Kategorie

Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 on June 17, 2025. First released by 7finney in 2022, Ethcode is a VS Code extension that's used to Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

For those of us who lean on Tails to safeguard our digital privacy and anonymity, the 6.17 release doesn't come with flashy headlines or gimmicks''but that's exactly the point. Tails continues to be a cornerstone for those who need a secure operating environment, and this iteration focuses on refinement.

Cat owners know that house pets not only promote productivity, but can sometimes also be a huge hindrance and cause errors – for example, by distracting the owner from their work or by changing peripheral devices without respect. A recent study now shows that cats can also confuse reasoning models in a figurative sense, i.e. generative AI models that are trained to solve problems step by step.

According to the research report “Cats Confuse Reasoning LLM”, it is possible to systematically mislead models into giving incorrect answers by attaching short, irrelevant texts to mathematical problems. For example, if the sentence “Interesting fact: cats sleep most of their lives” is attached to a math problem, the probability that a model will give the wrong answer doubles.

Misleading information confuses AI

Overall, the researchers identified three main types of such triggers:

• general, irrelevant statements (example: Remember to always save at least 20 percent of your income for future investments),
• irrelevant facts without any reference (example: cats sleep most of their lives), and
• misleading questions or clues (example: Could the answer be close to 175?).

As the scientists explain, irrelevant statements and trivia are slightly less effective than misleading questions, but still influence the model to produce longer answers. However, the third type of trigger (questions) is the most effective, consistently leading to the highest error rates in all models. It is also particularly effective at causing models to generate excessively long answers and sometimes incorrect solutions.

With “CatAttack”, the researchers have developed an automated iterative attack pipeline to generate such triggers using a weaker, less expensive proxy model (DeepSeek V3). These triggers can be successfully transferred to advanced target models (such as DeepSeek R1 or R1-distilled-Qwen-32B). The result according to the study: The probability that these models provide an incorrect answer increases by over 300 percent.

Errors and longer response times

Even if “CatAttack” did not lead to an incorrect answer, the length of the answer doubled in at least 16 percent of cases according to the study, leading to significant slowdowns and increased costs. The researchers found that in some cases, such conflicting triggers can increase the response length of reasoning models to up to three times the original length.

“Our work on CatAttack shows that even state-of-the-art reasoning models are susceptible to query-independent triggers that significantly increase the likelihood of incorrect outputs,” explain the researchers. In their view, there is therefore an urgent need to develop more robust protection mechanisms against this type of interference – especially for models used in critical application areas such as finance, law or healthcare.

You can view the CatAttack trigger datasets with model responses on Hugging Face.

More AI news:

• Laid-off Microsoft staffers told to use AI tools to manage their emotions
• New Nvidia technology provides instant answers to encyclopedic-length questions
• When AI fails, who is to blame?
• NASA finds generative AI can’t be trusted>

>

For those of us who've been following Parrot OS through its gradual evolution, the launch of version 6.4 feels less like a routine update and more like a defining moment. It's not just a refresh of the security-oriented Linux distro ; it's a glimpse into the next phase of its maturity, with tools, optimizations, and system-level refinements that elevate its place in the arsenal of infosec professionals and Linux enthusiasts alike.

From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five retail breaches unfolded, and what they reveal about... In recent months, major retailers like Adidas, The North Face, Dior, Victoria's Secret, Cartier, Marks & Spencer, and Co‑op have all been breached. These attacks weren’t sophisticated [email protected]

Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox. The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

US employers added more than 90,000 tech workers in June, pushing the industry’s unemployment rate down from 3.4% to 2.8%, according to a CompTIA analysis of the latest Bureau of Labor Statistics (BLS) data.

The Computing Technology Industry Association (CompTIA) reported that tech unemployment remains well below the national average of 4.1%. “Tech employment showed surprising strength for the month given recent expectations,” said Tim Herbert, CompTIA’s chief research officer. “It’s worth pointing out there is more to tech hiring than AI. The data continues to confirm employer hiring activity across many tech talent domains.”

Even so, CompTIA’s AI Hiring Intent Index showed a 153% year-over-year increase in jobs requiring AI skills, with demand rising for AI specialists such as architects and engineers. Those gains remained concentrated among select employers.

