"For months, scammers have been taking advantage of a loophole that allows them to send spammy emails from an internal Microsoft email address typically used for sending legitimate account alerts," [1] TechCrunch reports :

> [The scammers] have been able to set up new Microsoft accounts as if they are new customers and use that access to send out emails purportedly from the tech giant, potentially tricking people into thinking these emails are genuine...

>

> Last week, I received several, similarly structured emails containing subject lines and web links to scammy sites from Microsoft across different email accounts. These [2]crudely made emails were sent from msonlineservicesteam@microsoftonline.com , an email account that Microsoft uses to send important notifications to users, such as two-factor authentication codes and other critical alerts about their online account. Some of these emails' subject lines resembled official emails that would alert users to fraudulent transactions, while other emails claimed to have a private message waiting for the recipient at a web address mentioned in the email body.

>

> In [3]a social post on Tuesday , anti-spam nonprofit The Spamhaus Project said it had also seen Microsoft's account notification email address being abused to send spam and that the activity dated back "several months."

A PR representative told TechCrunch that Microsoft was "actively investigating" and "taking action against these phishing reports to help keep customers protected," with measures that include "removing accounts that violate our Terms of Use" and "further strengthening our detection and blocking mechanisms."

TechCrunch suggests the issue may not be limited to Microsoft. "Other users commenting on social media say that other companies' email addresses are also being used to send out spam."



[1] https://techcrunch.com/2026/05/21/scammers-are-abusing-an-internal-microsoft-account-to-send-spam/

[2] https://mastodon.social/@zackwhittaker/116562360000833298

[3] https://infosec.exchange/@spamhaus/116601270466207765

Last month saw a world first, [1]reports Electrek . Wind and solar generated more power globally than gas:

> According to new analysis from independent energy think tank [2]Ember , wind and solar produced 22% of the world's electricity in April 2026, compared to 20% from gas. Together, the two renewable sources generated a record 531 terawatt-hours (TWh) of electricity during the month, 54 TWh more than gas plants generated globally, at 477 TWh...

>

> Five years ago, in April 2021, gas generation was almost identical to today's level at 476 TWh. But back then, wind and solar combined generated just 245 TWh — less than half of what they produced this April...

>

> Wind and solar generation increased across nearly every major market reporting April data... April tends to be the strongest month for this kind of milestone because spring weather in the Northern Hemisphere usually brings a combination of strong wind generation, rising solar output, and lower electricity demand between heating and cooling seasons. Still, the broader trend is clear. Ember's recent Global Electricity Review found that wind and solar met all global electricity demand growth in 2025.

"Governments around the world are also ramping up renewable energy targets to reduce dependence on volatile fossil fuel imports..."



[1] https://electrek.co/2026/05/20/in-a-first-wind-solar-generated-more-power-than-gas-globally-april-2026/

[2] https://ember-energy.org/

Tesla's upcoming Cybercab "has been certified at 165 Wh/mi," [1]reports Electrek — which makes it "the most efficient electric vehicle ever produced — by a wide margin."

> The next most efficient EV on the market, the Lucid Air Pure, consumes 28% more energy per mile. Tesla VP of Vehicle Engineering Lars Moravy confirmed the figure, which represents a certified rating — not a marketing claim or internal target.

>

> It's an impressive achievement, but it comes with a massive asterisk: Tesla accomplished this by building a tiny two-seat robotaxi with no steering wheel, no pedals, and a sub-50 kWh battery pack... Even Tesla's own Model 3 — one of the most efficient passenger EVs you can buy — needs nearly a third more energy to cover the same distance... Where the 165 Wh/mi figure genuinely matters is in the economics of running a robotaxi fleet. Energy cost per mile is one of the biggest operating expenses for any ride-hailing service, and the Cybercab's efficiency gives Tesla a structural cost advantage over competitors...

>

> The small battery pack also means faster charging times and lower per-vehicle battery costs — both critical for fleet economics. Tesla has said the Cybercab [2]will cost $30,000 , and the efficient powertrain is a big part of hitting that price target. Tesla [3]confirmed Cybercab production has started at Giga Texas in April, though the ramp is expected to be slow initially. The company still hasn't solved unsupervised autonomous driving — the [4]first steering wheel-less unit rolled off the line in February, but Tesla's supervised robotaxi fleet currently crashes at roughly four times the rate of human drivers.



[1] https://electrek.co/2026/05/22/tesla-cybercab-most-efficient-ev-ever-165-wh-mi/

[2] https://electrek.co/2024/10/10/tesla-unveils-cybercab-electric-robotaxi/

[3] https://electrek.co/2026/04/23/tesla-cybercab-production-starts-no-nhtsa-2500-vehicle-cap/

[4] https://electrek.co/2026/02/17/tesla-rolls-first-steering-wheel-less-cybercab-unit-off-the-line-before-solving-autonomy/

Developers for several top videogames have joined unions under the Communication Workers of America — including [1] Call of Duty , [2] Fallout , [3] Overwatch , [4] Diablo and [5] World of Warcraft . Last month workers on the online game Magic: The Gathering Arena team [6]announced their own CWA union .

