Vista elenco

Ricevuto — 11 Giugno 2026 Sicurezza

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

✇The Hacker News
di: Swati Khandelwal
11 Giugno 2026 ore 22:29
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a

Anthropic recruits army to sell Claude to nonprofits

✇The Register
11 Giugno 2026 ore 21:29
AI may or may not be pushing lots of people out of the workforce, but Anthropic has good news as the Claude creator is creating temporary positions to promote the adoption of AI, even as CEO Dario Amodei ponders policy interventions to counter "job displacement." The AI biz has announced the launch of Claude Corps, a $150 million program that will pay 1,000 Claude Corps Fellows $85,000 (plus benefits and a token budget) for one year to help advance the missions of nonprofit organizations using generative AI. Meanwhile, the tech industry continues to take on debt to build datacenters while balancing its books by shedding employees. According to job search biz TrueUp, the tech sector this year has averaged 935 layoffs per day, up from 674 per day in 2025. Anthropic's program debuts alongside the publication of Amodei's latest musing about his optimism "that, even in a world with AIs that are better than everyone at everything, humans can live lives of deep purpose and strive to build awe-inspiring and beautiful things." Claude Corps' stated goal is to provide host organizations with valuable tools and systems and to help participating fellows "build AI skills that will serve them in their careers" – however long those careers last until AIs are better than everyone at everything. There is, of course, no guarantee that AI will surpass human cognition or folly. But Amodei likes to talk about the idling of human labor, just in case, even if that sort of chatter fuels the firebombers. Anthropic says that it is announcing Claude Corps alongside its policy framework for dealing with AI's impact on work. The framework is titled "Policy on the AI Exponential," which is the same title Amodei used for his post. The policy's call for company-endorsed regulatory intervention is predicated on the claim that "AI is advancing at exponential speed," though the document cites no evidence of exponential capability gains and offers no time frame – a necessary variable to calculate periodic gains. Judging by AI model benchmark metrics, recent AI improvement has been incremental, a rate of advancement too timid to turn heads in the attention economy. Using data from Stanford HAI's 2026 AI Index report, even impressive gains such as AI model performance on the SWE-bench Verified benchmark rising from 60 percent to nearly 100 percent of the human baseline in a single year are not, by themselves, evidence of broad "exponential" progress across AI. Alarmism aside, Claude Corps will be funded and steered by Anthropic and implemented by computer education nonprofit CodePath, which will serve as the employer of record for fellows. The 12-month-long fellowships begin with "intensive training on using Claude in non-profit settings," augmented by five hours of additional training each week. Fellows are expected to use their remaining time coaching their respective nonprofits on the ins and outs of AI workflows. The gig comes with support from a CodePath mentor and office hours from Anthropic, which may prove useful for reactivating Claude accounts that have been suspended after triggering Claude's overly sensitive safety guardrails. Some 400 nonprofits are expected to host Claude Corps Fellows over the next 12 months, including Braven (job prep for low-income students), Code the Dream (coding education), and Heartland Forward (economic growth for middle America). "If Claude Corps works, we'll have a foundation for something much larger: a model for widening AI's benefits during a period of vast economic change," Anthropic says. And if not, as New Yorker cartoonist Tom Toro put it, "Yes, the planet got destroyed. But for a beautiful moment in time we created a lot of value for shareholders." ®

ShinyHunters hacked 100+ orgs by exploiting an Oracle PeopleSoft 0-day

✇The Register
11 Giugno 2026 ore 21:01
Data theft and extortion group ShinyHunters has exploited a critical Oracle PeopleSoft bug as a zero-day to compromise more than 100 organizations, including the University of Nottingham, across 300 vulnerable instances. A spokesperson for the cybercrime crew on Thursday told The Register that they exploited CVE-2026-35273 to break into the university’s PeopleSoft system and steal 40 GB of personal data and billing records belonging to hundreds of thousands of current and former students. ShinyHunters posted the UK university on its data leak site on Tuesday before publishing the stolen files later that same day, presumably because the school refused to pay the extortion demand. “University of Nottingham on our leak site is one of the first publicly confirmed incidents,” a ShinyHunters spokesperson told us. “We have only just started outreach to affected orgs and are actively looking to reach an agreement with affected orgs.” They didn’t say when they planned to post the other 100 or so claimed victims. A Google threat intelligence report published Thursday afternoon corroborated ShinyHunters’ claims to have compromised more than 100 organizations. Google said it spotted malicious activity, “consistent with the exploitation of CVE-2026-35273,” between May 27 and June 9, and notified more than 100 global orgs “whose IP addresses correlated with potentially vulnerable endpoints." Most of these, we’re told, are based in the US and 68 percent are in the higher-education sector. PeopleSoft is a widely used enterprise software suite that large corporations and institutions use to manage their human resources, payroll and billing applications, supply chains, and student records. CVE-2026-35273 is a 9.8 CVSS-rated vulnerability that allows remote, unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools and fully take over the platform. On Wednesday, a day after ShinyHunters leaked the school’s data, the University of Nottingham confirmed the breach and Oracle issued an out-of-band security alert. It’s unclear, however, if the software provider has issued a patch to fix the security flaw. The Register reached out to Oracle, and did not receive any response to our questions. Google-owned Mandiant Chief Technology Officer Charles Carmakal, in a brief LinkedIn post on Thursday, warned that PeopleSoft was one of two zero-day vulnerabilities “actively being exploited in the wild.” “Oracle released mitigations,” Carmakal wrote. “Patches should come soon.” The other zero-day, for the record, is this Cisco Catalyst SD-WAN Manager vulnerability.®

Google's new open-weights model brings image-generation tricks to AI text generation

✇The Register
11 Giugno 2026 ore 20:31
The boffins on Google’s DeepMind team unveiled an experimental new language model this week that uses techniques originally developed for AI image generators to boost text output performance by as much as 4x when running on resource-constrained consumer hardware. It's free to download and you can run it with just 18 GB of DRAM or VRAM. The model, codenamed DiffusionGemma, is the latest addition to Google’s open weights model family. But unlike Gemma 4, which launched this spring, the 26 billion-parameter mixture of experts (MoE) model isn’t a large language model in a conventional sense. Instead, it’s actually closer to image models like Stable Diffusion or Flux. Rather than generating tokens one after another in an autoregressive fashion, DiffusionGemma generates entire paragraphs' worth of tokens at the same time. The process looks a lot like how a diffusion model turns what’s essentially static into an image through a series of denoising steps. As Google explains it, DiffusionGemma works by laying out a canvas of random tokens, and then refining them until the final output is reached. Compared to conventional LLMs, which are memory-bandwidth bound and require a lot of VRAM, diffusion models are a predominantly compute-bound workload, which is why the Chocolate Factory is positioning these models for local deployment. LLMs are autoregressive. During token generation, the model’s active parameters need to be streamed from memory for every token generated, making memory bandwidth a major bottleneck. In the cloud, inference providers balance compute and memory bandwidth by processing hundreds or thousands of requests in parallel. As you might have guessed, this isn’t something the average user running a local model on their notebook can do. However, many consumer products, like high-end graphics cards, have plenty of excess horsepower, which DiffusionGemma can take advantage of to boost output performance. Diffusion language models aren’t perfect. Google isn’t the first to explore this tech. Previous models, like DREAM or Mercury 2, demonstrated major speedups over conventional LLMs, but generally underperformed them in benchmarks for their size. DiffusionGemma doesn’t appear to be any different. According to Google, the 26 billion-parameter model falls just behind Gemma 4 12B in the GPQA-Diamond benchmark, with its main advantage being output speed, and even then it’s not as impressive as Google has made it out to be. The chart shows a roughly 2.25x speedup for DiffusionGemma over the 12B parameter LLM with speculative decode enabled. Compared to Gemma 4 26B-A4B, the speedup is nearly 4x when running a single Nvidia H100. DiffusionGemma is being released as an experimental model rather than an enterprise focused one, like we saw with Gemma 4. The model is available for download on popular model repos like Hugging Face under a highly permissive Apache 2.0 license with support already merged into popular inference engines like vLLM, MLX, and HF Transformers, with support for Llama.cpp coming soon. While local inference has largely been the domain of AI enthusiasts, companies like Google are increasingly leaning on the tech to cut cloud costs associated with their AI services. As you may recall, back in May, Google quietly began shipping a small LLM with its Chrome web browser. ®

Microsoft's worst 'Nightmare' unleashes BitLocker bypass 0-day

✇The Register
11 Giugno 2026 ore 19:51
Nightmare Eclipse, the prolific zero-day vulnerability hunter with an axe to grind against Microsoft, released yet another exploit late Wednesday that the researcher claims will spawn a command prompt that provides total access to the BitLocker volume. This bug, called GreatXML, was “an accidental discovery,” according to the researcher, who said it only took four hours to find. They claim this exploit (published on GitHub and Git-based code-hosting platforms) can bypass BitLocker on any system that has ever run a Microsoft Defender Offline scan at any point in the past. GreatXML comes just a day after Nightmare released exploit code for RoguePlanet, which allows local privilege escalation and leads to SYSTEM-level control over an affected machine. This brings the researcher’s zero-day count to eight. The earlier six - RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma - all have patches as of this week’s Patch Tuesday event. Redmond on Wednesday told The Register that it is aware of RoguePlanet, and “actively investigating the validity and potential applicability of these claims.” The Windows giant didn’t immediately respond to our inquiries about GreatXML, including when it planned to issue a patch. Microsoft has said none of the vulnerabilities were reported via its official channels prior to being made public. The company also banned Nightmare’s earlier GitHub account, and seemingly threatened legal action before dialing back its rhetoric after steep backlash from the security community. Nightmare Eclipse, who some researchers suggest is an ex-Microsoft employee, harbors a very personal grudge against the Windows giant and its communications with bug hunters. They have promised to keep the zero-days coming, but waffle on the timing. Last month, the researcher pledged a big July 14 drop: “I will make sure your bones are shattered that day,” and then added, “nothing will be released this June (or maybe I will release smtg, depending on circumstances).” On Tuesday, they changed course. “I will be unable to mass disclose zerodays in July 14th, RoguePlanet took way more time than expected and truly drained me. I might take a break but I can't say for sure what I will be doing for next month, maybe it's nothing, maybe it's smtg.” A day later, Nightmare released the “accidental” GreatXML BitLocker bypass. According to the researcher, the BitLocker bypass first requires copying “unattend.xml” and the “Recovery” directory to the root of the recovery partition. The next step is rebooting into WinRE by Shift-clicking Restart. “If everything was done correctly, a shell with unrestricted access to the bitlocker volume will spawn,” Nightmare wrote. Also, if the scan hasn’t even been initiated on the Windows system, first you’d need to either log in and initiate it, or “figure out a way to boot into WinRE in offline scan state.” Security sleuth Will Dormann followed Nightmare’s steps to reproduce GreatXML, and said the writeup seems “flawed.” In his testing, Dormann said the command prompt appeared the next time a Defender Offline scan ran. “And in order to trigger a Microsoft Defender Offline scan, you both need to be logged in to Windows, and also have admin credentials,” he wrote on social media. “And if you've already got that level of access, you can just turn off bitlocker.” “The writeup for GreatXML suggests that the prerequisite is that Windows Defender Offline has been executed at some point in the past,” Dormann added. “And that after planting two files in WinRE, all you need to do is [Shift]-reboot into WinRE, and Windows will automatically go into Microsoft Defender Offline scan mode. But this is not the case in any of the 3 lineages of Win11 that I have handy.” ®

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

✇The Hacker News
di: Swati Khandelwal
11 Giugno 2026 ore 19:46
Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and location pins that the agent executed without the victim ever seeing them. Varonis built a test agent on

New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files

✇The Hacker News
di: Ravie Lakshmanan
11 Giugno 2026 ore 19:43
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this," the researcher said in a post on Blogger. "If you ever attempted to use Windows Defender Offline Scan, you're

