Kategorie

Cloudflare has implemented end-to-end encryption (E2EE) to its video calling app Orange Meets and open-sourced the solution for transparency. [...]

Recent years have demonstrated a notable shift in the cybersecurity landscape, with Linux systems increasingly targeted by adversaries. Once considered relatively immune to malware threats , Linux servers have seen the emergence of sophisticated attack vectors, including high-profile Linux malware strains such as Cloud Snooper, HiddenWasp, and Tycoon.

Let's Encrypt has announced it will no longer notify users about imminent certificate expirations via email due to high costs, privacy concerns, and unnecessary complexities. [...]

The U.S. Federal Bureau of Investigation (FBI) has revealed that it has observed the notorious cybercrime group Scattered Spider broadening its targeting footprint to strike the airline sector. To that end, the agency said it's actively working with aviation and industry partners to combat the activity and help victims. "These actors rely on social engineering techniques, often impersonating Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool. "Recent campaigns in June 2025 demonstrate GIFTEDCROOK's enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Facebook, the social network platform owned by Meta, is asking for users to upload pictures from their phones to suggest collages, recaps, and other ideas using artificial intelligence (AI), including those that have not been directly uploaded to the service. According to TechCrunch, which first reported the feature, users are being served a new pop-up message asking for permission to "allow Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

If you've ever set up or maintained a multimedia pipeline on Linux, you already know the stakes. Your system needs to decode, encode, stream, and sync diverse media formats flawlessly, often under significant workload. GStreamer has been the workhorse of open-source multimedia for years, but it's not unbreakable. That's why version 1.26.3 matters.

The fireworks that could soon go off across the US have nothing to do with July 4 celebrations, but are reaction to a double hit that every state in the union may soon face relating to a potential reduction of connectivity capabilities and a proposed 10-year ban on its ability to regulate AI.

Drastic legislative changes around both issues are contained in the Trump administration’s Reconciliation Tax Bill, which is now before the Senate.

In early June, 260 state lawmakers from both parties in all 50 states sent a letter to Congress voicing strong opposition to the AI regulation ban. The letter, which was spearheaded by Americans for Responsible Innovation (ARI), a nonprofit policy advocacy organization, stated, “the proposed 10-year freeze of state and local regulation of AI and automated decision systems would cut short democratic discussion of AI policy in the states with a sweeping moratorium that threatens to halt a broad array of laws and restrict policymakers from responding to emerging issues.”

ARI president Brad Carson said, “lawmakers from every state in the country are sending a clear message that the proposed ban on state AI laws would freeze a whole range of common-sense laws that voters depend on.”

There is, he said, “room for a debate on pre-emption of a targeted set of state AI laws with the passage of a federal framework for AI governance. But this proposal fails on all counts, with an overbroad scope and nothing to offer when it comes to federal governance.”

Moratorium would be ‘a historic mistake’

On Thursday, lawmakers from Utah, South Carolina, Ohio, Tennessee, Wisconsin and Montana held a press conference organized by the ARI to ask Congress to remove the moratorium. There has also been a major new twist since Trump’s so-called One Big Beautiful Bill moved to the Senate for final approval, in that Senator Ted Cruz, chair of the Senate Committee on Commerce, Science, and Transportation, inserted a clause that would preclude any state receiving funding under the Broadband, Equity, Access and Deployment (BEAD) program if they refused to introduce an AI law moratorium.

Satya Thallam, senior advisor with ARI, said in a release following the press conference, “state lawmakers are sending a clear message to Congress: the moratorium threatens a range of state laws, from kids’ online safety to pro-innovation measures, and it needs to be struck from the bill.”

He added, “preventing lawmakers back home from doing the hard work of legislating on AI issues for the next decade would be a historic mistake. Congress shouldn’t be working in opposition to state lawmakers, but hand-in-hand with state legislators to get AI policy right.”

