The acquisition strengthens the Iliad Group-backed Scaleway’s position as a cloud provider.
Cloud company Scaleway is acquiring high-performance computing (HPC) provider Qarnot to address growing cloud demand from businesses. Details of the transaction were not disclosed.
The acquisition strengthens Scaleway’s position as a cloud provider with HPC capabilities, enabling businesses to benefit from higher speeds and better AI performance. Scaleway and Qarnot are both headquartered in France.
Qarnot’s systems are able to recover or redirect up to 95pc of the heat produced by HPC servers into community services such as district heating networks, public facilities and industrial sites, without affecting computing performance, the company said.
Advertisement
Being significant electricity consumers, HPC systems produce excessive waste heat and require elaborate cooling mechanisms.
Qarnot’s model is already deployed in cities including Brescia, Italy, where the company partnered with A2A last June to connect its HPC infrastructure to the city’s district heating network.
The €2.8m EU-funded project is expected to become operational next March and would support avoiding nearly 23,000 tonnes of CO2 equivalent greenhouse gas emissions.
Qarnot’s customers include European space-tech company MaiaSpace, sports car manufacturer Alpine Racing and wealth manager Natixis.
Advertisement
For Scaleway, backed by the Iliad Group, the acquisition also strengthens its ability to control the heat and emissions it generates, and support it in developing next-generation AI applications.
“The next frontier isn’t just more efficient compute. It’s making sure the energy we can’t avoid consuming creates value twice,” said Damien Lucas, the CEO of Scaleway.
“Tomorrow’s cloud platforms won’t only be measured by the performance they deliver, but by how intelligently they use the energy they consume. Qarnot’s expertise in waste heat recovery helps us move towards that future.”
Qarnot’s chief technology officer Clément Pellegrini said, “Joining Scaleway gives Qarnot the backing of a major European cloud provider and the Iliad Group.
Advertisement
“It gives us the scale, investment capacity and European reach to bring our HPC expertise to more organisations while continuing to build on the principles that shaped Qarnot from the beginning.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
Legacy infrastructure, not the models themselves, is what’s actually slowing AI agents down. That was the shared conclusion of three infrastructure leaders — from LinkedIn, Walmart, and Zendesk — at VB Transform 2026.
The panel brought together Animesh Singh, senior director of AI platform and infrastructure at LinkedIn, Desiree Gosby, SVP of corporate technology services and technology strategy at Walmart, and Sami Ghoche, VP of applied AI at Zendesk, each describing what actually broke when they moved agents from pilot to production. Each arrived at the same conclusion from a different starting point: None of the bottlenecks they hit were model problems.
What tied their answers together was a shared premise: most enterprise infrastructure was built for how humans work, not for how agents work. The gap between those two speeds is where the real engineering happened.
Gosby put it plainly when asked what she’d learned scaling agents inside Walmart’s own workforce. The goal, she said, is to make sure “engineering doesn’t once again become the bottleneck for what it is we’re trying to do.”
Advertisement
Where the bottleneck actually was
Each company hit a different version of the same wall: infrastructure designed for how people work doesn’t hold up once agents are doing the work instead.
At LinkedIn, the first bottleneck wasn’t a model, it was Kubernetes, which assumes containers spin up on demand, a process that takes seconds. Singh said that’s too slow for agents. The fix was moving from on-demand provisioning to pre-provisioned pools of containers that swap agentic workloads in and out in real time.
A second, harder problem surfaced once LinkedIn let agents control their own orchestration. A five-point evaluation system looked clean, but hallucination kept showing up anyway. Singh said the issue was structural, an LLM evaluating another LLM’s output shares the same failure mode as the thing it’s evaluating.
“We built our own harness, our own control flow, and pushed the LLMs to the leaf instead of them orchestrating the loop,” Singh said. Roughly 80% of the workflow is now scripted, deterministic code, with LLMs used only where reasoning is required, and each step’s evidence is committed to disk before the system moves on.
Advertisement
Walmart’s bottleneck came from success. An agent harness put directly into employees’ hands went viral internally, and what Gosby called “citizen developers” began building their own agents to solve problems that once required a formal engineering roadmap. The upside was real innovation. The downside was duplication, dozens of overlapping agents with no coordination. The fix wasn’t reining in the harness, it was building governance to spot duplication, promote the best version of an agent, and get it into production without engineering becoming a chokepoint.
Zendesk hit its bottleneck from the data side. Ghoche, who joined through Zendesk’s acquisition of Forethought, which closed in March 2026, described sitting on what he called a public figure of 20 billion customer conversations in Zendesk’s repository. The instinct is to hand that history to a large language model with a big context window and let it generate the agents a business needs. Ghoche said that doesn’t work. “You can’t really do that, so instead you have to really invest in the underlying data pipelines and all the data infrastructure that comes with that,” he said.
The role of open source
On open source, all three leaders landed on a similar instinct: own what you can, and lean on frontier labs only where they still have a clear edge.
