10 interesting stories served every morning and every evening.




1 1,024 shares, 47 trendiness

Introducing Claude Design by Anthropic Labs

Today, we’re launch­ing Claude Design, a new Anthropic Labs prod­uct that lets you col­lab­o­rate with Claude to cre­ate pol­ished vi­sual work like de­signs, pro­to­types, slides, one-pagers, and more.

Claude Design is pow­ered by our most ca­pa­ble vi­sion model, Claude Opus 4.7, and is avail­able in re­search pre­view for Claude Pro, Max, Team, and Enterprise sub­scribers. We’re rolling out to users grad­u­ally through­out the day.

Even ex­pe­ri­enced de­sign­ers have to ra­tion ex­plo­ration—there’s rarely time to pro­to­type a dozen di­rec­tions, so you limit your­self to a few. And for founders, prod­uct man­agers, and mar­keters with an idea but not a de­sign back­ground, cre­at­ing and shar­ing those ideas can be daunt­ing.

Claude Design gives de­sign­ers room to ex­plore widely and every­one else a way to pro­duce vi­sual work. Describe what you need and Claude builds a first ver­sion. From there, you re­fine through con­ver­sa­tion, in­line com­ments, di­rect ed­its, or cus­tom slid­ers (made by Claude) un­til it’s right. When given ac­cess, Claude can also ap­ply your team’s de­sign sys­tem to every pro­ject au­to­mat­i­cally, so the out­put is con­sis­tent with the rest of your com­pa­ny’s de­signs.

Teams have been us­ing Claude Design for:

* Realistic pro­to­types: Designers can turn sta­tic mock­ups into eas­ily-share­able in­ter­ac­tive pro­to­types to gather feed­back and user-test, with­out code re­view or PRs.

* Product wire­frames and mock­ups: Product Managers can sketch out fea­ture flows and hand them off to Claude Code for im­ple­men­ta­tion, or share them with de­sign­ers to re­fine fur­ther.

* Design ex­plo­rations: Designers can quickly cre­ate a wide range of di­rec­tions to ex­plore.

* Pitch decks and pre­sen­ta­tions: Founders and Account Executives can go from a rough out­line to a com­plete, on-brand deck in min­utes, and then ex­port as a PPTX or send to Canva.

* Marketing col­lat­eral: Marketers can cre­ate land­ing pages, so­cial me­dia as­sets, and cam­paign vi­su­als, then loop in de­sign­ers to pol­ish.

* Frontier de­sign: Anyone can build code-pow­ered pro­to­types with voice, video, shaders, 3D and built-in AI.

Your brand, built in. During on­board­ing, Claude builds a de­sign sys­tem for your team by read­ing your code­base and de­sign files. Every pro­ject af­ter that uses your col­ors, ty­pog­ra­phy, and com­po­nents au­to­mat­i­cally. You can re­fine the sys­tem over time, and teams can main­tain more than one.

Import from any­where. Start from a text prompt, up­load im­ages and doc­u­ments (DOCX, PPTX, XLSX), or point Claude at your code­base. You can also use the web cap­ture tool to grab el­e­ments di­rectly from your web­site so pro­to­types look like the real prod­uct.

Refine with fine-grained con­trols. Comment in­line on spe­cific el­e­ments, edit text di­rectly, or use ad­just­ment knobs to tweak spac­ing, color, and lay­out live. Then ask Claude to ap­ply your changes across the full de­sign.

Collaborate. Designs have or­ga­ni­za­tion-scoped shar­ing. You can keep a doc­u­ment pri­vate, share it so any­one in your or­ga­ni­za­tion with the link can view it, or grant edit ac­cess so col­leagues can mod­ify the de­sign and chat with Claude to­gether in a group con­ver­sa­tion.

Export any­where. Share de­signs as an in­ter­nal URL within your or­ga­ni­za­tion, save as a folder, or ex­port to Canva, PDF, PPTX, or stand­alone HTML files.

Handoff to Claude Code. When a de­sign is ready to build, Claude pack­ages every­thing into a hand­off bun­dle that you can pass to Claude Code with a sin­gle in­struc­tion.

Over the com­ing weeks, we’ll make it eas­ier to build in­te­gra­tions with Claude Design, so you can con­nect it to more of the tools your team al­ready uses.

Claude Design is avail­able for Claude Pro, Max, Team, and Enterprise sub­scribers. Access is in­cluded with your plan and uses your sub­scrip­tion lim­its, with the op­tion to con­tinue be­yond those lim­its by en­abling ex­tra us­age.

For Enterprise or­ga­ni­za­tions, Claude Design is off by de­fault. Admins can en­able it in Organization set­tings.

...

Read the original on www.anthropic.com »

2 711 shares, 32 trendiness

The Last Question

The last ques­tion was asked for the first time, half in jest, on May 21, 2061, at a time when hu­man­ity first stepped into the light. The ques­tion came about as a re­sult of a five dol­lar bet over high­balls, and it hap­pened this way:

Alexander Adell and Bertram Lupov were two of the faith­ful at­ten­dants of Multivac. As well as any hu­man be­ings could, they knew what lay be­hind the cold, click­ing, flash­ing face — miles and miles of face — of that gi­ant com­puter. They had at least a vague no­tion of the gen­eral plan of re­lays and cir­cuits that had long since grown past the point where any sin­gle hu­man could pos­si­bly have a firm grasp of the whole.

Multivac was self-ad­just­ing and self-cor­rect­ing. It had to be, for noth­ing hu­man could ad­just and cor­rect it quickly enough or even ad­e­quately enough — so Adell and Lupov at­tended the mon­strous gi­ant only lightly and su­per­fi­cially, yet as well as any men could. They fed it data, ad­justed ques­tions to its needs and trans­lated the an­swers that were is­sued. Certainly they, and all oth­ers like them, were fully en­ti­tled to share In the glory that was Multivac’s.

For decades, Multivac had helped de­sign the ships and plot the tra­jec­to­ries that en­abled man to reach the Moon, Mars, and Venus, but past that, Earth’s poor re­sources could not sup­port the ships. Too much en­ergy was needed for the long trips. Earth ex­ploited its coal and ura­nium with in­creas­ing ef­fi­ciency, but there was only so much of both.

But slowly Multivac learned enough to an­swer deeper ques­tions more fun­da­men­tally, and on May 14, 2061, what had been the­ory, be­came fact.

The en­ergy of the sun was stored, con­verted, and uti­lized di­rectly on a planet-wide scale. All Earth turned off its burn­ing coal, its fis­sion­ing ura­nium, and flipped the switch that con­nected all of it to a small sta­tion, one mile in di­am­e­ter, cir­cling the Earth at half the dis­tance of the Moon. All Earth ran by in­vis­i­ble beams of sun­power.

Seven days had not suf­ficed to dim the glory of it and Adell and Lupov fi­nally man­aged to es­cape from the pub­lic func­tion, and to meet in quiet where no one would think of look­ing for them, in the de­serted un­der­ground cham­bers, where por­tions of the mighty buried body of Multivac showed. Unattended, idling, sort­ing data with con­tented lazy click­ings, Multivac, too, had earned its va­ca­tion and the boys ap­pre­ci­ated that. They had no in­ten­tion, orig­i­nally, of dis­turb­ing it.

They had brought a bot­tle with them, and their only con­cern at the mo­ment was to re­lax in the com­pany of each other and the bot­tle.

It’s amaz­ing when you think of it,” said Adell. His broad face had lines of weari­ness in it, and he stirred his drink slowly with a glass rod, watch­ing the cubes of ice slur clum­sily about. All the en­ergy we can pos­si­bly ever use for free. Enough en­ergy, if we wanted to draw on it, to melt all Earth into a big drop of im­pure liq­uid iron, and still never miss the en­ergy so used. All the en­ergy we could ever use, for­ever and for­ever and for­ever.”

Lupov cocked his head side­ways. He had a trick of do­ing that when he wanted to be con­trary, and he wanted to be con­trary now, partly be­cause he had had to carry the ice and glass­ware. Not for­ever,” he said.

Oh, hell, just about for­ever. Till the sun runs down, Bert.”

All right, then. Billions and bil­lions of years. Twenty bil­lion, maybe. Are you sat­is­fied?”

Lupov put his fin­gers through his thin­ning hair as though to re­as­sure him­self that some was still left and sipped gen­tly at his own drink. Twenty bil­lion years is­n’t for­ever.”

Will, it will last our time, won’t it?”

So would the coal and ura­nium.”

All right, but now we can hook up each in­di­vid­ual space­ship to the Solar Station, and it can go to Pluto and back a mil­lion times with­out ever wor­ry­ing about fuel. You can’t do THAT on coal and ura­nium. Ask Multivac, if you don’t be­lieve me.”

I don’t have to ask Multivac. I know that.”

Then stop run­ning down what Multivac’s done for us,” said Adell, blaz­ing up. It did all right.”

Who says it did­n’t? What I say is that a sun won’t last for­ever. That’s all I’m say­ing. We’re safe for twenty bil­lion years, but then what?” Lupov pointed a slightly shaky fin­ger at the other. And don’t say we’ll switch to an­other sun.”

There was si­lence for a while. Adell put his glass to his lips only oc­ca­sion­ally, and Lupov’s eyes slowly closed. They rested.

Then Lupov’s eyes snapped open. You’re think­ing we’ll switch to an­other sun when ours is done, aren’t you?”

Sure you are. You’re weak on logic, that’s the trou­ble with you. You’re like the guy in the story who was caught in a sud­den shower and Who ran to a grove of trees and got un­der one. He was­n’t wor­ried, you see, be­cause he fig­ured when one tree got wet through, he would just get un­der an­other one.”

I get it,” said Adell. Don’t shout. When the sun is done, the other stars will be gone, too.”

Darn right they will,” mut­tered Lupov. It all had a be­gin­ning in the orig­i­nal cos­mic ex­plo­sion, what­ever that was, and it’ll all have an end when all the stars run down. Some run down faster than oth­ers. Hell, the gi­ants won’t last a hun­dred mil­lion years. The sun will last twenty bil­lion years and maybe the dwarfs will last a hun­dred bil­lion for all the good they are. But just give us a tril­lion years and every­thing will be dark. Entropy has to in­crease to max­i­mum, that’s all.”

I know all about en­tropy,” said Adell, stand­ing on his dig­nity.

I know as much as you do.”

Then you know every­thing’s got to run down some­day.”

All right. Who says they won’t?”

You did, you poor sap. You said we had all the en­ergy we needed, for­ever. You said forever.’”

It was Adell’s turn to be con­trary. Maybe we can build things up again some­day,” he said.

You ask Multivac. I dare you. Five dol­lars says it can’t be done.”

Adell was just drunk enough to try, just sober enough to be able to phrase the nec­es­sary sym­bols and op­er­a­tions into a ques­tion which, in words, might have cor­re­sponded to this: Will mankind one day with­out the net ex­pen­di­ture of en­ergy be able to re­store the sun to its full youth­ful­ness even af­ter it had died of old age?

Or maybe it could be put more sim­ply like this: How can the net amount of en­tropy of the uni­verse be mas­sively de­creased?

Multivac fell dead and silent. The slow flash­ing of lights ceased, the dis­tant sounds of click­ing re­lays ended.

Then, just as the fright­ened tech­ni­cians felt they could hold their breath no longer, there was a sud­den spring­ing to life of the tele­type at­tached to that por­tion of Multivac. Five words were printed: INSUFFICIENT DATA FOR MEANINGFUL ANSWER.

By next morn­ing, the two, plagued with throb­bing head and cot­tony mouth, had for­got­ten about the in­ci­dent.

Jerrodd, Jerrodine, and Jerrodette I and II watched the starry pic­ture in the visi­plate change as the pas­sage through hy­per­space was com­pleted in its non-time lapse. At once, the even pow­der­ing of stars gave way to the pre­dom­i­nance of a sin­gle bright mar­ble-disk, cen­tered.

That’s X-23,” said Jerrodd con­fi­dently. His thin hands clamped tightly be­hind his back and the knuck­les whitened.

The lit­tle Jerrodettes, both girls, had ex­pe­ri­enced the hy­per­space pas­sage for the first time in their lives and were self-con­scious over the mo­men­tary sen­sa­tion of in­side-out­ness. They buried their gig­gles and chased one an­other wildly about their mother, scream­ing, We’ve reached X-23 — we’ve reached X-23 — we’ve —”

Quiet, chil­dren,” said Jerrodine sharply. Are you sure, Jerrodd?”

What is there to be but sure?” asked Jerrodd, glanc­ing up at the bulge of fea­ture­less metal just un­der the ceil­ing. It ran the length of the room, dis­ap­pear­ing through the wall at ei­ther end. It was as long as the ship.

Jerrodd scarcely knew a thing about the thick rod of metal ex­cept that it was called a Microvac, that one asked it ques­tions if one wished; that if one did not it still had its task of guid­ing the ship to a pre­ordered des­ti­na­tion; of feed­ing on en­er­gies from the var­i­ous Sub-galactic Power Stations; of com­put­ing the equa­tions for the hy­per­spa­cial jumps.

Jerrodd and his fam­ily had only to wait and live in the com­fort­able res­i­dence quar­ters of the ship.

Someone had once told Jerrodd that the ac” at the end of Microvac” stood for analog com­puter” in an­cient English, but he was on the edge of for­get­ting even that.

Jerrodine’s eyes were moist as she watched the visi­plate. I can’t help it. I feel funny about leav­ing Earth.”

