Anker has indefinitely paused sales of its 3D printers, with no clear plans to resume or release new models. Despite promises of ongoing support, critical replacement parts like hotends and extruders have quietly vanished from the EufyMake site, leaving customers and the maker community in the lurch. The Verge reports: In March, charging giant Anker announced it would spin out its 3D printer business into an "independent sub-brand," stating that the new EufyMake would "continue to provide comprehensive customer service and support" for its original 3D printers the AnkerMake M5 and M5C. Now, the 3D printing community is wondering whether that was all a euphemism for exiting the 3D printer business. eufyMake is no longer selling any 3D printers and has stopped selling some of the parts it would need to provide anything close to "comprehensive support."

Anker confirms to The Verge that it has stopped selling the M5 and M5C 3D printers indefinitely. Spokesperson Brett White could not confirm that the company will resume selling them or create any future models. He says that "sales have been paused." "My understanding is that eufyMake has not ruled out creating new 3D printer models in the future. But the brand has ended sales of the M5 and M5C for the time being," White tells The Verge. The 3D printing section of EufyMake's website is currently empty of printers. The only gadget EufyMake now sells is a UV printer that creates a 3D texture atop flat materials.

An anonymous reader quotes a report from CNBC: Samsung Electronics has entered into a $16.5 billion contract for supplying semiconductors to Tesla, based on a regulatory filing by the South Korean firm and Tesla CEO Elon Musk's posts on X. The memory chipmaker, which had not named the counterparty, mentioned in its filing that the effective start date of the contract was July 26, 2025 -- receipt of orders -- and its end date was Dec. 31, 2033. However, Musk later confirmed in a reply to a post on social media platform X that Tesla was the counterparty.

He also posted: "Samsung's giant new Texas fab will be dedicated to making Tesla's next-generation AI6 chip. The strategic importance of this is hard to overstate. Samsung currently makes AI4.TSMC will make AI5, which just finished design, initially in Taiwan and then Arizona. Samsung agreed to allow Tesla to assist in maximizing manufacturing efficiency. This is a critical point, as I will walk the line personally to accelerate the pace of progress," Musk said on X, and suggested that the deal with Samsung could likely be even larger than the announced $16.5 billion.

Samsung earlier said that details of the deal, including the name of the counterparty, will not be disclosed until the end of 2033, citing a request from the second party "to protect trade secrets," according to a Google translation of the filing in Korean on Monday. "Since the main contents of the contract have not been disclosed due to the need to maintain business confidentiality, investors are advised to invest carefully considering the possibility of changes or termination of the contract," the company said.

"Search engines still require users to use critical thinking to interpret and contextualize the results," argues Aaron French, an assistant professor of information systems. But with the rise of generative AI tools like ChatGPT, "internet users aren't just outsourcing memory — they may be outsourcing thinking itself." Generative AI tools don't just retrieve information; they can create, analyze and summarize it. This represents a fundamental shift: Arguably, generative AI is the first technology that could replace human thinking and creativity.

That raises a critical question: Is ChatGPT making us stupid...?

[A]s many people increasingly delegate cognitive tasks to AI, I think it's worth considering what exactly we're gaining and what we are at risk of losing.
"For many, it's replacing the need to sift through sources, compare viewpoints and wrestle with ambiguity," the article argues, positing that this "may be weakening their ability to think critically, solve complex problems and engage deeply with information."

But in a section titled "AI and the Dunning-Kruger effect," he suggests "what matters isn't whether a person uses generative AI, but how. If used uncritically, ChatGPT can lead to intellectual complacency." His larger point seems to be that when used as an aid, AI "can become a powerful tool for stimulating curiosity, generating ideas, clarifying complex topics and provoking intellectual dialogue.... to augment human intelligence, not replace it. That means using ChatGPT to support inquiry, not to shortcut it. It means treating AI responses as the beginning of thought, not the end."

He believes mass adoption of generative AI has "left internet users at a crossroads. One path leads to intellectual decline: a world where we let AI do the thinking for us. The other offers an opportunity: to expand our brainpower by working in tandem with AI, leveraging its power to enhance our own." So his article ends with a question — how will we use AI to make us smarter?