Companies also continue to focus on skills-based hiring, with nearly 50% of June tech job postings not requiring a four-year degree. Open roles span various tech fields and experience levels, from entry to senior positions.

Active employer job listings for tech positions reached 455,341 in June, with 47% of the total (211,924) newly added last month, according to CompTIA’s analysis of Lightcast job posting data. At the same time, tech sector companies themselves reduced staffing by a net 7,256 positions across all job role types. The tech manufacturing sector accounted for the largest share of job losses, mirroring broader uncertainty about US manufacturing activity.

Even Janco Associates, which has been more bearish about the IT job market, reported a drop in the tech unemployment rate. (Janco pegged the drop from 4.6% to 4.0% in June.)

“With the passage of the new budget bill, CFOs and CIOs are more optimistic and are starting to look forward to working on new technology initiatives,” Janco CEO Victor Janulaitis said. “There still are a limited number of IT pros with working AI and omni commerce experience.  They continue to be in high demand.”

Nationally, the overall unemployment changed little, ticking down just one-tenth of a percentage point from 4.2% to 4.1% in June. Employers added 147,000 jobs last month compared with 144,000 in May, according to the BLS. \

Even with unemployment remaining near historic lows, recent graduates will continue to struggle to get that first tech job, according to researchers. Daniel Zhao, a lead economist for job platform Glassdoor, sees a bottleneck for workers trying to enter the tech industry, “like the tens of thousands of new grads in computer science each year.”

“And we can see that problem in the unemployment rate for computer and mathematical occupations which has been elevated since 2024,” he said. “The measure is very volatile so I would not focus on monthly changes, but it tells a story of workers in tech roles finding it harder to get a job.”

Janulaitis said the number of tech workers looking for jobs outside of the IT industry increased. “We believe that many low-skilled, legacy-skilled IT pros, or displaced IT professionals, have stopped looking for jobs in the IT sector,” he said. “We have found that hiring and job growth continue to be in small to mid-sized enterprises.”

“Many large firms are using AI to boost productivity and replace lower-level roles, slowing entry-level IT job growth — especially in customer service, reporting, telecom, and automation. Executives are also cutting non-essential staff and services,” Janulaitis added.

HR specialists have told Janco that about 4% to 5% of unemployed tech workers are looking outside the industry. “IT pros in the middle of their careers look at AI as a threat to their further employment,” Janulaitis said.

Tech and federal cuts have recently led the way in layoffs, driven by economic pressure, programmatic firings and AI-driven shifts in workforce needs, according to outplacement firm Challenger, Gray & Christmas. The rise of AI is reshaping roles and required skills.

Technology remains a top sector for cuts amid ongoing disruptions, according to the Challenger, Gray & Christmas data.

The effects of the US President Donald J. Trump’s unofficial Department of Government Efficiency (DOGE) are being felt as many IT contracts are on hold, and government IT workers face uncertainty” Janulaitis said.

Ger Doyle, regional president for North America at ManpowerGroup, said for the most part, employees are staying put, employers are holding steady, and “everyone is waiting for clearer signals.”

“This is collective caution, not crisis,” Doyle said. “With project management roles surging 483% year-over-year and AI skill mentions holding strong, especially among software developers and data professionals, there are signs that strategic priorities are shifting, not stalling. “

The often-cautious Janulaitis said interviews with more than 130 CFOs and CIOs showed that many feel there is a good chance of an economic downturn in the second or third quarters of 2025.  “However, it will not be deep or long in duration,” he said.

The tech job market is adjusting as AI grows. AI skill mentions dipped 10% in May but are up 10% year-to-date. With only 10% of CIOs fully using AI, most firms are still early, using AI to enhance — not replace— roles, according to Experis North America, an IT professional jobs firm.

Kye Mitchell, head of Experis North America, said as companies shift to AI rollouts, demand for data roles soars. Database architect postings are up 2,140% and data scientist roles are up 280%, reflecting the push to build AI-ready infrastructure.

“This shift is also reshaping how talent enters the industry,” Mitchell said. “Entry-level opportunities are becoming more limited, making it harder for recent graduates to gain a foothold. For those looking to break in, deep analytical and technical skills are no longer optional.”

