A new email from Sony says that PlayStation will require players to verify their age later this year to keep using communication features like messages and voice chat. Insider-Gaming reports: The initiative comes from the goal of providing "safe, age-appropriate experiences for players and families while respecting their privacy" and providing "meaningful control over their gaming experiences." The age-verification process will be implemented globally, and players will need to verify their age to continue using PlayStation communication services, such as messages and voice chat. If the player opts not to verify their age, they can still use other services, such as games, trophies, and the store. Only the communication experience will be affected if you choose not to verify your age. PlayStation didn't provide a date for when players will need to begin the verification process.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Guardian: A ban on mobile phones in schools in England is to be introduced by the government to ensure that "critical safeguarding legislation" is passed. The government will table an amendment to the children's wellbeing and schools bill in the House of Lords after the bill was held up by peers on opposition benches. It will make existing guidance on mobile phone bans in schools statutory, a move that ministers have resisted until now. The government had consistently argued that the vast majority of schools had already banned mobile phones, and that there was no need to add a legal requirement. They finally capitulated, however, describing it as "a pragmatic measure" to get the bill through. [...] The bill is regarded by many as the biggest piece of child protection legislation in decades and includes proposals for a compulsory register for children who are not in school, a crackdown on profiteering in children's social care, and a "single unique identifier" to help agencies track a child's welfare.

Read more of this story at Slashdot.

Apple announced that Tim Cook will step down as CEO in September after 15 years in the role, handing the job to hardware chief John Ternus. Longtime Slashdot reader sinij shares the news from MarketWatch: Cook leaves an impressive legacy after growing the company to a $4 trillion market capitalization from just $300 billion 15 years ago. Over Cook's 15-year tenure as CEO, Apple's stock has risen 1,932%, beating the S&P 500's 504% increase, according to Dow Jones Market Data. That places Apple's stock as the 38th best-performing member of the index over that period of time. Cook had big shoes to fill, replacing Apple's iconic founder, Steve Jobs, as CEO. Cook's successor, John Ternus, Apple's senior vice president of hardware engineering, will need to guide Apple's through uncharted waters as the company navigates its artificial-intelligence transition and supply-chain constraints. Cook will remain at Apple as executive chairman. "It has been the greatest privilege of my life to be the CEO of Apple and to have been trusted to lead such an extraordinary company. I love Apple with all of my being, and I am so grateful to have had the opportunity to work with a team of such ingenious, innovative, creative, and deeply caring people who have been unwavering in their dedication to enriching the lives of our customers and creating the best products and services in the world," said Cook. "John Ternus has the mind of an engineer, the soul of an innovator, and the heart to lead with integrity and with honor. He is a visionary whose contributions to Apple over 25 years are already too numerous to count, and he is without question the right person to lead Apple into the future. I could not be more confident in his abilities and his character, and I look forward to working closely with him on this transition and in my new role as executive chairman." As for Ternus' replacement, the role of Chief Hardware Officer will be awarded to Apple executive Johny Srouji. "Srouji, who most recently served as senior vice president of Hardware Technologies, will assume an expanded role leading Hardware Engineering, which John Ternus most recently oversaw, as well as the hardware technologies organization," said Apple in a press release.

Read more of this story at Slashdot.

Alex Bores, a former Palantir employee and current Democratic House candidate in New York, is proposing an "AI dividend" that would send direct payments to Americans if AI drives major job losses. "At its core, the AI Dividend is simple: if AI dramatically increases productivity and concentrates wealth, the American people have a stake in those gains," a memo on the policy reads. Axios reports: The dividend would fund direct payments to Americans. It would also be invested into workforce training and education, as well as government capacity to "govern AI safely and fund independent oversight," per the plan memo. "You don't take out fire insurance because you expect your house to burn down -- you have insurance in case something goes awry," Bores told Axios in an interview. "Here we have, for the first time, a technology where the makers of the technology are explicitly saying that their goal is to replace all human labor." "The fact that they've put it out there means government needs to take it seriously." [...] The proposal would be funded through: - A token tax, described in the memo as a "modest tax on AI consumption" - Equity participation in frontier AI firms - Changes to the tax code that would reduce incentives to invest in AI "when it leads to less work" "If [AI companies] they can support this plan, that would show that they actually believe in what they're putting out there," Bores said. "If they're not doing it, then I think it shows that they're really putting window dressing out there." Further reading: Palantir Posts Bond Villain Manifesto On X

Read more of this story at Slashdot.

Deezer says AI-generated songs now make up 44% of all new uploads to its platform, with nearly 75,000 arriving each day and more than two million per month. The company notes that consumption of these tracks is still very low, "between 1-3% of the total streams," and 85% are flagged as fraudulent. TechCrunch reports: The latest figure from Deezer highlights a continuous surge in AI-generated music uploads to the platform. Deezer reported receiving around 60,000 AI tracks per day in January, up from 50,000 in November, 30,000 in September, and just 10,000 in January 2025, when it first launched its AI-music detection tool. Songs tagged as AI-generated on Deezer are automatically removed from algorithmic recommendations and not included in editorial playlists. The company announced today that it will no longer store hi-res versions of AI tracks. "AI-generated music is now far from a marginal phenomenon and as daily deliveries keep increasing, we hope the whole music ecosystem will join us in taking action to help safeguard artists' rights and promote transparency for fans," said Deezer CEO Alexis Lanternier in a press release. "Thanks to our technology and the proactive measures we put in place more than a year ago, we have shown that it's possible to reduce AI-related fraud and payment dilution in streaming to a minimum."

Read more of this story at Slashdot.

Starting on September 1, Ternus will lead one of the world's most valuable companies, but if you're not a dedicated Apple enthusiast, you've probably never heard of this man, who has largely remained out of the spotlight until now.

Amazon has made another circular AI deal: It's investing another $5 billion in Anthropic. Anthropic has agreed to spend $100 billion on AWS in return.

Google is rolling out Gemini in Chrome in Australia, Indonesia, Japan, the Philippines, Singapore, South Korea, and Vietnam. The company is rolling this feature out to both desktop and iOS in all of these countries except Japan.

The transition has been expected for some time and ends one of the longer and more impactful runs a CEO has had at any company. Cook had inherited a company that many industry watchers and enthusiasts struggled to separate from its famed founder. What he leaves behind is a $4 trillion business with annual revenue that has more than quadrupled on his watch.

You can use the new tools to remove blemishes, refine skin texture, brighten eyes, or whiten teeth in photos.

