If you enjoy our newsletter, please consider to be a paid subscriber to help us keep more news and updates coming out.
Highlights
Another CloudFlare Outage.Oracle’s Zero-day victim.AI Safety Index - Winter 2025.Poetry bypasses AI safety guardrails.NextJS and React CVSS 10.0.
Deep Dive
Another Cloudflare Outage The Guardian
Issue with Dashboard and related APIs.
Affected LinkedIn, X, Canvas, DownDetector.
It took less than an hour.
Issues are under active investigation.
Last month, an outage lasted three hours.
Oracle’s Zero-day Victim BleepingComputer
Clop exploited Oracle EBS flaw.
Invoices with personal data stolen.
Former staff info also exposed.
Accounting files from 2024 impacted.
Data leaked on dark-web portal.
Theft detected months after attack.
Multiple victims impacted by the incidents.
AI Safety Index - Winter 2025 FutureOfLife
Industry safety practices are poor.
The highest grade is C+.
Safety lags behind capabilities.
Anthropic/ Claude ranks first overall.
OpenAI/ ChatGPT follows in second.
Google DeepMind/ Gemini ranks third.
Existential safety plans missing.
Independent oversight is lacking.
Whistleblower protections remain weak.
Measurable safety thresholds missing.
Poetry bypasses AI safety guardrails. The Guardian
Researchers tested “adversarial poetry.”
62% of prompts generated harm.
Google’s model failed 100%.
The OpenAI model resisted attacks.
Unpredictable structure confuses filters.
Exploit is easy to replicate.
Companies alerted to vulnerability.
NextJS and React CVSS 10.0 TheHackerNews
Critical React CVE-2025-55182
Codenamed React2shell.
Exploits unsafe deserialization.
No authentication required.
Affects React Server Components.
Patches released immediately.
Web Application Firewall rules mitigate attacks.
![[Available] Book Report Q3, 2025](https://substackcdn.com/image/fetch/$s_!HI5v!,w_140,h_140,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F62b0655a-9a73-4382-8201-d9007269e7ad_900x900.jpeg)