Share your own thoughts and experiences in the comments. Do you think your AI use is making you smarter?

"Google has signed its first partnership with a long-duration energy storage company," reports Data Center Dynamics. "The tech giant signed a long-term partnership with Energy Dome to support multiple commercial deployments worldwide to help scale the company's CO2 battery technology."

Google explains in a blog post that the company's technology "can store excess clean energy and then dispatch it back to the grid for 8-24 hours, bridging the gap between when renewable energy is generated and when it is needed." Reuters explains the technology: Energy Dome's CO2-based system stores energy by compressing and liquefying carbon dioxide, which is later expanded to generate electricity. The technology avoids the use of scarce raw materials such as lithium and copper, making it potentially attractive to European policymakers seeking to reduce reliance on critical minerals and bolster energy security.
"Unlike other gases, CO2 can be compressed at ambient temperatures, eliminating the need for expensive cryogenic features," notes CleanTechnica, calling this "a unique new threat to fossil fuel power plants." Google's move "means that more wind and solar energy than ever before can be put to use in local grids." Pumped storage hydropower still accounts for more than 90% of utility scale storage in the US, long duration or otherwise... Energy Dome claims to beat lithium-ion batteries by a wide margin, currently aiming for a duration of 8-24 hours. The company aims to hit the 10-hour mark with its first project in the U.S., the "Columbia Energy Storage Project" under the wing of the gas and electricity supplier Alliant Energy to be located in Pacific, Wisconsin... [B]ut apparently Google has already seen more than enough. An Energy Dome demonstration project has been shooting electricity into the grid in Italy for more than three years, and the company recently launched a new 20-megawatt commercial plant in Sardinia.
Google points out this is one of several Google clean energy initiatives :

• In June Google signed the largest direct corporate offtake agreement for fusion energy with Commonwealth Fusion Systems.

• In October Google agreed to purchase "advanced nuclear" power from multiple small modular reactors being developed by Kairos Power.

• Google also partnered with a clean-energy startup to develop a geothermal power project that contributes carbon-free energy to the electric grid.

The United Kingdom's government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks. From a report: The list of entities that would have to follow the new proposed legislation includes local councils, schools, and the publicly funded National Health Service (NHS).

"Ransomware is estimated to cost the UK economy millions of pounds each year, with recent high-profile ransomware attacks highlighting the severe operational, financial, and even life-threatening risks. The ban would target the business model that fuels cyber criminals' activities and makes the vital services the public rely on a less attractive target for ransomware groups," the UK government said.

"We're determined to smash the cyber criminal business model and protect the services we all rely on as we deliver our Plan for Change. By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware," Security Minister Dan Jarvis added.

Government funding for a program that hunts for threats on America's critical infrastructure networks expired on Sunday, preventing Lawrence Livermore National Laboratory from analyzing activity that could indicate a cyberattack, the program director told Congress on Tuesday. From a report: Nate Gleason leads a team at Lawrence Livermore National Laboratory (LLNL) focused on nation-state threats against critical infrastructure, and this includes the CyberSentry Program.

It's a public-private partnership, managed by CISA, that looks for malicious activity on IT and operational technology (OT) networks in America's energy, water, healthcare, and other critical facilities. This includes threats along the lines of China's Volt Typhoon and Salt Typhoon intrusions -- network activity that may look like, or even start as, espionage, but ultimately enables the digital invaders to backdoor critical orgs and deploy cyber weapons to aid in a kinetic war.

It's "a milestone for scalable quantum technologies," according to the announcement from Boston University. Scientists from Boston University, UC Berkeley, and Northwestern University "reported the world's first electronic-photonic-quantum system on a chip, according to a study published in Nature Electronics."

Quantum computing is on "a decades-long path from concept to reality," says Milos PopoviÄ, associate professor of electrical and computer engineering at BU and a senior author on the study. "This is a small step on that path — but an important one, because it shows we can build repeatable, controllable quantum systems in commercial semiconductor foundries." The system combines quantum light sources and stabilizing electronics using a standard 45-nanometer semiconductor manufacturing process to produce reliable streams of correlated photon pairs (particles of light) — a key resource for emerging quantum technologies. The advance paves the way for mass-producible "quantum light factory" chips and large-scale quantum systems built from many such chips working together...

