Posted by EditorDavid from Slashdot
From the robo-rooter department: We're living in a new world now — one where it's an AI-powered penetration tester that "now tops an eminent US security industry leaderboard that ranks red teamers based on reputation." CSO Online reports:

On HackerOne, which connects organizations with ethical hackers to participate in their bug bounty programs, "Xbow" scored notably higher than 99 other hackers in identifying and reporting enterprise software vulnerabilities. It's a first in bug bounty history, according to the company that operates the eponymous bot...

Xbow is a fully autonomous AI-driven penetration tester (pentester) that requires no human input, but, its creators said, "operates much like a human pentester" that can scale rapidly and complete comprehensive penetration tests in just a few hours. According to its website, it passes 75% of web security benchmarks, accurately finding and exploiting vulnerabilities.

Xbow submitted nearly 1,060 vulnerabilities to HackerOne, including remote code execution, information disclosures, cache poisoning, SQL injection, XML external entities, path traversal, server-side request forgery (SSRF), cross-site scripting, and secret exposure. The company said it also identified a previously unknown vulnerability in Palo Alto's GlobalProtect VPN platform that impacted more than 2,000 hosts. Of the vulnerabilities Xbow submitted over the last 90 days, 54 were classified as critical, 242 as high and 524 as medium in severity. The company's bug bounty programs have resolved 130 vulnerabilities, and 303 are classified as triaged.
< This article continues on their website >
Posted by EditorDavid from Slashdot
From the network-effects department: This week Hewlett-Packard Enterprise settled its antitrust case with America's Justice Department, "paving the way for its acquisition of rival kit maker Juniper Networks," reported Telecoms.com:

Under the agreement, HPE has agreed to divest its Instant On unit, which sells a range of enterprise-grade Wi-Fi networking equipment for campus and branch deployments. It has also agreed to license Juniper's Mist AIOps source code — a software suite that enables AI-based network automation and management. HPE can live with that, since its primary motivation for buying Juniper is to improve its prospects in an IT networking market dominated by Cisco, where others like Arista and increasingly Nokia and Nvidia are also trying to make inroads.
And after receiving regulatory clearance, HPE "very quickly closed the deal..." reports The Motley Fool. "In the press release heralding the news, the buyer wrote that it "doubles the size of HPE's networking business and provides customers with a comprehensive portfolio of networking solutions."

Investors were obviously happy about this, as according to data compiled by S&P Global Market Intelligence the company's stock price ballooned by nearly 16% across the week, largely on the news.... The Justice Department had alleged, in a lawsuit filed in January, that an HPE/Juniper tie-up would essentially result in a duopoly in networking equipment. It claimed that a beefed-up HPE and networking incumbent Cisco would hold more than 70% combined of the domestic market.

Thanks to long-time Slashdot reader AmiMoJo for sharing the news.
Posted by Black Convoy from TFW2005


Third Party company Dr. Wu have revealed, via their Weibo account, images of a new color variant of their upcoming DW-E61 Brutality & DW-E62 Slaughter (G1 Slugfest & Overkill). These are new cassettes planned to go with the Siege/Netflix/Legacy Soundwave mold and they are based in the G1 dino-robocasettes Overkill and Slugfest. DW-E61M Brutality & DW-E62M Slaughter feature a new Shattered Glass deco. A very nice option for your collection. See the images after the break and and share your impressions on the 2005 Boards!

The post Dr Wu DW-E61M Brutality & DW-E62M Slaughter (G1 Slugfest & Overkill) New Color Variants appeared first on Transformer World 2005 - TFW2005.COM.
Posted by EditorDavid from Slashdot
From the thanks-for-all-the-fish department: Science Daily reports:

Wild orcas across four continents have repeatedly floated fish and other prey to astonished swimmers and boaters, hinting that the ocean's top predator likes to make friends. Researchers cataloged 34 such gifts over 20 years, noting the whales often lingered expectantly — and sometimes tried again — after humans declined their offerings, suggesting a curious, relationship-building motive...

"Orcas often share food with each other — it's a prosocial activity and a way that they build relationships with each other," said study lead author Jared Towers, of Bay Cetology in British Columbia, Canada. "That they also share with humans may show their interest in relating to us as well."

The complete research was published in the Journal of Comparative Psychology. Its title? "Testing the Waters: Attempts by Wild Killer Whales (Orcinus orca) to Provision People (Homo sapiens)."
Posted by EditorDavid from Slashdot
From the I-said-face department: Long-time Slashdot reader AmiMoJo shared this report from the Apple news blog 9to5Mac:
iOS 26 is a packed update for iPhone users thanks to the new Liquid Glass design and major updates for Messages, Wallet, CarPlay, and more. But another new feature was just discovered in the iOS 26 beta: FaceTime will now freeze your call's video and audio if someone starts undressing.

