Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
A vulnerability dubbed HollowByte allows unauthenticated attackers to trigger a denial-of-service (DoS) condition on OpenSSL servers with a malicious payload of just 11 bytes.
The OpenSSL team has silently fixed the vulnerability (no identifier assigned) and backported the patch to older releases.
Because the OpenSSL software is the foundational backbone for secure internet communication, organizations should prioritize switching to a fixed version of the library.
In an advisory earlier this week, Okta’s Red Team described how the HollowByte DoS vulnerability works and its impact in a real-world scenario.
The researchers explain that in a TLS handshake, each message has a 4-byte header for declaring the size of the incoming message. However, vulnerable OpenSSL versions allocate the declared length before receiving the payload and checking its size.
Every TLS handshake message begins with a 4-byte handshake header, where a three-byte length field discloses the size of the handshake data that should follow.
Without validating the payload, the server trusts the packet’s claims and allocates the indicated memory. “The worker thread then blocks, waiting indefinitely for data that will never arrive,” Okta explains.
An unauthenticated attacker can trigger HollowByte by opening a TLS connection and sending an 11-byte malicious input with a header declaring that a much larger message body will follow.
The attacker repeats the same process across multiple connections, causing the server to allocate considerable amounts of memory via a relatively small volume of transmitted data.
Okta researchers note that while OpenSSL frees the buffers when a connection drops, the GNU C Library (glibc) has a different way to handle memory and “does not immediately return small-to-medium allocations to the operating system; it keeps them for potential reuse.”
“By launching waves of connections with randomized claimed sizes, an attacker prevents the allocator from reusing those freed chunks,” Okta says.
“The heap fragments heavily, causing the server’s Resident Set Size (RSS) to climb continuously. Even after the attacker disconnects, the server remains permanently bloated.”
The only way to fully reclaim the space is by restarting the process.
The open-source OpenSSL library is embedded in popular software projects such as NGINX and Apache web servers, language runtimes (e.g., Node.js, Python, Ruby, PHP), and databases (MySQL, PostgreSQL). It comes pre-installed on most Linux distributions for TLS encryption and certificate handling.
In Okta’s tests on NGINX showed that low-capacity environments can be easily depleted of memory using HollowByte, while higher-spec servers may lose up to 25% of their memory while the attack bandwidth remains below security alerting thresholds.
Although DoS flaws are considered less severe than vulnerabilities that enable data theft or code execution, they can cause operational disruptions and reputational damage.
The HollowByte DoS issue has been fixed in OpenSSL 4.0.1 and backported to versions 3.6.3, 3.5.7, 3.4.6, and 3.0.21, which now grow the buffer only when the data arrives, ignoring header claims.
Despite being addressed as a “hardening fix” and not a security vulnerability, Okta recommends “upgrading your distribution’s OpenSSL packages immediately.”
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
A glitch with Amazon Web Services’ billing operation led some customers to believe they owed the world’s fifth most valuable company billions of dollars. Oops!
Bill Radjewski, who runs CollegeFootballData.com, was one of the affected customers. This morning, he woke up to a jarring email alert from AWS: He had racked up more than $1.5 billion in usage fees, and his August 1 bill was on track to be upwards of $3 billion.
“I’ve had this account for 6+ years and in that time my monthly spend has never exceeded $0.02,” Radjewski tells WIRED. He shared screenshots of his three most recent monthly AWS invoices. They each came out to $0.01.
Based on replies to the AWS Support account on X, Radjewski is not alone. Others have received similarly shocking quotes: $22 billion; $75 billion; $110 billion. “Blud why did you hit me with a cost of 5 million USD what did I even do,” one user wrote. “Please explain man my heart will explode.”
When reached for comment, Amazon spokesperson Aisha Johnson referred WIRED to the AWS Service Health Dashboard. While it’s not clear exactly how many customers have been affected, the dashboard characterized the issue as “global.”
The dashboard also said that the billing console “began displaying incorrect estimated billing data” on Thursday, July 16 at 10:38 PM ET.
The company began investigating the issue about six hours later, per the dashboard, and concluded that the “root cause” of the error was “an issue with unit pricing within the estimated billing computation subsystem.” It did not specify what the issue was.
In subsequent updates, AWS said that it’s “rolling back a recent change to the billing computation subsystem,” and said it was attempting to revert to its “last known good estimated bill computation.” It also said it had “paused estimated billing computations.”
The issue should be resolved by this weekend, and “there are no customer actions required at this time,” the company wrote.
Ultimately, some customers have decided to post through it.
One Reddit user posted a screenshot of their current “Cost and usage overview” to the AWS subreddit, which showed that they had incurred $7.1 trillion in service fees since July 1—more than twice Amazon’s market cap.
VC Jeremy Levine has a wry solution to something that routinely annoys him, according to a new Wall Street Journal article on the rise of AI transcription apps. On Zoom, he is no longer “Jeremy Levine” but instead “Jeremy Levine I do not consent to transcribing or recording.”
