An anonymous reader quotes a report from Ars Technica:

> Researchers have [1]analyzed a high-severity vulnerability in Linux that's able to escalate untrusted users to root by exploiting a bug you don't often see: [2]a single errant character inside the kernel . The vulnerability, tracked as [3]CVE-2026-23111 , is located in nf_tables, a subsystem of the Linux kernel that provides packet filtering capabilities. It's used to manage firewall rules and replaces older subsystems such as iptables, ip6tables, arptables, and ebtables.

>

> The presence of a single mis-issued exclamation point in code implementing nf_tables introduced a use-after-free, a class of vulnerability that corrupts memory by placing malicious code at memory addresses that haven't been properly freed of their previous contents. CVE-2026-23111 can be exploited by an unprivileged user or process to elevate system rights to root. The exploit works by disrupting the deletion of verdicts -- a determination within the nf_tables framework that determines if a packet matches a rule calling for a certain action to be performed. This process can use what are known as catchall elements, which act as a wildcard in the event a lookup doesn't match any other element in the set.

>

> When a verdict map is deleted from memory, catchall elements are deactivated and a chain's reference counter is decremented. When errors occur the deletion can be reversed and the counter incremented. CVE-2026-53111 allows for that process to be altered. As a result, the exploit can decrement the variable an arbitrary number of times and then delete and free the chain when some objects still point to it.

Although the kernel vulnerability was [4]fixed in February, multiple proof-of-concept exploits have since emerged, including [5]one from FuzzingLabs in April and [6]another from Exodus Intelligence that works on Debian and Ubuntu.



[1] https://blog.exodusintel.com/2026/06/08/off-by-exploiting-a-use-after-free-in-the-linux-kernel/

[2] https://arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/

[3] https://nvd.nist.gov/vuln/detail/CVE-2026-23111

[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f41c5d151078c5348271ffaf8e7410d96f2d82f8

[5] https://fuzzinglabs.com/repro-cve-2026-23111/

[6] https://blog.exodusintel.com/2026/06/08/off-by-exploiting-a-use-after-free-in-the-linux-kernel/

The European Commission says [1]Apple's decision not to launch Siri AI in the EU is Apple's alone, arguing that the company [2]sought an exemption from Digital Markets Act interoperability rules instead of building a compliant privacy- and security-preserving solution. Apple, meanwhile, says regulators rejected its proposals and claims the DMA would require giving third-party AI systems overly broad access to users' devices. MacRumors reports:

> Commission spokesperson Thomas Regnier told reporters in Brussels: "The decision not to roll out Siri AI in the EU is Apple's and Apple's only. Apple was simply unable to develop interoperability solutions that meet essential EU privacy and security standards. Instead of trying to find a suitable compliance solution, Apple simply made a request to the European Commission to be exempted from their interoperability obligations. That's not an option."

>

> Craig Federighi, Apple's senior vice president of Software Engineering, said the company was "deeply disappointed" and cited what it described as regulators' refusal to accept any of Apple's proposals, including a system called Trusted System Agent that would have allowed third-party virtual assistants to safely access the same device capabilities as Siri AI.

>

> The Commission's account tells a different story. Rather than negotiating over Apple's proposed solutions, regulators say Apple simply requested a blanket exemption from its interoperability obligations under the Digital Markets Act, something the Commission says is not an available option. Apple's statement framed the DMA's requirements as demanding that any AI system be given "nearly unlimited access" to a user's device.



[1] https://apple.slashdot.org/story/26/06/08/1811209/apple-announces-siri-ai-next-generation-of-apple-intelligence

[2] https://www.macrumors.com/2026/06/09/eu-says-decision-not-to-launch-siri-ai-in-europe-is-apples/

Meta [1]says it will expand how it uses off-platform activity shared by other businesses [2]to personalize Facebook and Instagram feeds as well as AI responses, not just ads. The change starts in July and can be disabled through the "Activity from other businesses" setting, though Meta says it is not collecting new data as part of the update. The Verge reports:

> For example, Meta says if you bought a tent online recently, you might see camping-related videos in your Reels feed. "We aren't collecting any new data as part of this update," the blog post says. "This is about using information that businesses already send to us to further improve your experience."

>

> Meta spokesperson Emil Vazquez tells The Verge that the company previously only used the activity across its apps, such as likes, views, and follows, to tailor the content you see. The company also started using conversations with its AI assistant to personalize ads last year.



