Microsoft has confirmed that Windows 11 is getting a new modern Run dialog with dark mode support and faster performance in a new preview build 26300.8346.
The Run dialog has been around since the Windows 95 era, and it is one of those small Windows features that many power users still rely on every day.
You just need to press Win + R, type a command, open a file path, launch a tool, or quickly jump to a location without opening File Explorer first.
With the new version, Microsoft is trying to modernize Run without changing what makes it useful.
Unlike the legacy Run, modern Run matches Fluent Design, supports dark mode out of the box, and is actually faster than the legacy Run.
That is interesting because modern counterparts usually have a reputation for slower performance.
.png)
Microsoft noted that designing a modern Run dialog for Windows 11 was challenging, as the company had to maintain the same performance and retain the minimal user interface, similar to the original Run that shipped with Windows 95.
“When we set out on creating the new experience, we knew the existing dialog was fast. We also knew we needed to be sure we deeply understood how you all used it. Modernize, be opinionated, and evolve it,” Microsoft explained in a blog post.
“To help evolve, we added a measure briefly to the dialog to see what was being used and to measure time-to-show. This confirmed a few key things that helped the design process.”
Microsoft says performance was one of the most important factors when designing the modern Run dialog. That’s because quite a lot of people use the existing Run dialog to paste text from the clipboard, then copy it again to remove text formatting.
This experience mostly works because of how fast the existing Run is. The legacy Run dialog takes approximately 103ms to appear after you press the Win + R keyboard shortcut.
Interestingly, the modern Run is actually faster. It has a median time-to-show of just 94ms.
“This was a huge team effort – we’ve collaborated tightly with partners across the platform to get these UI surfaces loading snappy. Improvements we’ve made to the platform don’t just make Run fast, but they help make the whole OS more efficient,” the company said.
Microsoft says it expects these numbers to improve as well as there is still room for improvement,
Microsoft looked at how people use the existing Run dialog before deciding what should stay and what could be removed. One example is the Browse button, which lets you browse a specific directory to open a program.
According to Microsoft, the Browse button usage is less than 0.0038%. This number is based on a sample of 35 million users who open Windows Run.
As a result, Microsoft has dropped the Browse button from the modern Run. The company argues that it researched how Run was being used and how fast it was, which helped form a baseline to build the modern Run.
Modern Run also supports ~\, which allows you to quickly access your home directory. It also shows icons in the list, which should make entries easier to identify without making the dialog feel too heavy.
While modern Run looks great and works well in our test, some of you may not like the idea, which is why the feature is entirely optional and tied to Advanced Settings in Windows.
According to Microsoft, modern Run does not get turned on automatically. Instead, you need to open Settings > Advanced Settings and manually enable modern Run, which replaces the legacy Run.
There are also plans to add more features to modern Run, and Microsoft says it is collecting feedback before rolling it out more broadly.
In addition to the Run dialog upgrade, Microsoft is improving Windows Share UI for AAD users.
Until now, if you wanted to add an app to the share dialog, you had to open the MS Store, install the app first, and then find it in the Share list. Now, you can install apps directly from the Share UI.
Last but not least, Magnifier now gives you more control over how you zoom, including preset zoom levels of 5%, 10%, 25%, 50%, 100%, 150%, 200%, and 400%.
These changes will roll out to everyone in the coming months, but for now, you’ll need to download Windows 11 Build 26300.8346 from the new Experimental Channel.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
Chinese courts in Hangzhou and Beijing have ruled in two separate cases that companies cannot fire workers simply to replace them with AI, establishing that AI adoption is a strategic business choice rather than an unforeseeable change in circumstances under China’s Labour Contract Law. The rulings arrive as 78,000 tech workers have been laid off globally in early 2026 with nearly half attributed to AI, and create a stark contrast with the US and EU, where no equivalent legal protection exists.
TL;DR
A quality assurance supervisor identified only as Zhou joined a technology company in Hangzhou in November 2022. His job was to work with AI large language models, optimising their outputs and filtering sensitive content. He earned 25,000 yuan per month, roughly $3,640. In 2024, the company decided that its AI systems had improved to the point where Zhou’s role could be automated.
