Valve is [1]discontinuing physical Steam Gift Cards and says it will stop restocking them as retailers sell through remaining inventory. In a [2]blog post , the company blamed persistent gift card scams as the reason, though Steam Digital Gift Cards will remain available and existing physical cards can still be redeemed. PC Guide reports:

> Valve says it has "responded to gift card scams over the years" -- but this doesn't stop scammers from adapting. The Steam creator has actively worked with retailers and law enforcement, among other precautions, to counteract scams, but says the issue can never be fully resolved. Steam Digital Gift Cards will continue to operate as normal.



[1] https://www.pcguide.com/news/valve-discontinues-physical-steam-gift-cards-blames-gift-card-scams-as-scammers-adapt-to-protections/

[2] https://help.steampowered.com/en/faqs/view/78E3-7431-1E88-AD59

An anonymous reader quotes a report from Wired:

> Last year, Meta radically [1]overhauled the rules around what content it would allow on its platforms. The company [2]claimed that its own efforts policing speech had gone too far and that it would relax the rules around what speech was allowed. "We have been over-enforcing our rules, limiting legitimate political debate and censoring too much trivial content and subjecting too many people to frustrating enforcement actions," Joel Kaplan, Meta's chief global affairs officer, wrote in a blog post at the time. Over a year later, [3]new research from the Center for Countering Digital Hate (CCDH) shows the immediate impact of these changes.

>

> The researchers analyzed about 8 million Facebook comments and found that abusive and racist comments targeting both Republican and Democrat lawmakers [4]tripled in the six months after the new rules were put in place . Some categories of abusive comments documented by the researchers saw even sharper rises, with violent threats and hate speech quadrupling during the same period. The report cites specific examples of gendered and racist abuse directed at lawmakers like US representatives Jasmine Crockette of Texas and Byron Daniels of Florida. These comments were not taken down by Meta.

>

> The CCDH researchers also found that threats against President Trump more than doubled in the six months after Meta overhauled its rules. Many of the comments, which included direct threats to his life, could have been classified as felony offenses, the researchers say. [...] Comments that violated Meta's policies around violent threats quadrupled, from 1,800 in the six months before the changes to 7,600 in the six months after. Hate speech comments also quadrupled, from 6,900 to 30,000. Comments that broke Meta's rules on bullying and harassment doubled, from 15,700 to 39,900.



[1] https://tech.slashdot.org/story/25/01/07/189242/meta-ends-fact-checking-on-facebook-instagram-in-free-speech-pitch

[2] https://about.fb.com/news/2025/01/meta-more-speech-fewer-mistakes/

[3] https://counterhate.com/research/safety-off/

[4] https://www.wired.com/story/threats-against-politicians-skyrocketed-after-meta-changed-its-speech-rules/

BYD [1]plans to install 3,000 ultra-fast "Flash Chargers" across Europe by the end of 2027, with the first stations already appearing in Germany and the UK. The Verge reports:

> At an estimated cost of 580,000 euros (about $670,000) per charger according to the [2]Financial Times , that would mean a total spend of roughly $2 billion to install the network. The 1,500kW charging stations are significantly more powerful than Tesla's 500kW V4 Superchargers, though Tesla already has 20,000 chargers installed in Europe. BYD, which has been steadily overtaking Tesla in global sales, says its chargers shouldn't add undue strain to the energy grid, as they'll charge cars from batteries which can be topped up overnight.

>

> Any car with a standard CCS charge port can use the Flash Chargers, though only BYD cars equipped with the company's new Blade Battery can hit the top speeds. Right now there's only one of those in Europe, the 115,000 euros ($133,000) Denza Z9 GT -- it charges to 70 percent in five minutes on the new chargers.



[1] https://www.theverge.com/transportation/947553/byd-flash-chargers-uk-europe-ev-blade-battery

[2] https://www.ft.com/content/6e8c7f42-e7b1-40cf-814c-8f4d764a8f30?syn-25a6b1a6=1

The Asahi Linux team is [1]warning Apple Silicon users not to upgrade to the macOS 27 beta because Apple's changes to the boot picker and Startup Disk app [2]make Asahi partitions invisible, preventing Linux from booting . The Register reports:

> The team added: "If you insist on trying out macOS 27 as soon as possible, please ensure you install a secondary copy of macOS 26 first, or install macOS 27 itself on a secondary volume." They've also updated the installer to prevent installs from running on macOS 27 for now. For anyone who ignored all of the above, "we will not support users who have installed the macOS 27 beta without ensuring at least one stable version of macOS is installed."