Hand-cranked AI box lets you get a workout while you wait for answers

✇The Register
11 Giugno 2026 ore 19:21
Datacenters got you down? Worried that even the most innocuous questions will spin up AI models running in water-guzzling, energy-sucking, planet-destroying hyperscalers? You need CrankGPT. No, we’re not talking about surrendering to AI psychosis: we’re talking about a literal hand-cranked machine loaded with a voice agent that can respond to questions and even translate speech into other languages, provided someone keeps the power flowing. There’s an onboard custom-built capacitor board to store some juice, mind you, but it only provides around 20 seconds of crank-free runtime before you’ve gotta keep crankin’ to keep it alive. That, and it takes a bit of time to get it running - according to the documentation website, it’s a 30-second process “from the moment you start cranking to the moment you’re having a conversation with CrankGPT.” According to the AI expert duo behind the device, computer scientist Katrin Tomanek and former Google Advanced Technology and Projects Group technical project lead Alex Kauffmann, CrankGPT still delivers impressive results despite the need to perform some hard physical labor for your tokens (though we’d argue some exercise for your AI might not be a bad thing). “Asking Claude to add two numbers for you is like swatting a fly with a wrecking ball,” Kauffmann told The Register in an email. This tongue-in-cheek demonstration, Kauffmann said, may be a bit of light fun, but it’s an exercise in demonstrating what his and Tomanek’s AI company, Squeez, is all about: small, private specialized AI models that, in a pinch, might not even need very much energy or a connection to the web to operate. “Squeez produces customized, efficient, and private models that can run on small, inexpensive hardware to solve specific problems,” Kauffmann explained, citing tasks like voice recognition for someone with a strong accent or speech impediment, or specially-trained, local AIs that are subject matter experts in topics like gardening or auto repair, but won’t touch subjects outside their wheelhouse. Contrary to the flashy dot-com for CrankGPT the pair have set up, Kauffmann told me, Squeez has no plans to pursue spin cycle class-powered AI stacks for dev teams, though he said if anyone wants to foot the bill, he'd be happy to give it a shot. "Off-the-shelf bike generators are shockingly expensive and they're fussy to build," Kauffmann said. Still, "a good biker can maintain a steady 120W output, so a class of twenty could power a Blackwell." Speaking of wheelhouses, what’s inside that box? If there’s a tiny computer in a 3D-printed box with a crank attached, there’s a good possibility it’s going to be a Raspberry Pi, and that’s the case here. CrankGPT’s brain is built on a stock RPi 5 with 8 GB of RAM and a cooling fan HAT, and audio input and output are handled by a dedicated I/O HAT designed for voice assistants running RPis. Power comes from the aforementioned crank, which is actually an off-the-shelf 20W switchable voltage hand crank unit built for emergency USB device charging, and is stored in the custom capacitor unit the duo built. “The neatest part of the whole thing is that you can actually feel the inference,” Kauffmann told us. “The amount of resistance the crank presents varies depending on the amount of work the board is doing, so when it's really working (generating words for instance), the crank becomes much harder to turn than when it's idling waiting for you to say something.” As for software, the device is running the most stripped-down, bare bones instance of DietPi the pair could compile, which is able to boot into a functional userspace in about three seconds. The voice agent is the truly original piece of work done for the project, as detailed in the documentation page, and was built entirely from scratch. “We wanted to understand the system end to end and have as few dependencies as possible,” the documentation page notes. It’s available on GitHub for those interested in trying it out. Speech recognition is handled by the Moonshine automatic speech recognition engine, chosen for its speed, while text-to-speech synthesis is handled by Piper, chosen again for its low-resource edge inference capabilities. As for the models running on the thinking itself, there are a few that are behind CrankGPT, with Liquid LFM2 1.2B providing a general-purpose voice agent, and Gemma 3 1B being used for translation. CrankGPT can switch between translation and various prompts (e.g., general question answering and games like two truths and a lie) via a knob on the side of the enclosure. “It’s entirely configurable,” Kauffmann told us. “We added a couple of physical inputs (the knob, a button, a switch) to make experimentation easier.” Kauffmann added that he and Tomanek were surprised by how well the translation function worked. “We did no fine tuning, it's just a two-line prompt and it works really well for high-coverage languages,” he explained. While the demonstration focuses on audio prompts and responses, Kauffmann explained that the device supports all sorts of different models, with the only real limitation being inference time and the amount of hand cranking one wants to do to get their response. “We’ve generated images (small), made poetry (bad), and written code using the same setup,” the CrankGPT makers wrote in their documentation, all with “a hand crank, a little computer, and a small stack of speech and language models running locally.” If you’re interested in building your own CrankGPT model, keep an eye on the documentation page we linked earlier in this story, as Kauffmann told us he and Tomanek are planning to release all the plans and schematics in the coming days, while the aforementioned custom voice agent is already available for tinkering. “It's a pretty straightforward setup, the only tricky part is that SBCs like the Raspberry Pi will sometimes draw enough current to trigger a little generator's overcurrent protection,” Kauffmann told us. If you have a spare $300 lying around (that’s what Kauffmann estimates the RAM pricing surge has driven the build cost up to, from the $150 he spent when building CrankGPT last year), then you, too, may soon be able to build your own completely off-grid, standalone AI box so you can keep chatting with your favorite micro LLM if and when its bigger cousins knock the grid offline. ®

Graviton 5 impresses, but please, for the love of all that's holy, stop calling them 'AI chips'

✇The Register
11 Giugno 2026 ore 18:54
Amazon, along with the rest of the industry, has gotten so used to framing everything that happens through the context of AI that it has lost the plot on their Graviton chip lineup, and along with it their own credibility. Which is a shame, because it's actually a triumph of a chip. First, the Wall Street Journal breathlessly reported that Snowflake's $6 billion AWS commitment was "for agentic computing chips." Then AWS's own press release heralded the release of their latest chips "for the Agentic AI era." In both cases, they were referring to their Graviton line. You could be forgiven for thinking this was some kind of GPU. No, that's Trainium. (Technically, Trainium isn't a GPU, nor is it a CPU, but rather a systolic array. Don't worry; most AI engineering software doesn't know what the hell that is, either.) Graviton is AWS's general purpose Arm CPU, which can be used for AI in much the same way as Excel can be used as a database. But that's far from its only, or even primary, purpose. Let's dive into what Graviton actually is. Price / Performance / Reality For the longest time, Amazon refused to issue benchmarks, competitively positioning its then-nascent Arm line against Intel. Many of us thought this meant that the results would underwhelm — so you can imagine my surprise when real-world workload tests showed 35 percent to 40 percent better performance in a wide variety of situations. It was as if Amazon had built something amazing, but was somehow embarrassed to admit it. Those days are long behind us; they trumpet in the subhead of their announcement that Graviton 5 means "apps run 35% faster, ML inference is 35% faster, and databases are 30% faster." To their credit, I was expecting those numbers to be against something ancient, but in a refreshing bout of honesty, they're comparing them to Graviton 4, itself no slouch. They are also 9 percent more expensive. Once upon a time, new generations of AWS instances were notably less expensive than their predecessors. Going from a c4.large to a c5.large meant you'd get better performance, and the instance itself was a whopping 15 percent cheaper. Upgrading was a no-brainer! That started changing, and now upgrading means the instance becomes more expensive. AWS's position is that this is an incomplete analysis, since the improved performance means you'd pay less for a given workload. In some cases, this is correct, but in others, it's akin to saying that a Ferrari offers better price performance than my Honda CR-V because I can drive it to work three times faster. Logic, as well as traffic lights, disagree. Amazon's contention is correct for customers who have large fleets of nodes that they run at high degrees of CPU utilization. Switching those fleets to the new hotness will absolutely result in a price performance improvement, provided the workload and the stars both align. However, for customers who need a fixed number of nodes (think database companies, who offer each customer of theirs a set number of replicas, or workloads of the form "each environment gets three nodes, one in each AZ"), this represents a pure 9 percent price hike going from old generations to new ones. That puts many customers in a pickle: upgrade to new instance families, or stay on the old ones and watch availability become constrained in the coming years as AWS stops racking old chips. (Hi, Amazon PR! If you're about to pop into my inbox to tell me that won't happen, I have a customer I'd love for you to have a chat with!) But this price hike isn't happening in a vacuum. It's happening against a backdrop of "an 8GB Raspberry Pi is now $175, over twice its launch price of $85." Components have become fiendishly expensive across the board as giant companies compete for capacity, and AWS has to be feeling that pressure. Two companies each asked to buy all of AWS's Graviton capacity for the year; AWS clearly has room to kick their prices into the stratosphere! Somehow, they're not only resisting the siren song of "please gouge me, business daddy," but also managing to keep availability strong for customers of all stripes; I upgraded my developer node in my tiny unremarkable AWS account yesterday, and it Just Worked. And so... Despite the nonsense marketing, I don't want to detract from just how amazing Annapurna Labs (Amazon's chip division) has been at churning out wildly performant silicon year over year. Their chips are legitimately great, and the Graviton 5 numbers are a triumph. Lost against the backdrop of "Agentic AI," the stuff underpinning all of it continues to work, improve, and largely pass by unremarked. Keep going. ®

ZTE wins three Selular Award 2026 honors for AI-powered network innovation

✇The Register
11 Giugno 2026 ore 18:45
ZTE has won three prestigious awards at Selular Award 2026, held on June 8, 2026, at Menara Peninsula Hotel, Jakarta. The awards recognize ZTE's contributions and innovations in advancing artificial intelligence (AI)-powered network technologies amid the acceleration of digital transformation and 5G development in Indonesia. ZTE's contributions to advancing AI-powered network innovation have been recognized by Selular Media Network (SMN), a leading telecommunications and technology media organization in Indonesia, through three awards at Selular Award 2026. ZTE received honors in the categories of Best AI Technology Fixed Wireless Access, Best AI Network Ecosystem, and Best Native AI Baseband. These awards reflect ZTE's capabilities across network access, ecosystem development, and core infrastructure, further strengthening its position as a technology partner supporting digital transformation and the evolution of AI-driven networks in Indonesia. The Selular Award is an annual appreciation program organized by Selular Media Network (SMN) to recognize outstanding achievements and contributions across Indonesia’s ICT and digital technology industry. As the first and most consistent telecommunications industry award since 2003, the Selular Award serves as a benchmark for excellence, honoring companies and brands that demonstrate innovation, strong performance, and meaningful contributions to Indonesia’s digital transformation. Through this award, the public and business community can identify industry leaders that continue to create value and drive progress in the digital ecosystem. This year's Selular Award carries the theme "Leading The Future: Building Exponential Value in 5G-Advanced and AI Economy", highlighting the convergence of AI and 5G-Advanced as key drivers of digital economic growth. Kevin Fang, Marketing Director of ZTE Indonesia, said: "Digital transformation today is no longer driven solely by connectivity, but also by the ability of networks to operate more intelligently, efficiently, and adaptively. Through the AI-powered innovations we have developed—from broadband access to core infrastructure—ZTE is committed to delivering network solutions that are ready to meet connectivity demands in the AI and 5G-Advanced era. These awards motivate us to continue delivering meaningful innovations that create value for the industry, our customers, businesses, and society." Indonesia's telecommunications industry is currently entering a critical phase in its digital transformation journey. According to the e-Conomy SEA 2025 report by Google, Temasek, and Bain & Company, revenue from AI-powered applications in Indonesia grew by 127% year-on-year, the highest growth rate in Southeast Asia, with 80% of users interacting with AI applications daily. This momentum reflects the growing demand for network infrastructure that is not only fast and reliable but also capable of supporting AI workloads. On the infrastructure side, GSMA Intelligence projects that 5G investment in Indonesia could contribute up to USD 41 billion to the national GDP between 2024 and 2030. This projection highlights the strategic role of 5G as a connectivity foundation that supports digital transformation and the growth of the digital economy. At the same time, the increasing adoption of AI and data-driven services is driving demand for networks that are faster, more reliable, and capable of handling greater capacity. As part of its commitment to supporting these developments, ZTE continues to deliver innovations across the entire network technology value chain, from broadband access to core infrastructure. On the access side, ZTE provides AI-powered Fixed Wireless Access (FWA) solutions designed to expand high-speed connectivity more efficiently and flexibly. The solution serves as a strategic approach to supporting broadband inclusion while addressing the growing demand for connectivity across different regions. In addition, ZTE is building an open ecosystem that integrates AI, connectivity, cloud computing, and various digital technologies within a collaborative framework involving operators and enterprises. At the core infrastructure level, ZTE embeds AI capabilities natively into the baseband, the key component responsible for network signal processing. By integrating AI directly into the baseband from the design stage, networks can analyze, optimize, and adapt operations more intelligently and in real time. This approach enables more autonomous and efficient network operations while preparing networks for the demands of the 5G-Advanced era. Moving forward, ZTE will continue to deepen collaboration with operators, enterprises, and industry partners in Indonesia while strengthening its technology portfolio, ranging from wireless access solutions and optical transport to data center infrastructure and telecommunications energy solutions. In line with Indonesia's vision of becoming one of Southeast Asia's leading digital economies, ZTE remains committed to accelerating the nation's digital transformation through AI-driven innovation, intelligent connectivity, and next-generation network technologies that benefit more industries and regions across the country. Contributed by ZTE.

