In a nutshell: On the second Tuesday of every month, Microsoft addresses the overall security of its many software products. The Patch Tuesday tradition has continued for more than 20 years, but the number of vulnerabilities addressed in monthly updates is now truly skyrocketing.

Microsoft recently released its latest batch of monthly security fixes for vulnerabilities found in Windows, Office, and other products sold by the company. This month’s Patch Tuesday stands out for a record number of CVE-tracked flaws, with 200 individual bugs and 33 “critical” vulnerabilities that could have serious consequences for Microsoft customers.

The June updates address a wide range of security issues. The most common categories include elevation of privilege vulnerabilities (65), remote code execution bugs (55), and information disclosure issues (30), among others. The Patch Tuesday release does not include flaws discovered in the Chromium-based Edge browser, which saw 360 issues fixed this month alone.

The updates also addressed five zero-day vulnerabilities, which are publicly disclosed bugs that are already being actively exploited by cybercriminals. The zero-day flaws include CVE-2026-45586, an elevation of privilege vulnerability; CVE-2026-49160, a denial-of-service vulnerability in Http.sys; and CVE-2026-42897, a server spoofing vulnerability in Microsoft Exchange.

The CVE-2026-45586 patch targets a vulnerability previously known as GreenPlasma. The flaw was discovered by a security researcher known as Nightmare-Eclipse, who has been in a dispute with Microsoft over alleged attempts to damage his reputation.

This month’s Patch Tuesday also addresses a security flaw discovered by Nightmare-Eclipse. Known as “YellowKey,” the bug was described as a potential attempt to introduce a stealth backdoor in Microsoft’s BitLocker full-volume encryption feature. Tracked as CVE-2026-45585, the issue should now be fully patched. However, Microsoft has not publicly acknowledged Nightmare-Eclipse’s contribution.

Speaking of, the researcher also released another exploit dubbed “RoguePlanet.” The proof-of-concept code could potentially be abused to open a command prompt with full “SYSTEM” privileges. It remains to be seen whether Microsoft will quietly address the issue without crediting its original discoverer.

Security experts warn that the number of software bugs addressed through Patch Tuesday and other periodic patching programs is likely to continue increasing. Microsoft noted that both security professionals and threat actors are now using advanced AI models to discover new vulnerabilities. The result is a rapidly expanding attack surface, with software vendors expected to spend increasing time fixing issues uncovered through automated discovery methods.

Editor’s take: Much like the Call of Duty series and pornography, generative AI is one of those things that’s incredibly popular despite a lot of people claiming to dislike it. ChatGPT, for example, has just reached one billion monthly app users, just 3.5 years after it launched in November 2022.

Market intelligence firm Sensor Tower reports that ChatGPT has become the fastest app ever to reach one billion monthly app users (MAUs), beating the previous record holder, Google Maps, which took around five years after launch to hit the same number.

ChatGPT isn’t the only AI app experiencing immense popularity right now. The monthly number of Claude and Meta AI users increased by 640% and 973% year-on-year. ChatGPT was up by a mere 62%, though it remains the clear leader.

Abe Yousef, Sensor Tower’s senior insights analyst, told CNBC that model improvements and more positive market sentiment have pushed the growth of ChatGPT’s rivals.

Earlier this year, OpenAI was one of several companies to sign deals with the Pentagon. It led to a huge consumer backlash, prompting CEO Sam Altman to promise additional safeguards to prevent government use of the technology for surveillance of US citizens – while leaving several obvious loopholes in place, of course.

Sensor Tower found that ChatGPT uninstalls surged around 295% day-over-day on February 28, the day after OpenAI announced the Pentagon agreement. It also led to Anthropic’s Claude becoming the top free app on the iPhone.

Anthropic has refused to let the government use its models for mass domestic surveillance and fully autonomous weapons, leading to a bitter dispute and the company’s blacklisting over claims that it posed a national security risk. But it was recently reported that the NSA is using Claude Mythos for offensive cyber operations.

Paradoxically, the use of generative AI tools is growing as public opinion toward the technology worsens. In addition to the tens of thousands of job losses being caused, which some now say never really happened, the anger toward new data center builds is growing.