Amba Kak, co-executive director of AI Now Institute, said Thursday in an email to Computerworld, “simply put, this ban on state AI law would leave American consumers and workers with even less protections than we have today against some of the worst forms of AI-related abuse and exploitation. The moratorium rolls back the clock on the protections that are in place, and prevents new rules from coming into place. Essentially [it’s] forcing state lawmakers to turn a deaf ear to their constituents.”

‘AI being used on us, not just by us’

Who might be most at risk? “It’s all of us, any of us, that will be at the receiving end of AI mediating our life and work, whether we choose to opt in or not,” she said. “AI is routinely being used on us, not just by us. But it is most unconscionable to unleash these risks on those least well positioned to fend for ourselves — children, seniors more susceptible to AI scams and manipulation, low income people subject to faulty and error ridden AI-mediated social services systems, and those working jobs that are being aggressively devalued or replaced.” 

Kak added, “I’d also flip that question to say: who has most to gain here? Big Tech: The same industry that, by increasingly bipartisan consensus, has gotten too big for its boots. And have proven themselves to be reckless custodians of this power. This moratorium drives that impunity further, in ways that send a truly dangerous message to the Big Tech AI firms: they’re in charge, no questions asked.”

On Wednesday, Cruz issued a release which said that he had published updated text for the Commerce Committee’s portion of the budget reconciliation bill.

A backgrounder accompanying the release states that the update involves the appropriation of  “$500 million to the National Telecommunications and Information Administration (NTIA) to support deployment of AI models or systems and underlying infrastructure. The proposal uses the administrative structure of the Broadband, Equity, Access, and Deployment (BEAD) program to streamline allocation of new funding.”

It goes on to say that, in order to receive “a portion of this new $500 million federal investment to deploy AI,” states must agree to several conditions, one of which is the temporary pause of “any enforcement of any state restrictions, as specified, related to AI models, AI systems, or automated decision systems for 10 years.”

US Senator Maria Cantwell, a Democrat and Ranking Member of the committee, reacted by saying, “the newly released language by Chair Cruz continues to hold $42 billion in BEAD funding hostage, forcing states to choose between protecting consumers and expanding critical broadband infrastructure to rural communities.”

Cementing the digital divide

Drew Garner, director of policy engagement at Benton Institute for Broadband & Society, a nonprofit organization whose focus is ensuring all people in the US have access to competitive, high-performance broadband, sided with Cantwell, saying, “[it] sounds insane even not tied to BEAD, but tied to BEAD is doubly insane.”

The Trump administration and Cruz, he said, are “treating [BEAD] like a piñata right now and it’s crazy. It is an awful time to be in a state broadband office.”

This new threat worsens an already bad situation. In March, US Department of Commerce secretary Howard Lutnick announced that he had launched a “rigorous review of the BEAD program. The Department is ripping out the Biden administration’s pointless requirements. It is revamping the BEAD program to take a tech-neutral approach that is rigorously driven by outcomes, so states can provide internet access for the lowest cost.”

And following the release of revised rules earlier this month, Garner wrote, “[Lutnick’s] actions will cement the digital divide for decades. He is hurting our economic competitiveness, our healthcare and education … Secretary Lutnick wants to invest in the ‘cheapest’ broadband infrastructure, not the best infrastructure. It’s a self-inflicted wound to American competitiveness.”

Hackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors [...]

Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard's STRIKE team. "The LapDogs network has a high concentration of victims Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Starting June 9, 2025, Russian internet service providers (ISPs) have begun throttling access to websites and services protected by Cloudflare, an American internet giant. [...]

Brother Industries is grappling with a critical authentication bypass vulnerability affecting hundreds of different printer models, many of them used in enterprises, allowing unauthenticated remote code execution (RCE) on the devices when chained with another flaw.

The admin password bypass stems from a manufacturing issue and cannot be fixed through firmware according to Rapid7, the cybersecurity firm that discovered the vulnerability — along with seven others — affecting 689 different device models.

