A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.

GitHub has been struggling with service availability in recent months as traffic on the platform has surged, driven in large part by AI-assisted coding and agentic development workflows. The code-sharing site has been trying to address those issues by expanding capacity and migrating more workloads to Azure infrastructure, but reliability remains uneven. In the May 2026 GitHub Availability Report, GitHub acknowledges nine incidents that degraded performance, one fewer than its April report. That's something. But Jakub Oleksy, SVP of software engineering at GitHub, says there's more to be done. "We are making structural changes that permanently remove failure modes," he said in the report. "We acknowledge that we have work to do, but we’re committed to getting it done and making GitHub reliable when and where you need it." Microsoft’s code hosting site also briefly halted new Copilot subscriptions to reduce the cost impact of its AI services and to adjust its Copilot pricing to account for shifting model provider policies. As noted in an April post, GitHub had planned to increase its capacity by 10x back in October 2025, but by February 2026 it had become evident that a 30x expansion would be needed to accommodate the surge of pull requests, commits, and new repos. Last year, GitHub reportedly handled 1 billion commits for the entire year. Now it receives 1.4 billion commits every month. “We’re now serving 40 percent of monolith traffic from Azure (up from 8 percent in February), with Git traffic at 30 percent and repository replication at 99 percent,” said Oleksy. “We’ve more than doubled our effective capacity in four months.” Oleksy notes that efforts to isolate GitHub’s primary database cluster by moving users, authentication, and authorization into separate domains should prevent failures that cascade across the system. That hasn’t quite solved GitHub’s ongoing availability challenges, in part because Azure has also confronted capacity problems recently. There were nine incidents in May compared to 10 incidents in April. And June is on pace for a similar number. The Missing GitHub Status Page, an unofficial project to track GitHub service problems, counts 12 incidents in May and reports uptime over the past 90 days at 87.26 percent. By month, the project puts GitHub availability at 78.33 percent in April, 93.86 percent in May, and 88.39 percent for June so far. GitHub's Official Status Page presents a far more flattering view of availability, with uptime figures mostly around 99.9 percent for the listed services. These figures depend upon what gets counted and the duration of the disruption. GitHub’s own incident history page cites 26 incidents in April, 23 in May, and 12 to date in June. ®

Hello,

I’m wondering what happens when a report is made. I imagine it sends an email to the Mobilizon hosting manager.

But if a French association runs a group, it may be liable for the content published within that group. We might want several levels of reporting:

• one at group level (e.g. via private message). Also, are all messages sent by the event organisers available at group level? (Can the organisation provide moderation training at this level already?)
• one at platform level.

From what I understand, both are possible. Is that right ?

Kind Regards

1 message - 1 participant(e)

Lire le sujet en entier

MX Linux 25.2 is here, now with kernel 7.0 if you choose – although the Raspberry Pi edition still needs some work. MX Linux has been quietly turning into one of the Reg FOSS desk’s favorite distros for a few years now. It has a number of desirable attributes, and with version 25.2 released late last month, some of the slightly bumpier parts of the major upgrade to version 25 are getting smoothed out. We looked at MX Linux 25 in November last year, and reported that one of the niftiest features in previous versions had been lost. In MX 23 and before, you could choose which init system the OS used every time it booted up: so, for instance, you could normally run with the classic sysvinit, but if you needed to install something which demanded systemd, you could temporarily boot up with systemd as the init, install your app, and then switch back. In our testing, we’ve found that some things require Agent P’s Swiss Army Knife of a “System and Service Manager” to install, but once they’re in place on your computer, they will run quite happily without it. Alternatively, if it’s something you only occasionally run, you can start up with systemd only when you need it. The way that MX Linux did this no longer works on kernel 6.12 or above. So, in order to continue to offer a choice of inits at all, MX 25.0 made you choose at install time: either pick the systemd version, or the sysvinit version. (And if you wanted KDE Plasma, it was only available in systemd form.) MX Linux 25.1 fixed that with a new, different, switchable-init system. However, that made upgrading from 23 to 25 tricky, and after we tried it, the OS still worked, but the handy suite of MX Tools didn’t. These aren’t essential, but they significantly facilitate common adjustments and tweaks such as installing extra external apps, switching repositories and mirrors, managing kernel versions, installing additional device drivers such as the eternally problematic Nvidia drivers, and much more. They’re one of the distro’s key advantages, and well worth having. We dug out the machine in our test fleet, which runs MX, and tried the option in the installation program that installs over the top of an existing copy of MX. It worked fine, with some caveats: it’s not quite as capable as Ubuntu’s in-place reinstall, which spares your home directory while reinstalling the OS around it. MX simply overwrites the old OS; it doesn’t pick up any config from it – but it’s quicker and easier than custom partitioning. We had to re-enable our swap partition, and add a user account that matched the old one, but everything worked fine. With the MX Tools, it was fast and easy to choose local repositories for updates, and reinstall some handy proprietary apps such as Google Chrome and Slack. The distro comes with Flatpak preinstalled, and we used that to install Gear Lever to make it easier to reinstall Panwriter. The new MX Linux version 25.2 optionally includes the new kernel 7.0, from the Liquorix project that we looked at in 2022. For the Xfce edition, you can choose the normal edition, with a Debian kernel, or the AHS edition with the newer kernel. The KDE edition only comes in AHS form, and the lightweight Fluxbox edition for low-end kit only offers the Debian kernel. There are any number of Debian and Ubuntu based remixes and meta-distributions out there, but MX Linux is perhaps the single most user-friendly distro we’ve seen that isn’t based on systemd. It’s fast, lightweight, and much easier to get configured and installed than Devuan, or even than Debian itself. It also has better tools for adjustment and customization than any member of the Ubuntu or Debian family, and rivals the best Arch Linux-based distros such as Garuda Linux. As we reported from the Ubuntu Summit, Canonical is beginning a push into AI. Since then, the roadmap for Ubuntu 26.10 “Stonking Stingray” has been published, including what it calls a Context-aware desktop – powered by LLMs. Similar changes have already come to Linux Lite 8.0, which is based on Ubuntu 26.04. This too bundles a local LLM for all your error-filled artificial-plagiarism needs. We suspect that such developments may yet drive a small exodus of Ubuntu users – and if you also want to get away from systemd at the same time, then MX Linux is an excellent place to start. Bootnote: MX Linux on the Raspberry Pi Finally, version 25.2 sees the Raspberry Pi respin updated to the new base OS. Until 25.2, the Pi version was still on MX version 22. As this rather outdated description says, this is a separate edition of MX Linux with Xfce, but built in part from the packages in the Raspberry Pi OS rather than directly from Debian – so it looks and works like MX, but is compatible with most Pis and most apps for PiOS. For instance, the Pi configuration commands, and EEPROM updater, work fine on MX on the Pi, but they don’t on (for instance) Alpine Linux. We tried MX Linux 24.2 for the Raspberry Pi on both 4 GB and 8 GB Pi 5 machines and on a Pi 4, but it wouldn’t get past the splash screen for us – but the previous release worked very well, so once it’s received a little more TLC, this could turn out to be a good option for Pi users wanting a more configurable desktop OS. ®

