Cyber Essentials has always been the UK’s baseline cybersecurity standard.

It’s a practical floor designed to block common attacks and ensure business resilience when organizations implement them, rather than treating the scheme as lip service.

Microsoft confirmed that it’s working on a security patch for a Defender zero-day vulnerability named “RoguePlanet,” disclosed one week ago.

The security researcher who published a RoguePlanet exploit during the June 2026 Patch Tuesday (known as Nightmare Eclipse) said it affects fully patched Windows 10 and Windows 11 devices and allows attackers to spawn command prompts with SYSTEM privileges via a Microsoft Defender race condition.

He shared a proof-of-concept exploit in a self-hosted Git repository, claiming that Microsoft had previously targeted and removed their repos hosting exploits on GitHub and GitLab.

“The exploit is a race condition, so it’s a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others,” Nightmare Eclipse said.

“Microsoft is aware of the reported vulnerability and is actively investigating the validity and potential applicability of these claims. Microsoft is committed to investigating security issues and updating impacted products to protect customers as soon as possible,” a Microsoft spokesperson told BleepingComputer when asked for a statement at the time.

On Tuesday, one week after the RoguePlanet flaw was disclosed, Microsoft assigned the CVE-2026-50656 ID to this security flaw and confirmed it’s currently working on a patch, but didn’t acknowledge that Nightmare Eclipse was the one who found the vulnerability.

“Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as ‘RoguePlanet,’ it said in an advisory published yesterday. “We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.”

The RoguePlanet release is part of an ongoing dispute between Nightmare Eclipse and Microsoft over the latter’s bug bounty and vulnerability disclosure practices.

Over the past several months, the researcher has publicly leaked multiple Windows zero-day exploits, including for the BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend flaws. Some of these zero-days affect Microsoft Defender, while others target BitLocker and Windows components.

The company reacted to Nightmare Eclipse’s disclosures by issuing warnings of legal action when people engage in “malicious activity causing real harm to our customers,” leading cybersecurity experts and researchers to believe that Microsoft was threatening the researcher.

Microsoft fixed the GreenPlasma, MiniPlasma, and YellowKey flaws last week as part of the June 2026 Patch Tuesdayupdates.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Threads is rolling out a batch of upgrades to its Communities feature and introducing a new feed personalization tool, as Meta marks the platform reaching 500 million monthly active users.

Communities get their own identity

The Communities feature, which launched last year and lets users form groups around shared topics, is now out of beta and picking up several additions. Communities can now have custom icons to make them easier to identify across the app, and a new Communities Hub puts them in the main menu alongside the feed, so switching between them takes fewer taps.

Meta says it is also adding a progress indicator that shows users how far a topic is from becoming a full community, expanded champion status to recognize more active members, and native-language tags for communities in Japan, Korea, and Taiwan. Live Chats, which are already available in some Communities, will expand to more groups in the coming weeks and gain co-hosting and the ability to quote moments directly to the feed.

Your Algo puts feed controls in your hands

Meta is also rolling out a new feed-tuning tool called Your Algo. It builds on Dear Algo, a feature introduced in February that lets users signal to the algorithm what they want to see more or less of.

Your Algo works alongside it, letting users privately set topic preferences and choose how long those preferences stay active, with options for one, three, or seven days. The requests are visible only to the user, and both tools are managed from a single hub. Your Algo is live for users in the US, Canada, the UK, Australia, and New Zealand.

The rollout comes just days after Instagram introduced a similar feature called Your Algorithm, which lets users add and remove topics to shape what they see across the app.

Today, Chinese AI startup Z.ai (formerly Zhipu AI) announced the immediate release of GLM-5.2, a 753-billion parameter open-weights large language model (LLM) engineered specifically to dominate “long-horizon” autonomous coding and engineering tasks.

Available immediately on Hugging Face, the Z.ai API, and more than 20 third-party coding environments, the model boasts a highly stable 1-million-token context window alongside enterprise subscription tiers starting at just $12.60 per month.

In excellent news for cost and security-conscious businesses, z.ai has released GLM-5.2’s core weights under an unrestricted MIT open-source license, allowing enterprises to download the model freely from Hugging Face, customize or fine-tune it to their liking, and run it potentially locally or via virtual machines for only the cost of their compute and electricity.