>

> Considering macOS 27 is in beta, the issue may be accidental rather than an attempt by Apple to block Linux on its hardware. The Asahi team said it has filed bug report. The good news for anyone who pulled the trigger on installing the macOS 27 beta is that although the partition might not be visible, it hasn't gone anywhere. The Asahi team wrote: "If you have already upgraded to the beta and noticed that your Asahi partition has disappeared, do not stress. Your Asahi partition is still there, and you have not lost any data."



[1] https://bsky.app/profile/asahilinux.org/post/3mntzon7x2x2e

[2] https://www.theregister.com/os-platforms/2026/06/10/macos-27-beta-boots-asahi-linux-off-apple-silicon/5253587

A Munich regional court has [1]ruled (PDF) that Google [2]can be held directly liable for false claims in AI Overviews . The case involved AI Overviews falsely linking two publishers to scams and shady business practices, with the court rejecting Google's argument that users could simply check the sources themselves. The Decoder reports:

> Google's AI overviews work nothing like traditional search results, the court argues. The AI rewrites and judges results "in its own words and according to its own structure," the ruling says. In the case at hand, for example, it opened with confident claims like "Yes, [company] is known for dubious business practices," then built its own structure with a summary, red flags for the alleged scam, and tips for users. The court also found that the AI overview made claims "that are not even made in the search results." None of the linked sources drew any connection between the plaintiffs and the shady companies the AI mentioned. The court called these "the defendant's own statements." Google built the AI, Google offered it to users, so Google owns what it produces, "because it alone has influence over the AI's offering and the algorithms with which the AI operates."

>

> The court also examined existing rulings from Germany's Federal Court of Justice (BGH), which gave traditional search engines and autocomplete limited liability. The BGH had argued that search engine operators were only liable as indirect infringers because they merely made third-party content findable. A proactive duty to check results would threaten how search engines work. The Munich court found that this reasoning doesn't apply to AI overviews. A regular search engine just points to outside websites. But AI overviews generate "independent, new, and substantive statements" by evaluating and combining content from various third-party sites. And only Google can check those statements, the court said, "at least by comparing the underlying third-party websites with its own statements based on them." The court also noted that the AI overview is "by no means absolutely necessary" for using the internet. Traditional search results already help users sort through information, the AI overview is just an extra feature.

At the hearing, Google argued that users could check the linked sources themselves to verify if the AI summary was correct. It also said that these users knew "that information generated with AI should not be blindly trusted." The court rejected this.



[1] https://the-decoder.com/wp-content/uploads/2026/06/26_O_869_26_begl_Abschrift_Urteil_v_28_05_2026_Geschwarzt_Geschwarzt_Geschwarzt.pdf

[2] https://the-decoder.com/landmark-german-ruling-declares-googles-ai-overviews-are-googles-own-words-and-makes-it-liable-for-false-answers/

Seattle has [1]enacted a one-year moratorium on new datacenters , making it the largest U.S. city to do so as the backlash against AI infrastructure grows across the country. The city council voted unanimously in favor of the ban. The Guardian reports:

> Lawmakers have framed the pause as an opportunity to draft regulations specifically targeting the electricity-hungry datacenters being built nationwide to serve the AI sector, and to protect local residents from environmental risks and rising electricity bills. According to Seattle mayor Katie Wilson, the moratorium will also let city officials determine whether datacenters are a "good use of urban land," and potentially impose new stipulations on their approval, such as requiring developers to invest in local transit and housing initiatives in exchange for construction permits. "There are times when public pressure forces elected officials to do something they don't want to do, but in other cases, public pressure just supports and helps to spur on elected officials to do things that they already want to do," said Wilson. "I think this was one of those latter cases." [...]

>

> An [2]amendment to the moratorium that passed unanimously last week allows existing datacenters in Seattle to apply for expansions requiring up to 20 megawatts of additional power during the year-long pause. Activists are concerned that the provision may lead to a spike in datacenters' demand for power while the moratorium is in place, and may undermine the premise of the pause. Lawmakers justified the amendment as a way to differentiate between the datacenters that already exist in Seattle and serve a civic purpose, like those powering health facilities and emergency-call systems, from large-scale centers designed to serve the AI sector.



[1] https://www.theguardian.com/us-news/2026/jun/09/seattle-ai-datacenters-ban

[2] https://seattle.legistar.com/View.ashx?M=F&ID=15553282&GUID=6A37FDF7-6EB7-4F59-860C-27552145BCA3

An anonymous reader quotes a report from ComputerWeekly:

> Microsoft has [1]issued patches for about 200 flaws in its latest monthly Patch Tuesday drop , blasting past a previous record high of almost 170 common vulnerabilities and exposures (CVEs) set in October 2025. Among a great many others, the latest update from Redmond fixes a total of 32 critical CVEs and three zero-day flaws. Dustin Childs, head of threat awareness at TrendAI's Zero Day Initiative, said: "We are heading into a high-stakes summer for cyber security. June's record-shattering drop ... is a stark warning that AI is [2]supercharging flaw discovery at an uncontrollable scale. The current number of CVEs shipped by Microsoft this year exceeds the total number of CVEs shipped in all of 2018. It is extraordinary that Microsoft can produce so many patches in a single month, and I expect many testers are wondering what quality issues may exist."