It reassigned him to a lower-level position with a 40 per cent pay cut, reducing his salary to 15,000 yuan. Zhou refused. The company fired him. Zhou filed for arbitration. The arbitration panel ruled the dismissal unlawful. The company appealed. The Hangzhou Intermediate People’s Court upheld the ruling.
The court found that a company’s decision to adopt AI is a strategic business choice, not an unforeseeable change in objective circumstances, and therefore does not qualify as legal grounds for termination under China’s Labour Contract Law. The company was ordered to pay compensation. The ruling, published this week, is the second Chinese court decision in six months to establish the same principle: you cannot fire a worker in China simply because an AI can now do their job.
The first case was decided in Beijing. An employee surnamed Liu had worked as a data collector at a technology company since 2009, responsible for traditional manual map data collection. In early 2024, the company shifted entirely from manual collection to AI-driven automated data collection, cancelled its navigation products department, and terminated Liu’s contract, citing a major change in objective circumstances that made the contract unperformable.
The Beijing Municipal Human Resources and Social Security Bureau published the case in December 2025 as one of its ten most significant labour arbitration decisions of the year. The arbitration panel ruled that the introduction of AI fell within the scope of the employer’s autonomous business decisions and represented technological innovation proactively implemented to adapt to market conditions.
Such decisions, the panel found, may require adjustments to job structures, but those adjustments fall within the risks an employer should reasonably foresee during normal business operations. The company sued to overturn the arbitration. Both the trial court and the appeals court upheld the ruling.
The legal reasoning in both cases turns on Article 40 of China’s Labour Contract Law, which permits termination when objective circumstances materially change and render a contract unperformable. The provision is typically applied to events genuinely beyond the employer’s control: force majeure, government-mandated relocations, production suspensions caused by regulatory changes.
Chinese courts have now determined, in two separate jurisdictions, that AI adoption does not meet this standard. The technology was not imposed on the companies. It was chosen by them. The courts drew a distinction between an external shock that makes a job impossible and an internal decision that makes a job redundant. The first is a legal basis for termination. The second is not.
The rulings arrive at a moment when the global technology industry is cutting jobs at a pace not seen since the post-pandemic corrections of 2022 and 2023. More than 78,000 technology workers were laid off in the first four months of 2026, and nearly half of those cuts were directly attributed to AI replacing human roles. Meta cut approximately 8,000 positions in May alone, with every major restructuring announcement citing AI as the primary driver.
Oracle eliminated between 20,000 and 30,000 employees in March. Block’s chief executive stated that the company’s reduction from 10,000 to 6,000 employees was driven by growing AI capabilities. Meta’s restructuring is the clearest example of the pattern: traditional roles are eliminated, the savings are redirected to AI infrastructure, and the headcount that remains is reoriented around building and operating AI systems rather than performing the tasks those systems are replacing.
China is narrowing the gap with the United States on AI performance while spending a fraction of what American companies invest in compute. The country has no interest in slowing the adoption of AI in its economy. China launched a months-long enforcement campaign against AI misuse in 2026, targeting deepfakes, fraud, and disinformation, and has introduced mandatory labelling standards for AI-generated content and new regulations governing AI chatbots and virtual human services.
The government’s approach is not to restrict AI but to regulate its applications while ensuring that the economic benefits do not come at the expense of social stability. China’s urban youth unemployment rate reached 15.3 per cent in March, and the political sensitivity of mass layoffs in an economy that is already struggling with deflation, a property crisis, and weak consumer demand makes the court rulings as much about maintaining order as about interpreting contract law.
The United States has no equivalent protection. American employment law operates on an at-will basis in every state except Montana, meaning employers can terminate workers for any reason that is not specifically prohibited by statute, and being replaced by AI is not a prohibited reason.
A Senate bill has been introduced that would require companies to file quarterly reports to the Department of Labor identifying how many employees were laid off because their functions were automated by AI, but the legislation has not passed and is not expected to in the current Congress. Illinois requires employers to notify workers if AI is used in hiring, discipline, or discharge decisions. Colorado’s AI Act, taking effect in mid-2026, mandates risk management policies and annual assessments of AI’s impact on employment decisions. Neither state has enacted anything resembling what Chinese courts have established: a legal principle that says AI replacement alone is not grounds for firing someone.