This is an increasingly appealing option for enterprises, as state-of-the-art American proprietary models face an uncertain and potentially interrupted regulatory future, following the Trump Administration’s export control directive last week prohibiting foreign nationals from using Anthropic’s new Claude Fable 5 model (which that company responded to by taking the models in question entirely offline for all users).

For enterprise technical decision-makers, z.ai’s GLM-5.2 provides a highly capable path to host frontier-level AI locally, entirely bypassing the geographic fencing and commercial limitations.

IndexShare re-uses one indexer for every four sparse attention layers, reducing compute needs

Under the hood, GLM-5.2 operates with 753 billion parameters and introduces a major architectural optimization called “IndexShare”.

In standard massive language models, recalculating attention mechanisms across long documents is computationally exorbitant. IndexShare solves this by reusing the identical indexer across every four sparse attention layers.

At the maximum 1-million-token context length, this single innovation reduces per-token compute FLOPs by a massive 2.9 times.

The model also features an upgraded Multi-Token Prediction (MTP) layer for speculative decoding, which boosts accepted token length by up to 20% during inference.

Additionally, Z.ai has implemented flexible, selectable “Thinking Modes”. Users can toggle the model’s reasoning effort between “Max,” designed to push the limits of logical problem-solving, or “High,” which strikes a careful balance between high-end performance and latency-sensitive token efficiency.

State-of-the-art benchmarks for an open model, and matching, even beating proprietary leaders on some categories

On industry-standard third-party benchmark tests, GLM-5.2 performs above most open source flagship models, even DeepSeek v4 and scores near or above its closed-weights rivals, OpenAI’s GPT-5.5 and Anthropic’s Claude Opus 4.8.

The model particularly shines in agentic tool use and long-horizon software engineering tasks:

• SWE-bench Pro: GLM-5.2 scored 62.1, decisively beating GPT-5.5 (58.6) and its own predecessor, GLM-5.1 (58.4).

• FrontierSWE (Dominance): Designed to test long-horizon task completion, GLM-5.2 hit 74.4%, surpassing GPT-5.5 (72.6%) and finishing in a near-tie with Claude Opus 4.8 (75.1%).

• MCP-Atlas: On this tool-usage evaluation, GLM-5.2 achieved a 77.0, outscoring GPT-5.5 (75.3) and performing just shy of Claude Opus 4.8 (77.8).

• Humanity’s Last Exam (w/ Tools): When equipped with external tools, GLM-5.2 reached a score of 54.7, coming out ahead of GPT-5.5 (52.2) and tracking closely behind Claude Opus 4.8 (57.9).

• PostTrainBench & SWE-Marathon: In extended, multi-hour engineering workloads, GLM-5.2 consistently topped GPT-5.5, scoring 34.3% against GPT-5.5’s 25.0% on PostTrainBench, and 13.0% against GPT-5.5’s 12.0% on SWE-Marathon.

While GLM-5.2 trails Claude Opus 4.8 and GPT-5.5 slightly on raw Terminal-Bench 2.1 scores (81.0 versus 85.0 and 84.0, respectively), it significantly outscores Google’s Gemini 3.1 Pro (74.0).

Beyond traditional coding metrics, GLM-5.2 took an impressive first place on the crowdsourced design task benchmark Design Arena, beating out even the aforementioned state-of-the-art Claude Fable 5 with an ELO score of 1360.

Furthermore, the impact of Z.ai’s new selectable “thinking modes” is clearly visible in the data: under the “Max” effort level, GLM-5.2 pushes to peak intelligence, but utilizes nearly 85k output tokens per task. Switching to the “High” effort setting sacrifices only a few points in performance while effectively halving the required token output, providing a crucial optimization lever for latency-sensitive applications.

Available via Coding Plans and API

To operationalize the model, Z.ai launched the GLM Coding Plan, aiming squarely at developer workflows rather than simple chat interfaces.