Ghoche said his own view is that most enterprises would prefer to own their models and infrastructure wherever that’s possible, and that reasoning is what drives Zendesk’s own approach. The exception is frontier reasoning work, where the labs still lead, though he said that slice of use cases is shrinking relative to everything else enterprises now do with AI.
Advertisement
LinkedIn’s answer was to build two subsystems specifically for independence. The first is what the company calls an AI gateway, a single interface that every outbound call to a model runs through regardless of provider. The second component is a memory subsystem built to hold context independent of any model provider.
“Every single outbound call going to an LLM, whether it’s on a public cloud or on-prem in our own data centers, follows the same semantics, the same API calls. We can quickly switch between different providers,” Singh said.
Walmart built its own internal gateway to stay vendor agnostic across three workload types: fully deterministic workflows, planner-and-reasoner workflows for open-ended tasks, and a hybrid of the two. Compliance-heavy work stays deterministic by design; governance, security and evaluation run through the gateway regardless of which model is on the other end. Gosby said the choice between a frontier model and an open-weight model comes down to whichever is most effective for the specific workload, not a fixed policy.
Advice for the modernization journey
Three pieces of advice came up directly, each tied to the wall a leader had already hit.
Advertisement
Invest in evals before anything else. Ghoche called it the thing common to every use case, internal or customer facing.
“The thing that’s common to all of these is evals. It’ll force you to break the problem down, and once you have a robust set of evals, you can move a lot faster,” he said,
Own your agent harness from day one. Gosby’s advice was to put the AI harness directly in employees’ hands early, paired with the infrastructure to monitor what it produces.
“It will unlock a huge amount of innovation,” she said.
Advertisement
Build for model and context independence. Ensuring flexibility is critical for success.
“Build for independence, whether it’s a frontier model of today versus an open source model of tomorrow,” Singh said. “Keep that context within your enterprise so that you can reuse it when you ship the model or the harness tomorrow,” Singh said.
Keri Rodrigues, a mother of five boys, knows the value of screens.
For her boys, four of whom receive school accommodations, screens serve a practical purpose at school.
“When you get a kid who’s got [a learning plan] for anxiety and a substitute teacher that hasn’t read his 504 [plan] and there’s nobody there to de-escalate him, he’s got to use his phone to call mom so I can FaceTime with him and do a breathing exercise,” Rodrigues says.
But this use of screens bumps against a new concern. Fueled by distress over the mental health impacts of too much screen time, lawmakers have begun to pass device bans and other restrictions for schools, in a rising “techlash” across state capitols.
Advertisement
“We’ve got to make sure we’re not stomping on kids that are actually utilizing these devices for really important reasons.”Keri Rodrigues, president of National Parents Union.
Now, as the country wrestles with restricting screens, some parents and disability advocates are beginning to express concerns about whether students who rely on accessibility tools are being excluded from the rulemaking process. Some of these advocates say they agree that new tech restrictions are necessary, but they are calling for careful consideration in how these rules are written.
Many neurodiverse students need assistive technologies for learning, and it’s common for digital tools to be prescribed in the plans schools use for these students. Assistive technologies support functional and social needs for these students’ daily lives, argued Sambhavi Chandrashekar, global accessibility lead for D2L, an online learning platform, in a series of emails to EdSurge.
Chandrashekar and others worry that lawmakers aren’t consulting families with neurodiverse students enough when crafting new restrictions, and that screen time laws could impinge on accessibility tools. They worry that the gains these students have made are becoming swept up in larger political battles.
Advertisement
Advocates are calling for a proactive approach to avoid potential problems down the road, and EdSurge has not yet found an example of a student blocked from using an assistive device because of these new bans.
Students with ADHD might use screens for reminders, alarms, timers, or even medical alerts, says Rodrigues, the mom. Students with autism use it for self-regulation, and students with anxiety, epilepsy, asthma, or vision and hearing differences rely on specific accessibility features on their phones. One of her own sons, a senior in high school, uses a meditation app to de-escalate, she says.
NEWSLETTERS
STAY AHEAD IN EDUCATION.
Sign up for EdSurge newsletters for timely news, insights and analysis.
Advertisement
In her position as president of the advocacy group National Parents Union, Rodrigues wants caution from lawmakers. The new legislation is “really well intended,” she says. But: “We’ve got to make sure we’re not stomping on kids that are actually utilizing these devices for really important reasons.”
“Phones aren’t just toys for kids,” Rodigues says.
Inclusion as the Norm
Disability laws such as the Individual with Disabilities Education Act guarantee students the right to assistive technologies, sometimes including screens.
But the new restrictions occur at a particularly tense time for these families.
Advertisement
Mass firings and funding cuts under the Trump administration have cast doubt on the reliability of federal civil rights protections and processes, some argue, leading to an increase in accessibility-related lawsuits, as families look to protect their rights. For instance, according to a nonpartisan government watchdog report, the Trump administration’s cuts to the office which reviews civil rights complaints contributed to a 90 percent dismissal of student civil rights complaints in the later months of 2025.
