Austria's coalition government has agreed on a plan to enable police to monitor suspects' secure messaging in order to thwart militant attacks, ending what security officials have said is a rare and dangerous blind spot for a European Union country. From a report: Because Austria lacks a legal framework for monitoring messaging services like WhatsApp, its main domestic intelligence service and police rely on allies with far more sweeping powers like Britain and the United States alerting them to chatter about planned attacks and spying.

That kind of tip-off led to police unravelling what they say was a planned attack on a Taylor Swift concert in Vienna, which prompted the cancellation of all three of her planned shows there in August of last year. "The aim is to make people planning terrorist attacks in Austria feel less secure - and increase everyone else's sense of security," Joerg Leichtfried of the Social Democrats, the junior minister in charge of overseeing the Directorate for State Security and Intelligence (DSN), told a news conference.

The U.S. Senate has approved the GENIUS Act with a 68-30 final vote that "saw a huge surge of Democrats joining their Republican counterparts," reports CoinDesk. What the bill sets out to do is create the first federal regulatory framework for U.S. stablecoins, requiring issuers to maintain full 1:1 reserves in cash or Treasuries, adhere to regular audits and anti-money laundering rules, and gain regulatory approval -- all while allowing foreign stablecoin access under strict oversight rules. From the report: As written, the bill would set up guardrails around the approval and supervision of U.S. issuers of stablecoins, the dollar-based tokens such as the ones backed by Circle, Ripple and Tether. Firms making these digital assets available to U.S. users would have to meet stringent reserve demands, transparency requirements, money-laundering compliance and regulatory supervision that's also likely to include new capital rules. "This is a win for the U.S., a win for innovation and a monumental step towards appropriate regulation for digital assets in the United States," said Amanda Tuminelli, executive director and chief legal officer of the DeFi Education Fund, in a similar statement. [...]

While this is the first significant crypto bill to clear the Senate, it's also the first time a stablecoin bill has passed either chamber, despite years of negotiation in the House Financial Services Committee that managed to produce other major crypto legislation in the previous congressional session. The destiny of the GENIUS Act is also tied closely to the House's own Digital Asset Market Clarity Act, the more sweeping crypto bill that would establish the legal footing of the wider U.S. crypto markets. The stablecoin effort is slightly ahead of the bigger task of the market structure bill, but the industry and their lawmaker allies argue that they're inextricably connected and need to become law together. So far, the Clarity Act has been cleared by the relevant House committees and awaits floor action.

An anonymous reader quotes a report from TechCrunch: While Silicon Valley executives like those from Palantir, Meta, and OpenAI are grabbing headlines for trading their Brunello Cucinelli vests for Army Reserve uniforms, a quieter transformation has been underway in the U.S. Navy. How so? Well, the Navy's chief technology officer, Justin Fanelli, says he has spent the last two and a half years cutting through the red tape and shrinking the protracted procurement cycles that once made working with the military a nightmare for startups. The efforts represent a less visible but potentially more meaningful remaking that aims to see the government move faster and be smarter about where it's committing dollars.

"We're more open for business and partnerships than we've ever been before," Fanelli told TechCrunch in a recent episode of StrictlyVC Download. "We're humble and listening more than before, and we recognize that if an organization shows us how we can do business differently, we want that to be a partnership." Right now, many of these partnerships are being facilitated through what Fanelli calls the Navy's innovation adoption kit, a series of frameworks and tools that aim to bridge the so-called Valley of Death, where promising tech dies on its path from prototype to production. "Your granddaddy's government had a spaghetti chart for how to get in," Fanelli said. "Now it's a funnel, and we are saying, if you can show that you have outsized outcomes, then we want to designate you as an enterprise service."