A disgruntled IT worker faces 21 months behind bars after being found guilty of sabotaging his former employer’s systems for more than a year and half. Ezekiel Dean Potter, 34, was fired from his IT support job at Iowa’s Saydel Community School District (SCSD) in April 2023. He was found guilty of causing various technical damages to SCSD’s systems between May 2023 and January 2025. At his sentencing hearing on June 11, the court heard that the IT worker had gathered and stored more than 300 Saydel user account credentials before he was terminated from his position. Potter’s other offenses included deleting SCSD’s Facebook page on June 1, 2023, and data related to its Apple School Manager program, which prevented it from managing Macs and iPads. The disgruntled worker, who the prosection described in its sentencing memo [PDF] as “a plague on the Saydel Community School District,” was just one of two IT staff members who had the required privileges to make changes to the Facebook account. The deletion ended up being a permanent one, and SCDC had to create a new page in August. Following his intrusion into the district’s Apple School Manager on June 14, 2023, SCSD’s IT team had to work with Apple for a week to restore their access after Potter deleted users’ passwords, phone numbers, billing information, and the primary mobile device server management information, court documents [PDF] showed. He also attempted to delete all user accounts and restricted access for those who still had one. Potter’s next offense took place between July and August 2023, when he attempted to interfere with SCSD’s GoDaddy account, unsuccessfully resetting usernames and passwords. Potter logged into this GoDaddy account no less than 26 times, including on one occasion where he used his company-issued PC supplied by his subsequent employer, convenience store and pizza chain Casey’s. The IT specialist then took an extended break from his cyber sabotage. Court documents mention Potter successfully gaining access to SCDC’s Google and Gmail accounts in October 2024, but he waited even longer to act on this access. It wasn’t until January 2025 that he logged into SCDC’s PowerSchool-based Schoology learning platform using one of the district’s Google accounts to which he had access, and deleted the account of one of the organization’s IT staff. This had the knock-on effect of locking out teachers during a school day and, in turn, preventing them from teaching for two hours. He returned a week later and deleted an additional nine district Gmail accounts, including current and former staff, the district IT director, and superintendent. Investigations showed that even though Potter switched to a VPN during one of the January intrusions, his IP address was later traced back to him and his employer, The Printer Inc, which he joined after leaving Casey’s. He left that job on January 23, 2025, for reasons not disclosed. Potter seemingly trusted at least one of his coworkers enough to “wipe” a USB drive he left in his old desk, asking them to do so after he departed the company. That trust was misplaced, however, as the coworker instead reported the USB to management, and what followed ultimately proved to be Potter’s undoing. The Printer Inc passed the USB to law enforcement, and later the FBI, which forensically examined the device, finding spreadsheets filled with more than 300 district usernames and passwords, a floor plan for Saydel High School, as well as personal data pertaining to Potter and pay stubs from his employment at SCSD. In total, the district incurred $73,375 worth of costs related to employees' lost time, digital forensics, learning downtime, and time spent working with other vendors to remediate his intrusions. SCSD's insurer spent an additional $27,893.75 in payments for digital forensics and remediation work, taking the total losses up to $101,268.81. Potter was indicted on October 15, 2025, and arrested the following day, but released on pretrial supervision after accepting responsibility for his offenses. He later entered a guilty plea in January 2026, and was found guilty in February. At his sentencing hearing on Thursday, Potter expressed deep regret for his actions, especially for disrupting children’s learning, and for failing his family. "I never intended to negatively affect students, but I recognize that harm was still done and I'm deeply sorry," he said, according to local media. "This experience humbled me in ways I never expected, but I needed that." His defense attorney, Joseph Herrold, stated: “Mr. Potter now fully sees the impact of his actions and deeply regrets the harm he caused.” Herrold argued against a prison term, instead asking for a five-year probation term, owing to Potter’s deep regret and the strong deterrent that comes with his felony conviction. The public defender also pointed to Potter’s clean criminal background, noting only one prior harassment misdemeanor related to a 2010 case, when he was just 18 years old. Potter was convicted following immature conduct from the backseat of a vehicle, for which he received a $65 fine. Herrold also said Potter’s restitution order to repay $59,668.81 in total, with $31,775.06 going to SCSD and $27,893.75 to its insurer, Travelers Indemnity Company, only furthered the deterrent effect, and would impact his lifestyle for years to come. Prosecuting the case, US attorney David C. Waterman, pushed instead for a 26-month prison term, saying: “Defendant’s actions were not a one-time lapse in judgment. They were calculated, malicious, and seemingly motivated only by the defendant’s vindictiveness.” He added: “The defendant’s attacks on SCSD’s systems are troubling not just because of the significant damage he caused – tens of thousands of dollars, without accounting for the unknown but clearly extensive disruption to teaching and school activities – but also because of the defendant’s motivations. “It appears the defendant repeatedly assaulted SCSD out of spite and pure maliciousness, despite knowing his actions would affect not only his former boss and IT colleagues, but also school faculty, administrators, and students.” ®

KPMG's October 2025 report on the wonders of agentic AI has been accused of demonstrating one of the tech's less desirable talents: making things up. Research outfit GPTZero claims a forensic review of the Big Four firm's October 2025 report, "Total Experience: Redefining Excellence in the Age of Agentic AI," found that only five of its 45 citations correctly pointed to the cited source; the rest ranged from mangled and misleading to partially fabricated or too vague to verify. The consulting industry has form here. Last year, Deloitte ended up refunding the Australian government after AI-generated content slipped into a taxpayer-funded report. GPTZero dubbed the phenomenon "vibe citing" – the citation equivalent of vibe coding – where generative AI appears to stitch together fragments of real sources, invent titles, or otherwise produce references that look convincing until someone actually clicks them. GPTZero alleges that roughly half of the report's factual claims were false, unsupported, or attributed to the wrong source. Several case studies highlighting supposedly cutting-edge deployments of agentic AI appear to have been particularly creative. Among the examples highlighted by GPTZero were purported agentic AI deployments at UBS, Swiss Federal Railways, and Transport for London. According to GPTZero, the sources cited to support those case studies either did not substantiate the report's claims or contained alterations and paraphrasing that undermined their reliability. “These factual errors are not confined to the report’s footnoted passages,” GPTZero said. “On page 42, the authors claim that Emirates airline has adopted a mobile chatbot named Sara (false) that can converse directly with passengers (partially true) and change their flights (false). In fact, Sara is a robot assistant introduced by Emirates in 2023 (not a chatbot) that lacks the ability to alter flight bookings.” Not all of the alleged problems involved external sources. GPTZero noted that the report appears to contradict KPMG's own research, citing a figure of 55 percent of CEOs ranking AI as their top investment priority. KPMG's 2025 CEO Outlook, released the same month, put the number at 71 percent. KPMG has since removed the report from some of its websites while it investigates how the publication made it into the wild, according to the Financial Times. A spokesperson at KPMG told The Register: "KPMG International takes the accuracy and integrity of its published content seriously. The report has been removed and we are reviewing the circumstances surrounding its publication. We expect all our people to follow our guidelines on the responsible use of AI, including human oversight to validate content and verify independent sources." Consulting firms have spent years warning clients about AI hallucinations. According to GPTZero, KPMG may have just provided a live demonstration. ®

Pharmaceutical giant Novo Nordisk says data related to clinical trial participants was stolen as part of a cyberattack. The affected patient data was pseudonymized and not directly linked to names or other direct identifiers, the company said. The maker of the Wegovy weight-loss drug said the affected data types include patient ID, information on trial participation, gender, year of birth, biomarkers, health/immunogenicity data, and lifestyle factors including smoking status, alcohol use, and BMI. "This information is not directly linked to any patients by name or other direct identifiers," the Novo Nordisk said on its dedicated page for the attack. "Information about identity would therefore require access to underlying information, identifying patients by name etc. This information was not exposed. We therefore do not consider the incident to enable any third party to identify participants in our clinical trials." The same statement confirmed that the attack affected a "limited number of internal IT systems," and the company said some systems have been taken offline as a precaution. Although it does not believe there is an immediate risk stemming from the breach, it nonetheless warned patients to remain vigilant for anything that could be connected to the data stolen during the attack. A separate letter sent to the company's healthcare partners (HCPs) states that additional personal information may have been stolen and could lead to targeted phishing attempts. Affected HCP data includes names and registration numbers, email addresses, phone numbers, WhatsApp details, and office locations. "Based on the nature of the exposed data, the potential consequences of the incident include targeted phishing attempts through emails, phone, and WhatsApp, or fraudulent communications impersonating colleagues," Novo Nordisk said in the letter. "We recommend that you remain vigilant against unexpected messages or calls and report any suspicious activity to us." The pharma biz warned that it may take time to bring these systems back online, but it is working to do so "in a controlled and safe manner." Elsewhere, it all sounds like standard practice. Outside experts were called in to help investigate, and Novo Nordisk has not yet confirmed the scale of the breach, nor will it until the experts have more time to assess the damage. Novo Nordisk added that the attack has had no impact on its core business operations, which remain running as normal. The attack was announced on what should have been a day of celebration for the company, whose flagship semaglutide weight-loss and diabetes pill received the green light to become the UK's first daily GLP-1 tablet hours earlier. The Wegovy pill joins the list of approved weight-management treatments that act as agonists for the GLP-1 receptor. All the other approved treatments are injectables, including Wegovy and Ozempic, both of which are also developed by Novo Nordisk. The Danish company employs roughly 67,900 people across 80 countries, and markets products in nearly every country globally. ®

Amazon says its datacenters used about 2.5 billion gallons of water last year, but claims that's far less than rival hyperscalers and that it remains on track to become "water positive" by 2030. In a blog post, the digital tat bazaar and cloud computing biz says the 2.5 billion gallon figure covers its entire global datacenter footprint for 2025. It downplayed the number by comparing it to the volume of water Americans - a country of 350 million people - used on lawns and gardens over the same period. Amazon disclosed water usage of 0.12 liters per kilowatt-hour (L/kWh) at its data facilities, and claimed Microsoft used 0.27 L/kWh during 2025, while Meta's consumption stood at 0.19 L/kWh in 2024 and Google was the thirstiest at 1.15 L/kWh during the same year. The Register has asked Microsoft, Meta and Google to comment. The water usage, we're told, is 75 percent of the way to Amazon's goal - announced in 2022 - of being "water positive" by 2030. It means facilities return more water to the environment than they consume, via measures including rainwater capture or other treating waste water for reuse. The figures come amid growing pushback against datacenter construction in the US. A recent Ipsos survey found most Americans don't want facilities built nearby, citing worries over electricity prices, eyesore buildings, and water-hungry operations. This echoes a 2022 report that found Google datacenters were consuming more than a quarter of all the water used in The Dalles, Oregon. Or, if you'd rather not to blame the industry itself, you could go with the line that Chinese operatives are spreading propaganda over social media, a claim that OpenAI and other interested parties are keen to promote. Whatever the cause of the backlash, the underlying numbers are real: datacenter water use has been climbing for years, driven by the sheer growth in facility numbers and by AI servers, which run hotter and demand more cooling than traditional kit. Water consumption at Microsoft's facilities surged 34 percent to 6.4 million cubic meters in 2022, for example, with generative AI blamed. Making matters worse, many datacenters now in the pipeline in the US are slated for areas already experiencing drought, according to analysis by The Guardian newspaper. Amazon says that its facilities use "free air cooling" about 90 percent of the time, pulling in outside air and flowing it past servers to absorb the heat, with no water involved - though it does resort to evaporative cooling during the hottest weather. But as The Register outlined last year, kicking the water habit completely will be nearly impossible, regardless of what claims the operators may make. ®

Rilevate due nuove vulnerabilità in Squid, software open source utilizzato come caching proxy.