If Instagram has been turning your color photo posts into black and white recently, don’t worry, there’s no problem with your camera or your account. The Meta-owned app has confirmed to Engadget that the issue is caused by a bug that’s affecting HDR photos in particular. "Earlier today, a technical issue caused some HDR photos to appear incorrectly as black-and-white for a subset of accounts,” Instagram has told us. However, we see complaints dated April 18 and 19, so the issue has been going on a bit longer for some people.

Regardless of when the bug started causing problems, the Instagram team said it has since corrected the issue. If your posts are still showing up in black and white, Instagram said the fix will automatically turn your affected photo posts back to their original state over the next few hours. “We apologize for any inconvenience,” they added.

This article originally appeared on Engadget at https://www.engadget.com/apps/instagram-says-a-bug-turned-your-photos-black-and-white-061802389.html?src=rss

Amazon and Anthropic are strengthening their ties once again, with steep financial commitments made on both sides. Today, Amazon announced that it will invest $5 billion in the AI company, along with as much as $20 billion in additional payments if certain milestones are met. This news follows the initial $4 billion investment Amazon made in Anthropic in 2023 and a second $4 billion round from 2024.

On Anthropic's side, it has committed to continued use of Amazon's custom Trainium silicon for its AI models. The latest agreement will see Anthropic promising to spend more than $100 billion on AWS technologies over the coming decade. It will secure up to 5 gigawatts of current and future chip capacity for training and powering its models. Their partnership is also bringing Anthropic's Claude platform to Amazon Web Services customers within the AWS portal, removing the need for additional credentials.

This article originally appeared on Engadget at https://www.engadget.com/ai/amazon-will-invest-up-to-25-billion-in-anthropic-in-a-broad-deal-225239302.html?src=rss

After debuting in the US, Gemini in Chrome is making its way to more markets. Starting today, Google is rolling out Chrome's built-in chatbot to users in Asia and the Pacific, including Australia, Indonesia, Japan, the Philippines, Singapore, South Korea and Vietnam. The expansion comes after Google earlier this year made Gemini in Chrome available to people in Canada, India and New Zealand.

With the exception of Japan, where Google isn't making the new suite available on iOS just yet, everyone else in the countries mentioned above can access Gemini in Chrome through Chrome's desktop browser, and the app on their iPhone or iPad. To get started, just tap the "Ask Gemini" icon at the top right of the screen. It will open a new sidebar Google introduced at the start of the year where you can chat with Gemini across every open tab. From there, you can also access Google's in-house image generator, Nano Banana 2. As you would expect, the suite offers integrations with Google's other apps, allowing you, for instance, to add events to Calendar without leaving the interface.

If you don't want to use Gemini, you can right click on the shortcut to unpin it from the top of the interface.

Update 7:43PM ET: This article has been updated to reflect the expansion includes the entire Asia-Pacific region.

This article originally appeared on Engadget at https://www.engadget.com/ai/google-brings-gemini-in-chrome-to-users-in-asia-and-the-pacific-220000698.html?src=rss

Apple CEO Tim Cook is officially stepping down from his role on September 1, the company announced today, while current SVP of hardware engineering John Ternus will take over as the new CEO. Cook will transition to a new role as executive chairman of Apple’s Board of Directors. The company says the move was “approved unanimously” by Apple’s Board, and that Cook will work on transitioning his duties over the summer.

“It has been the greatest privilege of my life to be the CEO of Apple and to have been trusted to lead such an extraordinary company,” Cook said in a statement. “I love Apple with all of my being, and I am so grateful to have had the opportunity to work with a team of such ingenious, innovative, creative, and deeply caring people who have been unwavering in their dedication to enriching the lives of our customers and creating the best products and services in the world.”

Cook became CEO of Apple in 2011 following the death of co-founder Steve Jobs, and he led the charge for Apple’s post-iPhone and iPad era by launching the AirPods, Apple Watch and Vision Pro. He also pushed the company into being more of a service provider with the launch of Apple TV and Apple Music. While he’s had a strong reputation as a logistics-oriented executive, Cook has been criticized for lacking the product vision that Jobs was known for.

Ternus, on the other hand, has been focused on product design since joining Apple in 2001. He became VP of hardware engineering in 2013, and later transitioned to a senior executive role in 2021. Ternus was also prominently featured at the MacBook Neo launch a few months ago, where Apple announced a low-cost yet high-quality notebook that encapsulates its unique place in the PC industry.

“I am profoundly grateful for this opportunity to carry Apple’s mission forward,” Ternus said in a statement. “Having spent almost my entire career at Apple, I have been lucky to have worked under Steve Jobs and to have had Tim Cook as my mentor. It has been a privilege to help shape the products and experiences that have changed so much of how we interact with the world and with one another.”

Cook published a community letter timed for the announcement, which we’ve included below:

To the Apple community:
For the past 15 years I’ve started just about every morning the same way. I open my email and I read notes I received the day before from Apple’s users all over the world.

You share little pieces of your lives with me and tell me things you want me to know about how Apple has touched you. About the moment your mom was saved by her Apple Watch. About the perfect selfie you captured at the summit of a mountain that seemed impossible to climb. You thank me for the ways Mac has changed what you can do at work and sometimes give me a hard time because something you care about isn’t working like it should.

In every one of those emails I feel the beating heart of our shared humanity. I feel a sense of deepening obligation to work harder and push further. But most of all, I feel a gratitude that I cannot put into words, that I somehow got to be the person on the other end of those emails, the leader of a company that ignites imaginations and enriches lives in such profound ways it defies description. What an honor and a privilege it has been.

Today we announced that I’m taking the next step in my journey at Apple. Over the coming months I will be transitioning into a new role, leaving the CEO job behind in September and becoming Apple’s executive chairman. A new person will be stepping into what I know in my heart is the best job in the world. That leader is John Ternus, a brilliant engineer and thinker who has spent the past 25 years building the Apple products our users love so much, obsessed with every detail, focused on every possible way we can make something better, bolder, more beautiful, and more meaningful. He is the perfect person for the job.

John cares so much about who we are at Apple, what we do at Apple, who we reach at Apple, and he has the heart and character to lead with extraordinary integrity. I am so proud to call him Apple’s next CEO. This company will reach such incredible heights under his leadership, and you will feel his impact in every bit of delight and discovery that grows out of the products and services to come. I can’t wait for you to get to know him like I do.

This is not goodbye. But at this moment of transition, I wanted to take the opportunity to say thank you. Not on behalf of the company, this time, though there is a wellspring of gratitude for you that overflows inside our walls. But simply on behalf of me. Tim. A person who grew up in a rural place in a different time and, for these magical moments, got to be the CEO of the greatest company in the world. Thank you for the confidence and kindness you’ve shown me. Thank you for saying hi to me on the street and in our stores. Thank you for cheering alongside me when we unveiled a new product or service. Thank you, most of all, for believing in me to lead the company that has always put you at the center of our work. Every day we get up and think about what we can do to make your life a little bit better. And every day, you’ve made mine the best I could have asked for.

