The Register

London's Metropolitan Police and Apple have agreed to share stolen device identifiers, building intelligence they hope will curb the capital's phone theft epidemic. These identifiers will help both organizations track which stolen devices reconnect to mobile networks, giving law enforcement better insight into where the criminal networks behind the thefts operate. The Met has access to stolen device information, such as serial numbers, provided by victims. Apple has access to data indicating when a device has been reactivated and where it's being used. Together, the two organizations believe this combined intelligence will help stamp down on the thefts that have ravaged London's streets for years, earning the city the unofficial title of "phone theft capital of Europe." "If stolen phones cannot be reactivated, their value collapses, and so does the incentive to steal them," said Metropolitan Police commissioner Sir Mark Rowley. "We are driving up the risk for offenders while cutting off the reward. "Policing is playing its part. In the West End, where this crime was most concentrated, phone theft has fallen by 50 percent through relentless, targeted policing. But we have also gone further by working directly with Apple to address the global market that has allowed this crime to thrive. "This is an important step, but it must not stop here. If you are stealing phones in London, the reality is changing fast. The opportunities are shrinking, the risks are rising, and we are determined to dismantle this criminal model completely." The intelligence-sharing pact follows months of pressure on both the Met and tech companies to take action. Dame Chi Onwurah, chair of the Science, Innovation and Technology Committee, wrote to Home Secretary Shabana Mahmood in December, asking why companies like Apple had not implemented cloud-based blocking or IMEI-linked device locks. Apple launched Stolen Device Protection in January 2024 and has since expanded default-on protections with the iOS 26.4 update, but there has long been a feeling that not enough was being done to tackle London's phone thefts. Rowley reiterated the ultimatum he issued to tech companies in March, demanding that they implement methods of reducing the value of stolen devices, or the UK will push through legislation. The collaboration with Apple is an extension of that, and the Met said Samsung and Google are also making security changes. Google uses several mitigations, including the need for authentication after a factory reset in order to return devices to working order, and an AI-powered feature that detects when devices are snatched and automatically locks the screen. A spokesperson at Google told The Register: "Android's theft protection features provide added security for billions of people, including Londoners. We have expanded default-on protections for UK devices, such as Remote Lock and Theft Detection, and we assist law enforcement with device recovery. Phone theft causes real distress and harm, and we work closely with the Met to protect all those who use our devices." Samsung said last year that it was working with the Home Office to deploy similar measures to tackle phone thefts. It implemented theft-detection tech similar to Google's that locks the screen when the device registers a possible snatching-related movement. It also requires biometric authentication to make security changes when devices are in unfamiliar locations, among other features. Not enough In spite of these actions, the Met announced today that it has asked the Home Office to start drafting anti-phone-theft legislation. "The Met has asked the Home Office to begin preparing legislation to introduce minimum technical standards so that any phone stolen in the UK is effectively unusable," it said. "These standards are complex, but we must be ready to act if industry fails to deliver. "Public support for stronger measures is clear, with 83 per cent of people backing the permanent blocking of stolen smartphones." It added: "While enforcement activity will continue, the Met is clear that the long-term solution lies in collapsing the criminal market." The Register has asked Apple to comment. A Samsung spokesperson said: "Samsung is fully committed to protecting customers with the very latest anti-theft feature technology. We recognise how distressing phone theft can be and have worked at pace to make a significant amount of security enhancements to help address this issue. "We would also like to reiterate that we have completed several requests from both the Home Office and the Met Police to demonstrate how seriously we take phone theft crime." The spokesperson added: "We believe this issue is a collective responsibility and we will continue to work with key stakeholders to help tackle phone-theft crime." The Met said it has almost halved rates of phone thefts in Westminster, with officers making hundreds of arrests and seizing thousands of devices. Thefts are down 45.8 percent, according to data gathered between January and May, although the picture across the wider city is a little less optimistic. The number of theft and robbery offenses in which a mobile phone was stolen has fallen by 14,000 in the last 12 months, representing an 18 percent decrease from the previous year. So far in 2026, overall offenses are down 20.6 percent compared to the same period in 2025. These arrests and seizures were secured through focused periods of enforcement action, namely through Operation Reckoning sprints, the fifth instalment of which concluded on Wednesday. The ten-day operational crackdown on phone thefts across London began on June 1 and resulted in the arrest of "prolific and violent phone thieves," the execution of search warrants at shops suspected of handling stolen devices, and the deployment of pursuit drivers to detain thieves on e-bikes. One visit to a single shop in April saw officers seize more than 1,000 suspected stolen phones and arrest four men between the ages of 22 and 63 on suspicion of handling stolen goods, as well as drug possession with intent to supply. Operation Reckoning is just one initiative targeting phone theft. The Met said last year that in September it dismantled a phone-robbing gang thought to be responsible for roughly half of all phone thefts in London – part of Operation Echosteep. ®