The [7]gaming news site Aftermath shares some interesting details :

> Owner Hasbro and Wizards of the Coast could have voluntarily agreed to the union, but instead the issue is going to an official vote with the National Labor Relations Board in June... [O]ne Arena developer shared on Bluesky that one of the reasons they were inspired to organize was because Wizards [8]changed its remote work policy , requiring them to move across the country or to a more expensive state to remain employed. ( [9]Changes to [10]remote [11]work have been one of the big drivers of unionization and union action among video game developers.) If the union is successful, the company wouldn't be able to unilaterally change working conditions like remote work; it would have to negotiate with the union over the decision. There's no guarantee unionized employees would get what they want, but they'd have more of a say, and the opportunity to directly influence their work situation, than they would without a union.



[1] https://cwa-union.org/news/cwa-members-ratify-contract-call-duty-video-game-studio

[2] https://cwa-union.org/news/releases/workers-bethesda-game-studios-achieve-union-recognition-cwa-becoming-first-wall-wall

[3] https://cwa-union.org/news/releases/overwatch-game-developers-secure-union-recognition-communications-workers-america

[4] https://cwa-union.org/news/releases/hundreds-diablo-game-developers-join-communications-workers-america

[5] https://cwa-union.org/news/releases/world-warcraft-employees-gain-union-recognition-communications-workers-america

[6] https://aftermath.site/magic-the-gathering-arena-team-unionizes-at-wizards-of-the-coast/

[7] https://aftermath.site/magic-the-gathering-arena-union-letters/

[8] https://bsky.app/profile/valentineirl.bsky.social/post/3mmfbzd7a3s25

[9] https://aftermath.site/activision-workers-speak-out-against-return-to-office-mandate-that-they-see-as-soft-layoffs/

[10] https://aftermath.site/ubisoft-union-strike-layoffs-remote-work-prince-of-persia/

[11] https://aftermath.site/diablo-union-activision-blizzard-microsoft-cwa-layoffs/

Slashdot reader [1]wiredmikey writes:

> Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Researchers say the vulnerability could impact roughly [2]88 million domains and can bypass DNS filtering and protective DNS controls, potentially enabling stealthy command-and-control communications and other evasive attacks.

Dubbed "Underminr," the exploit "presents the SNI and HTTP Host of a domain," [3]writes SecurityWeek , "while forcing a request to the IP address of another tenant on the same shared edge."

> The mismatch, [4]ADAMnetworks reports , has been exploited in attacks targeting large-scale hosting providers, including those that have implemented mitigations against domain fronting...

>

> Threat actors' increased reliance on AI is expected to lead to a surge in attacks. "Once Underminr becomes parametric information for AI-generated malware, we could expect to see it in every attack that needs to evade protective DNS as part of the attack chain," ADAMnetworks CEO David Redekop says.



[1] https://www.slashdot.org/~wiredmikey

[2] https://underminr.ai/about/

[3] https://www.securityweek.com/underminr-vulnerability-lets-attackers-hide-malicious-connections-behind-trusted-domains/

[4] https://support.adamnet.works/t/underminr-information-share-official-release/1584

Linus Torvalds spoke this week at the Linux Foundation's Open Source Summit North America, [1]reports ZDNet — and described how AI is impacting Linux kernel development:

> "In the last six months, we've seen a lot more commits," Torvalds noted, estimating that "the last two releases, it's been about 20% more commits than we had in the previous releases over many years.... The real change that happened in the last six months was that the AI tools actually got good enough for a lot of people... we're seeing a definite uptick in just development on pretty much all fronts...."

>

> On the positive side, he framed AI-discovered bugs as "short-term pain" with long-term benefits: "When AI finds a bug in any source code... long term is you found a bug, we fixed it, that the end result is better for it." After all, he continued, "I think finding bugs is great, because the real problem is all the bugs you didn't find..." For small teams or solo maintainers, he said, flood-style AI bug reports can cause real burnout, especially when "it's a bug report, and when you ask for more information, the person has done a drive-by and doesn't even answer your questions anymore."

The AI news site Techstrong [2]notes this quote from Torvalds . "I have a love-hate relationship with AI. I actually really like it from a technical angle, I love the tools, I find it very useful and interesting, but it is definitely causing pain points."

> The chief challenge with AI is that it forces people to change how they work, he found. People get into a rut, and AI challenges their norm. The Linux security mailing list got [3]the brunt of this new wave of AI-generated commits . Not all bugs are security issues, but when "people think that when they find a bug with AI, the first reaction seems to sometimes be let's send it to the security list, because this may have security implications," Torvalds said. As a result, the security list — watched over by a small group of maintainers — was overrun by duplicate entries...

>

> The Linux project learned to manage the bug influx with a set number of tools to sort out and deprioritize the obvious drive-by reports (ones where the person submitting the report won't even answer any questions). One tool, [4]Sashiko , reviews all the patches submitted on the mailing list. "Sometimes the review is not great, but quite often it finds issues and it asks questions and says, 'Hey, what about this issue?'" he said.