Thank you.

This article originally appeared on Engadget at https://www.engadget.com/computing/tim-cook-will-step-down-as-204959434.html?src=rss

Mastodon seems to be recovering after a Distributed Denial of Service (DDoS) attack that took down its primary mastodon.social instance. As TechCrunch notes, the platform began reporting issues early Monday morning as much of the Mastodon-operated server became inaccessible.

It's not clear who might be behind the attack, but Mastodon's head of communications Andy Piper described it as a "major" incident. A couple hours later, Mastodon shared on a status page that it had implemented countermeasures and that users should be able to access mastodon.social once again. Piper said that "some ongoing instability is a possibility" as the site recovered. It's unclear if any other instances of the service were also targeted; mastodon.social is run directly by the nonprofit and is the largest server on the federated platform.

Mastodon is the second decentralized platform to be targeted with a DDoS in recent days. Last week, Bluesky also dealt with a significant DDoS incident that took parts of the service offline for several hours. The company posted what it said was its final update Monday morning, saying that its service had "remained stable" and that there was "no evidence of unauthorized access to private user data." A few hours later, however, it seemed Bluesky was once again experiencing some issues, though the cause was unclear. Its official status page was down, and a post from its server status account indicated that there were "elevated errors and timeouts on some Bluesky-hosted services." Bluesky said it was investigating.

This article originally appeared on Engadget at https://www.engadget.com/social-media/mastodon-was-hit-by-a-major-ddos-attack-that-briefly-took-down-parts-of-the-service-204823221.html?src=rss

And China is loving it

Iranian media is claiming that the US used backdoors and/or botnets to disable networking equipment during the current war, and Chinese state media is dining out on the allegations....

Dud contracts, proprietary designs, and zero-experience supplier make for quite the mess

The NASA Office of Inspector General, the aerospace agency’s auditor, fears that work on next-generation spacesuits won’t finish in time to use them for the planned Artemis III Moon landing mission in 2028....

Remember what we promised when you subscribed for a year? Well, we've got a new deal that's better for us.

Microsoft's GitHub has stopped accepting new Copilot individual subscriptions while the code hosting biz figures out how it can meet its service commitments without breaking the bank....

A lesson in how not to respond to vulnerability reports

UPDATED Vibe-coding platform Lovable is pooh-poohing a researcher’s finding that anyone could open a free account on the service and read other users' sensitive info, including credentials, chat history, and source code. However, the company’s story keeps changing: First it attributed the publicly exposed info to "intentional behavior" and "unclear documentation," then threw bug-bounty service HackerOne under the bus....

The struggles continue for Fermi America's 17 GW bit barn ambitions

It’s been a weekend filled with dizzying changes in the boardroom at datacenter wannabe Fermi America as it hopes eventually to expand its West Texas campus to about 17 gigawatts of behind-the-meter generation capacity....

Here are the answers for The New York Times Mini Crossword for April 21

Ternus, Apple's senior vice president of hardware engineering, will replace Cook later this year.

Amid rumors of leaving certain markets, the company introduces the Nord CE6 and Nord CE6 Lite.

After failing to deliver its first customer satellite into the correct orbit, the FAA grounds Blue Origin's New Glenn rocket pending an investigation.

What's old is new again.

Problems with the ground system would have "put current GPS military and civilian capabilities at risk."

Cook will be executive chairman, but will no longer run the company day to day.

Experts point out a series of flaws, including small size and no control group.

Importers can now request refunds, two months after Trump's Supreme Court loss.

Energy management and speed differentials are the problems of the day.

An autonomous robot from the company Honor ran a half marathon in 50:26, beating the human record by 7 minutes.

Responsibly dispose of your food scraps with one of these indoor, (mostly) odor-free, WIRED-tested devices.

John Ternus, the company’s senior vice president of hardware engineering, will replace Cook as CEO on September 1. Cook will stay on as executive chairman.

The actor-director discussed his least favorite currency and read a series of mean tweets—about us!—at our inaugural WIRED@Night event.

The CEO of Magical Adventures Balloon Rides tells WIRED how the pilot made a safe landing after they got stranded over a neighborhood.

Sony's various Bravia TVs deliver high-end picture and sound. But with a few extra tweaks, you can push those aspects even further.

The 2026 Moto G sticks to a proven formula, offering great performance at an affordable price.

PrivacyBee is one of the most comprehensive data removal services I've tested, capable of removing personal information from hundreds of sites.

The new protocol was built for 'better security and barrier-breaking speeds.' I tested whether it can compete with WireGuard during its early phase.

If you need to encrypt a file on your Android device so it can be safely shared with other users, this handy app gets the job done.

The European Commission is set to designate ChatGPT as a ‘Very Large Online Search Engine,’ subjecting OpenAI to strict Digital Services Act compliance rules.

The post European Commission Moving to Classify ChatGPT as ‘Very Large Online Search Engine’ Under Digital Services Act appeared first on TechRepublic.

Square POS stands out for its free entry point, flexible software, and wide hardware range. However, its all-in-one approach can fall short depending on your business type and growth needs.

The post Square POS Review 2026: Pricing, Features, Pros and Cons appeared first on TechRepublic.

Apple CEO Tim Cook steps down, handing leadership to hardware chief John Ternus in a major shift that could shape the company’s next era.

The post End of an Era: Tim Cook Steps Down as Apple CEO, John Ternus to Take Over appeared first on TechRepublic.

VP.NET makes VPN privacy verifiable, not just policy-based, with secure enclave tech for up to five devices.

The post This VPN Lets You Verify Your Business Privacy For $130 appeared first on TechRepublic.

Apple’s Mac Studio 2026 may be delayed due to supply chain issues and memory shortages, with reports pointing to a later-than-expected release timeline.

The post Mac Studio 2026: Apple’s New Desktop Faces a Delayed Timeline appeared first on TechRepublic.

Dyson reimagines hair drying on-the-go Dyson launches a compact Supersonic Travel hair dryer with full performance for on-the-go use.

Tim Cook passes Apple baton to John Ternus Tim Cook steps down as Apple CEO, with hardware chief John Ternus set to take over in September 2026.

Kindles were notably nowhere in sight.

