THE DAILY BRIEF

Security researchers discovered a stable Firefox identifier stored in IndexedDB that persists across Tor sessions, defeating Tor's core privacy guarantee of unlinkable identities. The vulnerability could allow attackers to correlate separate Tor browsing sessions to the same user.

► This breaks the fundamental assumption that Tor provides anonymity, affecting journalists, dissidents, and privacy advocates who rely on Firefox for sensitive work.

Framework announced its new Laptop 13 Pro alongside updates to its 16-inch model, continuing its modular hardware strategy. The announcement covers 8 sources, indicating broad industry coverage of the company's hardware refresh.

► Framework's focus on repairability and modularity challenges the disposable laptop model, influencing how major OEMs think about device longevity and user control.

Google Cloud unveiled its latest tensor processing unit (TPU) generation: the TPU 8t optimized for AI training and the TPU 8i for inference workloads, with general availability planned for later in 2026. The announcement comes as Google pushes deeper into AI infrastructure competition.

► Google's custom silicon strategy reduces reliance on Nvidia and signals aggressive competition in the AI compute market, potentially shifting pricing and availability dynamics for enterprise AI teams.

A new supply chain attack targeting the npm ecosystem steals developer authentication tokens and self-propagates through packages published from compromised accounts, expanding the attack surface beyond initial victims. The attack exploits the trust developers place in npm dependencies.

► This self-replicating attack model demonstrates that traditional credential theft in package managers can now weaponize legitimate developer workflows, requiring immediate changes to how teams manage npm access.