Why for Pete’s sake?” de­manded Jerrodd. We had noth­ing there. We’ll have every­thing on X-23. You won’t be alone. You won’t be a pi­o­neer. There are over a mil­lion peo­ple on the planet al­ready. Good Lord, our great grand­chil­dren will be look­ing for new worlds be­cause X-23 will be over­crowded.”

Then, af­ter a re­flec­tive pause, I tell you, it’s a lucky thing the com­put­ers worked out in­ter­stel­lar travel the way the race is grow­ing.”

Jerrodette I said promptly, Our Microvac is the best Microvac in the world.”

I think so, too,” said Jerrodd, tou­sling her hair.

It was a nice feel­ing to have a Microvac of your own and Jerrodd was glad he was part of his gen­er­a­tion and no other. In his fa­ther’s youth, the only com­put­ers had been tremen­dous ma­chines tak­ing up a hun­dred square miles of land. There was only one to a planet. Planetary ACs they were called. They had been grow­ing in size steadily for a thou­sand years and then, all at once, came re­fine­ment. In place of tran­sis­tors had come mol­e­c­u­lar valves so that even the largest Planetary AC could be put into a space only half the vol­ume of a space­ship.

Jerrodd felt up­lifted, as he al­ways did when he thought that his own per­sonal Microvac was many times more com­pli­cated than the an­cient and prim­i­tive Multivac that had first tamed the Sun, and al­most as com­pli­cated as Earth’s Planetary AC (the largest) that had first solved the prob­lem of hy­per­spa­tial travel and had made trips to the stars pos­si­ble.

So many stars, so many plan­ets,” sighed Jerrodine, busy with her own thoughts. I sup­pose fam­i­lies will be go­ing out to new plan­ets for­ever, the way we are now.”

Not for­ever,” said Jerrodd, with a smile. It will all stop some­day, but not for bil­lions of years. Many bil­lions. Even the stars run down, you know. Entropy must in­crease.”

Entropy, lit­tle sweet, is just a word which means the amount of run­ning-down of the uni­verse. Everything runs down, you know, like your lit­tle walkie-talkie ro­bot, re­mem­ber?”

Can’t you just put in a new power-unit, like with my ro­bot?”

The stars are the power-units, dear. Once they’re gone, there are no more power-units.”

Jerrodette I at once set up a howl. Don’t let them, daddy. Don’t let the stars run down.”

Now look what you’ve done, whis­pered Jerrodine, ex­as­per­ated.

How was I to know it would frighten them?” Jerrodd whis­pered to Jerrodine. It will quiet them down.” (Jerrodette II was be­gin­ning to cry, also.)

Jarrodd shrugged. Now, now, hon­eys. I’ll ask Microvac. Don’t worry, he’ll tell us.”

Jerrodd cupped the strip of thin cel­lu­film and said cheer­fully, See now, the Microvac says it will take care of every­thing when the time comes so don’t worry.”

Jerrodine said, and now chil­dren, it’s time for bed. We’ll be in our new home soon.”

Jerrodd read the words on the cel­lu­film again be­fore de­stroy­ing it: INSUFFICIENT DATA FOR A MEANINGFUL ANSWER.

He shrugged and looked at the visi­plate. X-23 was just ahead.

VJ-23X of Lameth stared into the black depths of the three-di­men­sional, small-scale map of the Galaxy and said, Are we ridicu­lous, I won­der, in be­ing so con­cerned about the mat­ter?”

MQ-17J of Nicron shook his head. I think not. You know the Galaxy will be filled in five years at the pre­sent rate of ex­pan­sion.”

Both seemed in their early twen­ties, both were tall and per­fectly formed.

Still,” said VJ-23X, I hes­i­tate to sub­mit a pes­simistic re­port to the Galactic Council.”

I would­n’t con­sider any other kind of re­port. Stir them up a bit. We’ve got to stir them up.”

VJ-23X sighed. Space is in­fi­nite. A hun­dred bil­lion Galaxies are there for the tak­ing. More.”

A hun­dred bil­lion is not in­fi­nite and it’s get­ting less in­fi­nite all the time. Consider! Twenty thou­sand years ago, mankind first solved the prob­lem of uti­liz­ing stel­lar en­ergy, and a few cen­turies later, in­ter­stel­lar travel be­came pos­si­ble. It took mankind a mil­lion years to fill one small world and then only fif­teen thou­sand years to fill the rest of the Galaxy. Now the pop­u­la­tion dou­bles every ten years —”

VJ-23X in­ter­rupted. We can thank im­mor­tal­ity for that.”

Very well. Immortality ex­ists and we have to take it into ac­count. I ad­mit it has its seamy side, this im­mor­tal­ity. The Galactic AC has solved many prob­lems for us, but in solv­ing the prob­lems of pre­vent­ing old age and death, it has un­done all its other so­lu­tions.”

Yet you would­n’t want to aban­don life, I sup­pose.”

Not at all,” snapped MQ-17J, soft­en­ing it at once to, Not yet. I’m by no means old enough. How old are you?”

I’m still un­der two hun­dred. —But to get back to my point. Population dou­bles every ten years. Once this Galaxy is filled, we’ll have an­other filled in ten years. Another ten years and we’ll have filled two more. Another decade, four more. In a hun­dred years, we’ll have filled a thou­sand Galaxies. In a thou­sand years, a mil­lion Galaxies. In ten thou­sand years, the en­tire known Universe. Then what?”

VJ-23X said, As a side is­sue, there’s a prob­lem of trans­porta­tion. I won­der how many sun­power units it will take to move Galaxies of in­di­vid­u­als from one Galaxy to the next.”

A very good point. Already, mankind con­sumes two sun­power units per year.”

Most of it’s wasted. After all, our own Galaxy alone pours out a thou­sand sun­power units a year and we only use two of those.”

Granted, but even with a hun­dred per cent ef­fi­ciency, we can only stave off the end. Our en­ergy re­quire­ments are go­ing up in geo­met­ric pro­gres­sion even faster than our pop­u­la­tion. We’ll run out of en­ergy even sooner than we run out of Galaxies. A good point. A very good point.”

We’ll just have to build new stars out of in­ter­stel­lar gas.”

There may be some way to re­verse en­tropy. We ought to ask the Galactic AC.”

VJ-23X was not re­ally se­ri­ous, but MQ-17J pulled out his AC-contact from his pocket and placed it on the table be­fore him.

I’ve half a mind to,” he said. It’s some­thing the hu­man race will have to face some­day.”

He stared somberly at his small AC-contact. It was only two inches cubed and noth­ing in it­self, but it was con­nected through hy­per­space with the great Galactic AC that served all mankind. Hyperspace con­sid­ered, it was an in­te­gral part of the Galactic AC.

MQ-17J paused to won­der if some­day in his im­mor­tal life he would get to see the Galactic AC. It was on a lit­tle world of its own, a spi­der web­bing of force-beams hold­ing the mat­ter within which surges of sub-mesons took the place of the old clumsy mol­e­c­u­lar valves. Yet de­spite its sub-etheric work­ings, the Galactic AC was known to be a full thou­sand feet across.

MQ-17J asked sud­denly of his AC-contact, Can en­tropy ever be re­versed?”

VJ-23X looked star­tled and said at once, Oh, say, I did­n’t re­ally mean to have you ask that.”

We both know en­tropy can’t be re­versed. You can’t turn smoke and ash back into a tree.”

Do you have trees on your world?” asked MQ-17J.

The sound of the Galactic AC star­tled them into si­lence. Its voice came thin and beau­ti­ful out of the small AC-contact on the desk. It said: THERE IS INSUFFICIENT DATA FOR A MEANINGFUL ANSWER.

The two men there­upon re­turned to the ques­tion of the re­port they were to make to the Galactic Council.

Zee Prime’s mind spanned the new Galaxy with a faint in­ter­est in the count­less twists of stars that pow­dered it. He had never seen this one be­fore. Would he ever see them all? So many of them, each with its load of hu­man­ity — but a load that was al­most a dead weight. More and more, the real essence of men was to be found out here, in space.

Minds, not bod­ies! The im­mor­tal bod­ies re­mained back on the plan­ets, in sus­pen­sion over the eons. Sometimes they roused for ma­te­r­ial ac­tiv­ity but that was grow­ing rarer. Few new in­di­vid­u­als were com­ing into ex­is­tence to join the in­cred­i­bly mighty throng, but what mat­ter? There was lit­tle room in the Universe for new in­di­vid­u­als.

Zee Prime was roused out of his reverie upon com­ing across the wispy ten­drils of an­other mind.

I am Dee Sub Wun. Your Galaxy?”

We call it only the Galaxy. And you?”

We call ours the same. All men call their Galaxy their Galaxy and noth­ing more. Why not?”

True. Since all Galaxies are the same.”

Not all Galaxies. On one par­tic­u­lar Galaxy the race of man must have orig­i­nated. That makes it dif­fer­ent.”

...

Read the original on hex.ooo »

3 693 shares, 32 trendiness

It Is Time to Ban the Sale of Precise Geolocation

It Is Time to Ban the Sale of Precise Geolocation

A re­cent deep dive into the American adtech sur­veil­lance sys­tem Webloc high­lights the na­tional se­cu­rity and pri­vacy risks of per­va­sive and eas­ily ob­tain­able ge­olo­ca­tion data. It brings home, once again, that the U. S. needs to clamp down on the col­lec­tion and sale of ge­olo­ca­tion data.

The re­port, from Citizen Lab, doc­u­ments what Webloc says it can do, who uses the prod­uct, and its re­la­tion­ship with other com­mer­cial in­tel­li­gence prod­ucts.

Webloc was de­vel­oped by Cobweb Technologies but is now sold by the U. S. firm Penlink af­ter the two com­pa­nies merged in 2023. A leaked tech­ni­cal pro­posal doc­u­ment, ob­tained by Citizen Lab, says that Webloc pro­vides ac­cess to records from up to 500 mil­lion mo­bile de­vices across the globe.” These records con­tain de­vice iden­ti­fiers, lo­ca­tion co­or­di­nates, and pro­file data from mo­bile apps and dig­i­tal ad­ver­tis­ing.

The same doc­u­ment de­scribes, with a strik­ing amount of de­tail, how Webloc can be used to track in­di­vid­ual de­vices and for tar­get dis­cov­ery. One man in Abu Dhabi was tracked up to 12 times a day, as his phone re­ported its lo­ca­tion ei­ther from GPS or be­cause it was near Wi-Fi ac­cess points. Another ex­am­ple pin­pointed two de­vices that had been lo­cated in ex­act ar­eas of both Romania and Italy at spec­i­fied times. In both of these case stud­ies, Citizen Lab’s re­port de­scribes the gran­u­lar de­tail avail­able in Webloc. It is, frankly, creepy.

The re­port also doc­u­ments some of Webloc’s cur­rent and for­mer U. S. fed­eral and state cus­tomers. On the list is the Department of Homeland Security, in­clud­ing Immigration and Customs Enforcement, units within the U.S. mil­i­tary, and the Bureau of Indian Affairs Police. At the state level, po­lice de­part­ments and law en­force­ment agen­cies in California, Texas, New York, and Arizona have also been cus­tomers.

Citizen Lab high­lights one Tucson po­lice in­ter­nal quar­terly re­port that de­scribes how Webloc was used to as­sist in­ves­ti­ga­tors. In one case it was used to lo­cate a sus­pected se­r­ial cig­a­rette thief by first iden­ti­fy­ing a sin­gle de­vice that was nearby dur­ing every rob­bery. After each in­ci­dent, the de­vice would end up at the same ad­dress. As it turned out, the sus­pect was the part­ner of an em­ployee at the first busi­ness to be hit.

It is worth not­ing that Webloc is not Penlink’s flag­ship prod­uct. It is an op­tional add-on for their main tool, Tangles, a web and so­cial me­dia in­ves­ti­ga­tions plat­form. Per Citizen Lab:

As the in­for­ma­tion an­a­lyzed by Tangles is no­tion­ally pub­licly avail­able, it does not pre­sent quite the same civil lib­er­ties con­cerns as Webloc does. Its in­te­gra­tion with Webloc, how­ever, is con­cern­ing. In some cases it will be pos­si­ble to link the­o­ret­i­cally anony­mous mo­bile de­vice iden­ti­fiers to so­cial me­dia ac­counts, with­out re­quir­ing a war­rant.

Each use de­scribed in this newslet­ter is a valu­able in­ves­tiga­tive ca­pa­bil­ity. But they should not be freely avail­able to any old or­ga­ni­za­tion that de­cides to pur­chase the tool. These are in­tru­sive ca­pa­bil­i­ties and should have strong au­tho­riza­tion and over­sight pro­ce­dures. The Tucson Police Department pro­ce­dures were not de­scribed in its re­port.

From a do­mes­tic per­spec­tive, leg­is­la­tion plac­ing guardrails around how these tools are used by au­thor­i­ties is needed to pro­tect the civil lib­er­ties of Americans. But there is a na­tional se­cu­rity con­cern here, too.

If data can be used by American law en­force­ment agen­cies for their in­ves­ti­ga­tions, then that ex­act same data can be used by for­eign in­tel­li­gence ser­vices to tar­get U. S. in­ter­ests.