On that note, an OpenAI report this week claimed that Chinese ChatGPT users were trying to encourage anti-data center feelings in the US. The company admitted that their efforts had little effect – it’s not like people don’t hate the facilities already – but the report might encourage some people to soften their opposition simply because they don’t want to be thought of as “influenced” by China.

Humanoids aren’t quite ready to replace factory workers, but the industry can’t wait. Faced with labor shortages, manufacturers have shown growing interest in startups that promise faster automation without the usual tradeoffs.

That’s the bet behind Theker, an AI robotics startup that aims to go beyond robots trained for a single task. “If you always have to put the same cookie in the same box, that works perfectly, but most processes aren’t like that,” co-founder Carla Gómez Cano told TechCrunch.

Theker is designed for that messier reality. Unlike humanoid robots designed around a fixed form — think Boston Dynamics — Theker’s machines are built to be reconfigured. Their hands, arms, and overall form can be swapped out or resized depending on the task, whether that’s sorting packages, packing clothing, or handling bottles and cans in a warehouse.

That Inditex, Zara’s parent company, signed on as an early backer is a signal of where Theker’s ambitions start, not where they end. The company’s broader goal is to move beyond retail into heavier industrial settings like manufacturing, where the complexity and scale of manual tasks is even greater.

This generalist ambition has helped cement Theker’s status as one of Europe’s hot startups to watch — and raise capital accordingly. The Barcelona-based startup has just raised $85 million in what it’s calling “Europe’s largest ever robotics Series A.” (We haven’t found a larger one in our records, either.)

Less than a year after a record seed round, this Series A was led by American VC firm CRV and backed by a mix of traditional and strategic investors, including Samsung and Aglaé Ventures, the investment vehicle tied to LVMH chairman Bernard Arnault.

Gómez Cano said Samsung is not a client yet but that the two are in advanced discussions. Theker would welcome having the Korean company as a customer, supplier, and investor simultaneously — a trifecta that would give the startup both revenue and credibility in manufacturing at scale.

She also noted that she and co-founder Jiaqiang Ye Zhu “didn’t build Theker to run pilots,” so the team skips innovation departments entirely and goes straight to logistics or operations, where deals are real and timelines are shorter.

To demonstrate that the company can actually deliver on that, Theker has a showroom in central Barcelona, and plans to open others as it expands across Europe, the U.S. and Asia. It will also grow its headcount across tech, deployment, and sales.  

“We already received 15,000 job applications and have to filter like crazy,” Gómez Cano said. She estimated that the team could grow from dozens to up to 120 people by the end of the year, then caught herself: “I am saying that, but I also said that we’d raise $30 or $40 million!” 

That Theker managed to raise twice its target also reinforces the startup’s conviction in keeping its HQ in Barcelona, a growing robotics hub, and in Europe’s tech ecosystem more broadly. “It has never been a barrier to acceleration for us, so we are making the most of it,” Gómez Cano said.

Danish pharmaceutical giant Novo Nordisk, the world’s largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials.

Founded in 1923, Novo Nordisk now employs around 67,900 people across 80 offices worldwide and is the maker of viral GLP-1 receptor agonist drugs Wegovy and Ozempic.

The company revealed on Thursday that attackers gained access to its internal IT systems and data related to patients participating in some clinical trials, including their patient IDs (random alphanumeric strings) and information on trial participation, sex, year of birth, biomarkers, health/immunogenicity data, and lifestyle factors (e.g., smoking, alcohol use, BMI).

However, Novo Nordisk said that this data was pseudonymized and that the attackers can’t use it to identify any affected patients by name.

“While our investigation and response are ongoing, we have discovered that certain non-public data, including personal data, was copied externally without authorisation. We are informing the impacted parties as appropriate,” the company said.

“This information is not directly linked to any patients by name or other direct identifiers. Information about identity would therefore require access to underlying information, identifying patients by name etc. This information was not exposed. We therefore do not consider the incident to enable any third party to identify participants in our clinical trials.”

The data breach also affects an undisclosed number of healthcare professionals (HCPs), whose names, registration numbers, e-mail addresses, phone numbers, WhatsApp details, and office locations have been exposed.

Novo Nordisk warned affected HCPs to be wary of unexpected messages or calls, as they may be targeted in phishing attacks via e-mail, phone, WhatsApp, or fraudulent messages impersonating their colleagues.