Recently, the U.S. Department of Justice delayed a long-anticipated deadline that required schools and vendors to meet widely accepted accessibility guidelines, after it became clear that schools and governments were not ready.
And advocates have already called attention to bills that would subject students with disabilities to surveillance cameras in classrooms, in the hopes of curbing physical restrains against these students, as EdSurge has reported.
‘Unintentional Segregation’
As for the latest screen restrictions, many of the bills note that they do not apply to students with disabilities under law. For example, laws from Alabama and Tennessee carve out blanket exemptions for students with disability plans. And Tennessee’s bill also includes an explicit exception for literacy and dyslexia screenings.
Advertisement
Still, advocates are concerned.
Local and regional policies can limit access to tools like screen readers and predictive text software even if they don’t mean to, argues Andrew Kahn, an associate director for Understood, a support organization for people with learning differences. But these tools can be necessary for those students to keep up in class. It’s not obvious to everyone that these tools can help students, even some who don’t have formal plans, Kahn says.
Typically, when these rules mention students with disabilities, they will exclude anyone covered by disability law, says Lindsay Jones, CEO of CAST, a nonprofit focused on assistive technology and learning. But they are still relying on local school districts or other agencies within the state to provide guidance about how to implement the law, she adds.
Without sufficient guidance, a concern is that teachers might become uncomfortable working with students who need screens for accessibility reasons and might restrict these tools because of that, Jones says. For instance, advocates fear that a teacher, wary of breaking the new law, might tell a student not to use a screen, even though it was prescribed by an individualized education program, or IEP.
Advertisement
“It’s not typical that a student [with disabilities] is sitting alone at a screen, which I think is what seems to be driving much of the concern,” Jones says.
But even if students with disabilities aren’t prevented from using the screens, there’s unease about whether these new rules will contribute to shaming or separation.
Reading some of these laws without guidance, it’s unclear how to implement them without banning screens in the classroom, Jones says. In order to follow these rules, it’s possible that students who are exempt from the bans could be moved into another room, she worries.
“That’s immediately going to bring — or raises our concerns about — stigma for these kids,” Jones says. “One of the beautiful things is when technology is built into systems that we’re all using, and we can use them together, and it reduces the feeling that you’re separate and different in a way that can be especially harmful.”
Advertisement
It’s an apprehension that others in the space share.
“You would be restricting [students with disabilities] because the access to technology is creating that stigma and that segregation,” says Kahn of Understood. “Anything that leads to difference between kids, that accentuates and magnifies, has the really strong potential to further stigmatize and make these kids feel singled out.”
Education should always take place in the least restrictive environment possible, he adds.
Rodrigues says that she and other parents also worry about whether students will become reluctant to use their disability tools because of the stigma. “Kids might actually choose to suffer rather than being singled out socially,” she says.
Advertisement
But ultimately, for some proponents of accessibility tech, the disquiet is largely about who gets consulted for new rules and how they get enforced.
It’s not that these restrictions shouldn’t be pursued, but that families of students with disabilities should be more thoroughly included in the rulemaking process, these advocates argue.
“Parents with children who have a disability must have a seat at the table,” Chandrashekar wrote: “Blanket rules that are blind to fundamental human differences will do more disservice than good to students at the margins.”
Following the reports last week using the Windows Global Device ID (GDID) in tracking a malware operators behavior, here is a comprehensive write-up about what goes into the GDID and how it is used. It’s worth noting that the GDID itself was not used to catch the malware operator, however once a suspect was identified, the GDID was used to correlate behavior across various Microsoft products on the Internet.
The GDID is generated and assigned during a Windows install, but a re-install of Windows will generate a new GDID. Developer [SmtimesIWndr] tracks the generation and tracking of the GDID through the various Windows libraries and services, identifying where it appears to be created and how it is passed to other services like Azure.
Worth noting is your GDID is a unique, personally identifiable piece of information; if you go exploring and extract it from your Windows install, be sure to keep it private!
LAME mp3 updates
Those of us who were around for the dawn of MP3 files may remember the LAME encoder and library. After almost 10 years, there is a new LAME release.
Advertisement
Notably, this includes two security fixes, one for a stack buffer overflow based on malicious input to the Blade encoder, and an integer underflow in the AIFF header parser. Both of the fixed bugs feel very old-school, which seems appropriate given the age of the library and most of the related code.
Buffer overflows impacting the stack are some of the simplest and most direct forms of vulnerabilities, where it is possible to write past the end of a buffer and control how the function returns and instead execute arbitrary code. Integer under-flows, similarly, impact memory management; usually caused by allowing a variable that stores the size of a buffer to go negative. Since sizes are typically unsigned positive numbers, a negative is interpreted as an enormous positive number, writing past the proper buffer length.
Despite the new findings, the LAME codebase has been extremely resilient over the years, and considering the number of programs that likely still use LAME under the covers to process audio, seeing the project wake up with security fixes is great news.