The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

✇The Hacker News
di: Ravie Lakshmanan
11 Giugno 2026 ore 18:50
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis). According to a detailed report

Trump phone has HTC guts. Tremendous guts. The best guts

✇The Register
11 Giugno 2026 ore 18:13
It won't be making smartphones great again. The long-awaited Trump-branded smartphone has finally arrived, and it appears to be exactly what many suspected: an existing handset in gold drag. Repair biz iFixit got its hands on the Trump Mobile T1 after the device became available in May, and its teardown found the model is essentially an HTC U24 Pro with cosmetic tweaks and a Trump-friendly gold finish. It was almost exactly a year ago that the Trump Organization unveiled the Trump Mobile cellular service and heralded the coming of the T1 Phone, described as "a sleek, gold smartphone engineered for performance and proudly designed and built in the United States." Few expected the gilt gadget to live up to that promise, as there are effectively no mass-market smartphones built in the US, with the possible exception of Purism's Liberty Phone, which is priced at a challenging $1,999 for those who absolutely must have a smartphone made outside China. Despite accepting $100 deposits to pre-order the coveted handwarmer, Trump Mobile failed to deliver the device by August last year, as promised, and many started to believe it would never show up. But it arrived this May amid claims that the Trump Mobile website was leaking customer data to anyone who sent an HTTP POST request. The nerds at iFixit passed the Trump Phone through a CT scanner alongside an HTC U24 Pro to confirm that the internals of the two devices are almost an exact match. They even went so far as swapping the main board of the T1 for that of the HTC phone, and showed that it not only fits, but the phone still works. One difference iFixit noted is that the multichip package housing the 12 GB of LPDDR5 memory and 512 GB of storage is from Micron, whereas the corresponding package in HTC's phone is supplied by SK hynix. The HTC U24 Pro is a mid-range smartphone that was launched almost exactly two years ago in June 2024. It is based on the Qualcomm Snapdragon 7 Gen 3 platform, has a 6.8-inch display, and came with Android 14 at launch, whereas the Trump phone features Android 15. In other words, it's a fairly unremarkable smartphone, sprayed gold and marketed to Trump fans for a promotional price of $499. To be fair, as iFixit makes clear, this is not a bad price for a device like this, so aureate wannabes are not being overcharged here. But as iFixit also makes clear, the device may be assembled in Florida, but it was designed in China and the vast majority of its parts have been sourced from and made in China as well. ®

VRChat says somebody faked a breach notice with the Maine AG's office

✇The Register
11 Giugno 2026 ore 18:01
UPDATED Following notes from several readers, we followed up directly with VRChat on Thursday at 1945 GMT and they told us that the Maine Attorney General's office apparently posted a fake breach report. According to an email from VRChat's head of community, Charles Tupper, "VRChat did not submit this Notice of Data Incident, and the employee/email cited does not exist. We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General's office to have this removed." In an effort to get to the bottom of this, The Register dialed the phone number on the report as well, but it connected to a line that is not in service. We also tried emailing the address on the report and got no reply. We could find no record of a Scott Caruso affiliated with VRChat. We apologize for the error, but generally speaking, government data breach reports are considered reliable. The fakers apparently even created a false notice that VRChat ostensibly sent to customers! If anybody knows who filed this apparently fake report and why, get in touch through our contact page, or through our secure tipline. The original story is below: Online chat platform VRChat says a recent cyberattack compromised the data belonging to nearly 2.5 million users. It confirmed the “data security incident” in a report filed with Maine’s attorney general, but has not disclosed it via public channels. The company’s report confirmed that its cloud environment was accessed between May 10-12, with the unauthorized intruder making off with information concerning 2,436,782 users. This included VRChat usernames, email addresses, whether a user was a VRChat+ subscriber, login histories (including device, hardware identifiers, and IP addresses), and Steam or Meta user IDs. It does not believe passwords, credit cards or other payment information, or government IDs used for age verification were affected. “VRChat sincerely regrets that this security incident occurred,” the company stated in its disclosure. “We understand that trust between our platform and its community is earned through consistent action, and we take full responsibility for the concern this event has caused. “The security and privacy of our players' information remain our highest priority, and we are committed to doing everything within our power to protect it.” VRChat said that after it was made aware of the intrusion, it contained the threat and implemented additional security controls, as well as engaging outside security experts. And in an unusual move for US breaches, the San Francisco-based company did not offer identity theft or credit monitoring services. Offering these kinds of services is not a legal requirement, but doing so is highly common, especially regarding attacks that affect so many individuals. VRChat does not publish the total number of registered users that it has on its books, but its documentation states that “the platform has grown to millions of users,” who have collectively published tens of millions of unique pieces of content for it since its first release in 2014. The part game, part chat platform is an online, open-world chatroom where people walk around interacting with one another via their 3D avatars. It has been compared to Second Life in that users explore other users' worlds, play mini-games, and partake in casual chit-chat, with support for both virtual reality headsets and conventional PCs. You can also think of it as something similar to Meta’s vision for the metaverse, just without all the coworking and KPI meetings, and with way more users. ®

Cost per sample? Try cost per attempt

✇The Register
11 Giugno 2026 ore 17:53
This article is aimed at bioinformatics platform leads, ML infrastructure engineers, and genomics budget owners who are now running GPU-accelerated workflows in the cloud. It's about a hidden cost problem that almost every genomics infrastructure team is paying for — and very few are actively measuring. The observations here are specific to short-read sequencing workflows, which remain the dominant data type in production genomics environments. Short-read sequencing pipelines, standard in next-generation sequencing (NGS) workflows, used to be CPU-heavy. You'd run them on a cluster, they'd grind through alignment and variant calling over hours, and the bottleneck was CPU throughput. GPU acceleration wasn't the story. That has changed. AI-driven variant calling, GPU-accelerated alignment tools like Parabricks, and deep learning models running on top of sequencing data have all moved toward the GPU, which means teams are managing serious GPU infrastructure for the first time. The cost model that comes with GPU cloud differs sharply from CPU clusters, and people are bringing CPU-era assumptions about pipeline reliability and cost accounting into a GPU environment. That mismatch is costing them. We work with a lot of these teams, and when we ask about infrastructure costs, they almost always lead with the same number: cost per sample. That's what gets reported upward, what sits in the budget. What that number hides is where things get interesting. When pipelines fail A typical short-read germline variant calling pipeline has maybe ten to 15 distinct processing steps. You start with raw FASTQ files off the sequencer, run quality control, alignment, duplicate marking, base quality score recalibration, variant calling, annotation — each step hands off to the next. These pipelines mostly run on workflow managers like Nextflow or Snakemake, which do have built-in mechanisms for resuming failed jobs. Nextflow has a flag designed to let you pick up from step eight of 11 rather than restarting from scratch. In principle, that's exactly the right solution. In practice, the problem is configuration. For that flag to work, Nextflow needs to find its cache directory — the folder that records which steps completed successfully. If the solutions architect set up the compute environment without properly configuring persistent disk space for that cache, the file isn't there when you need it, and the pipeline restarts from step one anyway. That's a setup failure rather than a tool limitation, but the result is the same: you've paid for compute you didn't get output from. When a large task fails mid-execution rather than at a clean step boundary, even proper checkpointing won't save you, because the task has to be rerun in full. A problem difficult to measure Genomics teams working with Nebius consistently report that 15 to 40 percent of their pipeline runs hit at least one failure and restart before completion. Pinning the figure down precisely is hard, and we have no definitive numbers that reflect the reality here. The range is wide because it depends heavily on how mature the infrastructure setup is. Teams with well-configured environments sit at the low end; teams newer to GPU cloud, or running on spot instances with higher interruption rates, sit at the high end. What makes this invisible is that if your metric is cost per completed sample, a failed run that eventually completes still looks like one sample at normal cost. The retry disappears from the number that gets reported. For example, a GPU-accelerated whole genome sequencing pipeline — germline variant calling — takes roughly two GPU-hours on an H200. At current on-demand rates that's about $9 of compute per sample, and that's the visible cost. Now apply a 25 percent failure rate — toward the conservative end of what teams report. For every four samples you complete, one run failed, restarted, and ran from the beginning. Your real cost per completed sample isn't $9 anymore — it's $11.25, a 25 percent hidden markup. Scale that to a team processing 2,000 samples a month: the visible compute bill says $18,000, but the real cost is $22,500. That's $4,500 a month — $54,000 a year — in compute that produced no output. For a mid-size genomics team, that's a meaningful fraction of the cloud budget, and it shows up nowhere as waste. That's before you touch storage. The hidden costs The storage picture is more nuanced than people expect. A standard whole genome generates roughly 200 gigabytes of raw FASTQ data, but that's the uncompressed figure. In practice, almost everything going into cold storage is compressed, typically down to around 30 gigabytes per sample, so the storage cost per sample is quite manageable. Where it gets complicated is retrieval. When you want to reanalyze archived samples — say, running a new cohort through an updated pipeline — you pull those compressed files back, and your infrastructure then needs to decompress them. That 30-gigabyte compressed file expands to 200 gigabytes, which means you need the disk space and memory headroom to handle the expansion. If the environment wasn't sized for it, you get failures or severe slowdowns at the decompression step, which becomes another category of hidden cost that's rarely accounted for up front. In cancer research, the numbers are much larger. Somatic mutation calling runs at 60x to 100x sequencing depth, so 600-gigabyte FASTQ files aren't unusual. Everything I've described scales accordingly. The key point: retrieval from cold storage always has a cost, regardless of where your compute lives relative to your storage. Some platforms charge for data egress between regions on top of that. Either way, the teams that haven't modeled their reanalysis frequency as a real line item are almost always surprised when they do. Tracking, tracking and tracking... Bioinformatics engineers know the failure rates, because they're the ones watching jobs fail at 2am. But by the time the numbers roll up to whoever controls the budget, it's just "cloud costs." There's no line item for "compute we paid for and got no output from." Cloud billing by service and instance type doesn't surface this. You see your GPU compute spend, your storage spend, your egress. You don't see "20% of your GPU spend this month was on runs that didn't complete." That decomposition requires deliberate instrumentation, and most teams haven't built it yet. What teams should measure instead of cost per sample Teams should measure a few things instead. First, completion rate: the percentage of pipeline runs that complete without failure or restart. That's your pipeline reliability score, directly linked to compute waste. Second, cost per attempted sample versus cost per completed sample. If those numbers are meaningfully different, you have a problem worth fixing. Third, storage retrieval frequency and the infrastructure overhead of decompression: how often you're pulling archived data back, and whether you've properly sized the disk and memory headroom for it. This is the gap between what looks cheap in the storage bill and what it costs to use the data. One thing genomics infrastructure teams should do differently starting this week Instrument your pipeline failure rate, right now, before anything else. The number itself doesn't fix anything, but it makes the problem visible. Once you can show that 15 or 25 percent of your compute spend is going toward runs that restart — with real dollar figures attached — the conversation about fixing the underlying infrastructure becomes easy to have. People move fast when they can see the waste. Everything else follows from that — better checkpointing configuration, smarter storage architecture, more stable compute — but you have to see the problem first. Discover the breakthroughs shaping the future of AI in healthcare and life sciences. Visit https://nebius.com/solutions/life-sciences-and-healthcare to learn more and register for the 2026 AI Discovery Awards ceremony: nebius.com/ai-discovery-award. Anastasia Raskolova Anastasia is a senior product manager for healthcare & life sciences at Nebius, where she focuses on infrastructure product for drug discovery and clinical AI workflows. Before that, she spent her career building ML products across computer vision, recommendation systems, and generative AI — and stays grounded in the clinical reality through volunteering in the Emergency Department at Massachusetts General Hospital. Contributed by Nebius.