BookCon 2026 returned for the first time in six years, and fans returned in droves, selling out the event fast. We were on the ground at the event, covering panels and chatting with authors and BookTok creators. But just like the attendees, we also hit ...

iPhone 18 Pro Max leak reveals Dark Cherry colour Leaks suggest Apple’s iPhone 18 Pro Max could feature a new Dark Cherry colour, A20 chip, and improved battery life, with a launch expected in September 2026.

WhatsApp tests Plus subscription WhatsApp is testing a new ‘Plus’ subscription plan for Android users, offering premium features like chat customisation and expanded controls while keeping core messaging services free.

Tim Cook is stepping down as Apple CEO, handing the reins to hardware engineering chief John Ternus. A Seattle tech vet and former advisor to Steve Jobs says the choice signals a return to the company's product roots at a critical moment. Read More

Wireless technology could keep military drones flying indefinitely, or be adapted as a directed-energy defense system for countering drones. Read More

Two months after investing $50 billion in OpenAI and striking a $100 billion cloud deal, Amazon announced a similar arrangement with its original AI partner, Anthropic: up to $25 billion in new investment and a $100 billion-plus commitment to AWS over 10 years. Read More

Seattle's mayor is exploring a moratorium on new data centers, but the city's real utility challenges — skyrocketing electricity prices, a looming capacity gap, and an eastside water defection — have nothing to do with data centers. Read More

Tech company billboards are a big part of the landscape in Silicon Valley. Summation CEO Ian Wong said the Seattle/Bellevue area "has world-class technical talent, but the scene here has always been understated." Read More

Great for small businesses and quick hires, but hidden fees and uneven support let it down.

Never paid attention to the box in the corner of the office? Maybe it’s time to start – here are ten amazing facts about your laser printer.

Philips' attractive milk frother is extremely simple to use and does an excellent job of foaming milk, but there's just one texture and it's rather thick.

A variety of recipes at the touch of a button and a truly talented milk steaming wand make this Breville machine the true king.

The DESI project recorded data from 47 million galaxies and quasars and built a 3D map of the universe to help unlock dark energy's secrets.

QEMU is de afgelopen maanden gebruikt voor het verspreiden van ransomware en backdoors, zo stelt securitybedrijf Sophos. QEMU ...

Een toenemend aantal mensen maakt gebruik van AI-advies als ze een conflict hebben met een bank, verzekeraar of financieel ...

Microsoft heeft een noodpatch uitgebracht voor problemen met de Windows Server updates die vorige week werden uitgerold. De ...

De Nederlandse marine heeft de locatie van een fregat gelekt via een Bluetooth-tracker die in een briefkaart zat verstopt. Dat ...

TP-Link-routers worden actief aangevallen via een kwetsbaarheid uit 2023, zo stelt securitybedrijf Palo Alto Networks. Het ...

A new email from Sony says that PlayStation will require players to verify their age later this year to keep using communication features like messages and voice chat. Insider-Gaming reports: The initiative comes from the goal of providing "safe, age-appropriate experiences for players and families while respecting their privacy" and providing "meaningful control over their gaming experiences." The age-verification process will be implemented globally, and players will need to verify their age to continue using PlayStation communication services, such as messages and voice chat. If the player opts not to verify their age, they can still use other services, such as games, trophies, and the store. Only the communication experience will be affected if you choose not to verify your age. PlayStation didn't provide a date for when players will need to begin the verification process.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Guardian: A ban on mobile phones in schools in England is to be introduced by the government to ensure that "critical safeguarding legislation" is passed. The government will table an amendment to the children's wellbeing and schools bill in the House of Lords after the bill was held up by peers on opposition benches. It will make existing guidance on mobile phone bans in schools statutory, a move that ministers have resisted until now. The government had consistently argued that the vast majority of schools had already banned mobile phones, and that there was no need to add a legal requirement. They finally capitulated, however, describing it as "a pragmatic measure" to get the bill through. [...] The bill is regarded by many as the biggest piece of child protection legislation in decades and includes proposals for a compulsory register for children who are not in school, a crackdown on profiteering in children's social care, and a "single unique identifier" to help agencies track a child's welfare.

Read more of this story at Slashdot.

Apple announced that Tim Cook will step down as CEO in September after 15 years in the role, handing the job to hardware chief John Ternus. Longtime Slashdot reader sinij shares the news from MarketWatch: Cook leaves an impressive legacy after growing the company to a $4 trillion market capitalization from just $300 billion 15 years ago. Over Cook's 15-year tenure as CEO, Apple's stock has risen 1,932%, beating the S&P 500's 504% increase, according to Dow Jones Market Data. That places Apple's stock as the 38th best-performing member of the index over that period of time. Cook had big shoes to fill, replacing Apple's iconic founder, Steve Jobs, as CEO. Cook's successor, John Ternus, Apple's senior vice president of hardware engineering, will need to guide Apple's through uncharted waters as the company navigates its artificial-intelligence transition and supply-chain constraints. Cook will remain at Apple as executive chairman. "It has been the greatest privilege of my life to be the CEO of Apple and to have been trusted to lead such an extraordinary company. I love Apple with all of my being, and I am so grateful to have had the opportunity to work with a team of such ingenious, innovative, creative, and deeply caring people who have been unwavering in their dedication to enriching the lives of our customers and creating the best products and services in the world," said Cook. "John Ternus has the mind of an engineer, the soul of an innovator, and the heart to lead with integrity and with honor. He is a visionary whose contributions to Apple over 25 years are already too numerous to count, and he is without question the right person to lead Apple into the future. I could not be more confident in his abilities and his character, and I look forward to working closely with him on this transition and in my new role as executive chairman." As for Ternus' replacement, the role of Chief Hardware Officer will be awarded to Apple executive Johny Srouji. "Srouji, who most recently served as senior vice president of Hardware Technologies, will assume an expanded role leading Hardware Engineering, which John Ternus most recently oversaw, as well as the hardware technologies organization," said Apple in a press release.

Read more of this story at Slashdot.

Alex Bores, a former Palantir employee and current Democratic House candidate in New York, is proposing an "AI dividend" that would send direct payments to Americans if AI drives major job losses. "At its core, the AI Dividend is simple: if AI dramatically increases productivity and concentrates wealth, the American people have a stake in those gains," a memo on the policy reads. Axios reports: The dividend would fund direct payments to Americans. It would also be invested into workforce training and education, as well as government capacity to "govern AI safely and fund independent oversight," per the plan memo. "You don't take out fire insurance because you expect your house to burn down -- you have insurance in case something goes awry," Bores told Axios in an interview. "Here we have, for the first time, a technology where the makers of the technology are explicitly saying that their goal is to replace all human labor." "The fact that they've put it out there means government needs to take it seriously." [...] The proposal would be funded through: - A token tax, described in the memo as a "modest tax on AI consumption" - Equity participation in frontier AI firms - Changes to the tax code that would reduce incentives to invest in AI "when it leads to less work" "If [AI companies] they can support this plan, that would show that they actually believe in what they're putting out there," Bores said. "If they're not doing it, then I think it shows that they're really putting window dressing out there." Further reading: Palantir Posts Bond Villain Manifesto On X

Read more of this story at Slashdot.