Recovering Passwords from BIOS
Researchers have found a vulnerability in Dell BIOS code that allows extraction of the administrator password from the BIOS flash chips, either with physical access via a flash programmer, or via administrator or root level access to the operating system and reading the contents of the flash chip.
Advertisement
Dell used a 20 byte key to encrypt a 32 byte password field: for any admin password of 12 characters or fewer, the password is stored in completely plaintext. For longer passwords, characters beyond the first 12 are encrypted – but the random bytes are computed from the first character of the password mixed with fixed device data, yielding only 256 possible encryption seeds for the remaining bytes.
Using the BIOS admin password for evil requires local access, so the attack surface is small, however as the researchers note it controls the boot order and may allow an attacker with physical access to then boot an unsigned OS or bypass full-disk encryption, so it’s serious.
Patch Tuesday Crushes Records
Last month, Microsoft broke records for the number of security fixes in the June monthly Patch Tuesday roundup. This month, Microsoft broke records for the number of security fixes in the July monthly Patch Tuesday roundup.
This month includes a record 60 plus patches for critical vulnerabilities in Windows, as well as fixes for previous Bitlocker bypasses, and an AI prompt injection which could allow web sites to trigger Copilot in Microsoft Edge on Android and execute arbitrary prompts. Another bug patched this month allowed privilege escalation and code execution over DHCP, potentially impacting all Windows installs on the same physical network or public hotspot.
Advertisement
Microsoft credits AI assisted tooling with the record-breaking number of bugs discovered, and indicates it’s unlikely to slow down next month.
LegacyHive Windows Vulnerability
It’s a week with a Patch Tuesday, which now seems to mean it’s a week with a new exploit from NightmadeEclipse, the researcher who previously made news for being quite upset with the responses from the Microsoft security group. After then creating a public outcry by threatening prosecution, Microsoft recently has seemed simply to be fixing bugs disclosed by NightmareEclipse in the next series of security updates.
This month, we have LegacyHive, an exploit which allows loading the “hive”, or collection of registry settings and configuration files, of another user. The Windows registry is typically used to store preferences, settings, auto-launched applications, and other important settings, so being able to access other users registry groups seems significant.
Fairlife Dairy Suspends Production
Fairlife Dairy, owned by Coca-Cola, has suspended US operations due to a ransomware attack. Filings with the SEC simply say that production facilities are impacted and will be temporarily suspended, with no estimate as to when they will be restored.
Advertisement
Typically when a food-processing facility goes offline, the delays for restoring service can be significant due to the sanitization requirements.
CPAN and Perl April Task Force
The April Task Force has been announced (yes, in July) with a focus on enhancing the security posture of Perl and the CPAN library.
Given the absolute havoc wreaked on the NPM and PyPi repositories in 2026, proactive measures to protect other repositories seem prudent. Funded by the Perl and Raku Foundation and the Linux Foundation, the April Task Force will be focused on supply chain security, vulnerability patching, and processing reported vulnerabilities and CVEs.
Perl may not be the juggernaut language it once was, but it’s still used widely, so any preventative measures are good news.
Advertisement
Secure Boot vulnerable
Researchers from ESET enumerated 11 boot loaders signed by Microsoft that can be used to bypass secure boot protections and execute arbitrary code.
Secure Boot was designed to only boot code signed by trusted organizations (in this case, Microsoft). Those of us running Linux typically know it as “the option in the BIOS to turn off to get a kernel to run properly”, but for corporate fleets, Secure Boot protections help protect disk encryption and prevent malware installs.
During boot, a Secure Boot protected system validates the code it is about to launch to ensure it is signed by a trusted organization, establishing a chain of trust where each component then validates the next before launching. Often, to enable other tools or Linux distributions to boot, a “shim” boot loader is created and signed by an organization trusted by the UEFI install, which then loads and validates the actual boot loader or kernel.
Over the years, many such shims have been signed, but updates have lagged and security vulnerabilities have been found. Even unused old boot loader code remains signed and viable, allowing attackers to replace a modern version with a vulnerable, still valid, old version.
Advertisement
Microsoft has removed several of the vulnerable boot loaders via recent Windows patches, however systems that are not updated and systems that do not run Windows will still likely be vulnerable.
As one fourth grader peers over the top of a 300-foot-tall wind turbine, a classmate stands next to surgeons operating in an emergency room. Nearby, another fourth grader shuffles through an autobody shop.
They are not visiting high-risk job sites, at least not in real life.
These experiences are the result of a series of investments into virtual reality in North Dakota.
The state hopes that putting VR headsets with career-focused software in classrooms will eventually boost local employment. While many schools across the country are looking to limit screen time, North Dakota is pushing for increasingly younger students to use these digital tools.
Advertisement
Because North Dakota is largely rural, students’ face significant travel hurdles to visit job sites that could be several hours away, says Mackenzie Tadych, director of Northern Cass School’s college career and readiness program.
