Unix

FreeBSD Foundation Executive Director Tries Daily Driving FreeBSD On Laptop (phoronix.com) 66

Phoronix reports on a presentation about trying FreeBSD on modern Framework laptop from last week's Open Source Summit hosted by the Linux Foundation: With FreeBSD having worked on improving its laptop support over the past two years with some big changes and ongoing efforts for making a nice KDE desktop experience on FreeBSD, FreeBSD Foundation's Executive Director has been trying to daily drive FreeBSD on laptops...

With the Framework Laptop, the touchscreen "just worked" as did other basic functionality from the KDE desktop on FreeBSD, including peripherals like a wireless mouse. Among the challenges were Zoom failing for video calls but eventually working, the web camera took steps to enable, and Microsoft Teams only partially worked. With the help of online resources, ultimately she was able to succeed in her journey of running FreeBSD daily on a laptop.

The Internet

'Underminr' CDN Vulnerability Hides Malicious Traffic Behind Trusted Domains (securityweek.com) 20

Slashdot reader wiredmikey writes: Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Researchers say the vulnerability could impact roughly 88 million domains and can bypass DNS filtering and protective DNS controls, potentially enabling stealthy command-and-control communications and other evasive attacks.
Dubbed "Underminr," the exploit "presents the SNI and HTTP Host of a domain," writes SecurityWeek, "while forcing a request to the IP address of another tenant on the same shared edge." The mismatch, ADAMnetworks reports, has been exploited in attacks targeting large-scale hosting providers, including those that have implemented mitigations against domain fronting...

Threat actors' increased reliance on AI is expected to lead to a surge in attacks. "Once Underminr becomes parametric information for AI-generated malware, we could expect to see it in every attack that needs to evade protective DNS as part of the attack chain," ADAMnetworks CEO David Redekop says.

Transportation

Tesla's Electric Cybercab is Certified as the Most Efficient EV Ever (electrek.co) 124

Tesla's upcoming Cybercab "has been certified at 165 Wh/mi," reports Electrek — which makes it "the most efficient electric vehicle ever produced — by a wide margin."

The next most efficient EV on the market, the Lucid Air Pure, consumes 28% more energy per mile. Tesla VP of Vehicle Engineering Lars Moravy confirmed the figure, which represents a certified rating — not a marketing claim or internal target.

It's an impressive achievement, but it comes with a massive asterisk: Tesla accomplished this by building a tiny two-seat robotaxi with no steering wheel, no pedals, and a sub-50 kWh battery pack... Even Tesla's own Model 3 — one of the most efficient passenger EVs you can buy — needs nearly a third more energy to cover the same distance... Where the 165 Wh/mi figure genuinely matters is in the economics of running a robotaxi fleet. Energy cost per mile is one of the biggest operating expenses for any ride-hailing service, and the Cybercab's efficiency gives Tesla a structural cost advantage over competitors...

The small battery pack also means faster charging times and lower per-vehicle battery costs — both critical for fleet economics. Tesla has said the Cybercab will cost $30,000, and the efficient powertrain is a big part of hitting that price target. Tesla confirmed Cybercab production has started at Giga Texas in April, though the ramp is expected to be slow initially. The company still hasn't solved unsupervised autonomous driving — the first steering wheel-less unit rolled off the line in February, but Tesla's supervised robotaxi fleet currently crashes at roughly four times the rate of human drivers.

Transportation

Air France, Airbus Guilty of Corporate Manslaughter In 2009 Air France 447 Crash (bbc.com) 43

Long-time Slashdot reader UnknowingFool shares this report from the BBC: Air France and Airbus have been found guilty of manslaughter over a 2009 plane crash which killed 228 people. The Paris Appeals Court found the airline and aircraft manufacturer "solely and entirely responsible" for the incident, in which flight AF447 from Rio de Janeiro to Paris crashed into the Atlantic Ocean. The passenger jet stalled during a storm and plunged into the water, killing all on board. A court had previously cleared the companies in April 2023, but they were found guilty on Thursday after an eight-week trial.

Both have repeatedly denied the charges and say they will appeal... The companies have been asked to pay the maximum fine — €225,000 ($261,720; £194,500) each — but some victims' families have criticised the amount as a token penalty...