Great Marlow School in Buckinghamshire, England, has entered its second day of a shutdown following "a suspected malware incident." Only students sitting their GCSE and A-level exams – those in Years 11 and 13 – were permitted to attend on Wednesday, in line with their exam timetable, and the same goes for Thursday. Students in other years (Years 6-10 and Year 12) were told to stay at home and access what revision materials they can via Microsoft Teams as teachers are currently unable to set them any work. Those scheduled to take internal mock exams, students in Years 10 and 12, will sit them later in the year. Some extracurricular activities, such as Year 7's learn-to-row session, have been rearranged, although the 7 and 8 athletics event will go ahead on Thursday as planned. Great Marlow School's statement suggests it remains in the containment stage of its recovery, with limited access to systems. "As a precautionary measure, we have restricted access to elements of our network while we investigate the issue thoroughly and take the necessary steps to ensure the security and integrity of our systems and data," headteacher Guy Pendlebury said in a statement on the school's website on Tuesday evening. "We are responding in line with guidance from the Department for Education (DfE) and the National Cyber Security Centre (NCSC). Immediate action has been taken to contain the incident, and we are working closely with specialist IT and cybersecurity professionals to fully assess the situation and restore normal operations as quickly and safely as possible. Appropriate reporting procedures have also been followed." The school did not comment on whether the attack involved ransomware or if any of its data was presumed compromised. It adds to a grim week for cybersecurity in the education sector. A high school in Illinois also closed for two days this week due to a ransomware attack, but reopened on Wednesday, although its phone lines are still down. And Nottingham Uni confirmed it was the victim of Shiny Hunters. In Wales, 13 schools across the Powys region were affected by a cyberattack that is thought to have led to data theft from only one of these institutions. Powys council disclosed the attack on June 4, saying it was originally identified in April, and sensitive data belonging to students and school staff is suspected of being compromised. None of the 13 schools have closed, however. ®

National Savings & Investments (NS&I) is looking for a new chief executive to take charge of the state-backed savings institution as it attempts to steer a troubled £3 billion digital transformation program back on course. The government-owned bank has launched a search for a permanent successor to former chief executive Dax Harkins, who left earlier this year amid a scandal involving hundreds of millions of pounds in unclaimed funds owed to the estates of deceased customers. Whoever takes the job will get a salary of up to £220,000, a troubled digital transformation program, and what could be described as a challenging in-tray. While the recruitment notice highlights NS&I's 164-year history and its 24 million customers, it also acknowledges that the organization is wrestling with problems that extend well beyond attracting deposits. "Whilst NS&I is successfully meeting its targets for savings and funding for the Government, and service levels to most customers, it is undergoing a major transformation programme and has experienced significant operational failings recently," the job ad states. The successful candidate will take responsibility for Project Rainbow, NS&I's long-running modernization effort that Parliament's Public Accounts Committee tore into earlier this year. In February, MPs branded the program a "full-spectrum disaster" after costs ballooned from an original estimate of around £1.7 billion to approximately £3 billion. The committee concluded that NS&I lacked the capability to deliver the overhaul, had spent £43 million on consultants, and still did not have a credible integrated plan despite five years of work. MPs also questioned how a program originally expected to cost around £1.7 billion had risen to £3 billion while key elements remained unfinished. The new boss will be expected to turn that around. The advert promises "end-to-end accountability for transformation and performance of the organisation," handing the next chief exec responsibility for delivering a program that has already attracted intense scrutiny from Parliament. NS&I is also placing unusual emphasis on crisis management. Candidates are expected to demonstrate experience delivering "a major change/transformation programme within consumer facing industries, at scale," alongside a track record of managing operational issues, reputation management, and recovery. The advert goes further, stating it is "crucial that a highly capable, credible CEO is appointed to lead the organisation through these challenges and re-establish NS&I's reputation and standing as a trusted, efficient and effective national institution." Whoever lands the job will be tasked with proving that one of the government's most heavily criticized IT overhauls can still be rescued before Parliament decides the next chapter of Project Rainbow deserves an equally colorful nickname. ®