[1] https://about.fb.com/news/2026/06/better-personalization-and-changes-to-controls-for-your-activity-from-other-businesses/

[2] https://www.theverge.com/tech/946744/meta-website-activity-personalize-feeds

An anonymous reader quotes a report from 404 Media:

> Microsoft has shut down a wave of its own repositories on GitHub, including those related to Azure and AI coding agents, as it investigates a data breach, according to research from cybersecurity researchers and a statement given to 404 Media by Microsoft. Hackers [1]planted malware that would harvest peoples' credentials when they opened it in AI coding tools like Claude Code or Gemini CLI, according to one set of researchers. The exact contours of the breach are unclear, but researchers say Microsoft has disabled more than 70 of its own repositories, and pointed to a particular package that was previously compromised.

>

> Last week, cybersecurity website [2]OpenSourceMalware.com , which acts as a clearing house for indicators of supply chain attacks so defenders can secure their own networks, and which also publishes its own write-ups, wrote about the mass disabling of Microsoft GitHub repositories. "GitHub disabled 73 Microsoft repositories across four of its GitHub organizations -- the entire Azure Functions org, the whole Durable Task family, and a row of AI sample apps -- in a 105-second sweep on June 5," the website [3]wrote on Friday. Is it very unusual for any company, let alone Microsoft, to disable so many of its own repositories in one go. They include 49 related to Azure, Microsoft's cloud computing arm, and some concerning AI agents. The shutdown repositories also include ones related to durabletask, a Microsoft development tool.

>

> Researchers from StepSecurity [4]wrote on Friday that the GitHub closures came after a malicious commit was pushed to the durabletask repository. That attack planted configuration files that would harvest peoples' credentials when they opened the repository in Claude Code, Gemini CLI, Cursor, or VS Code, StepSecurity wrote.

Microsoft said in a statement: "Our priority is to protect customers and the broader ecosystem. We temporarily removed some repositories as we investigated potential malicious content. Some of these repos have been restored after review, while others may remain offline while work continues. As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels."



[1] https://www.404media.co/microsoft-hacked-to-deliver-malware-to-claude-and-gemini-users/

[2] http://opensourcemalware.com/

[3] https://opensourcemalware.com/blog/miasma-reaches-azure

[4] https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents

NHS England [1]plans to [2]roll out Microsoft Copilot to 505,000 clinicians and support staff after a 30,000-person pilot claimed the AI assistant saved users an average of [3]43 minutes a day on administrative work . The Register reports:

> The rollout won't happen overnight. NHS England said that each trust will receive a central allocation of licenses based on headcount, typically starting with around 2,000 Copilot seats, and that more than half a million staff are expected to have access by October 2026. The NHS has no shortage of administrative work to throw at the software. The rollout envisions Copilot helping with discharge paperwork, bed management, rota planning, meeting minutes, board papers, briefings, data analysis, and assorted HR, finance, and procurement tasks.

>

> NHS organizations will also receive access to Copilot Studio, Microsoft's toolkit for building custom AI agents. NHS England said trusts will be able to develop agents for tasks such as handling Freedom of Information requests, processing complaints, reducing helpdesk workloads, and assisting with financial analysis. A governance framework called Agent 365 will oversee the deployment of those systems.



[1] https://www.england.nhs.uk/2026/06/500000-nhs-staff-to-get-new-artificial-intelligence-tools-to-help-free-up-more-time-for-patients/

[2] https://www.theregister.com/ai-and-ml/2026/06/08/nhs-prescribes-half-a-million-copilot-licenses-for-its-paperwork-headache/5252214

[3] https://www.linkedin.com/posts/dhsc_nhs-staff-could-save-43-minutes-a-day-on-activity-7386318034082361344-Ym1h

Researchers say mysterious, seconds-long GPS interference bursts detected across Europe [1]appear to come from Russian EKS early-warning satellites , making this "a rare example of human-made GPS interference coming from space," reports Ars Technica. The signals may be tests of space-based jamming capability, short satellite communications, or something else, but experts say they raise troubling questions about whether GPS disruption could eventually be weaponized on a continental scale. From the report:

> The discovery came from an investigation [2]detailed in a June 2 preprint paper by Todd Humphreys and his student Zach Clements at The University of Texas at Austin, along with Argyris Krizise at Stanford University in California. By sifting through public data from ground-based stations with global navigation satellite system (GNSS) receivers, they identified a pattern of high-powered interference lasting less than 10 seconds each time but simultaneously detectable by ground stations across Europe from Norway to Spain to Poland, and even reaching as far west as Greenland and Canada.

>

> By analyzing the ground station data from January 2019 to April 2026, the researchers found 75 days with at least one widespread GNSS interference event overlapping with the [3]GPS L1 frequency band centered on 1575.42 megahertz. That represents the main band used for signal transmission by the US-made GPS satellite constellation and GNSS constellations from other countries. Such interference patterns happened mostly on Tuesdays, Wednesdays, and Thursdays during business hours in Europe, Humphreys told the [4]YouTube channel Veritasium . Because such "continental-scale" interference was simultaneously affecting GPS receivers across Europe and beyond, Humphreys and his colleagues calculated that the source had to be at least 1,200 kilometers above the Earth.