Apple gives Mac devs a WSL-ish thing to call their own

✇The Register
11 Giugno 2026 ore 17:46
HANDS ON At WWDC this week, Apple introduced container machines, which are persistent virtual machines running Linux, bearing some resemblance to Windows Subsystem for Linux (WSL) on Microsoft's operating system. Developers using macOS, as with those on Windows, face the problem that most applications are deployed to Linux, creating a mismatch between the development machine and the deployment target. The friction is less for macOS, which, like Linux, is Unix-like, but still exists. Apple's solution builds on the Container project previewed at WWDC last year. Version 1.0 was released at this year's WWDC, complete with the new container machine feature. The project uses standard Open Container Initiative (OCI) containers, and both the containers and container machines run on lightweight virtual machines (VMs), giving strong isolation. On Windows, WSL is an important tool for developers. Could container machines have a similar impact for Mac devs? There is potential, but Apple has work to do both on features and documentation, and the project is tucked away on GitHub rather than being presented as part of macOS. The code is written in Swift and is open source on GitHub under the Apache 2.0 license. It uses another Swift package called containerization, which is also open source. We tried a brief hands-on, installing the 1.0 release from the GitHub release package on Tahoe 26.5.1. Only macOS 26 is supported. The name "container machine" is intended to convey that the feature combines both a container and a VM. The feature uses Apple's native virtualization framework, and the command line interface integrates well with macOS. Once installed, the command container machine run will open a terminal in the default container machine. Another option is to run a command such as container machine run uname -a, which will execute in the default container machine but without leaving the macOS shell. Once installed, the command container machine create is enabled, though only containers that include the /sbin/init system initialization program will work. Many container images designed for running applications, rather than being used for persistent VMs, do not include this. The solution is to build a custom container image from a Dockerfile, for which the documentation now includes examples. We used the Dockerfile supplied in a tutorial that sets up a container machine based on Ubuntu 24.04 with the Swift SDK included, followed by the steps to develop using Visual Studio Code running on macOS and connecting to the container machine via VS Code remoting. This worked and we were able to build a project on Linux and run it using VS Code and Safari on the Mac side, but debugging breakpoints were not hit. We tried again with a .NET project, for which debugging worked correctly. By default, a container machine mounts the macOS home directory with read-write permissions. This is great for accessing code or other assets from both macOS and the container machine, but not good for security. A rogue package installed on Linux, for example, could easily harvest credentials from a .ssh folder in macOS. This is configurable via the --home-mount argument. Setting access to "none" is more secure. The memory available to a container machine defaults to half the system memory. In our case that is 32 GB, but after launching the VM and starting PostgreSQL, the actual memory used, according to Activity Monitor, was only 1 GB. Additional memory is used on demand, but a limitation described in the technical overview is that memory cannot be released back to the host. In other words, memory usage will increase during use and can only be released by restarting the VM. WSL supports GUI applications via the X11 or Wayland graphic systems. An issue raised by a user about GUI applications in containers was closed on the basis that developers can install XQuartz, a project for running the X windows system on macOS, and then use container-to-host networking to connect, though we did not try this. GUI support appears not to be a goal of the project. Mac developers already have many ways to run Linux containers or VMs, including the mature ecosystem around Docker, Podman, Colima, UTM, VirtualBox, and OrbStack, to mention some contenders, as well as the option of using SSH to connect to a remote Linux VM. That means Apple has some work to do to establish its native container tools, and now container machines, as serious alternatives. On the plus side, the system is lightweight, aside from the inability to release memory, and performed well in our quick hands-on. A WWDC video has further details, alongside the documentation on GitHub. ®

Race against re-entry: Swift's would-be saviour straps itself to a rocket

✇The Register
11 Giugno 2026 ore 17:28
NASA's sprint to save the Swift observatory has reached another milestone: Katalyst Space's LINK robotic servicing spacecraft is now installed atop its Pegasus XL launcher. The milestone came less than a year after the space agency awarded the rescue contract. The next step will be to attach the Pegasus XL to the Stargazer carrier aircraft (the last airworthy Lockheed L-1011 TriStar), which will carry it from NASA's Wallops facility to the Kwajalein Atoll in the South Pacific Ocean for launch. Launch is expected to occur later this month. The goal is to boost the Swift observatory, whose orbit is decaying faster than expected due to increased solar activity. Swift lacks thrusters to compensate for the problem, so a return to Earth in the coming months is inevitable without intervention. Engineers recently bought the vehicle a little extra time by orienting the spacecraft and reducing the science output, but there is precious little margin in the timelines. The mission is high-risk, and Swift has little to lose. However, if successful, the approach could extend the lifetimes of other craft, including the Hubble Space Telescope, which will also re-enter the atmosphere in the coming years without intervention. Although NASA rejected a proposal by its now administrator Jared Isaacman to reboost the observatory using a SpaceX Dragon spacecraft, if the mission to Swift is a success, the agency will have another, far less expensive, option to consider. Like Swift, Hubble's orbit is decaying, and there will come a point in the coming years when managers must decide whether to attempt to extend the life of the veteran observatory, devise a way of performing a controlled re-entry, or let nature take its course. Swift was one of the missions slated for the chopping block under proposed budget cuts, so a successful rescue would mark a remarkable turnaround. Extending spacecraft beyond their primary mission isn't unusual. ESA, for instance, just endorsed extensions for several veteran missions, including Mars Express, XMM-Newton, and SOHO. But a Swift-style orbital rescue is something altogether different, and one that operators of other spacecraft facing decaying orbits will be watching closely. ®

Apple version of Office 2019 becomes useless in a month

✇The Register
11 Giugno 2026 ore 16:32
If you use Office 2019 on a Mac, your software will soon stop working properly and there's nothing you can do but buy an upgrade. From July 13, 2026, Office applications on the Apple platform could lose the ability to edit, save, or create new files. Opening and printing will still work, but otherwise it's "reduced functionality mode" time, as Microsoft puts it. The problem is due to the expiration of the certificate used to validate the user's Office license, and it will affect both Microsoft 365 subscribers on macOS, iPhone, and iPad and non-subscribers. Affected software includes Office 2021 and 2019. The fix requires an update to macOS 12 or later, or iOS 17 on an iPad or iPhone, followed by an application update, which is where the problems could start. While updates are a way of life for Microsoft 365 subscribers, they aren't for everyone. Office 2021 users can manually update – support for that product ends on October 13, 2026 – but Office 2019 users are out of luck. Support ended on October 10, 2023, and, according to Microsoft, "Because Office 2019 cannot be updated to the required version, this issue cannot be resolved by updating or reinstalling Office 2019 for Mac." The solution? Perhaps a Microsoft 365 subscription? Or switch to using Microsoft 365 on the web? The issue doesn't affect Windows or Android devices, but it is galling for Apple users who purchased Office 2019 and will soon be sent to "reduced functionality mode" with no support from Microsoft. The lack of updates is understandable, considering that support ended years ago, but turning the application into little more than a viewer due to an expired license certificate seems like poor form. Users on social media have been understandably annoyed with the situation and Microsoft's stance. One wrote, they were "completely happy with Office 2019 and saw no need to upgrade to the latest version." But now they will. Or switch to a different vendor. "This is appalling from Microsoft, will definitely not be supporting them in the future." ®

Pour faciliter la modération de contenu, vous pouvez créer des listes de mo…

✇Framasoft - Toute l'actualité
di: Framasoft
11 Giugno 2026 ore 16:00

Pour faciliter la modération de contenu, vous pouvez créer des listes de mots à surveiller.

Tout commentaire contenant un de ces mots est automatiquement étiqueté et les vidéastes peuvent choisir de bloquer automatiquement ces commentaires ou de les modérer au cas par cas.

#PeerTubeTipOfTheWeek

Dutch chip startup claims all-European fab flow – with help from a very American friend

✇The Register
11 Giugno 2026 ore 15:26
Dutch semiconductor startup Qualinx is claiming a breakthrough of sorts in European sovereign manufacturing thanks to an end-to-end semiconductor fabrication flow it is using for its new satnav chips. The firm, a spin-off from Delft University of Technology, says it has demonstrated that security-critical chips for aerospace, defense, and critical infrastructure can be designed, manufactured, and delivered entirely within Europe. Tape-out of the Qualinx QLX3xx, a family of ultra-low-power Global Navigation Satellite System (GNSS) systems-on-chip (SoCs), represents the first step on the path toward a fully automated trusted European manufacturing flow, the company claims. But Qualinx is a fabless design shop and relies on a contract manufacturer to make the chips for it. In this case, it is GlobalFoundries (GF), an international business with its headquarters in the US – so much for sovereign manufacturing. The pair say that GF's Dresden fab is establishing a European manufacturing flow with funding from the European Chips Act. This will ensure that every step of the production process occurs within the EU, so that no sensitive design data leaves the region. "This first secure product demonstrates that a fully European manufacturing path – from mask services to wafer production – is already a reality today," said Qualinx CEO Tom Trill. Qualinx is perhaps placing an emphasis on security-critical chips because there are already European semiconductor firms that design and manufacture their own products, such as STMicroelectronics. And Reg readers with long memories will recall that the UK once had its own processor company in the shape of Bristol-based Inmos, which made the Transputer, manufactured at Newport Wafer Fab (NWF) in South Wales – now sold off to US chip biz Vishay Intertechnology. The Qualinx chip will be made using GF's FDX fully depleted silicon-on-insulator manufacturing process, which we understand is a 12nm node. While advanced, this is some way behind cutting-edge processes such as Taiwanese chip giant TSMC's 2nm N2 process, now in mass production. But there has been debate about whether Europe really needs cutting-edge fabs. The European Commission's new Digital Sovereignty package proposes a Chips Act 2.0 that would fund a sovereign "AI chip factory." But as the Center for European Policy Analysis (CEPA) points out, European chip demand comes mostly from the automotive sector and industrial applications, which rely on 28/22nm technology, not cutting-edge silicon. "We are demonstrating that Europe can rely on a secure, end-to-end semiconductor manufacturing flow that meets the highest requirements of aerospace and defense," stated GF SVP and general manager Dr Manfred Horstmann. "Our partnership with Qualinx marks the first operational milestone." ®

Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories

✇The Hacker News
di: Unknown
11 Giugno 2026 ore 15:26
Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that quietly close real gaps. Teams that stop incidents nobody reads about. Companies that raise the

Saisie au clavier des dates et heures dans framagenda

✇Framasoft - Toute l'actualité
di: fleur sur Framacolibri - Sujets récents
11 Giugno 2026 ore 15:24

Le nouveau sélecteur de dates et d’heures de framagenda empêche la saisie au clavier.
C’est pour moi une sacrée perte de temps et d’expérience utilisateur.
Serait-il possible de revenir à la version précédente, ou bien d’avoir une option pour choisir le sélecteur qui nous convient ?

3 messages - 2 participant(e)s

Lire le sujet en entier

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

✇The Hacker News
di: Ravie Lakshmanan
11 Giugno 2026 ore 15:20
It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials. The bigger problem is how polished this all looks now. Mule networks run like SaaS.

OpenAI could go from AI pioneer to AI's BlackBerry, says Forrester

✇The Register
11 Giugno 2026 ore 14:57
OpenAI may be headed for Wall Street, but one analyst firm is already warning enterprise customers not to get too attached. In a note published alongside OpenAI's confidential IPO filing, Forrester urged companies to keep their AI options open, arguing that today's market leader could easily become tomorrow's cautionary tale. "Don't lock into long-term contracts; keep your architectures flexible," the firm advised. "In fact, OpenAI could become AI's BlackBerry FIFO (First In, First Out). The company that defines a category is often the one most painfully displaced by it." The caution comes as OpenAI takes its first formal step toward a public listing. Alongside its confidential SEC filing, the company published a roadmap built around three ambitions: AI systems that can accelerate research, AI that boosts economic growth, and eventually a personal AGI assistant for everyone. Forrester was more interested in a fourth question: what happens if OpenAI doesn't stay on top? The firm argues that OpenAI faces what it calls a "trifecta" of challenges: persuade consumers to use its agents instead of rivals', convince enterprises to build around its technology, and stay ahead in the race toward AGI. The enterprise battle may prove the most lucrative. "Whoever automates the dull, expensive middle of a company's operations first becomes the system of record everyone else has to rip out — and almost no one does,” Forrester said. In other words, the first company to get AI agents woven into day-to-day business processes stands a decent chance of becoming yet another piece of software that everyone complains about, but nobody can remove. However, Forrester's advice is that, rather than standardizing on a single provider, enterprises should "anchor to the capability you need — not the brand that got there first — and keep your switching costs low." The warning also comes as OpenAI reportedly weighs cutting prices to fend off growing competition from rivals, including Anthropic. If the AI market is heading for a price war, enterprises may want to think twice before chaining themselves to a single supplier. Forrester also notes that a public listing could provide customers with something they currently lack: visibility into OpenAI's finances. Once public, the company would be required to disclose far more information about the cost of training and operating its models, giving enterprise buyers a clearer picture of the economics behind the AI systems they increasingly depend on. For now, OpenAI remains the company that helped define the generative AI era. Whether it becomes the next Google, the next Microsoft, or AI's answer to BlackBerry is a question investors will soon be paying very close attention to. ®

Oracle's AI datacenter splurge gives investors the capex jitters

✇The Register
11 Giugno 2026 ore 14:40
Oracle has lifted capital spending plans above analyst estimates and expanded borrowing to chase the opportunity it says exists in building datacenters for AI workloads. Despite revenue for Q4 (ended May 31) rising 21 percent year-on-year to $19.2 billion, Oracle's share price fell as markets reacted to its increasing capex, as analysts raised concerns about how Big Red would fund the investments in datacenters. Capex for fiscal 2026 reached $55.7 billion, up from $21.2 billion a year earlier. Speaking to investors, CFO Hilary Maxson said Oracle planned to support its capital investments program by raising around $40 billion in debt and equity in fiscal 2027, including a $20 billion equity issuance already announced. "We don't anticipate raising additional debt funding in calendar year 2026," she said. Last year, Oracle raised $18 billion in debt to help fund its massive datacenter investments. Big Red's market value jumped after it declared $455 billion remaining performance obligations (RPOs) – contracted revenue not yet recognized – more than 300 percent higher than a year earlier. That figure reportedly includes $300 billion for OpenAI alone, as the LLM slinger tries to support its expansion with compute capacity. Maxson said on an earnings call this week: "In order to unlock this unique growth opportunity, we started a program of capital investments. We'll continue those investments in our fiscal year 2027, with an expected net cash outlay for capital expenditures of around $70 billion. This includes customer prepayments and timing impacts expected at around $20 billion-$25 billion, so our reported capex will be higher by this amount." CEO Clay Magouyrk said any increase in capex was not due to component prices but largely due to timing. "Part of my job is to figure out ways to actually accelerate capex. My job is to try to spend the money a little bit faster so I can get ramped revenue sometimes. Component prices in general… I think everyone knows that memory prices have definitely gone up, SSD prices, hard drive prices, etc." However, Magouyrk said Oracle had also been able to lock prices "across the spectrum, whether it be space and power costs, energy costs, people costs, component costs." Oracle added around 400 MW of capacity in Q4 – similar to the last two quarters – and expects to add nearly 1 GW of capacity in fiscal Q1 2027. One analyst told Reuters there is real demand for cloud infrastructure, but the question over how Oracle funds its datacenter expansion "is getting harder, not easier, with capex coming in well above estimates and free cash flow still negative." Oracle announced a number of new customers with its latest financial figures, including a deal for a Fusion HCM system with the US Office of Personnel Management. ®