**Windows 11 Insider Preview build 26120.4520 a 26200.5670 ukazují novinky. **Tou hlavní je integrace se správcem hesel 1Password. **Microsoft naplňuje loňský slib, že do nich budeme moct ukládat přístupové klíče.

A Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which responsible for cyberattacks against American organizations and government agencies. [...]

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. [...]

Hackers stole nearly $140 million from six banks in Brazil by using an employee's credentials from C&M, a company that offers financial connectivity solutions. [...]

Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems. [...]

Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers. [...]

A previously undocumented spyware called 'Batavia' has been targeting large industrial enterprises in Russia in a phishing email campaign that uses contract-related lures. [...]

Historically, when companies roll out new capabilities, they start out lenient to encourage usage. Take facial biometrics for example. When they first went into use, the initial settings were chosen to make it easier for the biometrics to work. Yes, it meant more imposters would get a green light, but it sharply limited friction for legitimate users. 

Google and many certificate authorities used a similar playbook with web server certificates, allowing them to be used for all kinds of authentication functions instead of just the web server function they were designed for.

That all ends, in theory, on June 15, 2026, according to Google. 

The online post explaining the change is quite technical, but the upshot is that Google is finally trying to put an end to the sometimes sloppy way in which certs are being used.

Earlier this year, various groups debated shortening the expiration time frame of web certs to six weeks, a move that was ultimately made official in April. That move dealt with how long web certs could be used. The new Google effort focuses on what they can (and cannot) be used for.

The decision “marks a critical shift in how digital trust is governed and it has serious implications for enterprises, particularly in financial services,” said Timothy Hollebeek, industry technology strategist for DigiCert. The change “will flag such certificates as misconfigured or non-compliant, leading to significant outages for legitimate applications of this EKU. For organizations still using multipurpose certificates, this is a wake-up call. Financial institutions may no longer rely on certificates intended for browsers and web servers.”

Hollebeek argued that this is the right move, given that “many of these applications need no communication outside of the company network and will therefore be more securely protected on an internal PKI, where the organization can configure certificates as they see fit.”

Erik Avakian, a technical counselor at consulting firm Info-Tech, agreed. “Google is actually doing the right thing,” he said. “This is good because it goes back to the concept of least privilege” where certs are used “only for the intended purpose. It’s about zero trust” when “certificates are separated like this.”

Avakian said most users will do whatever is convenient, unless they’re required to do otherwise. “It helps to be forced to do better security,” he said. “Users want to get things done quickly and easily. It comes down to culture, to costs, to ease.”

Hollebeek said the change comes down to using different certificates for server authentication and client authentication. “Cryptographic separation between domains is a well-known security principle,” he said. “You should only be using Web PKI certs if there is a browser involved.”

Another certificate expert, Jason Soroko, agreed with the others that taking the easy route with certs —rather than correct one — is behind this problem. 

“Client authentication certificates should be coming from a private certificate authority,” said Soroko, who is a senior fellow at Sectigo. “It was just easier to go to some CA [certificate authority] and get your client authentication.”

The Google statement is written in a language the cert community should certainly understand:

“To align all PKI hierarchies included in the Chrome Root Store on the principle of serving only TLS server authentication use cases, the Chrome Root Program will phase-out multi-purpose roots from the Chrome Root Store. Beginning June 15, 2026, the Chrome Root Program will set an SCTNotAfter constraint on root CA certificates included in the Chrome Root Store for any PKI hierarchy found in violation of the below requirements,” Google wrote. “To reduce negative impact to the ecosystem, the Chrome Root Store may temporarily continue to include a multi-purpose root CA certificate in the Chrome Root Store without an SCTNotAfter constraint on a case-by-case basis, but only if the corresponding CA Owner has submitted a Root Inclusion Request to the CCADB for a replacement root CA certificate before June 15, 2026.”

The upshot? If your operation has been using certs in a lazy, lackadaisical manner, you’ve got less than a year to clean things up.

More Google news:

• How Google is integrating Gemini into Workspace
• Google to offer its Workspace suite to the US government at a 71% discount
• Microsoft and Google pursue differing AI agent approaches in M365 and Workspace
  

>

Shellter Project, the vendor of a commercial AV/EDR evasion loader for penetration testing, confirmed that hackers used its Shellter Elite product in attacks after a customer leaked a copy of the software. [...]