In one recent case, the Navy went from a Request for Proposal (RFP) to pilot deployment in under six months with Via, an eight-year-old, Somerville, Massachusetts-based cybersecurity startup that helps big organizations protect sensitive data and digital identities through, in part, decentralization, meaning the data isn't stored in one central spot that can be hacked. (Another of Via's clients is the U.S. Air Force.) The Navy's new approach operates on what Fanelli calls a "horizon" model, borrowed and adapted from McKinsey's innovation framework. Companies move through three phases: evaluation, structured piloting, and scaling to enterprise services. The key difference from traditional government contracting, Fanelli says, is that the Navy now leads with problems rather than predetermined solutions. "Instead of specifying, 'Hey, we'd like this problem solved in a way that we've always had it,' we just say, 'We have a problem, who wants to solve this, and how will you solve it?'" Fanelli said.

An anonymous reader quotes a report from The Register: UK universities and colleges have signed a framework worth up to 9.86 million pounds ($13.33 million) with Oracle to use its controversial Java SE Universal Subscription model, in exchange for a "waiver of historic fees due for any institutions who have used Oracle Java since 2023." Jisc, a membership organization that runs procurement for higher and further education establishments in the UK, said it had signed an agreement to purchase the new subscription licenses after consultation with members. In a procurement notice, it said institutions that use Oracle Java SE are required to purchase subscriptions. "The agreement includes the waiver of historic fees due for any institutions who have used Oracle Java since 2023," the notice said.

The Java SE Universal Subscription was introduced in January 2023 to an outcry from licensing experts and analysts. It moved licensing of Java from a per-user basis to a per-employee basis. At the time, Oracle said it was "a simple, low-cost monthly subscription that includes Java SE Licensing and Support for use on Desktops, Servers or Cloud deployments." However, licensing advisors said early calculations to help some clients showed that the revamp might increase costs by up to ten times. Later, analysis from Gartner found the per-employee subscription model to be two to five times more expensive than the legacy model.

"For large organizations, we expect the increase to be two to five times, depending on the number of employees an organization has," Nitish Tyagi, principal Gartner analyst, said in July 2024. "Please remember, Oracle defines employees as part-time, full-time, temporary, agents, contractors, as in whosoever supports internal business operations has to be licensed as per the new Java Universal SE Subscription model." Since the introduction of the new Oracle Java licensing model, user organizations have been strongly advised to move off Oracle Java and find open source alternatives for their software development and runtime environments. A survey of Oracle users found that only one in ten was likely to continue to stay with Oracle Java, in part as a result of the licensing changes.

Walmart and Amazon are exploring the possibility of issuing their own stablecoins in the United States, WSJ reported Friday, potentially shifting billions of dollars in transaction volume away from traditional banks and card networks. The retail giants, along with Expedia Group and several airlines, have recently discussed launching corporate stablecoins that would allow them to circumvent the existing payments infrastructure dominated by Visa and Mastercard.

The companies' final decisions hinge on passage of the Genius Act, legislation currently moving through Congress that would establish a regulatory framework for stablecoins. These digital currencies maintain a one-to-one exchange ratio with dollars and are backed by cash or Treasury reserves, offering merchants the potential for faster payment settlement and significantly reduced processing fees compared to traditional card transactions that can take days to clear.

Shopify is launching stablecoin payments for its merchants later this year, starting with USDC in collaboration with Coinbase and Stripe. Fortune reports: The publicly traded tech company lets merchants -- including vintage clothes sellers, cosmetics businesses, and electronics companies -- set up their own online marketplaces. By late June, Shopify will let a select group of users accept payments in USDC, a stablecoin issued by the crypto company Circle, which recently had one of the year's hottest IPOs. "In our own philosophical framework, we are extremely aligned with everything that crypto stands for," Tobias Lutke, the CEO of Shopify and a Coinbase board member, said onstage at a Coinbase conference on Thursday.

Shopify will then gradually expand access to merchants across its network in the U.S. and Europe before opening up stablecoin payments to every merchant who uses its platform. The e-commerce company worked with Coinbase to develop a payments protocol to handle chargebacks, refunds, and other intricacies of retail payments on Coinbase's blockchain, Base. It also collaborated with fintech giant Stripe, one of Shopify's payments processors, to integrate stablecoins into the e-commerce company's existing software stack. "I think other payment processors will look at what Shopify is building and be like, 'Holy crap,'" Jesse Pollak, a Coinbase executive who oversees the crypto exchange's wallet and blockchain divisions, told Fortune.