The European Union’s AI Act addresses AI in employment by classifying AI systems used for recruiting, screening, performance evaluation, and other workplace decisions as high-risk, subject to requirements for human oversight, worker notification, and logging. The high-risk obligations take full effect in August 2026. But the AI Act does not prohibit AI-driven layoffs. It regulates how AI is used in employment decisions, not whether a company can eliminate positions because of AI.
The European Trade Union Confederation has called for stronger protections, and legal scholars have proposed a European AI Social Compact that would combine employment support, training, and social protections to cushion displacement. None of these proposals have been enacted. The gap between China’s position and the West’s is not that Europe and America are unaware of the problem. It is that they have chosen, so far, not to solve it through the courts or through legislation.
The Chinese rulings create a legal framework that is coherent on its own terms but produces a genuine tension for companies operating in the country. If AI adoption is a strategic business choice rather than an unforeseeable change in circumstances, and if strategic business choices cannot justify termination, then companies that invest in AI systems that automate existing roles must either retrain the workers those systems replace, reassign them to equivalent positions at equivalent pay, or continue employing them in roles that the company has determined are no longer necessary.
The courts have said that the costs of technological transformation should not be borne solely by workers. The implication is that they should be borne by the companies that chose to transform.
What AI is actually doing to jobs is more complicated than the headlines suggest. Roughly 71 per cent of European firms are reconsidering job responsibilities because of AI, but reconsidering is not the same as eliminating. Klarna fired 700 customer service workers and replaced them with an AI chatbot in 2024, only to begin rehiring human agents in 2026 after repeat contacts jumped 25 per cent and customer satisfaction deteriorated on complex interactions. The CEO admitted publicly that the strategy had failed.
The pattern across the early adopters is that AI replaces tasks more effectively than it replaces jobs, and that the companies which cut deepest are often the first to discover that the remaining human work, the judgment, the escalation, the context that the model cannot hold, is more valuable than they estimated when they decided to automate.
China’s courts have not said that companies cannot use AI. They have said that companies cannot use AI as a pretext to fire people. The distinction matters because it forces a specific organisational behaviour: if you automate a role, you must find another role for the person who held it, at comparable terms. That is expensive. It is also, the courts have decided, the law.
Whether it makes Chinese companies less competitive or more resilient will depend on whether AI actually replaces the workers or merely changes what the workers do. The early evidence, from Klarna to the 78,000 layoffs to the courts in Hangzhou and Beijing, suggests that the answer is not yet clear, and that China has decided it would rather err on the side of the worker until it is.
In a lab room, a toddler, deaf from birth, sits while a tone plays. There’s no reaction. His face does not change.
Six weeks later, after a single injection of an experimental gene therapy, the same toddler is back in the same room. The tone plays. The toddler’s head turns toward the sound. And somewhere just off screen, the child’s grandfather says his name. The boy turns and looks. He can hear.
“When the parents realized their child had a response to sound they cried,” says Dr. Yilai Shu of the Eye & ENT Hospital of Fudan University, who co-led the trial, in a video that showed the results. “The whole family cried.” The video cuts to another child, thirteen weeks post-treatment, dancing to music.
This is what gene therapy can do in 2026. The clip comes from the international clinical trial of an OTOF gene therapy run by Mass Eye and Ear and China’s Fudan University that provided the underlying science behind a drug the Food and Drug Administration (FDA) approved last week.
On April 23, the FDA granted accelerated approval to Otarmeni, a gene therapy from the pharma company Regeneron for severe-to-profound hearing loss caused by mutations in a gene called OTOF. In a pivotal trial, 80 percent of treated patients gained measurable hearing, and 42 percent reached the level needed to pick up whispers. Two and a half years after treatment, 90 percent of patients in the underlying multi-center trial were still hearing.
It’s a drug that certainly feels like a miracle to those in the trials, taking patients from silence to sound. But what can feel almost as miraculous is how far the broader field of gene therapies like Otarmeni — which deliver a working copy of a broken gene directly into a patient’s cells — have come.
In 1999, the nascent field of gene therapy all but collapsed when a teenager named Jesse Gelsinger died four days after being injected with an experimental gene therapy at the University of Pennsylvania, the first publicly identified death in a gene therapy clinical trial. In the years that followed, funding evaporated, careers ended, and “gene therapy” became a cautionary tale.