The plan offers out-of-the-box support for third-party U.S. and global agentic coding harnesses and tools including Claude Code, OpenClaw, Cline, Kilo Code, Crush, and Factory, among others. The Coding Plan pricing tiers (when billed annually) are highly competitive:

• Lite: $12.60 per month ($151.20 per year starting in the 2nd year), geared toward lightweight iteration on small repositories.

• Pro: $50.40 per month for day-to-day development on mid-sized repositories, offering 5x the usage allowance of the Lite plan.

• Max: $112.00 per month for heavy workloads, offering 20x the Lite usage and dedicated resources during peak hours.

For enterprise developers integrating the raw model into their own applications, Z.ai’s API pricing undercuts its Western rivals significantly while matching the exact rates of the previous GLM-5.1 generation.

GLM-5.2 API access is priced at $1.40 per million input tokens and $4.40 per million output tokens, making it a mid-priced model globally, but about

Sorted by total cost (input + output) from least to most expensive. Pricing shown is standard pay-as-you-go pricing per 1 million tokens.

To further optimize costs for long-context workloads, Z.ai offers a cached input rate of just $0.26 per million tokens, alongside a limited-time offer for free cached input storage.

The stark contrast between open-weights innovators and proprietary Western labs has not gone unnoticed by the developer community.

On X, prolific AI observer Lisan al Gaib (@scaling01) argued that “frontier labs are absolutely scamming you on API pricing”.

The post noted that while massive open models like the 744-billion-parameter GLM-5.2 charge $4.40 per million output tokens and DeepSeek-V4-Pro (1.6 trillion parameters) charges just $0.87, proprietary models demand heavy premiums: Anthropic’s Sonnet 4.6 and Opus 4.8 charge $15.00 and $25.00 respectively, while OpenAI’s GPT-5.5 costs $30.00 for output.

Highlighting that open-model developers are operating profitably without relying on the newest “fancy Blackwell chips,” the commentator suggested that leading proprietary labs are “probably at 90%+ margins at this point”.

The beauty of the unmodified MIT License for enterprise use

The most disruptive aspect of the GLM-5.2 release is its licensing. Z.ai released the model’s weights under an MIT open-source license, establishing it as a “Pure Open” system.

The company’s technical documentation explicitly notes that this license guarantees “no regional limits” and allows “technical access without borders”.

For enterprise technology leaders, an MIT license means the software can be used, modified, and commercialized without paying royalties or adhering to restrictive “acceptable use” governance policies common to dual-use licenses.

It allows engineering teams to host frontier-level AI on their own sovereign infrastructure, entirely eliminating vendor lock-in.

Warm reception among AI developers and toolmakers

The developer reaction to the release has been immediate and overwhelmingly positive.

The team behind Kilo Code confirmed day-one integration, posting on X: “GLM-5.2 runs in Kilo Code on day one. The 1M context window and Max effort mode are both live. Point your config at it and go!”.

Open-source coding environment Cline IDE echoed this sentiment on X, noting the economic advantage: “GLM-5.2 is the first open-weights model to cross 80% on Terminal-Bench, and beats every other open model available. It also beats Gemini, making it a frontier-level model for a fraction of the cost. Open weights is back. This model is a game changer. Available in Cline now!”.

Similarly, rival open source coding desktop agent Eigent AI also tested the model’s new capabilities on complex agentic workflows, noting on X: “threw a real long-horizon task: research 30 companies across 6 sectors of the AI infrastructure stack, structure it into JSON, then build an interactive HTML report… where 5.2 pulls ahead: -> plans…”.

Apple’s plan to change a privacy feature that lets paying customers hide their real email addresses when creating online accounts could make it easier for apps and websites to block anonymous sign-ups.

Apple’s Hide My Email is an iCloud+ feature that generates anonymous email addresses under the @icloud.com domain, which then forward messages to a person’s real email address. The reason these privately generated email addresses work is because they cannot be distinguished from regular Apple users, whose email addresses also use the @icloud.com domain.

Apple said in a note to developers on Monday that in the coming weeks the company will move its anonymously generated email addresses to @private.icloud.com, effectively making it easier for apps and websites to know that an email address is private and block users from signing up.

Existing addresses will continue to function and forward mail without interruption, Apple said in the note to developers. The company added that app and email providers would have to update their filtering to ensure that emails to customers who rely on the feature continue to go through.

