Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
A vulnerability dubbed HollowByte allows unauthenticated attackers to trigger a denial-of-service (DoS) condition on OpenSSL servers with a malicious payload of just 11 bytes.
The OpenSSL team has silently fixed the vulnerability (no identifier assigned) and backported the patch to older releases.
Because the OpenSSL software is the foundational backbone for secure internet communication, organizations should prioritize switching to a fixed version of the library.
In an advisory earlier this week, Okta’s Red Team described how the HollowByte DoS vulnerability works and its impact in a real-world scenario.
The researchers explain that in a TLS handshake, each message has a 4-byte header for declaring the size of the incoming message. However, vulnerable OpenSSL versions allocate the declared length before receiving the payload and checking its size.
Every TLS handshake message begins with a 4-byte handshake header, where a three-byte length field discloses the size of the handshake data that should follow.
Without validating the payload, the server trusts the packet’s claims and allocates the indicated memory. “The worker thread then blocks, waiting indefinitely for data that will never arrive,” Okta explains.
An unauthenticated attacker can trigger HollowByte by opening a TLS connection and sending an 11-byte malicious input with a header declaring that a much larger message body will follow.
The attacker repeats the same process across multiple connections, causing the server to allocate considerable amounts of memory via a relatively small volume of transmitted data.
Okta researchers note that while OpenSSL frees the buffers when a connection drops, the GNU C Library (glibc) has a different way to handle memory and “does not immediately return small-to-medium allocations to the operating system; it keeps them for potential reuse.”
“By launching waves of connections with randomized claimed sizes, an attacker prevents the allocator from reusing those freed chunks,” Okta says.
“The heap fragments heavily, causing the server’s Resident Set Size (RSS) to climb continuously. Even after the attacker disconnects, the server remains permanently bloated.”
The only way to fully reclaim the space is by restarting the process.
The open-source OpenSSL library is embedded in popular software projects such as NGINX and Apache web servers, language runtimes (e.g., Node.js, Python, Ruby, PHP), and databases (MySQL, PostgreSQL). It comes pre-installed on most Linux distributions for TLS encryption and certificate handling.
In Okta’s tests on NGINX showed that low-capacity environments can be easily depleted of memory using HollowByte, while higher-spec servers may lose up to 25% of their memory while the attack bandwidth remains below security alerting thresholds.
Although DoS flaws are considered less severe than vulnerabilities that enable data theft or code execution, they can cause operational disruptions and reputational damage.
The HollowByte DoS issue has been fixed in OpenSSL 4.0.1 and backported to versions 3.6.3, 3.5.7, 3.4.6, and 3.0.21, which now grow the buffer only when the data arrives, ignoring header claims.
Despite being addressed as a “hardening fix” and not a security vulnerability, Okta recommends “upgrading your distribution’s OpenSSL packages immediately.”
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Linus Torvalds says the Linux kernel will not ban AI-assisted coding tools, and if anti-AI absolutists have a problem with that, they can “fork it” or “walk away.” An anonymous reader quotes a report from Ars Technica: Writing in a lengthy post on the Linux kernel mailing list this week, Torvalds said that “Linux is not one of those anti-AI projects, and if somebody has issues with that, they can do the open-source thing and fork it. Or just walk away.” The statement came amid a lengthy thread arguing about the use of Sashiko, an “agentic Linux kernel code review system” that its creators claim can, in tests, independently find 53.6 percent of the bugs that would end up being fixed by human coders in later commits. But the tool can also waste maintainers’ time by sending “false positive” reports of bugs that don’t exist, at a rate Sashiko’s maintainers estimate is “well within [the] 20% range.”
In discussing whether maintainers should be subjected to a flood of these kinds of automated, AI-powered bug report emails (true or false), one poster cited the Software Freedom Conservancy’s recent statement that the open source community “should support, not just tolerate, those who outright reject LLM-gen-AI systems” and that “every FOSS contributor deserves self-determination regarding LLM-gen-AI.” In the face of that statement, Torvalds said that he rejects those who demand that their open source projects not accept any LLM-generated code or revisions. “We’re not forcing anybody to use [LLM tools], but I will very loudly ignore people who try to argue against other people from using it,” Torvalds said.
Torvalds said his position on this is a pragmatic one that’s “based on technical merit. Not fear of new tools.” And when it comes to utility, Torvalds said that “AI is a tool, just like other tools we use. And it’s clearly a useful one. It may not have been that ‘clearly’ even just a year ago, but it’s no longer in question today. Anybody who doubts that clearly hasn’t actually used it.” […] While Torvalds acknowledged that “AI isn’t perfect,” he urged detractors to compare the output of these tools to the performance of human code maintainers. “Anybody who points to the problems at AI had better be looking in the mirror and pointing at themselves at the same time,” Torvalds wrote. “Because it’s not like natural intelligence is always all that great either.”