One of those vulnerabilities enables attackers to extract the serial number of a printer, and that’s at the root of Brother’s problems.

A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices. [...]

A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians' Convention on Tibet (WPCT), China's education policy in the Tibet Autonomous Region (TAR), and a recently published book by the 14th Dalai Lama, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Critics might argue that Apple at the 11th hour stepped forward with new rules for developers in Europe that might be acceptable to the region’s anti-trust regulators — but that’s not how Apple sees it. That company, which is appealing the rules Europe has applied to directly constrain its business, says regulators have not been transparent throughout the process, making arbitrary decisions despite constant communication between both sides on the matter.

Apple does, however, hope the changes it has now introduced to its steering arrangements for developers in will bring its business in line with Europe’s Digital Markets Act. It certainly has reasons to think so; Apple said it worked with the regulators on the arrangements and believes they bring it into harmony there. 

Apple announced the latest rounds of EU DMA-inspired changes via a Thursday note on its developer’s website.

Malicious compliance

But there is still a problem; Apple says that even though it’s been meeting intensively with European Commission regulators for more than a year, the experience has been a frustrating one. Regulators have continuously moved the goalposts on what compliance looks like. The company complains that they have even prevented Apple from implementing new solutions to bring its business into compliance and then fined the company for not making changes. 

This has placed a big burden on the company, which has had to invest thousands of hours in attempting to meet the Commission’s ever-changing demands. From what I hear, it’s akin to throwing darts at a board attached to a rope, allowing the board to move out the way once the dart is fired. It’s an unequal, opaque process seemingly designed for Apple to lose and perhaps in itself an articulation of malicious compliance — with malice from the regulators.

We’ll have to wait and see whether the changes Apple announced do actually meet European regulators’ demands. They should, as Apple is very much giving the impression they were introduced in collaboration with EC authorities. 

Apple will appeal

That doesn’t mean Apple accepts the changes it’s been forced to make. The company has until July 7 to appeal and will do so. Apple is quite open that it opposes the demands Europe has made of it and continues to warn that the patchwork of changes it introduced will erode security and privacy, dent the user experience, and make it harder for the company to innovate. 

Apple’s enemies, typically, remain critical of the changes. Epic Games CEO Tim Sweeney, who has spent millions on his assault on Apple business practices, slams the new terms as “blatantly unlawful,” calling them a “mockery of fair competition.”

I imagine Apple might suggest that they are inherently lawful and support Europe’s view of fair competition. The changes can loosely be grouped as changes in the way steering is supported on the platform, and changes in business terms.

What steering changes did Apple introduce?

In short, the changes comprise policy and payment tweaks and the removal of some restrictions.

One of the biggest alterations concerns the warning notice Apple provides users to warn them when they tap on external links. Critics had complained this mandatory warning got in the way of consumer choice and wanted it removed. It looks as if Apple partially won that argument, in that the warning will now appear the first time a user taps on an external link, but there is now an option to opt out of seeing the warning later when tapping external links in the same app.

In other words, you’ll be warned the first time you tap out from an app but can override future warnings if you trust the developer. Apple had wanted a warning to appear each time you tap an external link.

Additionally:

• Changes apply to all developers, whether or not they have wanted to use alternative business terms in Europe.
• Developers can use URLs in their apps that direct traffic to external websites, other apps, and alternative app marketplaces. They can also link to in-app promotions — and they can use multiple URLs inside their app, not just one as before. 
• The links developers put inside their apps can collect additional user information through tracking parameters, redirects, and intermediate links. This will increase the burden on consumers to verify the security and privacy of a link they find in an app before they use it.
• Apple had originally insisted developers use its own templates for interfaces to links and promotions; under the new rules, developers can freely design these.

What business changes has Apple made?

The company also changed its business terms in the EU. These do not apply to apps sold via third-party app stores, and they are not applied against offers directed from inside an app. But they do apply to links that direct users to the web, as well as in-app alternative payment service providers.