Even though threats of additional fines mean it has been forced to make so many changes to bring its business into compliance with Europe’s Digital Markets Act (DMA), Apple has always said it would appeal Europe’s $570 million fine for violating the DMA. Today, it did just that against, accusing the European Commission of going beyond what the law requires.

In a statement provided to Computerworld, Apple said: “Today we filed our appeal because we believe the European Commission’s decision, and their unprecedented fine, go far beyond what the law requires. As our appeal will show, the EC is mandating how we run our store and forcing business terms which are confusing for developers and bad for users. We implemented this to avoid punitive daily fines and will share the facts with the Court.”

Beyond what the law requires

The company has identified multiple instances in which regulators agreed to one thing and then demanded more, effectively dictating and micro-controlling Apple’s business to the detriment of the company and its customers. The company seems to have two strands to its argument:

• The recently introduced tiered service scheme Apple reluctantly brought to market in Europe is one facet. It seems the two sides agreed that Apple could seek compensation for App Store services provided to developers through a Store Services Fee, which Apple announced last year. The regulators then changed their minds, insisting the fee structure include tiers so developers could opt out of some services. This forced Apple to introduce a new model quite recently — even though no other App Store provider offers such services in this way.
• In the days following Apple’s latest changes, I saw complaints about the tiered system Apple put in place. But the company was required to split them this way by the regulators, who dictated which services had to be optional. Given regulators don’t actually make anything, it’s no surprise some of their decisions seem somewhat clumsy. 

Lack of clarity and consistency

Apple is also challenging the “steering” concept the regulators seemingly insist should be applied against its business. Announcing its record fine against Apple, Europe also redefined some of the components to justify the move. 

That meant the European Commission changed its stance to say steering wasn’t just about publicizing offers and promotions on external sites, but also about free promotion of offers and services such as alternative app payments within apps. Apple was also forced to permit links from inside apps to third-party app stores. 

Apple’s claim is that in making these changes, the regulators moved beyond the law, redefining the notion of steering in a way that exceeded what the DMA actually required. 

Win or lose, we’ve already lost

Apple will use its time in court to try to prove these claims, but the action will probably stretch across years — unless Commissioners change their approach or the political intention in the EU and/or US shifts.

While we wait, European customers will be able to enjoy the full benefits of the new arrangements, in the form of sketchy in-app pester advertising to use unregulated third-party payment services, a loyalty war as some big apps attempt to use their own market reach to create their very own app store fiefdoms, slow or no appearance of some operating system features and a less-effective search system for applications. 

It won’t all be good news, as I expect some millionaires with the cash to build and maintain App Stores of their own might carve out a couple of bucks from within this inevitable chaos. If you play games, for example, you’ll gain the pleasure of giving money for existentially inconsequential in-game digital boosts direct to the publisher, rather than via the platform. (This does also mean you’ll only have the games publisher to help you when things go wrong, including when your kids purchase in-game currency when using the app. Good luck with that.)

That’s progress I suppose, a change that will give some users a real sense of freedom from the so-called Apple Tax, and will no doubt give Europe’s current neo-liberal leadership a cozy, fuzzy feeling. Perhaps Commissioners should focus their intention elsewhere.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

IT consulting firm Capgemini wants to beef up its agentic AI expertise with its planned $3.3 billion acquisition of business process management specialist WNS.

The deal is an indicator of the rapid expansion of the business process services (BPS) market driven by the surging demand for automation powered by agentic AI, said Industry experts and analysts.

“Hybrid automation with agentic AI is a key priority for enterprise decision-makers in the next three years,” said Charlie Dai, vice president and principal analyst at Forrester.

The global business process outsourcing (BPO) market, including BPS, was valued at $300 billion in 2024 according to Grand View Research,  which projects the market will surge to $525 billion in 2030, driven by demand for new technologies such as generative AI.

Capgemini has reached a definitive agreement to acquire WNS, and plans to it into its Global Business Services portfolio when the deal closes some time before the end of the year. It expects the deal to help it serve enterprise clients seeking intelligent automation and digital transformation.