The University of Nottingham has confirmed a cyberattack on its student record system after the ShinyHunters crew claimed to have stolen tens of gigabytes of data from the Russell Group institution. "The University of Nottingham has been the victim of a cyber incident and a significant amount of data in our student record system has been accessed by a well-known cybercriminal group," a spokesperson told The Register. "We are working with the third party that maintains the platform to lead a forensic investigation. We understand that those affected will have concerns about what this means for their personal data and we will be offering advice and support to our students as we learn more. "We take the privacy and security of data that we hold seriously, and we have reported this incident to Action Fraud and the Information Commissioner's Office. The university will continue to provide them with further information as our investigation progresses." ShinyHunters claimed responsibility for the attack on Tuesday, saying they had stolen around 40 GB of the institution's data. It reckons this included billing and payment records, credit card and payment details, student finance data, and "campus portal exports." The criminal crew further claimed that the University of Nottingham's Malaysia and China campuses were also compromised. On Wednesday evening, breach notification service Have I Been Pwned added the 10 GB dataset leaked by ShinyHunters to its database, saying around 454,600 university-related email addresses were included. "Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information, including names, addresses, phone numbers, ethnicities, disabilities, passport numbers, and information relating to academic enrolments and fee payments," HIBP stated. Around the same time, the university acknowledged the attack publicly, saying it affected both current students and alumni. Individuals believed to be affected have been contacted directly, and the university has stood up a dedicated support line. The attack could hardly have come at a worse time for Nottingham, which is embroiled in a dispute with staff after confirming hundreds of redundancies over the next three years. University employees, including teaching staff, have revolted, protesting against the decision by refusing to mark students' assessments. The University and College Union (UCU) entered a period of industrial action on June 1, saying it would not end until July 31. This includes a two-month strike and a boycott of marking duties, similar to action taken by staff in 2022 and 2023. Students have just finished sitting their end-of-year exams, but potentially face having their degree classification decided by predictions based on prior grades, per the university's contingency plans, if staff continue to refuse to carry out marking duties. Alternatively, students can wait to receive their final results, but these will come later than their peers' – not just at Nottingham but at other UK universities – and leave them at a time disadvantage when applying for graduate schemes and entry-level jobs. UK education battered The attack on the University of Nottingham comes amid a spate of other incidents affecting UK schools. Powys council confirmed on June 4 that a cyberattack was affecting 13 schools in the Welsh county, and that data had been stolen from at least one of them. Additionally, Great Marlow School in Buckinghamshire entered its second day of a shutdown today after a "suspected malware attack" on the school forced it into a containment phase. Most students, other than those attending to take their GCSE and A-level exams, have been told to stay home, with teachers unable to set remote work. Students should access what revision materials they can via the school's Microsoft Teams network. ®

The UK Treasury will not say whether it will join the government's £1.7 billion finance and HR transformation strategy until December despite funding the program for five years. Savings from the so-called Matrix cluster of the shared service strategy are contingent on a bunch of departments – including His Majesty's Treasury (HMT) – adopting cloud-based finance and HR software from Workday. To do so, HMT would have to migrate from its customized version of Oracle Fusion. In a letter to a parliamentary spending watchdog, Jerome Glass, director general for the Future Civil Service at the Cabinet Office, said that following delays to the cluster's rollout of the new software, HMT's decision on whether to join had been put back. The Matrix cluster is led by the Department for Science, Innovation and Technology (DSIT), and includes the Cabinet Office (CO), Department for Energy Security and Net Zero (DESNZ), Department for Culture, Media and Sport (DCMS), Department for Business and Trade (DBT), Attorney General's Office (AGO), Department for Education (DfE), Department of Health and Social Care (DHSC), as well as HMT. In 2024, the Matrix cluster awarded Workday a contract for SaaS finance and HR software and Cognizant a system integration deal with a combined value of £144.3 million. Prime Minister Keir Starmer has told the departments to join their allocated shared service clusters. According to a report from the National Audit Office (NAO), published earlier this year, the Cabinet Office said it does not consider departments' joining shared services to be optional, and "departments cannot make the decision to move or leave a cluster without assessing value for money across government, nor the impact on the business case." Nonetheless, having agreed to fund the program with £1.15 billion since 2021, the Treasury is still making up its mind two years after the Workday contract was signed. In his letter to the Public Accounts Committee, Glass said HMT's accounting officers "must be satisfied that the proposal meets the standards set out in Managing Public Money," a government guide for financial management, "including delivering value for money for the Exchequer as a whole." He said HMT was working jointly with the Matrix program to "develop this evidence base." The plan was that departments in the cluster already using cloud-based systems (DfE and HMT) would not join until after the other departments. "HMT's onboarding has therefore always been planned on a longer timetable. Delays in the Matrix programme have had a knock-on impact on HMT receiving key documents and evidence, subsequently pushing back HMT's formal Accounting Officer sign-off decision," the letter said. The NAO