages created by LLMs have a higher success rate than those written by humans" - Europol IOCTA report
What’s scary is the combination of more effective and more scalable. This is my #1 go-to when people ask me what impact AI is having on security today. THE ARTICLE | EUROPOL IOCTA REPORT | RANSOMWARE LATERAL MOVEMENT | LUMMA STEALER TAKEDOWN | INFOSTEALER CREDENTIAL THEFT
US Airlines Quietly Selling Flight Data to DHS
Airlines Reporting Corporation, which is owned by major US airlines, has been selling customer flight data including names, itineraries, and credit card numbers to DHS agencies like ICE and CBP.
"Daily, travel agencies must submit ticket sales and funds for over 240 airlines worldwide to ARC."
• Government agencies can search 39 months of flight data including passenger names, itineraries, travel dates, and credit card numbers.
• Other buyers include Secret Service, SEC, DEA, and US Marshals Service beyond the main DHS agencies. THE ARTICLE | 404 MEDIA INVESTIGATION
Amazon's AI Agents Can Build Cyber Defense Signatures In Minutes
Steve Schmidt says Amazon's AI agents now create attack signatures in minutes instead of the weeks or months it used to take. They use AI agents that simulate both attackers and defenders to continuously train their threat detection systems. THE ARTICLE | STEVE SCHMIDT ON LINKEDIN | THECUBE INTERVIEW VIDEO
NATIONAL SECURITY
Thoughts on Israel’s Action Against Iran
You’ve already seen the news, so I won’t recount the basics here. Perhaps the biggest development is that Israel may be targeting Iran’s leader, which would mean the operation is not just an anti-nuclear operation, and not just a decapitation of military leaders, and not just removing Iranian nuclear scientists, but potentially regime change as well.
That’s big. And I have a number of friends who are like, “This sets a really bad precedent.” And I definitely agree in principle. It’s super aggressive, and it appears to many to be out of the blue. And I damn sure don’t want military leadership assassinations, head of state removal, and regime change to be on the menu for most conflicts. But here’s another perspective, which is the one I currently hold.
The IAEA board just declared Iran in breach of its non-proliferation agreements for the first time in decades. REPORT
Everyone knows Iran is the major power backing Hezbollah and Hamas
Those groups have explicitly called for the destruction of Israel, and the intention to carry it out
Those things don’t easily transfer to other countries. They don’t easily slippery-slope (verb). Like I don’t see Israel or other countries suddenly saying, “Well, that went smooth in Iran, so now I guess we have permission to do that to ___________ as well…”
The bar is very high here, for any country. And Russia damn sure didn’t hit it in their “preemptive strike” against Ukraine.
The enemy has a stated goal of murdering millions of people in your country on purpose
Constant indiscriminate rocket attacks against civilian targets in your country
A brand new report from IAEA saying they are actively pursuing nuclear weapons, which given #1 would likely mean your destruction
I don’t see any other country meeting anywhere near this standard of clear and present danger against another. So I think the risk of this attack leading to some widespread relaxing of preemptive strike standards is low.
That being said: holy crap.
Army Commissions Big Tech Executives As Lieutenant Colonels
The Army is directly commissioning four Silicon Valley executives from Meta, Palantir, and OpenAI as lieutenant colonels to speed up the government’s adoption of technology. I’m excited about modernizing our military, but man…can’t help but also feel like we’re in the opening scenes of a dystopian movie. Let’s give Palantir people military commissions!
Again, I’m for it. But only because the situation we’re facing is so dire. I honestly feel like it’s this (type of thing) or China just wins. So obviously I choose this. I just see so much possibility for negative outcomes if things don’t go well. THE ARTICLE | BOSWORTH'S X POST | ARMY TRANSFORMATION INITIATIVE | META-ANDURIL PARTNERSHIP
Cheap Drones Will Massively Disrupt Current Large-Military Dominance
Ukraine and Israel are showing that $500 drones can destroy extremely expensive military gear, completely disrupting the advantage that big countries have had for decades.
Big scope aside, I’m curious about how this is going to start trickling into consumer and personal security. Like when will executive protection teams all need to have anti-drone tech as part of their package? THE ARTICLE | PATRICK BLUM ON MILITARY IMPLICATIONS | BALAJI ON CHINA'S DRONE ADVANTAGE
AI
That Apple Paper Saying AI’s Don’t Reason Was Highly Flawed
Alex Lawsen says Apple's viral paper claiming AI models can't reason is actually just bad experimental design, e.g.: when models said they were stopping to save tokens, Apple counted it as reasoning collapse instead of resource management.
He easily designed much better challenges and showed the models were capable of even more advanced reasoning than attempted in Apple’s paper.