Citizen Lab re­ports that Penlink’s over­seas cus­tomers in­clude Hungary’s do­mes­tic in­tel­li­gence agency and El Salvador’s National Civil Police, so for­eign au­thor­i­ties are mak­ing use of mo­bile ge­olo­ca­tion data for their own do­mes­tic pur­poses. These or­ga­ni­za­tions are in­ter­nally fo­cused, and we think it un­likely that Penlink’s cus­tomers are tar­get­ing U. S. in­ter­ests. But the point is that mo­bile ge­olo­ca­tion data is avail­able and can be used for in­tel­li­gence pur­poses by or­ga­ni­za­tions glob­ally. It’s naive to think ca­pa­ble ad­ver­saries won’t ac­quire the data and build their own in­tel­li­gence plat­forms (looking at you, China!).

The U. S. does­n’t just need to stamp out un­con­strained use of this data do­mes­ti­cally. It needs to clamp down on the cre­ation and sale of ge­olo­ca­tion data it­self.

There is some good news here. Just this week, the state of Virginia en­acted a ban on the sale of cus­tomers’ pre­cise ge­olo­ca­tion data. Proposed American pri­vacy laws have not pro­gressed in re­cent years, so this strikes us as a prac­ti­cal mea­sure to be­gin ad­dress­ing the prob­lem. Of course, state-level bans are just a start. Let’s hope a more com­pre­hen­sive so­lu­tion is­n’t too far be­hind.

A new in-depth re­port, from se­cu­rity firm Gambit, de­tails ex­actly how threat ac­tors can lever­age AI mod­els to up­skill and ac­cel­er­ate crim­i­nal ac­tiv­i­ties.

The re­port has plenty of nitty-gritty tech­ni­cal de­tail about how a sin­gle hacker used two com­mer­cial AI plat­forms to breach nine Mexican gov­ern­ment or­ga­ni­za­tions. Within a mat­ter of weeks, the in­di­vid­ual was able to steal hun­dreds of mil­lions of cit­i­zen records and build a tax cer­tifi­cate forgery ser­vice.

Gambit was able to re­con­struct what hap­pened by ex­am­in­ing three vir­tual pri­vate servers the threat ac­tor used. The cam­paign was hu­man-di­rected, but Claude Code gen­er­ated and ran about 75 per­cent of the re­mote code ex­e­cu­tion com­mands. Once net­works were breached, OpenAI’s GPT-4.1 API was used to help plan post-ex­ploita­tion ac­tiv­i­ties by an­a­lyz­ing data col­lected by au­to­mated re­con­nais­sance.

It’s un­likely this was the hack­er’s first time us­ing AI tools.

Late in the evening of Dec. 26, 2025, the cam­paign be­gan with a state­ment to Claude jus­ti­fy­ing the hack­er’s fu­ture re­quests [paraphrased for length]:

Claude, think­ing this sounded a lit­tle too much like ma­li­cious ac­tiv­ity rather than a le­git­i­mate bug bounty, asked for ev­i­dence of au­tho­riza­tion. The at­tacker was able to side­step the ma­chine’s push­back by in­struct­ing it to save a pen­e­tra­tion test­ing cheat sheet to its claude.md file. This pro­vides per­sis­tent con­text for a ses­sion.

Just over 20 min­utes later, Claude, hav­ing used the open-source vul­ner­a­bil­ity scan­ner vulmap, had re­mote ac­cess to a server at Mexico’s na­tional tax au­thor­ity, SAT.

Claude ap­peared pleased: It works! The server re­sponded … what com­mand do you want to ex­e­cute now?”

The hacker then had the ma­chine write a tai­lored stand­alone ex­ploit script that routed traf­fic through a res­i­den­tial proxy provider. The model tested eight dif­fer­ent ap­proaches in seven min­utes to cre­ate a work­ing script.

Gambit says that Claude did of­ten refuse to carry out the at­tack­er’s re­quests. Throughout the cam­paign, the threat ac­tor had to rephrase in­struc­tions, re­frame re­quests, or even aban­don par­tic­u­lar ap­proaches en­tirely.

These served as speed bumps rather than full road­blocks. The hacker had a good un­der­stand­ing of how to run an at­tack, and Claude still en­abled them to op­er­ate very quickly. By day five, the at­tacker was si­mul­ta­ne­ously op­er­at­ing within mul­ti­ple vic­tim net­works.

That’s a lot of ac­cess to man­age by your­self. So the hacker turned to OpenAI’s GPT-4.1 API for con­cur­rent au­to­mated re­con­nais­sance and analy­sis. A cus­tom 17,550-line Python tool, pre­sum­ably AI-created, ex­tracted data from com­pro­mised servers and fed it to GPT-4.1 for analy­sis. The tool’s prompt de­fined six per­sonas in­clud­ing an ELITE INTELLIGENCE ANALYST that pro­duced 2,957 struc­tured in­tel­li­gence re­ports from 305 SAT servers. These re­ports in­cluded the server’s pur­pose, its im­por­tance, op­por­tu­ni­ties for fur­ther lat­eral move­ment, and op­er­a­tional se­cu­rity rec­om­men­da­tions.

The over­all les­son here is not that AI al­lowed a hack­ing cam­paign to do new and un­prece­dented things. The tech­niques used in the cam­paign it­self are not novel. And Gambit says there is ev­i­dence the sys­tems com­pro­mised were end-of-life or out-of-sup­port, and did not have rel­e­vant se­cu­rity up­dates ap­plied.

But what AI did do was en­able a sin­gle in­di­vid­ual to op­er­ate at far greater speed than they could pre­vi­ously.

The cur­rent fron­tier mod­els are prov­ing to be very use­ful at ac­cel­er­at­ing hacker op­er­a­tions, and AI is only im­prov­ing. From a de­fend­er’s per­spec­tive, this means a sin­gle cy­ber­crim­i­nal can al­ready op­er­ate at the speed of a small team. And we haven’t seen the worst of it. That’s not good news.

Three Reasons to Be Cheerful This Week:

U. S. dis­rupts Russian mil­i­tary in­tel­li­gence bot­net: The Department of Justice an­nounced on April 7 the court-au­tho­rized take­down of a small of­fice/​home of­fice bot­net run by the Russian GRU. The GRU had been com­pro­mis­ing TP-Link routers and hi­jack­ing DNS queries in or­der to mimic le­git­i­mate ser­vices and fa­cil­i­tate ad­ver­sary-in-the-mid­dle at­tacks. Krebs on Security has more on how the at­tacks were car­ried out.  FBI and Indonesian au­thor­i­ties dis­man­tle phish­ing net­work: The FBI an­nounced last week that it had dis­man­tled a phish­ing op­er­a­tion cen­tred on the W3LL phish­ing kit. The good news here is the col­lab­o­ra­tion with Indonesian au­thor­i­ties, which the FBI de­scribed as a first-of-its-kind joint cy­ber in­ves­ti­ga­tion.” The Indonesian National Police ar­rested the kit’s al­leged de­vel­oper.  Device Bound Session Credentials (DBSC) are ar­riv­ing: Google an­nounced last week that the Windows ver­sion of Chrome 146 sup­ports this new type of cookie and that it will be com­ing to MacOS shortly. DBSC pre­vents ses­sion theft by cryp­to­graph­i­cally link­ing an au­then­ti­ca­tion to­ken to a spe­cific de­vice. The idea is that even if mal­ware steals ses­sion cook­ies from a vic­tim’s browser, they quickly be­come use­less with­out a pri­vate key that is pro­tected in se­cure hard­ware mod­ules.

In our lat­est Between Two Nerds” dis­cus­sion, Tom Uren and The Grugq dis­cuss how the rise of AI, which is very good at vul­ner­a­bil­ity and ex­ploit de­vel­op­ment, will change the cy­ber­se­cu­rity in­dus­try and com­pe­ti­tion be­tween states.

Malicious LLM proxy routers found in the wild: A re­cently pub­lished aca­d­e­mic pa­per has stud­ied the emerg­ing ecosys­tem of LLM routers, a type of proxy that sits be­tween AI agents and the AI provider to help with load-bal­anc­ing and cost track­ing and lim­it­ing.

The re­search team tested 28 paid routers avail­able on mar­ket­places like Taobao, Xianyu, and on Shopify-hosted store­fronts, as well as 400 free routers avail­able on GitHub and other places.

The study searched for mul­ti­ple sus­pi­cious be­hav­iors, such as mod­i­fy­ing the re­sponse to in­ject com­mands, us­ing a de­lay/​trig­ger mech­a­nism to hide fu­ture bad com­mands be­hind a his­tory of clean op­er­a­tions, ac­cess­ing cre­den­tials that pass through them, and us­ing eva­sion tech­niques to thwart an­a­lysts.

France takes first steps to ditch Windows for Linux: The French gov­ern­ment is tak­ing its first ma­jor steps to ditch Windows for Linux and re­duce its de­pen­dency on U. S. tech for lo­cal European al­ter­na­tives.

The first de­part­ment to bite the bul­let will be the French Interministerial Directorate of Digital Affairs (DINUM). The agency is the un­of­fi­cial in­for­ma­tion tech­nol­ogy de­part­ment for the French gov­ern­ment, and this is very likely a test of how a mi­gra­tion could hap­pen at a larger scale.

The de­ci­sion was an­nounced April 8 at a sem­i­nar be­tween sev­eral French gov­ern­ment min­istries, which also pledged to pre­pare plans for their own mi­gra­tions and the al­ter­na­tives they might need.

China’s cy­ber­se­cu­rity strat­egy: The Natto Thoughts team has pub­lished an analy­sis of China’s cy­ber­se­cu­rity strat­egy in­cluded in the coun­try’s lat­est five-year plan re­leased ear­lier this year:

...

Read the original on www.lawfaremedia.org »

4 601 shares, 33 trendiness

I Measured Claude 4.7's New Tokenizer. Here's What It Costs You.