>

> [...] In the Veritasium video, Humphreys speculated that the Russians may have been testing the satellites' GPS interference capabilities only briefly on a neighboring frequency adjacent to the typical GPS band. "And then in the eventual future when there is a hot conflict, they go ahead and tune their transmitter down to the GPS band, but it's much more damaging now that it lies right on that band," he said. Incidentally, the raw data also revealed a second interference burst from the Russian satellites in a lower-frequency band used by China's BeiDou navigation system. "I can no longer say this is accidental with confidence," Humphreys told Veritasium. He also described the Russian satellites' quiet demonstration as a "massive escalation in the electronic warfare background conflict that is going on right now."

Richard Bowden, division head of assured and resilient PNT at the multinational technology company GMV in Spain, [5]wrote in a LinkedIn comment: "These signals are, without a doubt, intentional and placed on or around GNSS signals, and have the potential to disrupt legitimate use of GNSS services. But from our side at least, we can't be sure they are intentionally malicious or intended as an EW [electronic warfare] weapon."



[1] https://arstechnica.com/space/2026/06/tests-suggest-russian-satellites-can-jam-gps-on-a-continental-scale/

[2] https://arxiv.org/abs/2606.03673

[3] https://gssc.esa.int/navipedia/index.php/GPS_Signal_Plan

[4] https://www.youtube.com/watch?v=tz23G_UXCGA

[5] https://www.linkedin.com/feed/update/urn:li:activity:7468748867489087488/?dashCommentUrn=urn%3Ali%3Afsd_comment%3A(7469140435245113344%2Curn%3Ali%3Aactivity%3A7468748867489087488)

A [1]battery researcher's investigation , backed by more than 20 independent experts, claims Donut Lab's much-hyped "solid-state" battery is [2]actually a conventional lithium-ion cell , with voltage curves and expansion data matching high-nickel NCM chemistry rather than the promised sodium-ion solid-state design. Electrek reports the company raised about $25 million from more than 1,300 mostly small investors on claims of 400 Wh/kg energy density, 100,000-cycle life, and 5-minute charging that now appear unsupported. From the report:

> The investigation consulted over 20 independent battery experts, including Julian Zanau from the Fraunhofer Research Institute, Dr. Yahim San from Justus-Liebig University, Tom Bicha from Leona, and Dr. Yuo Hesca from Seinajoki University of Applied Sciences. Every single one confirmed the tested cell is lithium-ion. There are two key pieces of evidence. First, the voltage curves from VTT testing match high-nickel lithium-ion cells (NCM chemistry). The cell sits at 3.7-3.8 volts at 50% state of charge -- right where lithium-ion cells operate. Sodium-ion cells don't go significantly past 3.5 volts at 50% SOC.

>

> The second piece of evidence is even more damning: VTT's cell expansion data. When a battery charges, ions squeeze into the anode material, causing it to expand in a predictable pattern. A graphite anode produces a distinctive "kink" in the expansion curve around 50-70% state of charge, caused by how ions reorder themselves in graphite's layered structure. The Donut Lab cell shows exactly that kink.

>

> This is critical because sodium ions are physically too large to fit into graphite layers. The graphite anode signature proves the cell uses lithium ions. The investigation puts it well: "it's like we have a slightly noisy fingerprint and a picture of the suspect's face. And yet again, it's a match." The calculated energy density? About 298 Wh/kg -- what you'd expect from a good lithium-ion cell, not the 400 Wh/kg claimed.

>

> The investigation reveals that the battery technology traces back to CT Coatings, a German company with an "eclectic" array of patents -- including inventions for screen-printed paving slabs, menu folders, and warning triangles. CT Coatings promised Nordic Nano and Donut Lab a screen-printed sodium-ion solid-state battery. What it delivered was a lithium-ion pouch cell.



[1] https://www.youtube.com/watch?v=j5oyVNjrUPI

[2] https://electrek.co/2026/06/08/donut-lab-solid-state-battery-exposed-lithium-ion-fraud/

An anonymous reader quotes a report from The Guardian:

> The world's oceans are under "severe and accelerating" pressure from human activities, with the rate of sea-level rise [1]double that of a decade ago , according to a damning assessment from the United Nations. The "intensifying" stressors, which include pollution and large-scale industrial fishing, are cumulative, [2]said the report , resulting in widespread biodiversity loss and putting ocean systems under "severe strain."