The company has taken the compromised internal IT systems offline but noted that its core business operations were not impacted. Novo Nordisk is now investigating the incident with the help of external cybersecurity experts to assess the full impact and scope of the breach.

“We are working to bring the affected systems back online in a controlled and safe manner; however, we acknowledge this process takes time. Our core business operations are not impacted and remain up and running,” Novo Nordisk added.

Novo Nordisk has yet to disclose when the breach was detected and how many individuals had their personal and patient data exposed.

A Novo Nordisk spokesperson was not immediately available for comment when BleepingComputer reached out for more details on the attack.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Advertisement

Get the whitepaper

Samsung is finally adding one of Android’s most basic quality-of-life features to Galaxy phones.

With One UI 9, Galaxy users can now display their internet speed directly in the status bar. This makes it easier to keep an eye on network performance without opening a separate app or digging through settings.

It’s a feature that has long been available on many Android devices from brands such as Xiaomi, OnePlus and Realme, making its absence on Samsung phones all the more surprising. Now, it looks like Samsung is finally closing that gap.

The feature arrives through an updated version of Samsung’s QuickStar module within the Good Lock customisation suite. Once enabled, a small indicator appears in the status bar showing real-time network speeds while you browse, stream or download content.

For Open Call 2026, IMR will be joined by a new delivery partner, the South Eastern Applied Materials Research Centre at South East Technological University.

Irish Manufacturing Research (IMR) has today (12 June) announced the next European Space Agency Phi-Lab Ireland Open Call, which invites Irish companies to better position themselves in the global space economy and as Europe’s hub for the development and manufacturing of next-generation space-bound hardware.

ESA Phi-Lab Ireland funds research in advanced materials and manufacturing, across the entire life-cycle of space-optimised hardware and for Open Call 2026, will be joined by a new delivery partner, the South Eastern Applied Materials (SEAM) Research Centre at South East Technological University.

Last year, Open Call 2025 drew involvement from a range of organisations across the Irish industrial base, with companies such as Mbryonics and Ubotica successfully incubated within the Irish Phi-Lab building. 

Open Call 2026 will offer ESA innovation seed funding of up to €400,000 for projects less than two-years, alongside expert mentorship, training, access to state-of-the-art research infrastructure and comprehensive networking opportunities. Key research areas supported by Open Call 2026 will include advanced materials research, additive manufacturing, structural analysis and simulation and integration of smart materials.

Commenting on the launch of Open Call 2026, Dr Ken Horan, the director of technology innovation and entrepreneurship at IMR and head of ESA Phi-Lab Ireland, said: “Ireland already has world-class manufacturing and materials capabilities, what has been missing is a dedicated front door into the space sector. 

“That is exactly what ESA Phi-Lab Ireland provides and as the national platform for space technology development, it sits at the very centre of our national effort to support companies seeking a role in the global space economy. Open Call 2026 is an open invitation to ambitious Irish companies, whether or not they have ever worked in space before, to build the products and the expertise that will define the next decade of this industry in Europe”.

Evelyn Kerschbaumer, the commercial officer at the European Space Agency, said: “The space economy is one of the fastest-growing markets in the world, and Europe’s future competitiveness depends on a strong base of innovative companies in every Member State. 

“Through ESA Phi-LabNET we are building that base region by region and Ireland’s focus on space-optimised hardware brings a distinctive strength to the network. We look forward to seeing Irish companies turn Open Call 2026 into real technologies with genuine global reach”.

In February of 2026, Ireland launched the first European Space Agency Phi-Lab at IMR in Mullingar, Co Westmeath. The Irish Government has committed to investing €170m into the ESA over the next five years and the six-year-long ESA Phi-Lab programme is a flagship element of that wider national commitment. The consortium is co-funded by the ESA and Enterprise Ireland.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

GameCube hardware already delivers strong value for fans of its original game library. Loaders such as Swiss open the door to region-free play, disc backups from SD cards or USB drives, and emulators that reach back to earlier Nintendo systems and beyond. Homebrew keeps the console active long after its commercial peak. A separate project now layers something unexpected onto that foundation by bringing a full PowerPC build of Windows NT to the same machine.