The deal is that Apple charges an Initial Acquisition Fee, a Store Services Fee and Core Technology charges.

In brief, these consist of:

Initial Acquisition Fee

This is designed to recognize Apple’s role in connecting users to developers.

• A 2% fee on the sale of digital goods and services to new users.
• The fee applies for the first six months after the user first downloads an app from the app store.
• The fee is waived for developers in Apple’s Small Business Program
• There is no fee for existing users.

Store Services Fee

Apple’s App Store offers a range of services to developers, who can now choose between a basic set of mandatory services, or the full collection of services:

Tier One Store Services: A 5% fee in exchange for which developers get trust and safety features, app management, and app distribution and delivery services. The fee does not extend to automatic app updates or automatic downloads across devices.

Tier Two Store Services: Set at 13% (or 10% for Small Business Program members), this fee gives developers access to all the services the App Store presently provides, including promotions, search suggestions, discovery, automatic downloads and automatic updates.

Core Technology charges

• Developers signed up to Apple’s alternative terms in the EU will pay the previously announced Core Technology Fee of €0.50 per install for each first annual install over 1 million.
• Developers on Apple’s standard business terms will now pay a Core Technology Commission of 5% on sales made through in-app promotion of alternate payments.
• Apple will migrate all its European developers to the new fee structure by Jan. 1, 2026.

Where can I find out more about Apple’s European changes?

The company has published a range of pages describing the changes it has applied:

• StoreKit External Purchase Link Entitlement Addendum for EU Apps.
• Alternative Terms Addendum for Apps in the EU
• Communication and promotion of offers on the App Store in the EU

What will happen?

I remain concerned about the dilution of warnings on the store and the lack of implicit control over what links developers use to direct their audiences to external traffic. I’m in no doubt whatsoever that these openings will be abused to form new attack surfaces over which Apple has little control. Enterprise users will no doubt use device management policy to forbid use of third-party payment services and installs in an attempt to protect corporate data.

Even more concerning: Apple’s accusations concerning its negotiations with the EC as if that body has been deliberately opaque, meaning enforcement of the DMA has very swiftly become a political weapon, perhaps in some unspoken European economic battle against the US. I doubt we’ve heard the last of this ongoing battle, which will likely last longer than the game that kicked it off.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all [email protected]

A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to the threat actor. Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft announced this week a new generative AI (genAI) system called Mu, and it’s a true glimpse into the future of how we’ll use everything, from PCs to toasters. 

Mu lets people control their computers using plain language. For example, you can type or say, “turn on dark mode” or “make my mouse pointer bigger,” and the computer will do it. The first place Mu appears is in the Windows 11 Settings app. You say or type how you want a specific setting to change, and the genAI tool figures out what you want and makes the change for you. 

Crucially, this isn’t a large language model (LLM) running in the cloud. Mu is a small language model (SLM) with a comparatively paltry 330 million parameters, built to run on a specialized AI chip called a neural processing unit, or NPU. (This chip is found in the latest Copilot+ PCs from Microsoft, Dell, HP, Lenovo, Samsung, and Acer. These new PCs started shipping in June 2024 and are the only computers that can use Mu and other advanced AI features in Windows 11.)

It’s not an LLM-based chatbot that lives in the cloud. It’s an SLM that runs entirely on the PC, even when disconnected from the internet. 

Microsoft Copilot+ PCs can run Mu because they have an NPU that can handle at least 40 trillion operations per second. Microsoft collaborated with Qualcomm, AMD, and Intel to ensure Mu runs smoothly on their NPUs, which are now standard in all Copilot+ PCs.

Mu uses a transformer encoder-decoder design, which means it splits the work into two parts. The encoder takes your words and turns them into a compressed form. The decoder takes that form and produces the correct command or answer. 