Linux also [5]updated their documentation , partly just to address "an uptick in bug and security reports from discoveries made in full or in part with AI."



[1] https://www.zdnet.com/article/the-patching-treadmill-why-traditional-application-security-is-no-longer-enough/

[2] https://techstrong.ai/articles/open-source-makes-bugs-shallow-linus-torvalds-says-ai-makes-them-public/

[3] https://linux.slashdot.org/story/26/05/18/0238214/linus-torvalds-ai-detected-bug-reports-make-kernel-security-list-almost-entirely-unmanageable

[4] https://github.com/sashiko-dev/sashiko?tab=readme-ov-file#readme

[5] https://linux.slashdot.org/story/26/05/16/0332211/linux-kernel-outlines-what-qualifies-as-a-security-bug-responsible-ai-use

Long-time Slashdot reader [1]Sun writes:

> AMD has [2]announced a change to the way they are licensing Vivado, their FPGA development tool... Hidden between the lines of the announcement [of a new model starting with the 2026.1 release] is the change to the free of charge tier. AMD is adding more devices to be supported in this tier, which is supposedly the carrot. The stick, however, is the removal of certain debug features.

>

> The thing that's likely to hit the hobbist community the worst, however, is that the free tier will now not be available on Linux.

>

> AMD are saying that old licenses are still in effect, so it appears that if you hurry to install Vivado now, you'd still be able to use it moving forward. It is not clear, however, whether it'll still be possible to install Vivado 2025.2 after Vivado 2026.1 becomes available.

"Almost all our surveys show... close to 70% of the customers are still using Windows," explained AMD senior product application engineer Anatoli Curran [3]on the tool's support forum . "Vivado ML Standard Edition v2025.2 is going to be officially supported (I mean if there are any bugs found, these can be fixed) until v2026.3 release... Any release older than the current 3 released versions of Vivado then becomes unsupported (meaning no bugs will be fixed with Vivado Standard Edition v2025.2 after Vivado v2026.3).

"However, users can continue using V2025.2 forever, if they wish to do so... Also, Vivado ML Standard Edition v2025.2 is license-free... Users only need to obtain and use any IP Core related licenses, or Vivado Model Composer (for SysGen)."



[1] https://www.slashdot.org/~Sun

[2] https://www.amd.com/en/products/software/adaptive-socs-and-fpgas/vivado/vivado-licensing-options.html

[3] https://adaptivesupport.amd.com/s/question/0D5Pd00001YQLdMKAX/why-is-vivado-20261-dropping-linux-support-for-free-tier-?language=en_US

Long-time Slashdot reader [1]UnknowingFool shares [2]this report from the BBC :

> Air France and Airbus have been found guilty of manslaughter over a 2009 plane crash which killed 228 people. The Paris Appeals Court found the airline and aircraft manufacturer "solely and entirely responsible" for the incident, in which flight AF447 from Rio de Janeiro to Paris crashed into the Atlantic Ocean. The passenger jet stalled during a storm and plunged into the water, killing all on board. A court had previously cleared the companies in April 2023, but they were found guilty on Thursday after an eight-week trial.

>

> Both have repeatedly denied the charges and say they will appeal... The companies have been asked to pay the maximum fine — €225,000 ($261,720; £194,500) each — but some victims' families have criticised the amount as a token penalty...

>

> In 2012, French investigators found a combination of technical failure involving ice in the plane's sensors and the pilots' inability to react to the aircraft stalling led to it plunging into the sea. The captain was on a break when the co-pilots became confused by faulty air-speed readings. They then mistakenly pointed the nose of the plane upwards when it stalled, instead of down. Investigators concluded the co-pilots did not have the training to deal with the situation. Pilot training has since been improved and the speed sensors replaced.



[1] https://www.slashdot.org/~UnknowingFool

[2] https://www.bbc.com/news/articles/czd2qmdvmq6o

On Friday TechCrunch reported they could [1]no longer Google the word "disregard" .

Google's AI Overview responded "Understood. Let me know whenever you have a new prompt or question!" below an icon for hearing the word "disregard" pronounced — then displayed several inches of blank whitespace.

"The Merriam-Webster link is still in there, but you have to scroll..."

> Earlier this week, Google rolled out a [2]completely new Search experience , foregrounding AI summaries and kicking the traditional "10 blue links" far down the page. But the sheer scale of Google Search means there are lots of edge cases that the company doesn't seem to have considered...

>

> Google has been catching some flack on [3]social [4]media for this, and it's easy to see why... For most users, that single reply is the only thing you'll see. And crucially, the AI response serves no conceivable value to a user searching the word "disregard." It's just a broken tool.

Google appears to have fixed the issue — sort of.

Now [5]Googling the word "disregard " brings up a list of news stories about how Google's AI Overviews misinterpreted the word disregard in search queries.