It may sound petty or brilliant, depending on your point of view, but what’s clear is that always-on recording is becoming ubiquitous, thanks to a growing crop of AI note-taking apps and devices, many of which we’ve covered here at TechCrunch (we’ve even ranked some).
VC Eric Bahn tells the outlet he now automatically assumes his meetings with founders will be recorded, even before he sees a phone slide across a conference table. One founder tells the WSJ she records most of her first dates with the Granola app, then feeds the transcript to Claude afterward to see if she could be more “engaging or empathetic,” while also assessing who did most of the talking.
Levine calls the whole trend “socially unacceptable behavior” that can completely kill spontaneous conversations. Others in the piece note it’s a legal minefield.
But there’s another wrinkle: if every meeting, watercooler conversation, and romantic outing gets transcribed and summarized, who’s actually reading any of it? At what point does this audio landfill of every conversation stop being useful and just become another recording no one has time to play back?
Like many engineers, Sarah Downs says she knew she wanted to pursue a STEM career from a young age. As a teenager, she discovered robotics through her Tulsa, Okla., middle school’s First Lego League team, and she fell in love with the field, she says. Downs participated in the international robotics program from 2014 to 2016.
Watching PBS specials on NASA Mars rovers Spirit and Opportunity, and seeing the live broadcast of the Curiosity rover launch in 2011, inspired the teen to dream of a career working with NASA.
Sarah Downs
MEMBER GRADE
Graduate student member
UNIVERSITY
Texas A&M University in College Station
MAJOR
Electric engineering
This year the IEEE graduate student member achieved that dream. For her final project as a master’s degree candidate in electrical engineering at the University of Tulsa, she worked on an algorithm in collaboration with NASA and the U.S. Air Force.
The algorithm she developed enables a robot assembling satellites in space to insert an antenna into the correct spot, addressing robotics’s classic peg-in-hole problem of inserting an object into its corresponding hole.
Now a Ph.D. student in electrical engineering at Texas A&M University in College Station, Downs is continuing her research on satellite assembly and manipulation “but on a much larger scale,” she says.
Downs grew up in the Tulsa area. Her father, who died from a heart attack in 2015 when she was 13, was a safety advisor in the oil and gas industry. Her mother stayed home to take care of her brother, who has autism. After her father died, her mother went back to college to earn a bachelor’s degree in business so she could support the family.
“We didn’t have much income, and my mom was always worried about money,” Downs says. “That made me more aware of having a successful career, in a monetary sense.”
From then on, whenever she considered her future career, having a decent salary to support the family was high on her list.
By pursuing a career in robotics, she says, she can follow her passion while obtaining financial security.
In high school, Downs joined the First robotics club, where she found herself drawn to the electrical components used in the machines she and her classmates built.
During her final two years of high school, she participated in an extension program at Tulsa Tech, a training school. She spent half her day in high school classes and the other half taking engineering courses at the vocational school.
After graduating in 2020, she accepted scholarships to attend the University of Tulsa. She began her freshman year at UTulsa not knowing whether she wanted to major in electrical or mechanical engineering, she says, adding that her love of working with small systems helped her choose EE.
For her senior year capstone project, she and two of her classmates designed a lunar lander exhibit for the Tulsa Air and Space Museum. They created an interactive game that simulates missions on lunar and martian surfaces. Four celestial bodies—the moon, Venus, Mars, and Titan—are listed across three computer monitors. Using a game controller, museum visitors can explore the virtual surface of each one. The exhibit is still on display.
Downs earned her bachelor’s degree in electrical engineering in 2024 and continued her education at the university’s EE master’s degree program.
When Downs began her graduate studies, she was supposed to be part of a NASA robotics project for two years. But when a delay in government funding postponed the project’s start, she instead spent her first year in the school’s Institute for Robotics and Autonomy, then newly launched. Its main focus is developing robots to assist people who have mobility challenges.
Inspired by her grandmother, who was wheelchair-bound due to severe arthritis, Downs developed a robotic arm that helps older people and wheelchair users live independently. The arm was able to identify and place objects in the appropriate locations inside the home, such as unloading certain groceries from a shopping bag and placing them on a shelf or in separate containers.
Before the start of her sophomore year in 2025, the NASA project finally secured government funding. She developed a robot that achieves the peg-in-hole task without using any vision systems. Typically, cameras help guide robots’ satellite-assembly work. But in the harsh, remote environment of outer space, cameras might malfunction or encounter delays.
“Don’t stop asking questions. Especially in engineering, don’t pretend like you know everything, because science is about constantly wanting to learn and listen.”
Rather than using cameras, Downs’s robotic arm deploys a force-based insertion process to sense position and orientation of objects in the arm’s environment. The robot loosely grips an antenna and, with a torque sensor on its gripper, “feels” the force feedback of where the satellite and antenna are in relation to each other. The robot then guides the antenna assembly into a target opening on its satellite and maintains the position during adhesion.