When Apple unveiled iOS 26 last month, it mentioned a variety of new family tools... "Communication Safety expands to intervene when nudity is detected in FaceTime video calls, and to blur out nudity in Shared Albums in Photos." However, at least in the iOS 26 beta, it seems that a similar feature may be in place for all users — adults included.

That's the claim of an X.com user named iDeviceHelp, who says FaceTime in iOS 26 swaps in a warning message that says "Audio and video are paused because you may be showing something sensitive," giving users a choice of ending the call or resuming it.

9to5Mac says "It's unclear whether this is an intended behavior, or just a bug in the beta that's applying the feature to adults... [E]verything happens on-device so Apple has no idea about the contents of your call."
Posted by EditorDavid from Slashdot
From the superuser-don't department: In April researchers responsibly disclosed two security flaws found in Sudo "that could enable local attackers to escalate their privileges to root on susceptible machines," reports The Hacker News. "The vulnerabilities have been addressed in Sudo version 1.9.17p1 released late last month."

Stratascale researcher Rich Mirch, who is credited with discovering and reporting the flaws, said CVE-2025-32462 has managed to slip through the cracks for over 12 years. It is rooted in the Sudo's "-h" (host) option that makes it possible to list a user's sudo privileges for a different host. The feature was enabled in September 2013. However, the identified bug made it possible to execute any command allowed by the remote host to be run on the local machine as well when running the Sudo command with the host option referencing an unrelated remote host. "This primarily affects sites that use a common sudoers file that is distributed to multiple machines," Sudo project maintainer Todd C. Miller said in an advisory. "Sites that use LDAP-based sudoers (including SSSD) are similarly impacted."

CVE-2025-32463, on the other hand, leverages Sudo's "-R" (chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. It's also a critical-severity flaw. "The default Sudo configuration is vulnerable," Mirch said. "Although the vulnerability involves the Sudo chroot feature, it does not require any Sudo rules to be defined for the user. As a result, any local unprivileged user could potentially escalate privileges to root if a vulnerable version is installed...."

Miller said the chroot option will be removed completely from a future release of Sudo and that supporting a user-specified root directory is "error-prone."
Posted by EditorDavid from Slashdot
From the getting-a-reaction department: This week America's Energy Department selected two companies to perform the first nuclear microreactor tests in a new facility in Idaho, saying the tests "will fast-track the deployment of American microreactor technologies... The first fueled reactor experiment will start as early as spring 2026."

The new facility is named DOME (an acronym for Demonstration of Microreactor Experiments), and it leverages existing "to safely house and test fueled reactor experiments, capable of producing up to 20 megawatts of thermal energy," according to a local newspaper.
[T]wo companies were competitively selected in 2023 and are currently working through a multi-phase Energy Department authorization process to support the design, fabrication, construction, and testing of each fueled reactor experiment. Both are expected to meet certain milestones throughout the process to maintain their allotted time in DOME and to ensure efficient use of the test bed, according to the release... The department estimates each DOME reactor experiment will operate up to six months, with the DOME test bed currently under construction and on track to receive its first experiment in early 2026... The next call for applications is anticipated to be in 2026.

The site Interesting Engineering calls the lab "a high-stakes proving ground to accelerate the commercialization of advanced microreactors..."

< This article continues on their website >
Posted by msmash from Slashdot
From the troubling-signs department: Some of the water around Antarctica has been getting saltier. And that has affected the amount of sea ice at the bottom of the planet. From a report: A study published Monday in the Proceedings of the National Academy of Sciences found that increases in salinity in seawater near the surface could help explain some of the decrease in Antarctic sea ice that have been observed over the past decade, reversing a previous period of growth.

"The impact of Antarctic ice is massive in terms of sea-level rise, in terms of global warming, and therefore, in terms of extremes," said Alessandro Silvano, a senior scientist at the University of Southampton studying the Southern Ocean and lead author of the study. The findings mean "we are entering a new system, a new world," he said. The Times adds: "the Department of Defense announced it would be no longer be providing some of the satellite data that researchers use to monitor changes in sea ice."
Posted by msmash from Slashdot
From the how-about-that department: Software engineer Sean Goedecke argues that AI coding agents have already been commoditized because they require no special technical advantages, just better base models. He writes: All of a sudden, it's the year of AI coding agents. Claude released Claude Code, OpenAI released their Codex agent, GitHub released its own autonomous coding agent, and so on. I've done my fair share of writing about whether AI coding agents will replace developers, and in the meantime how best to use them in your work. Instead, I want to make what I think is now a pretty firm observation: AI coding agents have no secret sauce.