Amazon Web Services has signed a long-term deal with Talen Energy to receive up to 1,920 megawatts of carbon-free electricity from the Susquehanna nuclear plant through 2042 to support AWS's AI and cloud operations. The partnership also includes plans to explore new Small Modular Reactors and expand nuclear capacity amid rising U.S. energy demand. Utility Drive reports: Under the PPA, Talen's existing 300-MW co-location arrangement with AWS will shift to a "front of the meter" framework that doesn't require Federal Energy Regulatory Commission approval, according to Houston-based Talen. The company expects the transition will occur next spring after transmission upgrades are finished. FERC in November rejected an amended interconnection service agreement that would have facilitated expanded power sales to a co-located AWS data center at the Susquehanna plant. The agency is considering potential rules for co-located loads in PJM.

Talen expects to earn about $18 billion in revenue over the life of the contract at its full quantity, according to an investor presentation. The contract, which runs through 2042, calls for delivering 840 MW to 1,200 MW in 2029 and 1,680 MW to 1,920 MW in 2032. Talen will act as the retail power supplier to AWS, and PPL Electric Utilities will be responsible for transmission and delivery, the company said. Amazon on Monday said it plans to spend about $20 billion building data centers in Pennsylvania.

"We are making the largest private sector investment in state history -- $20 billion-- to bring 1,250 high-skilled jobs and economic benefits to the state, while also collaborating with Talen Energy to help power our infrastructure with carbon-free energy," Kevin Miller, AWS vice president of global data centers, said.

An anonymous reader shares a blog post from Google: Today, we're bringing you Android 16, rolling out first to supported Pixel devices with more phone brands to come later this year. This is the earliest Android has launched a major release in the last few years, which ensures you get the latest updates as soon as possible on your devices. Android 16 lays the foundation for our new Material 3 Expressive design, with features that make Android more accessible and easy to use.

An anonymous reader quotes a report from TechCrunch: Apple is launching what it calls the Foundation Models framework, which the company says will let developers tap into its AI models in an offline, on-device fashion. Onstage at WWDC 2025 on Monday, Apple VP of software engineering Craig Federighi said that the Foundation Models framework will let apps use on-device AI models created by Apple to drive experiences. These models ship as a part of Apple Intelligence, Apple's family of models that power a number of iOS features and capabilities.

"For example, if you're getting ready for an exam, an app like Kahoot can create a personalized quiz from your notes to make studying more engaging," Federighi said. "And because it happens using on-device models, this happens without cloud API costs [] We couldn't be more excited about how developers can build on Apple intelligence to bring you new experiences that are smart, available when you're offline, and that protect your privacy."

In a blog post, Apple says that the Foundation Models framework has native support for Swift, Apple's programming language for building apps for its various platforms. The company claims developers can access Apple Intelligence models with as few as three lines of code. Guided generation, tool calling, and more are all built into the Foundation Models framework, according to Apple. Automattic is already using the framework in its Day One journaling app, Apple says, while mapping app AllTrails is tapping the framework to recommend different hiking routes.

Microsoft is previewing a new Windows Update orchestration platform that lets third-party apps schedule and manage updates alongside system updates, "aiming to centralize update scheduling across Windows 11 devices," reports The Register. From the report: On Tuesday, Redmond announced it's allowing a select group of developers and product teams to hook into the Windows 11 update framework. The system doesn't push updates itself but allows apps to register their own update logic via WinRT APIs and PowerShell, enabling centralized scheduling, logging, and policy enforcement. "Updates across the Windows ecosystem can feel like a fragmented experience," wrote Angie Chen, a product manager at the Borg, in a blog post. "To solve this, we're building a vision for a unified, intelligent update orchestration platform capable of supporting any update (apps, drivers, etc.) to be orchestrated alongside Windows updates."