Several Apple users on Reddit criticized the change to the email domain, saying it would make it more difficult to use the service. 

Apple did not respond to a request for comment from TechCrunch about the change, or explain why it made the change.

Earlier this year, TechCrunch reported that Apple turned over the real account information of a user who generated an anonymized email address using Hide My Email to send an allegedly threatening email to the girlfriend of the FBI director Kash Patel.

The Trump administration has made efforts over the past year to unmask anonymous accounts, including those of Trump’s critics, by using subpoenas to demand that tech companies turn over information about their users.

Looking for the most recent Mini Crossword answer? Click here for today’s Mini Crossword hints, as well as our daily answers and hints for The New York Times Wordle, Strands, Connections and Connections: Sports Edition puzzles.

Need some help with today’s Mini Crossword? It was a bit tricky today, I thought, especially 6-Across and 2-Down. Read on for all the answers. And if you could use some hints and guidance for daily solving, check out our Mini Crossword tips.

If you’re looking for today’s Wordle, Connections, Connections: Sports Edition and Strands answers, you can visit CNET’s NYT puzzle hints page.

Read more: Tips and Tricks for Solving The New York Times Mini Crossword

Let’s get to those Mini Crossword clues and answers.

Mini across clues and answers

1A clue: Witty one-liners
Answer: QUIPS

6A clue: Common poster in a geography class
Answer: USMAP

7A clue: Country that’s won the World Cup four times (but failed to qualify in 2018, 2022 and 2026)
Answer: ITALY

8A clue: The one for Starbucks has a wavy-haired mermaid
Answer: LOGO

9A clue: ___ socks (1970s fad)
Answer: TOE

Mini down clues and answers

1D clue: Patchwork blanket
Answer: QUILT

2D clue: “We feel the same!”
Answer: USTOO

3D clue: Word after spitting or mirror
Answer: IMAGE

4D clue: ___ Alto, Calif.
Answer: PALO

5D clue: Secret agent
Answer: SPY

The organization isn’t going to let a non-sponsor brand show up on the field.

Anthropic is having a month.

The AI lab finished May by surpassing OpenAI in market share of business spending for the first time, Ramp just revealed. It raised $65 billion at a $965 billion valuation (also besting OpenAI) at the end of May, then waltzed into June by filing confidential paperwork for an IPO, reportedly on the strength of its first-ever profitable quarter.

Then on Friday, the Trump administration renewed its war on the model maker by sending a letter demanding it ban non-Americans, including Anthropic’s employees, from accessing its state-of-the-art models: the limited-release Mythos 5 and the more guarded version of Mythos released to the public three days earlier, called Fable 5.

This essentially forced Anthropic to pull its latest all-powerful model from the market altogether.

Although the White House invoked an obscure export control directive when ordering the ban, the exact cause remains unclear. The chatter was that hackers easily bypassed Fable 5’s guardrails, which were intended to prevent access to Mythos’ capabilities. That model is so good at finding security flaws in software code that Anthropic itself marketed it as dangerous and restricted its public release.

This new drama comes after Anthropic famously refused to allow the government to use its models for mass surveillance of Americans and fully autonomous weapons. As a result, in March, the Trump administration declared the company a supply-chain risk.

That didn’t deter Anthropic’s sales to businesses. Quite the opposite, Ramp’s data shows. Ironically, this latest feud with the Trump administration, which also appears to validate the hubbub over Mythos’ mythological power, may help rather than hurt Anthropic, according to Ramp’s lead economist, Ara Kharazian. Kharazian is the person who compiled the business-spending AI data.

“If anything, it’ll probably boost them,” Kharazian told TechCrunch. “Anthropic’s best month on record, as far as business adoption, was the month that the Department of Defense labeled them a supply-chain risk. There’s a lot of aura that comes with your model specifically being named too dangerous to use.”

Ramp’s data isn’t granular enough for us to see how much of a financial hit the company will take by pulling Mythos and Fable 5 off the market.

Still the data, from more than 70,000 businesses that use its platform, shows that customers heavily use Anthropic’s Opus models and that business use has been growing.