Met Police joins forces with Apple to choke London's stolen phone trade

✇The Register
11 Giugno 2026 ore 14:27
London's Metropolitan Police and Apple have agreed to share stolen device identifiers, building intelligence they hope will curb the capital's phone theft epidemic. These identifiers will help both organizations track which stolen devices reconnect to mobile networks, giving law enforcement better insight into where the criminal networks behind the thefts operate. The Met has access to stolen device information, such as serial numbers, provided by victims. Apple has access to data indicating when a device has been reactivated and where it's being used. Together, the two organizations believe this combined intelligence will help stamp down on the thefts that have ravaged London's streets for years, earning the city the unofficial title of "phone theft capital of Europe." "If stolen phones cannot be reactivated, their value collapses, and so does the incentive to steal them," said Metropolitan Police commissioner Sir Mark Rowley. "We are driving up the risk for offenders while cutting off the reward. "Policing is playing its part. In the West End, where this crime was most concentrated, phone theft has fallen by 50 percent through relentless, targeted policing. But we have also gone further by working directly with Apple to address the global market that has allowed this crime to thrive. "This is an important step, but it must not stop here. If you are stealing phones in London, the reality is changing fast. The opportunities are shrinking, the risks are rising, and we are determined to dismantle this criminal model completely." The intelligence-sharing pact follows months of pressure on both the Met and tech companies to take action. Dame Chi Onwurah, chair of the Science, Innovation and Technology Committee, wrote to Home Secretary Shabana Mahmood in December, asking why companies like Apple had not implemented cloud-based blocking or IMEI-linked device locks. Apple launched Stolen Device Protection in January 2024 and has since expanded default-on protections with the iOS 26.4 update, but there has long been a feeling that not enough was being done to tackle London's phone thefts. Rowley reiterated the ultimatum he issued to tech companies in March, demanding that they implement methods of reducing the value of stolen devices, or the UK will push through legislation. The collaboration with Apple is an extension of that, and the Met said Samsung and Google are also making security changes. Google uses several mitigations, including the need for authentication after a factory reset in order to return devices to working order, and an AI-powered feature that detects when devices are snatched and automatically locks the screen. A spokesperson at Google told The Register: "Android's theft protection features provide added security for billions of people, including Londoners. We have expanded default-on protections for UK devices, such as Remote Lock and Theft Detection, and we assist law enforcement with device recovery. Phone theft causes real distress and harm, and we work closely with the Met to protect all those who use our devices." Samsung said last year that it was working with the Home Office to deploy similar measures to tackle phone thefts. It implemented theft-detection tech similar to Google's that locks the screen when the device registers a possible snatching-related movement. It also requires biometric authentication to make security changes when devices are in unfamiliar locations, among other features. Not enough In spite of these actions, the Met announced today that it has asked the Home Office to start drafting anti-phone-theft legislation. "The Met has asked the Home Office to begin preparing legislation to introduce minimum technical standards so that any phone stolen in the UK is effectively unusable," it said. "These standards are complex, but we must be ready to act if industry fails to deliver. "Public support for stronger measures is clear, with 83 per cent of people backing the permanent blocking of stolen smartphones." It added: "While enforcement activity will continue, the Met is clear that the long-term solution lies in collapsing the criminal market." The Register has asked Apple to comment. A Samsung spokesperson said: "Samsung is fully committed to protecting customers with the very latest anti-theft feature technology. We recognise how distressing phone theft can be and have worked at pace to make a significant amount of security enhancements to help address this issue. "We would also like to reiterate that we have completed several requests from both the Home Office and the Met Police to demonstrate how seriously we take phone theft crime." The spokesperson added: "We believe this issue is a collective responsibility and we will continue to work with key stakeholders to help tackle phone-theft crime." The Met said it has almost halved rates of phone thefts in Westminster, with officers making hundreds of arrests and seizing thousands of devices. Thefts are down 45.8 percent, according to data gathered between January and May, although the picture across the wider city is a little less optimistic. The number of theft and robbery offenses in which a mobile phone was stolen has fallen by 14,000 in the last 12 months, representing an 18 percent decrease from the previous year. So far in 2026, overall offenses are down 20.6 percent compared to the same period in 2025. These arrests and seizures were secured through focused periods of enforcement action, namely through Operation Reckoning sprints, the fifth instalment of which concluded on Wednesday. The ten-day operational crackdown on phone thefts across London began on June 1 and resulted in the arrest of "prolific and violent phone thieves," the execution of search warrants at shops suspected of handling stolen devices, and the deployment of pursuit drivers to detain thieves on e-bikes. One visit to a single shop in April saw officers seize more than 1,000 suspected stolen phones and arrest four men between the ages of 22 and 63 on suspicion of handling stolen goods, as well as drug possession with intent to supply. Operation Reckoning is just one initiative targeting phone theft. The Met said last year that in September it dismantled a phone-robbing gang thought to be responsible for roughly half of all phone thefts in London – part of Operation Echosteep. ®

AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.

✇The Hacker News
di: Unknown
11 Giugno 2026 ore 13:30
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work. Today, that buffer is gone. AI didn't make your team slower. It changed the other side of the

Rilevata vulnerabilità in GIMP

✇RSS Csirt Italia
11 Giugno 2026 ore 12:24
Rilevata una vulnerabilità con gravità “alta” in GIMP, noto software open-source di ritocco immagini e foto. Tale vulnerabilità risiede nella libreria GEGL e potrebbe consentire a utenti malintenzionati di eseguire codice arbitrario sui sistemi interessati tramite file opportunamente predisposti.

Malware scare keeps schoolkids home for a second day

✇The Register
11 Giugno 2026 ore 12:30
Great Marlow School in Buckinghamshire, England, has entered its second day of a shutdown following "a suspected malware incident." Only students sitting their GCSE and A-level exams – those in Years 11 and 13 – were permitted to attend on Wednesday, in line with their exam timetable, and the same goes for Thursday. Students in other years (Years 6-10 and Year 12) were told to stay at home and access what revision materials they can via Microsoft Teams as teachers are currently unable to set them any work. Those scheduled to take internal mock exams, students in Years 10 and 12, will sit them later in the year. Some extracurricular activities, such as Year 7's learn-to-row session, have been rearranged, although the 7 and 8 athletics event will go ahead on Thursday as planned. Great Marlow School's statement suggests it remains in the containment stage of its recovery, with limited access to systems. "As a precautionary measure, we have restricted access to elements of our network while we investigate the issue thoroughly and take the necessary steps to ensure the security and integrity of our systems and data," headteacher Guy Pendlebury said in a statement on the school's website on Tuesday evening. "We are responding in line with guidance from the Department for Education (DfE) and the National Cyber Security Centre (NCSC). Immediate action has been taken to contain the incident, and we are working closely with specialist IT and cybersecurity professionals to fully assess the situation and restore normal operations as quickly and safely as possible. Appropriate reporting procedures have also been followed." The school did not comment on whether the attack involved ransomware or if any of its data was presumed compromised. It adds to a grim week for cybersecurity in the education sector. A high school in Illinois also closed for two days this week due to a ransomware attack, but reopened on Wednesday, although its phone lines are still down. And Nottingham Uni confirmed it was the victim of Shiny Hunters. In Wales, 13 schools across the Powys region were affected by a cyberattack that is thought to have led to data theft from only one of these institutions. Powys council disclosed the attack on June 4, saying it was originally identified in April, and sensitive data belonging to students and school staff is suspected of being compromised. None of the 13 schools have closed, however. ®

NS&I dangles £220K salary for CEO willing to straighten out £3B IT mess

✇The Register
11 Giugno 2026 ore 12:09
National Savings & Investments (NS&I) is looking for a new chief executive to take charge of the state-backed savings institution as it attempts to steer a troubled £3 billion digital transformation program back on course. The government-owned bank has launched a search for a permanent successor to former chief executive Dax Harkins, who left earlier this year amid a scandal involving hundreds of millions of pounds in unclaimed funds owed to the estates of deceased customers. Whoever takes the job will get a salary of up to £220,000, a troubled digital transformation program, and what could be described as a challenging in-tray. While the recruitment notice highlights NS&I's 164-year history and its 24 million customers, it also acknowledges that the organization is wrestling with problems that extend well beyond attracting deposits. "Whilst NS&I is successfully meeting its targets for savings and funding for the Government, and service levels to most customers, it is undergoing a major transformation programme and has experienced significant operational failings recently," the job ad states. The successful candidate will take responsibility for Project Rainbow, NS&I's long-running modernization effort that Parliament's Public Accounts Committee tore into earlier this year. In February, MPs branded the program a "full-spectrum disaster" after costs ballooned from an original estimate of around £1.7 billion to approximately £3 billion. The committee concluded that NS&I lacked the capability to deliver the overhaul, had spent £43 million on consultants, and still did not have a credible integrated plan despite five years of work. MPs also questioned how a program originally expected to cost around £1.7 billion had risen to £3 billion while key elements remained unfinished. The new boss will be expected to turn that around. The advert promises "end-to-end accountability for transformation and performance of the organisation," handing the next chief exec responsibility for delivering a program that has already attracted intense scrutiny from Parliament. NS&I is also placing unusual emphasis on crisis management. Candidates are expected to demonstrate experience delivering "a major change/transformation programme within consumer facing industries, at scale," alongside a track record of managing operational issues, reputation management, and recovery. The advert goes further, stating it is "crucial that a highly capable, credible CEO is appointed to lead the organisation through these challenges and re-establish NS&I's reputation and standing as a trusted, efficient and effective national institution." Whoever lands the job will be tasked with proving that one of the government's most heavily criticized IT overhauls can still be rescued before Parliament decides the next chapter of Project Rainbow deserves an equally colorful nickname. ®

Nottingham Uni says student records raided after ShinyHunters claims cyberattack

✇The Register
11 Giugno 2026 ore 11:20
The University of Nottingham has confirmed a cyberattack on its student record system after the ShinyHunters crew claimed to have stolen tens of gigabytes of data from the Russell Group institution. "The University of Nottingham has been the victim of a cyber incident and a significant amount of data in our student record system has been accessed by a well-known cybercriminal group," a spokesperson told The Register. "We are working with the third party that maintains the platform to lead a forensic investigation. We understand that those affected will have concerns about what this means for their personal data and we will be offering advice and support to our students as we learn more. "We take the privacy and security of data that we hold seriously, and we have reported this incident to Action Fraud and the Information Commissioner's Office. The university will continue to provide them with further information as our investigation progresses." ShinyHunters claimed responsibility for the attack on Tuesday, saying they had stolen around 40 GB of the institution's data. It reckons this included billing and payment records, credit card and payment details, student finance data, and "campus portal exports." The criminal crew further claimed that the University of Nottingham's Malaysia and China campuses were also compromised. On Wednesday evening, breach notification service Have I Been Pwned added the 10 GB dataset leaked by ShinyHunters to its database, saying around 454,600 university-related email addresses were included. "Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information, including names, addresses, phone numbers, ethnicities, disabilities, passport numbers, and information relating to academic enrolments and fee payments," HIBP stated. Around the same time, the university acknowledged the attack publicly, saying it affected both current students and alumni. Individuals believed to be affected have been contacted directly, and the university has stood up a dedicated support line. The attack could hardly have come at a worse time for Nottingham, which is embroiled in a dispute with staff after confirming hundreds of redundancies over the next three years. University employees, including teaching staff, have revolted, protesting against the decision by refusing to mark students' assessments. The University and College Union (UCU) entered a period of industrial action on June 1, saying it would not end until July 31. This includes a two-month strike and a boycott of marking duties, similar to action taken by staff in 2022 and 2023. Students have just finished sitting their end-of-year exams, but potentially face having their degree classification decided by predictions based on prior grades, per the university's contingency plans, if staff continue to refuse to carry out marking duties. Alternatively, students can wait to receive their final results, but these will come later than their peers' – not just at Nottingham but at other UK universities – and leave them at a time disadvantage when applying for graduate schemes and entry-level jobs. UK education battered The attack on the University of Nottingham comes amid a spate of other incidents affecting UK schools. Powys council confirmed on June 4 that a cyberattack was affecting 13 schools in the Welsh county, and that data had been stolen from at least one of them. Additionally, Great Marlow School in Buckinghamshire entered its second day of a shutdown today after a "suspected malware attack" on the school forced it into a containment phase. Most students, other than those attending to take their GCSE and A-level exams, have been told to stay home, with teachers unable to set remote work. Students should access what revision materials they can via the school's Microsoft Teams network. ®