EXCLUSIVE For the past 90 days, Microsoft has been quietly patching a firmware flaw in Surface devices that allowed the hardware to be bricked with a single packet, though only for those who have disabled Secure Core and Secure Boot. And the company's Copilot AI software inadvertently helped identify the faulty firmware. According to Jack Darcy, a security researcher based in Australia, his instance of Microsoft Copilot stumbled across the bug after being asked to adjust the screen backlighting on a Surface device. The Copilot-conjured Python script ended up rendering the researcher's laptop inoperable by overwriting the embedded controller firmware. "Copilot autonomously created and executed four progressively aggressive Python scripts during a probe for backlight control values that sent raw SSAM ioctl commands (SSAM_CDEV_REQUEST = 0xC028A501) directly to the SAM microcontroller through the SAM software path," Darcy explained to The Register. The SAM or SSAM is the embedded controller used in Surface devices. And as our source explained, Microsoft’s implementation of the controller in Surface devices did not include any defense against arbitrary write values. Microsoft does not consider the bug to be a practical threat. "There is no realistic attack scenario with this issue," a spokesperson told The Register. "In order to successfully exploit it, an attacker would need to interact with specific drivers and send commands to a hardware interface. This would require administrator privileges on the machine, as well as disabling the Secure Boot feature. With this access, they could perform any number of actions." Commonly, Darcy said, digital devices require holding a button down or connecting a jumper cable to enable arbitrary write access. But that security check is absent in Surface devices, we're told, enabling Copilot to vandalize the firmware in the absence of Secure Core and Secure Boot. Essentially, the probing triggered an update command from the SAM that overwrote the UEFI and Secure Boot firmware. Surface devices treated to this sort of probing should continue to operate because the SAM was already initialized and is running in RAM. But upon reboot, when the SAM tries to reload using corrupted data in its non-volatile storage, it will fail to initialize, and the system will be unable to Power-On Self-Test (POST). The Python script crafted by Copilot on the security researcher's Surface device iterated blindly over a particular Target Category and the set of Command ID (CID) pairs, sending empty/null payloads to WRITE commands. The result, Darcy explained, is that the SET Feature Report was called with null payload, the Output Report was called with null payload, and other CIDs were hit by SET commands that wrote garbage data. As a result, the device became inoperable. We're told this has been a common complaint about Surface devices online support forums over the years, though we have no way to determine whether boot failures reported for other Surface devices can be attributed to this specific problem. Many Surface hardware issues reported publicly appear to be fixable through various troubleshooting techniques. But devices made inoperable by SAM access, our source insists, are permanently bricked – a situation that can entail hundreds of dollars in repairs for a new motherboard. No USB, no factory reset, no access to the BIOS/UEFI, we're told. Darcy said that the SAM Bus is terribly designed. "There is no way to see the current value without scanning the bus," he said. "But scanning the bus kills the unit." The problem is that the CIDs, which are like APIs for the SAM, have been interleaved in a way that's dangerous. "If all the reads were grouped together (say, CIDs 0x01–0x0F) and all the writes were grouped separately (say, CIDs 0x10–0x1F), a probe script could safely scan the read range without ever accidentally wandering into write territory," Darcy said. "You could even put a simple bounds check in your code: 'only probe below 0x10.' Done. Safe. "But because reads and writes are interleaved in the same numbering space, there is no safe range to probe. You literally cannot scan even two consecutive CIDs without a coin-flip chance of hitting a write command. The moment you decide to enumerate what's available, you're already firing blind writes, because the command space gives you zero structural information about which operations are safe and which are destructive." Managed devices not at risk The Register asked Microsoft about our source's claims on March 10, 2026. A company spokesperson reiterated a prior suggestion that the researcher contact the Microsoft Security Response Center (MSRC), an effort our source found too cumbersome. Rather than publishing details about what might have been a potential zero-day flaw – we were uncertain about the Secure Boot/Secure Core requirement at the time – The Register reached out to internal Microsoft sources in an effort to get someone's attention. By March 12, with the help of Microsoft media relations, we managed to coordinate a conversation between Darcy and Madeline Eckert, senior program manager with MSRC. Microsoft subsequently acknowledged the vulnerability and committed to issuing a fix. The Register in turn agreed to delay publication for 90 days while repairs were made. We're told most affected devices have been updated (via Windows Update), or will receive updates in coming weeks. The issue did not meet the bar for a CVE, according to the company. "We appreciate the work of Jack Darcy and The Register for reporting this issue under a coordinated vulnerability disclosure," a Microsoft spokesperson said in a statement. "Our investigation found that a deprecated UEFI interface could trigger a boot loop on some devices. To trigger this loop, the user must have administrator privileges and have already disabled the Secure Boot security feature. We have released updates to address the issue for most impacted devices." That means managed devices are not at risk. But those using Linux, or Windows users who have disabled Secure Core and Secure Boot for gaming, or who use custom Windows drivers, or who have USB boot enabled, may still be vulnerable if their systems haven't received the update. We're uncertain about the range of Surface devices affected. Our source said it appears to be all of them (Surface Laptops 3-6, Surface Book 1-3) except for Surface Go models. ARM variants, however, have not been tested. Microsoft moving Surface to Rust One of the things we learned from Darcy during the effort to get this issue patched is that Microsoft is planning to move the Surface stack to Rust. We understand from David Abzarian, chief architect for Microsoft Surface, that work is underway to transition future Surface for Business hardware to a more secure architecture based on Rust code. "Our most recent Surface for Business hardware features a major architectural shift in terms of improved reliability and security that spans our embedded controller, UEFI, but also some of our drivers," said Abzarian in a statement provided to The Register. "We’re investing in the most secure foundation for a PC by building our embedded controller firmware from the ground up in Rust (as part of leveraging and contributing to the Open Device Partnership (ODP)) in addition to a rewrite of the UEFI DXE Core in Rust; these projects are known as Secure EC and Project Patina respectively. "We’re also not only shipping some of our drivers written in Rust, but also helping co-develop the framework Windows Drivers in Rust (WDR) to help enable a broad set of partners in the Windows ecosystem to capitalize on these benefits. I will also note that all of these efforts are open-source promoting one of our key security principles around transparency." Asked to comment, Darcy said, "The fact that a device can be destroyed, irreparably from userspace is... certainly an interesting design decision. While I applaud Microsoft for their beautiful, and innovative Surface series, a little more innovation around verifying incoming data at the firmware level would have been greatly appreciated." We're told Microsoft provided Darcy with a Surface laptop as a show of appreciation. ®

Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos "made safe for general use," Anthropic explains.

Bonjour,

Je débute sur Framagenda. J’ai crée mon calendrier, ajouter mes contacts et envoyer une invitation pour chaque évènement aux participants. J’ai reçu un mail sur ma boîte Zimbra disant que mon contact acceptait mon invitation. Pourtant, quand je consulte mon calendrier sur Framagenda, il est indiqué que la réponse est en attente. Comment faire pour synchroniser la réponse avec Framagenda ?

Merci de votre aide.

6 messages - 2 participant(e)s

Lire le sujet en entier

Google has sued an alleged China-based cybercrime operation it says used AI-powered phishing kits to blast out millions of scam text messages and funnel victims to fake websites designed to steal passwords, payment cards, and other sensitive information. The complaint targets a group Google refers to as the "Outsider Enterprise," which the company describes as a sprawling criminal network that operates on Telegram and supplies phishing tools to other fraudsters. According to Google's filing, the operation has been linked to more than 9,000 fraudulent websites, over one million malicious URLs, and scams that have allegedly defrauded hundreds of thousands of people. The group's biz model centers on distributing phishing kits that enable criminals to impersonate Google and other trusted brands through large-scale text message campaigns, Google claims. Victims are directed to fraudulent websites designed to steal login credentials, payment card details, and other sensitive information, it adds. Google's allegation is not that AI is somehow breaking into people's phones, but rather that the technology appears to have been used to help churn out phishing content, allowing the operation to push more scams, more quickly, and with less effort. Android users flagged more than 55,000 spam texts linked to the operation during a two-week period in May, we're told, while the company detected roughly 2.5 million messages containing links to Outsider-controlled websites sent to Android devices during the same time frame. The lawsuit forms part of a broader effort involving federal law enforcement and US telecom providers. Google said it is coordinating with the FBI, AT&T, T-Mobile, and Verizon to disrupt the infrastructure behind the campaigns and block malicious messages before they reach users. "The criminals behind the Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims," said Brett Leatherman, assistant director of the FBI's Cyber Division. "Criminals increasingly use AI to make fraud like this more convincing and harder to detect. Together with partners like Google, we can disrupt criminal networks in ways no single organization could on its own." The lawsuit may never put the alleged operators in a courtroom, but it could still help pull apart the infrastructure behind the campaigns. ®