Just as electronic chips are powered by electric currents, and optical communication links by laser light, future quantum technologies will require a steady stream of quantum light resource units to perform their functions. To provide this, the researchers' work created an array of "quantum light factories" on a silicon chip, each less than a millimeter by a millimeter in dimension... "What excites me most is that we embedded the control directly on-chip — stabilizing a quantum process in real time," says Anirudh Ramesh, a PhD student at Northwestern who led the quantum measurements. "That's a critical step toward scalable quantum systems."
Thanks to long-time Slashdot reader fahrbot-bot for sharing the news.

VMware is overhauling its partner program again under Broadcom's direction, drastically reducing the number of authorized partners -- especially small and mid-size ones -- while ending the white label program by October 31, 2025. The Register reports: Australian IT service provider Interactive outlined the changes on Wednesday in a post that explained the changes with the following five points:

- Partner Reduction: The new program significantly reduces the number of authorized partners, being a by-invitation-only program. As a result on July 15, 2025 VCSP partners who are not invited to participate in the new Program for VCSP partners will be sent a notice of non-renewal.
- Transition Period Until 31 October, 2025: Non-invited partners can continue to transact until 31 October 2025. After that date, they may only service existing VCSP commitment contracts for the remainder of the current term. No new commitment contracts or renewals will be accepted for those partners.
- White Label Program Ending: Broadcom is also sunsetting the White Label model on 31 October 2025. The same transitional commercial conditions apply to White Label contracts as stated above.
- Immediate Impact: Departing partners are encouraged to work with authorized VCSP partners to ensure a smooth transition for customers who seek to renew a service at the end of their current term.
- Shift Toward Hyperscale Private Compute: Broadcom is reshaping its vision for private compute, whereby VMware Cloud Foundation 9 underpins a small number [of] hyperscale private cloud platforms in each region. A future where customers buy managed infrastructure from partners like Interactive to support their compute requirements.

Interactive also warned that customers whose partners are no longer part of the partner program could expect the change to effect:

- Your ability to renew licenses through your existing partner
- The support and service quality you've come to expect
- Potential delays or confusion during upcoming renewals or service requests
- Potential cost increases as partner consolidation may led additional costs for migration and re-onboarding, and reduced bundling options that previously allowed for greater cost efficiencies VMware also told The Register that "Non-renewing partners can continue to support their existing customers until the end of their current commit contract term including co-termed capacity orders. Non-renewing partners are encouraged to work with authorized VCSP partners to ensure a smooth transition for customers who seek to renew a service at the end of their current term."

Making matters worse: VMware on Tuesday divulged three critical flaws in eights of its products rated 9.3/10.

Microsoft employs engineers in China to help maintain Defense Department computer systems, with U.S. citizens serving as "digital escorts" to oversee the foreign workers, according to a ProPublica investigation. The escorts often lack advanced technical expertise to police engineers with far more sophisticated skills, and some are former military personnel paid barely above minimum wage.

"We're trusting that what they're doing isn't malicious, but we really can't tell," one current escort told the publication. The arrangement, critical to Microsoft winning federal cloud computing contracts a decade ago, handles sensitive but unclassified government data including materials that directly support military operations. Former CIA and NSA executive Harry Coker called the system a natural opportunity for spies, saying "If I were an operative, I would look at that as an avenue for extremely valuable access."

Microsoft is testing a new adaptive energy saver mode in Windows 11 that automatically turns energy saver on or off based on system workload instead of battery percentage, aiming to extend laptop battery life without dimming screen brightness. The feature is currently available to Windows Insider testers and expected to roll out later this year. The Verge reports: The energy saver mode in Windows 11 typically dims a display brightness by 30 percent, disables transparency effects, and stop apps running in the background. Non-critical Windows update downloads are also paused, and certain apps like OneDrive, OneNote, and Phone Link may not sync fully while energy saver is enabled. This new adaptive energy saver mode, which will only be available on devices with a battery, will automatically enable or disable without affecting screen brightness. That will make it less noticeable on devices like laptops, tablets, and handhelds.