In 2012, French investigators found a combination of technical failure involving ice in the plane's sensors and the pilots' inability to react to the aircraft stalling led to it plunging into the sea. The captain was on a break when the co-pilots became confused by faulty air-speed readings. They then mistakenly pointed the nose of the plane upwards when it stalled, instead of down. Investigators concluded the co-pilots did not have the training to deal with the situation. Pilot training has since been improved and the speed sensors replaced.

AI

Friday Google's AI-Powered Search Results Glitched on the Word 'Disregard' (techcrunch.com) 28

On Friday TechCrunch reported they could no longer Google the word "disregard".

Google's AI Overview responded "Understood. Let me know whenever you have a new prompt or question!" below an icon for hearing the word "disregard" pronounced — then displayed several inches of blank whitespace.

"The Merriam-Webster link is still in there, but you have to scroll..." Earlier this week, Google rolled out a completely new Search experience, foregrounding AI summaries and kicking the traditional "10 blue links" far down the page. But the sheer scale of Google Search means there are lots of edge cases that the company doesn't seem to have considered...

Google has been catching some flack on social media for this, and it's easy to see why... For most users, that single reply is the only thing you'll see. And crucially, the AI response serves no conceivable value to a user searching the word "disregard." It's just a broken tool.

Google appears to have fixed the issue — sort of.

Now Googling the word "disregard" brings up a list of news stories about how Google's AI Overviews misinterpreted the word disregard in search queries.
Google

Google API Keys Remain Active After Deletion (darkreading.com) 23

Aikido Security found that deleted Google API keys can continue authenticating for a median of about 16 minutes and as long as 23 minutes, despite Google Cloud's UI claiming that once a key is deleted it can no longer make API requests. Dark Reading reports: Joe Leon, researcher at Belgian startup Aikido Security, recently analyzed the revocation window -- the time between a key's deletion and its last successful authentication -- for the cloud giant's API keys. In a blog post published today, Leon said Google Cloud Platform (GCP) customers expect API access to end immediately after the key is deleted, but this is not the case. In a series of tests, Leon found that the median revocation window was around 16 minutes, while the longest window was up to 23 minutes, "an incredibly long time" for API keys to continue authenticating successfully, he said.

And these windows have serious repercussions for organizations. "An attacker holding your deleted key can keep sending requests until one reaches a server that has not caught up. If Gemini is enabled on the project, they can dump files you have uploaded and exfiltrate cached conversations," Leon said. "The GCP console will not show the key, and it will not tell you the key is still working. You are trusting Google's infrastructure to eventually catch up."

[...] Leon tells Dark Reading the revocation windows for Google's API keys, as well as the unpredictable authentication success rates, complicate matters for incident response teams that are dealing with a potential breach. "This breaks the mental model IR teams have when responding to leaked credentials," he says. "It's assumed that when you click 'Delete' or 'Revoke' that the credential no longer works. Now IR teams need to remember that for GCP credentials, a window exists when that 'Deleted' credential still works for attackers."

To that end, Aikido recommended that security teams and IR personnel use a 30-minute window for Google API key deletions. Additionally, organizations should monitor their API requests by credential through the "Enabled APIs and services" portion of the GCP console, and review API requests by credential. "If you see unexpected usage from that credential after deletion, someone could be actively exploiting it," Leon wrote. Aikido reported the findings to Google, but the company closed the report as "won't fix," according to the blog post.

Privacy

Venmo Redesign Makes New Users' Posts Friends-Only by Default (theverge.com) 10

Venmo is testing a major redesign that will make new users' payment posts viewable by their friends by default instead of being public. The Verge reports: It's a notable update for a platform that has struggled with privacy in the past. In 2021, BuzzFeed News tracked down President Joe Biden's Venmo account and the accounts of people in his inner circle because Venmo, at the time, had no way to keep your Venmo contacts private. It fixed that soon after.

As part of the redesign, if you're a new user and you do want your posts to be public (or private just to you), you'll be able to set that as part of the new onboarding flow. You can also change your preference in settings after the fact; an updated screen for sending money will also show if that post is private, visible just to friends, or is visible publicly before you make the transaction.

The Internet

Vivaldi 8.0 Arrives With 'Most Significant Design Overhaul' In Browser's History (neowin.net) 31

Vivaldi 8.0 is being pitched as the browser's "most significant design overhaul" yet, featuring a new unified, edge-to-edge interface, six preset layouts, and deeper customization across tabs, toolbars, panels, and themes. The company is also taking a swipe at rivals chasing questionable AI features. Neowin reports: After updating to version 8.0, Vivaldi will present you with the ability to select one of the six pre-built styles. You can select a minimal edge-to-edge theme, one with the UI fully hidden for focused work, or a power user variant with everything on the screen. The update comes with a built-in collection theme, and users are free to select one of over 7,000 community themes available on the official website.