SpotiSlop: Large language models and sophisticated audio-generation tools are disrupting the traditional music industry. Digital listening platforms such as Spotify have become prime targets for AI-powered spammers, but trade organizations are fighting back with new labeling programs.
Spotify’s Sam Duboff recently revealed that the platform was forced to remove 75 million AI-generated tracks in 2025 alone. As Spotify’s senior director and global head of marketing, policy, and music business, Duboff believes that AI has not introduced any entirely new tactics for spam operations. However, he also argues that generative AI and other machine learning technologies have taken audio spam to the next level.
Spotify now has systems designed to combat both AI-generated “slop” uploads and data scraping by companies seeking new content to train their generative AI models. Duboff confirmed that the company has a “big team” dedicated to identifying potential new attack vectors that could make life easier for spammers (or scraping bots).
The executive also provided several eye-opening figures highlighting the growing prevalence of AI-generated music on digital platforms. Every day, bots upload around 100,000 different “songs” to Spotify’s servers, and a large portion of these tracks are most likely “made” using generative AI services or custom LLM-based setups.

Duboff acknowledges that not every genAI track can simply be dismissed as slop. The 75 million songs removed last year were low-effort content with very little human creativity involved beyond a lazy chatbot prompt. However, “real” artists are increasingly using AI technology in their production workflows, blurring the lines between fake music and human-curated efforts.
Spotify is certainly embracing AI across its business these days. Earlier this year, co-CEO Gustav Söderström said that the company’s engineers are essentially allowing AI agents to handle much of their coding work. Spotify also said that AI tools approved by music labels are now fair game for creating remixes and covers that can then be sold on the platform.
Beyond Spotify’s growing pains with spammy tracks, generative AI is forcing the entire music industry to develop new solutions to the increasingly relevant AI slop problem. The International Federation of the Phonographic Industry, the RIAA, and other major trade organizations recently announced a “voluntary” program to properly label AI-generated music, giving listeners a clear indication when a song has been entirely created through a chatbot prompt. These labels should also identify “AI-assisted” music that was primarily created by human artists.
Apple has raised the monthly price of its Family and Premier Apple One bundles in the US. The Family plan now costs $27.95 per month, up from $25.95, while Premier has climbed from $37.95 to $39.95. Both plans are now $2 more expensive each month, adding another $24 to the annual bill. The Individual plan remains unchanged at $19.95 per month.
The increase arrives shortly after Apple raised subscription prices for Apple Music across its student, individual, and family plans. New AppleCare+ customers buying coverage for Macs and iPads have also been hit by higher prices recently.
Apple One Family includes Apple Music, Apple TV, Apple Arcade, and 200GB of iCloud+ storage. The services can be shared with up to five other family members.

The Premier plan includes the same services, alongside Apple News+, Apple Fitness+, and 2TB of iCloud+ storage.

Apple has not added any new services, storage, or other benefits to either bundle. Family subscribers will now spend $335.40 over a full year, while the Premier plan works out to $479.40 annually.
Apple has not explained why the two Apple One bundles have become more expensive. The company blamed its recent Apple Music increase on rising licensing costs, and the service is included in every Apple One plan. However, the unchanged Individual bundle suggests Apple Music is unlikely to be the only reason behind the latest adjustment.
The company has also raised AppleCare+ prices for new Mac and iPad customers by $0.50 per month or $5 per year. Those changes followed broader price increases across Apple’s Mac, iPad, Vision Pro, HomePod, and Apple TV lineups. Despite the price increases, Apple One still offers a discount compared to paying for every included service separately.
The European Commission on Thursday mandated that Google provide its competitors with greater access to AI capabilities on Android phones and to search data, saying the increased openness is needed to level the playing field in those areas.
The ruling stems from the European Union’s Digital Markets Act, which is designed to ensure that powerful tech companies, such as Google and Apple, can’t unfairly dominate markets through their size and their gatekeeping powers. In this case, the act requires Google to give third-party apps and services the same level of access to its software as it does for its own services.
“With today’s measures, we want to support innovation and diversity in the European Union, enabling fair competition in the markets of AI assistants for Android devices and search engines,” Henna Virkkunen, the Commission’s executive vice president for tech sovereignty, security and democracy, said in a statement. “Thanks to these measures we hope to see emerging alternatives to Google Search and Google’s AI services, such as Gemini, and that users in the EU can enjoy greater choice of services.”
Gemini AI has become inescapable in Google software and on Android devices. But AI assistants from other companies have had restricted access to key Android functions, which limits the kinds of services they can create and offer, putting them at an unfair disadvantage, according to the Commission. The new ruling would mean, for instance, that third-party AIs could be activated with a voice command similar to “Hey, Google” or could be delegated tasks such as booking a taxi, the Commission said.