"Adaptive energy saver is an opt-in feature that automatically enables and disables energy saver, without changing screen brightness, based on the power state of the device and the current system load," explains Microsoft's Windows Insider team.

The U.S. Department of Defense has awarded contracts worth up to $200 million each to OpenAI, Google, Anthropic, and xAI to scale adoption of advanced AI. "The contracts will enable the DoD to develop agentic AI workflows and use them to address critical national security challenges," reports Reuters, citing the department's Chief Digital and Artificial Intelligence Office. From the report: Separately on Monday, xAI announced a suite of its products called "Grok for Government", making its advanced AI models -- including its latest flagship Grok 4 -- available to federal, local, state and national security customers. The Pentagon announced last month that OpenAI was awarded a $200 million contract, saying the ChatGPT maker would "develop prototype frontier AI capabilities to address critical national security challenges in both warfighting and enterprise domains."

The contracts announced on Monday deepen the ties between companies leading the AI race and U.S. government operations, while addressing concerns around the need for competitive contracts for AI use in federal agencies. "The adoption of AI is transforming the (DoD's) ability to support our warfighters and maintain strategic advantage over our adversaries," Chief Digital and AI Officer Doug Matty said.

An anonymous reader shared this report from InfoWorld: Tiobe CEO Paul Jansen says Ada, a system programming language whose initial development dates back to the late 1970s, could outlast similarly aged languages like Visual Basic, Perl, and Fortran in the language popularity race.

In comments on this month's Tiobe language popularity index, posted July 9, Jansen said the index has not seen much change among leading languages such as Python, C#, and Java over the past two years. But there is more movement among older languages such as Visual Basic, SQL, Fortran, Ada, Perl, and Delphi, said Jansen. Every time one of these languages is expected to stay in the top 10, it is replaced by another language, he said. Even more remarkably, newer languages have yet to rise above them. "Where are Rust, Kotlin, Dart, and Julia? Apparently, established languages are hot."
"Which one will win? Honestly, this is very hard to tell," Jansen writes, "but I would put my bets on Ada. With the ever-stronger demands on security, Ada is, as a system programming language in the safety-critical domain, likely the best survivor."

Perhaps proving his point, one year ago, Ada was ranked #24 — but on this month's index it ranks #9. (Whereas the eight languages above it all remain in the exact same positions they held a year ago...)

1. Python
2. C++
3. C
4. Java
5. C#
6. JavaScript
7. Go
8. Visual Basic
9. Ada
10. Delphi/Object Pascal

Major space industry players -- including SpaceX, Boeing, and Blue Origin -- are urging Congress to maintain funding for the TraCSS space traffic coordination program, warning that eliminating it would endanger satellite safety and potentially drive companies abroad. Under the proposed FY 2026 budget, the Office of Space Commerce's funding would be cut from $65 million to just $10 million. "That $55M cut is accomplished by eliminating the Traffic Coordination System for Space (TraCSS) program," reports The Register. From the report: "One of OSC's most important functions is to provide space traffic coordination support to US satellite operators, similar to the Federal Aviation Administration's role in air traffic control," stated letters from space companies including SpaceX, Boeing, Blue Origin, and others. The letters argue that safe space operations "in an increasingly congested space domain" are critical for modern services like broadband satellite internet and weather forecasting, but that's not all. "Likewise, a safe space operating environment is vital for continuity of national security space missions such as early warning of missile attacks on deployed US military forces," the letters added.

Industry trade groups sent the letters to the Democratic and Republican leadership of the House and Senate budget subcommittees for Commerce, Justice, Science, and Related Agencies, claiming to represent more than 450 US companies in the space, satellite, and defense sectors. The letters argue for the retention of the OSC's FY 2025 budget of $65 million, as well as keeping control of space traffic coordination within the purview of the Department of Commerce, under which the OSC is nested, and not the Department of Defense, where it was previously managed. "Successive administrations have recognized on a bipartisan basis that space traffic coordination is a global, commercial-facing function best managed by a civilian agency," the companies explained. "Keeping space traffic coordination within the Department of Commerce preserves military resources for core defense missions and prevents the conflation of space safety with military control."