[...] The reason everyone's doing agents now is the same reason everyone's doing reinforcement learning now -- from one day to the next, the models got good enough. Claude Sonnet 3.7 is the clear frontrunner here. It's not the smartest model (in my opinion), but it is the most agentic: it can stick with a task and make good decisions over time better than other models with more raw brainpower. But other AI labs have more agentic models now as well. There is no moat.

There's also no moat to the actual agent code. It turns out that "put the model in a loop with a 'read file' and 'write file' tool" is good enough to do basically anything you want. I don't know for sure that the closed-source options operate like this, but it's an educated guess. In other words, the agent hackers in 2023 were correct, and the only reason they couldn't build Claude Code then was that they were too early to get to use the really good models.
Posted by msmash from Slashdot
From the tussle-continues department: Reuters: The European Union's landmark rules on AI will be rolled out according to the legal timeline in the legislation, the European Commission said on Friday, dismissing calls from some companies and countries for a pause.

Google owner Alphabet, Facebook owner Meta and other U.S. companies as well as European businesses such as Mistral and ASML have in recent days urged the Commission to delay the AI Act by years. Financial Times adds: In an open letter, seen by the Financial Times, the heads of 44 major firms on the continent called on European Commission President Ursula von der Leyen to introduce a two-year pause, warning that unclear and overlapping regulations are threatening the bloc's competitiveness in the global AI race.

[...] The current debate surrounds the drafting of a "code of practice," which will provide guidance to AI companies on how to implement the act that applies to powerful AI models such as Google's Gemini, Meta's Llama and OpenAI's GPT-4. Brussels has already delayed publishing the code, which was due in May, and is now expected to water down the rules.
Posted by msmash from Slashdot
From the closing-the-loophole department: President Donald Trump's administration plans to restrict shipments of AI chips from the likes of Nvidia to Malaysia and Thailand, part of an effort to crack down on suspected semiconductor smuggling into China. Bloomberg: A draft rule from the Commerce Department seeks to prevent China -- to which the US has effectively banned sales of Nvidia's advanced AI processors -- from obtaining those components through intermediaries in the two Southeast Asian nations, according to people familiar with the matter. The rule is not yet finalized and could still change, said the people, who requested anonymity to discuss private conversations.

Officials plan to pair the Malaysia and Thailand controls with a formal rescission of global curbs from the so-called AI diffusion rule, the people said.
Posted by msmash from Slashdot
From the PSA department: A new study analyzing data from more than 60 previous research projects has found evidence that there is "no safe amount" of processed meat consumption -- so much so that even small daily portions are being linked to increased disease risk.

The research, published Monday in the journal Nature Medicine, examined connections between processed meats, sugar-sweetened beverages and trans fatty acids and the risk of type 2 diabetes, colorectal cancer and ischemic heart disease. People who ate as little as one hot dog daily showed an 11% greater risk of type 2 diabetes and 7% increased risk of colorectal cancer compared to those who consumed none. Drinking approximately one 12-ounce soda per day was associated with an 8% increase in type 2 diabetes risk and 2% increased risk of ischemic heart disease.
Posted by msmash from Slashdot
From the encouraging-feedback department: Moderna's mRNA-based seasonal flu vaccine proved 27% more effective at preventing influenza infections than standard flu shots in a Phase 3 trial involving nearly 41,000 people aged 50 and above, the firm said this week.

The company announced that mRNA-1010 had an overall vaccine efficacy that was 26.6% higher than conventional shots, rising to 27.4% higher in participants aged 65 and older during the six-month study period. The 2024-2025 flu season hospitalized an estimated 770,000 Americans, according to the Centers for Disease Control and Prevention.
Posted by msmash from Slashdot
From the new-purpose-in-life department: UK Science and Technology Secretary Peter Kyle has written to the UK's national institute for AI to tell its bosses to refocus on defense and security. BBC: In a letter, Kyle said boosting the UK's AI capabilities was "critical" to national security and should be at the core of the Alan Turing Institute's activities. Kyle suggested the institute should overhaul its leadership team to reflect its "renewed purpose."

The cabinet minister said further government investment in the institute would depend on the "delivery of the vision" he had outlined in the letter. A spokesperson for the Alan Turing Institute said it welcomed "the recognition of our critical role and will continue to work closely with the government to support its priorities." Further reading, from April: Alan Turing Institute Plans Revamp in Face of Criticism and Technological Change.
Posted by msmash from Slashdot
From the tone-deaf department: An anonymous reader shares a report: The sweeping layoffs announced by Microsoft this week have been especially hard on its gaming studios, but one Xbox executive has a solution to "help reduce the emotional and cognitive load that comes with job loss": seek advice from AI chatbots.