UPDATED SpaceX priced its blockbuster initial public offering at $135 a share on Friday, raising $75 billion and valuing Elon Musk's rocket biz at roughly $1.78 trillion. Retail investors piled in to get a handful of Musk's magic beans, sending shares up 19% on the first day, valuing the company at over $2.1 trillion, and turning the South African native into the world's first trillionaire based on his stakes in both SpaceX and Tesla. The haul for the space exploration and satellite company could rise to about $86 billion if underwriters exercise their option to buy more stock, making it the largest IPO in US history. The company confirmed [PDF] that 555.6 million shares of Class A common stock were sold in the offering, with another 83.3 million available to underwriters. SpaceX is a loss-making company. In its Form S-1, filed with the US Securities and Exchange Commission, it divided operations into Space (Falcon 9 and the like), Connectivity (Starlink), and AI. Only the Connectivity segment is turning a profit, to the tune of $4.4 billion in 2025, while the others continue to rack up losses. Making a profit from AI continues to elude many companies – SpaceX is not the only entity where investment exceeds revenue, and Starship remains a work in progress. In the company's Form S-1, SpaceX reported a net loss of $4.9 billion on revenue of $18.7 billion in 2025. The IPO values the company at more than 90 times that revenue. According to The Financial Times, the IPO was heavily oversubscribed – orders exceeded the number of shares on offer by more than three times. Retail investors also ordered more than $100 billion of shares, and were allocated between 20 and 25 percent of the shares sold. The record-breaking IPO reflects investor appetite for AI-related companies, as well as a bet that SpaceX's estimate of a $28.5 trillion total addressable market, including $22.7 trillion in "Enterprise Applications," proves realistic. Skeptics may recall that promises and assurances associated with Elon Musk rarely survive contact with reality. In addition to his trillion-dollar net worth, Musk may also be in line for a vast Tesla payout if the carmaker hits targets including a sharp rise in valuation and the delivery of a million robots over the next decade. ®

London's Metropolitan Police Service (MPS) is planning to cut around 700 extra frontline posts after being blocked from awarding a software contract to US supplier Palantir, Commissioner Mark Rowley said. On May 20, the capital's deputy mayor for policing and crime Kaya Comer-Schwartz refused to approve the MPS's plan to hand its Unified Operational Analytics (UOA) contract, worth up to £50 million over two years, to Palantir. The force already uses Palantir in professional standards investigations into its own officers. In the written version of his report to the London Policing Board on June 11, Rowley said the MPS has to reduce its full-time equivalent (FTE) headcount by 1,150 in the current financial year to balance its budget. The UOA would have covered around 500 of these by reducing staff time spent on backroom work including intelligence reports, mobile device analysis, and data processing. "Following the decision not to award the contract with the preferred supplier Palantir, the delivery of these circa 500 FTE reductions are now at risk," Rowley wrote, adding that the UOA also looked likely to allow the force to cut a further 200 FTE serious and organized crime (SOC) posts. "We are now in a scenario where, in the absence of additional new funding, we must identify and implement in-year cuts to our services to Londoners, rather than using technology to automate administrative and research-heavy areas of the MPS," the Commissioner wrote. The MPS "may be able to take the edges off these reductions" if it can quickly find an alternative route to UOA functionality, Rowley said. But as any procurement would likely take months, the force must plan greater cuts in frontline policing. A spokesperson for the Mayor of London said: "The mayor fully supports the Met using modern technology to drive efficiencies and improve the performance of the police. However, as with all procurement, we must always ensure the correct processes are followed and that Londoners get value for money. "In this case, the Met did not present its procurement strategy for approval, as required, and the process followed by the Met did not adequately demonstrate value for money for Londoners for a proposed contract at this value. Given the tight budgetary constraints the police are operating under, it's even more important that robust processes are followed when awarding large contracts. "The Met does face a difficult financial situation, which stems from the huge cuts implemented by the previous government and the significant underfunding of the Met's capital city responsibilities. The mayor has already doubled the policing budget from City Hall and he will continue to do everything he can to support the Met and secure the national funding needed for policing in our city." The dispute comes as the Home Office announced an expansion of AI use across policing in England and Wales, with large-scale pilots in up to ten forces this financial year aimed at helping officers process digital evidence. The work will be run centrally by a new body, PoliceAI. ®

Plymouth City Council has joined the growing ranks of public bodies defeated by the humble BCC field after exposing the email addresses of around 500 home-schooling families in a mass-mailing mishap. The blunder comes barely a week after City of York Council disclosed a similar mistake that exposed the email addresses of hundreds of disabled residents, suggesting that some public sector workers remain engaged in an ongoing battle with one of email's oldest features. The message, sent by Plymouth's Elective Home Education team, was meant to share information about upcoming legislative changes, but it also shared the email addresses of hundreds of home-schooling families with one another. A Register reader who contacted us about the incident described the aftermath as "a bit of a mess," claiming follow-up communications caused further confusion among recipients. Plymouth City Council did not respond to The Register's questions, but in a statement provided to local media, it admitted the incident was caused by human error and affected approximately 500 families. "Unfortunately, due to human error, a recent email was sent to approximately 500 families without using the BCC function, meaning recipient email addresses were visible," the council said. The authority said it contacted recipients as soon as it became aware of the problem, apologized, and asked families to delete the email and refrain from using any details they had received. It stressed that the message included no information relating to children and consisted solely of a general update. The council said the email mishap was investigated internally and that affected families were contacted again once officials had pieced together what went wrong. It also promised extra checks designed to keep future mailing lists out of public view. The council also reported the matter to the Information Commissioner's Office (ICO). An ICO spokesperson told The Register: "We can confirm that we received a report from Plymouth City Council regarding this incident. After carefully assessing the information in the report, we provided data protection advice and closed the case with no further action." While the exposure appears limited to email addresses rather than more sensitive personal information, the incident serves as another reminder that some of the most common data breaches do not involve sophisticated cybercriminals or ransomware gangs. Sometimes all it takes is sending an email to a few hundred people and clicking the wrong box. ®

The UK government has set up an advisory board for its digital ID project, intended "to challenge the government on emerging ideas or policy decisions to ensure the system works for everyone," says the Cabinet Office. The board includes David Rogers, an Internet of Things security expert and CEO of security consultancy Copper Horse. He is no stranger to government advisory panels, having previously sat on a group formed in 2020 to consider telecoms diversification. A year later, as chairman of the GSMA's fraud and security group, he backed the then-Conservative government's Product Security and Telecommunications Infrastructure Act 2022. Rogers has provided El Reg with comments over the years, and in 2014 discussed iPhone 6 biometric security, arguing that better usability would cut data loss overall because most people found PIN locks too cumbersome. Justine Roberts, founder and chief executive of UK parenting forum Mumsnet, is also on the board. The site experienced a data breach in 2019 due to a cloud migration affecting 46 user accounts, leading Roberts to apologize. More recently, some Mumsnet posters have been unimpressed by the government's digital ID plans, with one responding to the prime minister's October 2025 announcement with "Honestly, who is he kidding?" and "Desperate stuff to justify this authoritative bs." During the public consultation, some posters promoted the Sex Matters campaign to let Brits include their sex in their digital IDs. Another board member, Victor Dominello, has relevant experience as the minister who launched New South Wales' digital driver's license in 2019, saying it was more secure than the physical equivalent. In 2022, a researcher at security company Dvuln found numerous security flaws in the Service NSW app that hosts the license and other government services, although the state government said these did not pose a risk to customer information. Other members include John Fallon, former chief executive of Pearson and the lead non-executive board member of the Cabinet Office; Anne-Marie Imafidon, who runs social enterprise Stemettes, which encourages people to consider jobs in tech and science; and digital regulation lawyer Emma Wright. The board will meet quarterly for as long as the digital ID program lasts. The government is also setting up engagement exercises with the digital verification and financial services sectors. It is currently running a People's Panel with around 100 to 120 participants meeting in Birmingham and on Zoom to hear from experts and ministers before producing recommendations, in return for £550 in cash or vouchers. ®

Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform. "The attack

Rilevate 5 nuove vulnerabilità, di cui 3 con gravità “alta”, in Vim, noto editor di testo avanzato. Tali vulnerabilità, qualora sfruttate, potrebbero consentire ad un utente malintenzionato di eseguire codice arbitrario sui sistemi interessati.

For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The threat landscape has changed faster than the MDR model can adapt. Attackers are using AI to move faster, generate more

Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent artificial intelligence (AI) agentic applications. "An SQL injection in LangGraph's function could

Rilevata una nuova vulnerabilità in MongoDB Server con gravità “alta”. Tale vulnerabilità, qualora sfruttata, potrebbe consentire ad un utente malintenzionato di accedere ad informazioni sensibili e di compromettere la disponibilità del servizio sui sistemi interessati.