It took years and major changes in how gene therapies are delivered for the field to recover. And now, 27 years after Gelsinger’s tragic death, we have a gene therapy that can effectively reverse some kinds of congenital hearing loss. The next decade is no longer about whether gene therapy can deliver clinical results. It’s about whether it can deliver results to enough patients, at prices people can actually pay, for diseases that affect more than a few hundred kids a year.
Get those answers right, and what feels like a miracle to some in 2026 could become ordinary medicine.
After Gelsinger died, the FDA halted gene therapy trials in the US, the National Institutes of Health tightened oversight, and the principal investigator of the Penn study — James Wilson — was barred from clinical trials for five years and stripped of his administrative titles. In the lean years that followed, two things happened.
The first was a change in delivery. Gene therapies use engineered viruses to deliver restorative genes to a patient’s cells. The therapy used on Gelsinger was carried by an adenovirus, which are highly immunogenic, meaning the human immune system recognizes them and reacts violently. It was that immune reaction that killed Gelsinger.
In the aftermath, the field increasingly turned to adeno-associated viruses (AAV), which are smaller, more tolerable, and capable of slipping a payload into the right cells without setting off a five-alarm immune reaction. AAV vectors are now the workhorse of in vivo gene therapy, including in Otarmeni.
The second thing that happened was CRISPR. Adapted in 2012 by Jennifer Doudna and Emmanuelle Charpentier into a precision gene-editing tool, CRISPR could do something AAV could not: find a specific spot in the patient’s own DNA and rewrite the letters there, correcting the broken gene in place. CRISPR also earned gene therapy a cultural moment it hadn’t had since before Gelsinger. Money and talent flooded back into the field — including into the AAV programs that produced Otarmeni.
The clearest sign something has shifted in the field is the lengthening list of therapy approvals. In December 2017, the FDA cleared Luxturna for hereditary blindness from RPE65 mutations — the first gene therapy in the US for an inherited disease. Two years later, Zolgensma was approved for spinal muscular atrophy, a wasting disease that kills children before age two in its severe form. In 2022, Hemgenix made hemophilia B the first bleeding disorder with a one-shot fix. In 2023, Casgevy and Lyfgenia did the same for sickle cell, with Casegevy becoming the first FDA-approved CRISPR therapy.
The sickle cell approvals matter most because they are the first for a patient population that is large; 100,000 Americans suffer from it — mostly Black, and historically underserved. The gene therapies are also proof of concept that the underlying CRISPR mechanism can be redirected at multiple different targets. Verve Therapeutics is using base editing to permanently disable PCSK9, a gene that controls how much LDL cholesterol stays in the bloodstream, with the promise of one-time treatment instead of daily statins for patients at high cardiovascular risk. Early trial data showed a 53 percent average drop in LDL cholesterol. Trials are open for additional hereditary-blindness genes, Pompe disease, and a long list of single-gene conditions.
The science is working, but paying for it is another matter.
These are the list prices for the recent approvals: Luxturna at $850,000 per patient, Zolgensma at $2.13 million, Casgevy at $2.2 million, Lyfgenia at $3.1 million, Hemgenix at $3.5 million. Two-thirds of US sickle cell patients are on Medicaid, and only 16,000 are eligible for Casgevy under the current label. Regeneron has pledged to provide Otarmeni for free in the US, but that works only because the OTOF patient pool is small — an estimated 50 babies a year. That math won’t work for more common disorders.
While cost may not be a problem for the families that could qualify for Otarmeni, it’s not the only concern. Cochlear implants, the standard treatment for OTOF patients for decades, have been contested within Deaf culture since the 1980s, with many arguing that deafness should be seen as identity rather than deficit. Gene therapy applied to infants makes that question all the more fraught, since the children treated with gene therapy cannot consent to the change. And not everyone would make that choice.
Beyond economic and cultural questions, we lack gene therapy for Alzheimer’s, schizophrenia, or any of the polygenic — meaning, caused by multiple genes — conditions that cause massive amounts of suffering. The cochlear is a good gene-therapy target because it is small and accessible, and OTOF is a single-gene disorder. The brain and Alzheimer’s are neither of those things. The platform that is working in one child’s inner ear in 2026 is not about to deliver universal cures by 2030, or well beyond.