The VR investment “was an attempt to engage students at an earlier age and develop an awareness of [the careers] the state has to offer,” says Wayde Sick, state director for the Department of Career and Technical Education. “This is the first glance to show what is out there without throwing a bunch of students on a bus where you drive two hours for a field trip and two hours back.”
Tech to Supplement Lower Resourced Areas
In North Dakota, the virtual reality program works directly with employers in the state in an effort to bring awareness to careers and fields students may be unfamiliar with or have misconceptions about, such as manufacturing.
The statewide program first started in 2023, after the North Dakota state legislature passed a bill that allotted a half-million dollars to the state’s Department of Career and Technical Education to purchase virtual reality headsets that would be used by middle and high schools. Late last year, that was expanded to all elementary schools in the state.
Advertisement
While more traditional career exploration modes – like career aptitude tests – are still used, VR is a way for more children to literally visualize potential new careers. The initiative, which is an expansion on the RUReady ND career exploration program, offers 118 different modules for students through Fargo-based CareerViewXR.
NEWSLETTERS
STAY AHEAD IN EDUCATION.
Sign up for EdSurge newsletters for timely news, insights and analysis.
Ann Pollert, a career exploration coach, has a mobile van that visits schools at every level throughout six counties in the northeastern part of the state. Her bus is outfitted with seven headsets and she works on average with five students at a time, helping find their interests and guiding them through the modules.
Advertisement
“I would go into classroom after classroom and give a 50-minute spiel, but they had no visual,” Pollert, a former diesel technician recruiter, says. “With this, I could take it to the school and show those kids what it means to replace an excavator. It helps me identify the students I need to further encourage.”
add caption here
She says the headsets as a whole are not meant to replace guidance or career counselors, particularly in high schools. As those counselors find themselves with increasingly higher workloads and less time, this is seen as a supplement.
“We still need career counselors, work-based learning counselors and great teachers that notice something about a student, saying, ‘You would be good at this,’” Pollert says, adding that some smaller schools do not have the resources for those counselors. “It’s everything together to make it work. It’s not the van that’s solving the problem.”
Advertisement
So, is it working?
Future Tech — And Potential
Sick, the state director, says it’s too early to measure the impact of these programs, including whether it’s increased the number of students staying in the state to work post-graduation.
Most of the efforts are focused on students who have yet to graduate high school, he points out. But he does believe this program serves as a starting place for younger students to explore their interests at an early age.
“In my eyes, this content is most important for elementary and middle school-aged kids, so the high school students have seen those experiences, have an idea of what they want to pursue and can do so in a series of courses based on what they have seen in virtual reality as a fifth or sixth grader,” he says.
Advertisement
Students in North Dakota can explore lesser known careers, like veterinary technician and manufacturing engineer, in the new initiative.
Provided/CareerViewXR
Sometimes in VR, the students find what they dislike.
Tadych, of Northern Cass School, recalls a student vehemently reacting to a virtual reality module that placed them in a high-stress operating room.
“It’s just as beneficial being able to find what you don’t want to do,” she says, adding that the district also requires students to job shadow before graduation, following around professionals as they go through their work day.
Advertisement
And as the VR experiences get more lifelike, students will get more useful information about possible careers.
For example, Sick believes the technology could evolve down the road to include augmented reality, where students would be able to more fully interact with their environment. He believes the interactions will not only alert children of more local career opportunities, but keep them in the state upon graduating.
“We’re a rural state, and my goal is to make sure every student has the best experience they [can] have, to find what they should become, and try to help them figure it out sooner,” he says. He adds that the only way to do that is to provide a rich variety of experiences that start at the elementary level.
Lauren Coffey (@Lauren__Coffey) is a reporter at EdSurge covering early childhood education and technology at the K-12 level.
A vulnerability dubbed HollowByte allows unauthenticated attackers to trigger a denial-of-service (DoS) condition on OpenSSL servers with a malicious payload of just 11 bytes.
The OpenSSL team has silently fixed the vulnerability (no identifier assigned) and backported the patch to older releases.
Because the OpenSSL software is the foundational backbone for secure internet communication, organizations should prioritize switching to a fixed version of the library.
HollowByte details
In an advisory earlier this week, Okta’s Red Team described how the HollowByte DoS vulnerability works and its impact in a real-world scenario.
The researchers explain that in a TLS handshake, each message has a 4-byte header for declaring the size of the incoming message. However, vulnerable OpenSSL versions allocate the declared length before receiving the payload and checking its size.
Advertisement
Every TLS handshake message begins with a 4-byte handshake header, where a three-byte length field discloses the size of the handshake data that should follow.
Without validating the payload, the server trusts the packet’s claims and allocates the indicated memory. “The worker thread then blocks, waiting indefinitely for data that will never arrive,” Okta explains.
An unauthenticated attacker can trigger HollowByte by opening a TLS connection and sending an 11-byte malicious input with a header declaring that a much larger message body will follow.
The attacker repeats the same process across multiple connections, causing the server to allocate considerable amounts of memory via a relatively small volume of transmitted data.