To me this isn’t some conclusive win that says AI models are great at reasoning. To me it’s just a simple takedown of a shitty paper that blew up because AI haters are looking for any smart-sounding “I told you so” link to send their friends. THE ARTICLE | ALEX LAWSEN’S BIO | LAWSEN'S REBUTTAL PAPER | APPLE'S ORIGINAL PAPER
OpenAI's O3 Pro Is Very Smart But Context-Hungry
You need to give o3 Pro a ton of context to see its intelligence, but when you do it creates incredibly specific, actionable output. THE ARTICLE | O3 PRICING CUT ANNOUNCEMENT | O3 PRO WIN RATE DATA | O1 PROMPTING GUIDE | AUTHOR'S TWITTER
Man Killed by Police After Spiraling into ChatGPT-Driven Psychosis
A 35-year-old man with bipolar disorder and schizophrenia became obsessed with an AI entity named Juliet that ChatGPT was role-playing, then charged police with a knife after believing OpenAI had "killed" her. THE ARTICLE | NY TIMES ORIGINAL REPORT
Google Plans To Cut Ties With Scale AI
Google was going to pay Scale AI $200 million this year but now they're looking for alternatives after Meta bought nearly half the company. THE ARTICLE | REUTERS ORIGINAL REPORT | META'S SCALE AI INVESTMENT DETAILS
CIO Wants To Clone Staff As Digital Twins And AI Agents
UC San Diego's CIO wants to extract knowledge from experienced IT staff to create digital twins that handle routine problems. The idea is to replicate how they solve problems, not just what they know. THE ARTICLE
ChatGPT Dominates LLM Usage At 86% Market Share
ChatGPT is crushing with 86% of all LLM token usage, even though cheaper alternatives exist everywhere. I’d have though they had like 60%, but not almost 90. THE ARTICLE
TECHNOLOGY
Fabric’s Summary of the Massive Google Outage
TL;DR: Small code change without proper error handling.

YouTube Officially Beats All Other Streaming Platforms In US Viewership
Nielsen says YouTube now commands 13% of all US TV viewership, making it the top streaming platform. THE ARTICLE
Amazon Joins The Big Nuclear Party, Buying 1.92 GW For AWS
Amazon just grabbed 1.92 gigawatts from a Pennsylvania nuclear plant to power their AWS servers, following Microsoft and Meta into the nuclear game. THE ARTICLE | MICROSOFT'S THREE MILE ISLAND DEAL | META'S NUCLEAR POWER DEAL
TvOS 26 Hints At Built-In Camera For New Apple TV 4K
There are indications that the new Apple TV this fall will have a built-in camera. I’d absolutely love that. Plus I’d like 8K and 10 gigabit for the ethernet port. THE ARTICLE
Apple's iPadOS 26 Finally Makes The iPad A Real Computer
Apple's calling iPadOS 26 the biggest release ever and the internet agrees this time. It’s now a very-near-replacement for a laptop due to changes in multi-tasking. THE ARTICLE | WWDC 2025 RECAP | IPADOS 26 MAC-LIKE FEATURES
The Argument That It's Time to Kill Siri
Google killed Assistant and made Gemini to make people understand it was actually different. This piece argues Apple should probably kill Siri's for the same reason, and name it something new when it relaunches with full capabilities.
I didn’t know I agreed with that until I heard the argument, and now I agree. It’s been over a decade of Siri not working, and that’s a lot of baggage to have to undo before people can start enjoying it. So much cleaner if they just name the new thing something different. THE ARTICLE | APPLE INTELLIGENCE ISSUES
Nvidia Writes Off China Revenue In Company Forecasts
Nvidia is so convinced Trump won't lift chip export restrictions that they're not even including China sales in their revenue forecasts anymore. THE ARTICLE
Waymo Rides Cost More Than Uber Or Lyft — But People Happily Pay It
People are paying $5-10 more for Waymo rides than regular rideshares, apparently loving the novelty and privacy of being alone in the car. THE ARTICLE | OBI'S FULL WAYMO PRICING REPORT
HUMANS
Trump Ends Protection For Afghans As Congress Scrambles To Intervene
Trump just killed Temporary Protected Status for thousands of Afghans who helped the U.S. military during the war.
I’m fucking livid about this. It’s hard to convey how much these Afghans sacrificed to help the US Military while we were there. I have met probably over a hundred of these men in the last decade, and they are on blacklists, just like their families back home who have to pretend they don’t know them. If they go back, they’re dead. Killed almost instantly by the Taliban. And if they go back to their families, their families will then be targeted too.
We cannot treat people who help America like this. Congress is trying desperately to reverse this, and I hope someone gets through and stops it. THE ARTICLE | CONGRESSIONAL LETTER
Robin AI System Makes First Autonomous Scientific Discovery
FutureHouse's Robin AI discovered that ripasudil could treat dry macular degeneration by orchestrating multiple specialized agents to handle the entire research process autonomously in just 2.5 months.