has previously reported that aspects of the shared service program will see their go-live delayed from 2028 to 2029. Glass said HMT expected to receive the majority of the documentation "required to assess feasibility and the cost of service by the end of summer 2026." Provided there are no further delays, DfE and HMT should be able to make an "evidence-based decision" by December, he said. In an update earlier this year, the NAO said HMT and DfE had invested significantly in existing finance, HR, and commercial systems based on modern ERP platforms that are "highly configured to accommodate their requirements." Joining the Matrix shared service would "mean loss of some functionality as they seek to converge on data and processes and will have to bear an 'unnecessary cost' to develop their new processes," it said. The spending watchdog also pointed out that the Matrix cluster's business case includes the participation of both DfE and HMT in its financial assumptions. A "sensitivity analysis" revealed a reduction in the program's expected benefits from £185 million to £109 million if the two departments did not join. HMT disputed the calculations, the NAO said. HMT has provided funding for the whole shared service program for the spending review period up to and including the 2028-29 financial year. There are five clusters to the program, including Matrix, covering all Whitehall departments and arm's-length bodies, which have signed contracts totaling around £1.7 billion, some extending beyond the spending review period. Glass's letter said the clusters forecast that benefits from the Shared Services for Government Strategy would reach £4.37 billion over 15 years, broken down into £1.4 billion cashable benefits and £2.98 billion of non-cashable benefits. If the forecasts prove correct, it would be a good deal for the UK taxpayer. Some of the savings, though, will depend on HMT's willingness to join a program it agreed to fund. ®

PWNED Welcome, once again, to PWNED, the weekly screed where we highlight those who did not do the deed of securing their systems. If someone left their passwords or their access exposed, we will be writing about them here. Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request. This week’s terrifying tale of poor security hygiene comes courtesy of Luke Irwin, CEO and principal consultant at Aegis Cybersecurity. He’s been in the industry for more than a quarter of a century and he knows where the bits are buried. At one point, Irwin consulted for a company that was a large national facility services organization, a 2,000-employee firm that provided cleaning, security guards, industrial abseiling (cleaning the facade), and other things that other large businesses need to keep their physical plants running smoothly. The CEO had one very peculiar idea about how to keep his own house in order: he wanted to have access to every one of his employees’ login credentials. The chief executive had an Excel spreadsheet sitting right on his desktop with a complete list of all the employee usernames and passwords. Let that sink in for a second. One person had all the keys to the castle in a single, easily accessible file. In any decent security setup, no one in the company has access to anyone else’s password. Even the head of the IT department should not know another employee’s password. I say this as someone who used to work for a company where the IT department would ask you to DM them your password if you had computer problems. But this company’s CEO wanted the usernames and passwords for reasons I’m sure any of his employees would appreciate: so he could go into their email accounts! He had an experience where one colleague had sent secret information to the entire company via email and he had spent the evening logging into every single account and deleting the message before anyone could see it. Just in case other messages were sent in error in the future, the CEO wanted the ability to log into all the relevant accounts and delete them himself. Perhaps for the same reason, he would not allow MFA (multi-factor authentication), because that would have kept him out of people’s inboxes. He was adamant even though the company had been the victim of a ransomware incident previously. “Despite repeated advice, he held that position for around four months, until we were able to demonstrate that the IT team could remove messages centrally using fairly simple administrative commands, without needing everyone’s password,” Irwin said. Even after getting rid of the Excel sheet of shame, the boss still refused to turn on MFA and the company subsequently suffered two data breaches involving sensitive client data. Unfortunately, this company wasn’t the only one that Irwin worked with where the management had something against MFA. Another client, this one in the medical sector, was opposed to multi-factor authentication because it “made things just a little too hard” for the external consultants they were using to access their systems. During the time that Irwin worked with that company, they got lucky and no one breached them. But since then, he’s seen signs that their data was available on the dark web. No word on whether they ever switched MFA on. There’s plenty to learn from Irwin’s two clients, but it’s all pretty obvious. First, don’t let anyone, even administrators or CEOs, have other people’s passwords. If someone has to get into another person’s email account, have IT use administrative access. Second, always enable MFA, preferably MFA with passkeys. ®