Advertisement
Okta researchers note that while OpenSSL frees the buffers when a connection drops, the GNU C Library (glibc) has a different way to handle memory and “does not immediately return small-to-medium allocations to the operating system; it keeps them for potential reuse.”
“By launching waves of connections with randomized claimed sizes, an attacker prevents the allocator from reusing those freed chunks,” Okta says.
“The heap fragments heavily, causing the server’s Resident Set Size (RSS) to climb continuously. Even after the attacker disconnects, the server remains permanently bloated.”
The only way to fully reclaim the space is by restarting the process.
Advertisement
Impact and fixes
The open-source OpenSSL library is embedded in popular software projects such as NGINX and Apache web servers, language runtimes (e.g., Node.js, Python, Ruby, PHP), and databases (MySQL, PostgreSQL). It comes pre-installed on most Linux distributions for TLS encryption and certificate handling.
In Okta’s tests on NGINX showed that low-capacity environments can be easily depleted of memory using HollowByte, while higher-spec servers may lose up to 25% of their memory while the attack bandwidth remains below security alerting thresholds.
Although DoS flaws are considered less severe than vulnerabilities that enable data theft or code execution, they can cause operational disruptions and reputational damage.
The HollowByte DoS issue has been fixed in OpenSSL 4.0.1 and backported to versions 3.6.3, 3.5.7, 3.4.6, and 3.0.21, which now grow the buffer only when the data arrives, ignoring header claims.
Advertisement
Despite being addressed as a “hardening fix” and not a security vulnerability, Okta recommends “upgrading your distribution’s OpenSSL packages immediately.”
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
And what to expect in Firefox 153 as the next ESR release gets close
Firefox releases will soon get even closer together – but not ESR ones, which remain annual, with the next one due out soon. The change was announced last week on the dev-platform@mozilla.org mailing list by Mozilla’s director of engineering Sylvestre Ledru:
“We are planning to move Firefox Desktop and Android from a 4-week release cadence to a 2-week release cadence starting in September 2026.
Advertisement
“This will be an experiment… This does not mean that all work needs to ship twice as fast. Work that is not ready should not be rushed, and features can still take the time they need to bake.
“The current target is to release Firefox 155 on September 1, 2026, instead of September 15 …
“We will closely monitor how this change works in practice and adjust if needed.”
The change is already visible in the upcoming Firefox Release Calendar. At the time of writing, it shows the current four-week cadence for Firefox 153 and 154, with Firefox 155 brought forward to September 1. From then on, it lists releases at roughly two-week intervals.
In the meantime, Firefox 153 is nearly here: at the time of writing, it’s scheduled for Tuesday, July 21. Right now, the release notes are blank, but the beta release notes are more forthcoming.
You can look forward to further improvements to PDF editing. Version 153 will be able to merge multiple PDF documents into one by a simple drag-and-drop in the PDF sidebar, and insert images into PDFs as new pages. It will also improve highlighting text in PDFs.
The new version can generate QR codes for sharing web pages offline, such as in printed documents. It can verify and display the EU’s new Qualified Website Authentication Certificates, or QWACs for short. These are part of the new eIDAS legislation, which is a slightly convoluted acronym for “electronic IDentification, Authentication and trust Services”. Sounds cumbersome, but if it helps make the Wild West of the Web a bit safer, we’re all for it. Another security tweak is that extensions will lose local-file access by default. As we use one that relies on it – the excellent Multithreaded Download Manager – that’s slightly concerning, although users will be able to grant the permission separately, so we’ll see.
Advertisement
If a tab is using your location, Firefox 153 will highlight this with a map-pin icon in the address bar. The last release could recognize a few keywords in the address bar to mute all sound: this function will get extended, with typed commands for picking colors from pages, and accessing experimental “Labs” features. Come back, Ubuntu Unity and your HUD, all is forgiven.
There’s also experimental JPEG XL support. Pop-up video player controls will work better, and if you use Windows and have a compatible GPU and drivers, 153 will play HDR video. On macOS, Firefox supports the Fn+F keystroke for switching to full-screen mode – which means KeyboardControls.com has to update its description of the function.
Firefox 153 will also be a significant release, because it will be the next ESR version: it will get security updates for at least 15 months, meaning until late 2027. (And maybe longer: Firefox 115 is still getting updates, and now will until March 2027.)
The FBI arrested a Florida man accused of uploading fake Steam games containing malware that stole passwords, data, and cryptocurrency wallet credentials from victims. Prosecutors say the scheme infected about 8,000 people, compromised roughly 80 crypto wallets, and stole at least $220,000 through games that appeared legitimate but secretly carried malware. TechCrunch reports: On Tuesday, the FBI arrested Zyaire Wilkins, a 21-year-old Florida resident and student. On Wednesday, prosecutors accused him and a number of unnamed co-conspirators of hacking crimes. Over the past two years, Wilkins and his partners allegedly published several malware-laden video games on Steam, including BlockBlasters, Dashverse, Lampy, Lunara, and PirateFi. Using that malware, says the FBI, Wilkins and his accomplices infected around 8,000 victims, and then hacked around 80 cryptocurrency wallets to steal at least $220,000 worth of crypto. Wilkins and the others marketed their malicious video games on Discord, LinkedIn, and Telegram, according to the authorities.