EPISODE 11 "And uh... what are you doing?" the Head of Security asks, entering the Security office as I'm making my way to the exit – with a PC under my arm. "Just taking this back to the office to archive the contents and then reset it to factory defaults," I say. "Company policy when someone has been... let go." There have been a number of changes at Security – the same number of changes as there used to be members of Security staff. Apparently, eating endless pastries and watching pirated movies isn't an industry-standard procedure for security professionals. Furthermore, the spate of alcohol thefts from the boardroom liquor cabinet seems to have ended after HR discovered several empty bottles in Security's overflowing recycling bin... HR acted swiftly (for a change) and a whole new security team was employed, headed by a keen new broom – who's currently blocking the doorway... To say that he's enthusiastic in his role would be an understatement. His first move was to isolate Security onto a completely separate internet feed, firewalled off from the rest of the Company. Move two was to implement a plan of recording the equipment people leave the building with – something that's proving rather unpopular with laptop users. "Oh, I don't think we'll need it to be erased," he says, holding out his hands to retrieve the machine from my grasp. "Really, there's no telling what's on this machine," I say. "Malware, copyright movies, porn even. We don't know. It's safer – for the Company – if we just start from a clean machine. We might even just dump it to be on the safe side." "Sure," the Head of Security says. "Though that machine looks like it's almost brand new. It's still got stickers on it! And it looks fairly... high end. I think we can take the risk. I'm pretty up-to-date with IT security and the like – so maybe you should let me worry about..." "I think this should probably be HR's call," I respond. "They may want to be sure the Company isn't exposed to any risk that the machine might present." "I can call HR if you like," the Chief Pie-eater suggests, calling my bluff and reaching for his phone. "But I doubt they'd be too concerned." "They should be. If there's malware installed on the recovery partition, you'll reinfect the machine when you restore it to factory defaults." "Thanks for your concern," he says, wresting the machine from my grasp and stepping out of the doorway. ... So that's how it's going to be. Obviously, we knew there was going to be trouble. We prepared ourselves for it. The new Security team has an enthusiasm for the job that was completely absent from the former crew, mainly because they're jockeying for the position of 2IC. The Boss is waiting for me when I get back to Mission Control. "Just had a call from Security. Apparently, you were trying to... remove... one of their machines?" "Yeah. I was going to erase it and restore it to factory settings." "Couldn't you just do that there?" "We prefer to do a reinstall on the DMZ segment – just in case there's any malware on the machine after we restore it." "Right. Well, I talked to the guy, and it certainly sounded like he had everything under control," the Boss assures me. And so there you go. The Boss can determine someone's technical competence from a two-minute phone call. It must be one of his superpowers, along with the toxic body odor and the ability to sniff out a kebab stand in a farmers' market. Two minutes later, in Mission Control… "Right," I say, entering Mission Control. "Everyone ready?" The PFY nods. The lead candidate for 2IC of Security nods. "One of the pitfalls with security types is that they often shave with Occam's razor," I say. "When seeing someone leaving the office with a PC under their arm, they immediately think 'office theft,' rather than thinking 'did this person bring the aforementioned machine into the office in the first place, wait until they heard someone approaching, then make to exit the office?'" The 2IC candidate contemplates this silently. "Another problem with security types is how to celebrate a victory. In this situation, a wise person would not simply 'upgrade' their desktop machine with this newer and shinier item – because it might have an infected operating system – AND infected recovery partition. No, a wise person would first sca-" "Ooh, we're in business!" the PFY interrupts, as his machine receives a ping. "Right," I say to Security 2IC, "I'd give it maybe half an hour – to really trash your network – before I head downstairs. Then maybe I'd ask why all the machines in your office appear to be going crazy." "And you think that would be enough to get him fired, do you?" he asks. "It will be when you discover the stash of Company laptops in the boot of his car as he leaves the parking basement," the PFY says. "And make sure you have the Head of HR with you." "Why's that?" the soon-to-be Head of Security asks. "Because one of the laptops is his..." BOFH: Previous episodes on The Register The Compleat BOFH Archives 95-99

For more than a decade, Dr. Joseph Mercola cautioned parents against a potentially lifesaving shot of vitamin K for their newborn babies: “Vitamin K shots are completely unnecessary for your newborn.”

But now, in a break from his past warnings, Mercola is saying he no longer believes that. 

ProPublica contacted Mercola recently as it was preparing an article about babies who died as a result of their parents turning down the vitamin K shot. Mercola’s new point of view is just as unequivocal as his old one: “The data is clear: vitamin K saves lives,” he wrote in an April article on his website two days after ProPublica contacted him. He added: “Based on the totality of the published evidence, I support vitamin K prophylaxis for all newborns.” 

He also directed parents to speak to their children’s pediatricians. 

“Vitamin K deficiency bleeding is rare, but when it occurs, the consequences can be devastating and irreversible,” Mercola wrote. “A single injection at birth can prevent it. Please talk to your doctor.”

Mercola is a leading vaccine skeptic and an ardent supporter of Health and Human Services Secretary Robert F. Kennedy Jr. He is a popular figure online, with a Facebook page that has some 1.7 million followers. He sends out a daily newsletter and sells alternative treatments for a variety of ailments. 

His reversal comes at a critical moment. Hospitals and research studies have documented an alarming jump in babies not receiving the vitamin K shot, which has been recommended by the American Academy of Pediatrics since 1961 to help newborns’ blood to clot. Without it, research shows, babies are 81 times more at risk for late vitamin K deficiency bleeding, which can be fatal. 

Just as has happened with measles and other vaccines, vitamin K shots have become the target of a deluge of false information online. That has caused some parents to view it as an unnecessary pharmaceutical intervention amid a lingering mistrust of the medical system following the COVID-19 pandemic. 

Some point to a 2010 post from Mercola, entitled “The Dark Side of the Routine Newborn Vitamin K Shot.” A doctor in Tennessee recalled reluctant families citing the article, as did doctors in Oregon. 

In the years that followed, Mercola stood by his opposition. He reiterated his position in 2014, after four babies in Nashville, Tennessee, suffered vitamin K deficiency bleeding. And he did so again in 2019, after hospital staff contacted child protective services in Illinois and took temporary custody of a newborn whose parents refused the shot for their baby.  

In place of the shot, Mercola had recommended vitamin K drops, which are taken orally and have been touted online as a popular alternative. The drops, however, are not approved by the Food and Drug Administration and research shows they are not as effective as the shot, though they are used in some European countries. 

In his April article, he addressed the rampant false information online regarding the vitamin K shot and acknowledged the role his writing may have played in spreading it. “The internet contains a significant amount of misinformation about vitamin K,” Mercola wrote. “Some of it may reference my own 2010 article. That article reflected the state of a scientific debate that has since been resolved. The science moved forward, and so have I.”

In fact, the science around the vitamin K shot has been settled for decades. The discovery of vitamin K and its role in clotting blood won the Nobel Prize in 1943. Newer studies have confirmed and furthered many of the findings that were available in 2010, but they do not represent a scientific shift from previous research. Some recent studies that Mercola cited in the April article document the rise in babies not receiving the shot and the catastrophic bleeding in the brain that can follow, but again both reinforce the same science that has encouraged giving the shot for more than 60 years. 

In Mercola’s earlier posts, he wrote about what he deemed to be risks from the shot, beginning with “inappropriate” and “unnecessary” pain to the baby. He incorrectly claimed that the amount of vitamin K injected into newborns was far more than the needed dose. In addition, he wrote that the shot may contain preservatives that can be “toxic” to a baby’s immune system. 

Benzyl alcohol is often used as a preservative in vitamin K shots, but the Centers for Disease Control and Prevention and other organizations have stressed that it’s safe. In the 1980s, doctors realized that some extremely premature babies suffered benzyl alcohol toxicity, but, according to the CDC, that was because they were on so many medications containing it. In addition, many hospitals now offer preservative-free options.

Some families have also expressed fear about a “black box warning,” which appears on a drug’s label to alert providers of serious risks. The shot does contain a boxed warning, as do more than 400 other medications, but that is primarily related to adults and vitamin K that is given through an IV, not as a shot in the thigh muscle, which is how doctors typically administer vitamin K to babies. None of the dozens of doctors interviewed by ProPublica said they have ever seen an adverse reaction in an infant who received a vitamin K shot.

But even back in 2010, Mercola dispelled one popular misconception that vitamin K injections increased the risk of cancer. That belief stemmed from a pair of older refuted studies. In 2010, he wrote, “that conclusion was in error.” In April, he reinforced that message.

Alternative treatments promoted by Mercola have attracted federal scrutiny. He and his companies have had to pay millions of dollars to settle allegations that he had made false claims about the safety of products. 

During the pandemic, for instance, the FDA sent Mercola a warning letter after he offered unapproved and misbranded products, including vitamin C, on his website as ways to prevent or treat COVID-19. 

In 2017, the Federal Trade Commission announced it was mailing $2.59 million to people who bought Mercola indoor tanning systems. The agency charged that Mercola and his companies claimed the tanning systems were safe and that research showed that indoor tanning doesn’t raise the risk of melanoma, a type of skin cancer. 