Adding to the complexity, the robot performs its task in zero gravity.
“Without gravity, you now have to consider the arm’s reaction torques on the satellite to avoid flinging it into space,” Downs says. Any motion from the arm during the insertion process, especially from increased forces, could cause the satellite to continue movement in that direction.
To combat that, Downs is performing calculations for the project to direct targeted reverse thrusts and counter the force of the robot’s motions.
Her graduate project captures the simple yet complex nature of robotics that she finds fascinating, she says.
“I think robots are both more and also less complicated than people think,” she says. “Really, all you need to start programming a robot is its Denavit-Hartenberg parameters, and you can do a lot with that,” she says, referencing the four values used to describe the position and orientation of a robotic arm and manipulators. Even with different grippers and degrees of freedom, “fundamentally, all robot manipulators start there,” she says.
“But,” she adds, “we’re still learning so much about how robots interact with their environment. Even something simple to us, like manipulating a pen, is still incredibly complex for robots.”
Downs is completing her doctoral thesis in the Robotic Space Simulator project at Texas A&M’s Robotics and Automation Design (RAD) Lab, which specializes in developing machines that can survive in extreme environments. It collaborates with NASA.
Her thesis advisor is Robert Ambrose, a NASA veteran who launched the RAD Lab in 2022. The IEEE member is set to serve as associate director of the school’s Space Institute, due to open this year in Houston. The research facility is being built next to the Johnson Space Center.
After earning her Ph.D., Downs says, she hopes to one day work for NASA, developing rovers that collect samples from Mars or robotic arms that perform tasks on space stations.
To learn more about robots, check out IEEE Spectrum’s guide.
Downs joined IEEE in 2020 as a freshman at UTulsa to get more involved in electrical engineering events on campus. At the time, the COVID-19 pandemic kept clubs and organizations from meeting in person.
She was active in her school’s IEEE student branch and was elected as its 2022–2024 president. Under her leadership, the branch went from having a few events to hosting one every two weeks.
They included lunch-and-learn sessions and dinners that connected students with professional engineers and the university’s alumni. Downs also organized hands-on workshops on soldering, 3D printing, CAD modeling, and résumé-building.
Her efforts helped increase the branch’s executive board membership from roughly five students to 25 in 2023. The same year, her soldering workshop attracted about 80 students.
She says she enjoyed working with IEEE, especially “engaging with alumni and learning from engineers.”
IEEE is a great resource for networking opportunities, she says, noting that “during the COVID-19 pandemic, engineering students stayed in their bubbles.” IEEE events helped the students make connections that could serve them well, she says.
“Networking is very important, especially in today’s tough job market,” she says. “It’s a lot about who you know and how people observe your work ethic.”
Downs, who now serves as an IEEE graduate advisor for UTulsa’s student branch, says she has seen firsthand how the school’s student branch network has benefited its student members.
“A lot of them have found jobs” because of IEEE, she says.
From Your Site Articles
Related Articles Around the Web
Linus Torvalds says the Linux kernel will not ban AI-assisted coding tools, and if anti-AI absolutists have a problem with that, they can “fork it” or “walk away.” An anonymous reader quotes a report from Ars Technica: Writing in a lengthy post on the Linux kernel mailing list this week, Torvalds said that “Linux is not one of those anti-AI projects, and if somebody has issues with that, they can do the open-source thing and fork it. Or just walk away.” The statement came amid a lengthy thread arguing about the use of Sashiko, an “agentic Linux kernel code review system” that its creators claim can, in tests, independently find 53.6 percent of the bugs that would end up being fixed by human coders in later commits. But the tool can also waste maintainers’ time by sending “false positive” reports of bugs that don’t exist, at a rate Sashiko’s maintainers estimate is “well within [the] 20% range.”
In discussing whether maintainers should be subjected to a flood of these kinds of automated, AI-powered bug report emails (true or false), one poster cited the Software Freedom Conservancy’s recent statement that the open source community “should support, not just tolerate, those who outright reject LLM-gen-AI systems” and that “every FOSS contributor deserves self-determination regarding LLM-gen-AI.” In the face of that statement, Torvalds said that he rejects those who demand that their open source projects not accept any LLM-generated code or revisions. “We’re not forcing anybody to use [LLM tools], but I will very loudly ignore people who try to argue against other people from using it,” Torvalds said.
Torvalds said his position on this is a pragmatic one that’s “based on technical merit. Not fear of new tools.” And when it comes to utility, Torvalds said that “AI is a tool, just like other tools we use. And it’s clearly a useful one. It may not have been that ‘clearly’ even just a year ago, but it’s no longer in question today. Anybody who doubts that clearly hasn’t actually used it.” […] While Torvalds acknowledged that “AI isn’t perfect,” he urged detractors to compare the output of these tools to the performance of human code maintainers. “Anybody who points to the problems at AI had better be looking in the mirror and pointing at themselves at the same time,” Torvalds wrote. “Because it’s not like natural intelligence is always all that great either.”