>

> The UN's third World Ocean Assessment, which reflects the work of nearly 600 scientists from 86 countries, looked at the oceans' health from 2021-25. The previous report, that covered up to 2018, found persistent degradation of the marine environment. Five years on, scientists know more about the cumulative impacts of anthropogenic pressures on the ocean, and the latest report shows just how much of the damage has been done in the past few years. The scientists' key findings include:

>

> - Sea levels continue to rise at an increasing rate, from 2mm a year prior to 2015 to 4.3mm a year in 2023.

> - 16% of the increase in global ocean heat since 1955 occurred after 2018.

> - The greatest relative warming has been observed in the Atlantic Ocean and the southern parts of the Indian and Pacific Oceans.

> - Large gaps in knowledge persist -- with only 27% of the ocean floor mapped by 2025, deep-sea ecosystems remain poorly understood.

Lukas Meus, Greenpeace's global ocean campaigner, said: "We are calling on governments to create fully protected ocean sanctuaries that will close vast areas of the ocean off from extractive human activities. Governments have promised to protect 30% of the world's ocean by 2030 -- the minimum scientists say we need for the ocean to be able to recover."



[1] https://www.theguardian.com/environment/2026/jun/08/un-world-ocean-assessment-severe-stress-sea-level-rise-doubles-pollution-fishing-climate

[2] https://www.un.org/regularprocess/woa3

OpenAI has [1]confidentially filed for an IPO , "setting it up for what may be the most highly anticipated market debut in recent history and a massive payday for early investors," reports CNN. The decision follows recent IPO announcements from [2]Anthropic and [3]SpaceX . From the report:

> OpenAI said it has not decided on timing yet. And because the filing is confidential, it's not yet clear how many shares the company plans to sell or at what price. "It may be a while because there are things we want to do that are likely easier as a private company," it said in a post on its [4]newsroom page . But the company said the filing "gives us the option to go public sooner if that ends up being best."

>

> The transition to a public company will give Wall Street a window into OpenAI's finances as the company pours billions into AI infrastructure and computing resources. Investors dumped tech stocks last week as they questioned whether a recent run-up in those shares had gone too far. OpenAI was last valued at $852 billion after raising $122 billion in March, but it's faced pressure to demonstrate it can generate the cash to match that valuation.



[1] https://www.cnn.com/2026/06/08/tech/openai-files-for-ipo

[2] https://slashdot.org/story/26/06/01/1837259/anthropic-files-to-go-public

[3] https://slashdot.org/story/26/04/01/2043248/spacex-files-to-go-public

[4] https://openai.com/index/openai-submits-confidential-s-1/

UK Prime Minister Keir Starmer has given Apple, Google, and other tech firms until September to introduce device-level protections that [1]prevent children from taking, sharing, or viewing explicit images . "If businesses do not comply within three months, legislation will be brought forward requiring the protection to be added to all phones and tablets sold in the UK," reports The Guardian. "Tech firms that fail to do so could face fines, and their senior managers could be made criminally liable." From the report:

> "Today, I am calling on tech companies operating in this country to introduce vice controls that prevent children from sending and receiving sexually explicit images. Because this is not an impossible challenge," he said. "If they choose not, then we will act and we will change the law." [...] Under the changes, sexual predators will be prevented from being able to exploit and abuse victims through their devices, and children stopped from being able to access pornography, the Home Office said. Adults will still be able to take, share or view nude content once they have verified their age.

>

> In the Commons, Melanie Ward, the Labour MP for Cowdenbeath and Kirkcaldy, said: "It's time to stop asking social media companies to make their products safe, and instead time to start requiring them to do so through regulation." Clive Efford, the Labour MP for Eltham and Chislehurst, said the "sociopaths" running social media platforms had no concern for the welfare of children. "The only message that they're going to listen to is if there's legislation put before this house that is going to act and send a clear message to them." The proposal is designed to sit alongside the Online Safety Act, which requires companies to have processes for removing material that is illegal or harmful to children.



[1] https://www.theguardian.com/technology/2026/jun/08/starmer-tech-firms-ultimatum-block-explicit-images-children-phones

Last Thursday, Wired [1]reported that Meta had quietly embedded an unreleased facial recognition system called NameTag into software installed on millions of phones. In a follow-up report, Wired says the tech giant has [2]now removed the face-recognition-related code , while saying "no final decision" has been made about whether the feature will launch. From the report:

> On Thursday, WIRED reported that Meta had quietly integrated substantial portions of the NameTag system into the Meta AI app. Though never publicly enabled, the feature was designed to convert faces captured by the glasses into unique biometric signatures, commonly known as faceprints, and compare them against a database of faceprints stored on the user's device. WIRED also found that faces the system failed to recognize were cropped, indexed, and stored locally for future processing.