>

> And with the addition of hundreds of CVEs in Google Chrome and Microsoft Edge (Chromium) and other third-party flaws taking the total to almost 600, Chris Goettl, vice president of security product management at Ivanti, said talk of a 'Patch Apocalypse' was no longer unwarranted. "We are in the Patch Apocalypse. The Patch Apocalypse is now," said Goettl. "This is not intended to be a scare tactic. It is meant to outline the challenge that many organizations were anticipating, but the new generation of LLMs [Large Language Models] has accelerated significantly in the first half of 2026."

>

> "There are going to be more CVEs resolved by vendors at a faster and more continuous pace than we have ever seen previously. Unfortunately, this will also include more zero-day and n-day exploits than previously seen as well. The window from release from a vendor to exploitation had already shortened to five days as of 2023 threat intelligence data." Goettl said that many suppliers have acknowledged the need to use AI tools in their security research to identify and resolve flaws, with Oracle, Google Chrome and Mozilla all upping the cadence of their updates. Whether or not Microsoft follows suit remains to be seen.



[1] https://www.computerweekly.com/news/366644117/Microsoft-smashes-record-for-biggest-ever-Patch-Tuesday-update

[2] https://www.microsoft.com/en-us/msrc/blog/2026/05/a-note-on-patch-tuesday

Commonwealth Fusion has [1]published five peer-reviewed papers [2]laying out the physics case for ARC , its planned 400 MW fusion power plant, which would follow the company's smaller SPARC tokamak now under construction. The papers suggest ARC could produce more energy than it consumes using high-temperature superconducting magnets, molten-salt heat extraction, and 15-minute fusion pulses. Ars Technica reports:

> ARC will be a tokamak that hosts fusion between hydrogen's two heavier isotopes, deuterium and tritium. This reaction results in a helium nucleus and releases a neutron and radiation. The helium transfers heat to the plasma, maintaining the conditions needed for fusion, but it is otherwise a waste product, referred to as "ash" in the fusion context. The neutron and radiation, however, are put to use. Part of that use is simply imparting energy into a blanket of molten salt that surrounds the fusion chamber. That energy, in the form of heat, will be used to drive a turbine that produces the electricity. The molten salt includes lithium ions; when one lithium isotope absorbs a neutron, it decays into more helium, plus tritium that can be used as fuel for the reactor. There are isotopes present that will also release additional neutrons, allowing this process to generate sufficient fuel.

>

> Overall, the present design of ARC is expected to produce about 1.13 GW of fusion power, with 500 MW of that extracted as electricity. Some of that (100 MW) will be needed to power the plant's operations, leaving 400 MW to be sent to the grid. The rest of the energy is either kept in the tokamak to maintain the fusion reactions or lost due to inefficiencies in the heat and energy transfer of the system. There's a lot of uncertainty about these numbers; the 1.13 GW is just the center of a range of potential values running from 900 MW to 1.3 GW, so the 400 MW output may need to be adjusted up or down accordingly.

>

> Some of that 400 MW comes during periods where fusion is not occurring. The nuclear reactions will occur within 15-minute-long periods that will be interspersed with one minute resets. The resets are meant to be kept short enough that nothing has much of a chance to cool down before it gets heated up again -- thermal inertia will let it continue generating power. That will be one of the key differentiators with SPARC, which doesn't have the heat extraction needed to maintain stable fusion for these long time periods, and so can't maintain the near constant temperatures needed for reliable power generation.

>

> It's inevitable that parts of the device will be exposed to radiation and perhaps fusion plasma. The inner walls of the reactor will be shielded by tungsten, which will limit erosion by the conditions. Meanwhile, the vacuum vessel is designed to be replaced every one to two years. The papers note that this flexibility will allow them to make some design changes even after ARC is built. To enable this, the whole tokamak is meant to split in half for maintenance.