Multiple reports indicate that Chinese operatives continue using every tech tool at their disposal – including American AI – to amass data on and manipulate everyone from security-clearance holders to everyday US citizens. And they’re trying to influence public opinion on building datacenters for AI, albeit without success so far. One of these reports found a “significant resurgence” of a botnet linked to Chinese government-backed goons, including Volt Typhoon, which previously used a covert network of connected devices to burrow deep into critical US networks and preposition for future destructive attacks. In January 2024, the FBI said it killed Volt’s KV-botnet, comprised of hundreds of end-of-life routers and other internet-connected devices. At the time, KV-botnet consisted of four clusters, with the KV cluster primarily being used as a covert data transfer network, and the JDY cluster used for scanning and reconnaissance. In a Wednesday report, Lumen’s Black Lotus Labs said that while the KV cluster became largely defunct after the law enforcement takedown, the JDY cluster remains an active threat, and has since surged to more than 1,500 compromised routers and IoT devices. “Analysis of this activity shows a clear focus on identifying vulnerable infrastructure shortly after public vulnerability disclosures, suggesting that reconnaissance output is rapidly operationalized by China-nexus advanced persistent threat (APT) actors,” the threat intel team wrote. “This targeted focus has been observed across a range of sectors, with the US military and associated entities as the most prominent.” While the botnet resurgence poses the most pressing threat, and the security shop recommends all enterprises implement CISA and NCSC guidance for mitigating Volt Typhoon activity and defending against China-nexus covert networks of compromised devices, another report indicates that China’s attempts at influence operations haven’t died down, either. Using American AI for covert ops about … American AI OpenAI in a Wednesday report said it banned ChatGPT accounts likely originating from China after they used the American AI company’s models to generate content for covert operations about – wait for it – American AI. While neither of the two clusters seemed to have much success in sowing chaos or swaying opinions, the fact that they tried at all is significant, according to Ben Nimmo, principal investigator on OpenAI’s Intelligence and Investigations team. “Neither campaign appears to have gained much authentic engagement,” Nimmo told reporters. “They're important for what they reveal about the intentions of influence operators from China and the narratives they're testing and seeking to amplify.” The first cluster used ChatGPT to generate social media content and images for an operation claiming datacenters and AI applications are increasing electricity demand and causing higher costs for ordinary Americans. “For example, they asked for comic strips about a power grid operator’s capacity auction prices based on reporting from a legitimate regional paper,” the report says. “They asked ChatGPT to focus the comments on rising capacity prices as a consequence of peak electricity demand, framing the new demand as coming from data centers and AI applications and argued that these costs were ultimately passed to ordinary households.” The operators then posted these comments and images on X, likely using fake accounts, with links to real news stories about datacenters. OpenAI suspects the operators are part of a social-media team at a private Chinese tech company that provides services for Chinese provincial-level government clients. “This was not a case of an influence operation creating a debate,” Nimmo said. “The debate existed already. This was an influence operation from China trying to interfere in it. We didn't see any signs that they succeeded.” The second cluster of banned ChatGPT accounts also likely originated in China and used OpenAI’s models to write comments and draw political cartoons criticizing US tech policies and tariffs. “Interestingly, the operators specified in their prompts that the content should not include cartoons of Xi Jinping in the output and should only include President Trump,” Nimmo said. These accounts, all writing prompts in simplified Chinese and using VPNs to access the AI systems, also used ChatGPT to edit work reports and help design social media monitoring systems. “This isn't the first time that we've seen actors in China trying to come up with ideas for social media monitoring,” Nimmo said. In February, OpenAI said it banned ChatGPT accounts believed to be linked to Chinese government entities attempting to use AI models to surveil individuals and social media accounts. If AI doesn't work, bribery might? If Chinese agents can’t use AI systems to unearth sensitive information, there are always fake websites and job offers promising cash for state secrets. We’ve seen Beijing-linked government snoops use these tactics in the past, and according to the US Justice Department, they’re still using this scam (because it works). On Wednesday, the feds said they obtained a warrant for and seized 13 fake consulting company websites used to target US persons, including current and former security clearance holders with access to classified and sensitive government information. The domains include centrikglobalconsulting.com, rightinfoconsult.com, finnaclevesperconsulting.com, cydfconsulting.com, pulsewaveglobal.com, catalystglobalsolutions.com, thehorizzen.com, geoindopacific.com, gpf-ina.org, safesec-group.com, thetruthinfo.com, Vandercons.com, and gulfpeace.org. Since November 2023, these websites and associated job postings on social media, LinkedIn, and other hiring platforms advertised “consulting” jobs, including “Senior Analyst” and “International Affairs Consultant” positions. Suspected PRC operatives used the sites and job listings to recruit applicants and bribe them for sensitive information, DOJ alleges. “The conspirators have encouraged applicants and recruits to share confidential and sensitive information in violation of their official duties and of particular interest to the People's Republic of China (PRC) government,” according to the court documents. “The recruiters pressured candidates to share confidential information and reports from ‘insider sources' in violation of their official duties.” The court documents allege the conspirators then paid the recruits for these reports using online accounts in the names of fictitious individuals, and cryptocurrency to hide their identities and the source of the payments. ®