SpotiSlop: Large language models and sophisticated audio-generation tools are disrupting the traditional music industry. Digital listening platforms such as Spotify have become prime targets for AI-powered spammers, but trade organizations are fighting back with new labeling programs.
Spotify’s Sam Duboff recently revealed that the platform was forced to remove 75 million AI-generated tracks in 2025 alone. As Spotify’s senior director and global head of marketing, policy, and music business, Duboff believes that AI has not introduced any entirely new tactics for spam operations. However, he also argues that generative AI and other machine learning technologies have taken audio spam to the next level.
Spotify now has systems designed to combat both AI-generated “slop” uploads and data scraping by companies seeking new content to train their generative AI models. Duboff confirmed that the company has a “big team” dedicated to identifying potential new attack vectors that could make life easier for spammers (or scraping bots).
The executive also provided several eye-opening figures highlighting the growing prevalence of AI-generated music on digital platforms. Every day, bots upload around 100,000 different “songs” to Spotify’s servers, and a large portion of these tracks are most likely “made” using generative AI services or custom LLM-based setups.

Duboff acknowledges that not every genAI track can simply be dismissed as slop. The 75 million songs removed last year were low-effort content with very little human creativity involved beyond a lazy chatbot prompt. However, “real” artists are increasingly using AI technology in their production workflows, blurring the lines between fake music and human-curated efforts.
Spotify is certainly embracing AI across its business these days. Earlier this year, co-CEO Gustav Söderström said that the company’s engineers are essentially allowing AI agents to handle much of their coding work. Spotify also said that AI tools approved by music labels are now fair game for creating remixes and covers that can then be sold on the platform.
Beyond Spotify’s growing pains with spammy tracks, generative AI is forcing the entire music industry to develop new solutions to the increasingly relevant AI slop problem. The International Federation of the Phonographic Industry, the RIAA, and other major trade organizations recently announced a “voluntary” program to properly label AI-generated music, giving listeners a clear indication when a song has been entirely created through a chatbot prompt. These labels should also identify “AI-assisted” music that was primarily created by human artists.
Apple has raised the monthly price of its Family and Premier Apple One bundles in the US. The Family plan now costs $27.95 per month, up from $25.95, while Premier has climbed from $37.95 to $39.95. Both plans are now $2 more expensive each month, adding another $24 to the annual bill. The Individual plan remains unchanged at $19.95 per month.
The increase arrives shortly after Apple raised subscription prices for Apple Music across its student, individual, and family plans. New AppleCare+ customers buying coverage for Macs and iPads have also been hit by higher prices recently.
Apple One Family includes Apple Music, Apple TV, Apple Arcade, and 200GB of iCloud+ storage. The services can be shared with up to five other family members.

The Premier plan includes the same services, alongside Apple News+, Apple Fitness+, and 2TB of iCloud+ storage.

Apple has not added any new services, storage, or other benefits to either bundle. Family subscribers will now spend $335.40 over a full year, while the Premier plan works out to $479.40 annually.
Apple has not explained why the two Apple One bundles have become more expensive. The company blamed its recent Apple Music increase on rising licensing costs, and the service is included in every Apple One plan. However, the unchanged Individual bundle suggests Apple Music is unlikely to be the only reason behind the latest adjustment.
The company has also raised AppleCare+ prices for new Mac and iPad customers by $0.50 per month or $5 per year. Those changes followed broader price increases across Apple’s Mac, iPad, Vision Pro, HomePod, and Apple TV lineups. Despite the price increases, Apple One still offers a discount compared to paying for every included service separately.
The European Commission on Thursday mandated that Google provide its competitors with greater access to AI capabilities on Android phones and to search data, saying the increased openness is needed to level the playing field in those areas.
The ruling stems from the European Union’s Digital Markets Act, which is designed to ensure that powerful tech companies, such as Google and Apple, can’t unfairly dominate markets through their size and their gatekeeping powers. In this case, the act requires Google to give third-party apps and services the same level of access to its software as it does for its own services.
“With today’s measures, we want to support innovation and diversity in the European Union, enabling fair competition in the markets of AI assistants for Android devices and search engines,” Henna Virkkunen, the Commission’s executive vice president for tech sovereignty, security and democracy, said in a statement. “Thanks to these measures we hope to see emerging alternatives to Google Search and Google’s AI services, such as Gemini, and that users in the EU can enjoy greater choice of services.”
Gemini AI has become inescapable in Google software and on Android devices. But AI assistants from other companies have had restricted access to key Android functions, which limits the kinds of services they can create and offer, putting them at an unfair disadvantage, according to the Commission. The new ruling would mean, for instance, that third-party AIs could be activated with a voice command similar to “Hey, Google” or could be delegated tasks such as booking a taxi, the Commission said.