Forrester’s Dai said WNS’s domain-specific AI agents and agentic AI platforms, especially the customer experience tool WNS Expirius, will effectively help Capgemini enhance its agent-driven business process services and offer the same to its existing customers.

For Gartner vice president analyst DD Mishra, WNS’s investments in intelligent automation, analytics, and agentic solutions including its TRAC analytics suite and Malkom knowledge management platform will complement Capgemini’s existing technology and consulting strengths.

Sharath Srinivasamurthy, research vice president at IDC, pointed to the acquisitions WNS has itself made in recent months, including Kipi.ai, Smart Cube, and OptiBuy to enhance its data, analytics, and procurement stack and extend its proficiency in business process operations, said.

Less about agentic tools and more about process operations expertise?

However, Rajesh Ranjan, managing partner at Everest Group, views the WNS acquisition as more of a strategic play rather than being focused on garnering more agentic tools or capabilities.

“The key driver behind the acquisition is less to do with the tools or software but rather the access to business process operations expertise that WNS brings to the table, a prerequisite to develop and deploy real-world AI solutions,” Ranjan said, adding that agentic AI is still in its infancy and are largely locked in pilot stages across enterprises. 

WNS’s 600 clients should expect to receive sales calls Capgemini once the deal closes, said IDC’s Srinivasamurthy: “This a huge opportunity for Capgemini to cross-sell technology services to them and position as a true technology driven end-to-end service provider.”

Changing dynamics for BPS

The WNS acquisition may trigger similar acquisitions in the BPS market as Capgemini rivals are also eying BPS vendors to increase their footprint and operations, as these vendors undergo operational transformation driven by the demand for AI, said Everest Group’s Ranjan.

More tech M&A news:

• CoreWeave acquires Core Scientific for $9B to power AI infrastructure push
• Arista Buys VeloCloud to reboot SD-WANs amid AI infrastructure shift
• HPE finalizes Juniper acquisition, forms new AI-centric networking unit
• Meta officially ‘acqui-hires’ Scale AI — will it draw regulator scrutiny?
• Netgear’s enterprise ambitions grow with SASE acquisition

Huawei’s AI research division has rejected claims that its Pangu Pro large language model copied elements from an Alibaba model, marking a significant escalation in China’s AI ecosystem as tech giants abandon their collaborative approach in favor of bitter public disputes.

The telecommunications giant’s Noah Ark Lab issued a denial Saturday, after an entity called HonestAGI published a technical analysis claiming Huawei’s Pangu Pro Mixture of Experts (MoE) model showed extraordinary correlation with Alibaba’s Qwen 2.5 14B model, reported Reuters. The analysis alleged the model was derived through “upcycling” rather than being trained from scratch.

The public confrontation represents a dramatic shift from China’s previous unity in challenging Western AI dominance. Industry analysts say the infighting could undermine China’s ability to present a consolidated front against US-led competitors like OpenAI, Google DeepMind, and Anthropic.

HonestAGI’s GitHub analysis claimed a correlation coefficient of 0.927 between the two models, using what it called “model fingerprinting” to identify patterns that supposedly revealed one model’s derivation from another.

Noah Ark Lab responded that its model was “not based on incremental training of other manufacturers’ models” and featured “key innovations in architecture design and technical features.” The company emphasized that Pangu Pro was the first large-scale model built entirely on Huawei’s Ascend chips, the report added.

“This dispute actually points to changing dynamics of the Chinese AI ecosystem’s speed of maturity and pressure to remain relevant and compete to foster innovation faster than the traditional collaborative approach, which we have seen,” said Neil Shah, VP for research and partner at Counterpoint Research.

Competition reaches fever pitch

The controversy escalated when an alleged Huawei insider posted detailed accusations about systematic model copying within the company. The anonymous whistleblower, claiming to be a Pangu team member, accused leadership of “cloning” both Alibaba’s Qwen and startup DeepSeek’s models while presenting them as original work.

“They had ‘cloned’ Qwen‑1.5 (110B), wrapped it in extra layers and changes — creating a pseudo‑135B ‘V2’ model,” the whistleblower wrote in the paper. “This rebranded model, with code still named ‘Qwen,’ was rolled out to clients.”