The Commission noted that 60% of phone users in the EU have an Android device.
Thursday’s decision also requires Google to share its search data with third-party search engines and with AI chatbots that offer search functionality. That includes data Google uses to optimize its search engine. The Commission said this requirement is important for developing and optimizing third-party search engines, including privacy-focused alternatives.
Google will also have to provide the data at a fair price and through a clear process, the Commission said.
In its response to the ruling, Google homed in on what it said are the dangers the DMA-driven changes would pose to users.
“Today’s decisions risk undermining vital privacy and security guardrails for millions of Europeans,” Kent Walker, president of global affairs for Google and parent company Alphabet, wrote in a blog post. “We have repeatedly offered solutions to safeguard users while satisfying the DMA’s goals, but these rulings discount extensive evidence of user harm.”
In an email to CNET, a Google spokesperson reiterated the company’s privacy concerns and noted that the alternatives it suggested would ensure, for instance, that query-related data is passed along to recipients while providing better personal data protection. Google also proposed that anonymization be performed by technical and legal experts, but said the EC rejected the proposal.
Google also said that AI agents already have access to choices, but that ultimately, phone-makers play a big role in protecting users by evaluating apps that could have system-level permissions and access to your data. It said that phone-makers provide that access, not Google.
Apple last month said that because of a DMA ruling, access to its new Siri AI would not be available to users in the EU when iOS 27 and iPadOS 27 roll out later this year.
Under Thursday’s ruling, Google must start sharing data with search providers in January 2027 and make the Android changes effective as of July 2027.
Legacy infrastructure, not the models themselves, is what’s actually slowing AI agents down. That was the shared conclusion of three infrastructure leaders — from LinkedIn, Walmart, and Zendesk — at VB Transform 2026.
The panel brought together Animesh Singh, senior director of AI platform and infrastructure at LinkedIn, Desiree Gosby, SVP of corporate technology services and technology strategy at Walmart, and Sami Ghoche, VP of applied AI at Zendesk, each describing what actually broke when they moved agents from pilot to production. Each arrived at the same conclusion from a different starting point: None of the bottlenecks they hit were model problems.
What tied their answers together was a shared premise: most enterprise infrastructure was built for how humans work, not for how agents work. The gap between those two speeds is where the real engineering happened.
Gosby put it plainly when asked what she’d learned scaling agents inside Walmart’s own workforce. The goal, she said, is to make sure “engineering doesn’t once again become the bottleneck for what it is we’re trying to do.”
Each company hit a different version of the same wall: infrastructure designed for how people work doesn’t hold up once agents are doing the work instead.
At LinkedIn, the first bottleneck wasn’t a model, it was Kubernetes, which assumes containers spin up on demand, a process that takes seconds. Singh said that’s too slow for agents. The fix was moving from on-demand provisioning to pre-provisioned pools of containers that swap agentic workloads in and out in real time.
A second, harder problem surfaced once LinkedIn let agents control their own orchestration. A five-point evaluation system looked clean, but hallucination kept showing up anyway. Singh said the issue was structural, an LLM evaluating another LLM’s output shares the same failure mode as the thing it’s evaluating.
“We built our own harness, our own control flow, and pushed the LLMs to the leaf instead of them orchestrating the loop,” Singh said. Roughly 80% of the workflow is now scripted, deterministic code, with LLMs used only where reasoning is required, and each step’s evidence is committed to disk before the system moves on.
Walmart’s bottleneck came from success. An agent harness put directly into employees’ hands went viral internally, and what Gosby called “citizen developers” began building their own agents to solve problems that once required a formal engineering roadmap. The upside was real innovation. The downside was duplication, dozens of overlapping agents with no coordination. The fix wasn’t reining in the harness, it was building governance to spot duplication, promote the best version of an agent, and get it into production without engineering becoming a chokepoint.
Zendesk hit its bottleneck from the data side. Ghoche, who joined through Zendesk’s acquisition of Forethought, which closed in March 2026, described sitting on what he called a public figure of 20 billion customer conversations in Zendesk’s repository. The instinct is to hand that history to a large language model with a big context window and let it generate the agents a business needs. Ghoche said that doesn’t work. “You can’t really do that, so instead you have to really invest in the underlying data pipelines and all the data infrastructure that comes with that,” he said.
On open source, all three leaders landed on a similar instinct: own what you can, and lean on frontier labs only where they still have a clear edge.
Ghoche said his own view is that most enterprises would prefer to own their models and infrastructure wherever that’s possible, and that reasoning is what drives Zendesk’s own approach. The exception is frontier reasoning work, where the labs still lead, though he said that slice of use cases is shrinking relative to everything else enterprises now do with AI.