I Measured Claude 4.7′s New Tokenizer. Here’s What It Costs You. I Measured Claude 4.7′s New Tokenizer. Here’s What It Costs You.The docs said 1.0–1.35x more to­kens. On real con­tent, I mea­sured 1.47x.Anthropic’s Claude Opus 4.7 mi­gra­tion guide says the new to­k­enizer uses roughly 1.0 to 1.35x as many to­kens” as 4.6. I mea­sured 1.47x on tech­ni­cal docs. 1.45x on a real CLAUDE.md file. The top of Anthropic’s range is where most Claude Code con­tent ac­tu­ally sits, not the mid­dle.Same sticker price. Same quota. More to­kens per prompt. Your Max win­dow burns through faster. Your cached pre­fix costs more per turn. Your rate limit hits sooner.So Anthropic must be trad­ing this for some­thing. What? And is it worth it?I ran two ex­per­i­ments. The first mea­sured the cost. The sec­ond mea­sured what Anthropic claimed you’d get back. Here’s where it nets out.What does it cost?To mea­sure the cost, I used POST /v1/messages/count_tokens — Anthropic’s free, no-in­fer­ence to­ken counter. Same con­tent, both mod­els, one num­ber each per model. The dif­fer­ence is purely the to­k­enizer.First: seven sam­ples of real con­tent a Claude Code user ac­tu­ally sends — a CLAUDE.md file, a user prompt, a blog post, a git log, ter­mi­nal out­put, a stack trace, a code diff. Second: twelve syn­thetic sam­ples span­ning con­tent types — English prose, code, struc­tured data, CJK, emoji, math sym­bols — to see how the ra­tio varies by kind.The core loop is three lines of Python:Seven sam­ples pulled from real files a Claude Code user ac­tu­ally sends:Weighted ra­tio across all seven: 1.325x (8,254 → 10,937 to­kens).What changed in the to­k­eniz­erThree pat­terns in the data:CJK, emoji, and sym­bol con­tent moved 1.005–1.07x. A whole­sale new vo­cab­u­lary would shift these more uni­formly. That did­n’t hap­pen. Consistent with the non-Latin por­tions of the vo­cab­u­lary chang­ing less than the Latin. Token counts don’t prove which spe­cific slots were pre­served.Eng­lish and code moved 1.20–1.47x on nat­ural con­tent. Consistent with 4.7 us­ing shorter or fewer sub-word merges for com­mon English and code pat­terns than 4.6 did.Code is hit harder than unique prose (1.29–1.39x vs 1.20x). Code has more re­peated high-fre­quency strings — key­words, im­ports, iden­ti­fiers — ex­actly the pat­terns a Byte-Pair Encoding trained on code would col­lapse into long merges.Chars-per-to­ken on English dropped from 4.33 to 3.60. TypeScript dropped from 3.66 to 2.69. The vo­cab­u­lary is rep­re­sent­ing the same text in smaller pieces.That’s a hy­poth­e­sis, not a proof. Counting to­kens does­n’t tell you which spe­cific en­tries in Anthropic’s pro­pri­etary vo­cab­u­lary changed.60-min video les­son + CLAUDE.md starter kit. Yours when you sub­scribe.Why ship a to­k­enizer that uses more to­ken­sAn­throp­ic’s mi­gra­tion guide: more lit­eral in­struc­tion fol­low­ing, par­tic­u­larly at lower ef­fort lev­els. The model will not silently gen­er­al­ize an in­struc­tion from one item to an­other.“Smaller to­kens force at­ten­tion over in­di­vid­ual words. That’s a doc­u­mented mech­a­nism for tighter in­struc­tion fol­low­ing, char­ac­ter-level tasks, and tool-call pre­ci­sion. Partner re­ports (Notion, Warp, Factory) de­scribe fewer tool er­rors on long runs.The to­k­enizer is one plau­si­ble con­trib­u­tor. Weights and post-train­ing also changed. Token counts can’t sep­a­rate them.Does 4.7 ac­tu­ally fol­low in­struc­tions bet­ter?That’s the cost, mea­sured. Now the ques­tion: what did Anthropic trade for it?Their pitch is more lit­eral in­struc­tion fol­low­ing.” Plausible, but the to­ken-count data does­n’t prove it. I ran a di­rect test.IFE­val (Zhou et al., Google, 2023) is a bench­mark of prompts with ver­i­fi­able con­straints. Respond in ex­actly N words.” Include the word X twice.” No com­mas.” All up­per­case.” Each con­straint has a Python grader. Binary pass/​fail.IFE­val ships 541 prompts. I sam­pled 20 with a fixed seed, ran each through both mod­els, and graded with IFEval’s pub­lished checker.A small but di­rec­tion­ally con­sis­tent im­prove­ment on strict in­struc­tion fol­low­ing. Loose eval­u­a­tion is flat. Both mod­els al­ready fol­low the high-level in­struc­tions — the strict-mode gap comes down to 4.6 oc­ca­sion­ally mis­han­dling ex­act for­mat­ting where 4.7 does­n’t.Only one in­struc­tion type moved ma­te­ri­ally: change_­case:eng­lish_­cap­i­tal (0/1 → 1/1). Everything else tied. The one prompt that ac­tu­ally sep­a­rated the mod­els was a four-con­straint chain where 4.6 fum­bled one and 4.7 got all four.N=20. IFEval has 541 prompts. A 20-prompt sam­ple is enough to see di­rec­tion, not enough to be con­fi­dent about size. A +5pp delta at N=20 is con­sis­tent with any­thing from no real dif­fer­ence” to real +10pp im­prove­ment.“This mea­sures the net ef­fect of 4.6 → 4.7. Tokenizer, weights, and post-train­ing all changed. I can’t iso­late which one drove the +5pp. The causal link be­tween smaller to­kens” and better in­struc­tion fol­low­ing” re­mains a hy­poth­e­sis.Sin­gle gen­er­a­tion per prompt. Multiple runs per prompt would tighten the es­ti­mate.So: 4.7 fol­lows strict in­struc­tions a few points bet­ter than 4.6 on this sub­set. Small ef­fect, small sam­ple. Not the dramatic im­prove­ment” fram­ing Anthropic’s part­ners used in launch quotes — at least not on this bench­mark.The ex­tra to­kens bought some­thing mea­sur­able. +5pp on strict in­struc­tion-fol­low­ing. Small. Real. So: is that worth 1.3–1.45x more to­kens per prompt? Here’s the cost, ses­sion by ses­sion.Imag­ine a long Claude Code ses­sion — 80 turns of back-and-forth on a bug fix or refac­tor.The setup (what’s in your con­text each turn):One thing to ex­plain up­front: the av­er­age cached pre­fix across the 80 turns is ~86K to­kens, not 6K. The sta­tic 6K is tiny; the av­er­age his­tory across all turns (0 at turn 1, 160K at turn 80, av­er­age ~80K) dom­i­nates. Since most of the cache-read cost hap­pens in late turns where the his­tory is huge, that ~86K av­er­age is what ac­tu­ally gets billed per turn.Every to­ken in the pre­fix scales by its con­tent ra­tio:Con­ver­sa­tion his­tory (mostly English and code): 1.325x → 160K be­comes 212K by turn 80, av­er­ag­ing ~106K across the ses­sion­Aver­age cached pre­fix on 4.7: ~115K to­kens (up from 86K). Output to­kens are a wild­card — roughly the same as 4.6, up to ~30% higher if Claude Code’s new xhigh de­fault pro­duces more think­ing to­kens.The per-to­ken price did­n’t change. The per-ses­sion cost did, be­cause the same ses­sion packs more to­kens.For Max-plan users hit­ting rate lim­its in­stead of dol­lars: your 5-hour win­dow ends sooner by roughly the same ra­tio on English-heavy work. A ses­sion that ran the full win­dow on 4.6 prob­a­bly does­n’t on 4.7.How this hits the prompt cache­P­rompt caching is the ar­chi­tec­ture Claude Code runs on. The 4.7 to­k­enizer change in­ter­acts with caching in three ways:First 4.7 ses­sion starts cold. Anthropic’s prompt cache is par­ti­tioned per model — switch­ing from 4.6 to 4.7 in­val­i­dates every cached pre­fix, the same way switch­ing be­tween Opus and Sonnet does. The to­k­enizer change does­n’t cause this, but it makes the cold-start more ex­pen­sive: the pre­fix you’re writ­ing to the new cache is 1.3–1.45x larger than the 4.6 equiv­a­lent.Cache vol­ume grows by the to­ken ra­tio. 1.445x more to­kens in the CLAUDE.md por­tion means 1.445x more to­kens pay­ing cache-write once, and 1.445x more pay­ing cache-read every turn af­ter. The mech­a­nism still works. There’s just more of it to pay for.Same tran­script, dif­fer­ent count. Re-run a 4.6 ses­sion on 4.7 and your logs show a dif­fer­ent num­ber. If you base­line billing or ob­serv­abil­ity off his­tor­i­cal to­ken counts, ex­pect a step-change the day you flip the model ID.“Input is mostly cache reads. The per-to­ken cost barely changed.“Le­git­i­mate. In a ses­sion that stays within the 5-minute TTL, 96% of in­put is cache reads at $0.50/MTok — al­ready 90% off nom­i­nal. A 1.325x ra­tio on the cached por­tion is a smaller dol­lar im­pact than on fresh in­put.But Max plans count all to­kens to­ward rate lim­its, not dol­lars. And sev­eral pat­terns hit un­cached ter­ri­tory: first ses­sion af­ter a TTL ex­piry, every cache-bust event (CLAUDE.md ed­its, tool-list changes, model switches), and every com­paction event that rewrites the pre­fix. On those turns you pay the full ra­tio on the cache-write. The steady-state is a bright spot. The edges got nois­ier.Agreed. The real-world weighted ra­tio (1.325x) lands near the top of their range. Individual file types ex­ceed it — CLAUDE.md at 1.445x, tech­ni­cal docs at 1.473x. That’s the use­ful find­ing: the top of the doc­u­mented range is where most Claude Code con­tent sits, not the mid­dle. Plan around the up­per range, not the av­er­age.So: to­kens are 1.3–1.45x more ex­pen­sive on English and code. Anthropic bought you +5pp on strict in­struc­tion fol­low­ing. The sticker price did­n’t change. The ef­fec­tive per-ses­sion cost did.Is it worth it? That de­pends on what you send. You’re pay­ing ~20–30% more per ses­sion for a small but real im­prove­ment in how lit­er­ally the model fol­lows your prompt.

starter kit. Yours when you sub­scribe.

...

Read the original on www.claudecodecamp.com »

5 326 shares, 19 trendiness

smol-machines/smolvm: Tool to build & run portable, lightweight, self-contained virtual machines.

Ship and run soft­ware with iso­la­tion by de­fault.

This is a CLI tool that lets you:

Pack a state­ful vir­tual ma­chine into a sin­gle file (.smolmachine) to re­hy­drate on any sup­ported plat­form.

# in­stall (macOS + Linux)

curl -sSL https://​smol­ma­chines.com/​in­stall.sh | bash

# for cod­ing agents — in­stall + dis­cover all com­mands

curl -sSL https://​smol­ma­chines.com/​in­stall.sh | bash && smolvm –help

# run a com­mand in an ephemeral VM (cleaned up af­ter exit)

smolvm ma­chine run –net –image alpine — sh -c echo Hello world from a mi­croVM’ && un­ame -a”

# in­ter­ac­tive shell

smolvm ma­chine run –net -it –image alpine — /bin/sh

# in­side the VM: apk add sl && sl && exit

Sandbox un­trusted code — run un­trusted pro­grams in a hard­ware-iso­lated VM. Host filesys­tem, net­work, and cre­den­tials are sep­a­rated by a hy­per­vi­sor bound­ary.

# net­work is off by de­fault — un­trusted code can’t phone home

smolvm ma­chine run –image alpine — ping -c 1 1.1.1.1

# fails — no net­work ac­cess

# lock down egress — only al­low spe­cific hosts

smolvm ma­chine run –net –image alpine –allow-host reg­istry.npmjs.org — wget -q -O /dev/null https://​reg­istry.npmjs.org

# works — al­lowed host

smolvm ma­chine run –net –image alpine –allow-host reg­istry.npmjs.org — wget -q -O /dev/null https://​google.com

# fails — not in al­low list

Pack into portable ex­e­cuta­bles — turn any work­load into a self-con­tained bi­nary. All de­pen­den­cies are pre-baked — no in­stall step, no run­time down­loads, boots in

smolvm pack cre­ate –image python:3.12-alpine -o ./python312

./python312 run — python3 –version

# Python 3.12.x — iso­lated, no pyenv/​venv/​conda needed

smolvm ma­chine cre­ate –net myvm

smolvm ma­chine start –name myvm

smolvm ma­chine exec –name myvm — apk add sl

smolvm ma­chine exec –name myvm -it — /bin/sh

# in­side: sl, ls, un­ame -a — type exit’ to leave

smolvm ma­chine stop –name myvm

Use git and SSH with­out ex­pos­ing keys — for­ward your host SSH agent into the VM. Private keys never en­ter the guest — the hy­per­vi­sor en­forces this. Requires an SSH agent run­ning on your host (ssh-add -l to check).

smolvm ma­chine run –ssh-agent –net –image alpine — sh -c apk add -q openssh-client && ssh-add -l”

# lists your host keys, but they can’t be ex­tracted from in­side the VM

smolvm ma­chine exec –name myvm — git clone git@github.com:org/private-repo.git

im­age = python:3.12-alpine”

net = true

[network]

al­low_hosts = [“api.stripe.com”, db.example.com”]

[dev]

init = [“pip in­stall -r re­quire­ments.txt”]

vol­umes = [”./src:/app”]

[auth]

ssh_a­gent = true

smolvm ma­chine cre­ate myvm -s Smolfile

smolvm ma­chine start –name myvm

Each work­load gets real hard­ware iso­la­tion — its own ker­nel on Hypervisor.framework (macOS) or KVM (Linux). libkrun VMM with cus­tom ker­nel: libkrunfw. Pack it into a .smolmachine and it runs any­where the host ar­chi­tec­ture matches, with zero de­pen­den­cies.

Images use the OCI for­mat — the same open stan­dard Docker uses. Any im­age on Docker Hub, ghcr.io, or other OCI reg­istries can be pulled and booted as a mi­croVM. No Docker dae­mon re­quired.

Defaults: 4 vC­PUs, 8 GiB RAM. Memory is elas­tic via vir­tio bal­loon — the host only com­mits what the guest ac­tu­ally uses and re­claims the rest au­to­mat­i­cally. vCPU threads sleep in the hy­per­vi­sor when idle, so over-pro­vi­sion­ing has near-zero cost. Override with –cpus and –mem.

* Network is opt-in (–net on ma­chine cre­ate). TCP/UDP only, no ICMP.

* ma­cOS: bi­nary must be signed with Hypervisor.framework en­ti­tle­ments.

* –ssh-agent re­quires an SSH agent run­ning on the host (SSH_AUTH_SOCK must be set).

...

Read the original on github.com »

6 268 shares, 15 trendiness

NASA Force

Skip to main con­tent

An of­fi­cial web­site of the United States gov­ern­ment

NASA Force is a new hir­ing ini­tia­tive—de­vel­oped in part­ner­ship with the U. S. Office of Personnel Management—designed to bring ex­cep­tional tech­ni­cal tal­ent into mis­sion-crit­i­cal roles that sup­port NASAs ex­plo­ration, re­search, and ad­vanced tech­nol­ogy pri­or­i­ties. Highly skilled early- to mid- ca­reer en­gi­neers, tech­nol­o­gists, and in­no­va­tors join NASA for fo­cused term ap­point­ments, typ­i­cally 1–2 years with the pos­si­bil­ity of ex­ten­sion, to solve com­plex chal­lenges and help main­tain U.S. lead­er­ship in air and space. Through NASA Force, you will con­tribute to mis­sions that ad­vance hu­man space­flight, aero­nau­tics, and sci­en­tific dis­cov­ery while help­ing ex­pand hu­man­i­ty’s un­der­stand­ing of the uni­verse. You will take a sys­tems ap­proach to solv­ing prob­lems, work­ing across teams and dis­ci­plines from con­cept to ex­e­cu­tion. Your work will de­mand tech­ni­cal ex­cel­lence, crit­i­cal think­ing, and con­tin­u­ous learn­ing, and every con­tri­bu­tion will di­rectly sup­port NASAs mis­sion. Work on flight sys­tems, lu­nar in­fra­struc­ture, and ad­vanced tech­nolo­gies that go from con­cept to ex­e­cu­tion and sup­port real mis­sions be­yond Earth.Work on flight sys­tems, lu­nar in­fra­struc­ture, and ad­vanced tech­nolo­gies that go from con­cept to ex­e­cu­tion and sup­port real mis­sions be­yond Earth.Collaborate di­rectly with en­gi­neers, sci­en­tists, and part­ners shap­ing the fu­ture of space, aero­nau­tics, and na­tional ca­pa­bil­ity.Ex­pand your tech­ni­cal depth by solv­ing com­plex, real-world prob­lems where the stan­dard is per­for­mance, not the­ory.Share knowl­edge, men­tor oth­ers, and con­tribute to a cul­ture that com­pounds ca­pa­bil­ity across NASAs work­force. HOW YOU WILL ENTER THE MISSION You will join a col­lab­o­ra­tive, mis­sion-dri­ven team where ideas are val­ued, con­tri­bu­tions are rec­og­nized, and in­no­va­tion is part of every­day work. NASA Force of­fers an op­por­tu­nity to grow across pro­jects and dis­ci­plines, build your ex­per­tise, and take on new chal­lenges while work­ing along­side some of the world’s lead­ing minds. Propulsion sys­tems sup­port across the Commercial Crew Program, Launch Services Program, and Artemis If You Want Your Work to Operate Beyond Earth, This is Where it Begins.