Vivaldi says that while other browsers were busy adding questionable AI features, it focused on "a foundation that no other browser can match" with flexible tab management, built-in productivity tools, and advanced customization. At the same time, Vivaldi does not force the new design onto its users, so those who prefer the previous user interface can go back to it at any moment in settings.
"With 8.0, we have done something we have been working toward for a long time: we have given the browser itself a visual system worthy of everything it can do," says Vivaldi's CEO and co-founder, Jon Stephenson von Tetzchner. "With this update Vivaldi feels like one considered, coherent tool."

You can download Vivaldi 8.0 and view the changelog at their respective links.
Government

US To Award $2 Billion To Quantum Companies, Take Equity Stakes (thequantuminsider.com) 45

An anonymous reader quotes a report from the Quantum Insider: The Trump administration is preparing a new round of industrial policy aimed at quantum computing, with roughly $2 billion in grants expected to go to nine companies developing quantum hardware and related technologies. According to Reuters, citing a Wall Street Journal report, the U.S. Department of Commerce plans to distribute the funding through deals that also give the federal government equity stakes in the companies receiving the awards. The approach would expand Washington's increasingly direct involvement in sectors viewed as strategically important to national security, advanced manufacturing and competition with China.

Reuters reported that IBM is expected to receive the largest share of the package at about $1 billion. Semiconductor manufacturer GlobalFoundries is slated to receive approximately $375 million, according to the report. Other recipients are expected to include D-Wave Quantum, Rigetti Computing, Quantinuum and Infleqtion, with each company potentially receiving around $100 million, Reuters reported. Australian quantum startup Diraq could receive about $38 million, according to the Wall Street Journal report cited by Reuters.
Fast Company notes in its reporting that IBM will invest the funds it receives into a new IBM company called Anderon. It will also match the grant with another $1 billion in cash.

"Anderon will operate as a state-of-the-art 300-millimeter quantum wafer foundry," IBM stated in an announcement. "It will help the nation solidify its leadership at the center of a thriving new quantum industry that is estimated to generate up to $850 billion in economic value by 2040 and spur American economic growth while also bolstering national security."

Quantum computing stocks soared after the news. As of publication, IBM is up about 9.7%, D-Wave is up about 28.1%, and Rigetti is up about 26.7%. Meanwhile, Global Foundries rose about 13.8% and Infleqtion jumped about 30.9%.
Transportation

Waymo Pauses Atlanta Service As Its Robotaxis Keep Driving Into Floods (techcrunch.com) 133

Waymo has paused service in Atlanta after one of its driverless cars entered a flooded street and got stuck. It follows a similar pause in San Antonio that prompted a recent software recall (PDF) over flood avoidance. TechCrunch reports: Waymo admitted that it hadn't finished developing a "final remedy" for avoiding flooded areas when it issued its software recall last week. Instead, the company said that it shipped an update to its fleet that placed "restrictions at times and in locations where there is an elevated risk of encountering a flooded, higher-speed roadway," according to documents released by the National Highway Traffic Safety Administration (NHTSA).

But even those precautions apparently were not enough to stop the Waymo robotaxi from entering the flooded intersection in Atlanta. Waymo told TechCrunch on Thursday that the storm in Atlanta produced so much rainfall that flooding was happening before the National Weather Service had issued a flash flood warning, watch, or advisory. The company said its fleet those alerts are part of a larger set of signals it relies on to prepare the vehicles for poor weather.

Piracy

Anna's Archive Hit With Global Domain Takedown Order (torrentfreak.com) 54

An anonymous reader quotes a report from TorrentFreak: A coalition of thirteen major publishers has won a massive $19.5 million default judgment against shadow library Anna's Archive. A New York federal judge fully approved the publishers' requests, issuing a broad permanent injunction that orders more than twenty specific global registries, hosts, and service providers to immediately disable the site's remaining domains. [...] At first glance, the damages award is the headline figure. Judge Rakoff granted the maximum statutory damages of $150,000 for each of the 130 "Works in Suit." This brings the final damages bill amount to a staggering $19,500,000. However, as with the $322 million judgment won by the music industry against Anna's Archive in the related Spotify case, it's highly unlikely that this money will be recouped.