[1] https://techcrunch.com/2026/05/22/you-can-no-longer-google-the-word-disregard/

[2] https://techcrunch.com/2026/05/19/google-search-as-you-know-it-is-over/

[3] https://x.com/iihearttrose/status/2057637898862645677

[4] https://www.instagram.com/p/DYpWDE_lJkz/

[5] https://www.google.com/search?q=disregard

Qualys's Threat Research Unit (TRU) has discovered and published a logic flaw in Linux kernel "that permits an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major distributions." Friday their [1]blog pointed out "The bug has resided in mainline Linux since November 2016 (v4.10-rc1)."

"Upstream patches and distribution updates are already available."

> Working exploits are circulating publicly, and administrators should apply vendor kernel updates without delay. During ongoing research into Linux kernel privilege boundaries, TRU identified a narrow window in which a privileged process that is dropping its credentials remains reachable [2]through ptrace -family operations even though its dumpable flag should have closed that path. By pairing this window with the pidfd_getfd() syscall (added in v5.6-rc1, January 2020), an attacker can capture open file descriptors and authenticated inter-process channels from a dying privileged process and re-use them under their own uid. The primitive is reliable and turns any local shell into a path to root or to sensitive credential material [including host private keys under /etc/ssh ]

>

> [3]CVE-2026-46333 is local-only, but the impact is severe... Any unprivileged shell on a vulnerable host is enough to read /etc/shadow , exfiltrate SSH host private keys, or execute arbitrary commands as root through hijacked dbus connections to systemd. In practice, the distinction between an unprivileged foothold and full host compromise collapses: a phished developer account, a constrained CI runner, a low-privilege service account, or a shared multi-tenant host all become direct paths to root. With the vulnerable code shipping in mainline kernels since v4.10-rc1 (November 2016), the historical exposure spans nine years of enterprise fleets, cloud images, and container hosts.

>

> Qualys followed responsible disclosure throughout. Qualys reported the vulnerability privately to the upstream Linux kernel security contact on 2026-05-11. Over the following three days the kernel security team developed and reviewed the fix, CVE-2026-46333 was assigned, and the patch was committed publicly on 2026-05-14. We then engaged the linux-distros mailing list, the standard pre-disclosure channel for downstream coordination. A short time later, an independent exploit derived from the public kernel commit appeared.... Qualys is releasing the complete advisory today because the underlying technique is novel, the public picture is now incomplete and uneven, and independent researchers have already achieved local root and published exploit material. Doing so gives defenders, detection engineers, and downstream maintainers a single authoritative reference for the flaw, the race against do_exit(), the role of pidfd_getfd(), and the four exploitation case studies.



[1] https://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-local-root-privilege-escalation-and-credential-disclosure-in-the-linux-kernel-ptrace-path

[2] https://cdn2.qualys.com/advisory/2026/05/20/cve-2026-46333-ptrace.txt

[3] https://nvd.nist.gov/vuln/detail/CVE-2026-46333

The [1]Free Software Foundation announced this week that "its global call for free software supporters to organize LibreLocals this May resulted in free software supporters organizing forty-six LibreLocal events on six continents thus far." (And new dates and locations are being [2]added daily .)

> The FSF [3]invited free software supporters to organize in-person community meetups in their area during May 2026, or LibreLocal month, to bring people together to swap ideas, learn from each other, and celebrate free software. People were encouraged to organize events grounded in [4] freedom to help spread the [5]free software philosophy .... "The success of these LibreLocals speaks to how many people globally are interested in free software and ready to build community, and it demonstrates the strength of our movement" [said FSF executive director Zoë Kooyman]. "People getting together like this also proves how computer freedom and digital rights are on people's minds. When we reject freedom-restricting software and promote software that respects user rights, it helps further so many other basic rights...."

>

> The FSF has financially supported some of the events, but notes organizers are going above and beyond to create noteworthy events by any measure, and is impressed with the global network taking shape. "The energy we feel from all organizers is extremely motivating and we look forward to seeing LibreLocal events spread even wider over the next years! We want to support these initiatives even more, so we'll be looking to build a network of sponsors for future iterations as we work towards May 2027," says Heshan de Silva-Weeramuni, FSF program manager... William Goodspeed, the organizer behind the Beijing LibreLocal, reported that their meetup was double the size of last year's, and a number of very rich collaborative projects have emerged among the attendees.

>

> Discussing the value of connecting people, de Silva-Weeramuni notes: "Free software supporters know that connecting with each other leads them to learn, experiment, and create great things that protect our individual and shared rights. The extraordinary contributions that free software has made to the world were born through such collaborations between like-minded people towards a freer society. This same global spirit of collectively building a better future is one of the inspiring things that we have once again seen unfold through this year's many LibreLocals."