>

> NameTag first surfaced in February, when [3]The New York Times , citing internal Meta documents, reported that the company was developing face recognition for its smart glasses and weighing a launch as soon as this year. One memo reportedly described releasing it during a "dynamic political environment," when privacy and civil liberties advocates would be distracted. Last week, WIRED reported that much of NameTag's machinery was already built into the Meta AI app, downloaded by millions of users, as early as January, even as Meta publicly said it had made no final decision about face recognition. After WIRED's report, Stone dismissed the findings, writing that the company couldn't answer questions about how the system would work because "the feature does not exist." Andrew Bosworth, Meta's chief technology officer, called the reporting "incredibly misleading" and "absolutely dishonest."

>

> [...] The newly released version of Meta AI removes nearly all traces of the feature Meta said did not yet exist. Gone is the face-recognition software itself, along with the code that ran the NameTag recognition process and the "Person recognized" alert the app would have shown if someone were identified. The update also strips out a folder where the app would have stored the cropped images and biometric signatures of faces it captured but could not identify. [...] A few fragments of the NameTag system remain in the version of latest Meta AI, including an internal debug menu label and a dormant link meant to open a recognized person's profile. The leftover code points to parts of the system that are no longer there.



[1] https://www.wired.com/story/meta-smart-glasses-face-recognition-nametag-connections/

[2] https://www.wired.com/story/meta-smart-glasses-face-recognition-nametag-connections/

[3] https://www.nytimes.com/2026/02/13/technology/meta-facial-recognition-smart-glasses.html

Microsoft executive Matt Booty says future Xbox exclusivity [1]will be decided "case-by-case ," with Gears of War: E-Day and Clockwork Revolution remaining Xbox console exclusives while major multiplayer, live-service, and previously promised PlayStation releases stay multiplatform. But IGN's Tom Phillips says Microsoft's announcement still leaves numerous questions unanswered, like "why just Gears and Clockwork Revolution?" and "how will this policy be enforced in future?" From the report:

> Last night's Xbox Showcase featured the return of games specifically earmarked as exclusives for Xbox consoles (though, of course, they'll still also be coming to PC). But why just Gears and Clockwork Revolution? And how will this policy be enforced in future? Microsoft's announcement left numerous questions unanswered. "We want a reason for people to get on board with Xbox, we want them to have a reason to buy an Xbox, we want them to have a reason to be an Xbox fan," Booty [2]said . "At the same time, we want to reward all our players that have been with us for a long time -- we know that exclusives are important, and that's why we've got Gears coming in 2026 and Clockwork [Revolution] coming in 2027."

>

> "We also want to be clear that our big multiplayer games and live-service games are going to continue to be multiplatform," he continued. "If we've promised something to players already, we're going to honor that promise. And then -- I think Asha said it -- we're going to make the right decision and not the fast decision. "We're going to keep thinking about this going forward," Booty continued, "and, I think you guys know already, our principle is when we announce the date, we announce the platforms. So, it's going to be case-by-case, but we're going to be clear, that when it's got a date, it's got a platform and you'll know what the choice is going to be."

>

> Beyond those games already confirmed for PlayStation (such as the upcoming Halo: Campaign Evolved, and the PS5 version of Forza Horizon 6 due later this year), last night saw Microsoft make the call that other upcoming titles would still be coming to PS5 as well. While it had been assumed that State of Decay 3 would get a PS5 version, yesterday saw it made official. Hellblade threequel Senua was unveiled, and is getting a PS5 version. And, unsurprisingly, Spyro: A Realm Beyond is coming to Xbox, PS5 and Nintendo Switch 2.



[1] https://www.ign.com/articles/xbox-game-exclusivity-will-be-decided-on-a-case-by-case-basis-microsoft-says

[2] https://x.com/vicious696/status/2063719023817437520

An anonymous reader quotes a report from AppleInsider:

> Apple has [1]unveiled its next Mac operating system, macOS Golden Gate, with Apple promising better performance, the [2]improved Siri , and more. [...] On the surface, macOS Golden Gate is not as significant an upgrade as macOS Big Sur, or even macOS Tahoe with its Liquid Glass redesign. But under the surface, it is much more significant than it seems. Apple has chosen this release to draw a line in the sand. For the first time, the new macOS Golden Gate will [3]not support Macs that have Intel processors . [...] Nonetheless, as of when this is released to the public in September or October, no Intel Macs will ever be supported again.

One of the most notable design tweaks in this new release is a refinement of macOS toolbars and sidebars: toolbars are now more distinct, sidebars can stretch all the way to the window edge, and sidebar icons have regained color. Apple is also tightening window corner radii to address complaints about resizing behavior.