LinkedIn’s answer was to build two subsystems specifically for independence. The first is what the company calls an AI gateway, a single interface that every outbound call to a model runs through regardless of provider. The second component is a memory subsystem built to hold context independent of any model provider.
“Every single outbound call going to an LLM, whether it’s on a public cloud or on-prem in our own data centers, follows the same semantics, the same API calls. We can quickly switch between different providers,” Singh said.
Walmart built its own internal gateway to stay vendor agnostic across three workload types: fully deterministic workflows, planner-and-reasoner workflows for open-ended tasks, and a hybrid of the two. Compliance-heavy work stays deterministic by design; governance, security and evaluation run through the gateway regardless of which model is on the other end. Gosby said the choice between a frontier model and an open-weight model comes down to whichever is most effective for the specific workload, not a fixed policy.
Three pieces of advice came up directly, each tied to the wall a leader had already hit.
Invest in evals before anything else. Ghoche called it the thing common to every use case, internal or customer facing.
“The thing that’s common to all of these is evals. It’ll force you to break the problem down, and once you have a robust set of evals, you can move a lot faster,” he said,
Own your agent harness from day one. Gosby’s advice was to put the AI harness directly in employees’ hands early, paired with the infrastructure to monitor what it produces.
“It will unlock a huge amount of innovation,” she said.
Build for model and context independence. Ensuring flexibility is critical for success.
“Build for independence, whether it’s a frontier model of today versus an open source model of tomorrow,” Singh said. “Keep that context within your enterprise so that you can reuse it when you ship the model or the harness tomorrow,” Singh said.
Keri Rodrigues, a mother of five boys, knows the value of screens.
For her boys, four of whom receive school accommodations, screens serve a practical purpose at school.
“When you get a kid who’s got [a learning plan] for anxiety and a substitute teacher that hasn’t read his 504 [plan] and there’s nobody there to de-escalate him, he’s got to use his phone to call mom so I can FaceTime with him and do a breathing exercise,” Rodrigues says.
But this use of screens bumps against a new concern. Fueled by distress over the mental health impacts of too much screen time, lawmakers have begun to pass device bans and other restrictions for schools, in a rising “techlash” across state capitols.
“We’ve got to make sure we’re not stomping on kids that are actually utilizing these devices for really important reasons.”Keri Rodrigues, president of National Parents Union.
Now, as the country wrestles with restricting screens, some parents and disability advocates are beginning to express concerns about whether students who rely on accessibility tools are being excluded from the rulemaking process. Some of these advocates say they agree that new tech restrictions are necessary, but they are calling for careful consideration in how these rules are written.
Many neurodiverse students need assistive technologies for learning, and it’s common for digital tools to be prescribed in the plans schools use for these students. Assistive technologies support functional and social needs for these students’ daily lives, argued Sambhavi Chandrashekar, global accessibility lead for D2L, an online learning platform, in a series of emails to EdSurge.
Chandrashekar and others worry that lawmakers aren’t consulting families with neurodiverse students enough when crafting new restrictions, and that screen time laws could impinge on accessibility tools. They worry that the gains these students have made are becoming swept up in larger political battles.
Advocates are calling for a proactive approach to avoid potential problems down the road, and EdSurge has not yet found an example of a student blocked from using an assistive device because of these new bans.
Students with ADHD might use screens for reminders, alarms, timers, or even medical alerts, says Rodrigues, the mom. Students with autism use it for self-regulation, and students with anxiety, epilepsy, asthma, or vision and hearing differences rely on specific accessibility features on their phones. One of her own sons, a senior in high school, uses a meditation app to de-escalate, she says.
NEWSLETTERS
Sign up for EdSurge newsletters for timely news, insights and analysis.
In her position as president of the advocacy group National Parents Union, Rodrigues wants caution from lawmakers. The new legislation is “really well intended,” she says. But: “We’ve got to make sure we’re not stomping on kids that are actually utilizing these devices for really important reasons.”
“Phones aren’t just toys for kids,” Rodigues says.
Disability laws such as the Individual with Disabilities Education Act guarantee students the right to assistive technologies, sometimes including screens.
But the new restrictions occur at a particularly tense time for these families.
Mass firings and funding cuts under the Trump administration have cast doubt on the reliability of federal civil rights protections and processes, some argue, leading to an increase in accessibility-related lawsuits, as families look to protect their rights. For instance, according to a nonpartisan government watchdog report, the Trump administration’s cuts to the office which reviews civil rights complaints contributed to a 90 percent dismissal of student civil rights complaints in the later months of 2025.
Recently, the U.S. Department of Justice delayed a long-anticipated deadline that required schools and vendors to meet widely accepted accessibility guidelines, after it became clear that schools and governments were not ready.
And advocates have already called attention to bills that would subject students with disabilities to surveillance cameras in classrooms, in the hopes of curbing physical restrains against these students, as EdSurge has reported.