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

✇The Hacker News
di: Ravie Lakshmanan
11 Giugno 2026 ore 11:45
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack

Framagenda : je n'arrive plus à sélectionner certains horaires

✇Framasoft - Toute l'actualité
di: Dor sur Framacolibri - Sujets récents
11 Giugno 2026 ore 11:14

Hello ! depuis la dernière mise à jour je n’arrive plus à sélectionner dans mon framagenda des heures qui finissent en “5” comme 9h45 (je peux sélectionner 9h40 ou 9h50 mais pas 9h45). Je suis embêté car j’utilise mon agenda pour le boulot et j’ai des patients à 9h45 et 15h15 par exemple, je ne peux désormais plus sélectionner ces horaires

6 messages - 3 participant(e)s

Lire le sujet en entier

Vulnerabilità in prodotti Palo Alto Networks

✇RSS Csirt Italia
11 Giugno 2026 ore 11:13
Rilevate molteplici nuove vulnerabilità in prodotti Palo Alto Networks, di cui una con gravità “critica” nei prodotti Cortex XSOAR e Cortex XSIAM. Tale vulnerabilità, qualora sfruttata, potrebbe consentire a un utente malintenzionato non autenticato di eludere i meccanismi di autenticazione e alterare dati sui sistemi interessati.

La sfida dei data center spaziali

✇Guerre di Rete
di: Paolo Marelli
11 Giugno 2026 ore 11:00

Immagine in evidenza rielaborata con Intelligenza Artificiale

I data center divorano l’1,5% dell’elettricità mondiale. Per la precisione: 415 terawattora nel 2024. L’equivalente di quasi l’intero consumo annuo di energia elettrica di una nazione come la Francia. Ma è una quota destinata a più che raddoppiare entro il 2030, spinta soprattutto dall’intelligenza artificiale generativa, che l’Agenzia Internazionale dell’Energia identifica come “il fattore più importante” di questa crescita.

Le reti elettriche globali sono già sotto pressione, ma la costruzione di nuove linee di trasmissione richiede dai quattro agli otto anni nei paesi più avanzati. Nel frattempo, la domanda di calcolo aumenta così velocemente che nessuna infrastruttura terrestre riesce a stare al passo.

È in questo contesto che governi e aziende tecnologiche hanno cominciato a guardare allo spazio. Del resto, lo spazio offre energia solare continua senza competere con le reti terrestri, la possibilità di sfruttare il raffreddamento passivo nel vuoto senza consumare acqua e di elaborare i dati direttamente a bordo dei satelliti che li raccolgono, senza doverli trasmettere integralmente a Terra. Quello che sembrava fantascienza è diventato, nel giro di pochi anni, un programma industriale con date, contratti e lanci già effettuati.

A maggio 2025, la Cina ha lanciato i primi satelliti di una costellazione per l’elaborazione dei dati direttamente nello spazio. Nella stessa direzione si stanno muovendo anche gli Stati Uniti. Le due grandi potenze hanno avviato programmi concreti, ancora in parte sperimentali, per portare calcolo e archiviazione oltre il cielo. Si tratta, però, di un salto tecnologico con una conseguenza politica: in futuro, i dati più strategici di governi, eserciti e grandi aziende potrebbero non trovarsi più in nessuna nazione.

I progetti a stelle e strisce

I satelliti producono quantità enormi di dati, spesso troppo grandi per essere inviati interamente sulla Terra in tempo reale. Processarli in orbita riduce la latenza e la dipendenza dalle stazioni terrestri. Hewlett Packard Enterprise ha dimostrato la fattibilità di questo approccio con il programma Spaceborne Computer. La multinazionale statunitense, leader nelle soluzioni tecnologiche edge-to-cloud (in cui l’elaborazione dei dati avviene in parte sul dispositivo remoto e in parte sui server centrali), ha installato server commerciali standard sulla Stazione Spaziale Internazionale (ISS) nel 2017, 2021 e 2024. Questo ha permesso di ridurre fino al 90% il volume dei dati da trasmettere a Terra.

In un’intervista a Via Satellite (novembre 2025), Clint Crosier, già responsabile della pianificazione della U.S. Space Force e oggi direttore Aerospace & Satellite Solutions di AWS, ha illustrato i risultati pratici. In un test con la startup italiana D-Orbit, elaborare i dati direttamente a bordo del satellite ha permesso di trasmettere a Terra solo le immagini realmente utili: il satellite ha continuato a soddisfare tutti i requisiti della missione usando il 42% in meno di banda. Liberando quella banda, lo stesso satellite può inviare quasi il doppio dei dati utili senza alcuna modifica all’hardware. Il vantaggio per le applicazioni militari è evidente (non a caso, il Department of Defense Space Strategy statunitense identifica lo spazio come dominio operativo a tutti gli effetti).

Gli Stati Uniti stanno inoltre sviluppando la Proliferated Warfighter Space Architecture (PWSA) della Space Development Agency (SDA): una costellazione di centinaia di piccoli satelliti in orbita bassa interconnessi otticamente. Una flotta progettata per garantire comunicazioni resilienti e rilevamento missilistico anche in caso di attacchi a infrastrutture terrestri. A dicembre 2025, la SDA ha assegnato contratti per circa 3,5 miliardi di dollari per la costruzione di altri 72 satelliti di tracciamento missilistico. La logica strategica è chiara: in uno scenario di conflitto, gli impianti e le installazioni a terra sono tra i primi obiettivi a essere colpiti. Una capacità di calcolo dislocata nello spazio, interconnessa otticamente e ridondante offre invece maggiore sicurezza e una continuità operativa difficilmente replicabile sulla Terra.

La Cina accelera: la Three-Body Computing Constellation

Dagli Stati Uniti alla Cina. Come già accennato, il 14 maggio 2025 la Repubblica Popolare ha lanciato i primi 12 satelliti della Three-Body Computing Constellation, sviluppata dall’istituto di ricerca Zhejiang Lab e dall’azienda ADA Space di Chengdu. Ogni satellite offre 744 TOPS (tera-operazioni al secondo) e l’intera rete è progettata per espandersi fino a 2.800 satelliti, con una potenza computazionale complessiva di 1.000 peta-operazioni al secondo, paragonabile per ordine di grandezza ai supercomputer terrestri più potenti. I satelliti sono collegati da link laser inter-satellite (un collegamento che usa fasci di luce laser per trasmettere dati direttamente da un satellite all’altro), alimentati da pannelli solari e raffreddati passivamente dal vuoto, eliminando i costosi sistemi di raffreddamento a liquido dei data center terrestri.

Secondo un piano quinquennale citato dall’emittente televisiva cinese CCTV e ripreso dalla Reuters lo scorso 29 gennaio, la CASC (China Aerospace Science and Technology Corporation) ha annunciato la costruzione di un’infrastruttura digitale spaziale da un gigawatt di potenza, identificata come pilastro del 15° Piano Quinquennale cinese, integrando capacità cloud, edge computing e terminali per elaborare dati direttamente in orbita.

Il ruolo delle aziende private

C’è però da osservare che la corsa ai data center orbitali non è più una prerogativa dei governi. A novembre 2025, Starcloud ha lanciato il primo satellite equipaggiato con una GPU NVIDIA H100, realizzando la prima dimostrazione di addestramento AI direttamente in orbita. L’11 gennaio 2026, con la missione Twilight di SpaceX, sono arrivati in orbita i primi due nodi del data center orbitale della statunitense Axiom Space, sviluppati in collaborazione con la canadese Kepler Communications e collegati tramite link ottici da 2,5 Gbps.

Google, con il progetto Suncatcher, punta invece a una costellazione di satelliti dotati di TPU (i processori per l’intelligenza artificiale progettati da Google) alimentati da energia solare, con un primo test, in collaborazione con la società di San Francisco Planet Labs, previsto per il 2027. Secondo indiscrezioni, SpaceX starebbe preparando una generazione aggiornata dei satelliti della sua costellazione Starlink capace di ospitare carichi di calcolo, con link ottici inter-satellite a banda ultralarga.

A rendere economicamente plausibili delle infrastrutture permanenti in orbita è anche la riduzione dei costi di lancio, che – secondo uno studio della NASA – sono passati da circa 54mila dollari al chilogrammo con lo Space Shuttle a 2.700 dollari con il razzo riutilizzabile Falcon 9 della società spaziale di Elon Musk: una riduzione di venti volte in due decenni. Tuttavia, la gestione privata di sistemi potenzialmente critici introduce domande (per ora) senza risposta: a cominciare da chi sia responsabile in caso di violazione dei dati su un satellite commerciale.

Dal canto suo, l’Europa non dispone di un programma comparabile per il cloud orbitale. Il progetto IRIS² – 290 satelliti per comunicazioni sicure, contratto da 10,5 miliardi firmato nel dicembre 2024 con il consorzio SpaceRISE – non include infrastrutture di calcolo orbitale autonome. Sul fronte della ricerca, il progetto europeo ASCEND ha completato nel 2024 uno studio che conferma la fattibilità tecnica dei data center orbitali e si pone l’obiettivo di dispiegare 1 GW entro il 2050. ASCEND è guidato da Thales Alenia Space, joint venture tra Thales e Leonardo: la partecipazione dell’azienda italiana è il contributo più diretto del nostro paese a questo scenario.

C’è poi da notare che D-Orbit, startup comasca già protagonista del test AWS, è tra le realtà italiane più avanzate sul tema dell’elaborazione dati in orbita e ha sottoscritto contratti con l’ESA (l’Agenzia spaziale europea) nell’ambito della costellazione di osservazione IRIDE, finanziata con fondi PNRR. Ma l’Italia non ha un programma nazionale dedicato al cloud orbitale. Il rischio è quello già visto in altri ambiti digitali: competenze industriali elevate senza controllo sull’infrastruttura finale.

Vulnerabilità e limiti

Il 24 febbraio 2022, all’ora esatta dell’invasione russa dell’Ucraina, un attacco informatico ha colpito la rete KA-SAT di Viasat (il gigante californiano delle telecomunicazioni satellitari), disabilitando decine di migliaia di modem satellitari in Ucraina e in Europa. Il malware usato – un wiper chiamato AcidRain – non ha violato nessun satellite in orbita, sfruttando invece una vulnerabilità VPN in server di gestione della rete fisicamente localizzati nel nord Italia, propagandosi fino a disabilitare 5.800 turbine eoliche in Germania. A maggio 2022, Stati Uniti, Unione Europea, Regno Unito e una dozzina di governi europei – inclusa l’Italia – hanno attribuito pubblicamente l’attacco al GRU, l’intelligence militare russa.

Il caso Viasat contiene una lezione che vale doppio per i data center orbitali: il punto più vulnerabile di un’infrastruttura spaziale non è il satellite. È tutto ciò che lo gestisce da Terra: stazioni di controllo, reti di uplink, sistemi di autenticazione, catena di fornitura dell’hardware. A questo si aggiunge un problema strutturale specifico dello spazio: il patching. Un data center terrestre può infatti ricevere una patch di sicurezza in pochi minuti. Un satellite in orbita bassa ha finestre di comunicazione limitate, banda ristretta e nessuna possibilità di intervento fisico. Se un sistema orbitale venisse compromesso, la risposta sarebbe strutturalmente più lenta e, in alcuni scenari, impossibile senza un nuovo lancio.

Jamming e spoofing GPS sono già operativi in zona di conflitto e documentati sistematicamente dall’Agenzia europea per la sicurezza aerea (EASA) nel Mar Nero, in Medio Oriente e nel Baltico: dimostrano che l’interferenza deliberata sulle infrastrutture spaziali è una realtà, non un’ipotesi. Un attacco a un sistema orbitale porterebbe le stesse complessità a un livello superiore: chi ha giurisdizione, chi può intervenire, con quali strumenti e in quale tempo utile.

Il vuoto normativo

L’Outer Space Treaty del 1967 attribuisce allo Stato di lancio la giurisdizione e il controllo sugli oggetti spaziali, indipendentemente da dove operino. Ma questo trattato non contempla infrastrutture digitali, non regola la proprietà dei dati in orbita, non prevede meccanismi di applicazione in caso di violazione informatica. 