Deezer says AI-generated songs now make up 44% of all new uploads to its platform, with nearly 75,000 arriving each day and more than two million per month. The company notes that consumption of these tracks is still very low, "between 1-3% of the total streams," and 85% are flagged as fraudulent. TechCrunch reports: The latest figure from Deezer highlights a continuous surge in AI-generated music uploads to the platform. Deezer reported receiving around 60,000 AI tracks per day in January, up from 50,000 in November, 30,000 in September, and just 10,000 in January 2025, when it first launched its AI-music detection tool. Songs tagged as AI-generated on Deezer are automatically removed from algorithmic recommendations and not included in editorial playlists. The company announced today that it will no longer store hi-res versions of AI tracks. "AI-generated music is now far from a marginal phenomenon and as daily deliveries keep increasing, we hope the whole music ecosystem will join us in taking action to help safeguard artists' rights and promote transparency for fans," said Deezer CEO Alexis Lanternier in a press release. "Thanks to our technology and the proactive measures we put in place more than a year ago, we have shown that it's possible to reduce AI-related fraud and payment dilution in streaming to a minimum."

Read more of this story at Slashdot.

And China is loving it

Iranian media is claiming that the US used backdoors and/or botnets to disable networking equipment during the current war, and Chinese state media is dining out on the allegations....

A lesson in how not to respond to vulnerability reports

UPDATED Vibe-coding platform Lovable is pooh-poohing a researcher’s finding that anyone could open a free account on the service and read other users' sensitive info, including credentials, chat history, and source code. However, the company’s story keeps changing: First it attributed the publicly exposed info to "intentional behavior" and "unclear documentation," then threw bug-bounty service HackerOne under the bus....

Installation and pre-approval without consent looks dubious under EU law

One app should not modify another app without asking for and receiving your explicit consent. Yet Anthropic's Claude Desktop for macOS installs files that affect other vendors' applications without disclosure, even before those applications have been installed, and authorizes browser extensions without consent....

Tyler Buchanan admits role in scheme that stole at least $8 million in virtual currency

A Scottish man linked to the Scattered Spider cybercrime crew has pleaded guilty in the US to a phishing and SIM-swap scheme that stole at least $8 million in cryptocurrency....

Out-of-band or out of control?

Microsoft has pushed out an out-of-band update to address the restart loop that hit some Windows Server devices after its April update....

NCEES explains why licensure matters for engineers and answers your top questions about the FE and PE exams. Source Views: 15

La entrada Thinking About Becoming a Licensed Engineer? Start Here. se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

View our compilation of online stories and resources highlighting the Hispanic community and their contributions to STEM. Source Views: 14

La entrada Celebrate Hispanic Heritage Month With SWE se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team Software supply chain attacks have emerged as a serious threat in the rapidly evolving field of cybersecurity, especially in medical devices. As these devices become more and more interconnected and dependent on complex software ecosystems, the potential for exploitation through the supply chain has grown exponentially. One powerful tool [...]

La entrada The Critical Role of Sboms (Software Bill of Materials) In Defending Medtech From Software Supply Chain Threats – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team It’s common knowledge in the cybersecurity industry that ransomware is on the rise, with median demands rising 20% year-over-year across virtually all industries. But it’s not only the ransom sums themselves that are escalating; threat actors are engaging in increasingly aggressive tactics and techniques to extort their victims. It’s [...]

La entrada Ransomware Tactics Are Shifting. Here’s How to Keep Up – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Rob Wright CERT-FR’s advisory follows last month’s disclosure of a zero-day flaw Apple said was used in “sophisticated” attacks against targeted individuals. Original Post URL: https://www.darkreading.com/vulnerabilities-threats/french-sheds-light-apple-spyware-activity Category & Tags: – Views: 11

La entrada French Advisory Sheds Light on Apple Spyware Activity – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Vercel confirms a breach linked to Context.ai as a hacker lists alleged data for $2M. ShinyHunters denies involvement and flags imposters.

Over 130,000 users are at risk from fake TikTok downloader extensions on Chrome and Microsoft Edge. Researchers discovered these malicious tools use device fingerprinting to spy on users and steal sensitive browser data.

Remove unwanted objects from video effortlessly with AI in 2026. Learn step-by-step methods, best tools, and pro tips to clean up your footage like a professional.

Tyler Robert Buchanan, a 24-year-old British hacker linked to Scattered Spider, admits to a multi-year US hacking scheme involving at least $8M in crypto theft.

Critical RCE flaw in protobuf.js lets attackers execute code via malicious schemas. Learn who is at risk, affected versions, and how to fix it.

A vulnerability was found in langgenius dify up to 1.13.0 and classified as problematic. Impacted is an unknown function of the file /console/api/installed-apps/conversations/ of the component Chat History Handler. Such manipulation leads to incorrect authorization. This vulnerability is listed as CVE-2026-34082. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in OpenClaw up to 2026.3.30 and classified as critical. This issue affects the function fetch of the component Marketplace Plugin. This manipulation causes server-side request forgery. This vulnerability is tracked as CVE-2026-41302. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in OpenClaw up to 2026.3.30. This vulnerability affects unknown code. The manipulation of the argument senderIsOwner results in incorrect use of privileged apis. This vulnerability is identified as CVE-2026-41329. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in OpenClaw up to 2026.3.30. This affects an unknown part of the component Environment Variable Handler. The manipulation leads to insecure default variable initialization. This vulnerability is referenced as CVE-2026-41330. The attack can only be performed from a local environment. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in OpenClaw up to 2026.3.27. Affected by this issue is some unknown functionality. Executing a manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2026-41303. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

Added acknowledgements. This is an informational change only.

Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.

Information published.

Information published.

Cisco heeft een kwetsbaarheid verholpen in Cisco Webex Services, specifiek in de SSO-integratie met Control Hub. De kwetsbaarheid bevindt zich in de onjuiste validatie van certificaten binnen de SSO-integratie van Cisco Webex Services via Control Hub. Een niet-geauthenticeerde externe aanvaller kan deze kwetsbaarheid misbruiken om zich voor te doen als elke gebruiker binnen het systeem. Dit kan leiden tot ongeautoriseerde toegang tot gebruikersaccounts en gevoelige informatie.