As for the latest screen restrictions, many of the bills note that they do not apply to students with disabilities under law. For example, laws from Alabama and Tennessee carve out blanket exemptions for students with disability plans. And Tennessee’s bill also includes an explicit exception for literacy and dyslexia screenings.
Still, advocates are concerned.
Local and regional policies can limit access to tools like screen readers and predictive text software even if they don’t mean to, argues Andrew Kahn, an associate director for Understood, a support organization for people with learning differences. But these tools can be necessary for those students to keep up in class. It’s not obvious to everyone that these tools can help students, even some who don’t have formal plans, Kahn says.
Typically, when these rules mention students with disabilities, they will exclude anyone covered by disability law, says Lindsay Jones, CEO of CAST, a nonprofit focused on assistive technology and learning. But they are still relying on local school districts or other agencies within the state to provide guidance about how to implement the law, she adds.
Without sufficient guidance, a concern is that teachers might become uncomfortable working with students who need screens for accessibility reasons and might restrict these tools because of that, Jones says. For instance, advocates fear that a teacher, wary of breaking the new law, might tell a student not to use a screen, even though it was prescribed by an individualized education program, or IEP.
“It’s not typical that a student [with disabilities] is sitting alone at a screen, which I think is what seems to be driving much of the concern,” Jones says.
But even if students with disabilities aren’t prevented from using the screens, there’s unease about whether these new rules will contribute to shaming or separation.
Reading some of these laws without guidance, it’s unclear how to implement them without banning screens in the classroom, Jones says. In order to follow these rules, it’s possible that students who are exempt from the bans could be moved into another room, she worries.
“That’s immediately going to bring — or raises our concerns about — stigma for these kids,” Jones says. “One of the beautiful things is when technology is built into systems that we’re all using, and we can use them together, and it reduces the feeling that you’re separate and different in a way that can be especially harmful.”
It’s an apprehension that others in the space share.
“You would be restricting [students with disabilities] because the access to technology is creating that stigma and that segregation,” says Kahn of Understood. “Anything that leads to difference between kids, that accentuates and magnifies, has the really strong potential to further stigmatize and make these kids feel singled out.”
Education should always take place in the least restrictive environment possible, he adds.
Rodrigues says that she and other parents also worry about whether students will become reluctant to use their disability tools because of the stigma. “Kids might actually choose to suffer rather than being singled out socially,” she says.
But ultimately, for some proponents of accessibility tech, the disquiet is largely about who gets consulted for new rules and how they get enforced.
It’s not that these restrictions shouldn’t be pursued, but that families of students with disabilities should be more thoroughly included in the rulemaking process, these advocates argue.
“Parents with children who have a disability must have a seat at the table,” Chandrashekar wrote: “Blanket rules that are blind to fundamental human differences will do more disservice than good to students at the margins.”
Following the reports last week using the Windows Global Device ID (GDID) in tracking a malware operators behavior, here is a comprehensive write-up about what goes into the GDID and how it is used. It’s worth noting that the GDID itself was not used to catch the malware operator, however once a suspect was identified, the GDID was used to correlate behavior across various Microsoft products on the Internet.
The GDID is generated and assigned during a Windows install, but a re-install of Windows will generate a new GDID. Developer [SmtimesIWndr] tracks the generation and tracking of the GDID through the various Windows libraries and services, identifying where it appears to be created and how it is passed to other services like Azure.
Worth noting is your GDID is a unique, personally identifiable piece of information; if you go exploring and extract it from your Windows install, be sure to keep it private!
Those of us who were around for the dawn of MP3 files may remember the LAME encoder and library. After almost 10 years, there is a new LAME release.
Notably, this includes two security fixes, one for a stack buffer overflow based on malicious input to the Blade encoder, and an integer underflow in the AIFF header parser. Both of the fixed bugs feel very old-school, which seems appropriate given the age of the library and most of the related code.
Buffer overflows impacting the stack are some of the simplest and most direct forms of vulnerabilities, where it is possible to write past the end of a buffer and control how the function returns and instead execute arbitrary code. Integer under-flows, similarly, impact memory management; usually caused by allowing a variable that stores the size of a buffer to go negative. Since sizes are typically unsigned positive numbers, a negative is interpreted as an enormous positive number, writing past the proper buffer length.
Despite the new findings, the LAME codebase has been extremely resilient over the years, and considering the number of programs that likely still use LAME under the covers to process audio, seeing the project wake up with security fixes is great news.
Researchers have found a vulnerability in Dell BIOS code that allows extraction of the administrator password from the BIOS flash chips, either with physical access via a flash programmer, or via administrator or root level access to the operating system and reading the contents of the flash chip.