In the budget request document, the government explained the Commerce Department was unable to complete "a government owned and operated public-facing database and traffic coordination system" in a timely manner. The private sector, meanwhile, "has proven they have the capability and the business model to provide civil operators" with the necessary space tracking data. But according to the OSC, TraCSS would have been ready for operations by January 2026, raising the question of why the government would kill the program so late in the game.

Mazda is redesigning the steering wheel controls in its new CX-5 to address potential safety concerns from its shift to touchscreen-based infotainment systems. The Japanese automaker developed what it calls "an all new steering wheel layout with physical buttons" that allow drivers to control critical vehicle functions without taking their hands off the wheel. Stefan Meisterfeld, Mazda's U.S. VP of operations, said the new steering wheel design goes beyond simple redundant shortcuts.

The company is pairing the enhanced steering wheel controls with Google Assistant voice commands and a 15.6-inch central touchscreen that now houses audio and climate controls previously operated by physical dashboard buttons. Mazda had been the sole mainstream holdout against touchscreen infotainment systems, relying instead on a console-mounted dial. The steering wheel redesign represents the company's attempt to maintain its "hands on the wheel, eyes on the road" safety philosophy while adopting touchscreen technology that customer research indicated buyers wanted.

BrianFagioli shares a report from NERDS.xyz: Red Hat has introduced a new option that gives developers a fast lane to enterprise-grade Linux without needing to go through IT. The new release, called Red Hat Enterprise Linux for Business Developers, is now available for free. It offers direct, self-serve access to the same operating system used in production environments, specifically for business-focused development and testing.

The offering is part of the Red Hat Developer Program and is designed to reduce friction between development and operations teams. Developers can now build and test applications on the same platform that powers critical systems across physical servers, virtual machines, cloud deployments, and edge devices. [...] Each registered user can deploy up to 25 instances, whether virtual, physical, or cloud-based. The program includes signed and curated developer content such as programming languages, open source tools, and databases. Red Hat also includes Podman Desktop, its go-to container development tool, allowing users to work with containers that can closely match production environments.

While access is free, developers can choose to purchase support plans that tap into Red Hat's Linux expertise. This could appeal to developers working in business units or teams that want to build quickly without waiting on formal IT approval. This new option complements Red Hat's existing free Developer Subscription for Individuals and the Enterprise Developer Subscription for Teams, which is available through Red Hat reps or partners.

AMD is warning users of a newly discovered form of side-channel attack affecting a broad range of its chips that could lead to information disclosure. Register: Akin to Meltdown and Spectre, the Transient Scheduler Attack (TSA) comprises four vulnerabilities that AMD said it discovered while looking into a Microsoft report about microarchitectural leaks.

The four bugs do not appear too venomous at face value -- two have medium-severity ratings while the other two are rated "low." However, the low-level nature of the exploit's impact has nonetheless led Trend Micro and CrowdStrike to assess the threat as "critical."

The reasons for the low severity scores are the high degree of complexity involved in a successful attack -- AMD said it could only be carried out by an attacker able to run arbitrary code on a target machine. It affects AMD processors (desktop, mobile and datacenter models), including 3rd gen and 4th gen EPYC chips -- the full list is here.

China "is pouring money into building an AI supply chain with as little reliance on the U.S. as possible," reports the Wall Street Journal.

And now Chinese AI companies "are loosening the U.S.'s global stranglehold on AI," reports the Wall Street Journal, "challenging American superiority and setting the stage for a global arms race in the technology." In Europe, the Middle East, Africa and Asia, users ranging from multinational banks to public universities are turning to large language models from Chinese companies such as startup DeepSeek and e-commerce giant Alibaba as alternatives to American offerings such as ChatGPT... Saudi Aramco, the world's largest oil company, recently installed DeepSeek in its main data center. Even major American cloud service providers such as Amazon Web Services, Microsoft and Google offer DeepSeek to customers, despite the White House banning use of the company's app on some government devices over data-security concerns.