[1] https://www.apple.com/newsroom/2026/06/apple-unveils-next-generation-of-apple-intelligence-siri-ai-and-more/

[2] https://apple.slashdot.org/story/26/06/08/1811209/apple-announces-siri-ai-next-generation-of-apple-intelligence

[3] https://appleinsider.com/articles/26/06/08/macos-27-golden-gate-delivers-more-liquid-glass-and-updated-siri

At WWDC 2026, Apple announced a new "Siri AI," describing it as a [1]more conversational, personalized, and systemwide assistant that can understand on-screen context and interact with apps while relying on on-device processing or Private Cloud Compute. The relaunch comes two years after Apple's original Apple Intelligence promises stumbled and " [2]never fully materialized ," reports The Verge. MacRumors reports:

> Siri is now embedded directly in the Dynamic Island, accessible by swiping down from it, pressing the side button, or saying "Hey Siri." A revamped voice engine makes the assistant sound more expressive, with micro-adjustable voice settings available during initial setup.

>

> During Apple's keynote demo, presenters showed Siri handling chained, multi-step requests with apparent ease. In one sequence, a presenter asked about a Suki Waterhouse concert, was told tickets require a lottery entry, and asked Siri to set a reminder when the lottery opens, which it did. In another, the assistant identified a photo's landmark, pulled up navigation to that location, and surfaced photos from a recent family trip, adding a specific image to a shared family album on request.

>

> Another demo showcased Siri's ability to synthesize information across apps. A presenter asked about a dessert he had heard about at an event, and Siri located the relevant details from his Messages history. It then compiled the information into a watch-party menu, drafted a message to his contacts with the menu included, and presented send and edit options. In a further demo, a presenter asked about something his son had shared in a message and followed it up by asking Siri to compose an email on the subject.

>

> A new dedicated Siri app lets users scroll back through prior conversations and kick off new ones, with conversation history synced via iCloud so sessions carry seamlessly between devices. The app is also coming to watchOS. On the Mac, Siri is now also integrated into Spotlight and available via right-click context menus on any file or window. On visionOS, Siri AI gains a 3D visualization that users can place anywhere in their space.



[1] https://www.macrumors.com/2026/06/08/apple-announces-siri-ai/

[2] https://www.theverge.com/tech/942416/apple-siri-ai-update-wwdc

[1]wiredmikey shares a report from SecurityWeek:

> Meta-owned communications app WhatsApp says it recently detected and disrupted a spear-phishing attempt [2]linked to spyware company NSO Group . The attack is allegedly in defiance of a court order that bars the spyware maker from targeting WhatsApp. WhatsApp filed a lawsuit against NSO in 2019, after it came to light that a zero-day vulnerability had been [3]exploited to deliver spyware to users. [...] NSO has been seeking to overturn the order blocking it from targeting WhatsApp users, arguing that the company will "suffer irreparable harm."

>

> According to WhatsApp, the spyware maker has violated the permanent injunction. The messaging app reported on Monday that it had recently learned of a social engineering attack that attempted to trick users into clicking on malicious links. WhatsApp has only shared a few domains as an indicator of compromise (IoC), but says it was able to link the attack to NSO, pointing to similarities to previously reported one-click phishing campaigns tied to the spyware company. WhatsApp says it also caught the attackers creating test accounts and groups. Those accounts and groups have been disabled, but further action is also being taken.

WhatsApp [4]says it is asking a federal court to hold NSO in contempt for allegedly violating a permanent injunction barring it from targeting WhatsApp and its users. The company also said it is making a "significant contribution" to the [5]Spyware Accountability Initiative , a fund aimed at exposing and stopping spyware abuse.



[1] https://slashdot.org/~wiredmikey

[2] https://www.securityweek.com/whatsapp-catches-spyware-firm-nso-defying-no-hacking-court-order/

[3] https://tech.slashdot.org/story/19/05/14/0334243/israeli-firm-tied-to-tool-that-uses-whatsapp-flaw-to-spy-on-activists

[4] https://about.fb.com/news/2026/06/fighting-spyware-an-update-from-whatsapp/

[5] https://stopspyware.fund/

Firefox has [1]merged initial support for Vulkan Video decoding , giving the browser a more cross-platform path for GPU-accelerated video playback beyond Linux's long-running reliance on VA-API. Phoronix reports:

> Firefox on Linux has long been focused on the Video Acceleration API (VA-API) that isn't universally supported by Linux graphics drivers. This has left to efforts like NVIDIA-VAAPI-Driver to layer VA-API atop NVIDIA NVDEC interfaces to enjoy GPU-accelerated video playback in Firefox. Smaller Arm/embedded graphics drivers also have been largely left out of the game in the VA-API space. But with Vulkan Video we are beginning to see more adoption and in a cross-platform manner.