What gene therapies will do, however, is keep filling in the list. The next time a parent gets a rare-disease diagnosis for their child, the question will increasingly be not whether someone is working on a gene therapy, but how soon it will be ready.
A version of this story originally appeared in the Good News newsletter. Sign up here!
Perigus Energy, formerly part of Ørsted, has been established following Copenhagen Infrastructure Partners’ acquisition of Ørsted’s European onshore business.
A new onshore renewable energy company has launched in Europe following the completion of Copenhagen Infrastructure Partners (CIP)’s acquisition of Ørsted’s European onshore business, with Cork chosen as its European headquarters.
Perigus Energy already operates across Ireland, Germany, the UK and Spain, with a combined operational and under-construction capacity of 826MW and a multi-gigawatt development pipeline.
The company said Ireland is central to its new operations. Perigus has 373MW of operational onshore wind farms across the island, with a further 179MW currently under construction. Its people, assets and development pipeline here are unaffected by the acquisition.
Two Irish projects are set to reach key milestones in the near term, according to Perigus. The Garreenleen solar project in Carlow, the company’s first solar project in Ireland, is due to be energised this month and will generate 81MW of clean electricity, enough to power around 29,000 homes.
In Tipperary, the Farranrory wind farm is expected to be fully operational later this year, adding nine turbines and 43.2MW of capacity.
Perigus Energy has also secured planning permission for the Brittas wind farm in Tipperary, consent for the 170MW Cappakeel solar farm in Laois, and “provisional success” for the Lodgewood battery energy storage project in Wexford following the latest EirGrid and SONI capacity market auction.
TJ Hunter, Perigus managing director for Ireland and the UK, said the Cork headquarters decision reflects both the company’s heritage and long-term ambitions on the island.
“While our name is new, we are an experienced team with a proven track record of delivery in Ireland since the opening of Owenreagh wind farm in Co Tyrone in 1997,” he said.
CEO Kieran White described the launch as “a very exciting next chapter”, adding that CIP’s backing would enhance the company’s ability to deliver across its investment-ready pipeline spanning wind, solar and battery storage.
Perigus Energy employs more than 200 people across offices in Ireland, Germany, the UK and Spain.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
This week on the GeekWire Podcast: What it was like inside the Oakland federal courthouse where Elon Musk is suing OpenAI, Sam Altman, and Microsoft, with jury selection revealing just how hard it is to find anyone neutral about Musk these days.
Meanwhile, Microsoft and OpenAI restructured their partnership the same morning the trial began — and less than 24 hours later, OpenAI’s models landed on Amazon’s cloud.
Then, Microsoft and Amazon both dropped blockbuster earnings, with Azure up 40%, AWS posting its fastest growth in 15 quarters, and the two companies combining for nearly $400 billion in capital spending this year alone.
We also discuss a wild Semafor story about a serial entrepreneur who handed his entire life over to an AI agent that now emails people as him, sets up meetings without his knowledge, and even ordered him a computer.
Plus, the story of how Seattle’s Flying Fish Partners — a VC firm with less than $250 million under management — hustled its way into a $1.1 billion seed round alongside Sequoia, Google, and Nvidia. Then we tackle the quickly debunked rumor that Mark Zuckerberg and Tim Cook might buy the Seahawks. And finally, the return of the GeekWire Trivia Challenge.
Subscribe to GeekWire in Apple Podcasts, Spotify, or wherever you listen.
Audio editing by Curt Milton.
Nexalus was founded by Dr Tony Robinson, Kenneth O’Mahony and Dr Cathal Wilson.
Trinity College Dublin spin-out Nexalus is collaborating with Canadian defence infrastructure manufacturer TuffTek to develop “next-generation” liquid-cooling platforms.
Nexalus’s cooling systems help control temperature in massive thermal energy-generating infrastructure, including data centres, high-performance computing (HPC) facilities and Formula 1 racing.
The Cork-based start-up was founded by Dr Tony Robinson, Kenneth O’Mahony and Dr Cathal Wilson in 2018.
The partnership will develop cooling platforms for HPCs and AI, for modern defence and security operations, reflecting a growing need for infrastructure that can perform in high-intensity environments, a joint press release from the companies read.