[1] https://www.cambridge.org/core/journals/journal-of-plasma-physics/collections/arc-fusion-power-plant-physics-basis

[2] https://arstechnica.com/science/2026/06/__trashed-19/

NASA has [1]named Randy Bresnik, Luca Parmitano, Frank Rubio, and Andre Douglas as the crew for Artemis III, which has been reworked from a moon-landing mission into a [2]roughly two-week Earth-orbit test of lunar landers being built by SpaceX and Blue Origin . NBC News reports:

> Randy Bresnik, Luca Parmitano, Frank Rubio and Andre Douglas are expected to launch into Earth orbit next year, with the goal of testing two commercially developed lunar landers that are slated to carry astronauts to the surface of the moon during the Artemis IV mission in 2028. Bresnik will be the mission's commander, with Parmitano, an Italian astronaut with the European Space Agency, serving as the pilot. Douglas and Rubio will be mission specialists, and Bob Hines will train with the crew as a backup member. "This test flight will enable us to prove we can carry out highly choreographed operations with our partners across hardware interfaces, software propulsion systems and life support elements with crew in the high-stakes space environment," Jeremy Parsons, NASA's Artemis program manager, said during NASA's announcement on Tuesday.

>

> Bresnik has been to the International Space Station twice, most recently as commander of an expedition in 2017. A retired U.S. Marine colonel, he was selected as a NASA astronaut in 2004. Bresnik has helped oversee development and testing of spacecraft for the Artemis program as an assistant to the chief of the Astronaut Office, which manages astronaut training and operations. Parmitano has also done two stints on the ISS and served as commander of an expedition in 2019. He has completed a total of six spacewalks and also performed the first live DJ set in orbit. Before becoming an astronaut, Parmitano was a test pilot for the Italian air force.

>

> For Rubio, a physician with 28 years of service in the Army, Artemis III will be his second trip to space. From 2022 to 2023, he spent 371 days on the space station, breaking the record for longest-duration spaceflight by an American, according to NASA. Douglas is the only crew member making his spaceflight debut. An engineer who previously worked on space exploration and robotics at Johns Hopkins University Applied Physics Lab, he became a NASA astronaut in 2022. Douglas was the backup crew member for the Artemis II mission around the moon earlier this year. He told NBC News in an interview after Tuesday's announcement that the role had at times been a challenge. "It was hard to figure out how do you balance getting ready to go, not go, all that stuff," he said. "But to go now is just fantastic."



[1] https://www.nasa.gov/news-release/nasa-marches-toward-artemis-iii-mission-in-2027-names-crew-members/

[2] https://www.nbcnews.com/science/space/nasa-artemis-iii-astronauts-announced-mission-rcna347223

An anonymous reader quotes a report from 404 Media:

> The Federal Communications Commission (FCC) wants to [1]make it effectively impossible for people to buy what many call burner phones -- a phone not explicitly linked to your identity at the point of purchase -- which would impact privacy-conscious people, to domestic abuse survivors, to journalists, and many more. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued identification number and their physical address, alarming privacy advocates and civil rights activists who compare the measures to those from authoritarian countries where it can be difficult to buy a mobile phone plan without giving up your identity.

>

> The proposed change would drastically shake up how people obtain phone plans in the U.S., and have all sorts of privacy and cybersecurity knock-on effects. The FCC is proposing the data collection partly as a way to combat scammers, with telecoms being required to collect other information on business and foreign customers like the intended use case of their bulk phone plan purchase and their IP address. But the changes would mean telecoms collect data on all new and renewing customers, and the FCC provides a long list of other things that the collected data could help authorities with.

>

> In a [2]synopsis of the proposed changes , the FCC writes, "Specifically, we seek comment on requiring originating providers to, at a minimum, obtain and retain the name, physical address, government issued identification number, and an alternate telephone number of any new and renewing customer before granting access to its services." The goal of collecting this data, the FCC writes, is to deter some scammers from getting onto a telecom network in the first place, and so "enforcers will be better able to identify the scammers when they do." The FCC compares the changes to the sort of data collected by banks to prevent money laundering.

>

> One section stresses that the newly collected data would help "law enforcement to more easily identify callers that use the network to perpetuate crimes by ensuring that voice providers have accurate and complete customer information." It goes on to ask if the data would help identify people buying and selling illicit goods; the investigation of "fraud, espionage, or influence operations that undermine national security", and "address abuse in text messaging networks." "Criminals continue to leverage the anonymity provided by phone calls and texts to defraud Americans and exploit communications networks to further other crimes," [3]one section reads.

"For decades, civil libertarians have looked overseas at authoritarian countries where the government requires people to register to get a mobile phone to ensure they can be tracked. We never thought that would happen here," Jay Stanley, senior policy analyst at the American Civil Liberties Union's (ACLU) Speech, Privacy, and Technology Project told 404 Media in an email. "But make no mistake: with this rulemaking, the government is contemplating taking away people's ability to get a burner phone, which will hurt low-income people, domestic violence victims, and anyone else who cares about their privacy."