[1] https://www.fsf.org/news/2026-librelocal-meetup-update

[2] https://libreplanet.org/wiki/Group:Librelocal/2026

[3] https://www.fsf.org/news/2026-librelocal-meetup-update

[4] https://www.gnu.org/philosophy/open-source-misses-the-point.en.html

[5] https://www.fsf.org/about/what-is-free-software

"The numbers show that layoffs in the U.S. are roughly at or below levels from before the pandemic," [1]reports the Washington Post , "although they are higher than in 2022 when businesses snapped up workers as the economy roared back to life...

"A different measure that accounts for the growing U.S. workforce shows that layoffs affected about 1.2% of employed people in March, a number that has been steady for years outside of the pandemic..."

> In the technology industry, where Meta and other companies are regularly announcing job cuts, the layoff picture is complex. There has been a marked increase in layoffs in recent months in what the Labor Department calls the information industry, which includes employment of software developers and other tech workers. But Matthew Martin, senior U.S. economist at the research and consulting firm Oxford Economics, noted that hiring has also increased in that category, which includes media and entertainment. The combination of hiring minus layoffs in the information industry is effectively a wash, Martin said. Layoffs at Big Tech companies like Meta and other high-profile employers don't necessarily reflect what is happening in the country, Martin said, and draw far more attention than what may be slow and steady workforce growth. "There's a lot more headlines about job cuts than there are [about] expansion plans by businesses," he said.

>

> In his view, technology companies may be pushing out some workers and replacing them with people who have different skills as they respond to the demands of AI. It's true that businesses in some industries are devoting enormous sums of money and attention to AI. It's changing how some people work and a minority of American businesses are rolling out AI tools. But it's also become a trend for bosses to blame layoffs on the productive capabilities of AI and its ability to replace workers, even when job cuts may have little to do with the technology. Sam Altman, CEO of ChatGPT-maker OpenAI, has taken note of the pattern that he and others call "AI washing," essentially a high-tech form of whitewashing... "You know something is happening all the time when they have a word for it," said Gautam Mukunda, who teaches leadership at the Yale School of Management...

>

> AI-related employment changes are tiny so far, said Nathan Goldschlag, director of research at the Economic Innovation Group, a Washington think tank. He pointed to a recently published analysis of Census Bureau surveys, which found more than 95 percent of businesses that use AI said it hasn't changed their staff sizes — and AI-related employment increases were more common than decreases.



[1] https://finance.yahoo.com/economy/articles/what-layoffs-hide-about-the-real-problem-with-the-job-market-105409943.html

The Washington Post looks at arguments that "AI's coming upheaval may demand massive infusions of cash to everyday Americans". But [1]they also look at some of the alternatives :

> Anthropic CEO Dario Amodei has called for similar public-relief measures, including, potentially, universal basic income, or UBI. Eventually "our current economic setup will no longer make sense," he wrote in a blog post, adding that "there will be a need for a broader societal conversation about how the economy should be organized."

>

> Though OpenAI CEO Sam Altman once championed universal basic income, he has since embraced a new structure where the public has "collective ownership" of aspects of AI, [2]according to Business Insider . "I think any version of the future that I can get really excited about means that everybody's got to participate in the upside," he said in a recent podcast interview. In April, OpenAI laid out a set of policy proposals aiming to address the coming upheaval, referencing the transition to the industrial age and the New Deal as points of comparison for what's on the horizon...

>

> But some experts question whether tech billionaires, who spent decades resisting regulation, unions and higher taxes, would support the kind of massive redistribution such programs would require. "The only way to pay for UBI is to massively tax those enormously rich people who own the UBI machines," said Jesse Rothstein, a professor of public policy and economics at the University of California at Berkeley who served as chief economist at the U.S. Department of Labor. "It's a nice surprise to hear Elon Musk advocating for that...." Rothstein co-authored a study in 2019 that estimated granting a small income to the entire country would cost a massive amount — nearly double the total spending of Social Security, Medicare and Medicaid. To issue payments of $12,000 a year to U.S. adults, for example, "would require nearly doubling federal tax revenues," according to the paper...

>

> Economists appear to broadly support other solutions beyond redistribution, such as job retraining. A working paper published this spring by the Federal Reserve Bank of Chicago showed economists support more narrowly tailored solutions to the economic disruption. In late April, Meta appeared to embrace that path, announcing "a multi-year initiative that provides free, rapid training to turn thousands of Americans with no prior experience into high-paid fiber technicians" for projects including data centers.

Key quotes from the article:

Elon Musk said in an X post that "Universal HIGH INCOME via checks issued by the Federal government is the best way to deal with unemployment caused by AI."

"I think it's a marketing tactic" responded Scott Santens, a universal basic income advocate and is CEO of the nonprofit Income to Support All Foundation. He argued to the Washington Post that Musk's comment is "trying to thread this needle of, 'I want to solve this stuff that will potentially put a lot of people out of work.' And how do you avoid people getting really [angry] at that? Okay, well, you're still going to get money, everything will be great it's just you won't have to work anymore...."