OpenAI's ChatGPT remains the world's predominant AI consumer chatbot, with 910 million global downloads compared with DeepSeek's 125 million, figures from researcher Sensor Tower show. American AI is widely seen as the industry's gold standard, thanks to advantages in computing semiconductors, cutting-edge research and access to financial capital. But as in many other industries, Chinese companies have started to snatch customers by offering performance that is nearly as good at vastly lower prices. A study of global competitiveness in critical technologies released in early June by researchers at Harvard University found China has advantages in two key building blocks of AI, data and human capital, that are helping it keep pace...

Leading Chinese AI companies — which include Tencent and Baidu — further benefit from releasing their AI models open-source, meaning users are free to tweak them for their own purposes. That encourages developers and companies globally to adopt them. Analysts say it could also pressure U.S. rivals such as OpenAI and Anthropic to justify keeping their models private and the premiums they charge for their service... On Latenode, a Cyprus-based platform that helps global businesses build custom AI tools for tasks including creating social-media and marketing content, as many as one in five users globally now opt for DeepSeek's model, according to co-founder Oleg Zankov. "DeepSeek is overall the same quality but 17 times cheaper," Zankov said, which makes it particularly appealing for clients in places such as Chile and Brazil, where money and computing power aren't as plentiful...

The less dominant American AI companies are, the less power the U.S. will have to set global standards for how the technology should be used, industry analysts say. That opens the door for Beijing to use Chinese models as a Trojan horse for disseminating information that reflects its preferred view of the world, some warn.... The U.S. also risks losing insight into China's ambitions and AI innovations, according to Ritwik Gupta, AI policy fellow at the University of California, Berkeley. "If they are dependent on the global ecosystem, then we can govern it," said Gupta. "If not, China is going to do what it is going to do, and we won't have visibility."
The article also warns of other potential issues:

• "Further down the line, a breakdown in U.S.-China cooperation on safety and security could cripple the world's capacity to fight future military and societal threats from unrestrained AI."

• "The fracturing of global AI is already costing Western makers of computer chips and other hardware billions in lost sales... Adoption of Chinese models globally could also mean lost market share and earnings for AI-related U.S. firms such as Google and Meta."

"A computer science degree used to be a golden ticket to the promised land of jobs," a college senior tells the New York Times. But "That's no longer the case."

The article notes that in the last three years there's been a 65% drop from companies seeking workers with two years of experience or less (according to an analysis by technology research/education organization CompTIA), with tech companies "relying more on AI for some aspects of coding, eliminating some entry-level work."

So what do college professors teach when AI "is coming fastest and most forcefully to computer science"? Computer science programs at universities across the country are now scrambling to understand the implications of the technological transformation, grappling with what to keep teaching in the AI era. Ideas range from less emphasis on mastering programming languages to focusing on hybrid courses designed to inject computing into every profession, as educators ponder what the tech jobs of the future will look like in an AI economy... Some educators now believe the discipline could broaden to become more like a liberal arts degree, with a greater emphasis on critical thinking and communication skills.

The National Science Foundation is funding a program, Level Up AI, to bring together university and community college educators and researchers to move toward a shared vision of the essentials of AI education. The 18-month project, run by the Computing Research Association, a research and education nonprofit, in partnership with New Mexico State University, is organising conferences and roundtables and producing white papers to share resources and best practices. The NSF-backed initiative was created because of "a sense of urgency that we need a lot more computing students — and more people — who know about AI in the workforce," said Mary Lou Maher, a computer scientist and a director of the Computing Research Association.

The future of computer science education, Maher said, is likely to focus less on coding and more on computational thinking and AI literacy. Computational thinking involves breaking down problems into smaller tasks, developing step-by-step solutions and using data to reach evidence-based conclusions. AI literacy is an understanding — at varying depths for students at different levels — of how AI works, how to use it responsibly and how it is affecting society. Nurturing informed skepticism, she said, should be a goal.
The article raises other possibilities. Experts also suggest the possibility of "a burst of technology democratization as chatbot-style tools are used by people in fields from medicine to marketing to create their own programs, tailored for their industry, fed by industry-specific data sets." Stanford CS professor Alex Aiken even argues that "The growth in software engineering jobs may decline, but the total number of people involved in programming will increase."

