Microsoft has clarified that PCs failing to update to the 2023 Secure Boot certificates by the June 2026 deadline will not be bricked. These devices will continue to boot normally and receive standard Windows updates, but they will lose the ability to process future boot-level security revocations. This transition is necessary because the original 2011 certificates are expiring, preventing the firmware from blacklisting newly discovered malicious bootloaders.

Source

A new wave of malicious packages on the npm and PyPI repositories is employing "indirect prompt injection" to disrupt AI-assisted malware analysis. Researchers identified that the Hades campaign and specific packages like shai_hulululud embed large blocks of deceptive text within non-executable code comments. This technique targets LLM-based triage pipelines by including forbidden topics or repetitive "token flooding" designed to trigger safety refusals or system timeouts.

Source

Anthropic has introduced a beta feature for Claude Code that transforms AI coding sessions into live, shareable web pages called Artifacts. Available to Team and Enterprise subscribers, these pages allow teammates to monitor an AI agent's progress in real time through a private URL. This functionality addresses a visibility gap by moving session outputs from a local terminal into a browser-based environment for easier inspection.

Source

Microsoft is testing a new feature in Windows 11 Insider Build 26300.8697 that allows users to completely disable Bing web results and Microsoft Store suggestions within the taskbar search. This change is located under a new "Show suggested search results" section in the Search privacy settings, providing independent toggles for web and store content. By removing these external dependencies, the search interface becomes significantly less cluttered and prioritizes local files, settings, and installed applications.

Source

Systemd 261 introduces a new cloud Instance Metadata Service subsystem featuring the systemd-imdsd daemon. This service provides a unified local interface for accessing metadata across various providers like AWS, Azure, and Google Cloud, reducing the need for provider-specific tools. Administrators can now restrict direct network access to cloud metadata endpoints to enhance security against request forgery and unauthorized access.

Source

Researchers from Wake Forest University recently analyzed 444 iOS applications that integrate Large Language Model features. The study revealed that 282 of these apps exposed exploitable credentials or backend access mechanisms. These vulnerabilities were found across 13 different categories, including productivity, education, and lifestyle tools.

Source

AI coding agents like Claude Code and Cursor have the capability to edit files and execute terminal commands directly on developer machines or in CI/CD environments. These tools often operate with significant privileges, creating a new attack surface where malicious instructions can be disguised as legitimate system data. A lack of visibility into these automated actions makes it difficult for organizations to monitor for unauthorized or suspicious behavior.

Source

Microsoft recently released version 2.38 of the Microsoft Graph PowerShell SDK and version 3.10 of the Exchange Online Management module. While these updates introduce new capabilities, they have also exacerbated critical assembly clashes between the two modules. It is currently impossible to run the latest versions of both modules within the same PowerShell session without triggering authentication or null reference errors.

Source

The Trump administration has reconsidered its designation of Anthropic as a national security threat following a brief but intense regulatory standoff. The conflict originated from an export control directive that required the AI startup to block foreign access to its most advanced models, Fable 5 and Mythos 5. Because Anthropic lacked a reliable method to restrict access solely to American users, the company temporarily disabled both models entirely to ensure compliance.

Source

ClawHub serves as a plugin and skill registry for AI agents like OpenClaw and Claude Code, utilizing npm-style scopes to identify package owners. These scopes, such as @openclaw and @clawhub, are intended to act as trust signals that verify the provenance of code. However, a lack of enforcement allowed unauthorized accounts to publish plugins under these official organizational namespaces.

Source

Yann LeCun, the founder of AMI Labs and a pioneer in the field, has characterized Elon Musk’s xAI as a failure. He argues that the departure of the company's entire founding team has severely compromised its ability to recruit the top-tier talent necessary for high-level innovation. Consequently, LeCun believes xAI will struggle to remain competitive against industry leaders like OpenAI and Anthropic.

Source

The CEOs of Anthropic, Google DeepMind, and OpenAI met with G7 leaders to advocate for a United States-led international coalition focused on artificial intelligence governance. During a closed-door session in France, industry leaders proposed that Washington take the primary role in establishing global rules and safety standards. This initiative aims to harmonize how nations test and deploy advanced models while managing the significant risks associated with the technology.

Source

Amazon has acknowledged that its proprietary artificial intelligence models currently lag behind the industry-leading frontier systems developed by OpenAI and Anthropic. Peter DeSantis, the executive overseeing Amazon’s AI and chip divisions, stated that the company’s models have not yet met the requirements for the most demanding enterprise workloads. Despite this gap, the company expects to be in the conversation regarding leading frontier models within the next year.

Source

Intel and AMD have released the official specification for AI Compute Extensions, or ACE, a standardized instruction set for future x86 processors. Developed through the x86 Ecosystem Advisory Group, these extensions aim to accelerate matrix multiplication and machine learning workloads directly on the CPU. By establishing a common technical standard, the two rivals intend to prevent market fragmentation and provide a consistent target for software developers.

Source

OpenAI has launched a new feature called Record & Replay for its Codex application on macOS. This tool allows users to demonstrate a specific digital workflow once while the AI agent observes the actions. Codex then converts that recorded sequence into a reusable skill that can be executed autonomously in the future.

Source

Maintaining current security intelligence is essential for Microsoft Defender Antivirus to identify and neutralize emerging threats effectively. Administrators can define a specific fallback order for update sources to ensure endpoints remain protected even if a primary connection fails. Available update locations include Microsoft Update, Windows Server Update Services (WSUS), Microsoft Configuration Manager, network file shares, and the Microsoft Malware Protection Center.

Source

A coalition of enterprise technology leaders including Microsoft, Google, and Salesforce has introduced the Agentic Resource Discovery (ARD) protocol. This open standard establishes a universal discovery layer that allows AI agents to automatically identify and invoke corporate tools across fragmented software environments. By utilizing a system of catalogs and registries similar to DNS, the framework eliminates the need for developers to hardcode manual connections between different applications.

Source

AMD has announced it will reinstate Transparent Secure Memory Encryption (TSME) for consumer-grade Ryzen 9000 desktop processors via a BIOS update in July. This decision follows significant community feedback after the feature was quietly removed in a recent firmware update. TSME, which AMD brands as Memory Guard for its professional product lines, provides a hardware-based layer of protection for data stored in system memory.

Source

Microsoft is shifting its strategy by reducing the mandatory use of Microsoft accounts across its ecosystem. A significant update to the Microsoft 365 Roadmap reveals that Microsoft Edge will soon allow users to sign in using a Google account instead of a Microsoft account. This feature, expected to roll out in July 2026 for Windows and macOS, aims to lower the barrier for Chrome users considering a switch to Edge.

Source