The Commission noted that 60% of phone users in the EU have an Android device.
Thursday’s decision also requires Google to share its search data with third-party search engines and with AI chatbots that offer search functionality. That includes data Google uses to optimize its search engine. The Commission said this requirement is important for developing and optimizing third-party search engines, including privacy-focused alternatives.
Google will also have to provide the data at a fair price and through a clear process, the Commission said.
In its response to the ruling, Google homed in on what it said are the dangers the DMA-driven changes would pose to users.
“Today’s decisions risk undermining vital privacy and security guardrails for millions of Europeans,” Kent Walker, president of global affairs for Google and parent company Alphabet, wrote in a blog post. “We have repeatedly offered solutions to safeguard users while satisfying the DMA’s goals, but these rulings discount extensive evidence of user harm.”
In an email to CNET, a Google spokesperson reiterated the company’s privacy concerns and noted that the alternatives it suggested would ensure, for instance, that query-related data is passed along to recipients while providing better personal data protection. Google also proposed that anonymization be performed by technical and legal experts, but said the EC rejected the proposal.
Google also said that AI agents already have access to choices, but that ultimately, phone-makers play a big role in protecting users by evaluating apps that could have system-level permissions and access to your data. It said that phone-makers provide that access, not Google.
Apple last month said that because of a DMA ruling, access to its new Siri AI would not be available to users in the EU when iOS 27 and iPadOS 27 roll out later this year.
Under Thursday’s ruling, Google must start sharing data with search providers in January 2027 and make the Android changes effective as of July 2027.
Legacy infrastructure, not the models themselves, is what’s actually slowing AI agents down. That was the shared conclusion of three infrastructure leaders — from LinkedIn, Walmart, and Zendesk — at VB Transform 2026.
The panel brought together Animesh Singh, senior director of AI platform and infrastructure at LinkedIn, Desiree Gosby, SVP of corporate technology services and technology strategy at Walmart, and Sami Ghoche, VP of applied AI at Zendesk, each describing what actually broke when they moved agents from pilot to production. Each arrived at the same conclusion from a different starting point: None of the bottlenecks they hit were model problems.
What tied their answers together was a shared premise: most enterprise infrastructure was built for how humans work, not for how agents work. The gap between those two speeds is where the real engineering happened.
Gosby put it plainly when asked what she’d learned scaling agents inside Walmart’s own workforce. The goal, she said, is to make sure “engineering doesn’t once again become the bottleneck for what it is we’re trying to do.”
Each company hit a different version of the same wall: infrastructure designed for how people work doesn’t hold up once agents are doing the work instead.
At LinkedIn, the first bottleneck wasn’t a model, it was Kubernetes, which assumes containers spin up on demand, a process that takes seconds. Singh said that’s too slow for agents. The fix was moving from on-demand provisioning to pre-provisioned pools of containers that swap agentic workloads in and out in real time.
A second, harder problem surfaced once LinkedIn let agents control their own orchestration. A five-point evaluation system looked clean, but hallucination kept showing up anyway. Singh said the issue was structural, an LLM evaluating another LLM’s output shares the same failure mode as the thing it’s evaluating.
“We built our own harness, our own control flow, and pushed the LLMs to the leaf instead of them orchestrating the loop,” Singh said. Roughly 80% of the workflow is now scripted, deterministic code, with LLMs used only where reasoning is required, and each step’s evidence is committed to disk before the system moves on.
Walmart’s bottleneck came from success. An agent harness put directly into employees’ hands went viral internally, and what Gosby called “citizen developers” began building their own agents to solve problems that once required a formal engineering roadmap. The upside was real innovation. The downside was duplication, dozens of overlapping agents with no coordination. The fix wasn’t reining in the harness, it was building governance to spot duplication, promote the best version of an agent, and get it into production without engineering becoming a chokepoint.
Zendesk hit its bottleneck from the data side. Ghoche, who joined through Zendesk’s acquisition of Forethought, which closed in March 2026, described sitting on what he called a public figure of 20 billion customer conversations in Zendesk’s repository. The instinct is to hand that history to a large language model with a big context window and let it generate the agents a business needs. Ghoche said that doesn’t work. “You can’t really do that, so instead you have to really invest in the underlying data pipelines and all the data infrastructure that comes with that,” he said.
On open source, all three leaders landed on a similar instinct: own what you can, and lean on frontier labs only where they still have a clear edge.
Ghoche said his own view is that most enterprises would prefer to own their models and infrastructure wherever that’s possible, and that reasoning is what drives Zendesk’s own approach. The exception is frontier reasoning work, where the labs still lead, though he said that slice of use cases is shrinking relative to everything else enterprises now do with AI.
LinkedIn’s answer was to build two subsystems specifically for independence. The first is what the company calls an AI gateway, a single interface that every outbound call to a model runs through regardless of provider. The second component is a memory subsystem built to hold context independent of any model provider.