Under the collaboration, Nexalus will lead the design and integration of advanced liquid cooling architectures, enabling TuffTek’s platforms to support higher compute densities.
“This collaboration with TuffTek is about applying Nexalus’s engineering solutions in some of the most demanding use cases globally,” said O’Mahony, the company’s CEO. He is also a board member with Irish Manufacturing Research, having previously represented I2E2 as its chairperson.
“By integrating advanced liquid cooling into TuffTek’s ruggedised, deployable platforms, we are enabling a new standard for performance and efficiency at the edge for a rapidly growing market.”
The company’s technology was recognised as part of Fast Company’s 2025 World Changing Ideas list and Time Magazine’s list of best inventions of 2025.
TuffTek founder and CEO John Kadianos said that the collaboration is focused on solving “real operational challenges” in defence environments.
“As compute requirements increase at the edge, thermal management becomes a limiting factor. Nexalus brings a highly innovative approach that allows us to deliver more capable, reliable systems for our customers.”
TuffTek designs its products for critical operations in harsh environments, such as mining, oil and gas.
Nexalus has been previously featured on SiliconRepublic.com’s list of pioneering Irish start-ups.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
Hacktivists have claimed responsibility for taking down the public-facing infrastructure of popular Linux operating system distribution Ubuntu, as well as Canonical, the company that develops and maintains the software. The attack began on Thursday, and affected services that Ubuntu users rely on.
“Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it. We will provide more information in our official channels as soon as we are able to,” the company said on its website.
The hacktivists are believed to have launched a distributed denial-of-service, or DDoS, a crude but often effective attack that consists of flooding a target with junk traffic until it overloads or crashes.
Ubuntu developers have been discussing the attack on an unofficial Ubuntu community forum, claiming that the attack affects Ubuntu’s security API, and several Ubuntu and Canonical websites. According to a post on a threat intelligence forum, the DDoS attack has also made it impossible for users to update and install Ubuntu. TechCrunch verified that updates failed to install on a test device running Ubuntu.
As of this writing, the outage has been ongoing for around 20 hours.
When contacted, Canonical spokesperson Lelanie de Roubaix reiterated what the company said on is website.
Hacktivists calling themselves The Islamic Cyber Resistance in Iraq 313 Team claimed on its Telegram channel that it was to blame for the DDoS attack.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
The hackers claimed to be using Beamed, a DDoS-for-hire service. These types of services, also called booters or stressers, allow anyone to pay to launch DDoS attacks, even if they have no technical skills nor the necessary infrastructure to flood targets with bogus traffic. The DDoS-for-hire service in this case claims to power attacks in excess of 3.5 Tbps, which is about half of the bandwidth of a cyberattack that Cloudflare last year called the “largest DDoS attack ever recorded.”
For years, authorities such as the FBI and Europol have played a game of whack-a-mole against these services, taking down and seizing domains, and sometimes arresting the people behind them.
This story was updated to include Canonical’s response.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Steam on Linux use in March “had skyrocketed to 5.33%…” reports Phoronix, “easily the highest level we’ve seen Steam on Linux at since its inception more than a decade ago.”
So what happened in April?
[April’s results] point to Linux having a 4.52% marketshare on Steam, a drop of 0.81% compared to March. Year-over-year it’s roughly double with Steam on Linux in April 2025 being at 2.27%. Or two years ago for April 2024, Steam on Linux was at 1.9%.
“They don’t make them like they used to” is a phrase that can apply to just about anything. For gear-heads feeling nostalgic about older cars, it’s a phrase that never seems to go away. This is especially true when comparing today’s cookie-cutter engines versus the selection that drivers had in ridiculously overpowered vintage cars. Part of the reason engines have changed and choices have been reduced is due to U.S. EPA standards.
Those standards are set by the Clean Air Act, which gives the U.S. Environmental Protection Agency authority to regulate vehicle emissions. This is done through strict federal requirements that directly influence vehicle design and engine development. As a result, car manufacturers are pushed to produce a more limited range of engine types. Corporate Average Fuel Economy (CAFE) standards are also in play. CAFE requires automakers to meet fleet-wide efficiency targets, which leads to shared engine designs being used across an entire lineup of vehicles.