Fortinet heeft meerdere kwetsbaarheden verholpen in FortiSandbox, waaronder in on-premises versies en FortiSandbox Cloud, waarvan twee door Fortinet als kritiek zijn beoordeeld. Een kwaadwillende kan de kwetsbaarheden met kenmerk CVE-2026-39813 en CVE-2026-39808 misbruiken doordat in FortiSandbox sprake is van OS command injection en een path traversal-kwetsbaarheid in de JRPC API. Hierdoor kan een niet-geauthenticeerde aanvaller via gemanipuleerde HTTP-verzoeken ongeautoriseerde code of commando’s uitvoeren en authenticatie omzeilen. De overige kwetsbaarheden omvatten een path traversal-kwetsbaarheid waardoor een geprivilegieerde super-admin met CLI-toegang via HTTP-verzoeken mappen kan verwijderen, en meerdere cross-site scripting kwetsbaarheden (reflected en stored) waardoor via gemanipuleerde HTTP-verzoeken XSS-aanvallen kunnen worden uitgevoerd.

Fortinet heeft kwetsbaarheden verholpen in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager en FortiManager Cloud. Een kwaadwillende kan de kwetsbaarheden misbruiken doordat in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager en FortiManager Cloud sprake is van SQL-injection, path traversal en een heap-based buffer overflow, waardoor respectievelijk geautoriseerde aanvallers code kunnen uitvoeren of bestanden kunnen verwijderen en een niet-geauthenticeerde aanvaller op afstand code kan uitvoeren. Deze kwetsbaarheden treffen zowel on-premises als cloud-gebaseerde versies van de genoemde Fortinet producten.

Microsoft heeft een kwetsbaarheid verholpen in System Center. Een kwaadwillende kan de kwetsbaarheid misbruiken doordat Windows Defender onvoldoende gedetailleerde toegangscontrole toepast, waardoor een geautoriseerde aanvaller lokaal zijn rechten kan verhogen. **UPDATE ** Indien Microsoft Defender zichzelf in jouw IT-omgeving automatisch bijwerkt, controleer dan of de desbetreffende beveiligingsupdates zijn geïnstalleerd. Er is publieke Proof-of-Concept-code (PoC) verschenen die de kwetsbaarheid met kenmerk CVE-2026-33825 aantoont en mogelijk misbruikt. De kans op misbruik neemt hierdoor toe.

Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service (DoS) - Manipulatie van gegevens - Toegang tot gevoelige gegevens - Uitvoeren van willekeurige code (gebruikersrechten) - Verkrijgen van verhoogde rechten - Omzeilen van een beveiligingsmaatregel - Spoofing ``` Function Discovery Service (fdwsd.dll): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32087 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-32093 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-32086 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-32150 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Applocker Filter Driver (applockerfltr.sys): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-25184 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Kernel: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26179 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-26180 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32195 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-32215 | 5,50 | Toegang tot gevoelige gegevens | | CVE-2026-32217 | 5,50 | Toegang tot gevoelige gegevens | | CVE-2026-32218 | 5,50 | Toegang tot gevoelige gegevens | | CVE-2026-26163 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Remote Procedure Call: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32085 | 5,50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Common Log File System Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32070 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Microsoft Management Console: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27914 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Push Notification Core: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26167 | 8,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32158 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32159 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32160 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-26172 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Installer: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27910 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows File Explorer: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32081 | 5,50 | Toegang tot gevoelige gegevens | | CVE-2026-32079 | 5,50 | Toegang tot gevoelige gegevens | | CVE-2026-32084 | 5,50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Boot Manager: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26175 | 4,60 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Windows Boot Loader: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-0390 | 6,70 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Windows User Interface Core: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32165 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-27911 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32163 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32164 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Microsoft Windows Speech: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32153 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows USB Print Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32223 | 6,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows COM: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20806 | 5,50 | Toegang tot gevoelige gegevens | | CVE-2026-32162 | 8,40 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Input-Output Memory Management Unit (IOMMU): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2023-20585 | 5,30 | | |----------------|------|-------------------------------------| Universal Plug and Play (upnp.dll): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32212 | 5,50 | Toegang tot gevoelige gegevens | | CVE-2026-32214 | 5,50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Redirected Drive Buffering: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32216 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Virtualization-Based Security (VBS) Enclave: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-23670 | 5,70 | Omzeilen van beveiligingsmaatregel | | CVE-2026-32220 | 4,40 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Windows Active Directory: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-33826 | 8,00 | Uitvoeren van willekeurige code | | CVE-2026-32072 | 6,20 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Windows Shell: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26165 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-26166 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-27918 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32202 | 4,30 | Voordoen als andere gebruiker | | CVE-2026-32151 | 6,50 | Toegang tot gevoelige gegevens | | CVE-2026-32225 | 8,80 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Windows Server Update Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26154 | 7,50 | | | CVE-2026-26174 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-32224 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows TCP/IP: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27921 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-33827 | 8,10 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows Kernel Memory: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26169 | 6,10 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows BitLocker: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27913 | 7,70 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Windows GDI: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27931 | 5,50 | Toegang tot gevoelige gegevens | | CVE-2026-27930 | 5,50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Kerberos: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27912 | 8,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows RPC API: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26183 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Ancillary Function Driver for WinSock: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32073 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-26168 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-26173 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-26177 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-26182 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-27922 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-33099 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-33100 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Remote Desktop Licensing Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26160 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-26159 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Snipping Tool: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32183 | 7,80 | Uitvoeren van willekeurige code | | CVE-2026-33829 | 4,30 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Windows Local Security Authority Subsystem Service (LSASS): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26155 | 6,50 | Toegang tot gevoelige gegevens | | CVE-2026-32071 | 7,50 | Denial-of-Service | |----------------|------|-------------------------------------| Windows Cryptographic Services: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26152 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27917 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Print Spooler Components: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-33101 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Projected File System: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27927 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-26184 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32069 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32074 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32078 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows LUAFV: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27929 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Universal Plug and Play (UPnP) Device Host: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27915 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-27919 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32075 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32156 | 8,40 | Uitvoeren van willekeurige code | | CVE-2026-27916 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-27920 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-27925 | 7,50 | Toegang tot gevoelige gegevens | | CVE-2026-32077 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Win32K - GRFX: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-33104 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Hello: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27906 | 4,40 | Omzeilen van beveiligingsmaatregel | | CVE-2026-27928 | 7,70 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Windows Cloud Files Mini Filter Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27926 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Admin Center: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32196 | 6,10 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Windows Win32K - ICOMP: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32222 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Remote Desktop Client: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32157 | 8,80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows WalletService: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32080 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Microsoft Windows Search Component: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27909 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Desktop Window Manager: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27924 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32152 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32154 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-27923 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32155 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows HTTP.sys: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-33096 | 7,50 | Denial-of-Service | |----------------|------|-------------------------------------| Windows Secure Boot: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-25250 | 6,00 | Omzeilen van beveiligingsmaatregel, | |----------------|------|-------------------------------------| Microsoft PowerShell: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26170 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Microsoft Windows: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32181 | 5,50 | Denial-of-Service | |----------------|------|-------------------------------------| Windows SSDP Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32082 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-32083 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-32068 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Client Side Caching driver (csc.sys): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26176 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Sensor Data Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26161 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Encrypting File System (EFS): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26153 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows TDI Translation Driver (tdx.sys): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27908 | 7,00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Storage Spaces Controller: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-27907 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32076 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Microsoft Brokering File System: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26181 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32219 | 7,00 | Verkrijgen van verhoogde rechten | | CVE-2026-32091 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows IKE Extension: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-33824 | 9,80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows Biometric Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32088 | 6,10 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Windows Advanced Rasterization Platform: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26178 | 8,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows OLE: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26162 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Recovery Environment Agent: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20928 | 4,60 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Windows Speech Brokered Api: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32089 | 7,80 | Verkrijgen van verhoogde rechten | | CVE-2026-32090 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Container Isolation FS Filter Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-33098 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Management Services: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20930 | 7,80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Role: Windows Hyper-V: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26156 | 7,80 | Uitvoeren van willekeurige code | | CVE-2026-32149 | 7,30 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows Remote Desktop: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26151 | 7,10 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Microsoft Graphics Component: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32221 | 8,40 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| ```