>

> [...] The Firefox 153 release due out in July will have Vulkan Video decoding support available. The [2]Vulkan Video activity in Firefox Git culminated this week with the work of NVIDIA engineer Tymur Boiko and Red Hat's Martin Stransky. Firefox 153.0 is expected for release on 21 July with this Vulkan Video support assuming no last minute issues.



[1] https://www.phoronix.com/news/Firefox-Vulkan-Video-Merged

[2] https://github.com/search?q=repo%3Amozilla-firefox%2Ffirefox+Vulkan+Video&type=commits&s=author-date&o=desc

[1]Bending Spoons , the Italian app studio behind acquisitions like [2]Eventbrite , [3]Vimeo , [4]WeTransfer , [5]Evernote , and [6]AOL , has [7]filed to go public in the U.S . after growing into a subscription-heavy app conglomerate with more than 500 million monthly active users. TechCrunch reports:

> In its filing with the Securities and Exchange Commission, Bending Spoons said it ended the year with $1.31 billion in revenue and has generated $601 million in Q1, a 132% year-on-year jump. The company gets the majority of its revenue from subscriptions, which account for 84% of its business. It generated $27.4 million in profit in Q1 2026. The company raised funding at an $11 billion valuation last year, up from $2.8 billion in 2024. In April, Reuters reported that the company could seek a $20 billion valuation with the IPO.



[1] https://www.bendingspoons.com/

[2] https://news.slashdot.org/story/25/12/04/1751254/bending-spoons-buys-eventbrite-for-500-million

[3] https://slashdot.org/story/26/01/23/0757223/almost-everyone-laid-off-at-vimeo-following-bending-spoons-buyout

[4] https://slashdot.org/story/24/09/09/1046203/bending-spoons-plans-to-cut-75-of-wetransfer-staff-after-acquisition

[5] https://tech.slashdot.org/story/24/10/28/1850228/private-equity-hipsters-are-coming-for-your-favorite-apps

[6] https://slashdot.org/story/25/10/29/1631223/aol-to-be-sold-to-bending-spoons-for-roughly-15-billion

[7] https://techcrunch.com/2026/06/08/eventbrite-and-vimeo-owner-bending-spoons-files-to-go-public/

A burglar took a self-driving Waymo taxi to rob a San Francisco yoga studio this past January, [1]reports TechCrunch — "and police have still not caught them."

Even the police officer assigned to the case thought it would be easier to solve, notes [2] The San Francisco Chronicle , since Waymos are outfitted with multiple high-definition cameras and require users to make accounts with their credit card numbers:

> It's common for officers to seek video footage of a crime from any of the Waymos, Teslas and other high-tech vehicles that record their surroundings. That information can be crucial for identifying suspects or creating a reliable timeline of events. At times, police will go so far as to obtain search warrants to [3]tow the vehicle "witnesses " to ensure they don't lose valuable video evidence. In the Hot 8 Yoga burglary case, San Francisco police issued a search warrant that forced Waymo to turn over information on the account that ordered the ride and video footage from the white Jaguar that served as the getaway car, police records show.

>

> Faye said that he couldn't discuss certain details of the case, but that the Waymo user's account information didn't lead police to the suspect. In general, he said, it's not unusual for a criminal to order a service with stolen information or a burner phone. The video evidence didn't help much either, Faye said. He said that the company had not retained interior footage of the car by the time the search warrant was filed in April and that it had kept the faces seen outside the car blurred for privacy reasons... Waymo does not publicly disclose how long it retains video footage. The company blurs faces and license plates in the public-facing images it uses in a database designed for research....

>

> Last year in Los Angeles, a person allegedly robbed a grocery store before hopping in a Waymo. Officers were able to chase down the vehicle after the suspect got inside, and the car pulled itself over after police turned on the car's emergency lights, [4]according to Los Angeles-area news outlets .

"Farah Issa, studio manager of Hot 8 Yoga, showed the Chronicle a copy of the surveillance video from her phone, noting how the Waymo dropped off the suspect and waited for him to finish the burglary before taking off again."



[1] https://techcrunch.com/2026/06/04/a-burglar-used-a-waymo-to-steal-yoga-clothes-in-sf-and-got-away-with-it/

[2] https://www.sfchronicle.com/crime/article/waymo-burglary-camera-video-22277358.php

[3] https://www.sfchronicle.com/crime/article/tesla-sentry-mode-police-evidence-19731000.php

[4] https://www.youtube.com/watch?v=BPs3XxD0tEU

Most supply-chain attacks using Ruby's package hosting site " [1]exploit a narrow window ," according to a new blog post form Ruby core maintainer Hiroshi Shibata.

So its packaging-managing Bundler tool now offers a filter that blocks new version until it's been public "for at least N days. Releases too new to have been scrutinized are passed over in favor of ones that have aged past the window."