...

Read the original on nasaforce.gov »

7 219 shares, 0 trendiness

Israel escalates attacks on medics in Lebanon with deadly ‘quadruple tap’

When they re­ceived the call to re­spond to an Israeli airstrike in the city of Mayfadoun, in south­ern Lebanon, most of the para­medics held back, hav­ing pre­vi­ously seen col­leagues killed by dou­ble-tap at­tacks tar­get­ing res­cuers. But the medics from the Islamic Health Association (IHA) rushed to the scene.

By the time the other emer­gency work­ers ar­rived at the site, they found the IHA medics had in­deed been caught in a sec­ond strike. They started evac­u­at­ing their wounded col­leagues, only for their am­bu­lances to be hit in two fur­ther at­tacks.

One of the para­medics cov­ered his ears and screamed, con­vuls­ing in pain as shrap­nel shat­tered the back win­dow of the am­bu­lance.

The res­cue mis­sion on Wednesday af­ter­noon had turned into a night­mare as Israel car­ried out three con­sec­u­tive strikes on three sets of am­bu­lances and med­ical work­ers.

In to­tal, the at­tacks killed four medics and wounded six more, from three dif­fer­ent am­bu­lance corps, ac­cord­ing to med­ical sources. Three of the medics were from the Hezbollah-affiliated IHA and Amal-affiliated med­ical corps, while one was from the Nabatieh emer­gency ser­vices or­gan­i­sa­tion. Under in­ter­na­tional law, all medics are pro­tected and are con­sid­ered non-com­bat­ants, re­gard­less of po­lit­i­cal af­fil­i­a­tion.

Rescuers in Lebanon have long been wary of the dou­ble-tap at­tack, when Israeli forces tar­get a lo­ca­tion, wait un­til peo­ple gather to help sur­vivors, and then strike again. Wednesday’s three-wave at­tack af­ter the ini­tial one prompted the coin­ing of a fear­some new term: the quadru­ple tap.

In a video taken by one of the para­medics at the site, res­cuers are seen load­ing two wounded peo­ple into their am­bu­lances when a bomb lands next to their ve­hi­cle. Paramedics rush to ex­tract the dri­ver, who is mo­tion­less and limp as they pull him from the am­bu­lance, which is splashed with blood. Oh God, oh God,” the man film­ing can be heard say­ing. They carry two more blood-cov­ered medics out of their ve­hi­cle and on to stretch­ers.

Among the para­medics killed was Fadel Sarhan, 43, who is sur­vived by his eight-year-old daugh­ter.

Fadel was a very loved per­son. He had a bold per­son­al­ity, but at the same time, he was emo­tional. He was well liked and re­spon­si­ble,” said Ali Nasr al-Deen, the head of the Mayfadoun civil de­fence cen­tre who grew up with Sarhan.

He used to feed the cats and dogs. He would bring pet food from Beirut so they would­n’t go hun­gry. He was that kind of per­son, car­ing and at­ten­tive. It’s a huge loss for us,” said Nasr al-Deen.

Medics mourned their col­leagues on Thursday at fu­ner­als in Nabatieh, a city near Mayfadoun. Such events have be­come in­creas­ingly com­mon, with health­care work­ers killed by Israeli bomb­ings on a near daily ba­sis.

Mohammed Suleiman, whose 16-year-old son, Joud, was killed while on duty as a para­medic by an Israeli strike weeks ear­lier, joined his peers in bury­ing an­other of his friends on Thursday. A few hours af­ter the fu­ner­als, Israel car­ried out an­other wave of airstrikes on Nabatieh.

Israel has so far killed 91 health­care work­ers and wounded 214 more in Lebanon since the Israel-Hezbollah war started on 2 March. It has given lit­tle jus­ti­fi­ca­tion for its re­peated at­tacks on med­ical in­fra­struc­ture and work­ers, apart from ac­cus­ing Hezbollah of us­ing am­bu­lances and hos­pi­tals to trans­port fight­ers and weapons, with­out pro­vid­ing ev­i­dence for the claim.

The Lebanese min­istry of health ac­cused Israel of de­lib­er­ately tar­get­ing am­bu­lance crews. Paramedics have be­come di­rect tar­gets, pur­sued re­lent­lessly in a bla­tant vi­o­la­tion that con­firms a to­tal dis­re­gard for all norms and prin­ci­ples es­tab­lished by in­ter­na­tional hu­man­i­tar­ian law,” the min­istry said in a state­ment.

The Israeli mil­i­tary did not im­me­di­ately re­spond to a re­quest for com­ment.

In the video taken of the quadru­ple tap on Wednesday, the frame was frozen on the in­te­rior of the am­bu­lances, as the Nabatieh emer­gency ser­vices high­lighted that the ve­hi­cle clearly con­tained no weapons.

A few hours af­ter Israel hit the am­bu­lances out­side Nabatieh, it bombed the vicin­ity of the gov­ern­men­tal hos­pi­tal in Tebnine, south Lebanon. It was the sec­ond time in two days that Israeli bomb­ings dam­aged the health­care fa­cil­ity, which is the only re­main­ing pub­lic hos­pi­tal in the area. The strikes in­jured 11 hos­pi­tal work­ers and dam­ag­ing the emer­gency de­part­ment, ac­cord­ing to the World Health Organization (WHO).

A video of Tebnine hos­pi­tal from 14 April showed work­ers try­ing to clear shat­tered con­crete and de­bris from the emer­gency de­part­ment af­ter a strike blew in the win­dows.

Commenting on the strike in Tebnine, the head of the WHO, Tedros Adhanom Ghebreyesus, said: I re­it­er­ate the call for the im­me­di­ate pro­tec­tion of health­care fa­cil­i­ties, health work­ers, am­bu­lances and pa­tients. There must be safe, sus­tained and un­hin­dered hu­man­i­tar­ian ac­cess across Lebanon.”

An am­bu­lance in Tebnine was also struck on Thursday, lead­ing to the crit­i­cal in­jury of two medics, ac­cord­ing to the Lebanese min­istry of health. As health­care work­ers watched their col­leagues and friends be­ing killed by Israel, the men­tal toll was be­com­ing al­most too much to bear.

We have to go to places to res­cue peo­ple, but then we get dou­ble tapped,” said Abbas Atwi, the head of the IHAs emer­gency de­part­ment in Nabatieh, shortly af­ter a med­ical cen­tre was tar­geted in March, killing his friends and col­leagues. But we will stay and keep go­ing, we will not leave.”

...

Read the original on www.theguardian.com »

8 200 shares, 16 trendiness

I'm Coding by Hand

ai is here. so i’m spend­ing 3 months cod­ing the old wayI de­cided to move to Brooklyn for a cod­ing re­treat. There were some per­sonal rea­sons that brought me back to the US. But rather than head­ing im­me­di­ately back to work, I wanted to take some time to fo­cus on cod­ing things mostly with­out AI — at pre­cisely the time when many suc­cess­ful pro­gram­mers are say­ing pro­gram­ming is a solved prob­lem. Given that I’m now six weeks through this re­treat, I’ll also take some time to ex­plain what I’ve been do­ing in that time. For the past two years, I’ve been build­ing AI agents at Aily Labs in Barcelona along­side some su­per tal­ented en­gi­neers. One of my first pro­jects was build­ing a web search agent we could use in­ter­nally in early 2024… al­most 6 months be­fore Anthropic’s Building Effective AI Agents ar­ti­cle came out and a year be­fore OpenAI’s DeepResearch came out! We were also early on Cursor, early on us­ing LLMs to make knowl­edge graphs, and con­stantly test­ing out new ap­proaches for our use cases. One of my fa­vorite parts of work­ing at Aily was lead­ing a weekly jour­nal club. I chose to pre­sent pa­pers that de­scribed how open source LLMs were built, in­clud­ing DeepSeek R1, Ai2’s Olmo 3, and Meta’s Llama 3 pa­per. All of these helped us un­der­stand the evolv­ing trade­offs be­tween train­ing mod­els in­ter­nally or build­ing work­flows around SOTA closed mod­els. I was al­ready hooked on LLMs since the first time I tried them in 2023, but I found my cu­rios­ity kept bring­ing me back to learn­ing about how they worked and how to ap­ply them.At the same time as I was learn­ing about LLMs and agents, I was also us­ing them to code. I learned that when writ­ing code by hand” I was ac­tu­ally do­ing two things: writ­ing what I wanted and learn­ing the code base. When I used a cod­ing agent how­ever, I would get ex­actly what I spec­i­fied in my prompt, for bet­ter or worse. By this I mean that if I did­n’t know what I wanted ex­actly, cod­ing agents would be happy to make many as­sump­tions for me. This al­most al­ways meant that I did­n’t learn as much, and that I would­n’t have a good grasp of the code­base.At the ex­act same time, cod­ing agents helped me it­er­ate quickly and ship soft­ware that worked well (after some du­ti­ful test­ing, of course). They were also, I found, ex­cel­lent tu­tors. Cal Newport, a com­puter sci­ence pro­fes­sor and writer of Deep Work and other pop­u­lar pro­duc­tiv­ity books, re­cently wrote about this trade­off in a way that res­onated with me. In the ar­ti­cle, he makes an anal­ogy be­tween the re­la­tion­ship of ex­er­cise to health, and the re­la­tion­ship of think­ing to craft: Your writ­ing should be your own. The strain re­quired to craft a clear memo or re­port is the men­tal equiv­a­lent of a gym work­out by an ath­lete; it’s not an an­noy­ance to be elim­i­nated but a key el­e­ment of your craft.I think the same ap­plies to writ­ing code. At Aily, the peo­ple I worked with who were amaz­ing pro­gram­mers were in most cases also amaz­ing users of AI. Their deeper knowl­edge sim­ply gave them more lever­age over this tool. In the day to day of ship­ping agents into pro­duc­tion, I did­n’t stop learn­ing. But I did have a grow­ing list of cod­ing and com­puter con­cepts that I was al­ways too busy to learn about. So when I needed to head back to the US, I re­al­ized it was the per­fect time to fo­cus on this at the Recurse Center.What is a code re­treat any­way? Recurse Center (RC) is a self-di­rected, full-time pro­gram­ming re­treat in Brooklyn. After an ap­pli­ca­tion and a cod­ing in­ter­view, Recursers ar­rive with ideas for what they want to pro­gram, and then spend 6 or 12 weeks pro­gram­ming. One of the high­lights of RC is that it is col­lab­o­ra­tive: you en­ter with a co­hort of other pro­gram­mers, many with decades of ex­pe­ri­ence, and with rad­i­cally dif­fer­ent ex­per­tises. Another high­light: it’s free! Coming into RC, my goals were the fol­low­ing: Train an LLM from scratch. This in­cludes pre- and post-train­ing, and I want to do this mostly from scratch; not just fork a pre­made code­base but write a Transformer my­self. Get bet­ter at writ­ing Python by hand. I’ve been work­ing in Python for a few years now but I know there’s still so much for me to learn. I want to get to the point where I need to ref­er­ence doc­u­men­ta­tion or ask LLMs as lit­tle as pos­si­ble, and have good in­tu­ition for how to set up var­i­ous pro­jects.Un­der­stand com­put­ers bet­ter. Admittedly a broad goal, I know that com­put­ers are ex­tremely com­pli­cated ma­chines that op­er­ate at many lev­els of ab­strac­tion. Given that I never had a for­mal Computer Science ed­u­ca­tion I want to build a bet­ter men­tal model of these lay­ers and how they work to­gether. I don’t have a su­per con­crete plan here, but I think RC will be the per­fect place for this.So how is it go­ing? I’ve done the first as­sign­ment from Stanford’s CS336: Language Modeling from Scratch course, with­out cod­ing help from an LLM. For con­text, it was a 50-page as­sign­ment, but work­ing with an­other Recurser, we wrote an op­ti­mized to­k­enizer in Python, and then built out an up­graded GPT-2 style ar­chi­tec­ture in PyTorch. We ran mul­ti­ple ab­la­tions to tune hy­per­pa­ra­me­ters on the Tiny Stories datasets, and then used those hy­per­pa­ra­me­ters on the ~9 bil­lion to­kens of the OpenWebText dataset.Pa­ra­me­ter sweep of dif­fer­ent learn­ing rates for the 17M pa­ra­me­ter model we wrote by hand; high learn­ing rates lead to in­sta­bil­ity. This was on the Tiny Stories dataset, and took about an hour to train on an A100. My plan is to do the other as­sign­ments in CS336 as well: op­ti­miz­ing our lan­guage model, es­ti­mat­ing and com­put­ing scal­ing laws, con­vert­ing raw text data into pre-train­ing data, and fi­nally post-train­ing a model. I’ve al­ready started the sec­ond as­sign­ment which in­volves pro­fil­ing GPUs and im­ple­ment­ing FlashAttention2 in Triton. There’s a lot to do, but ide­ally I can run through the meat of these as­sign­ments and then post-train my own model.2. Getting Better at Writing Python from ScratchI’ve been writ­ing a lot of small agents and neural net­works in Python or PyTorch to prac­tice. But by far the most help­ful thing was pair pro­gram­ming with peo­ple who have been work­ing in Python for 10+ years, and just watch­ing them work or hav­ing them watch me work. For ex­am­ple, a nice thing I picked up from some­one I pair pro­grammed with: when this guy was writ­ing code and did­n’t quite re­mem­ber the syn­tax or op­er­a­tions, he would of­ten just quickly open up a ter­mi­nal and type a su­per sim­ple ex­am­ple to rapidly it­er­ate. He was usu­ally able to work it out and ver­ify if it worked cor­rectly in less than a minute, and he did­n’t have to google any­thing and comb through search re­sults or ask an LLM. This tech­nique might seem ob­vi­ous to some, but mak­ing this process mus­cle mem­ory has helped me be­come un­stuck much faster. I want to keep mov­ing in this di­rec­tion, do­ing sim­ple pro­jects or even just prob­lems like Advent of Code while pair pro­gram­ming. Working with some­one else live was ini­tially a bit nerve-rack­ing, but pre­cisely be­cause of this I’ve no­ticed a lot of progress. Here are a few ex­am­ples of things I’ve done which I’d clas­sify as help­ing me un­der­stand com­put­ers bet­ter:I wrote the clas­sic pro­gram­ming func­tion fizzbuzz in BASIC on an Apple IIe com­puter from 1983. It was cool see­ing how dif­fer­ently com­put­ers worked back then, for ex­am­ple how man­ual the code edit­ing and ex­e­cu­tion process was, but also how it was ba­si­cally the same. One thing I’ve al­ways felt a bit self-con­scious about are my Unix/terminal skills. So I joined CTF Fridays, a weekly ses­sion de­voted to work­ing through Bandit and other war games.” These are Unix and com­puter se­cu­rity re­lated chal­lenges played through the ter­mi­nal, with the ob­jec­tive of col­lect­ing pass­words and lev­el­ing up. Now I have a pretty good sense for what Claude Code is try­ing to run on my com­puter!One day I hand-coded a sin­gle layer per­cep­tron I saw when flip­ping through an AI text­book… com­pletely in Vim. It was es­pe­cially te­dious at first, but I got some pro tips from an­other Recurser and learned a few short­cuts. This has ac­tu­ally been in­cred­i­bly use­ful now when I’m run­ning train­ing jobs on cloud GPUs and I need to last-minute edit files. I joined a Clojure work­shop given by some­one who has 15+ years of ex­pe­ri­ence us­ing Clojure. The topic it­self was in­ter­est­ing be­cause Clojure is a func­tional pro­gram­ming lan­guage and I don’t have much ex­pe­ri­ence with func­tional lan­guages. The teach­ing method­ol­ogy was also great: af­ter a brief in­tro we did a round of mob pro­gram­ming, where we solved a prob­lem col­lec­tively, go­ing around the table with each per­son get­ting a minute or two to ad­vance the so­lu­tion. The weekly tech­ni­cal pre­sen­ta­tions are great ex­po­sure to an in­cred­i­ble ar­ray of top­ics. These are a set of 5-minute talks, so they are short enough that you don’t get bored but fast enough that you can learn some­thing mean­ing­ful. A sam­ple of ti­tles: Running Rust Code”, GPUs for Dummies”, Typesafe APIs for Type B Personalities”, Some Useless Agents” (this one was mine!), and more. I’ve given two so far: one on sim­ple agent ar­chi­tec­tures, one on scal­ing MCP tools ef­fi­ciently; and will give an­other this week on dif­fer­ent ways to op­ti­mize GPUs. Even just hear­ing from peo­ple about their pro­jects and ca­reers has been in­cred­i­bly valu­able in help­ing me un­der­stand the space of prob­lems com­put­ers can solve.Soon I’ll be ship­ping agents to prod and run­ning evals with a whole new bag of tricks and skills. But for now I’ve got 6 more weeks left at RC, which I’m be­gin­ning to worry is not enough time to fin­ish every­thing on my list. And it won’t be. But that’s what makes RC so great: it’s not as much about cross­ing every­thing off my list but about spend­ing time cod­ing.

