Bug or feature? A design flaw or expected behavior based on a bad design choice, depending on who is telling the story baked into Anthropic's official Model Context Protocol (MCP) puts as many as 200,000 servers at risk of complete takeover, according to security researchers.

Large organizations pushed toward metered pricing UPDATED More bad news for Claude users. Anthropic has revised its seat-based pricing for enterprise customers, shifting them to a new pricing plan upon contract renewal.

Client connects to deepset's Haystack platform Mozilla has declared war on OpenAI, Microsoft, and other firms flogging enterprise AI platforms with an open-source alternative it says provides data privacy guarantees proprietary products never could.

'I think you can run this thing on a potato,' NodeWeaver CTO Alan Conboy said. Broadcom's price increases and policy changes have led many VMware customers to look for other options. Nodeweaver is positioning itself as an alternative for customers running computing workloads in far-flung edge locations, from cruise ships to solar farms in Sub-Saharan Africa, and it is taking cost out of the hardware needed as well.

If there's one thing folks want less than Copilot in their taskbar, it's a bit barn in their backyard Loud, thirsty, power hungry, and intensely unpopular with neighboring residents: datacenters are becoming the new nuclear waste dump. And many localities are now saying "not in my backyard."

Social engineering: 'low-cost, hard to patch, and scales well' North Korean criminals set on stealing Apple users' credentials and cryptocurrency are using a combination of social engineering and a fake Zoom software update to trick people into manually running malware on their own computers, according to Microsoft.

Worse: Anthropic is using Persona, a privacy checker that rings alarm bells for the paranoids on Reddit Anthropic may check your ID before letting you access certain Claude features, and the verification vendor it has picked is the same outfit that sparked controversy when Discord tested similar checks.

Batching teensy changes in chunks creates massive performance boost, DuckDB Labs team claims The team behind in-process OLAP database DuckDB has put forward a solution to the "small changes" problem that they say plagues lakehouse implementations of the kind based on technologies from Databricks, Snowflake, Google, and others.

Shame about the internet blackouts and airstrikes North America has some of the world's most expensive broadband, according to a new study, while Iran has the cheapest.

Fortune 500 companies and one US defense contractor got taken for $5m in four- year scam Two Americans have been jailed for a combined 200 months for helping North Korea generate $5 million through fraudulent IT worker schemes.

Includes a to-do list on search data sharing and platform access as DMA enforcement ramps up Brussels has told Google to open up its search data and give rivals equal footing on its own platforms, sketching out how it expects the tech giant to comply with the bloc's competition rulebook.

When the taxpayers are wondering whose side you are on... Britain's government faces a public backlash against AI unless it can show ordinary people that they stand to benefit from its push to inject the technology into every area of the UK in the name of growth.

Latest version points to a shift in how Microsoft thinks about IDEs Visual Studio 2026 18.5 arrives with two headline changes a smarter code suggestion system and an AI-powered debugger. Yet developer frustration over color contrast and forced updates continue to overshadow the improvements.

Forged metadata made AI reviewer treat hostile changes as though they came from known maintainer Security boffins say Anthropic's Claude can be tricked into approving malicious code with just two Git commands by spoofing a trusted developer's identity.

Publisher claims misconfigured Salesforce-hosted page leaked data Textbook giant McGraw Hill has landed on a ransomware crew's leak site after an alleged Salesforce-linked misconfiguration spilled 13.5 million records into the wild.

Giant UAV package will include strike, recon, logistics, and maritime systems The UK government says it will deliver at least 120,000 drones to Ukraine this year to help it fight against Russia.

Just migrate already, would you? But if you can't, Redmond will take your cash Microsoft will keep delivering security updates for old versions of Exchange Server and Skype for Business Server, after admitting that some customers aren't ready to make the move to newer products.

Deciphering the third transport protocol's four RFCs is a task to rival the proverbial blind man trying to understand an elephant While Larry was producing most of the content for the "Request/Reponse" chapter for the next edition of our book, I took the lead on writing a section on QUIC, since I have closely followed its development.

Backup and Sync may be dead, but it still knows how to kill the buzz before the ukuleles start Bork!Bork!Bork! Sweden is arguably the home of bork think the Swedish Chef from The Muppets so we are delighted to note an example of the breed turning up north of Stockholm.

Biz as usual for Brit public sector: ESN replacement is 12 years late and 3B over budget UK police tech buyers have awarded a 25 million no-competition contract for communications technology first commissioned in 2000, with the replacement project 12 years behind schedule and 3 billion over budget.