For instance, Ramp reported that Anthropic’s share of AI subscriptions paid for by businesses rose 2.5 percentage points in May to 41%. This compares to OpenAI, which commanded 39.5% of AI subscriptions by its customers, essentially flat from the prior month. (OpenAI still greatly leads Anthropic in overall consumer usage, according to new data from Sensor Tower.)

Beyond subscriptions, the vast majority of what companies spend money on is API calls to the model, which cover token use for activities like coding. Anthropic’s Claude Code has a strong reputation as a powerful AI coding tool.

Ramp can’t always see from the spending data which models most businesses are using. When it can see the model details — in about one-third of transactions — businesses are mostly spending on various flavors of Claude Opus, particularly the later versions. Opus is the model that preceded Mythos and is still openly available.

In fact, in late May, Anthropic released a new version, Opus 4.8.

Mythos had not been on the market for that long, having been released to limited users as of April. And Fable 5 was shut down after a few days.

While we can’t predict how this latest drama with the White House will impact Anthropic’s ability to go public as it hoped to (public-market investors tend to be wary of companies embroiled in controversies with the government), the numbers indicate that Anthropic’s available models are more popular with businesses than ever before.

Snap’s newly announced AR Specs might seem similar to other smartglasses, but Snap CEO Evan Spiegel says that’s the wrong way to think about the product. Specs, he says, is “a new type of computer, a see-through computer.”

Shortly after unveiling Specs at AWE, Spiegel sat down with Engadget to tell us more about the device we got a glimpse of onstage. The CEO repeatedly referred to Specs as a “computer” and that really is core to understanding how Snap is positioning the product (and justifying the price). Specs, Spiegel said, “is able to overlay computing on the world around you and bring computing into the world, which is so important if you want to make computing feel more human.”

But Snap will have to do more than just persuade people to buy a computer for their face. When Specs go on sale later this year, the company will face a very different environment than when it first started experimenting with camera-enabled glasses in 2016. For one, it has a lot more competition now. But today, there’s also increasing suspicion of smartglasses, given that there have been some very public cases of people misusing the tech.

There’s the Meta of it all, too. The company was recently caught with an unreleased facial recognition feature on its Ray-Ban glasses (that it removed soon after outside researchers discovered it). 

Spiegel, not surprisingly, isn’t a fan of facial recognition.

“There are certain use cases, like facial recognition, that we don’t allow in Lenses, and one of the benefits of having our own developer ecosystem and our own developer tools is that we’re able to moderate the Lenses that are submitted and available on Snap to make sure that they comply with our guidelines,” he told Engadget.

He also said he hopes people will view Specs differently than what’s currently out there. “I think AI glasses are typically being used to record content, that’s sort of the purpose of the glasses as they’re marketed,” he said. “That’s not the purpose of Specs. In fact, I think that might be an almost tangential use case.” 

Spiegel said he thinks people will feel more comfortable around Specs once they understand wearers are more likely to be “using a computer, not surreptitiously recording videos.”

Specs will also launch at a time when more governments and regulators are scrutinizing social media companies’ track records on child safety. Earlier this week, UK Prime Minister Keir Starmer said the UK would ban children under 16 from social media, including Snap. Spiegel said that while he anticipates Specs “will mostly be used by adults,” the company has built some parental control features for people who want to share the glasses with their teens. “You can basically swipe a little toggle [in the Specs app] and limit the world of Lenses that they can use when they’re using Specs,” he explained. “So they can have all the fun and play, and still provide comfort to parents that they’re overseeing what their teens are doing.”

At $2,195, Specs will be more expensive than any other smartglasses currently on the market. It’s also more expensive than even most headsets, save for the Apple Vision Pro, which Spiegel drew a clear comparison to during his keynote. I asked if Snap’s goal is for the price of Specs to come down eventually and he said it is a long term goal for the company.

“That’s something we’re really focused on over time, because we want Specs to be as accessible as possible,” he said. “As far as computers go, it’s an incredibly powerful new computer, and we try to price in a way that makes it something that early adopters and developers and folks who are really passionate about this technology can afford.”