[…] After the FBI identified another person involved in the crimes, according to the complaint, federal agents interviewed them. The unnamed person said they worked with other people to raise money to launch and market the malicious games in return for sharing some of the stolen cryptocurrency. The FBI identified a specific crypto account involved in the scheme, and then traced cryptocurrency payments made with that account to buy several gift cards, including for UberEats. After subpoenaing Uber, the feds were able to see that the gift cards were linked to an account that made deliveries to Wilkins, who went by the nickname Sibel.eth online, according to the complaint. The feds then got a search warrant for Wilkins’ residence, where they seized his MacBook laptop, cellphones, other devices, and digital wallets. According to the complaint, he refused to speak or answer any questions.
The petition was delivered by leaders of the Alphabet Workers Union to Sundar Pichai’s office at Google’s California headquarters.
More than 4,500 Google employees have signed a petition calling for layoff protections, as sweeping workforce cuts continue to hit the tech industry.
The petition was brought to Google’s California headquarters yesterday (16 July) by leaders of the Alphabet Workers Union, with union president Parul Koul delivering it to Google CEO Sundar Pichai’s office.
Koul, a software engineer at the tech giant, reportedly left the petition with a staff member who committed to deliver it to Pichai, while more than 100 Google employees rallied outside. Koul stated that upon delivering the petition, the group was “greeted with closed doors and no response for the most part”.
Advertisement
“We are demanding that Google workers have the conditions and the security to do their best work, where they can actually bring new ideas and innovations to life instead of working in an environment driven by fear, where you might be pit against your colleagues or every day you’re not sure how much longer you will have this job,” said Koul at the demonstration outside Google’s headquarters, according to San Francisco’s ABC7 News.
According to The Guardian, the union-led petition calls for guaranteed severance, buyouts before mandatory layoffs in all product areas and the option to take severance as extended paid leave.
Union members have also asked to end performance ratings, which they say are based on achieving quotas rather than on merit.
The petition comes as scores of layoff decisions continue to affect thousands of tech workers across the industry, with a significant number of cuts being announced in 2026 alone.
Advertisement
Since the start of the year, companies including Meta, Microsoft (as well as its gaming division Xbox), Amazon, LinkedIn, GitLab, Cloudflare, Coinbase, eBay, Oracle, Snapchat, Epic Games, Atlassian and Block have all laid off scores of employees – as many of the same companies ramp up expenditure on AI around the same time. Some companies, such as Block and Atlassian, have also explicitly stated that their decision to cut jobs was directly linked to their increased focus on AI.
Google has also reportedly been quietly laying off employees this year, with the company recently cutting roles from its Google Cloud division, according to Business Insider. One source reportedly told the publication that Google cited “the need to reinvest in growth areas, such as AI”, to justify the cuts.
The tech giant also reportedly laid off more than one-third of managers overseeing small teams between August 2024 and August 2025, according to CNBC.
Commenting on the Alphabet Workers Union petition and the wider trend of layoffs in favour of AI, Rebecca Hinds, head of the Work AI Institute at Glean, told SiliconRepublic.com that business leaders need to adjust their view on AI in regards to workforce reductions.
Advertisement
“Leaders should stop asking how many roles AI can remove and start asking how work should be redesigned – what AI should do, what humans must continue to own and how the productivity gains will be reinvested in people,” she said.
“Companies that use AI only as a headcount lever may cut costs in the short term, but they will also hollow out the skills and institutional knowledge they need to compete.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
The U.S. Surgeon General’s office issued a warning yesterday about the harms of extended uses of screens on children, raising concerns about its impact on academic performance, physical health and mental well-being.
The advisory follows a contentious debate over screen time that has been fraught in recent years as schools that implemented 1-to-1 device ratios amid the pandemic now struggle with student attention, behavioral and mental health issues that took root around the same time.
The latest advisory urges kids to pursue — and for the adults in their lives to encourage — a “broader world, beyond the confines of screens,” Health and Human Services Secretary Robert F. Kennedy Jr. said in an opening letter. The role of U.S. surgeon general has been vacant since January 2025, but the advisory was issued by a committee led by Kennedy Jr.
The report encapsulates what researchers and education experts have been long saying: Excessive time in front of devices like smartphones and tablets can worsen mental health and academic outcomes for students.
Advertisement
The American Academy of Pediatrics took a more nuanced approach to a similar report it released, Whitney Raglin Bignall, associate clinical director of The Kids Mental Health Foundation, tells EdSurge. Researchers rolled back their specific limits on screen time in favor of “family media plans” that set boundaries for media consumption.