[1] https://www.404media.co/fcc-wants-to-kill-burner-phones-by-forcing-telecoms-to-get-all-customers-ids/

[2] https://www.federalregister.gov/d/2026-10407/p-19

[3] https://www.federalregister.gov/d/2026-10407/p-18

The Pentagon has added Alibaba, BYD, Baidu, Unitree, and other Chinese companies to its [1]list of firms it says support China's military , barring them from U.S. defense contracts. The companies and China's embassy deny the allegations. The Associated Press reports:

> Created in 2021 by a congressional mandate, [2]the list (PDF) seeks to identify Chinese companies that the Pentagon considers to have links to the Chinese military -- not only those directly controlled by the Chinese military and security forces but also those contributing to the country's defense industrial base. When updating the list last year, the Pentagon said the Chinese military sought to acquire advanced technologies and expertise developed by Chinese companies, universities and research programs that "appear to be civilian entities."

>

> The Chinese Embassy on Monday accused the U.S. of "overstretching the concept of national security and making discriminatory lists to go after Chinese companies." It said Chinese companies observe the laws and regulations of the countries where they do business. "The U.S. should stop its wrong practice and create a fair, just and non-discriminatory environment for Chinese companies," the embassy said in a statement. [...] The Chinese Embassy on Monday accused the U.S. of "overstretching the concept of national security and making discriminatory lists to go after Chinese companies." It said Chinese companies observe the laws and regulations of the countries where they do business. "The U.S. should stop its wrong practice and create a fair, just and non-discriminatory environment for Chinese companies," the embassy said in a statement.



[1] https://apnews.com/article/china-military-pentagon-alibaba-byd-baidu-unitree-4d664a6f164538b451263eafcceddaa5

[2] https://media.defense.gov/2026/Jun/08/2003945537/-1/-1/1/ENTITIES-IDENTIFIED-AS-CHINESE-MILITARY-COMPANIES-OPERATING-IN-THE-UNITED-STATES-IN-ACCORDANCE-WITH-SECTION-1260H.PDF

The European Commission has [1]ordered Meta to [2]temporarily restore free WhatsApp Business API access for rival AI chatbots while it investigates whether Meta's ban on third-party assistants abuses its dominant position. Meta says it will appeal, calling the move "regulatory overreach" that would let major AI companies use a paid WhatsApp product for free. The BBC reports:

> The EU said it began its investigation, [3]in December 2025 , after Meta banned third-party general-purpose AI assistants from the WhatsApp for Business API. It said that appeared to be an abuse of Meta's dominant position in European markets. So, as an interim measure as its investigation continues, it has given Meta five working days to re-instate access for third-party general-purpose AI assistants to the WhatsApp for Business API under the same terms and conditions that were in place previously.

>

> "In rapidly evolving markets, competition can be lost long before a final decision is adopted," said Teresa Ribera, the Commission's executive vice-president for clean, just and competitive transition. "This is why these interim measures will remain in place for the duration of the investigation." She added the decision "preserved choice for citizens across Europe on the AI assistants they want to use with WhatsApp, without that decision being made for them." The Commission said if Meta failed to comply with its interim decision it could be fined up to 10% up of its total turnover.

"The European Commission has decided that OpenAI and some of the largest companies in the world can use the paid-for WhatsApp Business product for free," it said in a statement.

"This is regulatory overreach subsidized by the many European companies that pay. We will appeal."



[1] https://ec.europa.eu/commission/presscorner/detail/en/ip_26_1276

[2] https://www.bbc.com/news/articles/cn8qj8wjgxwo

[3] https://yro.slashdot.org/story/25/12/04/181250/eu-hits-meta-with-antitrust-probe-over-plans-to-block-ai-rivals-from-whatsapp

Anthropic is [1]releasing Claude Fable 5, a Mythos-class AI model for enterprise customers and paid subscribers. The company says broader access is possible thanks to [2]new safeguards that block high-risk requests in areas like cybersecurity and biology . "For us, it's really around what we call 'race to the top,' being able to provide this technology in a valuable fashion, and at the same time providing the right safety guardrails so that it can do asymmetrically more benefits than harm," Dianne Penn, Anthropic's head of product management for research, told CNBC in an interview. CNBC reports:

> [W]ith the launch of Claude Fable 5, Anthropic is honoring its stated "eventual goal" to deploy Mythos-class models at scale. It's also capitalizing on growing momentum and investor interest in its technology ahead of a [3]potentially massive IPO , which is expected to take place as soon as this year. Anthropic said Claude Fable 5 shows "exceptional performance" across software engineering and knowledge work tasks. On some benchmarks, it scored more than 10% higher than Claude Opus 4.8, another model the company announced late last month, according to a blog post.

>

> Claude Fable 5 represents a "significant jump" in capability, which is why Anthropic had to implement additional guardrails to prevent misuse, Penn said. If a user asks a high-risk question, like how to make ricin, a toxin, for instance, the model will block its response and fall back to Claude Opus 4.8 to deliver a safe answer. "What we wanted to do was to be very intentional about building new types of classifiers and new types of safety guardrails in place for this launch," Penn said.