The article also cites a [3]recent commentary from Jay W. Richards, a senior research fellow and VP of social and domestic policy at the Heritage Foundation. "The new AI prophets of doom suffer from a failure of imagination. They simply cannot envision what work the future will bring, so they conclude it will bring none,"



[1] https://www.yahoo.com/news/politics/articles/ai-leaders-see-mass-job-loss-coming-they-want-governments-help-solving-it-124114646.html

[2] https://www.businessinsider.com/sam-altman-ubi-universal-basic-income-view-changes-2026-4

[3] https://www.heritage.org/markets-and-finance/commentary/why-universal-basic-income-still-bad-idea

Citing new research, the Associated Press reports that "modest gains in the fight to curb climate change [1]have dialed back the most catastrophic of future heating ."

That's the good news. But the same research "also confirmed that there's no chance to limit warming to the international goal set in 2015."

> Researchers' new list of seven plausible carbon pollution scenarios for the future are pushing aside two staples of climate policy: the extremes on either end. The extremes have become less probable in the past several years because of how we power our world. Carbon dioxide, released from the burning of gas, oil and coal, is chiefly responsible for warming. Increasing use of green energies, like solar, wind and geothermal, which don't emit carbon dioxide, have lowered top end carbon pollution projections. However, because those changes haven't been fast enough, the bottom end projections have risen.

>

> The [2]Paris climate agreement in 2015 set a goal of limiting warming to 1.5 degrees Celsius (2.7 degrees Fahrenheit) since pre-industrial times, or the mid-1800s, giving rise to the mantra " [3]1.5 to stay alive ," but now scientists say that even their best case scenario still shoots past that signature temperature mark. On the other end, those same new scenarios no longer include the coal-heavy future that would lead to 4.5 degrees Celsius (8.1 degrees Fahrenheit) of warming by 2100, a scary scenario that many scientific studies used in their future projections.

>

> The new proposed worst case scenario has an end-of-the-century warming of about 3.5 degrees Celsius (6.3 degrees Fahrenheit), a full degree (1.8 degrees Fahrenheit) less than the old scenario, while the updated best case future is a couple tenths of a degree Celsius (0.36 degrees Fahrenheit) warmer than previously theorized, squeezing past the Paris goal, said climate scientist Detlef Van Vuuren of Utrecht University, lead author of a recent [4]study laying out future scenarios . "There is kind of a narrowing of the futures. It cannot be as bad as we thought, but it cannot be as good as we hoped," said Johan Rockström, director of the Potsdam Institute for Climate Impact Research in Germany.

>

> The scenarios include a "middle" one where by the end of the century the world warms 3 degrees Celsius (5.4 degrees Fahrenheit) above pre-industrial times, which is roughly the path society is currently on, scientists said... Because carbon pollution keeps rising globally and stays in the atmosphere for about century, the best case scenario is for warming to shoot past the 1.5 degree mark, peak at 1.7 degrees Celsius (3.1 degrees Fahrenheit) for maybe as long as 70 years, and eventually somehow come back down below 1.5 degrees if a technology can be designed to remove massive amounts of carbon from the air, said nine of the 10 scientists interviewed for this article. The world is warming at a pace of a tenth of a degree Celsius (nearly 0.2 degrees Fahrenheit) every five years, they said.



[1] https://apnews.com/article/climate-change-future-worst-case-best-danger-cc7a20fba4f5b42ce33024e1b781e7c9

[2] https://apnews.com/general-news-81dabae32cb8463b86bd85d762da9e6d

[3] https://apnews.com/article/climate-science-business-scotland-europe-7b282af7df95b55dff2630e158631a73

[4] https://gmd.copernicus.org/articles/19/2627/2026/

NASA [1]plans to open competition for the contract to operate JPL for the first time in nearly a century, meaning Caltech's historic role managing the iconic deep-space lab could come to an end when its current agreement expires in 2028. According to JPL, Caltech has managed the lab since the its inception in the 1930s, and has done so for NASA since the agency was established in 1958. Space.com reports:

> According to the [2]JPL statement , Caltech has been preparing for this possible transition since last summer, so the news "comes as no surprise." But the potential change is part of a larger shakeup for the agency. Earlier this morning, NASA announced a major reorganization, which is separate from the JPL news. "To support the agency's ambitious short- and long-term goals, NASA is taking action to increase specialization at centers and integrate mission directorates, elevating delivery of technically excellent work," the agency said in a statement today.

>

> JPL is NASA's lead center for the robotic exploration of Mars and other deep-space locales. The agency has worked with JPL through Caltech as a manager for nearly 70 years. Though JPL still counts as one of NASA's field centers, it's run as a contracted FFRDC (federally funded research and development center). This status has allowed the lab to function slightly differently than other NASA centers; it has a unique sort of independence, though NASA has always had significant oversight of the lab. "As an FFRDC, JPL operates under a special contractual and governance framework designed to ensure that its work is performed in the public interest and aligned with national priorities," NASA has stated. "The FFRDC model enables NASA to retain access to this depth of capability while maintaining a clear separation between government decision-making authority and contractor execution responsibilities."