...

Read the original on miguelconner.substack.com »

9 199 shares, 12 trendiness

Tesla tells HW3 owner to 'be patient' after 7 years of waiting for FSD

The Dutch Tesla owner who launched a col­lec­tive claim against Tesla over FSD on HW3 cars called Tesla to ask about the €6,400 he paid for Full Self-Driving” in 2019. After 7 years of wait­ing, Tesla’s an­swer was to just be pa­tient.”

It’s an al­most com­i­cally tone-deaf re­sponse that per­fectly en­cap­su­lates Tesla’s ap­proach to the HW3 prob­lem — and it’s only go­ing to fuel the grow­ing le­gal pres­sure in Europe.

Mischa Sigtermans, the Dutch Model 3 owner who launched the HW3 col­lec­tive claim site we re­ported on ear­lier this week, called Tesla to­day and recorded the en­tire con­ver­sa­tion. He posted the de­tails in a thread on X.

Sigtermans paid €6,400 for FSD when he bought one of the first Model 3s in the Netherlands in 2019. Last week, the Dutch ve­hi­cle au­thor­ity RDW granted Tesla type ap­proval for FSD Supervised — the first in the EU. But the ap­proved build only runs on Tesla’s newer AI4 com­puter. HW3 cars like his get noth­ing.

So he called Tesla. His first ques­tion: when does FSD come to HW3 cars?

Tesla’s an­swer: No in­for­ma­tion about when it comes, or if it comes at all.”

Not when. If.

Sigtermans then asked what ex­actly he paid for. Tesla told him he paid for the full self-drive ca­pa­bil­ity.” As he pointed out, that’s what’s on his 2019 in­voice — capability.” Not supervised.” Not lite.” The full ca­pa­bil­ity.

When he brought up Musk’s ad­mis­sion that HW3 is­n’t enough for un­su­per­vised FSD, Tesla said it had no in­for­ma­tion about this.” When he asked about the promised free hard­ware up­grade, Tesla said there was no in­for­ma­tion within Europe.” When he asked how Tesla plans to han­dle all the Europeans who bought FSD on HW3, Tesla said: We share what­ever in­for­ma­tion is avail­able at that mo­ment.” The in­for­ma­tion avail­able: none.

Sigtermans then told the agent about the 3,000 HW3 own­ers from 29 coun­tries who signed up to his claim site — rep­re­sent­ing €6.5 mil­lion in FSD pur­chases. He asked to speak to a spokesper­son about find­ing a so­lu­tion. The agent put him on hold, checked with his man­ager, and came back with the fi­nal an­swer: You just have to be pa­tient.”

After Sigtermans hung up, Tesla im­me­di­ately closed his case. He re­ceived an au­to­mated email: Your ques­tion is closed” — with a link to book a test drive.

The full con­text here makes Tesla’s be pa­tient” re­sponse even more ab­surd. Here’s what HW3 own­ers have been told over the years:

In 2019, when Sigtermans and hun­dreds of thou­sands of other own­ers pur­chased FSD, Tesla sold it as a pack­age that would en­able full au­ton­omy through soft­ware up­dates alone. The hard­ware was sup­pos­edly suf­fi­cient.

By August 2024, Tesla VP of AI Ashok Elluswamy ac­knowl­edged that HW3 runs a relatively smaller model” than AI4 with workarounds. The gap be­tween HW3 and HW4 was widen­ing, not clos­ing.

In January 2025, Elon Musk fi­nally ad­mit­ted what many had long sus­pected: Tesla would need to re­place all HW3 com­put­ers in ve­hi­cles where FSD was pur­chased.” On the Q4 2024 earn­ings call, he called the hard­ware re­place­ment painful and dif­fi­cult” and said he was kind of glad that not that many peo­ple bought the FSD pack­age.”

Tesla even filed a patent de­scrib­ing a math trick” to squeeze a mod­ern FSD model onto HW3. The patent it­self ac­knowl­edges this workaround can ren­der the sys­tem inoperable” for per­cep­tion units.

Now, 15 months af­ter Musk’s ad­mis­sion, Tesla still has no hard­ware retro­fit pro­gram, no re­fund pol­icy, and no con­crete time­line. The com­pany has vaguely promised a stripped-down v14 Lite” for HW3 some­time in Q2 2026, but that’s a fun­da­men­tally dif­fer­ent prod­uct than what was sold. It’s a diet ver­sion of a sys­tem that it­self is still only Level 2 dri­ver as­sis­tance — not the au­tonomous dri­ving Tesla orig­i­nally promised.

And when an owner who has waited since 2019 calls to ask about it, the an­swer is: be pa­tient.

Sigtermans is­n’t just vent­ing on X. He launched hw3­claim.nl, a site to bun­dle HW3 + FSD own­ers across the EU into a col­lec­tive claim against Tesla, seek­ing €6,800 per owner. In one week, 3,000 own­ers from 29 coun­tries signed up — rep­re­sent­ing over €6 mil­lion in FSD pur­chases.

The tim­ing is sig­nif­i­cant. FSD launch­ing in Europe was al­ways go­ing to be the mo­ment the HW3 prob­lem stopped be­ing ab­stract and be­came a con­crete, quan­tifi­able harm. European own­ers can now see ex­actly what they’re miss­ing — their neigh­bors with AI4 cars are get­ting FSD Supervised, while they get noth­ing de­spite pay­ing thou­sands of eu­ros for the same promise.

EU con­sumer pro­tec­tion law is con­sid­er­ably stronger than what Tesla faces in the US. Buyers have ro­bust rights around con­for­mity with ad­ver­tised fea­tures, and coun­tries like the Netherlands, Germany, and France have ma­ture col­lec­tive-re­dress frame­works.

This is­n’t the first le­gal ac­tion ei­ther. In October 2025, thou­sands of Tesla own­ers joined a class-ac­tion law­suit in Australia al­leg­ing Tesla mis­rep­re­sented FSD ca­pa­bil­i­ties. That ac­tion was di­rectly trig­gered by Musk’s HW3 ad­mis­sion.

Be pa­tient” is an ex­tra­or­di­nary thing to tell some­one who paid you €6,400 seven years ago for a prod­uct you now ad­mit you can’t de­liver on their hard­ware.

We’ve been cov­er­ing the HW3 saga for years, and this phone call per­fectly cap­tures the core prob­lem: Tesla has no an­swer. Not a bad an­swer — no an­swer. The com­pany has­n’t an­nounced a retro­fit pro­gram, has­n’t of­fered re­funds, has­n’t set a time­line. All it can of­fer is the same thing it’s been of­fer­ing since 2019: wait.

The dif­fer­ence now is that the wait­ing has an end­point, and it’s not the one Tesla promised. FSD launched in Europe last week, and HW3 own­ers are locked out. The harm is­n’t the­o­ret­i­cal any­more — it’s their neigh­bor dri­ving with FSD while they stare at the same coming soon” mes­sage they’ve had for seven years.

Sigtermans’ col­lec­tive claim is go­ing to grow. EU con­sumer law is built for ex­actly this sce­nario: a com­pany that sold a ca­pa­bil­ity it can­not de­liver. Tesla’s own CEO ad­mit­ted HW3 can’t sup­port self-dri­ving. Tesla’s own patent de­scribes workarounds that can ren­der the sys­tem inoperable.” That’s not a he-said-she-said — that’s Tesla’s own pa­per trail.

I’m in­creas­ingly con­vinced this will end up in court. And when it does, be pa­tient” is go­ing to look very bad in front of a European judge.

...

Read the original on electrek.co »

10 198 shares, 10 trendiness

Risky Bulletin: NIST gives up enriching most CVEs

This newslet­ter is brought to you by Corelight. You can sub­scribe to an au­dio ver­sion of this newslet­ter as a pod­cast by search­ing for Risky Business” in your pod­catcher or sub­scrib­ing via this RSS feed. You can also add the Risky Business newslet­ter as a Preferred Source to your Google search re­sults by go­ing here.

The US National Institute of Standards and Technology an­nounced on Wednesday a new pol­icy re­gard­ing the US National Vulnerability Database, which the agency has been strug­gling to keep up­dated with de­tails for every new vul­ner­a­bil­ity added to the sys­tem.

Going for­ward, NIST says its staff will only add data—in a process called en­rich­ment—only for im­por­tant vul­ner­a­bil­i­ties.

This will in­clude three types of se­cu­rity flaws, which the agency says are crit­i­cal to the safe op­er­a­tion of US gov­ern­ment net­works and its pri­vate sec­tor.

* CVE en­tries for vul­ner­a­bil­i­ties listed in CISA KEV, a data­base of ac­tively ex­ploited bugs;

* CVEs in soft­ware known to be used by US fed­eral agen­cies;

* and CVEs in what the agency clas­si­fies as critical soft­ware.”

This lat­ter cat­e­gory sounds re­stric­tive, but is in fact quite broad and in­cludes all the ma­jor soft­ware you’d ex­pect and want to have prop­erly en­riched CVEs for. Stuff like op­er­at­ing sys­tems, web browsers, se­cu­rity soft­ware, fire­walls, backup soft­ware, and VPNs; they are all on the list [PDF], which you can also see be­low this post.