As automakers worked to satisfy these standards, modern advances like turbocharging and fuel system improvements allowed for engine downsizing. This means smaller engines can produce performance similar to that of larger engines. In fact, there are even small engines with more power than muscle car V8s. So thanks to today’s technology, car manufacturers do not necessarily need to design multiple engine types when fewer can cover the same performance requirements.
Multiple large-displacement engine types were once the norm in the automobile industry. In fact, these engines were in demand for a variety of different vehicles, like old school muscle cars. This includes the big block V8 engine, which was once a major focus for automakers. It was a standard approach taken by many manufacturers, who were unrestricted by emissions and fuel economy regulations.
There is a common belief that smaller engines get better fuel efficiency than larger engines. After all, those older V8s could get very thirsty, which means you’d be filling up quite often. But fuel economy involves a lot more than just engine size. It’s influenced by several factors, like vehicle weight, transmission, technology differences, and even driving habits. So even if you have a car with a larger engine, it doesn’t mean you’re not getting good fuel efficiency.
There are still some U.S. automakers that give you options, depending on the vehicle. But those options are often restricted to the same model, and not widespread across the board. For example, Ford offers multiple engine choices within the F-150 lineup for 2026, ranging from a 2.7L EcoBoost V6 with 325 horsepower, up to a 3.5L High Output EcoBoost V6 with 450 horsepower. So if you’re interested in finding a car or truck with a bigger engine, it’s a good idea to check the manufacturer’s website first and then go from there.
A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums as an improved technique that automates attacks against Microsoft Azure.
The first version of ConsentFix was presented by Push Security last December as a variation of ClickFix for OAuth phishing attacks, which tricks victims into completing a legitimate Microsoft login flow via the Azure CLI.
Using social engineering, the attacker fooled victims into pasting a localhost URL containing an OAuth authorization code that can be used to obtain tokens and hijack the account without passwords, despite multi-factor authentication (MFA).
ConsentFix v2 was developed by researcher John Hammond as a refined version of Push’s original, replacing manual copy/paste with drag-and-drop of the localhost URL, making the phishing flow smoother and more convincing.
ConsentFix v3 preserves the core idea of abusing the OAuth2 authorization code flow and targeting first-party Microsoft apps that are pre-trusted and pre-consented.
However, it brings an improvement by incorporating automation and scalability.
According to information retrieved from hacker forums where the new technique is promoted, the attack begins by verifying the presence of Azure in the target environment by checking for valid tenant IDs.
This is followed by gathering employee details such as names, roles, and email addresses to support impersonation.
Next, the attackers create multiple accounts across services such as Outlook, Tutanota, Cloudflare, DocSend, Hunter.io, and Pipedream to support phishing, hosting, data gathering, and exfiltration operations.
Push Security researchers explain that Pipedream, a free-to-use serverless integration platform, plays a central part in automating the attack, serving three critical roles:
In the next phase, the attacker deploys a phishing page hosted on Cloudflare Pages that mimics a legitimate Microsoft/Azure interface and initiates a real OAuth flow through Microsoft’s login endpoint.
When the victim interacts with the page, they are redirected to a localhost URL containing an OAuth authorization code, which they are tricked into pasting or dragging back into the phishing page.
This enables the data exfiltration pipeline, in which the page sends the captured URL to a Pipedream webhook, and the backend automation immediately exchanges the authorization code for tokens.
The phishing emails can be highly personalized, generated from harvested data, and feature malicious links embedded inside a PDF hosted on DocSend to improve credibility and bypass spam filtering.
In the post-exploitation stage, the obtained tokens are imported into Specter Portal, allowing the attacker to interact with compromised Microsoft environments and access resources permitted by the token, such as email, files, and other services tied to the account.
Push Security noted that its testing of ConsentFix v3 relied on its personal Microsoft accounts; as a result, it is difficult to fully appreciate the impact, which depends on permissions, services, and tenant settings, among other factors.
In terms of mitigating ConsentFix risks, Push notes that the endeavor is complicated because trust in first-party apps is architectural, and that Family of Client IDs (FOCI), Microsoft applications that share permissions and refresh tokens, is useful otherwise.