>

> Opening up the competition for institutions beyond Caltech to operate JPL could mean significant changes for everything from day-to-day mission management to big NASA science programs. Until now, JPL and Caltech have been heavily intertwined, with mission personnel, scientists, leadership, and others working closely "across the pond" between JPL and Caltech. JPL mission and program meetings often include Caltech employees and sometimes even take place on its Pasadena campus.



[1] https://www.space.com/space-exploration/shakeup-at-jpl-control-over-iconic-nasa-center-could-change-for-1st-time-in-nearly-100-years

[2] https://www.jpl.nasa.gov/news/jpl-prime-contract-update/

A proposal to make daylight saving time permanent has advanced in the U.S. House of Representative, [1]reports California news station KCRA :

> A proposal to make daylight saving time permanent has advanced in the House, reigniting an age-old American debate around the twice-annual clock changes. And this time, the proposal has the president's backing. President Donald Trump said Thursday that he will work "very hard" to sign the so-called [2]Sunshine Protection Act into law after the House Energy and Commerce Committee overwhelmingly approved the bill by a 48-1 vote.

>

> The bill still needs to pass the full U.S. House, and then the U.S. Senate would consider taking up the measure.

The bill would allow U.S states to decide whether to "exempt themselves" from Daylight Saving Time, according to the article.

The bill's sponsor described the annual clock-switching as "inconvenient, unnecessary, and out of step with the needs of today's families and economy," while finally creating a permanent Daylight Saving would bring "more usable daylight hours throughout the year."



[1] https://www.kcra.com/article/permanent-daylight-saving-time-trump/71385747

[2] https://www.congress.gov/bill/119th-congress/house-bill/139/text

The Pentagon [1]released a second batch of UAP files, including 50 videos and documents [2]showing unexplained objects over the Middle East, Syria, Iran, and in NASA recordings . Despite the reports, the agency stresses that it has found no evidence of extraterrestrial origin. The Guardian reports:

> In one video from the Middle East in 2019, taken "likely from an infrared sensor aboard a US military platform operating within the US Central Command area of responsibility," according to the Pentagon, three UAP are captured flying in formation over the Persian Gulf. Another formation of [3]four unidentified objects is seen flying past vessels on the water off Iran in a video from 2022.

>

> Footage taken over Syria in 2021 shows a mysterious object [4]racing away at speed akin to instantaneous warp-speed acceleration from science fiction movies. Few of the objects seem to resemble flying saucers, discs or other traditionally perceived forms for UAP, although one October 2022 clip taken at an undisclosed location shows a [5]cigar-shaped entity racing over what appears to be a residential area.

>

> None of the videos are accompanied by explanations, and the Pentagon's all-domain anomaly resolution office (AARO) has previously stated it has no evidence to suggest any of the thousands of objects seen on video, or described in written testimony, is of extraterrestrial origin. In [6]its May 8 release , a statement from the defense department said the public "can ultimately make up their own minds about the information contained in these files." Additionally, the information is collated from a diverse range of sources, including government agencies including several military branches, the FBI, the state department and Nasa. "Many of these materials lack a substantiated chain-of-custody," the Pentagon notes



[1] https://www.war.gov/UFO/

[2] https://www.theguardian.com/world/2026/may/22/pentagon-ufo-videos-testimony-documents

[3] https://www.war.gov/UFO/#DOW-UAP-PR050-4-UAP-Formation-Iran-26-Aug-2022-over-water-CALLSIGN

[4] https://www.war.gov/UFO/#DOW-UAP-PR051-Syrian-UAP-instant-acceleration

[5] https://www.war.gov/UFO/#DOW-UAP-PR053-Cigar-Shaped-or-Fast-Sherical-UAP-clip-15-OCT-22

[6] https://entertainment.slashdot.org/story/26/05/08/167218/pentagon-begins-releasing-new-files-on-ufos

SpaceX's upgraded Starship V3 [1]launched today from Starbase, Texas, for the first time, successfully deploying 22 dummy Starlink satellites and completing a [2]planned fiery splashdown in the Indian Ocean . Reuters reports:

> The towering vehicle, consisting of the upper-stage Starship astronaut vessel stacked atop a Super Heavy booster rocket, blasted off at about 5:30 p.m. CT on Friday (2230 GMT) from SpaceX facilities in Starbase, Texas, on the Gulf of Mexico near Brownsville. A live SpaceX webcast of the liftoff showed the rocketship, more than 40 stories tall, climbing from the launch tower as the Super Heavy's cluster of Raptor engines thundered to life in a ball of flames and billowing clouds of vapor and exhaust. The test ended about an hour later when the Starship vehicle made it through a blazing re-entry through Earth's atmosphere and splashed down into the Indian Ocean, nose up as planned, as SpaceX employees who gathered to watch a live webcast of the flight cheered. The lower-stage Super Heavy came down separately in the Gulf of Mexico about six minutes after blast-off.