Mercola did not admit wrongdoing. His online posts include a disclaimer that they are intended as a way of sharing knowledge and information, not medical advice. He also has said his 2010 vitamin K article was based on an interview with a Dutch researcher who studied vitamin K.

Mercola, a doctor of osteopathic medicine, declined to be interviewed for this story but said his current stance is accurately reflected in the April article. “While I do not agree with all of the characterizations and conclusions in your summary,” he wrote in response to questions from ProPublica, “I have nothing further to add at this time.” 

Even though Mercola has now reversed his position on vitamin K, many on social media still cling to debunked and distorted claims. On Facebook, TikTok and Instagram, unsubstantiated claims often go unchecked.

One theme that has emerged on social media is the notion that God created babies perfectly, and there must be a reason they are born without sufficient vitamin K. In one video on TikTok, a woman who identifies herself as a nurse asked, “Did God really get it wrong?” 

Responding to another, someone wrote, “Just know our creator didn’t make a mistake. Every baby is born like this for a reason.” 

Others lump the vitamin K shot, which is not a vaccine, in with vaccines. A comment on a video about the vitamin K shot declared, “My baby isn’t getting any vaccines.” It received more than 600 likes.

Mercola also is not the only doctor being cited by vitamin K shot opponents. Commenters on Instagram, TikTok and Reddit have directed people to Dr. Suzanne Humphries, who has spoken out about vaccines and the vitamin K shot for many years. 

“My opinion is that the more I read about vitamin K,” she said in a video posted in 2014, “the more I can’t believe that it’s injected into newborn infants.”

Last month, she appeared in a lengthy interview on the website of Children’s Health Defense, the anti-vaccine nonprofit founded by Kennedy. She cited the pair of studies from more than 30 years ago that found an association between the shot and cancer, though they were both called into question shortly after they were published. As even Mercola noted in 2010, several additional studies found no increased risk of cancer following the shot. 

“Those of us that believe in a divine creator,” she said, “believe that maybe it is by design, or that actually it is by design, and that there’s a reason for it.” 

Humphries did not respond to requests for comment.

During Kennedy’s time at Children’s Health Defense, the group published a post in 2020 that claimed aluminum adjuvants — added components that boost the body’s immune response — in vaccines are “significant sources of early exposure” to aluminum. Some vitamin K shots contain a small amount of aluminum, but studies have not found any evidence of serious or long-lasting harm. Adjuvants, according to the CDC, have been used “safely in vaccines for decades.” 

Brian Hooker, chief scientific officer at Children’s Health Defense, said the aluminum concern remains, as does the cancer fear, despite multiple studies that found no basis for them. He said he would like to see more research on the vitamin K shot, as well as other newborn interventions like the hepatitis B vaccine. 

“I do want to look at the individual components of these shots in conjunction with everything else that the infant is getting,” he said, “and to me that body of literature is really incomplete.”

Hooker said he worked with Kennedy for many years and, while they are no longer in direct contact, he has full confidence in the country’s leading federal health official. But Kennedy’s silence has served to deepen skepticism among experts. 

“Now we’re starting to see something that I never saw, which was brain bleeds and gut bleeds in infants,” said Rep. Kim Schrier, a Washington Democrat who worked as a pediatrician for more than 15 years before running for Congress. “And that’s so scary and heartbreaking.”

At an April House subcommittee hearing, Schrier confronted Kennedy about vitamin K, saying that he made parents distrust doctors and shots, and as a result some parents are refusing the vitamin K shot and other standard care. 

“Right now, Secretary Kennedy, given what I just told you about vitamin K, will you just tell pregnant women out there for the record, ‘Yes, you should get your babies the vitamin K shot’?” Schrier asked Kennedy.

Kennedy did not oblige her. He said he has never said anything about the vitamin K shot. 

An HHS spokesperson did not answer ProPublica’s questions but said the CDC recommends that parents give newborns the vitamin K shot within 6 hours of their birth to prevent vitamin K deficiency bleeding. She acknowledged that uptake of the shot has declined during recent years “as public trust in health care institutions has fallen, particularly during the COVID-19 pandemic amid heavy-handed mandates and inconsistent messaging during the Biden administration.”

“Rebuilding that trust,” the spokesperson wrote in an email, “requires honesty, informed consent, and respect for individual choice.” 

Schrier said she empathizes with parents who are inundated with so many conflicting messages. She said she recently stepped out of the Capitol building and overheard a woman say — inaccurately — that every childhood vaccine contains glyphosate, which was an ingredient in some forms of the weed killer Roundup. 

“I can just see how this is going to spiral right now. It gets out there, then it’s on social media,” Schrier said. “Every parent just doesn’t want to do the wrong thing.” 

The post A Popular Doctor Had Long Warned That Vitamin K Shots Are Risky for Newborns. Now He’s Changed His Tune. appeared first on ProPublica.

An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle East and North Africa (MENA) region making 201 arrests. Included among them was Guedz, the primary

Bonjour, j’ai crée un sondage pour une réunion, les personnes ont voté, j’ai pu accéder aux résultats de leurs votes . Mais hier les votes avaient disparu… le tableau est vide, comment les retrouver ? Merci à tous et toutes pour votre aide

5 messages - 3 participant(e)s

Lire le sujet en entier

Google ha rilasciato un aggiornamento per il browser Chrome al fine di correggere 28 nuove vulnerabilità di sicurezza.

BORK!BORK!BORK! Windows swings for a six but smacks the stumps instead as the baleful glow of a Blue Screen of Death (BSOD) adorns Worcestershire County Cricket Club. We were worried that, with recent editions of Windows, the traditional white monospaced text on a blue background of a BSOD was becoming a thing of the past. Thankfully, Worcestershire County Cricket Club, founded in 1865, is keeping the old ways alive with a BSOD to bring a tear to many a system administrator's eye. Spotted by Register reader Rhodri Howell, Windows has been felled by a DRIVER_POWER_STATE_FAILURE, probably due to a bit of hardware not waking up when Windows asked it to, or the driver experiencing an unexpected teatime. The screens on top of the club's sign are usually there to beam messages at attendees, but in this case, it looks like at least one is a bit poorly, which might have contributed to Windows throwing in the towel or, to use cricket terminology, conceding. For the uninitiated, cricket is a team sport in which a ball is thrown at an individual called a "batter'" who defends several sticks in the ground called a "wicket." The sport is notable for a variant called a "test," which can last for several days, involve multiple games, and still end up in a draw. Windows, on the other hand, is an operating system more than capable of knocking an administrator for six and lobbing the odd googly or two at the unwary. The word "test" is also something that doesn't seem to trouble Microsoft so much these days, at least if what the company has delivered in recent months is anything to go by. No amount of shin pads or even the toughest of boxes is sufficient to ward off an eyewatering Windows update. Microsoft's current CEO, Satya Nadella, is a fan of the sport, and so the sight of Windows disgracing itself above Worcestershire County Cricket Club's signage (and the three black pears of the county's emblem) is doubly distressing. As the saying goes: "It's just not cricket." ®

La tangenziale di Napoli è ufficialmente la prima smart road Italia. L'infrastruttura ha ricevuto la certificazione dal Ministero delle Infrastrutture e dei Trasporti (MIT), affermandosi come un modello pionieristico per l'intero Paese.

Il concetto è semplice ma rivoluzionario: una strada che non è più solo asfalto, ma un'entità intelligente che dialoga con i veicoli per migliorare sicurezza ed efficienza. Questa non è fantascienza, ma una trasformazione concreta già in atto. Grazie a una rete avanzata di sensori, telecamere e sistemi di comunicazione, la tangenziale partenopea diventa un laboratorio a cielo aperto per la mobilità del futuro. Vediamo nel dettaglio come funziona e quali vantaggi porta agli automobilisti.

Cos'è esattamente una smart road?

Una smart road è un'infrastruttura capace di "parlare" con i veicoli che la percorrono. Supera il suo ruolo passivo per diventare un sistema attivo che raccoglie, elabora e condivide dati in tempo reale. Possiamo immaginarla come un grande sistema nervoso digitale che monitora costantemente il traffico e le condizioni ambientali. La normativa definisce una strada intelligente attraverso tre aree di intervento principali.

Monitoraggio del traffico in tempo reale

Sensori distribuiti lungo il percorso misurano costantemente i flussi di traffico. Questi dati vengono inviati a un centro di controllo che può prevedere la formazione di code, ottimizzare gli accessi e prendere decisioni basate su informazioni precise e aggiornate. Si passa così da una gestione reattiva a un controllo proattivo della viabilità.

Sicurezza e controllo meteo

La sicurezza è una priorità. Centraline meteo e sensori idrogeologici monitorano le condizioni dell'asfalto, rilevando pioggia, nebbia o altri rischi. In caso di potenziale pericolo, come un allagamento, il sistema allerta immediatamente gli operatori, consentendo interventi tempestivi prima che si verifichi un problema.