The architecture similarities between the console and early PowerPC-based PCs make this port much easier than you think. The GameCube is powered by a Gekko CPU, which was mostly derived from the PowerPC 750 series and obtained official support in the first versions of Windows NT. That shared basis is a huge advantage for developers since it allows them to avoid full emulation and instead write specialized drivers and a hardware abstraction layer that interfaces directly with the Flipper chipset.

Nintendo Switch 2: Choose Your Game Bundle

• Kick off the fun with a Nintendo Switch 2 system, your choice of a select digital game, and a savings* of up to $29.99!
• Includes choice of either the Mario Kart World, Donkey Kong Bananza, or Pokémon Pokopia digital game download
• One system, three play modes: TV, Tabletop, and Handheld

Wack0 runs the entii-for-workcubes project, which is a GitHub repository containing all of the components required to run Windows NT 3.51 or 4.0 on a GameCube, Wii, or even some vWii systems. They’ve created a unique ARC firmware bootloader (which loads homebrew software), a custom HAL (hardware abstraction layer), and a few drivers for video, input, and storage via the external interface bus.

The ARC firmware is the important first stage, running from a homebrew application, displaying a simple menu on screen, and allowing the user to carve up a disk image stored on an SD card or an EXI-IDE device. The Windows NT installation is then run immediately from an ISO file that is saved in the same location as the original disk image. During setup, the user can choose a custom GameCube or Wii hardware profile and install the necessary drivers for video, controller ports, and mass storage.

To get started, the user must prep an SD card with the release files, a Windows NT 3.51 or 4.0 ISO, and a blank raw disk image of the appropriate size. For a GameCube, this means purchasing a serial-port converter or an SD Gecko for more reliable access. They’ll also need a homebrew loader, such as Swiss, to get started. Once that’s done, the ARC menu will guide you through partitioning and installing NT, even letting you choose your keyboard layout and pointing device. The entire scenario takes place on real hardware, with no emulation layers between the operating system and console components.

Once the OS is installed, you can expect some basic work tools to be available. Notepad, Solitaire, ancient backgrounds, and even an early version of Internet Explorer should all operate smoothly. Input is supported via mapped GameCube controllers or an ASCII keyboard controller plugged into a port, which is useful for typing.

The original hardware limits keep everything in check. The GameCube only has 24MB of accessible RAM, which limits the number of programs you can run at once and forces you to carefully select your drivers. You’re also out of luck if you want fast storage, because accessing it through the GameCube’s external interface is significantly slower than using an internal drive, so expect to spend some time waiting for installation to finish, especially when compared to what you could do on a PC at the time. The graphics driver merely copies and pastes bitmaps rather than utilizing advanced optimized pathways, which is inefficient for a smooth desktop experience. To make matters worse, neither the GameCube nor the Wii versions include working sound. Your GameCube may occasionally stall during a reboot, requiring you to manually turn it off and back on.

SYSTEMS

Half the trouble of building an Nvidia NVL or AMD Helios competitor is just getting the networking out of the box

COMPUTEX 2026 It’s hard enough for startups to compete with AMD and Nvidia on chip design. The rise of rack-scale architectures has only made things harder.

Companies not only have to invest in chip design but also the mechanical, thermal, and power engineering necessary to pack six dozen or more AI accelerators into a single rack that functions as one enormous GPU.

At Computex last week, Delos Data, a startup funded by former Intel and Barefoot Networks execs, showed off a modular server platform aimed at giving chip startups a shortcut to rack scale.

One of the challenges with the move to rack scale is actually the sheer amount of networking that needs to be enabled at the box. A typical eight GPU HGX node only needs one or two ports per GPU. By comparison, a GB300 NVL72 needs 18 400 Gbps ports per GPU.

Nvidia and AMD have developed custom racks with integrated backplanes, power delivery, and cooling. Delos by comparison is keeping things relatively simple by designing a chassis that, at least from the front, looks more like a switch than a GPU server.

It features 36 OSFP ports, nine for each of the four OAM sockets at the heart of the system. OAM, if you’re not familiar, is an open socket commonly used by high-performance accelerators requiring more interconnect bandwidth and power delivery than standard PCIe cards can manage. Assuming 200 Gbps SerDes, that works out to 3.6 TB/s per chip of interconnect, the same as Nvidia’s new Rubin GPUs.