For now, the operators of Anna's Archive remain strictly anonymous, which doesn't help either. The default judgment (PDF) addresses this and requires the operators to unmask their identities and provide a sworn statement with valid contact information to the court within 10 days. However, since the operators have previously stated they hide their identities to avoid "decades of prison time," it is safe to assume that the operators will simply ignore this request. The true power of this default judgment lies in the permanent injunction. Anna's Archive is known to evade enforcement and change domain names when needed, so the injunction targets the technical intermediaries that keep the site online.

Specifically, the injunction orders "all domain name registries and registrars of record" to permanently disable access to Anna's Archive's domains and prevent their transfer to anyone other than the publishers or the music industry plaintiffs in the related case. In addition to domain name services, the order also extends to international hosting providers, who are also ordered to stop working with the site. Leaving no room for interpretation, the order specifically names more than twenty companies and organizations. This includes familiar names like Cloudflare, Njalla, and DDOS-Guard, as well as the domain name registries of the site's current active domains [...]. The names include some intermediaries that were already listed in the Spotify default judgment, as well as new ones.

Android

Google's AI Studio Now Lets Anyone Build Android Apps In Minutes (techcrunch.com) 40

An anonymous reader quotes a report from TechCrunch: The AI coding boom is now coming directly for Android app development. On Tuesday at Google IO 2026, the company announced new native Android app creation capabilities in its web-based Google AI Studio, shrinking a process that takes weeks of setup and coding down to minutes. The company also said that consumers will be able to use Gemini AI to find the apps they need, both on the Play Store and the web, expanding opportunities for developers to have their apps discovered.

Google says the new capabilities could make sense for anyone from a seasoned developer looking to prototype a new app quickly to a first-time creator. [...] The apps are built with the Kotlin programming language using Google's Jetpack Compose toolkit and with support integration with hardware sensors like GPS, Bluetooth, and NFC, the company says. However, the resulting creations, for now, are only meant to be used personally, as publishing for family and friends is still on the roadmap. The company suggests the technology could be used for the creation of personal utilities and simple social apps, hardware-enabled experiences, or AI-powered experiences.
Google is also adding an "Ask Play" AI overlay to the Play Store that lets users discover apps through natural-language conversations. "Perhaps more importantly, apps will begin to be surfaced with users' conversations with Google's Gemini virtual assistant, exposing developers' apps to millions of users," adds TechCrunch.
Google

Google Accused of Pushing 'Free For Life' G Suite Users Onto Paid Plans (theregister.com) 69

Google is again pressuring some longtime G Suite Legacy users to move onto paid Workspace plans, warning that accounts flagged as "commercial use" could lose access to Gmail, Drive, Calendar, and other services if appeals fail. "The trouble, according to users, is that the appeals system appears about as transparent as a brick," adds The Register. From the report: A reader alerted The Register to what appears to be a new crackdown on long-standing G Suite Legacy accounts, with similar complaints now piling up on Reddit from users accused of violating Google's non-commercial use policy, despite insisting they use the accounts only for family email and personal domains. Reports have been stacking up on Reddit's r/gsuitelegacymigration subreddit from users who say their long-running personal G Suite Legacy accounts are suddenly being classified as "commercial use" accounts and pushed toward paid Google Workspace plans by May 2026. A lot of users have been through this before. Google spent part of 2022 trying to wind down free G Suite Legacy accounts, then changed course after users running family domains made enough noise. Now some of those same users are being told they have fallen outside Google's rules after all.

Emails seen by The Register warn users their accounts have been "identified as being used for commercial purposes" and say Google may start suspending Gmail, Calendar, Drive, Meet, and other Workspace services if they do not either win an appeal or begin paying for Workspace subscriptions. "Please upgrade to a paid Google Workspace subscription to continue using your services. Look out for a notification regarding the appeal process in Google Admin console or email," the email reads. "If you don't take action during your 45-day appeal period, Google will begin suspending your Google Workspace core services, including Gmail, Calendar, Drive, and Meet. As a result, you will lose access to these core services and data."
One wrongly-flagged user said the company reversed its decision after they filed a GDPR data request seeking evidence. Others were less fortunate, with some reporting that family-only custom domains were permanently classified as commercial despite failed appeals.
AI