Comunicazione V2I: il dialogo tra veicolo e strada

Questo è il cuore del progetto. La tecnologia V2I (Vehicle-to-Infrastructure) permette uno scambio di informazioni bidirezionale. La strada invia ai veicoli connessi messaggi su incidenti, cantieri, ostacoli o la velocità consigliata per evitare rallentamenti. Allo stesso tempo, le auto inviano dati al sistema, contribuendo a creare una mappa del traffico estremamente accurata.

Napoli e la prima smart road Italia: un progetto certificato

Il progetto della Tangenziale di Napoli, sviluppato dal Gruppo Autostrade per l’Italia con il supporto tecnologico di Movyon, rappresenta un vero cambio di paradigma. Lungo i suoi 22 km, è in fase di installazione una complessa infrastruttura tecnologica: 217 telecamere intelligenti 15 portali per il rilevamento dei veicoli 8 centraline meteorologiche 40 antenne per la comunicazione V2I Questa dotazione crea un ecosistema cooperativo dove veicoli e strada collaborano per un unico obiettivo: rendere ogni viaggio più fluido e sicuro.

Quali sono i vantaggi concreti per chi guida?

Tale tecnologia si traduce in benefici tangibili per gli automobilisti. Sulla Tangenziale di Napoli sono già attivi servizi che segnalano in tempo reale la presenza di un veicolo fermo dopo una curva o un cantiere improvviso, aumentando la sicurezza percepita.

Inoltre, il sistema può suggerire la velocità ottimale per evitare la creazione di ingorghi. Invece di limitarsi a segnalare una coda già formata, aiuta attivamente a prevenirla. Questo significa meno stress, riduzione dei tempi di percorrenza e una guida più rilassata.

Il futuro è già qui: il test con la guida autonoma

La prova più evidente del potenziale di questa tecnologia è stata una sperimentazione unica in Italia, condotta tra Vomero e Fuorigrotta. Un'auto a guida autonoma ha percorso un tratto di strada adattando la sua velocità non solo tramite i propri sensori, ma grazie alle informazioni ricevute dalla strada.

L'auto del futuro non sarà più un'entità isolata, ma un veicolo perfettamente integrato in un ecosistema comunicante. Quello che sembrava uno scenario da film è oggi un progetto concreto che pone le sue radici proprio in Italia, guidando la rivoluzione della mobilità intelligente.

L'articolo Prima smart road Italia: Napoli guida il futuro della mobilità proviene da sicurezza.net.

COMPUTEX 2026 It’s hard enough for startups to compete with AMD and Nvidia on chip design. The rise of rack-scale architectures has only made things harder. Companies not only have to invest in chip design but also the mechanical, thermal, and power engineering necessary to pack six dozen or more AI accelerators into a single rack that functions as one enormous GPU. At Computex last week, Delos Data, a startup funded by former Intel and Barefoot Networks execs, showed off a modular server platform aimed at giving chip startups a shortcut to rack scale. One of the challenges with the move to rack scale is actually the sheer amount of networking that needs to be enabled at the box. A typical eight GPU HGX node only needs one or two ports per GPU. By comparison, a GB300 NVL72 needs 18 400 Gbps ports per GPU. Nvidia and AMD have developed custom racks with integrated backplanes, power delivery, and cooling. Delos by comparison is keeping things relatively simple by designing a chassis that, at least from the front, looks more like a switch than a GPU server. It features 36 OSFP ports, nine for each of the four OAM sockets at the heart of the system. OAM, if you’re not familiar, is an open socket commonly used by high-performance accelerators requiring more interconnect bandwidth and power delivery than standard PCIe cards can manage. Assuming 200 Gbps SerDes, that works out to 3.6 TB/s per chip of interconnect, the same as Nvidia's new Rubin GPUs. OSFP means that customers can use standard DACs or pluggable transceivers, and switches depending on how large they want their scale-up domain to be. And while OSFP is usually associated with Ethernet, you can run just about anything you want through them, whether it be UALink, Ultra Ethernet, PCIe, or something else. From a deployment standpoint, these systems would be wired up like any other hyperscale system, just a whole lot denser. Delos isn’t the only option out there for chip startups looking for scale up reference design. AWS for example appears to be repurposing Nvidia’s MGX form factor for its Trainium 3 rack systems, while AMD’s Helios rack is now an OCP standard. Both designs would, in theory, be easier to service, but Delos argues that its modular design offers greater flexibility. “It makes it a little bit more flexible in terms of, maybe you want a scale up domain of 100 or maybe you want it a scale up domain of one,” CTO Dan Daly told El Reg. “It just depends on how many cables you want to plug in. This also allows you to go plug into different types of switches… it could be simpler switches, maybe even optical circuit switches (OCS).” Using existing packet switches from Broadcom or Marvell, such a design could support 512-1,024 accelerators in a single layer fabric depending on whether you're using 200 Gbps or 100 Gbps SerDes. Using multi-layer fabrics, OCS, and/or 2D/3D toruses, the compute domain could scale even further, all while using off-the-shelf components. While OSFP keeps things simple and easy, it also means power consumption could become problematic for larger compute domains requiring pluggable optics. In fact, this is why Nvidia has taken so long to embrace optical scale-up. Copper may not have the reach, but it uses a fraction of the power. Delos CEO Ed Doe tells us the company is already exploring versions of the system that will use near package or co-packaged optics out to MPO-style connectors rather than the OSFP. The startup isn't just doing hardware. As anyone who's done large scale networking knows, the physical and logical topologies — that is, the way devices communicate with one another on the network — can look very different depending on the workload. Delos has developed a software orchestration platform designed to facilitate the configuration and monitoring of these switched fabrics or meshes in order to enable dynamic rerouting of traffic in the event of a link failure. At Computex, this software platform, which Delos has dubbed its Nonstop AI network, was on display, allowing attendees to pull links at random and see the network react and correct itself automatically. The company's ambitions don't stop at network orchestration and systems. We're told Delos has additional products in the works, and we don't know for sure what they are, but a high radix switch design built atop merchant silicon would certainly complement its Nonstop AI systems. ®

La rivoluzione nel campo del calcolo quantistico sta accelerando grazie a QRAM e qubit, un'importante scoperta proveniente dalla Cina. Un team di scienziati ha sviluppato un componente chiave che promette di abbattere una delle barriere più complesse che hanno finora limitato questa tecnologia.

Questa innovazione potrebbe finalmente liberare l'incredibile potenza dei computer del futuro. Ma di cosa si tratta esattamente e perché è una notizia così rilevante?

Il grande ostacolo: perché i computer quantistici erano bloccati?

Immaginiamo di possedere la macchina più veloce del mondo, ma di poterla usare solo su un tipo di strada che non è ancora stata costruita. Per anni, questa è stata la situazione del calcolo quantistico. Sebbene la loro capacità di elaborazione sia teoricamente sbalorditiva, un enorme collo di bottiglia ne ha sempre limitato l'applicazione pratica. Il problema risiede nella differenza fondamentale tra i computer classici e quelli quantistici.

I nostri dispositivi quotidiani lavorano con i bit, che possono avere solo due valori: 0 o 1. Al contrario, i computer quantistici usano i qubit. Grazie al principio della sovrapposizione, un qubit può essere 0, 1 o entrambi i valori contemporaneamente. Questa proprietà permette di processare una quantità di dati esponenzialmente maggiore. Il punto critico? Tutta la nostra informazione digitale, dai big data alle foto, è scritta in codice binario. I processori quantistici non potevano leggere direttamente questi dati. Era necessaria una conversione lenta e complessa, che finiva per annullare il vantaggio di velocità del calcolo quantistico.

QRAM e qubit: cos'è e come funziona

Qui entra in gioco la scoperta dei ricercatori della Zhejiang University. Il team ha costruito la prima memoria ad accesso casuale quantistica, o QRAM, perfettamente integrata in un processore quantistico superconduttore. Possiamo immaginarla come un traduttore universale e istantaneo. Questo dispositivo agisce come un ponte: prende i dati classici in formato binario e li "traduce" in un linguaggio che i qubit possono comprendere e processare immediatamente.

Un passo concreto verso il futuro

Non si tratta di un'ipotesi teorica. I test hanno fornito risultati straordinari, dimostrando il potenziale del sistema QRAM qubit sviluppato in Cina. Il componente è riuscito a gestire pacchetti di dati da 4 e 8 bit, mettendoli in stato di sovrapposizione e processando più input contemporaneamente. Questo successo abbatte la barriera che separava la potenza del calcolo quantistico dalle sue applicazioni nel mondo reale.

Quali sono le applicazioni pratiche?

Le ricadute di questa tecnologia saranno enormi e toccheranno settori chiave della nostra vita e dell'economia. L'impatto potrebbe essere profondo e trasformativo in campi come:

• Analisi dei big data: La capacità di analizzare moli di dati oggi inimmaginabili, scoprendo schemi e correlazioni invisibili ai sistemi attuali.
• Intelligenza artificiale: Lo sviluppo di modelli di IA molto più complessi e potenti, capaci di risolvere problemi che oggi consideriamo irrisolvibili.
• Ricerca farmaceutica: Forse l'ambito più affascinante. Si potrebbero simulare milioni di interazioni molecolari in pochi istanti per scoprire nuove cure o sviluppare farmaci personalizzati.