A quasi sessant’anni dalla firma, non esiste nessun trattato internazionale che disciplini specificamente la protezione dei dati nello spazio. Nel 2019, dopo otto anni di negoziato, l’UN COPUOS (la Commissione delle Nazioni Unite sull’uso pacifico dello spazio extra-atmosferico) ha adottato 21 linee guida per la sostenibilità a lungo termine delle attività spaziali: volontarie, non vincolanti e relative a detriti, sicurezza operativa e traffico orbitale. La protezione dei dati non è contemplata.

Il primo segnale che la questione stia diventando urgente sul piano normativo è arrivato a gennaio di quest’anno: SpaceX ha depositato all’americana FCC (Federal Communications Commission) una richiesta per lanciare fino a un milione di satelliti definiti esplicitamente “orbital data centers”. Questo è il primo iter normativo al mondo che affronta direttamente il tema, ma riguarda una sola nazione e non tocca le questioni di giurisdizione sui dati.

Payal Arora, professoressa di AI inclusiva all’Università di Utrecht (Olanda), ha sintetizzato il problema in un’analisi pubblicata da Rest of World nel febbraio 2026: se i dati dei cittadini sono elaborati in orbita, la sovranità digitale “diventa ambigua”, sospesa tra il Paese d’origine, lo Stato di lancio e l’operatore commerciale del satellite. Nessuno dei meccanismi esistenti – né il diritto spaziale internazionale, né il diritto cyber nazionale, né i trattati di mutua assistenza giudiziaria – è stato progettato per rispondere a questi aspetti.

Per decenni il potere digitale è stato ancorato a piattaforme fisiche entro confini nazionali. Anche i cavi sottomarini, che trasportano oltre il 95% del traffico internet globale, hanno una giurisdizione di riferimento, con trattati, procedure e responsabilità definite. Il cloud orbitale rompe questo sistema. I dati possono essere archiviati ed elaborati in luoghi che nessuna autorità nazionale può raggiungere, né fisicamente né giuridicamente. In sostanza, per la prima volta, la localizzazione dei dati smette di coincidere con il territorio.

Come spiega Jane Munga, ricercatrice per l’Africa al Carnegie Endowment for International Peace, la sovranità tende a seguire la proprietà dell’infrastruttura: chi non partecipa al suo possesso e alla sua governance rischia di essere relegato a produttore di dati senza alcuna capacità reale di controllo su come siano archiviati, elaborati o usati. Un’incognita che sconfina dal campo dell’innovazione tecnologica. Quello in corso è un passaggio epocale le cui conseguenze sono ancora da scrivere. Il rischio è che si erigano infrastrutture informatiche cruciali per nazioni, imprese e cittadini che superino la sovranità digitale degli Stati. Senza che ci siano le regole per governarle.

L'articolo La sfida dei data center spaziali proviene da Guerre di Rete.

Lawmaker Pushes for Ban on Special Treatment for Convicted Drug Traffickers After ProPublica Report

✇ProPublica
di: Keri Blakinger
11 Giugno 2026 ore 11:00
A woman wearing glasses and a tan blazer speaks into a handheld microphone while holding up a document featuring the ProPublica logo and a man's photograph. Several observers sitting in a row behind her, listening.
Rep. Norma Torres holds a printout of ProPublica’s reporting on the special treatment given to Juan Orlando Hernández, the former Honduran president who was pardoned of a drug conviction. Screenshot via House Appropriations Committee/YouTube

A federal lawmaker is pushing for a provision that would bar the Federal Bureau of Prisons from offering taxpayer-funded VIP perks to pardoned drug lords and child traffickers. 

Rep. Norma Torres, a California Democrat, introduced the measure last month as an amendment to a House appropriations bill, telling her colleagues that there “should never be preferential treatment for narco leaders.”

The move comes in response to ProPublica reporting on the special treatment extended to one high-profile pardon recipient — former Honduran president Juan Orlando Hernández, who was released from a federal penitentiary late last year. Less than 18 months earlier, Hernández had been sentenced to 45 years in prison for taking bribes and allowing drug traffickers to export more than 400 tons of cocaine to the U.S. while he was in office.

But after President Donald Trump pardoned him in December, the Central American strongman — who has long maintained his innocence — got what Torres and others have described as the “red carpet” treatment. On the day of his release, ProPublica found, Hernández had in place what’s known as an immigration detainer, a formal request for law enforcement agencies to hold noncitizens for pickup by Immigration and Customs Enforcement. Yet instead of holding him, the Federal Bureau of Prisons scrambled to get the detainer removed so he could walk free. Then, instead of giving him a bus ticket or airfare to get home on his own, prison officials paid a four-man tactical team overtime to drive him six hours from a West Virginia high-security facility to the Waldorf Astoria in Manhattan, New York, according to records and three people familiar with the situation. 

Torres sought to stop that sort of treatment with a narrowly tailored amendment barring the bureau and several other agencies from using taxpayer dollars to give convicted drug traffickers and child traffickers — even those who have been pardoned or received a sentence commutation — special accommodations or transportation, as well as from lifting “any detainers not provided to other inmates.” 

Last month, the amendment hit an early stumbling block when the House Appropriations Committee voted along party lines against including it in its proposed 2027 spending bill. 

“Taxpayer dollars should not be used to give convicted criminals special accommodations, lifted legal holds, or government-funded transportation,” Torres said in a press release afterward. “We should be enforcing the law, not handing out favors. I’m shocked that my Republican colleagues didn’t agree with that common sense idea.” 

But that doesn’t necessarily mean the proposal is dead. Last week in a statement to ProPublica, Torres — a Guatemalan immigrant who last year criticized the decision to pardon Hernández — said she planned to raise the issue before the Rules Committee, which can decide whether previously rejected amendments still get a vote on the House floor.

“I am not giving up,” she said, adding: “The American people deserve a government that enforces the law fairly and holds powerful criminals accountable, regardless of who pardons them.”

A Bureau of Prisons spokesperson declined to comment on the measure out of respect for members of Congress. Previously, a spokesperson said that the bureau does not discuss conditions of confinement or security procedures and that employee standards of conduct prohibit staff from giving any prisoners preferential treatment. ICE had previously referred questions to the White House, which this week did not respond to a request for comment.

Long before his arrest and controversial release, Hernández had been a polarizing figure, plagued by allegations of corruption in his country. Still, he was seen as a key U.S. ally under the Obama and first Trump administrations, in part because of his apparent interest in tackling drug trafficking and migration issues.

But in 2018, the U.S. Drug Enforcement Administration arrested his younger brother, former Honduran congressman Tony Hernández, for weapons and drug trafficking charges. The following year, a jury found Tony Hernández guilty in a Manhattan federal trial.

And weeks after the elder Hernández left office in 2022, he was arrested in Honduras and extradited to the U.S. to face drug trafficking and weapons charges. Prosecutors said Juan Orlando Hernández funded his political career with money he got from “violent drug-trafficking organizations” in exchange for allowing them to “move mountains of cocaine” out of the country. At one point, they said during trial, he bragged that he would “stuff the drugs right up the noses of the gringos.”

After a federal jury voted to convict him in early 2024, Hernández was sent to a notorious high-security penitentiary in West Virginia to serve his time. Last year, he appealed to Trump’s sympathies, penning a four-page letter framing his case as a “political persecution” by the Biden administration. 

In November — two days before the Honduran presidential election that swept Hernández’s right-wing National Party back into power — Trump announced his intent to pardon his former Central American counterpart. Experts said the timing sent an obvious message on the eve of a tight race; as one former high-ranking U.S. diplomat previously told ProPublica, the pardon was a show of support that served as a “clear green light for the National Party to manipulate the vote.”

(The narrow victory for Nasry “Tito” Asfura, who had been trailing in multiple polls, came amid reports of voter intimidation and fraud allegations. After the election, Asfura promised to “work tirelessly for Honduras.”)

On Dec. 1, Trump formally granted Hernández the full pardon, and by the end of the day he was on his way to the swank, five-star hotel in New York City, ProPublica reported. Days later, Renato Stabile, Hernández’s court-appointed lawyer, filed a motion to vacate the judgment and dismiss the indictment in light of the presidential pardon. When prosecutors didn’t file a response opposing it, a federal court agreed to Stabile’s request.

Previously, Stabile told ProPublica his client’s treatment during the release process was appropriate, as Hernández could have been arrested or killed had he been deported to his home country. He also declined to comment on where Hernández stayed but said the government did not pay the bill. Hernández had declined to comment through his attorney.

At the time, Joe Rojas, a retired prison worker and former union leader, said that BOP staff were “disgusted” after the agency “rolled out the red carpet” for Hernández. 

Last month, when the amendment came up for debate in front of the 63-member House Appropriations Committee, Torres held up a printed copy of ProPublica’s investigation as she told her colleagues about the special treatment Hernández received and about how the prisons agency had used “our hard-earned taxpayer dollars” to pay for his transport to New York. 

“These actions can never be allowed to happen ever again,” she said.

Two other lawmakers spoke in support of the measure. One, Rep. Hal Rogers, a Kentucky Republican, opposed it, calling the amendment “performative and unnecessary.” He did not explain his reasoning to the committee, and his office did not respond to an emailed request for comment. 

Ultimately, 31 Republicans opposed the amendment and 27 Democrats supported it. None of the Republican members who voted against the amendment responded to requests for comment from ProPublica.

Though Torres plans to raise the issue again this summer in front of the Rules Committee, the 9-4 Republican majority there makes it unlikely the measure will garner enough support to move forward right now.

But if the House fails to agree on spending bills before the end of this Congress, the November elections could change the balance of power and give the Democrats more say in what amendments make it to the floor next year.

The post Lawmaker Pushes for Ban on Special Treatment for Convicted Drug Traffickers After ProPublica Report appeared first on ProPublica.

UK Treasury still deciding whether to show up to £1.7B ERP program it agreed to fund

✇The Register
11 Giugno 2026 ore 10:30
The UK Treasury will not say whether it will join the government's £1.7 billion finance and HR transformation strategy until December despite funding the program for five years. Savings from the so-called Matrix cluster of the shared service strategy are contingent on a bunch of departments – including His Majesty's Treasury (HMT) – adopting cloud-based finance and HR software from Workday. To do so, HMT would have to migrate from its customized version of Oracle Fusion. In a letter to a parliamentary spending watchdog, Jerome Glass, director general for the Future Civil Service at the Cabinet Office, said that following delays to the cluster's rollout of the new software, HMT's decision on whether to join had been put back. The Matrix cluster is led by the Department for Science, Innovation and Technology (DSIT), and includes the Cabinet Office (CO), Department for Energy Security and Net Zero (DESNZ), Department for Culture, Media and Sport (DCMS), Department for Business and Trade (DBT), Attorney General's Office (AGO), Department for Education (DfE), Department of Health and Social Care (DHSC), as well as HMT. In 2024, the Matrix cluster awarded Workday a contract for SaaS finance and HR software and Cognizant a system integration deal with a combined value of £144.3 million. Prime Minister Keir Starmer has told the departments to join their allocated shared service clusters. According to a report from the National Audit Office (NAO), published earlier this year, the Cabinet Office said it does not consider departments' joining shared services to be optional, and "departments cannot make the decision to move or leave a cluster without assessing value for money across government, nor the impact on the business case." Nonetheless, having agreed to fund the program with £1.15 billion since 2021, the Treasury is still making up its mind two years after the Workday contract was signed. In his letter to the Public Accounts Committee, Glass said HMT's accounting officers "must be satisfied that the proposal meets the standards set out in Managing Public Money," a government guide for financial management, "including delivering value for money for the Exchequer as a whole." He said HMT was working jointly with the Matrix program to "develop this evidence base." The plan was that departments in the cluster already using cloud-based systems (DfE and HMT) would not join until after the other departments. "HMT's onboarding has therefore always been planned on a longer timetable. Delays in the Matrix programme have had a knock-on impact on HMT receiving key documents and evidence, subsequently pushing back HMT's formal Accounting Officer sign-off decision," the letter said. The NAO has previously reported that aspects of the shared service program will see their go-live delayed from 2028 to 2029. Glass said HMT expected to receive the majority of the documentation "required to assess feasibility and the cost of service by the end of summer 2026." Provided there are no further delays, DfE and HMT should be able to make an "evidence-based decision" by December, he said. In an update earlier this year, the NAO said HMT and DfE had invested significantly in existing finance, HR, and commercial systems based on modern ERP platforms that are "highly configured to accommodate their requirements." Joining the Matrix shared service would "mean loss of some functionality as they seek to converge on data and processes and will have to bear an 'unnecessary cost' to develop their new processes," it said. The spending watchdog also pointed out that the Matrix cluster's business case includes the participation of both DfE and HMT in its financial assumptions. A "sensitivity analysis" revealed a reduction in the program's expected benefits from £185 million to £109 million if the two departments did not join. HMT disputed the calculations, the NAO said. HMT has provided funding for the whole shared service program for the spending review period up to and including the 2028-29 financial year. There are five clusters to the program, including Matrix, covering all Whitehall departments and arm's-length bodies, which have signed contracts totaling around £1.7 billion, some extending beyond the spending review period. Glass's letter said the clusters forecast that benefits from the Shared Services for Government Strategy would reach £4.37 billion over 15 years, broken down into £1.4 billion cashable benefits and £2.98 billion of non-cashable benefits. If the forecasts prove correct, it would be a good deal for the UK taxpayer. Some of the savings, though, will depend on HMT's willingness to join a program it agreed to fund. ®

Rilevata vulnerabilità in Oracle

✇RSS Csirt Italia
11 Giugno 2026 ore 09:39
Rilevata una nuova vulnerabilità con gravità “critica” nel prodotto Oracle PeopleSoft Enterprise PeopleTools, piattaforma utilizzata per lo sviluppo e l’esecuzione delle applicazioni PeopleSoft. Tale vulnerabilità, qualora sfruttata, potrebbe consentire ad un utente malintenzionato remoto di eseguire codice arbitrario sui sistemi interessati.