Dell used a 20 byte key to encrypt a 32 byte password field: for any admin password of 12 characters or fewer, the password is stored in completely plaintext. For longer passwords, characters beyond the first 12 are encrypted – but the random bytes are computed from the first character of the password mixed with fixed device data, yielding only 256 possible encryption seeds for the remaining bytes.
Using the BIOS admin password for evil requires local access, so the attack surface is small, however as the researchers note it controls the boot order and may allow an attacker with physical access to then boot an unsigned OS or bypass full-disk encryption, so it’s serious.
Last month, Microsoft broke records for the number of security fixes in the June monthly Patch Tuesday roundup. This month, Microsoft broke records for the number of security fixes in the July monthly Patch Tuesday roundup.
This month includes a record 60 plus patches for critical vulnerabilities in Windows, as well as fixes for previous Bitlocker bypasses, and an AI prompt injection which could allow web sites to trigger Copilot in Microsoft Edge on Android and execute arbitrary prompts. Another bug patched this month allowed privilege escalation and code execution over DHCP, potentially impacting all Windows installs on the same physical network or public hotspot.
Microsoft credits AI assisted tooling with the record-breaking number of bugs discovered, and indicates it’s unlikely to slow down next month.
It’s a week with a Patch Tuesday, which now seems to mean it’s a week with a new exploit from NightmadeEclipse, the researcher who previously made news for being quite upset with the responses from the Microsoft security group. After then creating a public outcry by threatening prosecution, Microsoft recently has seemed simply to be fixing bugs disclosed by NightmareEclipse in the next series of security updates.
This month, we have LegacyHive, an exploit which allows loading the “hive”, or collection of registry settings and configuration files, of another user. The Windows registry is typically used to store preferences, settings, auto-launched applications, and other important settings, so being able to access other users registry groups seems significant.
Fairlife Dairy, owned by Coca-Cola, has suspended US operations due to a ransomware attack. Filings with the SEC simply say that production facilities are impacted and will be temporarily suspended, with no estimate as to when they will be restored.
Typically when a food-processing facility goes offline, the delays for restoring service can be significant due to the sanitization requirements.
The April Task Force has been announced (yes, in July) with a focus on enhancing the security posture of Perl and the CPAN library.
Given the absolute havoc wreaked on the NPM and PyPi repositories in 2026, proactive measures to protect other repositories seem prudent. Funded by the Perl and Raku Foundation and the Linux Foundation, the April Task Force will be focused on supply chain security, vulnerability patching, and processing reported vulnerabilities and CVEs.
Perl may not be the juggernaut language it once was, but it’s still used widely, so any preventative measures are good news.
Researchers from ESET enumerated 11 boot loaders signed by Microsoft that can be used to bypass secure boot protections and execute arbitrary code.
Secure Boot was designed to only boot code signed by trusted organizations (in this case, Microsoft). Those of us running Linux typically know it as “the option in the BIOS to turn off to get a kernel to run properly”, but for corporate fleets, Secure Boot protections help protect disk encryption and prevent malware installs.
During boot, a Secure Boot protected system validates the code it is about to launch to ensure it is signed by a trusted organization, establishing a chain of trust where each component then validates the next before launching. Often, to enable other tools or Linux distributions to boot, a “shim” boot loader is created and signed by an organization trusted by the UEFI install, which then loads and validates the actual boot loader or kernel.
Over the years, many such shims have been signed, but updates have lagged and security vulnerabilities have been found. Even unused old boot loader code remains signed and viable, allowing attackers to replace a modern version with a vulnerable, still valid, old version.
Microsoft has removed several of the vulnerable boot loaders via recent Windows patches, however systems that are not updated and systems that do not run Windows will still likely be vulnerable.
As one fourth grader peers over the top of a 300-foot-tall wind turbine, a classmate stands next to surgeons operating in an emergency room. Nearby, another fourth grader shuffles through an autobody shop.
They are not visiting high-risk job sites, at least not in real life.
These experiences are the result of a series of investments into virtual reality in North Dakota.
The state hopes that putting VR headsets with career-focused software in classrooms will eventually boost local employment. While many schools across the country are looking to limit screen time, North Dakota is pushing for increasingly younger students to use these digital tools.
Because North Dakota is largely rural, students’ face significant travel hurdles to visit job sites that could be several hours away, says Mackenzie Tadych, director of Northern Cass School’s college career and readiness program.
The VR investment “was an attempt to engage students at an earlier age and develop an awareness of [the careers] the state has to offer,” says Wayde Sick, state director for the Department of Career and Technical Education. “This is the first glance to show what is out there without throwing a bunch of students on a bus where you drive two hours for a field trip and two hours back.”
In North Dakota, the virtual reality program works directly with employers in the state in an effort to bring awareness to careers and fields students may be unfamiliar with or have misconceptions about, such as manufacturing.