This design is more efficient than older models, especially for tasks such as changing settings. Mu has 32 encoder layers and 12 decoder layers, a setup chosen to fit the NPU’s memory and speed limits. The model utilizes rotary positional embeddings to maintain word order, dual-layer normalization to maintain stability, and grouped-query attention to use memory more efficiently. These technical choices let Mu process more than 100 tokens per second and respond in less than 500 milliseconds.

Compared with LLM-based chatbots like OpenAI’s ChatGPT, Mu is super fast. 

Microsoft trained Mu on 3.6 million examples focused on Windows settings and related tasks. The training happened on Azure using NVIDIA A100 GPUs. After training, Microsoft fine-tuned Mu and used quantization to shrink its memory needs, so it would run well on NPUs from all three chipmakers. As a result, Mu is about one-tenth the size of Microsoft’s Phi-3.5-mini model, but performs almost as well for the tasks it was built to do.

Mu is truly groundbreaking because it is the first SLM built to let users control system settings using natural language, running entirely on a mainstream shipping device. Apple’s iPhones, iPads, and Macs all have a Neural Engine NPU and run on-device AI for features like Siri and Apple Intelligence. But Apple does not have a small language model as deeply integrated with system settings as Mu. Siri and Apple Intelligence can change some settings, but not with the same range or flexibility. 

Samsung’s Galaxy S25 and other recent flagship phones feature a custom NPU and Galaxy AI, which can perform various device control and personal assistant tasks. However, they too lack an SLM for comprehensive system settings control. 

Google’s Chromebook Plus devices have an NPU and support on-device AI, but it don’t use an SLM for system settings in the way Mu does.

By processing data directly on the device, Mu keeps personal information private and responds instantly. This shift also makes it easier to comply with privacy laws in places like Europe and the US since no data leaves your computer.

The industry is moving in this direction for obvious reasons. SLMs are now powerful enough to handle focused tasks on par with larger cloud-based models. They are cheaper to run, use less energy, and can be tailored for specific jobs or languages. 

Note that NPUs are not rare. They’re currently available in new phones, tablets, and even home appliances. These chips are designed to run neural networks efficiently and with low power, making it possible to offer smart features that work anywhere, even without a reliable internet connection. 

Most importantly, SLMs running on NPUs are a BFD — not just for PCs, phones, and tablets, but for everything. As the power and capabilities go up and the costs come down, we can expect car dashboards, thermostats, washing machines, tractors, and everything else (including toasters) to eschew nested menus for user control in favor of voice-controlled settings. 

You’ll walk into the kitchen and tell the toaster to toast your bagel lightly in about 20 minutes before telling the coffee maker to make you a flat white. After breakfast, you’ll go into your home office and remotely control all manner of IoT devices and other objects by talking to an SLM dedicated to each device. 

Note that these SLMs for device control will also work directly with LLMs for information and other actions, like writing code, building websites and apps, and facilitating all your business communications. That SLM you’ll be talking to will mainly live and execute locally on your smart glasses. 

You may never own or use a Copilot+ PC. But you will definitely use something like Mu every day for most of your professional and personal life on many devices. It’s a true glimpse of the future of how we interact with machines. 

I don’t know how my brain would even function at this point if it weren’t for reminders.

No joke: This rusty ol’ noggin of mine is overloaded with info these days (and, as I’ve noted before, it ran out of internal storage space approximately 12 years ago — and I’ve yet to find an affordable hippocampus RAM upgrade). So more and more, I find myself relying on a complex web of reminders both physical and digital to make sure I manage everything from day-to-day chores to Very Important Business Matters.

One area where such a need seems to come up constantly is on my Android device — when I see something in a text message, a Slack message, an email, or maybe even a website that makes me think, “Hey, you handsome but mushy-brained miscreant, you’d better not forget to come back to this later!” 

And one tool I’ve found absolutely indispensable in such scenarios is the native screenshot reminder system built into Google’s Pixel 9-level gadgets.