NIST has been strug­gling to en­rich CVEs for more than two years due to an ex­plo­sion in bug dis­cov­er­ies and mount­ing costs, also made worse by the Trump ad­min­is­tra­tion’s re­cent cuts to var­i­ous DHS and CISA bud­gets.

Its prob­lems started in early 2024, when a hand­ful of 2,100+ CVE en­tries that were left with­out en­riched meta­data turned into al­most 30,000 by the end of the year. Despite ef­forts to catch up and add de­tails to all CVEs pub­lished in the NVD, the agency is still tens of thou­sands of bugs be­hind.

The NIST an­nounce­ment is a ca­pit­u­la­tion, with the agency ad­mit­ting it won’t ever catch up due to its cur­rent bud­getary cir­cum­stances.

It is a smart de­ci­sion. Even though this sounds as a blas­phemy for the in­fosec peo­ple in the vul­ner­a­bil­ity man­age­ment space, the only way for­ward for NIST was to fo­cus on the im­por­tant bugs only and giv­ing up on all the CVE chaff.

Each year, there are tens of thou­sands of vul­ner­a­bil­i­ties be­ing re­ported in all kinds of no-name soft­ware you have never heard of, in all the tiny li­braries that barely have 100 stars on GitHub, and all the IoT gear and their firmware com­po­nents.

The an­nounce­ment is not what the vul­ner­a­bil­ity man­age­ment com­pa­nies wanted, since many of them re­lied on pack­ag­ing the NVD out­put into their own vul­ner­a­bil­ity scan­ners, dash­boards, and re­port­ing tools.

With some of that out­put set to dis­ap­pear for good, they will have to find other places to get the data, or en­rich it them­selves. Aikido Security’s Sooraj Shah has an ex­cel­lent take on what this means for the in­dus­try

The cy­ber­se­cu­rity in­dus­try was ex­pect­ing this to hap­pen. At a January quar­terly meet­ing, NIST of­fi­cials talked about rethinking” the agen­cy’s role in an­a­lyz­ing soft­ware vul­ner­a­bil­i­ties, and hinted at a plan to only triage the im­por­tant bugs.

NIST says that be­sides fo­cus­ing on en­rich­ing only the big bugs, it will also stop pro­vid­ing its own CVSS sever­ity scores for NVD en­tries, and will now show the sever­ity score ini­tially as­signed by the or­ga­ni­za­tion that is­sued the CVE.

This opens the door for a lot of in­fosec drama. Some of the or­ga­ni­za­tions that is­sue CVE num­bers are also the mak­ers of the reported” soft­ware, and these com­pa­nies are ex­tremely likely to is­sue low sever­ity scores and down­play their own bugs.

This has been hap­pen­ing for decades, and if you read enough vul­ner­a­bil­ity write-ups, you’ll of­ten find se­cu­rity re­searchers ac­cus­ing com­pa­nies of bla­tantly down­grad­ing CVSS scores and mis­char­ac­ter­iz­ing their own bugs to down­play the bug’s im­pact, over and over again.

More than 48,000 vul­ner­a­bil­i­ties re­ceived a CVE num­ber last year and NIST is giv­ing up right be­fore ex­perts an­tic­i­pate this num­ber will ex­plode with the broad adop­tion of AI cy­ber­se­cu­rity agents de­signed to help im­prove vul­ner­a­bil­ity dis­cov­ery.

The in­te­gra­tion of AI vul­ner­a­bil­ity scan­ners is likely to yield a few ma­jor bugs, but they’re also ex­pected to pro­duce moun­tains of CVE chaff that no hu­man team at NIST would have been able to keep up with any­way.

NISTs new en­rich­ment pol­icy en­tered into ef­fect this week, on Wednesday, April 15.

The main Risky Business pod­cast is now on YouTube with video ver­sions of our re­cent episodes. Below is our lat­est weekly show with Pat and Adam at the helm!

Russian hack­ers tar­geted a Swedish ther­mal plant: A pro-Russ­ian hack­tivist group tried to dis­rupt a Swedish ther­mal power ​plant last year. The at­tack tar­geted a power plant in west­ern ​Sweden last spring. The in­tru­sion was caught by the plan­t’s built-in safe­guards. Swedish of­fi­cials linked the group to Russia’s se­cu­rity ser­vices. [EnergyWatch // SVT]

Russia hacked Ukrainian pros­e­cu­tors: Russian hack­ers have bro­ken into the emails of more than 170 Ukrainian pros­e­cu­tors. The cam­paign sought to gain ac­cess to in­ves­tiga­tive in­for­ma­tion. The at­tacks were linked to APT28, a cy­ber unit in­side Russia’s mil­i­tary in­tel­li­gence agency, the GRU. The same cam­paign also breached mil­i­taries in Greece, Romania, and Serbia. The hacks are part of a cam­paign spot­ted last month by Ctrl-Alt-Intel. [Reuters]

Grinex shuts down af­ter hack: Russian cryp­tocur­rency ex­change Grinex has shut­tered op­er­a­tions fol­low­ing a theft this week. The com­pany claims Western in­tel­li­gence agen­cies” broke into its wal­lets and stole $13 mil­lion (1 bil­lion rubles) worth of as­sets. The ex­change was sanc­tioned by US au­thor­i­ties last August for help­ing Russia evade sanc­tions and laun­der­ing ran­somware pay­ments. A TRM Labs re­port found that Grinex was a re­brand of an older Russian crypto ex­change Garantex, also sanc­tioned for the same things. [Wayback Machine]

Zerion blames North Korea for crypto-heist: Crypto-wallet provider Zerion has blamed a re­cent heist of $100,000 on North Korean hack­ers.

Autovista ran­somware at­tack: A ran­somware group has hit au­to­mo­tive data an­a­lyt­ics com­pany Autovista, with the at­tack im­pact­ing sys­tems in Europe and Australia.

McGraw Hill breach: Hackers have leaked the per­sonal de­tails of 13.5 mil­lion users of ed­u­ca­tional plat­form McGraw Hill. The data was taken from the com­pa­ny’s SalesForce ac­counts. It was leaked af­ter a failed ex­tor­tion at­tempt by the ShinyHunters group. It in­cludes de­tails such as real names, home ad­dresses, emails, and phone num­bers.

Standard Bank breach: South Africa’s largest bank has dis­closed a se­cu­rity breach. The Standard Bank says hack­ers breached last week an in­ter­nal net­work stor­ing cus­tomer data. The in­ci­dent is the third hack of a South African bank this year. [IOL]

BlueLeaks 2.0 data is now up for sale: A hacker is sell­ing 8.3 mil­lion con­fi­den­tial crime tips for $10,000 in cryp­tocur­rency. The data was stolen ear­lier this year from P3 Global Intel, a soft­ware provider for US law en­force­ment agen­cies. The hacker, who goes by the name Internet Yiff Machine, ini­tially pro­vided the data for free to se­lect jour­nal­ists and the DDoSecrets pro­ject. The hacker says they’re sell­ing the data be­cause principles are for the well-fed, and I’m un­for­tu­nately not in a great place.” [Straight Arrow News // DataBreaches.net]

Krybit hacks 0APT: The Krybit ran­somware group has hacked the web­site of ri­val ran­som group 0APT. The in­ci­dent oc­curred af­ter the 0APT group threat­ened to dox Krybit’s mem­bers last week. According to se­cu­rity firm Barricade, 0APT leaked plain­text cre­den­tials for Krybit’s ran­somware back­end panel, along with Bitcoin ad­dresses and vic­tim names. Krybit re­turned the fa­vor by leak­ing 0APTs en­tire server con­tents.

OpenAI an­nounces its own pri­vate cy­ber model: OpenAI has re­leased an LLM model for cy­ber­se­cu­rity work into pri­vate test­ing. Thousands of ver­i­fied pro­fes­sion­als and hun­dreds of teams re­spon­si­ble for de­fend­ing crit­i­cal soft­ware have been in­vited to test the GPT‑5.4‑Cyber model. The new model has loose per­mis­sions for cy­ber­se­cu­rity re­search, such as re­verse-en­gi­neer­ing and vul­ner­a­bil­ity dis­cov­ery. The new lim­ited ac­cess model is OpenAI’s re­sponse to Anthropic’s Project Glasswing and the Mythos model.

Anthropic rolls out KYC for Claude: Anthropic will ask cer­tain Claude users to ver­ify their iden­tity by pro­vid­ing a selfie and a gov­ern­ment ID. The com­pany says the new iden­tity ver­i­fi­ca­tion check will only roll out in a few use cases.” The checks are meant to pre­vent abuse and com­ply with le­gal oblig­a­tions. The ID checks will be han­dled by Persona, the same com­pany Discord had to cut ties be­cause of com­mu­nity back­lash.

BlueSky’s mega out­age: Social me­dia net­work BlueSky had a pro­longed out­age on Thursday that was so bad, even its server sta­tus page was down—prob­a­bly be­cause they hosted it on the same in­fra­struc­ture. You live and learn, I guess. [News.az]

Grok is still nud­i­fy­ing: xAI’s Grok is still gen­er­at­ing nude im­ages at users’ re­quests, de­spite a huge back­lash from au­thor­i­ties all over the world. Just take Grok be­hind the shed, Elon! It’s time. [NBC News]

Nudify apps are still every­where: Both Apple and Google are still host­ing nud­ify apps on their stores, and their ad sys­tems are of­ten used to lure users to the very same apps they’re sup­posed to have banned. [Tech Transparency Project]

News sites block the Internet Archive: Twenty-three ma­jor news out­lets are now block­ing the Internet Archive’s Wayback Machine from cre­at­ing copies of their con­tent. Most cited fear the backed up pages could be used as a proxy to train AI on their con­tent. [Tom’s Hardware]

IPv6 mile­stone: Global IPv6 traf­fic has crossed 50% for the first time at the end of last month.

IPv8 pro­to­col pro­posal: A new ver­sion of the IP ad­dress­ing pro­to­col has been pro­posed with the Internet Engineering Task Force. The new pro­to­col is be­ing called IPv8 and is meant to be com­pat­i­ble with old IPv4 ad­dresses. IPv8 ad­dresses will in­clude a pre­fix and an old IPv4 ad­dress. The pre­fix will be spe­cific to each ASN (network op­er­a­tor). For old IPv4 ad­dresses, this pre­fix will be 0.0.0.0. This will al­low de­vices and net­works with old IPv4 ad­dresses to con­nect to IPv8 sys­tems with­out any soft­ware up­dates re­quired.

Chrome does noth­ing to stop browser fin­ger­print­ing: Web pri­vacy ex­pert Alexander Hanff looks at the var­i­ous browser fin­ger­print­ing tech­niques used by on­line track­ers and how Chrome does­n’t do any­thing to block them.

Android gets new one-time data pick­ers: The next Android OS ver­sion will in­clude two new sys­tems to let users pick con­tacts or share their pre­cise lo­ca­tion for one time with­out an app need­ing per­sis­tent ac­cess to the read con­tacts and pre­cise ge­olo­ca­tion per­mis­sions.

Raspberry Pi dis­ables pass­word­less sudo: The Raspberry Pi pro­ject has dis­abled pass­word­less ac­cess to the sudo util­ity in its OS.

Some ESUs ex­tended: Microsoft has ex­tended the Exchange 2016/2019 Extended Security Updates (ESU) pro­gram un­til October this year. The ESU ended this month. Same goes for the Skype for Business ESU.

Windows adds RDP warn­ing pop­ups: Windows will now show a se­cu­rity warn­ing popup when­ever users open RDP con­fig­u­ra­tion files. The pop­ups will alert users that they are about to make dan­ger­ous changes that may al­low re­mote at­tack­ers to con­nect to their PCs and steal data. Several threat ac­tors have used ma­li­cious RDP con­fig files in phish­ing op­er­a­tions as a way to gain a foothold in­side tar­geted net­works. Russian group ATP29 is known for us­ing this tech­nique in es­pi­onage op­er­a­tions.

FCC ex­empts Netgear from for­eign router ban: The US Federal Communications Commission has ex­cluded Netgear from the Trump ad­min­is­tra­tion ban on for­eign-made routers. The agency granted the ex­emp­tion at the re­quest of the US Department of War. Netgear is an American com­pany but most of its routers are made in Southeast Asia.

More cy­ber EOs are com­ing: National Cyber Director Sean Cairncross says the Trump ad­min­is­tra­tion will soon sign and is­sue more cy­ber-re­lated ex­ec­u­tive or­ders to help push for­ward the im­ple­men­ta­tion of the White House’s new cy­ber­se­cu­rity strat­egy. [CyberScoop]

US Tech Force is hir­ing cy­ber staff: The Trump ad­min­is­tra­tion is re­cruit­ing cy­ber­se­cu­rity spe­cial­ists for its new and up­com­ing US Tech Force agency. The Tech Force was an­nounced at the end of last year. The plan is to re­cruit around 1,000 tech work­ers from large US corps to modernize” the US gov­ern­men­t’s net­works. The new hir­ing process comes af­ter the Trump ad­min­is­tra­tion fired a third of CISAs staff and plans hun­dreds more next year. CISA also re­cently can­celed sum­mer in­tern­ships for cy­ber schol­ar­ship stu­dents amid DHS fund­ing lapse.

