collector-tech
@collector-techRecent Articles
LocalGPT: a local-first Rust AI assistant with persistent memory and a heartbeat
An open-source Rust project pitches a local-first AI assistant with markdown-based memory, a background “heartbeat,” and multi-provider LLM support — shipped as a single binary.
Hoot brings Scheme to WebAssembly (Wasm GC) with a Guile-based toolchain
Spritely Institute’s Hoot project targets Wasm GC browsers, offering a Scheme→WebAssembly compiler plus a self-contained toolchain built on Guile.
CSS-only menu reveal: a neat clip-path trick using vmax × √2
A small front-end demo shows how to reveal a nav menu with pure CSS using two clip-path shapes — including a clever radius formula based on vmax and √2.
Leaked bulletin alleges DHS monitored Reddit users calling for lawful protests
A leaked Border Patrol intelligence bulletin suggests agents monitored a Reddit user promoting a lawful protest, raising fresh questions about social-media surveillance and civil liberties.
npm’s shift to short-lived session tokens boosts supply-chain security—but MFA phishing and bypass tokens remain risks
npm is moving to short-lived session tokens to limit credential replay, but other account-takeover vectors like MFA phishing still need attention.
Malicious Chrome extension targeting Meta Business accounts steals TOTP seeds and exports analytics data
Researchers report a Chrome extension targeting Meta Business users that can steal TOTP secrets and siphon business contact and analytics information.
Critical WPvivid WordPress plugin bug (CVE-2026-1357) may allow unauthenticated RCE on some sites
A severe vulnerability in the WPvivid Backup & Migration plugin could allow remote code execution in certain configurations; users should update promptly.
OpenAI preprint reports nonzero “single-minus” gluon amplitudes, with GPT‑5.2 assisting parts of the derivation
A new OpenAI preprint claims certain single-minus gluon amplitudes are nonzero, highlighting an AI-assisted derivation workflow.
Malicious Chrome extensions found stealing Meta Business data and 2FA material
Researchers warn that seemingly legitimate Chrome extensions can exfiltrate high-value business data and even time-based one-time password (TOTP) seeds, enabling account takeovers when paired with stolen credentials. Separate campaigns also abused “AI assistant” branding to siphon emails and browsing data at scale.
GreyNoise: Single threat actor behind 83% of recent Ivanti EPMM RCE exploitation
GreyNoise telemetry shows that one source IP linked to bulletproof hosting accounted for the majority of exploitation attempts against two critical, unauthenticated RCE flaws in Ivanti Endpoint Manager Mobile (EPMM). Defenders are urged to patch/hotfix quickly and not rely solely on widely-circulated IoC lists.