As with other Windows updates, the end user or admin will be able to benefit from intelligent scheduling, with updates deferred based on user activity, system performance, AC power status, and other environmental factors. For example, updates may install when the device is idle or plugged in, to minimize disruption. All update actions will be logged and surfaced through a unified diagnostic system, helping streamline troubleshooting. Microsoft says the platform will support MSIX/APPX apps, as well as Win32 apps that include custom installation logic, provided developers integrate with the offered Windows Runtime (WinRT) APIs and PowerShell commands. At the moment, the orchestration platform is available only as a private preview. Developers must contact unifiedorchestrator@service.microsoft.com to request access. Redmond is taking a cautious approach, given the risk of update conflicts, but may broaden availability depending on how the preview performs.

Meanwhile, Windows Backup for Organizations, first unveiled at Microsoft Ignite in November 2024, has entered limited public preview. Redmond touts the service as a way to back up Windows 10 and 11 devices and restore them with the same settings in place. It's saying it'll be a big help in migrating systems to the more recent operating systems after Windows 10 goes end of life in October. "With Windows Backup for Organizations, get your users up and running as quickly as possible with their familiar Windows settings already in place," Redmond wrote in a blog post on Tuesday. "It doesn't matter if they're experiencing a device reimage or reset."

Telegram has partnered with xAI to integrate the Grok chatbot into its platform for one year, with xAI paying $300 million in cash and equity. Telegram will also receive 50% of subscription revenue from Grok. TechCrunch reports: Earlier this year, xAI made the Grok chatbot available to Telegram's premium users. It seems Grok might now be made available to all users. A video posted by [Telegram CEO Pavel Durov] on X suggested that Grok can be pinned on top of chats within the app, and users can also ask questions to Grok from the search bar. Notably, Meta has also integrated Meta AI into the search bar on Instagram and WhatsApp. The video also shows that you will be able to use Grok for writing suggestions, summarizing chats, links, and documents, and creating stickers. Grok will supposedly also help answer questions for businesses and assist with moderation. UPDATE: In a response to Durov's X post outlining the partnership, Elon Musk said: "No deal has been signed."

"Musk's denial, however, raises questions about the status and structure of the agreement," reports TheStreet. "It's unclear whether the partnership has been formalized or if Durov was announcing a framework that remains under discussion. Neither Telegram nor xAI has issued a follow-up clarification."

Longtime Slashdot reader sinij shares a press release from the White House, outlining a series of executive orders that overhaul the Nuclear Regulatory Commission and speed up deployment of new nuclear power reactions in the U.S.. From a report: The NRC is a 50-year-old, independent agency that regulates the nation's fleet of nuclear reactors. Trump's orders call for a "total and complete reform" of the agency, a senior White House official told reporters in a briefing. Under the new rules, the commission will be forced to decide on nuclear reactor licenses within 18 months. Trump said Friday the orders focus on small, advanced reactors that are viewed by many in the industry as the future. But the president also said his administration supports building large plants. "We're also talking about the big plants -- the very, very big, the biggest," Trump said. "We're going to be doing them also."

When asked whether NRC reform will result in staff reductions, the White House official said "there will be turnover and changes in roles." "Total reduction in staff is undetermined at this point, but the executive orders do call for a substantial reorganization" of the agency, the official said. The orders, however, will not remove or replace any of the five commissioners who lead the body, according to the White House. Any reduction in staff at the NRC would come at time when the commission faces a heavy workload. The agency is currently reviewing whether two mothballed nuclear plants, Palisades in Michigan and Three Mile Island in Pennsylvania, should restart operations, a historic and unprecedented process. [...]

Trump's orders also create a regulatory framework for the Departments of Energy and Defense to build nuclear reactors on federal land, the administration official said. "This allows for safe and reliable nuclear energy to power and operate critical defense facilities and AI data centers," the official told reporters. The NRC will not have a direct role, as the departments will use separate authorities under their control to authorize reactor construction for national security purposes, the official said. The president's orders also aim to jump start the mining of uranium in the U.S. and expand domestic uranium enrichment capacity, the official said. Trump's actions also aim to speed up reactor testing at the Department of Energy's national laboratories.