Google Changes Its Search Box for the First Time in 25 Years (nytimes.com) 79

Google is giving its iconic search box its first major redesign since 2001. The new design incorporates, you guessed it, artificial intelligence, "getting bigger and more interactive so that people can ask even longer questions and upload photographs and videos into queries," reports the New York Times. "In addition, people can ask follow-up questions with a chatbot on Google's main search page." From the report: The company will also offer digital assistants, known as agents, to automate searches so that someone who may be apartment hunting can be notified of a new listing without opening a real estate site like Zillow. The search features will be powered by a new artificial intelligence model, Gemini 3.5 Flash. Google said the model had improved on creating software code and performing autonomous tasks, worked faster and was less expensive to run than comparable models.

[...] Google is also bringing one of A.I.'s biggest breakthroughs -- software coding -- to search. When people research complex topics like astrophysics, Gemini can build interactive graphics and simulations behind the scenes to provide a deeper answer than its previous listing of websites. Google said it was introducing an alternative to the agents powered by Anthropic's Claude Code and OpenAI's Codex. Called Gemini Spark, the service is embedded in Gmail, Docs and other Google products, where it can turn meeting notes spread across emails and chats into a single document. It can also read and draft emails.
"The open web is on its way out," says Richard Kramer, a financial analyst with Arete Research. "With A.I., Google is reducing everyone to raw data providers."
Intel

Microsoft Launches Surface Pro 12, Surface Laptop 8 With Intel Chips (theverge.com) 30

Microsoft is launching three new Intel-powered Surface devices for businesses: the Surface Pro 12, Surface Laptop 8, and a smaller 13-inch Surface Laptop model. These new machines come equipped with newer Intel chips, a few business-focused upgrades, and notably higher starting prices. "The high pricing of these three new Surface devices is a sign of things to come for whatever consumer models Microsoft is planning this year," notes The Verge. From the report: This time around Microsoft is refreshing its Surface Pro and Surface Laptop models with Intel's latest Core Ultra Series 3 processors first, ahead of similar models with Qualcomm's new Snapdragon X2 processors later this year. The new Surface Pro 12, or as Microsoft calls it the Surface Pro for Business 13-inch (12th Edition), will be available for businesses today, starting at an eye-watering $1,949.99. The base model will include an Intel Core Ultra 5 processor, 16GB of RAM, 256GB of storage, and the regular 13-inch PixelSense LCD display.

Businesses will have to pay extra for models with Intel's Core Ultra 7 processor, up to 64GB of RAM, and up to 1TB of storage. The top spec Surface Pro 12 with a Core Ultra 7, 64GB of RAM, and 1TB of storage will be priced at $4,399.99, and there are also OLED screen options and models with 5G connectivity. The Surface Pro 12 5G starts at $2,249.99, with a Core Ultra 5, 16GB of RAM, and 256GB of storage. [...] Microsoft is also launching two new versions of the Surface Laptop for businesses today. The Surface Laptop 8, or Surface Laptop for Business 13.8 or 15-inch (8th Edition) as Microsoft calls it, will also be available with a range of Intel's Core Ultra Series 3 chips. It launches alongside a smaller 13-inch model, which is confusingly labeled the Surface Laptop for Business 13-inch (1st Edition).

The 13.8-inch model starts at $1,949.99, and includes Intel's Core Ultra 5 processor, 16GB of RAM, and 256GB of storage. While Surface devices for businesses have typically had higher pricing than consumer models, the $1,949.99 starting price for a Surface Laptop 8 is almost double the original price of the Surface Laptop 7. RAMageddon really has come for Microsoft's Surface Pro and Surface Laptop devices, after recent price increases meant the existing consumer models are now $500 more expensive than their original starting price. The max configuration for the 13.8-inch Surface Pro 8 will include a Core Ultra 7, 64GB of RAM, and 1TB of storage for $4,299.99. A similar version of the 15-inch model (with an x7 processor) will be priced at $4,499.99.