The statewide program first started in 2023, after the North Dakota state legislature passed a bill that allotted a half-million dollars to the state’s Department of Career and Technical Education to purchase virtual reality headsets that would be used by middle and high schools. Late last year, that was expanded to all elementary schools in the state.
While more traditional career exploration modes – like career aptitude tests – are still used, VR is a way for more children to literally visualize potential new careers. The initiative, which is an expansion on the RUReady ND career exploration program, offers 118 different modules for students through Fargo-based CareerViewXR.
NEWSLETTERS
Sign up for EdSurge newsletters for timely news, insights and analysis.
Ann Pollert, a career exploration coach, has a mobile van that visits schools at every level throughout six counties in the northeastern part of the state. Her bus is outfitted with seven headsets and she works on average with five students at a time, helping find their interests and guiding them through the modules.
“I would go into classroom after classroom and give a 50-minute spiel, but they had no visual,” Pollert, a former diesel technician recruiter, says. “With this, I could take it to the school and show those kids what it means to replace an excavator. It helps me identify the students I need to further encourage.”
She says the headsets as a whole are not meant to replace guidance or career counselors, particularly in high schools. As those counselors find themselves with increasingly higher workloads and less time, this is seen as a supplement.
“We still need career counselors, work-based learning counselors and great teachers that notice something about a student, saying, ‘You would be good at this,’” Pollert says, adding that some smaller schools do not have the resources for those counselors. “It’s everything together to make it work. It’s not the van that’s solving the problem.”
So, is it working?
Sick, the state director, says it’s too early to measure the impact of these programs, including whether it’s increased the number of students staying in the state to work post-graduation.
Most of the efforts are focused on students who have yet to graduate high school, he points out. But he does believe this program serves as a starting place for younger students to explore their interests at an early age.
“In my eyes, this content is most important for elementary and middle school-aged kids, so the high school students have seen those experiences, have an idea of what they want to pursue and can do so in a series of courses based on what they have seen in virtual reality as a fifth or sixth grader,” he says.

Students in North Dakota can explore lesser known careers, like veterinary technician and manufacturing engineer, in the new initiative.
Provided/CareerViewXR
Sometimes in VR, the students find what they dislike.
Tadych, of Northern Cass School, recalls a student vehemently reacting to a virtual reality module that placed them in a high-stress operating room.
“It’s just as beneficial being able to find what you don’t want to do,” she says, adding that the district also requires students to job shadow before graduation, following around professionals as they go through their work day.
And as the VR experiences get more lifelike, students will get more useful information about possible careers.
For example, Sick believes the technology could evolve down the road to include augmented reality, where students would be able to more fully interact with their environment. He believes the interactions will not only alert children of more local career opportunities, but keep them in the state upon graduating.
“We’re a rural state, and my goal is to make sure every student has the best experience they [can] have, to find what they should become, and try to help them figure it out sooner,” he says. He adds that the only way to do that is to provide a rich variety of experiences that start at the elementary level.
Lauren Coffey (@Lauren__Coffey) is a reporter at EdSurge covering early childhood education and technology at the K-12 level.
SOFTWARE
And what to expect in Firefox 153 as the next ESR release gets close
Firefox releases will soon get even closer together – but not ESR ones, which remain annual, with the next one due out soon. The change was announced last week on the dev-platform@mozilla.org mailing list by Mozilla’s director of engineering Sylvestre Ledru:
“We are planning to move Firefox Desktop and Android from a 4-week release cadence to a 2-week release cadence starting in September 2026.
“This will be an experiment… This does not mean that all work needs to ship twice as fast. Work that is not ready should not be rushed, and features can still take the time they need to bake.
“The current target is to release Firefox 155 on September 1, 2026, instead of September 15 …
“We will closely monitor how this change works in practice and adjust if needed.”
The change is already visible in the upcoming Firefox Release Calendar. At the time of writing, it shows the current four-week cadence for Firefox 153 and 154, with Firefox 155 brought forward to September 1. From then on, it lists releases at roughly two-week intervals.
This isn’t unprecedented. The last time Mozilla did it was over a decade ago. Google announced a very similar change for Chrome back in March, and The Register reported on it going to six-weekly releases in 2010 and then four-weekly ones in 2021.
In the meantime, Firefox 153 is nearly here: at the time of writing, it’s scheduled for Tuesday, July 21. Right now, the release notes are blank, but the beta release notes are more forthcoming.
You can look forward to further improvements to PDF editing. Version 153 will be able to merge multiple PDF documents into one by a simple drag-and-drop in the PDF sidebar, and insert images into PDFs as new pages. It will also improve highlighting text in PDFs.