Last year, Carnegie Mellon actually endorsed using AI for its introductory CS courses. The dean of the school's undergraduate programs believes that coursework "should include instruction in the traditional basics of computing and AI principles, followed by plenty of hands-on experience designing software using the new tools."

We're living in a new world now — one where it's an AI-powered penetration tester that "now tops an eminent US security industry leaderboard that ranks red teamers based on reputation." CSO Online reports: On HackerOne, which connects organizations with ethical hackers to participate in their bug bounty programs, "Xbow" scored notably higher than 99 other hackers in identifying and reporting enterprise software vulnerabilities. It's a first in bug bounty history, according to the company that operates the eponymous bot...

Xbow is a fully autonomous AI-driven penetration tester (pentester) that requires no human input, but, its creators said, "operates much like a human pentester" that can scale rapidly and complete comprehensive penetration tests in just a few hours. According to its website, it passes 75% of web security benchmarks, accurately finding and exploiting vulnerabilities.

Xbow submitted nearly 1,060 vulnerabilities to HackerOne, including remote code execution, information disclosures, cache poisoning, SQL injection, XML external entities, path traversal, server-side request forgery (SSRF), cross-site scripting, and secret exposure. The company said it also identified a previously unknown vulnerability in Palo Alto's GlobalProtect VPN platform that impacted more than 2,000 hosts. Of the vulnerabilities Xbow submitted over the last 90 days, 54 were classified as critical, 242 as high and 524 as medium in severity. The company's bug bounty programs have resolved 130 vulnerabilities, and 303 are classified as triaged.

Notably, though, roughly 45% of the vulnerabilities it found are still awaiting resolution, highlighting the "volume and impact of the submissions across live targets," Nico Waisman, Xbow's head of security, wrote in a blog post this week... To further hone the technology, the company developed "validators," — automated peer reviewers that confirm each uncovered vulnerability, Waisman explained.
"As attackers adopt AI to automate and accelerate exploitation, defenders must meet them with even more capable systems," XBOW's CEO said this week, as the company raised $75 million in Series B funding to grow its platform, bringing its total funding to $117 million. Help Net Security reports: With the new funding, XBOW plans to grow its engineering team and expand its go-to-market efforts. The product is now generally available, and the company says it is working with large banks, tech firms, and other organizations that helped shape the platform during its early testing phase. XBOW's long-term goal is to help security teams stay ahead of adversaries using advanced automation. As attackers increasingly turn to AI, the company argues that defenders will need equally capable systems to match their speed and sophistication.

In April researchers responsibly disclosed two security flaws found in Sudo "that could enable local attackers to escalate their privileges to root on susceptible machines," reports The Hacker News. "The vulnerabilities have been addressed in Sudo version 1.9.17p1 released late last month." Stratascale researcher Rich Mirch, who is credited with discovering and reporting the flaws, said CVE-2025-32462 has managed to slip through the cracks for over 12 years. It is rooted in the Sudo's "-h" (host) option that makes it possible to list a user's sudo privileges for a different host. The feature was enabled in September 2013. However, the identified bug made it possible to execute any command allowed by the remote host to be run on the local machine as well when running the Sudo command with the host option referencing an unrelated remote host. "This primarily affects sites that use a common sudoers file that is distributed to multiple machines," Sudo project maintainer Todd C. Miller said in an advisory. "Sites that use LDAP-based sudoers (including SSSD) are similarly impacted."

CVE-2025-32463, on the other hand, leverages Sudo's "-R" (chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. It's also a critical-severity flaw. "The default Sudo configuration is vulnerable," Mirch said. "Although the vulnerability involves the Sudo chroot feature, it does not require any Sudo rules to be defined for the user. As a result, any local unprivileged user could potentially escalate privileges to root if a vulnerable version is installed...."

Miller said the chroot option will be removed completely from a future release of Sudo and that supporting a user-specified root directory is "error-prone."