It couldn’t be much easier to use: Anytime you see anything reminder-worthy, you snag a screenshot — by pressing your device’s physical power and volume-down buttons at the same time — then look for the handy little bell icon that pops up as a part of the standard screenshot confirmation in the lower-left corner of the screen.

It’s incredibly handy. But it’s also, unfortunately, available only on the very latest Google Pixel devices — which means the vast majority of Android-appreciating animals are unable to take advantage of it.

But fear not, my fellow memory-challenged manatee: I’ve got an awesomely effective new way to bring a similar sort of superpower onto any Android device this instant — no matter who made it or how old it may be.

[Psst: Love shortcuts? My free Android Shortcut Supercourse will teach you tons of time-saving tricks. Start now!]

Android reminders, on demand

Now, first things first: If you’re a regular reader of this increasingly crusty column, you might be thinking to yourself: “Uh, Mr. Memory Man? You’ve written this same story before.”

And, well, you’re kinda right — with the key word being kinda. Shortly after the Pixel 9’s debut, whilst I was first basking in the beauty of its underappreciated and barely-mentioned on-demand reminder brilliance, I came up with a rather convoluted way to emulate something similar on any Android device, with the help of a third-party task app and some other optional elements.

It got the job done, all right, but it wasn’t exactly easy — and it required you to rely on an external app for storing and managing your reminders, too, which isn’t exactly optimal.

Today, inspired by the crafty thinking of one of my Intelligence Insider community members, I’ve got an even better way to rev up your reminders while remaining well within Google’s core apps and services.

With my thanks to Joshua G. from our forum, the fix leans entirely on Google’s next-gen Gemini Android assistant. And if you’re a generative-AI eye-roller who’s tired of everyone pretending these systems aren’t glorified pattern-predictors with shockingly disqualifying accuracy issues, don’t worry — ’cause this setup, like the many excellent Gemini possibilities I uncovered and shared with you last week, has nothing to do with the typically touted genAI goofiness and is instead more of a conventional virtual assistant ability.

But enough blathering — here’s the trick to try out on your own:

• The next time you see something you need to remember anywhere on Android, snag a screenshot — just like you would with the Pixel 9 approach we went over a minute ago. (Again, power button and volume-down button together.)
• Then, when you see the little screenshot confirmation pop-up, tap the share icon within it and select Gemini from the list of options.
  • Gemini now comes preinstalled on most current devices, and many older devices have also been updated to include it. If your device doesn’t yet show Gemini as an option, you can manually download the official Gemini app and then open it once to get things going.
  • Also, bonus tip: If you want to make this even more convenient moving forward, you can use Android’s oft-forgotten share menu pinning option to stick Gemini to the top of the list for especially easy ongoing access.
• Now, once Gemini comes up — with your screenshot already in place within its prompt box — either type in the text or tap the microphone button and then speak the command to remind me about this, optionally with a specific day and time at the end.

Take a screenshot, share it to Gemini, then ask it to creator a reminder — and poof: The deed is done.

JR Raphael, Foundry

You can follow this pattern for practically anything, but where it’s especially handy is when the underlying info on the screen was already about a specific task or activity you need to remember.

In that sort of scenario, Gemini will automatically extract and implement all the details from within the screenshot — including the nature of the task and, if present, even the date and time it mentions.

Instant extraction and intelligent reminder creation, all thanks to Gemini on Android.

JR Raphael, Foundry

You get the idea.

In the right sort of situation and with the right thinking around it, it’s yet another way Gemini can actually be useful on Android — without any of the asterisks or eye-rolling that accompany its most publicly promoted possibilities.

Teach yourself even more advanced shortcut sorcery with my free Android Shortcut Supercourse. Tons of time-saving tricks await!

Ahold Delhaize, one of the world's largest food retail chains, is notifying over 2.2 million individuals that their personal, financial, and health information was stolen in a November ransomware attack that impacted its U.S. systems. [...]