Er is een ernstige kwetsbaarheid gevonden in Microsoft System Center, aangeduid als CVE-2026-33825. Deze kwetsbaarheid wordt beoordeeld als hoog risico, met een CVSS-score van 7.8, en wordt actief misbruikt. Daarnaast is er een publieke exploitcode beschikbaar, waardoor het risico op grootschalige aanvallen hoog is. We adviseren daarom om meteen de updates uit te voeren.

Vandaag, 15 april, heeft de Tweede Kamer de wetsvoorstellen voor de Cyberbeveiligingswet (Cbw) en de Wet weerbaarheid kritieke entiteiten aangenomen. Dat is een belangrijke stap, ook voor ons werk bij NCSC.

Het Amerikaanse AI-bedrijf Anthropic kondigde onlangs het AI model Mythos aan, een model voor kwetsbaarheidsopsporing en chaining. Volgens de gepresenteerde resultaten kan Mythos kwetsbaarheden sneller opsporen en koppelen tot volledige exploits en aanvalsketens. Dit kan de verdediging versterken, maar kan ook digitale aanvallen versnellen. De boodschap van het NCSC is simpel: Wacht niet af. Verkort je reactietijden, versnel patch processen, en zorg dat basisbeveiliging op orde is.

Er is een ernstige kwetsbaarheid, CVE-2026-34621, gevonden in Adobe Acrobat DC, Acrobat Reader DC en Acrobat 2024. Deze kwetsbaarheid wordt beoordeeld als zeer ernstig, CVSS-score van 9,6, en wordt actief misbruikt. Daarnaast is er een publieke exploitcode beschikbaar, waardoor het risico op grootschalige aanvallen hoog is. We adviseren daarom om meteen de updates uit te voeren.

Er is een ernstige kwetsbaarheid gevonden in Fortinet FortiClient EMS, aangeduid als CVE-2026-35616 met een CVSS-score van 9.8. Deze kwetsbaarheid wordt beoordeeld als 'zeer ernstig' en bevindt zich in de fase van actief misbruik.

Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um erweiterte Privilegien zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten offenzulegen oder zu manipulieren oder andere, nicht näher spezifizierte Angriffe durchzuführen.

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um Daten zu manipulieren, Sicherheitsmechanismen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen..

Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen oder andere, nicht näher spezifizierte Angriffe durchzuführen.

Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um erweiterte Privilegien zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten offenzulegen oder zu manipulieren oder andere, nicht näher spezifizierte Angriffe durchzuführen.

Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten offenzulegen oder zu manipulieren oder andere, nicht näher spezifizierte Angriffe durchzuführen.

De multiples vulnérabilités ont été découvertes dans Spring Framework. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Une vulnérabilité a été découverte dans Mattermost Server. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Une vulnérabilité a été découverte dans Xen. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

De multiples vulnérabilités ont été découvertes dans Apache Kafka. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection leading to the execution of arbitrary code. SGLang is a high-performance, open-source serving

Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust. There’s also a shift in how attacks run.

The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don't fail because of bad technology. They stall because what worked in the demo doesn't survive contact with real operations. The gap between a

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. "This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access to

Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamper with local configuration files, and scan for operational technology (OT)-relevant services on the local subnet.

VP.NET makes VPN privacy verifiable, not just policy-based, with secure enclave tech for up to five devices.

The post This VPN Lets You Verify Your Business Privacy For $130 appeared first on TechRepublic.

Amtrak data breach exposes over 2.1 million customer records after CRM access. Learn what was leaked, risks, and steps users and IT teams should take now.

The post Amtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger Leak appeared first on TechRepublic.

The MCP flaw reveals a systemic AI security gap, exposing enterprise systems to supply chain attacks and forcing a shift toward data-layer governance.

The post The MCP Disclosure Is the AI Era’s ‘Open Redirect’ Moment appeared first on TechRepublic.

Although the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft Defender and Windows users.

The post Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched appeared first on TechRepublic.

Four Android banking malware campaigns are targeting more than 800 apps by abusing overlays, Accessibility permissions, and sideloaded fake apps to steal PINs.

The post Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign appeared first on TechRepublic.

State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. [...]

A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal recovery or seed phrases and drain them of cryptocurrency assets. [...]

A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. [...]

The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. [...]

Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. [...]

Scammers dressed up like Catholic Charities and legitimate pro bone legal services on social media platforms are targeting immigrants and bilking them for money. Manhattan DA Alvin Bragg is pressing Meta to follow its own terms and shut them down.

The post Manhattan DA Bragg Pushes Meta to Put a Stop to Immigration Scams appeared first on Security Boulevard.

Learn how ML-based anomaly detection stops metadata exfiltration in post-quantum AI environments and secures MCP infrastructure against advanced threats.

The post ML-Based Anomaly Detection for Post-Quantum Metadata Exfiltration appeared first on Security Boulevard.