The Prossimo project (funded by the nonprofit Internet Security Research Group) seeks to "move the Internet's security-sensitive software infrastructure to memory safe code." Two years ago the Prossimo project made an announcement: they'd begun work on rav1d, a safer high performance AV1 decoder written in Rust, according to a new update: We partnered with Immunant to do the engineering work. By September of 2024 rav1d was basically complete and we learned a lot during the process. Today rav1d works well — it passes all the same tests as the dav1d decoder it is based on, which is written in C. It's possible to build and run Chromium with it.

There's just one problem — it's not quite as fast as the C version...

Our Rust-based rav1d decoder is currently about 5% slower than the C-based dav1d decoder (the exact amount differs a bit depending on the benchmark, input, and platform). This is enough of a difference to be a problem for potential adopters, and, frankly, it just bothers us. The development team worked hard to get it to performance parity. We brought in a couple of other contractors who have experience with optimizing things like this. We wrote about the optimization work we did. However, we were still unable to get to performance parity and, to be frank again, we aren't really sure what to do next.

After racking our brains for options, we decided to offer a bounty pool of $20,000 for getting rav1d to performance parity with dav1d. Hopefully folks out there can help get rav1d performance advanced to where it needs to be, and ideally we and the Rust community will also learn something about how Rust performance stacks up against C.
This drew a snarky response from FFmpeg, the framework that powers audio and video processing for everyone from VLC to Twitch. "Rust is so good you can get paid $20k to make it as fast as C," they posted to their 68,300 followers on X.com.

Thanks to the It's FOSS blog for spotting the announcement.

An anonymous reader quotes a report from Patently Apple: It's being reported in the Gulf region that a new 5GW UAE-US AI Campus in Abu Dhabi was unveiled on Thursday at Qasr Al Watan in the presence of President His Highness Sheikh Mohamed bin Zayed Al Nahyan and US. President Donald Trump, who is on a state visit to the UAE. The new AI campus -- the largest of its kind outside the United States -- will host US hyperscalers and large enterprises, enabling them to leverage regional compute resources with the capability to serve the Global South. The UAE-US AI Campus will feature 5GW of capacity for AI data centers in Abu Dhabi, offering a regional platform through which US hyperscalers can provide low-latency services to nearly half of the global population.

Upon completion, the facility will utilize nuclear, solar, and gas power to minimize carbon emissions. It will also house a science park focused on advancing innovation in artificial intelligence. The campus will be built by G42 and operated in partnership with several US companies including NVIDIA, OpenAI, SoftBank, Cisco and others. The initiative is part of the newly established US-UAE AI Acceleration Partnership, a bilateral framework designed to deepen collaboration on artificial intelligence and advanced technologies. The UAE and US will jointly regulate access to the compute resources, which are reserved for US hyperscalers and approved cloud service providers. An official press release from the White House can be found here.

An anonymous reader quotes a report from Ars Technica: Google's DeepMind research division claims its newest AI agent marks a significant step toward using the technology to tackle big problems in math and science. The system, known as AlphaEvolve, is based on the company's Gemini large language models (LLMs), with the addition of an "evolutionary" approach that evaluates and improves algorithms across a range of use cases. AlphaEvolve is essentially an AI coding agent, but it goes deeper than a standard Gemini chatbot. When you talk to Gemini, there is always a risk of hallucination, where the AI makes up details due to the non-deterministic nature of the underlying technology. AlphaEvolve uses an interesting approach to increase its accuracy when handling complex algorithmic problems.

According to DeepMind, this AI uses an automatic evaluation system. When a researcher interacts with AlphaEvolve, they input a problem along with possible solutions and avenues to explore. The model generates multiple possible solutions, using the efficient Gemini Flash and the more detail-oriented Gemini Pro, and then each solution is analyzed by the evaluator. An evolutionary framework allows AlphaEvolve to focus on the best solution and improve upon it. Many of the company's past AI systems, for example, the protein-folding AlphaFold, were trained extensively on a single domain of knowledge. AlphaEvolve, however, is more dynamic. DeepMind says AlphaEvolve is a general-purpose AI that can aid research in any programming or algorithmic problem. And Google has already started to deploy it across its sprawling business with positive results. DeepMind's AlphaEvolve AI has optimized Google's Borg cluster scheduler, reducing global computing resource usage by 0.7% -- a significant cost saving at Google's scale. It also outperformed specialized AI like AlphaTensor by discovering a more efficient algorithm for multiplying complex-valued matrices. Additionally, AlphaEvolve proposed hardware-level optimizations for Google's next-gen Tensor chips.