Besides price, the biggest question ahead of the Specs reveal was just how much Snap would be able to change their design. Spiegel was wearing the new Specs throughout our conversation, and after seeing them up close I’m able to confirm they are indeed much more refined than the developer version from 2024. The arms are still quite thick, though, and stuck out a bit past Spiegel’s head. But from the front, they are noticeably narrower and rounder than the boxy, more angular frames we’ve seen in the past from Snap.

While he was speaking, I was able to easily see his eyes through the lenses, though I could detect some rainbow-like reflections from the embedded waveguides when he turned his head. I also saw the lenses when the dimming feature was enabled and they looked fully blacked out, like dark sunglasses.

Unfortunately, Snap isn’t offering demos of the glasses just yet, so my impressions are limited to what I was able to observe during my quick chat with Spiegel. But I’m looking forward to seeing how Snap’s “computer” will look and fit on different faces.

Facepalm: Claims that Trump Mobile could deliver a “Made in America” smartphone within months sounded dubious when the T1 was initially unveiled a year ago. The ensuing mockups suspiciously resembled existing foreign designs, and a recent teardown confirms the device is nearly identical to one from Taiwan-based HTC.

iFixit’s teardown of the Trump Mobile T1 confirms that the phone is essentially an HTC U24 Pro with a few minor cosmetic changes. The findings settle suspicions that had been circulating since earlier this year and undercut Trump Mobile’s original claim that the device would be American-manufactured.

The T1’s listed specs: a 6.78-inch 120Hz AMOLED display, a Snapdragon processor, a 50MP main camera, a 50MP telephoto, and an 8MP ultrawide – closely mirror what HTC publishes for the U24 Pro. When NBC brought a unit to iFixit, the repair team disassembled it using the same techniques that had worked on the U24.

HTC U24 Pro (left) and Trump Mobile T1 (right). Source: iFixit

Scans revealed nearly identical internal layouts and component placement, and iFixit successfully booted the T1 using a motherboard taken from the HTC device. The LPDDR5 RAM was sourced from Micron rather than SK Hynix, a difference iFixit attributes to supply chain variability rather than any meaningful design divergence.

Other changes are cosmetic or minor: a gold chassis (with the American flag rendered with 11 stripes instead of 13), re-drilled speaker holes, a different camera shell, a repositioned flash, and a larger battery. That battery grows from 4,600mAh to 5,000mAh, though charging speed drops from 60W to 30W.

When Trump Mobile unveiled the T1 alongside its carrier service exactly one year ago, the company claimed the phone would be “designed and built in the United States,” but walked that back quickly. Subsequent language described the device as “designed with American principles in mind,” and the website now simply calls it “Proudly American.”

The earliest mockups depicted a vague design that sparked doubts about whether a real product existed, while later images mirrored a repainted Samsung Galaxy Ultra. When the actual phone leaked in February, observers immediately recognized HTC’s design.

Trump Mobile executives have said the company aims to rely as little as possible on Chinese parts and labor, but Taiwan’s National Communications Commission database lists Guangdong Yuanchang Electronics Co., Ltd., a China-based manufacturer, as the producer of the HTC U24 Pro, and some U24 Pro retail boxes carry a “Made in China” label. Furthermore, when Google acquired a significant portion of HTC’s hardware engineering team in 2017 for $1.1 billion, it left the company with a considerably reduced capacity to design its own handsets. iFixit suspects HTC contracted a Guangdong company to both manufacture and design the U24 in the first place.

President Trump, like Obama before him, has pressured companies including Apple and Samsung to explain why smartphone manufacturing cannot be revived domestically. Supply chain analyst Kevin O’Marah has estimated that a fully domestic smartphone production timeline would span roughly a decade, requiring a phone designed from scratch around automated US production lines and manufacturing equipment that doesn’t currently exist in the country – making it unsurprising that Trump Mobile couldn’t accomplish the feat in a single year.

That said, final assembly of the T1 occurs in Miami, which could represent a first step toward a more domestically produced device. The persistent obstacle is the cost of US labor, and if domestic companies can gradually master the supply chain, fully automated US factories might eventually make it viable, though not for years. Pre-orders for the T1 are open at a promotional price of $499, slightly undercutting the U24 Pro’s $579 MSRP. A successor, the T1 Ultra, is planned.