Anthropic also released an updated Mythos model called Claude Mythos 5. "It's the same underlying model as Claude Fable 5, but with the safeguards lifted in some areas," reports CNBC.



[1] https://www.anthropic.com/news/claude-fable-5-mythos-5

[2] https://www.cnbc.com/2026/06/09/anthropic-mythos-claude-fable-5.html

[3] https://slashdot.org/story/26/06/01/1837259/anthropic-files-to-go-public

An anonymous reader quotes a report from Ars Technica:

> Researchers have [1]analyzed a high-severity vulnerability in Linux that's able to escalate untrusted users to root by exploiting a bug you don't often see: [2]a single errant character inside the kernel . The vulnerability, tracked as [3]CVE-2026-23111 , is located in nf_tables, a subsystem of the Linux kernel that provides packet filtering capabilities. It's used to manage firewall rules and replaces older subsystems such as iptables, ip6tables, arptables, and ebtables.

>

> The presence of a single mis-issued exclamation point in code implementing nf_tables introduced a use-after-free, a class of vulnerability that corrupts memory by placing malicious code at memory addresses that haven't been properly freed of their previous contents. CVE-2026-23111 can be exploited by an unprivileged user or process to elevate system rights to root. The exploit works by disrupting the deletion of verdicts -- a determination within the nf_tables framework that determines if a packet matches a rule calling for a certain action to be performed. This process can use what are known as catchall elements, which act as a wildcard in the event a lookup doesn't match any other element in the set.

>

> When a verdict map is deleted from memory, catchall elements are deactivated and a chain's reference counter is decremented. When errors occur the deletion can be reversed and the counter incremented. CVE-2026-53111 allows for that process to be altered. As a result, the exploit can decrement the variable an arbitrary number of times and then delete and free the chain when some objects still point to it.

Although the kernel vulnerability was [4]fixed in February, multiple proof-of-concept exploits have since emerged, including [5]one from FuzzingLabs in April and [6]another from Exodus Intelligence that works on Debian and Ubuntu.



[1] https://blog.exodusintel.com/2026/06/08/off-by-exploiting-a-use-after-free-in-the-linux-kernel/

[2] https://arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/

[3] https://nvd.nist.gov/vuln/detail/CVE-2026-23111

[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f41c5d151078c5348271ffaf8e7410d96f2d82f8

[5] https://fuzzinglabs.com/repro-cve-2026-23111/

[6] https://blog.exodusintel.com/2026/06/08/off-by-exploiting-a-use-after-free-in-the-linux-kernel/

The European Commission says [1]Apple's decision not to launch Siri AI in the EU is Apple's alone, arguing that the company [2]sought an exemption from Digital Markets Act interoperability rules instead of building a compliant privacy- and security-preserving solution. Apple, meanwhile, says regulators rejected its proposals and claims the DMA would require giving third-party AI systems overly broad access to users' devices. MacRumors reports:

> Commission spokesperson Thomas Regnier told reporters in Brussels: "The decision not to roll out Siri AI in the EU is Apple's and Apple's only. Apple was simply unable to develop interoperability solutions that meet essential EU privacy and security standards. Instead of trying to find a suitable compliance solution, Apple simply made a request to the European Commission to be exempted from their interoperability obligations. That's not an option."

>

> Craig Federighi, Apple's senior vice president of Software Engineering, said the company was "deeply disappointed" and cited what it described as regulators' refusal to accept any of Apple's proposals, including a system called Trusted System Agent that would have allowed third-party virtual assistants to safely access the same device capabilities as Siri AI.

>

> The Commission's account tells a different story. Rather than negotiating over Apple's proposed solutions, regulators say Apple simply requested a blanket exemption from its interoperability obligations under the Digital Markets Act, something the Commission says is not an available option. Apple's statement framed the DMA's requirements as demanding that any AI system be given "nearly unlimited access" to a user's device.



[1] https://apple.slashdot.org/story/26/06/08/1811209/apple-announces-siri-ai-next-generation-of-apple-intelligence

[2] https://www.macrumors.com/2026/06/09/eu-says-decision-not-to-launch-siri-ai-in-europe-is-apples/

Meta [1]says it will expand how it uses off-platform activity shared by other businesses [2]to personalize Facebook and Instagram feeds as well as AI responses, not just ads. The change starts in July and can be disabled through the "Activity from other businesses" setting, though Meta says it is not collecting new data as part of the update. The Verge reports:

> For example, Meta says if you bought a tent online recently, you might see camping-related videos in your Reels feed. "We aren't collecting any new data as part of this update," the blog post says. "This is about using information that businesses already send to us to further improve your experience."