The AI remains too complex for public release but that may change in the future as it gets integrated into smaller research tools.

An anonymous reader quotes a report from ZDNet: Would you believe Microsoft has announced a new Linux distribution service for its Azure cloud service? You should. For many years, the most popular operating system on Azure has not been Windows Server, it's been Linux. Last time I checked, in 2024, Azure Linux Platforms Group Program Manager Jack Aboutboul told me that 60% of Azure Marketplace offerings and more than 60% of virtual machine cores use Linux. Those figures mean it's sensible for Microsoft to make it easier than ever for Linux distributors to release first-class Linux distros on Azure. The tech giant is taking this step, said Andrew Randall, principal manager for the Azure Core Linux product management team, by making "Azure Image Testing for Linux (AITL) available 'as a service' to distro publishers."

ATIL is built on Microsoft's Linux Integration Services Automation project (LISA). Microsoft's Linux Systems Group originally developed this initiative to validate Linux OS images. LISA is a Linux quality validation system with two parts: a test framework to drive test execution and a set of test suites to verify Linux distribution quality. LISA is now open-sourced under the MIT License. The system enables continuous testing of Linux images, covering a wide range of scenarios from kernel updates to complex cloud-native workloads. [...] Specifically, the ATIL service is designed to streamline the deployment, testing, and management of Linux images on Azure. The service builds on the company's internal expertise and open-source tools to provide:

- Curated, Azure-optimized, security-hardened Linux images
- Automated quality assurance and compliance testing for Linux distributions
- Seamless integration with Azure's cloud-native services and Kubernetes environments Krum Kashan, Microsoft Azure Linux Platforms Group program manager, said in a statement: "While numerous testing tools are available for validating Linux kernels, guest OS images, and user space packages across various cloud platforms, finding a comprehensive testing framework that addresses the entire platform stack remains a significant challenge. A robust framework is essential, one that seamlessly integrates with Azure's environment while providing coverage for major testing tools, such as LTP and kselftest, and covers critical areas like networking, storage, and specialized workloads, including Confidential VMs, HPC, and GPU scenarios. This unified testing framework is invaluable for developers, Linux distribution providers, and customers who build custom kernels and images."

ZDNet's Steven Vaughan-Nichols marks Reddit's 20 years of being "the front page of the internet," recalling its evolution from a scrappy startup into a cultural powerhouse that shaped online discourse, meme culture, and the way millions consume news and entertainment. Slashdot is also given a subtle nod in the opening line of the article. An anonymous reader shares an excerpt: In 2005, if you were into social networks focused on links, you probably used Digg or Slashdot. However, two guys, Steve Huffman and Alexis Ohanian, recent graduates from the University of Virginia, wanted to create a hub where users could find, share, and discuss the internet's most interesting content. Little did they know where this idea would take them. After all, their concept was nothing new. Still, after Paul Graham, co-founder of Y Combinator, the startup accelerator and seed capital firm, had shot down their first idea -- a mobile food-ordering app -- they pitched what would become Reddit to Graham, and he gave it his blessing. Drawing inspiration from sites like Delicious, a now-defunct social bookmarking service, and Slashdot, Huffman and Ohanian envisioned Reddit as a platform that would combine the best aspects of both: a place for sharing timely, ephemeral news and fostering vibrant community discussions of not just technology, but any topic users cared about. Their guiding mission was to build "the front page of the internet," a simple, user-driven site where anyone could submit content, and the community, not algorithms or editors, would decide what was most important through voting and discussion. They deliberately prioritized user participation and conversation over flashy features or heavy editorial control.