>

> The launch marked SpaceX's 12th Starship test flight since 2023 and the first ever for the V3 iteration of both the cruise vessel and its Super Heavy booster, as well as the first blast-off from a new launch pad designed for the more powerful rocket. During its suborbital cruise phase, Starship successfully released its payload of 20 mock Starlink satellites one by one, plus two actual modified satellites that scanned the spacecraft's heat shield and transmitted data back to operators on the ground during the vehicle's descent. Starship made it to its cruise phase despite the loss of one of its six upper-stage engines, and mission controllers opted not to attempt an inflight re-ignition of the engines before re-entry. But the vehicle did execute a return-landing burn at the very end of its flight, along with several aerodynamic maneuvers deliberately intended to place the spacecraft under maximum stress, and Starship completed those moves intact for its controlled final descent.

You can watch a recorded livestream of the launch [3]on YouTube .



[1] https://www.spacex.com/launches/starship-flight-12

[2] https://www.reuters.com/business/aerospace-defense/spacexs-upgraded-starship-v3-blasts-off-debut-test-flight-texas-2026-05-22/

[3] https://www.youtube.com/live/Ke_V1Dlw_lI?si=ztGLcGISCjI8ePP4&t=1889

Aikido Security found that deleted Google API keys can [1]continue authenticating for a median of about 16 minutes and as long as 23 minutes , despite Google Cloud's UI claiming that once a key is deleted it can no longer make API requests. Dark Reading reports:

> Joe Leon, researcher at Belgian startup Aikido Security, recently analyzed the revocation window -- the time between a key's deletion and its last successful authentication -- for the cloud giant's API keys. In a [2]blog post published today, Leon said Google Cloud Platform (GCP) customers expect API access to end immediately after the key is deleted, but this is not the case. In a series of tests, Leon found that the median revocation window was around 16 minutes, while the longest window was up to 23 minutes, "an incredibly long time" for API keys to continue authenticating successfully, he said.

>

> And these windows have serious repercussions for organizations. "An attacker holding your deleted key can keep sending requests until one reaches a server that has not caught up. If Gemini is enabled on the project, they can dump files you have uploaded and exfiltrate cached conversations," Leon said. "The GCP console will not show the key, and it will not tell you the key is still working. You are trusting Google's infrastructure to eventually catch up."

>

> [...] Leon tells Dark Reading the revocation windows for Google's API keys, as well as the unpredictable authentication success rates, complicate matters for incident response teams that are dealing with a potential breach. "This breaks the mental model IR teams have when responding to leaked credentials," he says. "It's assumed that when you click 'Delete' or 'Revoke' that the credential no longer works. Now IR teams need to remember that for GCP credentials, a window exists when that 'Deleted' credential still works for attackers."

>

> To that end, Aikido recommended that security teams and IR personnel use a 30-minute window for Google API key deletions. Additionally, organizations should monitor their API requests by credential through the "Enabled APIs and services" portion of the GCP console, and review API requests by credential. "If you see unexpected usage from that credential after deletion, someone could be actively exploiting it," Leon wrote. Aikido reported the findings to Google, but the company closed the report as "won't fix," according to the blog post.



[1] https://www.darkreading.com/identity-access-management-security/google-api-keys-active-after-deletion

[2] https://www.aikido.dev/blog/google-api-keys-deletion

Canada's broadcast regulator says major streaming services such as Netflix [1]must contribute 15% of their Canadian revenues to Canadian and Indigenous content . "That's three times the five-per-cent initial contribution requirement the CRTC set out in 2024, which is being challenged in court by major streamers, including Apple and Amazon," reports Global News. "Contribution requirements for traditional broadcasters, which currently pay between 30 and 45 percent, will be lowered to 25 percent." From the report:

> "The total contributions are expected to stabilize the funding at more than $2 billion in support of Canadian and Indigenous content, such as French-language content and news," the regulator said in a press release. The CRTC made the decisions as part of its implementation of the Online Streaming Act, which the U.S. has identified as a trade irritant ahead of trade negotiations with Canada.

>

> The CRTC also set out rules on how the money must be spent for both streamers and broadcasters, including contributions toward production funds and direct spending on Canadian content. Most of the streamers' financial contributions can go toward content, though the CRTC is imposing rules on how that money must be spent for the largest streamers. For instance, streamers with Canadian revenues of more than $100 million annually must direct 30 percent of spending toward partnerships with Canadian broadcasters and independent producers. Large Canadian broadcasters will have to direct at least 15 percent of their contributions toward news.

>

> The new financial contribution rules apply to streamers and broadcasters with at least $25 million in annual Canadian broadcasting revenues. The decision covers audiovisual programming, meaning it affects traditional TV broadcasters and online services that stream television content. The regulator also said Thursday online streamers will have to take steps to ensure Canadian and Indigenous content is available and visible to audiences. "This will make it easier for people to find this content on the platforms they use, while giving broadcasters flexibility in how they meet the new expectations," the CRTC said in the release. Details of those requirements will be determined at a later time.



[1] https://slashdot.org/-https://globalnews.ca/news/11859450/online-streaming-act-canadian-content-crtc-rules/