OSFP means that customers can use standard DACs or pluggable transceivers, and switches depending on how large they want their scale-up domain to be.

And while OSFP is usually associated with Ethernet, you can run just about anything you want through them, whether it be UALink, Ultra Ethernet, PCIe, or something else. From a deployment standpoint, these systems would be wired up like any other hyperscale system, just a whole lot denser.

Delos isn’t the only option out there for chip startups looking for scale up reference design. AWS for example appears to be repurposing Nvidia’s MGX form factor for its Trainium 3 rack systems, while AMD’s Helios rack is now an OCP standard. Both designs would, in theory, be easier to service, but Delos argues that its modular design offers greater flexibility.

“It makes it a little bit more flexible in terms of, maybe you want a scale up domain of 100 or maybe you want it a scale up domain of one,” CTO Dan Daly told El Reg. “It just depends on how many cables you want to plug in. This also allows you to go plug into different types of switches… it could be simpler switches, maybe even optical circuit switches (OCS).”

Using existing packet switches from Broadcom or Marvell, such a design could support 512-1,024 accelerators in a single layer fabric depending on whether you’re using 200 Gbps or 100 Gbps SerDes. Using multi-layer fabrics, OCS, and/or 2D/3D toruses, the compute domain could scale even further, all while using off-the-shelf components.

While OSFP keeps things simple and easy, it also means power consumption could become problematic for larger compute domains requiring pluggable optics.

In fact, this is why Nvidia has taken so long to embrace optical scale-up. Copper may not have the reach, but it uses a fraction of the power.

Delos CEO Ed Doe tells us the company is already exploring versions of the system that will use near package or co-packaged optics out to MPO-style connectors rather than the OSFP.

The startup isn’t just doing hardware. As anyone who’s done large scale networking knows, the physical and logical topologies — that is, the way devices communicate with one another on the network — can look very different depending on the workload.

Delos has developed a software orchestration platform designed to facilitate the configuration and monitoring of these switched fabrics or meshes in order to enable dynamic rerouting of traffic in the event of a link failure.

At Computex, this software platform, which Delos has dubbed its Nonstop AI network, was on display, allowing attendees to pull links at random and see the network react and correct itself automatically. 

The company’s ambitions don’t stop at network orchestration and systems. We’re told Delos has additional products in the works, and we don’t know for sure what they are, but a high radix switch design built atop merchant silicon would certainly complement its Nonstop AI systems. ®

offbeat

It’s just not cricket

BORK!BORK!BORK! Windows swings for a six but smacks the stumps instead as the baleful glow of a Blue Screen of Death (BSOD) adorns Worcestershire County Cricket Club.

We were worried that, with recent editions of Windows, the traditional white monospaced text on a blue background of a BSOD was becoming a thing of the past. Thankfully, Worcestershire County Cricket Club, founded in 1865, is keeping the old ways alive with a BSOD to bring a tear to many a system administrator’s eye.

Spotted by Register reader Rhodri Howell, Windows has been felled by a DRIVER_POWER_STATE_FAILURE, probably due to a bit of hardware not waking up when Windows asked it to, or the driver experiencing an unexpected teatime.

The screens on top of the club’s sign are usually there to beam messages at attendees, but in this case, it looks like at least one is a bit poorly, which might have contributed to Windows throwing in the towel or, to use cricket terminology, conceding.

For the uninitiated, cricket is a team sport in which a ball is thrown at an individual called a “batter’” who defends several sticks in the ground called a “wicket.” The sport is notable for a variant called a “test,” which can last for several days, involve multiple games, and still end up in a draw.

Windows, on the other hand, is an operating system more than capable of knocking an administrator for six and lobbing the odd googly or two at the unwary.

The word “test” is also something that doesn’t seem to trouble Microsoft so much these days, at least if what the company has delivered in recent months is anything to go by. No amount of shin pads or even the toughest of boxes is sufficient to ward off an eyewatering Windows update.

Microsoft’s current CEO, Satya Nadella, is a fan of the sport, and so the sight of Windows disgracing itself above Worcestershire County Cricket Club’s signage (and the three black pears of the county’s emblem) is doubly distressing.

As the saying goes: “It’s just not cricket.” ®