“Every single outbound call going to an LLM, whether it’s on a public cloud or on-prem in our own data centers, follows the same semantics, the same API calls. We can quickly switch between different providers,” Singh said.
Walmart built its own internal gateway to stay vendor agnostic across three workload types: fully deterministic workflows, planner-and-reasoner workflows for open-ended tasks, and a hybrid of the two. Compliance-heavy work stays deterministic by design; governance, security and evaluation run through the gateway regardless of which model is on the other end. Gosby said the choice between a frontier model and an open-weight model comes down to whichever is most effective for the specific workload, not a fixed policy.
Three pieces of advice came up directly, each tied to the wall a leader had already hit.
Invest in evals before anything else. Ghoche called it the thing common to every use case, internal or customer facing.
“The thing that’s common to all of these is evals. It’ll force you to break the problem down, and once you have a robust set of evals, you can move a lot faster,” he said,
Own your agent harness from day one. Gosby’s advice was to put the AI harness directly in employees’ hands early, paired with the infrastructure to monitor what it produces.
“It will unlock a huge amount of innovation,” she said.
Build for model and context independence. Ensuring flexibility is critical for success.
“Build for independence, whether it’s a frontier model of today versus an open source model of tomorrow,” Singh said. “Keep that context within your enterprise so that you can reuse it when you ship the model or the harness tomorrow,” Singh said.
Keri Rodrigues, a mother of five boys, knows the value of screens.
For her boys, four of whom receive school accommodations, screens serve a practical purpose at school.
“When you get a kid who’s got [a learning plan] for anxiety and a substitute teacher that hasn’t read his 504 [plan] and there’s nobody there to de-escalate him, he’s got to use his phone to call mom so I can FaceTime with him and do a breathing exercise,” Rodrigues says.
But this use of screens bumps against a new concern. Fueled by distress over the mental health impacts of too much screen time, lawmakers have begun to pass device bans and other restrictions for schools, in a rising “techlash” across state capitols.
“We’ve got to make sure we’re not stomping on kids that are actually utilizing these devices for really important reasons.”Keri Rodrigues, president of National Parents Union.
Now, as the country wrestles with restricting screens, some parents and disability advocates are beginning to express concerns about whether students who rely on accessibility tools are being excluded from the rulemaking process. Some of these advocates say they agree that new tech restrictions are necessary, but they are calling for careful consideration in how these rules are written.
Many neurodiverse students need assistive technologies for learning, and it’s common for digital tools to be prescribed in the plans schools use for these students. Assistive technologies support functional and social needs for these students’ daily lives, argued Sambhavi Chandrashekar, global accessibility lead for D2L, an online learning platform, in a series of emails to EdSurge.
Chandrashekar and others worry that lawmakers aren’t consulting families with neurodiverse students enough when crafting new restrictions, and that screen time laws could impinge on accessibility tools. They worry that the gains these students have made are becoming swept up in larger political battles.
Advocates are calling for a proactive approach to avoid potential problems down the road, and EdSurge has not yet found an example of a student blocked from using an assistive device because of these new bans.
Students with ADHD might use screens for reminders, alarms, timers, or even medical alerts, says Rodrigues, the mom. Students with autism use it for self-regulation, and students with anxiety, epilepsy, asthma, or vision and hearing differences rely on specific accessibility features on their phones. One of her own sons, a senior in high school, uses a meditation app to de-escalate, she says.
NEWSLETTERS
Sign up for EdSurge newsletters for timely news, insights and analysis.
In her position as president of the advocacy group National Parents Union, Rodrigues wants caution from lawmakers. The new legislation is “really well intended,” she says. But: “We’ve got to make sure we’re not stomping on kids that are actually utilizing these devices for really important reasons.”
“Phones aren’t just toys for kids,” Rodigues says.
Disability laws such as the Individual with Disabilities Education Act guarantee students the right to assistive technologies, sometimes including screens.
But the new restrictions occur at a particularly tense time for these families.
Mass firings and funding cuts under the Trump administration have cast doubt on the reliability of federal civil rights protections and processes, some argue, leading to an increase in accessibility-related lawsuits, as families look to protect their rights. For instance, according to a nonpartisan government watchdog report, the Trump administration’s cuts to the office which reviews civil rights complaints contributed to a 90 percent dismissal of student civil rights complaints in the later months of 2025.
Recently, the U.S. Department of Justice delayed a long-anticipated deadline that required schools and vendors to meet widely accepted accessibility guidelines, after it became clear that schools and governments were not ready.
And advocates have already called attention to bills that would subject students with disabilities to surveillance cameras in classrooms, in the hopes of curbing physical restrains against these students, as EdSurge has reported.
As for the latest screen restrictions, many of the bills note that they do not apply to students with disabilities under law. For example, laws from Alabama and Tennessee carve out blanket exemptions for students with disability plans. And Tennessee’s bill also includes an explicit exception for literacy and dyslexia screenings.