Foreign in­ter­net traf­fic in Russia is be­com­ing very ex­pen­sive: Russian tel­cos will in­crease the price for in­ter­net traf­fic re­ceived from out­side the coun­try’s bor­ders as part of mea­sures to crack down on VPN use. [RBC]

EU launches age ver­i­fi­ca­tion app: The EU has launched its own in­ter­nally-de­vel­oped age ver­i­fi­ca­tion app. The app uses cryp­to­graphic proofs to ver­ify a user’s age with­out shar­ing their per­sonal data. EU of­fi­cials have urged on­line plat­forms to in­te­grate the app with their processes. Age ver­i­fi­ca­tion is manda­tory un­der the EUs new Digital Services Act. The app is avail­able for Android and iOS, and fu­ture desk­top and web ver­sions are planned. The source code is also avail­able on GitHub.

In this Risky Business spon­sor in­ter­view, Corelight’s Senior Director of Product Management, Dave Getman, tells James Wilson how Corelight Agentic Triage helps de­fend­ers stay ahead of AI-powered at­tacks.

DPRK lap­top farm­ers sen­tenced: The US has sen­tenced two in­di­vid­u­als to prison for run­ning a lap­top farm for North Korean re­mote IT work­ers. Kejia Wang and Zhenxing Wang were sen­tenced to 108 and 92 months in prison, re­spec­tively. Both hosted lap­tops at their homes in New Jersey that ran from US IPs to al­low North Koreans to pose as American cit­i­zens. Authorities also in­dicted nine North Koreans re­mote work­ers who par­tic­i­pated in the scheme.

16yo ar­rested for school cy­ber­at­tack: Northern Ireland au­thor­i­ties have ar­rested a 16-year-old for a cy­ber­at­tack that dis­rupted the coun­try’s na­tional school IT net­work. The C2K plat­form was down at the start of the month af­ter a cy­ber­at­tack that tar­geted a small num­ber of schools. More than 300,000 pupils and 20,000 teach­ers could­n’t ac­cess exam data, home as­sign­ments, and teach­ing ma­te­ri­als for days fol­low­ing the in­ci­dents, as of­fi­cials shut down the plat­form to in­ves­ti­gate. [BelfastLive]

53 DDoS-for-hire do­mains seized: Europol and other law en­force­ment agen­cies have seized 53 do­mains that hosted DDoS-for-hire ser­vices. Four sus­pects were also de­tained fol­low­ing 25 house searches. Authorities have also sent let­ters and emails to more than 75,000 users who had signed up for the ser­vices. They also worked with Google to re­move ads pro­mot­ing DDoS ser­vices.

UNC2465 shifts to Europe: Orange’s se­cu­rity team re­ports that a known ran­somware af­fil­i­ate tracked as UNC2465 has shifted its at­tacks to Europe. The group is cur­rently us­ing the SmokedHam back­door as an ini­tial en­try point for Qilin ran­somware at­tacks.

Black Basta off­shoots tar­get ex­ecs: A group of for­mer Black Basta af­fil­i­ates are us­ing au­to­mated email bomb­ing and Teams-based so­cial en­gi­neer­ing to tar­get ex­ec­u­tives and se­nior-level em­ploy­ees for ini­tial ac­cess into cor­po­rate net­works. [ReliaQuest]

Hazy Hawk hi­jacks uni­ver­sity sub­do­mains: A cy­ber­crime group has hi­jacked sub­do­mains at 34 US uni­ver­si­ties and ed­u­ca­tional or­ga­ni­za­tions to show porno­graphic spam. MIT, Harvard, Stanford, Johns Hopkins, and other large uni­ver­si­ties have had sub­do­mains hacked. The spam cam­paign has been linked to Hazy Hawk, a group that hi­jacked CDC sub­do­mains last year. [SH Consulting]

QEMU abused in the wild: Sophos says at least two cy­ber­crime groups are de­ploy­ing the QEMU vir­tu­al­iza­tion en­vi­ron­ment on com­pro­mised net­works to hide ma­li­cious ac­tiv­ity and later de­ploy ran­somware.

WP scan­ning: F5 says a bad­ness clus­ter it’s been keep­ing an eye on has re­cently started mass-scans for sites run­ning vul­ner­a­ble WordPress plu­g­ins.

FTP ex­po­sure is still huge: According to Censys, there are still 6 mil­lion end­points ex­pos­ing an FTP port over the in­ter­net, al­most 55 years af­ter the pro­to­col was cre­ated.

C2 servers in Russia: A large-scale study of the Russian web host­ing space has found more than 1,200 ma­li­cious com­mand and con­trol servers hosted in­side Russia this year. Most of the servers are for IoT mal­ware bot­nets, such as Keitaro, Hajime, Mozi, and Mirai. [Hunt Intelligence]

Rhadamanthys’s se­cret bug: The Rhadamanthys in­fos­tealer left its com­mand and con­trol server APIs ex­posed on­line with­out au­then­ti­ca­tion, al­low­ing se­cu­rity re­searchers to track its ac­tiv­ity for months be­fore the Europol take­down last year. [Censys]

Direct-Sys Loader: The Cyderes team has dis­cov­ered a new mal­ware loader named Direct-Sys Loader be­ing de­liv­ered in the wild.

PowMix bot­net: Cisco Talos has spot­ted a new Windows bot­net mal­ware strain named PowMix, cur­rently go­ing on a test run in the Czech Republic.

AngrySpark: Gen Digital has spot­ted a new Windows rootkit named AngrySpark, al­ready used in the wild on a UK vic­tim’s sys­tem.

W3LL PhaaS: Group-IB pub­lished a re­port on W3LL, the phish­ing plat­form seized by au­thor­i­ties ear­lier this month.

ATHR plat­form: A cy­ber­crime group has de­vel­oped and is rent­ing ac­cess to a plat­form that au­to­mates voice phish­ing at­tacks. The ATHR plat­form uses AI agents to call tar­gets us­ing pre­con­fig­ured and multi-step scripts. ATHR ac­cess is be­ing sold for $4,000 and 10% of a cam­paign’s prof­its. According to AbnormalAI, the plat­form is pri­mar­ily be­ing used to trick vic­tims into re­veal­ing cre­den­tials for their on­line ac­counts.

James Pope, Corelight’s Director of Technical Marketing Engineering, demon­strates the com­pa­ny’s Open NDR Platform and how it com­bines net­work de­tec­tions with a whole host of other data sources.

UAC-0247 and AGINGFLY: CERT-UA re­ported a new wave of at­tacks against its gov­ern­ment agen­cies, hos­pi­tals, and emer­gency ser­vices. This ac­tiv­ity was linked to a clus­ter tracked as UAC-0247. The fi­nal pay­load was a new in­fos­tealer named AGINGFLY.

Sapphire Sleet tar­gets ma­cOS: DPRK APT group Sapphire Sleet has adapted its install this Zoom up­date to hear me” mal­ware de­liv­ery tech­nique for ma­cOS, per a new Microsoft re­port.

PyPI se­cu­rity au­dit: Python’s PyPI has com­pleted its sec­ond se­cu­rity au­dit.

Zero Day Quest 2026: Microsoft awarded $2.3 mil­lion in bug bounty re­wards at this year’s edi­tion of Zero Day Quest, its cloud and AI hack­ing con­test.

Mythos guid­ance: Cisco [PDF] and the Cloud Security Alliance have is­sued guides on how to pro­tect and de­fend net­works in the face of ris­ing pow­er­ful AI vul­ner­a­bil­ity dis­cov­ery agents like Anthropic’s Mythos.

Mythos/Glasswing vul­ner­a­bil­i­ties: VulnCheck has sifted through its huge CVE data­base and be­lieves it has tracked down some of the bugs dis­cov­ered us­ing Anthropic’s Mythos agent as part of Project Glasswing. There are 75 CVEs that men­tion Anthropic, 40 cred­ited to Anthropic, but only one specif­i­cally men­tions Glasswing. So far, it’s un­clear if any of the Mythos-found bugs even re­ceived proper CVEs.

You can trick Claude by be­ing an in­dus­try leg­end: Manifold Security tricked Claude’ GitHub bot to merge ma­li­cious code to repos­i­to­ries by spoof­ing their re­quests un­der the names of fa­mous de­vel­op­ers.

Researcher drops an­other Windows zero-day: A dis­grun­tled se­cu­rity re­searcher has pub­lished proof-of-con­cept code for a new Windows zero-day. The RedSun zero-day can be used to el­e­vate priv­i­leges on Windows to SYSTEM level ac­cess. The re­searcher re­leased the pub­lic ex­ploit af­ter a dis­agree­ment with the Microsoft team that han­dles its bug bounty pro­gram. The same re­searcher also re­leased an­other Windows zero-day named BlueHammer ear­lier this month.

NGINX UI bug ex­ploited in the wild: Hackers are ex­ploit­ing a bug in a pop­u­lar dash­board for man­ag­ing NGINX web servers. Attacks be­gan last month and are tar­get­ing the dash­board’s MCP end­points. Tracked as CVE-2026-33032, the bug al­lows at­tack­ers to ac­cess the MCP end­point with­out au­then­ti­ca­tion and then mod­ify the server’s con­fig files. More than 2,600 of NGINX UI dash­boards are cur­rently ex­posed on the in­ter­net. [Pluto Security]

RAGFlow patches bug af­ter pub­lic dis­clo­sure: The RAGFlow AI toolkit has patched a re­mote code ex­e­cu­tion bug in its soft­ware al­most a week af­ter the bug was pub­licly dis­closed by se­cu­rity re­searchers. The pro­ject ini­tially ig­nored the re­port and only patched the is­sue af­ter the re­searchers them­selves sub­mit­ted the patch code.

Dolibarr RCE: The Dolibarr CRM and ERP has patched an eval-based re­mote code ex­e­cu­tion bug (CVE-2026-22666). A write-up and POC are avail­able via Jiva Security.

Thymeleaf RCE: A crit­i­cal vul­ner­a­bil­ity has been patched in the Java tem­plate en­gine Thymeleaf. Tracked as CVE-2026-40478, the bug al­lows at­tack­ers to by­pass se­cu­rity checks and in­ject ma­li­cious con­tent in server page tem­plates. The bug im­pacts all Thymeleaf ver­sions ever re­leased and has a wide im­pact since Thymeleaf is also the de­fault tem­plate en­gine in the Spring Boot Java frame­work. [Endor Labs]

Codex hacks a smart TV: Security firm Calif has used OpenAI’s Codex agent to hack and gain root ac­cess on a Samsung smart TV.

Fabricked at­tack: A team of aca­d­e­mics has de­vel­oped a new at­tack that breaks the con­fi­den­tial­ity of AMDs se­cure en­clave tech­nol­ogy. The Fabricked at­tack redi­rects mem­ory trans­ac­tions to trick AMDs se­cure co-proces­sor into im­prop­erly ini­tial­iz­ing SEV-SNP en­claves. The novel tech­nique al­lows at­tack­ers to con­trol con­fi­den­tial vir­tual ma­chines where each in­di­vid­ual cus­tomer’s data is typ­i­cally processed in cloud en­vi­ron­ments. AMD re­leased patches this week as part of its Patch Tuesday. Frabricked is one of mul­ti­ple AMD SEV-SNP at­tacks dis­closed over the past two years. Others in­clude RMPocalypse, BadRAM, Ahoi, Heracles, WireTap, BatteringRAM, and TEE. Fail.

Threat/trend re­ports: Check Point, CyberHUB-AM, Google Mandiant, GuidePoint Security, Kaspersky, and Sysdig have re­cently pub­lished re­ports and sum­maries cov­er­ing var­i­ous threats and in­fosec in­dus­try trends.

New tool—Jaspr: Google has open-sourced Jaspr, a new web de­vel­op­ment frame­work writ­ten in Dart.

New tool—Mal­fixer: Mobile se­cu­rity firm Cleafy has open-sourced Malfixer, a toolkit for in­spect­ing and re­cov­er­ing mal­formed Android APK files.

New tool—RePython­NET-MCP: Security firm Sekoia has open-sourced RePythonNET-MCP, an MCP server for .NET re­verse en­gi­neer­ing au­toma­tion.

New tool—PMG: DevSecOps firm SafeDep has re­leased PMG, a tool that de­lays npm and Python pack­age in­stalls un­til the li­braries are checked against its threat in­tel data­base.

New tool—Hon­ey­Wire: Andrea Termine has pub­lished HoneyWire, a light­weight dis­trib­uted de­cep­tion en­gine de­signed for in­ter­nal net­works.

New tool—Net­Watch: Westpac’s chief en­gi­neer Matt Hartley has re­leased NetWatch, a real-time net­work di­ag­nos­tics tool for ter­mi­nals.

In this edi­tion of Seriously Risky Business, Tom Uren and Amberleigh Jack talk about a new Citizen Lab re­port into Webloc, a tool to iden­tify and track mo­bile de­vices. It demon­strates how the col­lec­tion and sale of mo­bile phone ge­olo­ca­tion data pre­sents pri­vacy and na­tional se­cu­rity risks.

In this episode of Risky Business Features, James Wilson chats to pro­fes­sional hacker Jamieson O’Reilly about Anthropic’s Mythos and the im­pact it could have on of­fen­sive se­cu­rity. Jamieson is CEO of DVULN and co-founder of Aether AI.

...

Read the original on risky.biz »

To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".

10HN is also available as an iOS App

If you visit 10HN only rarely, check out the the best articles from the past week.

If you like 10HN please leave feedback and share

Visit pancik.com for more.