AI companies have touted context retention (memory) and the availability of personal details (personalization) as mechanisms for improving AI model interaction. Both have value to help keep models from losing the thread of a conversation. But they raise the potential for sycophancy, where models will say what they predict you want to hear, which may not be the most accurate response. Researchers at Writer, an enterprise AI vendor, have conducted two studies of model memory and personalization that show these capabilities increase sycophancy for enterprise AI tasks. The Price of Agreement looks at agentic financial applications. And Recalling Too Well explores how model memory amplifies sycophancy with regard to scientific, medical, and moral reasoning. The papers' authors argue that preference-induced sycophancy is particularly problematic when AI answers are being applied to consequential problems. "In high-stakes domains like finance and healthcare, a model that silently defers to a user’s prior assumptions rather than acknowledging or correcting them poses a significant reliability and trustworthiness risk," the Writer team explains. For the first paper, the research team tested eight frontier models – GPT-5-Nano, GPT-5.2, Claude-Sonnet-4.5, Claude-Opus-4.5, Gemini-3-Pro, GLM-4.7, Kimi-k2-thinking, and DeepSeek-V3.2 – on two financial benchmarks, FinanceBench and FinanceAgent. The former evaluates agentic data extraction and reasoning using 10-K and 10-Q filings. The latter is a more comprehensive challenge designed to test real finance workflows, including ERP data retrieval and financial analysis involving multiple entities. The researchers' method involved applying synthetically generated preference information – such as a financial analyst's personal profile or a workspace note that contradicts the benchmark reference answer – to the benchmark questions. They undertook three different approaches. The first involved the user rebutting the model's answer; the second involved a user proposing an alternative answer; and the third involved adversarially injecting personal or contextual information into the prompt or making it available through a tool call. The third approach often resulted in greater sycophancy. As noted in The Price of Agreement paper, "Most models demonstrate significantly stronger sycophancy when the bias information is presented as implicit personalization of the user. No model displayed robustness against such behavior." Open-source models tended to be more sycophantic across the board. Models from OpenAI meanwhile tended to resist direct sycophancy inducers (such as when the user included personal biases in a prompt). And Anthropic models tended to resist implicit sycophancy inducers (such as when it pulled in a profile of the user that incorporated biases seen in previous interactions). The second paper involves an assessment of three memory systems (Mem0, MemOS, and Zep) and five model families (GPT-5.2, Sonnet 4.6, Qwen 3.5, Kimi K2.5, and MiniMax 2.5). The authors conclude, "memory amplifies sycophantic behavior across all conditions, with up to 25x higher sycophancy rates than in-context baselines." The reason for this, the authors claim, is that the lossy compression used to store conversation data in memory preserves user misconceptions while tossing clarifying context. The researchers suggest two mitigation strategies that reduce sycophancy. One involves assistant role inclusion (capturing AI assistant interactions alongside user interactions) and the other involves summarization of contextual information before it gets committed to memory. They argue that those deploying AI need to assess whether models acknowledge interaction conflicts, and that those working on AI memory systems need to check what's being extracted and injected back into the model context as a defense against sycophancy. ®

I love Star Trek so much. I’ve watched most Trek series multiple times over the decades, and was shocked when, on my most recent watch of The Next Generation, I noticed something: High definition upscaling makes the show look way worse. Old-school 4:3 CRT television screens with their low resolution hid a lot of stuff, like tape on the Enterprise set doors that hid whatever names were stenciled on them for prior episodes, which are glaringly present on modern editions of the show. I’ve always been on the lookout for a way to capture the classic Trek feeling, and one … ahem … enterprising developer has done just that. Anthony Caccese, a principal product lead for enterprise platforms at Oak Ridge National Laboratory by day and a Raspberry Pi tinkerer by night, recently published an open-source project called 240-MP on GitHub. It’s a simple concept: Text-based menus that look like an old-school VCR interface, but with modern functionality and, most importantly, the ability to play local media files and Plex libraries on an old-school CRT TV. 240-MP runs on a Raspberry Pi, is based on the command-line media player MPV, and can play local files (either on the Pi itself, a USB drive, an external hard disk, or even a network share) or media from a Plex server, as Caccese built modules for both local and Plex-based playback. If you don’t happen to have an old CRT TV or monitor lying around, or the necessary Pi-compatible composite cable to connect your SBC to said TV, 240-MP will also work with a modern screen and an HDMI connection, too. One note on the composite vs. HDMI option, as noted in the setup instructions: You will need to update the config.txt file to support one or the other, so have your output chosen ahead of time. Once the system is installed, you can navigate around 240-MP with either a remote control or a keyboard, where you’ll see text menus for navigating around to different folders, choosing episodes or playlists, switching audio and subtitle tracks, looping playback, and the like. It might look like an old-school VCR interface, but with a lot more