Still, advocates are concerned.
Local and regional policies can limit access to tools like screen readers and predictive text software even if they don’t mean to, argues Andrew Kahn, an associate director for Understood, a support organization for people with learning differences. But these tools can be necessary for those students to keep up in class. It’s not obvious to everyone that these tools can help students, even some who don’t have formal plans, Kahn says.
Typically, when these rules mention students with disabilities, they will exclude anyone covered by disability law, says Lindsay Jones, CEO of CAST, a nonprofit focused on assistive technology and learning. But they are still relying on local school districts or other agencies within the state to provide guidance about how to implement the law, she adds.
Without sufficient guidance, a concern is that teachers might become uncomfortable working with students who need screens for accessibility reasons and might restrict these tools because of that, Jones says. For instance, advocates fear that a teacher, wary of breaking the new law, might tell a student not to use a screen, even though it was prescribed by an individualized education program, or IEP.
“It’s not typical that a student [with disabilities] is sitting alone at a screen, which I think is what seems to be driving much of the concern,” Jones says.
But even if students with disabilities aren’t prevented from using the screens, there’s unease about whether these new rules will contribute to shaming or separation.
Reading some of these laws without guidance, it’s unclear how to implement them without banning screens in the classroom, Jones says. In order to follow these rules, it’s possible that students who are exempt from the bans could be moved into another room, she worries.
“That’s immediately going to bring — or raises our concerns about — stigma for these kids,” Jones says. “One of the beautiful things is when technology is built into systems that we’re all using, and we can use them together, and it reduces the feeling that you’re separate and different in a way that can be especially harmful.”
It’s an apprehension that others in the space share.
“You would be restricting [students with disabilities] because the access to technology is creating that stigma and that segregation,” says Kahn of Understood. “Anything that leads to difference between kids, that accentuates and magnifies, has the really strong potential to further stigmatize and make these kids feel singled out.”
Education should always take place in the least restrictive environment possible, he adds.
Rodrigues says that she and other parents also worry about whether students will become reluctant to use their disability tools because of the stigma. “Kids might actually choose to suffer rather than being singled out socially,” she says.
But ultimately, for some proponents of accessibility tech, the disquiet is largely about who gets consulted for new rules and how they get enforced.
It’s not that these restrictions shouldn’t be pursued, but that families of students with disabilities should be more thoroughly included in the rulemaking process, these advocates argue.
“Parents with children who have a disability must have a seat at the table,” Chandrashekar wrote: “Blanket rules that are blind to fundamental human differences will do more disservice than good to students at the margins.”
Following the reports last week using the Windows Global Device ID (GDID) in tracking a malware operators behavior, here is a comprehensive write-up about what goes into the GDID and how it is used. It’s worth noting that the GDID itself was not used to catch the malware operator, however once a suspect was identified, the GDID was used to correlate behavior across various Microsoft products on the Internet.
The GDID is generated and assigned during a Windows install, but a re-install of Windows will generate a new GDID. Developer [SmtimesIWndr] tracks the generation and tracking of the GDID through the various Windows libraries and services, identifying where it appears to be created and how it is passed to other services like Azure.
Worth noting is your GDID is a unique, personally identifiable piece of information; if you go exploring and extract it from your Windows install, be sure to keep it private!
Those of us who were around for the dawn of MP3 files may remember the LAME encoder and library. After almost 10 years, there is a new LAME release.
Notably, this includes two security fixes, one for a stack buffer overflow based on malicious input to the Blade encoder, and an integer underflow in the AIFF header parser. Both of the fixed bugs feel very old-school, which seems appropriate given the age of the library and most of the related code.
Buffer overflows impacting the stack are some of the simplest and most direct forms of vulnerabilities, where it is possible to write past the end of a buffer and control how the function returns and instead execute arbitrary code. Integer under-flows, similarly, impact memory management; usually caused by allowing a variable that stores the size of a buffer to go negative. Since sizes are typically unsigned positive numbers, a negative is interpreted as an enormous positive number, writing past the proper buffer length.
Despite the new findings, the LAME codebase has been extremely resilient over the years, and considering the number of programs that likely still use LAME under the covers to process audio, seeing the project wake up with security fixes is great news.
Researchers have found a vulnerability in Dell BIOS code that allows extraction of the administrator password from the BIOS flash chips, either with physical access via a flash programmer, or via administrator or root level access to the operating system and reading the contents of the flash chip.
Dell used a 20 byte key to encrypt a 32 byte password field: for any admin password of 12 characters or fewer, the password is stored in completely plaintext. For longer passwords, characters beyond the first 12 are encrypted – but the random bytes are computed from the first character of the password mixed with fixed device data, yielding only 256 possible encryption seeds for the remaining bytes.
Using the BIOS admin password for evil requires local access, so the attack surface is small, however as the researchers note it controls the boot order and may allow an attacker with physical access to then boot an unsigned OS or bypass full-disk encryption, so it’s serious.