The Surgeon General’s advisory calls on schools to implement plans that many districts are already adopting or considering: bell-to-bell cellphone bans, or bans that do not allow the use of phones during the entirety of the school day, including passing periods and lunchtime. It also proposes screen time limits. The advisory specifies that screen time limit exceptions should be made for students who have individualized education programs or other needs for assistive devices — something about which disability advocates have expressed worry.
It also urges schools to teach digital citizenship and digital literacy along with offering students social and physical activities that don’t involve screens.
The report hits back against tech companies, like those that recently lost a California civil case over social media addiction. They were called by the advisory to eschew designing their apps for engagement in favor of user well-being by incorporating warnings about harmful screen use every time a user opens the app. The advisory also calls for tech companies to encourage children to socialize with friends and play outside, and get rid of features like recommendation algorithms and notifications.
Advertisement
Correlation, Not Causation
Raglin Bignall, associate clinical director of The Kids Mental Health Foundation, cautions that while research has found a correlation between screen time and poor mental health, there’s not yet cause-and-effect evidence.
NEWSLETTERS
STAY AHEAD IN EDUCATION.
Sign up for EdSurge newsletters for timely news, insights and analysis.
“There might be kids who need less [screen time], or those who are doing lots of different types of things with that content that’s interactive that is not harmful,” Raglin Bignall says. “Nevertheless, it should be monitored. By doing that, we make sure that we’re not doing too much [with screens], and that whatever we are doing is beneficial.”
Advertisement
Teachers might notice students being distracted, not listening, being irritable or having a hard time being away from screens, Raglin Bignall says. Fatigue or lack of sleep among students may also be signs of too much screen time. She adds that screen time should especially be monitored for children who have attention or hyperactivity disorders.
Not all screen time or content is equal, Raglin Bignall says. Teachers don’t need to rush to boot quality, evidence-based education apps from their lesson plans.
The warning calls attention to harmful online behaviors like bullying and gambling. The content children encounter on these platforms can encourage risky behaviors like self-harm and substance use, the advisory claims, or put them in the path of exploitative strangers.
Advertisement
In general, good content is educational, slow-paced and isn’t trying to market any products, Raglin Bignall says. Adults should pay special attention to what teens and tweens are seeing online, as those who struggle with confidence could be particularly vulnerable to harmful content like accounts that promote eating disorders.
“I wouldn’t want to make it seem that all screen time is bad,” Raglin Bignall says. “I often recommend co-watching with adults during those younger ages. As kids get older, it’s still important for adults to monitor the level of content and what is being offered to them.”
Nadia Tamez-Robledo (@nadiatamezr) is a reporter covering K-12 education for EdSurge with focuses on student and teacher mental health and changing demographics. You can reach her at ntamez-robledo [at] iste [dot] org
Tesla surprised owners and enthusiasts this morning when it added a new item to its online store. A balance bike designed for children aged two to five debuted unexpectedly. There is no battery, motor, or pedals, just a lightweight frame and two wheels intended to teach young riders the most important skill on two wheels.
The bike’s frame is made of magnesium, which keeps the overall weight low enough for even the tiniest children to handle. The white finish is appealing, and the black accents on the seat and other elements complement it well. The Tesla logo runs along the side, while the T logo is clearly displayed in the front for all to see. You may also move the seat to one of five different locations as your youngster grows taller. This bike is designed for children, with a minimum leg length of 13.7 inches and a maximum weight capacity of 77 pounds.
STURDY AND SAFE- What you think for your kids is what SEREED toddler balance bike have. Wide and tough carbon steel frame, supports up to 110 lbs…
GROW WITH KIDS- Equipped with quick-release mechanism, parents can adjust the seat height(12.6-17.1inch) and handlebars height(19.6-22.5inch) without…
WHY YOU NEED IT?- With the no pedals bicycle, child will learn balance and steering, boost self-confidence, which makes transitioning to a pedal bike…
Kids use the bike as intended, by sitting on the seat and pushing off the ground with their feet. They can cruise at their own pace, and as their confidence grows, they can try lifting both feet off the ground and gliding. The low center of gravity and broad handlebar make it seem very stable from the first ride; no training wheels are required, and there are no sophisticated brakes to worry about; and the greatest thing is that parents may accompany them the entire time.
The bike itself costs $225, which is quite expensive, but keep in mind that it is a luxury product made of premium materials such as magnesium. Other manufactures provide similar bikes for roughly the same price, but their magnesium versions are a step above in terms of appearance and feel. You’ll get a set of tools to assist you put everything together, and most families can have it up and running in under an hour. The bike was in high demand; the listing sold out in a matter of hours, and new orders will not be shipped until late August, when they are back in stock. If you live in Canada, be prepared to pay a little extra, around $310, but the specifications don’t change.
This isn’t the first time Tesla has dabbled in children’s products, having previously collaborated on a Cyberquad ATV and a toy Model Y radio flyer, but this time they’ve gone for something a little more low-key, as the bike is pretty basic, just getting kids riding and having fun without all of the bells and whistles.
You must be logged in to post a comment Login