Here comes 'enterprise vibe coding' as CRM giant aims to open development to anyone on the platform Salesforce has introduced what it calls Headless 360 at its developer event TDX, which starts today in San Francisco, designed to expand the reach of its app-building tools beyond traditional developers.

Your cybersecurity is only as good as the physical security of the servers PWNED Welcome back to Pwned, the column where we immortalize the worst vulns that organizations opened up for themselves. If youre the kind of person who leaves your car doors unlocked with a pile of cash in the center console, this weeks story is for you.

Private Shinkansen suites are pulling up to the station in October Some Japanese bullet trains will soon be equipped with private suites that include windows with embedded 5G antennas and noise-cancelling technology that envelops passengers in a bubble of quiet.

Services giants staff accused of assaults, inappropriate religious practices Police in the Indian city of Nashik conducted a sting operation at Tata Consultancy Services and allegedly found instances of sexual harassment and other revolting behavior.

Browser fingerprinting is everywhere Google markets its Chrome browser by citing its superior safety features, but according to privacy consultant Alexander Hanff, Chrome does not protect against browser fingerprinting a method of tracking people online by capturing technical details about their browser.

Like the majority of the companies participating, it remains a mystery Last week, Anthropic surprised the world by declaring that its latest model, Mythos, is so good at finding vulns that it would create chaos if released. Now, under the title of Project Glasswing, over 50 selected companies and orgs are allowed to test the hyped up LLM to find security holes in their own products. But just how many problems have they really discovered?

'LLMs should not be trusted for patient-facing diagnostic reasoning,' boffins advise People ask AI for all kinds of advice, including the kind of questions you'd ask a physician. However, the next time you're tempted to query ChatGPT if that growth on your face is skin cancer, consider this: research shows today's leading AI models fail at early differential diagnosis in more than 8 out of 10 cases.

Repair of bug that undercounted token usage leads to rapid exhaustion of subscription allowance Microsoft's GitHub last week told Copilot customers that they'd have to reduce their use of the AI service to ease the strain on company servers. This follows the company's discovery last month of a token counting bug that appears to have broken the company's pricing model.

Following in the footsteps of Long Island Iced Tea OPINION Back in December 2017, an obscure American soft drinks company changed its name from Long Island Iced Tea to Long Blockchain.

No reports of active exploitation (yet) Watch out for more Fortinet vulns! Two critical bugs in Fortinet's sandbox could allow unauthenticated attackers to bypass authentication or execute unauthorized code on vulnerable systems.

Kamila Szewczyk prefers old software, as back then people understood something could actually be finished No one can tell software developer Kamila Szewczyk that newer is better: She just fixed a 20-year-old bug in Enlightenment E16, the old-school Linux window manager she favors partly because, she tells us, it is actually finished software.

Study finds LLMs will smuggle biases into others even if they're scrubbed from training data New research warns about the dangers of teaching LLMs on the output of other models, showing that undesirable traits can be transmitted "subliminally" from teacher to student, even when they are scrubbed from training data.

Some customer orgs tell staff to block inbound email from the provider Autovista confirms that it called in outside support to help clean up a ransomware infection currently affecting systems in Europe and Australia.

Report says authorities are flouting rules by failing to disclose revenue lost to server farm subsidies Many US states and local authorities are violating generally accepted accounting principles (GAAP) by failing to disclose revenue lost to datacenter tax subsidy schemes, according to Good Jobs First.

Y'all been focusing on compute and forgot about how the data moves around AI is reshaping the demands on network infrastructure, and many organizations are not prepared including some of the so-called neocloud providers offering AI services.

We've all been there Bork!Bork!Bork! Windows is doing what it does best in California, with a Blue Screen of Death on the wall of a fast food restaurant where order progress is supposed to be.

Latest in a string of cases that have earned France an unfortunate title A mother and her ten-year-old son are now free after being kidnapped for around 20 hours while the father was being extorted for hundreds of thousands of euros.

Some on the Moon's surface, some in orbit. How does 5 years sound? Do-able, right nerds? The nukes-in-space ambitions of the current US administration have taken a step forward and the US Office of Science and Technology Policy has just published its hopes for who does what.

Vuln old enough to drive lands on CISA's exploited list While Microsoft was rolling out its bumper Patch Tuesday updates this week, US cybersecurity agency CISA was readying an alert about a 17-year-old critical Excel flaw now under exploit.

Command prefix will require password by default The latest version of Raspberry Pi OS now requires a password for sudo by default.