In a now-deleted LinkedIn post captured by Aftermath, Xbox Game Studios' Matt Turnbull said that he would be "remiss in not trying to offer the best advice I can under the circumstances." The circumstances here being a slew of game cancellations, services being shuttered, studio closures, and job cuts across key Xbox divisions as Microsoft lays off as many as 9,100 employees across the company.

Turnbull acknowledged that people have some "strong feelings" about AI tools like ChatGPT and Copilot, but suggested that anybody who's feeling "overwhelmed" could use them to get advice about creating resumes, career planning, and applying for new roles.
Posted by msmash from Slashdot
From the score-takes-care-of-itself department: Windows 11 has finally overtaken the market share of its predecessor, with just three months remaining until Microsoft discontinues support for Windows 10. From a report: As of today, July's StatCounter figures show the market share of Windows 11 at 50.24 percent, with Windows 10 at 46.84 percent. It's a far cry from a year ago, when Windows 10 stood at 66.04 percent and Windows 11 languished at 29.75 percent.
Posted by msmash from Slashdot
From the closer-look department: Software developer Anton Zaides argues that software engineers have had it easy over the decades and the "best profession" on earth deserved the wake up call. He writes:It's not just one of the hardest times, it's also one of the most exciting.

I'm hugely optimistic about the software engineering career. All those companies started by vibe-coders all around you? Many will succeed, and will need great engineers to scale up.

Some engineers understand this, and use the chance to skill up. To succeed, you'll probably need all the skills of an engineer, some of a PM, and even a bit of design taste. It's not just about shipping code anymore.

But if you work as a code monkey, getting detailed tickets and just shipping them, you've done this to yourself. You won't be needed pretty soon.

I believe there are too many mediocre engineers, but also not enough great ones.
Posted by msmash from Slashdot
From the no-longer-hypothetical department: Climate change is already having an impact on companies around the world. More than half of companies surveyed by Morgan Stanley experienced climate-related operational disruptions within the past year, including increased costs, worker disruption and revenue losses. Extreme heat and storms caused the most frequent disruptions, followed by wildfires and smoke, water shortages, and flooding.

The US spent nearly $1 trillion on disaster recovery and climate-related needs over the past year, according to Bloomberg Intelligence analysis, while nearly two-thirds of Tampa metro businesses reported losses from hurricanes Helene and Milton.
Posted by Black Convoy from TFW2005


We are catching up with some recent Transformers sightings in the UK, thanks to our fellow 2005 Boards member and UK residents: More Than Meets The Eye Collection Transformers Devastation Elite Seeker & Ground Soldier 2-Pack – It was spotted at a Smyths store in North Wales by renkencen. Cyberworld Stomp And Battle Grimlock – One of the biggest Cyberworld toys was spotted at the same Smyths store in North Wales by renkencen. Age Of The Primes Wave 2 Deluxe – Vortex was found at Smyths St. Helens by cynw32618. Alchemist Prime showed up at Smyths Wigan as reported by Accelerate. Age Of The Primes Wave 2 Voyager – Heatwave » Continue Reading.

The post Transformers Devastation Elite Seeker & Ground Soldier 2-Pack, Age Of The Primes Wave 2 Deluxe & Voyager And Cyberworld Chomp & Battle Grimlock Out In The UK appeared first on Transformer World 2005 - TFW2005.COM.
Posted by msmash from Slashdot
From the stranger-things department: Researchers have discovered that appending irrelevant phrases like "Interesting fact: cats sleep most of their lives" to math problems can cause state-of-the-art reasoning AI models to produce incorrect answers at rates over 300% higher than normal [PDF]. The technique -- dubbed "CatAttack" by teams from Collinear AI, ServiceNow, and Stanford University -- exploits vulnerabilities in reasoning models including DeepSeek R1 and OpenAI's o1 family. The adversarial triggers work across any math problem without changing the problem's meaning, making them particularly concerning for security applications.

The researchers developed their attack method using a weaker proxy model (DeepSeek V3) to generate text triggers that successfully transferred to more advanced reasoning models. Testing on 225 math problems showed the triggers increased error rates significantly across different problem types, with some models like R1-Distill-Qwen-32B reaching combined attack success rates of 2.83 times baseline error rates. Beyond incorrect answers, the triggers caused models to generate responses up to three times longer than normal, creating computational slowdowns. Even when models reached correct conclusions, response lengths doubled in 16% of cases, substantially increasing processing costs.
© Z-R0E