> The feature was [2]designed in the open , drawing on [3]how other ecosystems approach the same problem . It is opt-in, and complements rather than replaces existing defenses like mandatory 2FA and trusted publishing... Cooldown is unset by default, so a project without it keeps resolving to the newest versions.... Passing 0 disables cooldown for the run...

>

> Cooldown is most useful as one part of the wider security investment happening on rubygems.org. The registry now validates gem contents at push time and checks logins against Have I Been Pwned so that compromised passwords cannot be reused, work described in [4]Protecting rubygems.org from the outside in . A dedicated team is running [5]AI-assisted vulnerability scanning against the most critical gems , backed by Alpha Omega and Anthropic, and the direction of all of this is tracked on a [6]public roadmap . Trusted publishing and mandatory 2FA already raise the bar for who can push a release in the first place.



[1] https://blog.rubygems.org/2026/06/03/cooldown-let-new-gems-be-vetted.html

[2] https://github.com/ruby/rubygems/discussions/9113

[3] https://dev.to/hsbt/should-rubygemsbundler-have-a-cooldown-feature-40cp

[4] https://blog.rubygems.org/2026/04/09/protecting-rubygems-from-the-outside-in.html

[5] https://blog.rubygems.org/2026/04/29/scaling-rubys-defenses-with-ai.html

[6] https://blog.rubygems.org/2026/04/15/rubygems-org-has-a-public-roadmap.html

Jeff Bezos is backing [1]Flourish , a new "neuro AI" startup with $500 million in funding and a reported $2.5 billion valuation, that [2]aims to reinvent AI by studying the brain's architecture and building systems that learn continuously while using far less power than today's large language models. The company's long-term bet is that neuroscientists and AI researchers working together can uncover the brain's "core algorithm" and eventually create brain-inspired AI that runs on a tiny fraction of current compute. Wired reports:

> Rob Williams knows how to pitch Jeff Bezos: You write a press release as if your product has already been built. Bezos reads it and gives a thumbs up or down. Williams went through this process a lot as an executive on Amazon's "S-team," in charge of software products such as Alexa, until his departure last fall. But the pitch he made a few weeks later -- in December 2025 -- was different. Now he was collaborating with Thomas Reardon, a neuroscientist and repeat startup founder, and approaching Bezos as a funder, not a boss. Here's what Bezos, sitting on his yacht somewhere, read while Williams anxiously watched on Zoom: "Flourish is a neuro AI company that is solving the two most difficult problems facing AI today: power efficiency and continuous learning. We are building Cortex AI, the first synthetic intelligence system designed to match the computational capacity, learning efficiency, and power budget of the human brain."

>

> A month later, I'm lunching with Reardon and Williams in the Flatiron neighborhood in New York City. Reardon gets right to the point. AI has dug itself into a hole, he says. Though increasingly powerful, large language models are greedy consumers of computer power and data. Though the inspiration for LLMs was rooted in biology, current frontier models have little in common with the human brain. A person uses about 20 watts of energy to process information; a single chip in an AI training cluster uses more than 30 times that amount. The hyperscalers require thousands of chips and gigawatts of energy, enough to power small cities. And those models need to suck up virtually all of what humans have written. Each new model requires more, more, more. For all of that, the models don't learn. Once you train them, they're stuck. The goal, Reardon tells me, is to build "a synthetic artificial intelligence brain that runs on 50 watts or less." It should adapt to its conditions, be as nimble as a human mind, and burn a tiny fraction of an LLM's compute power and energy. The proof of concept is thriving inside our skulls. "There's something fundamentally wrong with saying, "I need to basically read every book ever written 20 times over in order to learn English,'" Reardon says. "A human baby does it with a couple hundred thousand utterances."

>

> Reardon and Williams haven't figured out yet how to build systems that match the magic of a human brain. What they have is a belief that an expert, well-resourced team -- of AI researchers and neuroscientists working essentially side by side -- can find the answer. The neuroscientists will conduct original wet lab experiments with some of the most advanced lab equipment available, to hunt for usable intel on the brain's architecture. They plan to release the models they're currently developing as near-term products on the path to a full reinvention of AI. The fuzziness of the proposal didn't bother Jeff Bezos. After reading Williams' two-pager, he chipped in $50 million. Other funding came from Lux Capital, Google Ventures, and Catalio, among others. Bezos then almost doubled his initial stake and told Reardon he'd have given more if they'd asked. Now with a war chest of $500 million and a reported valuation of $2.5 billion, Flourish just needs to invent a new way to do AI.



[1] https://flourishlabs.ai/

[2] https://www.wired.com/story/jeff-bezos-is-funding-a-wild-hunt-for-the-brains-core-algorithm/