However, there are still steps administrators can take, such as applying token binding to trusted devices, setting up behavioral detection rules, and applying app authentication restrictions.
While ConsentFix attacks are used in actual campaigns, it is unclear if the v3 variant has gained any traction among cybercriminals yet.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
A garlic-herb salmon with risotto was probably the best among the family meals I tried. The chopped asparagus was less than visually appealing when drizzled in garlic butter, but still tasty and a bit crisp. The salmon was tender and flaky. And the sweet pea risotto had no choice but to be delicious. There was so much cheese, butter, and lemon it was pretty much a concert of fats and acid.
That chicken parm was likewise a mountain of cheese and salt. It reminded me, pleasantly, of countless family meals I had as a child in the 1980s: cheese-topped chicken, garlic bread, shells stuffed with ricotta and topped with even more cheese. The big difference is that there is simply no way my mother would have cooked this meal without a vegetable.
.PNG)
Toval app via Matthew Korfhage
And nutrition is where Toval runs aground a little. The nutritional notes on that chicken parm meal betray 2,300 milligrams of sodium per serving, pretty much the entire daily allowance for an adult human. This is also on par with comparable servings of Stouffer’s meat lasagna. The Tovala meal also carried about 10 times the cholesterol as Stouffer’s.
Many other meals followed a similar pattern, loading up on fats and salt in order to make meals tasty. The net effect is that it’s a lot more like rich restaurant food than what most people prepare at home. Whether this is a good or a bad quality is up to you.
Only one meal of the seven I tried failed utterly: I flagged a teriyaki chicken dinner to my editor as a possible cultural crime against Japan. The meal was sweet soy drenching pale and steaming chicken, with an implausible side of thick egg rolls and some loose, unseasoned broccoli. It felt like the “Japanese” food you’d get at a mall food court in the ’90s. But again, this was a rare major misstep.
A more pernicious issue, in meals designed for the whole family, is the near-universal high-fat, cholesterol, and sodium content. Many with the income and inclination to eat hearty, low-effort meals like the ones from Tovala are either parents with children, or people in the retirement bracket. Each has their own reason to desire a little more nutrition, and less fat and salt.
By the end of a couple of weeks of testing recipes, I’ll admit I felt a little relieved. I was grateful to feel my arteries slowly reopen. Tovala’s culinary model makes a lot of sense to me, as a smart way of splitting the difference between prepared meals and fresh food. And the company has proven it can cook well. It might be nice if they’d also cook a diet that felt more sustainable.
Power up with unlimited access to WIRED. Get best-in-class reporting that’s too important to ignore. Includes unlimited digital access and exclusive subscriber-only content. Subscribe Today.
Register Renaming | Hackaday
Hyperliquid $HYPE Rally Builds Momentum as AI Sector Enters Prove-It Phase
Drax board avoid their own AGM, accused of greenwashing & environmental racism
Why Blue Badges Disappeared From Toyota Hybrids
Images of Samsung’s rumored smart glasses have leaked
IPL 2026: Ruturaj Gaikwad registers slowest fifty of the season, enters all-time unwanted list | Cricket News
Trump’s 25% EU auto tariff breaches Turnberry Agreement that also covers semiconductors and digital trade
LK Bennett closes all stores after entering administration
Kylie Jenner’s KHY Enters a New Era with ‘Born in LA’
Mariah Carey Slams Deposition Claims In Brother’s Lawsuit
Most Commercial Energy Audits Miss the Real Losses
CFTC’s AI will review U.S. crypto registration applications, chairman tells CoinDesk
(VIDEO) Charlize Theron Climbs Times Square Billboard to Promote New Netflix Thriller ‘Apex’
Barclay Brothers Avoid Bankruptcy: HSBC Drops High Court Petitions After IVA Deal
Paul Scholes issues Marcus Rashford reality check as agreement emerges over Man United star
Microsoft to roll out Entra passkeys on Windows in late April
OpenAI’s Sam Altman apologizes for not reporting ChatGPT account of Tumbler Ridge suspect to police
Tesla Officially Registers Elon Musk’s Stock: What Investors Need to Know
OpenAI CEO apologizes to Tumbler Ridge community
Get Ready for More Brain-Scanning Consumer Gadgets
You must be logged in to post a comment Login