Windows 11 insider senza account Microsoft: la guida completa

✇sicurezza.net
di: Miriam Verdelli
11 Giugno 2026 ore 09:23
Windows 11 insider

Per accedere alle build di anteprima di Windows non è più obbligatorio utilizzare un Windows 11 Insider account collegato a Microsoft. Se per anni questa è stata una regola ferrea, oggi le cose sono cambiate.

Esiste infatti un metodo efficace per testare le novità del sistema operativo in anteprima, tutelando la propria privacy e mantenendo il pieno controllo del dispositivo. In questa guida ti mostreremo come fare, passo dopo passo.

Perché l'account Microsoft non è (davvero) obbligatorio?

Molti credono che il programma Insider si basi su una complessa infrastruttura cloud per verificare l'identità del PC. In realtà, il meccanismo è molto più semplice. Il funzionamento di Windows Update dipende da parametri impostati a livello locale. Una volta configurato, il sistema si "autodichiara" parte di un canale Insider e richiede gli aggiornamenti specifici, senza che le verifiche online siano così stringenti. È proprio sfruttando questo principio che la soluzione che stiamo per analizzare riesce ad aggirare l'obbligo dell'account.

OfflineInsiderEnroll: la soluzione a portata di script

La chiave per sbloccare l'accesso alle build di anteprima si chiama OfflineInsiderEnroll. Si tratta di un semplice ma potente script disponibile su GitHub che automatizza le modifiche necessarie al registro di sistema. È uno strumento pulito: non installa driver, servizi permanenti o componenti che restano attivi in memoria. Esegue il suo compito e nient'altro.

Come funziona nel dettaglio?

Il cuore del meccanismo risiede in un valore del registro di sistema chiamato TestFlags. Impostando questo valore su un codice specifico (0x20), lo script comunica a Windows di interrompere le verifiche con i server Microsoft per la validazione dell'iscrizione.

Di conseguenza, le impostazioni locali prendono il sopravvento e Windows Update distribuisce le build sperimentali senza ulteriori controlli. Per rendere l'operazione credibile, lo script imposta anche altre chiavi fondamentali, come BranchName e RingId, simulando in tutto e per tutto un'iscrizione legittima a uno dei canali Insider.

Non solo un windows 11 insider account: i vantaggi nascosti

Uno degli aspetti più interessanti di questo strumento è la sua capacità di andare oltre la semplice iscrizione. Analizzando il codice, si scopre che lo script imposta in automatico anche le chiavi di registro per bypassare i famosi controlli hardware di Windows 11. Questo significa che potrai ricevere le build Insider anche su computer che non soddisfano pienamente i requisiti ufficiali, come la presenza del chip TPM 2.0 o di una CPU recente, garantendo una flessibilità notevole.

Guida pratica: come usare lo script passo-passo

L'utilizzo dello script è incredibilmente intuitivo e non richiede competenze tecniche avanzate. Segui questi semplici passaggi: Scarica l'ultima versione di OfflineInsiderEnroll dalla pagina ufficiale su GitHub. Fai clic con il tasto destro sul file .cmd scaricato e seleziona "Esegui come amministratore".

Si aprirà una finestra del prompt dei comandi con l'elenco dei canali Insider disponibili (Canary, Dev, Beta, Release Preview). Digita il numero corrispondente al canale desiderato e premi Invio. A questo punto, lo script applicherà le modifiche e ti chiederà di riavviare il computer. Al riavvio, vai su Impostazioni > Windows Update: troverai la nuova build di anteprima pronta per essere scaricata.

Ci sono rischi? Cosa devi sapere prima di iniziare

È importante essere trasparenti: ogni modifica non ufficiale al sistema operativo richiede consapevolezza. Sebbene lo script sia ritenuto sicuro dalla community, la sua funzione di ripristino potrebbe non annullare completamente tutte le modifiche apportate. Se in futuro decidessi di tornare a una versione stabile (retail) di Windows, la strada più sicura potrebbe essere un aggiornamento in-place tramite un file ISO ufficiale o, nei casi più complessi, una reinstallazione pulita del sistema operativo.

In conclusione, questo metodo non forza il sistema, ma sblocca semplicemente una via d'accesso già prevista. Dimostra che molte limitazioni sono spesso frutto di scelte strategiche e non di insormontabili vincoli tecnici, offrendoti un nuovo strumento per esplorare il futuro di Windows alle tue condizioni.

L'articolo Windows 11 insider senza account Microsoft: la guida completa proviene da sicurezza.net.

Antitrust WhatsApp AI: l'Europa ferma Meta

✇sicurezza.net
di: Loredana Volpato
11 Giugno 2026 ore 09:16
Antitrust WhatsApp AI

La nuova indagine antitrust WhatsApp AI sta ridefinendo le regole del gioco per gli assistenti virtuali in Europa. Con una mossa quasi senza precedenti, la Commissione Europea ha ordinato a Meta di fare un passo indietro, imponendo misure cautelari per garantire una concorrenza leale nel settore. Ma cosa significa questo per il mercato e per il futuro della tecnologia? Scopriamolo insieme.

Cosa è successo esattamente? la mossa di Meta e la risposta europea

Il fulcro della questione è la WhatsApp for Business API. Si tratta dell'interfaccia che le aziende usano per comunicare con i clienti sull'app di messaggistica. Fino a poco tempo fa, anche gli assistenti AI di terze parti potevano accedere liberamente a questa API. Le cose sono cambiate il 15 ottobre 2025.

In quella data, Meta ha introdotto una nuova policy che ha di fatto bloccato la concorrenza. L'unica opzione rimasta era utilizzare Meta AI, l'assistente proprietario dell'azienda. Questa mossa ha immediatamente allertato Bruxelles, che ha avviato un'indagine formale. La gravità della situazione ha spinto la Commissione ad agire d'urgenza. Ha imposto delle misure senza attendere la conclusione dell'inchiesta, una procedura estremamente rara e usata solo una volta in passato.

Una posizione dominante che rischia l'abuso

La rapidità dell'intervento europeo si spiega con un concetto chiave: la posizione dominante. Secondo la Commissione, Meta detiene un potere enorme nel mercato delle app di comunicazione. Il timore è che l'azienda possa sfruttare questo vantaggio per eliminare la concorrenza nel nascente settore degli assistenti AI. Bloccando i rivali su WhatsApp, Meta potrebbe infatti consolidare il proprio monopolio. Questo impedirebbe ad altre aziende di competere ad armi pari. Un rischio concreto per l'innovazione e per la libertà di scelta degli utenti.

Il futuro dell’indagine antitrust WhatsApp AI

È importante sottolineare che la decisione attuale è solo una misura provvisoria. L'indagine antitrust WhatsApp AI prosegue e non ha una scadenza definita. Potrebbero servire mesi, o persino anni, per raggiungere una sentenza finale. Nel frattempo, però, le regole del gioco sono state ripristinate per garantire un mercato aperto a tutti.

L'ordine della commissione: cosa deve fare Meta (e in fretta)

L'ordine di Bruxelles è chiaro e perentorio. Meta deve ripristinare la situazione precedente al 15 ottobre 2025. Questo significa garantire di nuovo l'accesso gratuito a WhatsApp per tutti gli assistenti AI concorrenti. L'azienda deve agire immediatamente: ha solo cinque giorni lavorativi di tempo per conformarsi. Le sanzioni in caso di inadempienza sono severe. Si parla di multe fino al 10% del fatturato annuo globale, oltre a penali giornaliere. È un segnale forte che dimostra la determinazione dell'Europa.

Un contesto più ampio: la guerra digitale tra Big Tech e UE

Questa vicenda non è un caso isolato, ma si inserisce in un contesto di tensioni crescenti. Le grandi piattaforme tecnologiche e le autorità europee sono spesso in conflitto. Basti pensare al recente blocco di alcune funzioni di Apple Intelligence a causa del Digital Markets Act (DMA). O alle accuse contro Google per aver favorito il suo assistente Gemini su Android.

La corsa all'intelligenza artificiale è diventata un campo di battaglia normativo. Il caso antitrust WhatsApp AI dimostra che l'Europa è pronta a usare ogni strumento per difendere la concorrenza leale. L'obiettivo è proteggere i mercati emergenti. La partita è solo all'inizio, ma il mercato degli assistenti AI torna a essere, per ora, un campo di gioco aperto.

L'articolo Antitrust WhatsApp AI: l'Europa ferma Meta proviene da sicurezza.net.

Peertube does not recognize new NodeJS version after update

✇Framasoft - Toute l'actualité
di: frank.nord sur Framacolibri - Sujets récents
11 Giugno 2026 ore 08:37

OS: Debian 11.11

Current Peertube version: 8.1.8, trying to update to 8.2.0

Current NodeJS version at /usr/local/bin/node:

# node
Welcome to Node.js v24.16.0.
Type ".help" for more information.
>

This is the version that is executed when running node on command line. There is still an outdated version located at /etc/alternatives

# /etc/alternatives/nodejs 
Welcome to Node.js v20.20.2.
Type ".help" for more information.

Most likely the old NodeJS was installed with apt. A later version is not available in the standard repository:

# apt upgrade nodejs
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
nodejs is already the newest version (20.20.2-1nodesource1).

The later version was installed by running npm install n -g and

 n stable
     copying : node/24.16.0
   installed : v24.16.0 (with npm 11.13.0)

After that, I ran

cd /var/www/peertube/peertube-latest/scripts && sudo -H -u peertube ./upgrade.sh

and restarted Peertube with systemctl restart peertube. Regrettably Peertube refuses to start up complaining about an outdated NodeJS version.

Jun 11 04:46:46 peertube systemd[1]: Started PeerTube daemon.
Jun 11 04:46:49 peertube peertube[3959624]: [bla:443] 2026-06-11 04:46:49.512 error: Error in NodeJS check. {
Jun 11 04:46:49 peertube peertube[3959624]:   "err": {
Jun 11 04:46:49 peertube peertube[3959624]:     "stack": "Error: Your NodeJS version v20.20.2 is not supported. Please upgrade to NodeJS 22 or NodeJS 24\n    at checkNodeVersion (file:///var
/www/peertube/versions/peertube-v8.2.0/dist/core/initializers/checker-before-init.js:317:15)\n    at file:///var/www/peertube/versions/peertube-v8.2.0/dist/server.js:20:5",
Jun 11 04:46:49 peertube peertube[3959624]:     "message": "Your NodeJS version v20.20.2 is not supported. Please upgrade to NodeJS 22 or NodeJS 24"
Jun 11 04:46:49 peertube peertube[3959624]:   }
Jun 11 04:46:49 peertube peertube[3959624]: }
Jun 11 04:46:49 peertube systemd[1]: peertube.service: Main process exited, code=exited, status=255/EXCEPTION
Jun 11 04:46:49 peertube systemd[1]: peertube.service: Failed with result 'exit-code'.
Jun 11 04:46:49 peertube systemd[1]: peertube.service: Consumed 4.379s CPU time.
Jun 11 04:46:49 peertube systemd[1]: peertube.service: Scheduled restart job, restart counter is at 24.
Jun 11 04:46:49 peertube systemd[1]: Stopped PeerTube daemon.
Jun 11 04:46:49 peertube systemd[1]: peertube.service: Consum

Apparently the old NodeJS version number is still registered somewhere, but how can I fix this?

3 messages - 2 participant(e)s

Lire le sujet en entier

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

✇The Hacker News
di: Ravie Lakshmanan
11 Giugno 2026 ore 08:23
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary

❌