Microsoft

Microsoft Surprises With Its First Server Linux Distribution: Azure Linux 4.0 (zdnet.com) 120

Microsoft is turning Azure Linux into a general-purpose, Fedora-based cloud distribution available to all Azure customers, while also productizing Flatcar as Azure Container Linux for immutable container hosts. "When Microsoft joined the Linux Foundation, there was this big conspiracy theory that somehow the Linux Foundation was undermining open source in partnership with Microsoft, and now you announce that you're shipping a Linux distribution," Jim Zemlin, the Linux Foundation's CEO, said in response to Microsoft's surprise announcement. "That's amazing." ZDNet reports: Until now, [Lachlan Everson, Microsoft's Principal Program Manager on Azure's open-source team] noted, "we had Azure Linux only available to third-party customers through AKS specifically, and that was Azure Linux 3.0." Going forward, this will be ACL. Everson emphasized that Azure Linux 4.0 is the culmination of years of internal usage and the evolution of the earlier Mariner distribution. "So we've been running Azure Linux for many years internally, and we got through to 3.0, and we only allowed it on as a container host on AKS. What we've done is make it a general-purpose, so this is all the learnings that we've had in the heritage of Mariner."

Under the hood, Azure Linux 4.0 is based on Fedora Linux and is delivered as an open distribution on GitHub. This code is available now. Yes, Red Hat knows that Microsoft has done this. Everson continued, "So, we made a decision to use Fedora as an upstream, so it's using RPMs in the Fedora ecosystem. Microsoft curates the packages and the supply chain to fit Azure's cloud platform." Microsoft also created "it to be purpose-built for Azure, which integrates vertically into all of our infrastructure to give you the best Azure Linux experience on Azure." While Azure Linux will ship as a VM image, Microsoft is already preparing a developer-friendly path onto Windows desktops: "And as of today, we have it as a VM image for your VM host on Azure. We're going to announce WSL images as well."

While developers will be able to run Azure Linux locally through WSL, Microsoft is not positioning it as a traditional desktop Linux. Asked whether he could run it on his laptop, Everson said: "I will be able to run it on my laptop, or what have you. Yes, on Windows 11." However, when pressed about a desktop experience, Everson was clear that there are "no plans" for a graphical environment. "It's optimized for server-side in the cloud," he said, adding that even on a developer machine, users should expect a lean environment. "Minimal packages, yeah. The idea is that we offer you a consistent experience to do your development on your machine, and that you can take your workloads as you develop them on your machine and run them with VS Code. You can run your applications on that, and know that the platform is the same that you're running on the cloud, so that you have that kind of consistency between environments."

Flatcar itself remains the upstream project, but Microsoft is packaging it for Azure customers. Everson described Flatcar as "purpose-built, immutable, secure by default, production-ready operating system, and Azure Container Linux is the productization of that, but we're still investing in the upstream Flatcar ecosystem and pulling that downstream into a productized exterior experience just for container workloads, so it's a container hosting in AKS." To underscore the immutable model, he added that "Everything's baked in, so there is no package manager. We bake the bits into the immutable, and they're in the immutable version. So Azure Container Linux is the immutable version. So you shouldn't be changing any system packages or any application packages. Anything that you need to change is customer workloads run in containers."

Businesses

Before Mass Layoffs, Meta Reassigns 7,000 Workers To Focus On AI 45

An anonymous reader quotes a report from the New York Times: Meta told employees on Monday that it was reassigning 7,000 workers to focus on new initiatives around artificial intelligence, the latest change in a company transformation spurred by the powerful technology. Employees will be moved to four new organizations focused on building new A.I. tools and apps, Janelle Gale, Meta's head of human resources, said in an internal memo. The organizations will use "A.I. native design structures" and have fewer managers per employee than other parts of the company, she said, adding that company leaders will send details about the new roles on Wednesday. The restructuring "will make us more productive and make the work more rewarding," Ms. Gale wrote. Meta declined to comment further on the changes. The move comes shortly before Meta begins laying off roughly 8,000 employees, or 10 percent of its work force. Ms. Gale also mentioned Wednesday's layoffs in her memo. "We know days like this are extremely hard, and we appreciate you showing up for each other," Ms. Gale said.

According to the NYT, employees have been asked to work remotely that day and emails about the layoffs would be sent at 4 a.m. local time. Employees in the United States will receive 16 weeks of severance pay, along with two extra weeks for every year they worked at Meta.
Communications

Europe Tests Laser Links As Satellite Comms Outgrow Radio (theregister.com) 40

Europe is testing laser-based satellite communications through a new mountaintop ground station in Greece, aiming to deliver faster, more secure links than traditional radio systems as bandwidth demand grows. The Register reports: Lithuanian space and defense biz Astrolight says that it has commissioned a new optical ground station in Greece that will support ESA-backed CubeSat missions testing laser-based communications between satellites and Earth. The Holomondas Optical Ground Station was built through the PeakSat project, led by the Aristotle University of Thessaloniki with backing from the European Space Agency and Greece's Ministry of Digital Governance. Its job is to receive data from satellites via infrared laser links rather than the radio systems that space operators have relied on for decades.