Key Takeaways It’s surprising that traditional risk registers (spreadsheets or basic databases) persist in a world racing toward AI-infused technology. But the states speak for themselves: 59% of GRC practitioners use no commercial tool, with 52% spending 30-50% of time on admin tasks like data entry. Although reliable for basic checklists, traditional risk registers are [...]

The post AI-Powered Risk Registers vs. Traditional Risk Management: What’s the Difference? appeared first on Centraleyes.

The post AI-Powered Risk Registers vs. Traditional Risk Management: What’s the Difference? appeared first on Security Boulevard.

There is a certain kind of argument that appears every time encryption comes up. Yes, yes, privacy is lovely. But think of the children!!! And just like that, the conversation is over. Because once someone has wheeled in children, terrorists, organised crime, and a shadowy man in a basement who definitely has a beard, anyone ... Continue reading Why We Actually Need End-to-End Encryption →

The post Why We Actually Need End-to-End Encryption appeared first on Security Boulevard.

Author, Creator & Presenter: Rob T. Lee, Glenn Thorpe, Dan Hubbard & Sergej Epp

---

Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.

Permalink

The post [un]prompted 2026 – Rob T. Lee, Glenn Thorpe, Dan Hubbard & Sergej Epp – Vibe Coded (Micro-Talks) appeared first on Security Boulevard.

Topic: Critical Remote Code Execution Vulnerability in Windows Internet Key Exchange (IKE) Service (CVE-2026-33824) Risk: High Text:CVE-2026-33824 is a critical remote code execution vulnerability affecting the Windows Internet Key Exchange (IKE) service, whi...

Topic: WordPress Madara Local File Inclusion Risk: Medium Text:# Exploit Title: WordPress Madara Local File Inclusion # Date: November 1, 2025 # Exploit Author: Beatriz Fresno Naumova # ...

Topic: FortiWeb 8.0.2 Remote Code Execution Risk: High Text:# Exploit Title: FortiWeb 8.0.2 - Remote Code Execution # Date: 2025-11-22 # Author: Mohammed Idrees Banyamer # Author Coun...

Topic: Easy File Sharing Web Server v7.2 Buffer Overflow Risk: High Text:# Exploit title: Easy File Sharing Web Server v7.2 - Buffer Overflow # Date: 16/10/2025 # Exploit Author: Donwor # X: @real_...

Topic: NetBT e-Fatura Privilege Escalation Risk: Medium Text:# Exploit Title: NetBT e-Fatura - Privilege Escalation # Author: Seccops # Discovery Date: 2025-10-03 # Vendor: https://net-...

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.

Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.

An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021.

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language.

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets -- named Aisuru, Kimwolf, JackSkid and Mossad -- are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline.

The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk Adam Back.

I don’t know. The article is convincing, but it’s written to be convincing.

I can’t remember if I ever met Adam. I was a member of the Cypherpunks mailing list for a while, but I was never really an active participant. I spent more time on the Usenet newsgroup sci.crypt. I knew a bunch of the Cypherpunks, though, from various conferences around the world at the time. I really have no opinion about who Satoshi Nakamoto really is...

Pretty fantastic video from Japan of a giant squid eating another squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations—Microsoft, Apple, Amazon Web Services, CrowdStrike and other vendors of critical infrastructure—under an initiative called Project Glasswing.

The announcement was accompanied by a barrage of hair-raising anecdotes: thousands of vulnerabilities uncovered across every major...

Interesting research: “Humans expect rationality and cooperation from LLM opponents in strategic games.”

Abstract: As Large Language Models (LLMs) integrate into our social and economic interactions, we need to deepen our understanding of how humans respond to LLMs opponents in strategic settings. We present the results of the first controlled monetarily-incentivised laboratory experiment looking at differences in human behaviour in a multi-player p-beauty contest against other humans and LLMs. We use a within-subject design in order to compare behaviour at the individual level. We show that, in this environment, human subjects choose significantly lower numbers when playing against LLMs than humans, which is mainly driven by the increased prevalence of ‘zero’ Nash-equilibrium choices. This shift is mainly driven by subjects with high strategic reasoning ability. Subjects who play the zero Nash-equilibrium choice motivate their strategy by appealing to perceived LLM’s reasoning ability and, unexpectedly, propensity towards cooperation. Our findings provide foundational insights into the multi-player human-LLM interaction in simultaneous choice games, uncover heterogeneities in both subjects’ behaviour and beliefs about LLM’s play when playing against them, and suggest important implications for mechanism design in mixed human-LLM systems...

This article on the walls of Constantinople is fascinating.

The system comprised four defensive lines arranged in formidable layers:

• The brick-lined ditch, divided by bulkheads and often flooded, 15­-20 meters wide and up to 7 meters deep.
• A low breastwork, about 2 meters high, enabling defenders to fire freely from behind.
• The outer wall, 8 meters tall and 2.8 meters thick, with 82 projecting towers.
• The main wall—a towering 12 meters high and 5 meters thick—with 96 massive towers offset from those of the outer wall for maximum coverage.

...

A cyberattack hit France’s ANTS website, possibly exposing personal data from users applying for IDs, passports, and driver’s licenses. A cyberattack targeted France’s ANTS platform, which handles applications for passports, ID cards, residence permits, and driver’s licenses. Authorities detected the incident on April 15 and warned it may have exposed personal data from both individuals [...]

Tyler Buchanan, linked to Scattered Spider, pleaded guilty in the US to hacking companies and stealing millions in cryptocurrency. Tyler Buchanan, a 24-year-old from Scotland linked to the Scattered Spider group, admitted in a US court that he hacked dozens of companies, committed fraud, and stole millions in cryptocurrency. Spanish police arrested the British national [...]

Hackers have targeted CVE-2023-33538 flaw in old TP-Link routers for a year, but no successful exploitation has been seen so far. Hackers have been trying for over a year to exploit a serious flaw, tracked as CVE-2023-33538 (CVSS score of 8.8), in outdated TP-Link routers, but so far without success. The vulnerability is a command [...]

Vercel suffered a breach after a hacked Context.ai tool exposed an employee account, letting attackers access limited internal systems and non-sensitive data. Vercel reported a security breach caused by the compromise of a third-party AI tool, Context.ai, used by one of its employees. The attacker took over the employee’s Google Workspace account and used it [...]

Claude Opus created a working Chrome exploit for $2,283, showing that widely available AI models can already find and weaponize vulnerabilities. Claude Opus managed to produce a functional Chrome exploit for just $2,283, raising concerns about how easily AI can be used to find and exploit vulnerabilities. Below is the cost of the experiment: Model [...]