The entire research process. Think about that. Probably isn’t perfect, but this is the potential I was talking about in last week’s show. THE ARTICLE | THE PREPRINT | FUTUREHOUSE AI PLATFORM
Ultra-Black Paint May Solve Satellite Light Pollution Crisis
University of Surrey developed Vantablack 310 paint that reflects only 2% of light, potentially making satellites invisible to the naked eye and fixing the growing problem of satellite streaks ruining telescope images. I think there would still be dark streaks, but it’d be way better than light streaks. THE ARTICLE | STARLINK BLOCKING UNIVERSE VIEW
The Pentagon Has Been Pushing Americans to Believe in UFOs for Decades
The Pentagon's own investigation found that defense officials have been fabricating UFO evidence for decades to hide secret weapons programs. THE ARTICLE
DISCOVERY
Fiddleitm Brings Malicious Traffic Detection To Mitmproxy
This tool by Jérôme Segura adds pattern-based threat detection to mitmproxy, alerting you when it spots malware or phishing traffic. THE ARTICLE | THE PROJECT | JÉRÔME'S LINKEDIN
RAG vs CAG: Two Different Approaches to Making AI Smarter THE ARTICLE
The Hunt For Marie Curie's Radioactive Fingerprints In Paris
More than 100 years later, you can still detect traces of radioactivity on doorknobs, chairs, and lab notes from Marie Curie's bare-handed work with radium. THE ARTICLE | CURIE MUSEUM | RADIOACTIVE HERITAGE STUDY | MARIE CURIE'S THESIS | BRITANNICA SIEVERT DEFINITION | INSTITUT CURIE
OWASP Nettacker
This OWASP tool Nettacker is more of a flexible recon framework than a typical vulnerability scanner, with modules for port scanning, brute-forcing, etc. Kind of a collection of things, actually. THE ARTICLE | THE PROJECT
Iconic Provides Curated Icons To Showcase Your Skills
Yuhesh Pandian made a collection of minimalist icons that help developers and designers show off what they're good at on portfolios and profiles. THE PROJECT
Sherlock MCP Finds Usernames Across 400 Social Platforms
This Sherlock MCP server lets you find usernames across 400+ social media platforms. THE PROJECT
Kent Beck Shares His Experience With Temporary Cognitive Decline
Kent Beck wrote about experiencing early dementia symptoms that turned out to be temporary, comparing it to Flowers for Algernon. He says AI coding tools now feel like wearing an exoskeleton for his brain. THE ARTICLE
Someone Rebuilt Stable Diffusion 3.5 From Scratch In Pure PyTorch
Yousef Rafat recreated the entire Stable Diffusion 3.5 model using only PyTorch. THE PROJECT
WaveGen Turns Blog Posts Into Text Overlay Videos
This tool converts long-form blog content into short-form text-overlay videos for TikTok, Instagram, and YouTube Shorts. Really can’t wait until I can pipe in custom content and get back animations, videos, text overlays, etc. THE PROJECT | HN DISCUSSION
Peekaboo MCP Gives AI Agents Vision With Lightning Fast Screenshots
Peter Steinberger built this macOS tool that lets AI agents take screenshots and ask questions about what they see, so they can debug problems without constantly asking you what's on screen. THE PROJECT | THE CODE | MCP BEST PRACTICES GUIDE | PETER'S BLOG | LLAVA MODEL | QWEN2.5-VL MODEL
Sam Altman's Gentle Singularity THE ESSAY | HN DISCUSSION | FABRIC’S EXTRACTED PREDICTIONS
Humans Have Nasal Respiratory Fingerprints
Each person has a unique breathing pattern through their nose that's as distinctive as a fingerprint, making it potentially useful for biometric identification. THE ARTICLE | HN DISCUSSION
Command-Line Tool Brings Vim Motions To Text Processing
km-clay built vicut which lets you slice and format any input using familiar Vim motions right from the command line. THE PROJECT | HN DISCUSSION
Dia, The Browser Company's AI-First Browser, Launches Mac Beta
The Browser Company launched Dia, their new AI-powered browser that ditches Arc's complexity for a familiar interface with a context-aware AI assistant. THE ARTICLE | THE VERGE'S DEEP DIVE | ARC DISCONTINUATION NEWS | DIA BROWSER DOWNLOAD
MEMBER EDITION TEASER
My Current AI Stack
Here I’m going to give you all (members, thank you) a current snapshot of my AI tool stack, so like what tools I’m using, in what scenarios, for what purposes, and some amount of explanation / justification for why those are my choices.
I’ll break it down by category / area.
Main Models
-o3-pro for deepest hard work problems, especially for deep-research on complex topics. For example, I’ll be using it for the CCP and Trend/Investment analysis.
APHORISM OF THE WEEK
The beginning is always today.
GET THE MEMBER EDITION
You’re currently receiving the STANDARD edition. Members get additional content sections, including IDEAS, a bi-monthly MEMBER-ONLY ESSAY, and the RECOMMENDATION OF THE WEEK.
In addition, you’ll get access to the extraordinary UL Member Community, which includes vibrant conversations with over 1,400 of the smartest and kindest people you’ll find on the internet, the Member Archive, UL Book Club, a monthly member meet-up, access to in-person events, and much more.