>

> Meta spokesperson Emil Vazquez tells The Verge that the company previously only used the activity across its apps, such as likes, views, and follows, to tailor the content you see. The company also started using conversations with its AI assistant to personalize ads last year.



[1] https://about.fb.com/news/2026/06/better-personalization-and-changes-to-controls-for-your-activity-from-other-businesses/

[2] https://www.theverge.com/tech/946744/meta-website-activity-personalize-feeds

An anonymous reader quotes a report from 404 Media:

> Microsoft has shut down a wave of its own repositories on GitHub, including those related to Azure and AI coding agents, as it investigates a data breach, according to research from cybersecurity researchers and a statement given to 404 Media by Microsoft. Hackers [1]planted malware that would harvest peoples' credentials when they opened it in AI coding tools like Claude Code or Gemini CLI, according to one set of researchers. The exact contours of the breach are unclear, but researchers say Microsoft has disabled more than 70 of its own repositories, and pointed to a particular package that was previously compromised.

>

> Last week, cybersecurity website [2]OpenSourceMalware.com , which acts as a clearing house for indicators of supply chain attacks so defenders can secure their own networks, and which also publishes its own write-ups, wrote about the mass disabling of Microsoft GitHub repositories. "GitHub disabled 73 Microsoft repositories across four of its GitHub organizations -- the entire Azure Functions org, the whole Durable Task family, and a row of AI sample apps -- in a 105-second sweep on June 5," the website [3]wrote on Friday. Is it very unusual for any company, let alone Microsoft, to disable so many of its own repositories in one go. They include 49 related to Azure, Microsoft's cloud computing arm, and some concerning AI agents. The shutdown repositories also include ones related to durabletask, a Microsoft development tool.

>

> Researchers from StepSecurity [4]wrote on Friday that the GitHub closures came after a malicious commit was pushed to the durabletask repository. That attack planted configuration files that would harvest peoples' credentials when they opened the repository in Claude Code, Gemini CLI, Cursor, or VS Code, StepSecurity wrote.

Microsoft said in a statement: "Our priority is to protect customers and the broader ecosystem. We temporarily removed some repositories as we investigated potential malicious content. Some of these repos have been restored after review, while others may remain offline while work continues. As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels."



[1] https://www.404media.co/microsoft-hacked-to-deliver-malware-to-claude-and-gemini-users/

[2] http://opensourcemalware.com/

[3] https://opensourcemalware.com/blog/miasma-reaches-azure

[4] https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents

NHS England [1]plans to [2]roll out Microsoft Copilot to 505,000 clinicians and support staff after a 30,000-person pilot claimed the AI assistant saved users an average of [3]43 minutes a day on administrative work . The Register reports:

> The rollout won't happen overnight. NHS England said that each trust will receive a central allocation of licenses based on headcount, typically starting with around 2,000 Copilot seats, and that more than half a million staff are expected to have access by October 2026. The NHS has no shortage of administrative work to throw at the software. The rollout envisions Copilot helping with discharge paperwork, bed management, rota planning, meeting minutes, board papers, briefings, data analysis, and assorted HR, finance, and procurement tasks.

>

> NHS organizations will also receive access to Copilot Studio, Microsoft's toolkit for building custom AI agents. NHS England said trusts will be able to develop agents for tasks such as handling Freedom of Information requests, processing complaints, reducing helpdesk workloads, and assisting with financial analysis. A governance framework called Agent 365 will oversee the deployment of those systems.



[1] https://www.england.nhs.uk/2026/06/500000-nhs-staff-to-get-new-artificial-intelligence-tools-to-help-free-up-more-time-for-patients/

[2] https://www.theregister.com/ai-and-ml/2026/06/08/nhs-prescribes-half-a-million-copilot-licenses-for-its-paperwork-headache/5252214

[3] https://www.linkedin.com/posts/dhsc_nhs-staff-could-save-43-minutes-a-day-on-activity-7386318034082361344-Ym1h

Researchers say mysterious, seconds-long GPS interference bursts detected across Europe [1]appear to come from Russian EKS early-warning satellites , making this "a rare example of human-made GPS interference coming from space," reports Ars Technica. The signals may be tests of space-based jamming capability, short satellite communications, or something else, but experts say they raise troubling questions about whether GPS disruption could eventually be weaponized on a continental scale. From the report:

> The discovery came from an investigation [2]detailed in a June 2 preprint paper by Todd Humphreys and his student Zach Clements at The University of Texas at Austin, along with Argyris Krizise at Stanford University in California. By sifting through public data from ground-based stations with global navigation satellite system (GNSS) receivers, they identified a pattern of high-powered interference lasting less than 10 seconds each time but simultaneously detectable by ground stations across Europe from Norway to Spain to Poland, and even reaching as far west as Greenland and Canada.