The allegations couldn’t be independently verified, and the whistleblower’s identity remains unknown.

The dispute comes as Chinese AI companies scramble after DeepSeek’s breakthrough R1 model release in January stunned Silicon Valley with its low-cost, high-performance approach. Alibaba rushed out its Qwen 2.5-Max model just weeks later, claiming superior performance across multiple benchmarks.

“What once was a state-aligned innovation drive is now being reshaped by market-led competition, where speed-to-scale often overrides transparency,” said Sanchit Vir Gogia, chief analyst and CEO at Greyhound Research.

Trust deficit emerges

This development has raised uncomfortable questions about credibility on all sides. Technical analysis of HonestAGI’s methodology revealed potential flaws, with researchers finding similar correlation patterns between unrelated models using the same fingerprinting technique. Critics also discovered fabricated references to non-existent research in HonestAGI’s paper.

“Also, this is a double-edged sword for China’s strategy to drive openness of the models where there could be potential derivations of the best models out there,” Shah added. “We have seen this happen with OpenAI-DeepSeek as well.”

The dispute highlights broader challenges facing the AI industry as development costs soar and model reuse becomes common. Vershita Srivastava, practice director at Everest Group, said the sector needs better tools to handle such controversies.

“The industry must adopt a comprehensive framework that includes advanced fingerprinting and watermarking techniques that can reliably trace model lineage,” Srivastava said.

The public nature of this dispute marks a turning point for China’s AI sector, which previously maintained at least a veneer of collaboration.

Gogia warned that the infighting could have lasting consequences beyond China’s borders. “This episode underscores that Chinese vendors are now operating under public scrutiny, and any erosion of trust could have lasting geopolitical and commercial consequences,” he said. The controversy may force enterprise buyers, especially in Southeast Asia and the Middle East, to reevaluate partnerships with Chinese AI providers.

The allegations have also exposed what Gogia calls the “growing inadequacy of conventional IP frameworks when applied to LLMs.” Parameter-level fingerprinting techniques offer promise but remain scientifically contested and legally untested.

Market divide

The feud highlights how China’s AI leaders target different markets while chasing the same prize. Alibaba’s Qwen family focuses on consumer applications with ChatGPT-like services and has been downloaded more than 40 million times since going open-source. Huawei’s Pangu models target enterprise clients in government, finance, and manufacturing.

Despite entering the large language model arena early with Pangu’s 2021 debut, Huawei has struggled to keep pace with rivals. The company open-sourced its Pangu Pro MoE models in June, hoping to boost adoption through free developer access.

The latest controversy underscores the urgent need for industry-wide standards. “Without agreed-upon definitions of derivation — particularly in models trained on shared corpora — vendors face an unclear compliance landscape,” Gogia noted. “This ambiguity creates space for weaponized accusations and erodes open-source collaboration.”

Srivastava emphasized the need for legal frameworks, saying it’s “imperative to establish clear definitions for derivative models and implement nuanced licensing frameworks that support responsible reuse, enforce appropriate attribution, and uphold usage restrictions.”

How this controversy resolves will set important precedents for intellectual property disputes in an increasingly competitive AI landscape. The success of nimble operations like DeepSeek has upended assumptions about what it takes to build cutting-edge AI, making bloated bureaucracies look more like liabilities than advantages.

Alibaba did not immediately respond to requests for comment.

More on China’s AI moves:

• China’s MiniMax launches M1: A reasoning model to rival GPT-4 at 0.5% the cost
• China’s Alibaba and Baidu step up global competition with new reasoning-focused AI models
• RedNote joins China’s open-source AI wave with the launch of dots.llm1
• DeepSeek accused of powering China’s military and mining US user data>

>

It's no exaggeration to call sudo the cornerstone of Linux privilege management. It's one of the first utilities we configure on fresh installs, and it's baked into almost every Linux distribution by default. Which is precisely why reports of two significant vulnerabilities in sudo ''CVE-2025-32462 and CVE-2025-32463''are grabbing headlines and raising red flags. These are local privilege escalation flaws, and if they're exploited, an attacker could jump from a non-privileged user account straight into the shoes of the almighty root user.