capabilities. Caccese has only tested 240-MP on a Raspberry Pi 4B, 3B+, and 3B, noting that he’s not sure it’ll work on other devices and has no plans to test other hardware, either. What will be coming in the future, Caccese said in an accompanying YouTube video, is modules to support other media playback software, like Jellyfin (a popular Plex alternative in light of that massive price hike), and RetroArch, a frontend for emulators designed to play old-school video games. “Please feel free to fork this repo, update any aspects and tailor things to your own use case; that's why the source is fully open and available,” Caccese noted on GitHub. Now if I could only find a working CRT TV to pair with my old Raspberry Pi, I could go on a hardcore 90s nostalgia trip and feel just like I did watching VHS tapes of Star Trek episodes I recorded from the TV when I was a kid. After all, streaming high-def remasters just isn’t the same. ®

Anthropic's newly released Claude Fable 5 generative AI model is trying so hard to be safe that it's hurting its own userbase. Customers attempting to use the AI knowledge regurgitator are reporting that the model is refusing to answer harmless questions, an issue that has annoyed security researchers following past model releases. Anthropic warned that it had tuned Fable 5's guardrails conservatively: "they’ll sometimes catch harmless requests, though they trigger, on average, in less than five percent of sessions," the company said, promising to "reduce false positives as quickly as we can." The company did not immediately respond to a request to quantify model refusals. So it's unclear whether the actual false positive rate is greater or less than five percent. But with an estimated 18 to 30 million users worldwide, even a small percentage of thwarted users makes a racket. Mike Famulare, principal research scientist at the Institute for Disease Modeling, part of the Global Health Division of the Gates Foundation, reports (#66657) that Claude Fable 5 balks at inputs like "Hello." "In Claude Code, Fable 5's input safety classifier emits a model_refusal_fallback (silent switch to Opus 4.8) on the first turn of essentially every session on my account — including a session whose only user input is the word hello!. No repo content, no tool calls, and no file reads are in context when it fires." He is not the only frustrated customer. Many other bug reports have been filed in Anthropic's Claude Code GitHub repo since Fable 5 debuted. These include: [Bug] Fable 5 model safety filters causing false positives on benign messages #66587; Fable 5 refuses to assist with 'Application Security Architect resume' editing #66655; and [Feature Request] Allow Fable 5 usage for non-research lab management systems #67062, among others. On social outrage site X.com, Derya Unutmaz, an immunologist and professor at the Jackson Laboratory for Genomic Medicine, notes, "The word 'cancer' is flagged as a biosecurity risk by Claude Fable 5!" Similar complaints show up in Reddit threads. Fable 5 is unusual because Anthropic has chosen to conceal safety interventions that try to block rival frontier model development. The classifiers designed to catch cybersecurity, biology and chemistry, and distillation attempts fall back on the latest Claude Opus model and the user gets notified. But the counter-competition surveillance, per the company's system card [PDF], "will limit effectiveness through methods such as prompt modification, steering vectors, or parameter-efficient fine-tuning (PEFT)." "Prompt modification" without notice is functionally a man-in-the-middle attack, though one that Anthropic estimates "will impact ~0.03 percent of traffic, concentrated in fewer than 0.1 percent of organizations." As developer Clay Merritt fumes, "Anthropic’s Fable 5 silently sabotages its answers when it detects AI/ML work. No refusal. No notice. Purposeful degradation invisible to the user." Anthropic expects cyber defenders and critical infrastructure providers to use its Claude Mythos 5 model, which shares the underlying model of Fable 5 but without the same safeguards. Doing so, however, requires participating in the company's Project Glasswing program or the trusted access program that's being rolled out for select biology researchers. Devon (last name withheld by request), founder of Abliteration.ai, a service that assists with model abliteration (guardrail removal), told The Register in a phone interview that while there's some degree of fearmongering and marketing hype coming from the big AI labs, it's also fair to say that there are legitimate concerns about how frontier models get used. "Anthropic's making a big bet on their brand that people will trust their brand so much they'll just deal with [refusals]," he said. "But in the long term, people are not just going to accept these companies that centralize control over their lives and what they can have information about." ®

They are angry at Redmond and will have their revenge. Nightmare Eclipse, the prolific bug hunter and possibly disgruntled ex-Microsoft employee, disclosed another zero-day vulnerability just hours after Redmond issued a record-breaking number of CVEs and fixes for June Patch Tuesday. The latest zero-day, RoguePlanet, targets Microsoft Defender and works against fully patched Windows 10 and Windows 11 systems, according to the researcher, who also released proof-of-concept exploit code for the security flaw. Assuming the attacker can win a race condition, this bug allows local privilege escalation and leads to SYSTEM-level control over an affected machine. Nightmare Eclipse (aka Chaotic Eclipse) is a disgruntled bug hunter with a deep understanding of Windows and an even deeper grudge against Microsoft. They claim to be an ex-employee, and accuse Redmond of ignoring vulnerability reports and refusing to communicate with them. "When I actively asked you to communicate with me, you refused, humiliated me and made sure to insult me in front of people," they wrote in an earlier blog post that also promised