Operazioni che oggi richiedono anni potrebbero essere completate in un lampo.

Un futuro sempre più vicino

La creazione della prima QRAM funzionante non è solo un avanzamento tecnico. È la chiave che potrebbe finalmente aprire le porte del calcolo quantistico al mondo, trasformando una promessa futuristica in uno strumento concreto. Il futuro, un tempo relegato alla fantascienza, sta bussando sempre più forte alla nostra porta. E, a quanto pare, parla il linguaggio dei qubit.

L'articolo QRAM e qubit: la Cina sblocca il futuro del calcolo quantistico proviene da sicurezza.net.

Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a "key financial pipeline used to wash hundreds of millions in illicit profits." The service is estimated to have been used to launder more than €336 million (~$389 million) since the

ON CALL 你好 Nǐ hǎo, dear reader, and welcome to another installment of On Call, The Register's Friday column that shares your stories of translating technical trauma while delivering transcendent tech support. This week, meet a reader we'll Regomize as "Jackson" who told us about his time providing tech support in a university's biology department. "It was sometime in the mid-2000s and our IT group at the time consisted of myself, my boss, and a part-timer," he told On Call. "We were a very casual IT group; nothing in the way of any formal policies or standards for anything at all. If someone needed a new PC, we just ordered parts and assembled them ourselves." The department's PC fleet therefore had a diverse gene pool, with no two machines possessing the same bill of materials. "This was fine by me – I enjoyed building them and it never really caused any issues that I couldn't handle," Jackson told On Call. "Until one day we got a panicked support call from one of the secretaries who claimed that her PC just rebooted and then started talking to her." Jackson and his colleagues didn't believe a word of it until the secretary stopped talking and placed her phone next to the talking PC. "I could clearly hear a muffled voice repeating a message of some sort," Jackson told On Call. There was nothing for it but to visit the PC, which he found hung in the middle of a Power-On Self-Test, flashing an alphanumeric error code and unmistakably playing a voice through its internal speaker. In Chinese! Jackson rebooted the machine and it ended up in the same state, reciting the same message. Chinese isn't a language in which Jackson is fluent, so he had no idea what the PC was trying to tell him. "After poking around in the BIOS, I found the culprit," Jackson revealed. "This particular model of motherboard had a 'talking error BIOS' whereby certain POST codes triggered the playback of a friendly, spoken error message, with Chinese set as the default language." Jackson found the relevant BIOS settings, changed the default language to English, and the next time he rebooted the machine it helpfully let him know: "Your floppy drive may not be connected properly." In his mail to On Call, Jackson hypothesized that the PC's CMOS battery died, so the BIOS was unable to access its stored settings and reverted to factory settings that assumed the presence of a nonexistent second floppy drive. "It triggered a feature I didn't even know the motherboard had!" Jackson told On Call. Have you found yourself flummoxed by a feature you didn't know about? If so, click here to send On Call an email – we'll assume that's a feature you know well – so we can tell your story on a future Friday. ®

Enterprises that have watched Claude claw its way toward mass appeal over the past few months of capacity challenges and pricing realignment should take a closer look at Anthropic's offerings, according to International Data Corporation (IDC). The tech consultancy has been tracking Anthropic's moves over the past six months and says that the AI biz is taking credible steps toward making itself an enterprise AI provider. "Currently, no frontier model company is mature enough to be evaluated as an enterprise AI provider on its own," IDC said in a recent report. "But Anthropic is running at full speed to get there before its competitors." The report is titled "The Transformation of Anthropic (and What to Do About It)," and advises enterprises to revisit their LLM and agent evaluations with an eye toward seeing whether Anthropic might work out as a reliable technology provider. Enterprises, IDC says, remain largely unsold on Anthropic's Claude models, with only 19 percent using them extensively and 25 percent actively evaluating them. OpenAI and Google are better represented in enterprises, with about 42 percent and 38 percent of organizations using their respective products, per IDC's FERS Survey, March 2026. According to The Information, about 86 percent of Anthropic’s 2025 revenue was projected to come from enterprise sales. OpenAI, the report claims, derives just 40 percent of its revenue from business sales, though that figure ($5.2 billion) represented a higher dollar amount than Anthropic's business revenue ($3.9 billion) at the time. That was back in January, only two months after Anthropic began shifting enterprises away from seat-based pricing toward usage-based pricing. Since then, IDC says Anthropic has taken a series of steps to make itself more credible as an enterprise AI provider. "This conclusion might not be obvious: From January through May 2026, Anthropic produced well over 100 public interactions, including official announcements, release notes, blog posts, X posts, partner announcements, hiring news, policy moves, and press-covered transactions," the report says. These initiatives, such as the launch of the Claude Partner Network, have expanded distribution, bolstered brand perception, facilitated future growth, enhanced "stickiness" (aka lock-in), strengthened enterprise support, addressed the needs of specific industries, demonstrated innovation, and shored up the compute supply necessary to deliver services at scale. According to IDC, the enterprise ecosystem commonly focuses on a vendor-neutral, multi-LLM strategy. Nonetheless, the biz argues that the company has made its technology visible enough that Claude is increasingly coming up in conversations among IT decision makers. "Anthropic's transformation has just started, but the direction is clear enough for CIOs and CISOs to pay attention and reassess where Claude fits in a multi-LLM or an agentic AI Strategy," the IDC report says. ®

Palantir CEO Alex Karp doesn’t think frontier AI labs prepping for IPOs really understand what their customers need, and that ignorance is making Palantir a success. Karp had a wide-ranging, often rambling and self-interrupting sit-down (coherent compared to some of his other interviews, to be fair) with CNBC’s Sara Eisen on Wednesday in which he said that every single enterprise customer Palantir has is unhappy with frontier AI labs like Anthropic and OpenAI. Those companies, says Karp, are operating on a “hyper religion of hyper optimism” that doesn’t reflect the experiences of their customers. “They believe all problems present, past, and future, including the ones they create but don’t acknowledge, are going to be solved by them,” Karp opined. “Enterprises are fed up because they know this doesn’t actually work this way, and isn’t working.” That frustration, Karp said, is driving businesses to Palantir’s Foundry systems, which act as AI-agnostic data integration platforms for unifying disparate data sources and cognizing them with whatever LLMs a customer chooses to deploy. Pitch to prospects or not, Karp is on to something. AI projects are largely loss makers for the companies that deploy them, and have been for some time. Only 28 percent of AI use cases fully meet ROI expectations, according to a recent Gartner estimate, and most fail to ever get out of the pilot stage. Despite that, business leaders keep shoveling coal into the AI furnace to try to extract value, which, if you ask Karp, simply isn’t there unless you’re pairing those models with some decent infrastructure. Infrastructure Palantir can provide, natch. “It’s not just the man and woman on the street who are unhappy with the frontier labs,” Karp said, pointing to “every single enterprise we deal with” being frustrated with the likes of Anthropic and OpenAI’s ability to provide value for their businesses. Karp said that Palantir leadership has been debating whether they should pay potential customers to go talk to frontier labs themselves before signing a contract with his outfit. “People come out of there screaming, saying 'this could never work for me, they don’t understand the enterprise, they don’t care about my enterprise,'” he said of customers. Frontier labs, Karp opined, just want customers to "tokenmax” – that is, to view token consumption as a measure of productivity and usefulness. The charge isn’t out of left field. Google CEO Sundar Pichai even nodded to the phenomenon at I/O last month. Burning more and more tokens is getting to be expensive for companies, and OpenAI is reportedly considering reducing its per-token charge to attract more customers in its growing war with Anthropic, which Karp called the “leading frontier firm” in his interview. Karp wouldn’t give a straight answer when asked whether OpenAI, Anthropic, and other frontier labs could do what Palantir is doing, but he did imply some doubt. Sure, they have some good engineers on staff, he said, but that doesn’t matter a lick if they “don’t talk to the enterprises or understand the technical challenges” their customers are facing in deploying their models. “When you go to San Francisco and talk to them, their basic vibe is ‘we don’t have to solve your problem today because tomorrow you’re going to go away and all your problems are going to be solved,’” Karp charged. “It’s largely religious.” Karp also called out OpenAI’s recent agreement to acquire UK-based AI consulting firm Tomoro, which will form part of the newly launched OpenAI Deployment Company aimed at helping customers generate returns from their ChatGPT investments, as an attempt to replicate Palantir's success. “It’s a complete farce,” Karp said. “They don’t understand how unlikeable they are.” By that, Karp said, it’s not that AI lab leadership isn't friendly – he said he's buddies with some of them and that they’re great to chat with – but “the product doesn’t actually work and it’s very expensive.” To that end, he added, most of the things that Anthropic brags about in public, for example, are successful because they’re “running on Palantir,” Karp charged. “It is not that LLMs aren’t crucial for the world, it’s just that the implementation is where the value is, certainly in the next 7 years,” Karp explained. In essence, what the Palantir boss seems to believe is that simply tossing an LLM at business problems isn't an actual solution. What Karp had to say on CNBC was, in his usual way, boisterous, confrontational, and self-aggrandizing, but look at the rate of AI returns in the enterprise right now and you have to admit he's got at least a partial point. ®