>

> By analyzing the ground station data from January 2019 to April 2026, the researchers found 75 days with at least one widespread GNSS interference event overlapping with the [3]GPS L1 frequency band centered on 1575.42 megahertz. That represents the main band used for signal transmission by the US-made GPS satellite constellation and GNSS constellations from other countries. Such interference patterns happened mostly on Tuesdays, Wednesdays, and Thursdays during business hours in Europe, Humphreys told the [4]YouTube channel Veritasium . Because such "continental-scale" interference was simultaneously affecting GPS receivers across Europe and beyond, Humphreys and his colleagues calculated that the source had to be at least 1,200 kilometers above the Earth.

>

> [...] In the Veritasium video, Humphreys speculated that the Russians may have been testing the satellites' GPS interference capabilities only briefly on a neighboring frequency adjacent to the typical GPS band. "And then in the eventual future when there is a hot conflict, they go ahead and tune their transmitter down to the GPS band, but it's much more damaging now that it lies right on that band," he said. Incidentally, the raw data also revealed a second interference burst from the Russian satellites in a lower-frequency band used by China's BeiDou navigation system. "I can no longer say this is accidental with confidence," Humphreys told Veritasium. He also described the Russian satellites' quiet demonstration as a "massive escalation in the electronic warfare background conflict that is going on right now."

Richard Bowden, division head of assured and resilient PNT at the multinational technology company GMV in Spain, [5]wrote in a LinkedIn comment: "These signals are, without a doubt, intentional and placed on or around GNSS signals, and have the potential to disrupt legitimate use of GNSS services. But from our side at least, we can't be sure they are intentionally malicious or intended as an EW [electronic warfare] weapon."



[1] https://arstechnica.com/space/2026/06/tests-suggest-russian-satellites-can-jam-gps-on-a-continental-scale/

[2] https://arxiv.org/abs/2606.03673

[3] https://gssc.esa.int/navipedia/index.php/GPS_Signal_Plan

[4] https://www.youtube.com/watch?v=tz23G_UXCGA

[5] https://www.linkedin.com/feed/update/urn:li:activity:7468748867489087488/?dashCommentUrn=urn%3Ali%3Afsd_comment%3A(7469140435245113344%2Curn%3Ali%3Aactivity%3A7468748867489087488)

A [1]battery researcher's investigation , backed by more than 20 independent experts, claims Donut Lab's much-hyped "solid-state" battery is [2]actually a conventional lithium-ion cell , with voltage curves and expansion data matching high-nickel NCM chemistry rather than the promised sodium-ion solid-state design. Electrek reports the company raised about $25 million from more than 1,300 mostly small investors on claims of 400 Wh/kg energy density, 100,000-cycle life, and 5-minute charging that now appear unsupported. From the report:

> The investigation consulted over 20 independent battery experts, including Julian Zanau from the Fraunhofer Research Institute, Dr. Yahim San from Justus-Liebig University, Tom Bicha from Leona, and Dr. Yuo Hesca from Seinajoki University of Applied Sciences. Every single one confirmed the tested cell is lithium-ion. There are two key pieces of evidence. First, the voltage curves from VTT testing match high-nickel lithium-ion cells (NCM chemistry). The cell sits at 3.7-3.8 volts at 50% state of charge -- right where lithium-ion cells operate. Sodium-ion cells don't go significantly past 3.5 volts at 50% SOC.

>

> The second piece of evidence is even more damning: VTT's cell expansion data. When a battery charges, ions squeeze into the anode material, causing it to expand in a predictable pattern. A graphite anode produces a distinctive "kink" in the expansion curve around 50-70% state of charge, caused by how ions reorder themselves in graphite's layered structure. The Donut Lab cell shows exactly that kink.

>

> This is critical because sodium ions are physically too large to fit into graphite layers. The graphite anode signature proves the cell uses lithium ions. The investigation puts it well: "it's like we have a slightly noisy fingerprint and a picture of the suspect's face. And yet again, it's a match." The calculated energy density? About 298 Wh/kg -- what you'd expect from a good lithium-ion cell, not the 400 Wh/kg claimed.

>

> The investigation reveals that the battery technology traces back to CT Coatings, a German company with an "eclectic" array of patents -- including inventions for screen-printed paving slabs, menu folders, and warning triangles. CT Coatings promised Nordic Nano and Donut Lab a screen-printed sodium-ion solid-state battery. What it delivered was a lithium-ion pouch cell.



[1] https://www.youtube.com/watch?v=j5oyVNjrUPI

[2] https://electrek.co/2026/06/08/donut-lab-solid-state-battery-exposed-lithium-ion-fraud/