The new version can generate QR codes for sharing web pages offline, such as in printed documents. It can verify and display the EU’s new Qualified Website Authentication Certificates, or QWACs for short. These are part of the new eIDAS legislation, which is a slightly convoluted acronym for “electronic IDentification, Authentication and trust Services”. Sounds cumbersome, but if it helps make the Wild West of the Web a bit safer, we’re all for it. Another security tweak is that extensions will lose local-file access by default. As we use one that relies on it – the excellent Multithreaded Download Manager – that’s slightly concerning, although users will be able to grant the permission separately, so we’ll see.
If a tab is using your location, Firefox 153 will highlight this with a map-pin icon in the address bar. The last release could recognize a few keywords in the address bar to mute all sound: this function will get extended, with typed commands for picking colors from pages, and accessing experimental “Labs” features. Come back, Ubuntu Unity and your HUD, all is forgiven.
There’s also experimental JPEG XL support. Pop-up video player controls will work better, and if you use Windows and have a compatible GPU and drivers, 153 will play HDR video. On macOS, Firefox supports the Fn+F keystroke for switching to full-screen mode – which means KeyboardControls.com has to update its description of the function.
Firefox 153 will also be a significant release, because it will be the next ESR version: it will get security updates for at least 15 months, meaning until late 2027. (And maybe longer: Firefox 115 is still getting updates, and now will until March 2027.)
In turn, that means that Firefox 153 is also the basis of the latest beta of the AI-free Waterfox fork, which recently integrated built-in ad blocking. ®
The FBI arrested a Florida man accused of uploading fake Steam games containing malware that stole passwords, data, and cryptocurrency wallet credentials from victims. Prosecutors say the scheme infected about 8,000 people, compromised roughly 80 crypto wallets, and stole at least $220,000 through games that appeared legitimate but secretly carried malware. TechCrunch reports: On Tuesday, the FBI arrested Zyaire Wilkins, a 21-year-old Florida resident and student. On Wednesday, prosecutors accused him and a number of unnamed co-conspirators of hacking crimes. Over the past two years, Wilkins and his partners allegedly published several malware-laden video games on Steam, including BlockBlasters, Dashverse, Lampy, Lunara, and PirateFi. Using that malware, says the FBI, Wilkins and his accomplices infected around 8,000 victims, and then hacked around 80 cryptocurrency wallets to steal at least $220,000 worth of crypto. Wilkins and the others marketed their malicious video games on Discord, LinkedIn, and Telegram, according to the authorities.
[…] After the FBI identified another person involved in the crimes, according to the complaint, federal agents interviewed them. The unnamed person said they worked with other people to raise money to launch and market the malicious games in return for sharing some of the stolen cryptocurrency. The FBI identified a specific crypto account involved in the scheme, and then traced cryptocurrency payments made with that account to buy several gift cards, including for UberEats. After subpoenaing Uber, the feds were able to see that the gift cards were linked to an account that made deliveries to Wilkins, who went by the nickname Sibel.eth online, according to the complaint. The feds then got a search warrant for Wilkins’ residence, where they seized his MacBook laptop, cellphones, other devices, and digital wallets. According to the complaint, he refused to speak or answer any questions.
Weekend Open Thread: Nutriplenish Leave-In Conditioner
London Mayor Sadiq Khan handed a peerage by Keir Starmer alongside 15 other Labour figures… just days before the PM leaves No10
CFTC blocks Kalshi from unwinding Michigan trades after court order
Young campaigners urge incoming PM to act on outdoor junk food ads
Nvidia Stock Slips After Big Tuesday Rally as Huang Confirms Vera Rubin Chip Is Now in Production Today
Weekend Open Thread – Corporette.com
Disney’s Most Ambitious Failed Star Wars Attraction Is Coming to SDCC
XRP BOMBSHELL… XRP OMBOARDED FOR TRANSACTIONS!!!
Get Your ESP32 Sunny Side Up With This Solar Dev Board
Injective Submits SEC Transfer-Agent Registration to Onchain Ownership Records
Registration is now open for March for Men with Kev 2026
Dark Secrets Emerge When Jailbreaking LLMs
Palantir Shares Rise After Expanded Nvidia Partnership and Fresh Analyst Upgrades Ahead of Earnings Day
Money | Class 12 Economics | CBSE Board Exam 2026-27
New Cornerback Enters Vikings Trade Rumor Mill
Banco Bilbao Vizcaya Argentaria, S.A. (BBVA) Discusses Global Macro Environment and Economic Outlook for Core Markets Transcript
Cloudflare Precursor Watches Your Mouse and Keyboard To Decide If You Are Human
how to make coin bank box with cardboard #scienceproject #money #diy #shorts
Airlines warn Sunshine Protection Act could disrupt flight scheduling
Vicki Gunvalson Defends Discussing Heather Dubrow’s Money
You must be logged in to post a comment Login