What set Reddit apart from its early rivals was its framework. Instead of one large all-in-one interface, the site borrowed the idea from pre-internet online networks, such as CompuServe, of smaller sub-networks devoted to a particular topic. These user-created communities, "subreddits," quickly set it apart from other social platforms. As Laurence Sangarde-Brown, co-founder of TechTree, wrote: "This design allows users to delve into focused discussions, ask questions, and exchange ideas on a scale unmatched by other platforms." That approach was not enough, though, to kick-start Reddit. The founders had to "fake it until they made it." They seeded the site with fake accounts to make it appear more active. Their efforts paid off, as real users soon flocked to the platform. Another crucial early change was when Reddit merged with Aaron Swartz's Infogami and introduced commenting. This move was vital for laying the groundwork for the site's interactive, community-driven experience. [...]

So, where does Reddit go from here? We'll see. Reddit's legacy is one of transformation: from a scrappy startup to a global hub for conversation, collaboration, and sometimes controversy. As it celebrates 20 years, Reddit remains a testament to how important online communities can be in a world increasingly filled with AI slop. Still, Huffman believes Reddit's true value is coming. In a recent Reddit post, he wrote: "Reddit works because it's human. It's one of the few places online where real people share real opinions. That authenticity is what gives Reddit its value. If we lose trust in that, we lose what makes RedditReddit. Our focus is, and always will be, on keeping Reddit a trusted place for human conversation." Huffman concluded: "The last 20 years have proven how powerful online communities can be — and as we look ahead, I'm even more excited for what the next 20 will bring."

"A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver," reports The Hacker News: Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint.

The vulnerability was first flagged by ReliaQuest late last month when it found the shortcoming being abused in real-world attacks by unknown threat actors to drop web shells and the Brute Ratel C4 post-exploitation framework. According to [SAP cybersecurity firm] Onapsis, hundreds of SAP systems globally have fallen victim to attacks spanning industries and geographies, including energy and utilities, manufacturing, media and entertainment, oil and gas, pharmaceuticals, retail, and government organizations. Onapsis said it observed reconnaissance activity that involved "testing with specific payloads against this vulnerability" against its honeypots as far back as January 20, 2025. Successful compromises in deploying web shells were observed between March 14 and March 31.
"In recent days, multiple threat actors are said to have jumped aboard the exploitation bandwagon to opportunistically target vulnerable systems to deploy web shells and even mine cryptocurrency..."



Thanks to Slashdot reader bleedingobvious for sharing the news.

Exposure-management company Tenable recently discussed how the MCP tool-interfacing framework for AI can be "manipulated for good, such as logging tool usage and filtering unauthorized commands." (Although "Some of these techniques could be used to advance both positive and negative goals.")

Now an anonymous Slashdot reader writes: In a demonstration video put together by security researcher Seth Fogie, an AI client given a simple prompt to 'Scan and exploit' a web server leverages various connected tools via MCP (nmap, ffuf, nuclei, waybackurls, sqlmap, burp) to find and exploit discovered vulnerabilities without any additional user interaction

As Tenable illustrates in their MCP FAQ, "The emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns." With over 12,000 MCP servers and counting, what does this all lead to and when will AI be connected enough for a malicious prompt to cause serious impact?

A thought experiment involving a cat trapped in a steel box with a potentially lethal device, first proposed by physicist Erwin Schrodinger in 1935, remains at the center of scientific and philosophical debate as it marks its 90th anniversary.

The paradox, initially published in a technical review of quantum mechanics, presented a scenario where a cat could theoretically exist in a superposition of states -- both alive and dead simultaneously -- until observed, highlighting profound questions about quantum reality. "Schrodinger understood that under no circumstances could his cat be considered to be both alive and dead at the same time," science writer Jim Baggott noted in a recently published essay. Baggott co-authored "Quantum Drama: From the Bohr-Einstein Debate to the Riddle of Entanglement" in 2024.

The thought experiment gained cultural traction largely through science fiction writer Ursula Le Guin's 1974 short story "Schrodinger's Cat," which wrestled with the paradox's philosophical implications. This sparked widespread appearances across literature, film, and television.

The paradox continues to divide physicists between those accepting quantum mechanics as a mathematical framework for prediction and others, like Einstein and Schrodinger himself, who considered the theory fundamentally incomplete.