PeakSat and ERMIS-3, two Greek CubeSats launched in March under ESA's wider Greek IOD/IOV mission program, both carry Astrolight's ATLAS-1 optical communication terminal. Astrolight also built the ground segment, giving the project a fully integrated end-to-end optical communications setup. [...] The company says the station uses an 808-nanometer laser beacon and an optical C-band receiver capable of receiving data at up to 2.5 Gbps. Unlike traditional RF systems, optical links use tightly focused infrared beams that are harder to intercept or jam while also supporting significantly higher throughput.

United States

FBI Wants to Buy Nationwide Access to License Plate Readers (404media.co) 101

The FBI is seeking up to $36 million for nationwide access to automated license plate reader (ALPRs) data, which could let it query vehicle movements across the U.S. and its territories through a commercial database. 404 Media reports: "The FBI has a crucial need for accessible LPRs to provide a diverse and reliable range of collections across the United States. This data should be available across major highways and in an array of locations for maximum usefulness to law enforcement," a statement of work, which describes what data the FBI is seeking access to, reads. ALPR cameras generally work by constantly scanning the color, brand, model, and license plate of vehicles that drive by. This creates a timestamped record of where a particular vehicle was at a specific time that law enforcement can then query, effectively letting them see exactly where someone drove across time. The technology has existed for decades, but has become more pervasive in recent years.

The FBI says it is looking for a vendor that will let it log into a Software-as-a-Service system and then query the collected ALPR data with license plate information, a description of the vehicle, a time or date, and geolocation information. The FBI says it is looking for ALPR coverage in the following areas: Eastern 48 (East of the Mississippi River); Western 48 (West of the Mississippi River); Hawaii; Puerto Rico; Alaska; and outlying areas such as Guam, the U.S. Virgin Islands, or Tribal Territories. In effect, the FBI is looking for ALPR data nationwide and even beyond. An attached price template indicates the FBI is willing to pay $6 million for each of those broad areas, bringing the total to $36 million.

The FBI says it intends to award the contract to a single vendor, but if any such vendor is unable to fulfill all of the requirements, the agency may award the contract to up to two vendors. The contract is specifically for the FBI's Directorate of Intelligence, which oversees the agency's intelligence mission. The FBI is not only a law enforcement agency, but also part of the Intelligence Community.
The report notes that the contract appears aimed at vendors like Flock or Motorola Solutions, since they're some of the only companies able to provide the sort of data the FBI is seeking.

Further reading: Small Town Fights Over Flock's AI-Enhanced Network of License Plate-Reading Cameras
Security

New Windows 'MiniPlasma' Zero-Day Exploit Gives SYSTEM Access, PoC Released (bleepingcomputer.com) 32

A researcher known as Chaotic Eclipse has released a proof-of-concept exploit for a new Windows zero-day dubbed MiniPlasma, which BleepingComputer confirmed can grant SYSTEM privileges on fully patched Windows 11 systems. The researcher claims the bug is effectively a still-exploitable version of a 2020 flaw Microsoft said it had fixed. From the report: At the time, the flaw was assigned the CVE-2020-17103 identifier and reportedly fixed in December 2020. "After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched," explains Chaotic Eclipse. "I'm unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes."

BleepingComputer tested the exploit on a fully patched Windows 11 Pro system running the latest May 2026 Patch Tuesday updates. In our test, we used a standard user account, and after running the exploit, it opened a command prompt with SYSTEM privileges, as shown in the image [here]. Will Dormann, principal vulnerability analyst at Tharros, also confirmed the exploit works in his tests on the latest public version of Windows 11. However, he said that the flaw does not work in the latest Windows 11 Insider Preview Canary build.

The exploit appears to abuse how the Windows Cloud Filter driver handles registry key creation through an undocumented CfAbortHydration API. Forshaw's original report said that the flaw could allow arbitrary registry keys to be created in the .DEFAULT user hive without proper access checks, potentially enabling privilege escalation. While Microsoft reports having fixed the bug as part of its December 2020 Microsoft Patch Tuesday, Chaotic Eclipse now claims the vulnerability can still be exploited.

Slashdot Top Deals