Last month, Microsoft broke records for the number of security fixes in the June monthly Patch Tuesday roundup. This month, Microsoft broke records for the number of security fixes in the July monthly Patch Tuesday roundup.
This month includes a record 60 plus patches for critical vulnerabilities in Windows, as well as fixes for previous Bitlocker bypasses, and an AI prompt injection which could allow web sites to trigger Copilot in Microsoft Edge on Android and execute arbitrary prompts. Another bug patched this month allowed privilege escalation and code execution over DHCP, potentially impacting all Windows installs on the same physical network or public hotspot.
Microsoft credits AI assisted tooling with the record-breaking number of bugs discovered, and indicates it’s unlikely to slow down next month.
It’s a week with a Patch Tuesday, which now seems to mean it’s a week with a new exploit from NightmadeEclipse, the researcher who previously made news for being quite upset with the responses from the Microsoft security group. After then creating a public outcry by threatening prosecution, Microsoft recently has seemed simply to be fixing bugs disclosed by NightmareEclipse in the next series of security updates.
This month, we have LegacyHive, an exploit which allows loading the “hive”, or collection of registry settings and configuration files, of another user. The Windows registry is typically used to store preferences, settings, auto-launched applications, and other important settings, so being able to access other users registry groups seems significant.
Fairlife Dairy, owned by Coca-Cola, has suspended US operations due to a ransomware attack. Filings with the SEC simply say that production facilities are impacted and will be temporarily suspended, with no estimate as to when they will be restored.
Typically when a food-processing facility goes offline, the delays for restoring service can be significant due to the sanitization requirements.
The April Task Force has been announced (yes, in July) with a focus on enhancing the security posture of Perl and the CPAN library.
Given the absolute havoc wreaked on the NPM and PyPi repositories in 2026, proactive measures to protect other repositories seem prudent. Funded by the Perl and Raku Foundation and the Linux Foundation, the April Task Force will be focused on supply chain security, vulnerability patching, and processing reported vulnerabilities and CVEs.
Perl may not be the juggernaut language it once was, but it’s still used widely, so any preventative measures are good news.
Researchers from ESET enumerated 11 boot loaders signed by Microsoft that can be used to bypass secure boot protections and execute arbitrary code.
Secure Boot was designed to only boot code signed by trusted organizations (in this case, Microsoft). Those of us running Linux typically know it as “the option in the BIOS to turn off to get a kernel to run properly”, but for corporate fleets, Secure Boot protections help protect disk encryption and prevent malware installs.
During boot, a Secure Boot protected system validates the code it is about to launch to ensure it is signed by a trusted organization, establishing a chain of trust where each component then validates the next before launching. Often, to enable other tools or Linux distributions to boot, a “shim” boot loader is created and signed by an organization trusted by the UEFI install, which then loads and validates the actual boot loader or kernel.
Over the years, many such shims have been signed, but updates have lagged and security vulnerabilities have been found. Even unused old boot loader code remains signed and viable, allowing attackers to replace a modern version with a vulnerable, still valid, old version.
Microsoft has removed several of the vulnerable boot loaders via recent Windows patches, however systems that are not updated and systems that do not run Windows will still likely be vulnerable.
Weekend Open Thread: Nutriplenish Leave-In Conditioner
London Mayor Sadiq Khan handed a peerage by Keir Starmer alongside 15 other Labour figures… just days before the PM leaves No10
Young campaigners urge incoming PM to act on outdoor junk food ads
CFTC blocks Kalshi from unwinding Michigan trades after court order
Weekend Open Thread – Corporette.com
Nvidia Stock Slips After Big Tuesday Rally as Huang Confirms Vera Rubin Chip Is Now in Production Today
Disney’s Most Ambitious Failed Star Wars Attraction Is Coming to SDCC
XRP BOMBSHELL… XRP OMBOARDED FOR TRANSACTIONS!!!
Get Your ESP32 Sunny Side Up With This Solar Dev Board
Injective Submits SEC Transfer-Agent Registration to Onchain Ownership Records
Registration is now open for March for Men with Kev 2026
Dark Secrets Emerge When Jailbreaking LLMs
Palantir Shares Rise After Expanded Nvidia Partnership and Fresh Analyst Upgrades Ahead of Earnings Day
New Cornerback Enters Vikings Trade Rumor Mill
Money | Class 12 Economics | CBSE Board Exam 2026-27
Banco Bilbao Vizcaya Argentaria, S.A. (BBVA) Discusses Global Macro Environment and Economic Outlook for Core Markets Transcript
Cloudflare Precursor Watches Your Mouse and Keyboard To Decide If You Are Human
how to make coin bank box with cardboard #scienceproject #money #diy #shorts
Airlines warn Sunshine Protection Act could disrupt flight scheduling
Vicki Gunvalson Defends Discussing Heather Dubrow’s Money
You must be logged in to post a comment Login