a “bone shattering” drop on July 14. "You defame me in public with your CVE-2026-45585 advisory even though you literally deleted the Microsoft account I used to report bugs to you with and I got zero pennies from doing so and I still happily did like an idiot," the post continued. Possibly as an outlet for this anger, and reportedly in response to Redmond's lack of action, Nightmare began releasing their findings to the public. RoguePlanet marks the seventh Microsoft zero-day that they found and disclosed - accompanied by either a PoC exploit or technical details - before Redmond issued a fix. Microsoft's initial response to those disclosures was widely interpreted as a threat of legal action, prompting massive outrage from the broader infosec community before Redmond sought to calm the backlash by stating it had "no intention to pursue action against individuals conducting or publishing security research." As of Tuesday, the previous six zero-days all have patches. Three of them, RedSun, UnDefend, and BlueHammer, came under attack soon after Nightmare published working exploit code for each and before Microsoft released security updates to address the flaws. The other three, YellowKey, GreenPlasma, and MiniPlasma, all have been fixed as of June’s Patch Tuesday. YellowKey (aka CVE-2026-45585) is a security feature bypass bug in Windows BitLocker. An attacker with physical access to the vulnerable system could bypass the BitLocker Device Encryption feature and gain access to the device's encrypted data. GreenPlasma (aka CVE-2026-45586) and MiniPlasma (aka CVE-2020-17103) are both privilege escalation flaws in the Collaborative Translation Framework (CTFMON) and the Cloud Files Mini Filter Driver that can be abused by an authorized attacker to elevate privileges locally and gain SYSTEM access. When asked about RoguePlanet, a Microsoft spokesperson told The Register that the Windows giant is “aware of the reported vulnerability and is actively investigating the validity and potential applicability of these claims." The spokesperson continued: "Microsoft is committed to investigating security issues and updating impacted products to protect customers as soon as possible. Importantly, we support coordinated vulnerability disclosure, an industry standard that protects customers and supports the research community by ensuring their findings are thoroughly investigated and addressed before being made public." Soon after Nightmare published a PoC for RoguePlanet, the ThreatLocker threat intelligence team validated the exploit code and said that they were “actively assessing impact, affected systems, and additional mitigations,” promising to share more findings “as they become available.” Tharros Labs senior vulnerability analyst and long-time respected security sleuth Will Dormann said he tested the exploit code, too. “It's reportedly not 100% reliable, but it worked on the first attempt for me,” Dormann wrote. Nightmare, for their part, rolled back the promise of a “bone shattering” drop on July 14. “(Un)fortunately I will be unable to mass disclose zerodays in July 14th, RoguePlanet took way more time than expected and truly drained me,” the researcher said on Tuesday. “I might take a break but I can't say for sure what I will be doing for next month, maybe it's nothing, maybe it's smtg. But the big thing is not happening. I did not intend to spread a mass panic with that post and I apologize for doing so.”®

The lure of datacenter dollars is a strong one for America’s mega corporations - so strong that even automobile giant General Motors is getting in on the game by turning its battery research efforts toward stationary grid-scale energy storage. GM announced a partnership with energy storage firm Peak Energy on Tuesday that will see the Big Three automaker develop next-generation sodium-ion battery cells designed for grid-scale energy storage. GM will manufacture the cells and Peak will deploy them as part of its own proprietary energy storage systems, Peak said in its version of the partnership announcement. Oh, and GM will be making an investment in Peak too, though the amount wasn't disclosed. For those unfamiliar with sodium-ion batteries, there’s a good deal of chemical similarity between them and the lithium-ion batteries that have come to dominate the world’s portable rechargeable electronics, from massive electric vehicle cells to the tiny batteries in wireless earbuds and hearing aids. Rechargeability and chemical similarities are where many of the comparisons end, though. GM and Peak argue sodium-ion systems can be made simpler, and can operate across a wider temperature range than conventional lithium-ion batteries, potentially reducing the need for the costly, energy-intensive cooling systems often used in grid-scale Li-ion storage deployments. Score one for Na-ions, but while sodium might be stable and abundant, it also doesn’t have nearly the energy density of lithium. If one wants to build a sodium battery able to hold as much energy as a Li-ion one, be prepared to build a larger, heavier pack. That’s not a problem as far as GM is concerned in this case, though: Weight doesn’t matter if the batteries aren’t mobile. “When you’re talking to a utility, a hyperscaler, or other power providers in need of energy storage solutions, their priority is not maximizing range or minimizing weight,” GM VP of battery and sustainability Kurt Kelty said in the company’s announcement. “It is delivering reliable, affordable power over long periods of time in real-world conditions.” Kelty said that GM is perfectly positioned to develop next-generation Na-ion batteries due to “important architectural similarities” with Li-ion cells, meaning “the battery expertise GM has built in cell design, prototyping, and industrialization” is a perfect fit for grid-scale sodium cells. “We believe sodium-ion can become a defining chemistry for grid-scale energy storage in the years ahead,” Kelty added. Peak has already developed its own passively-cooled sodium-ion energy storage systems, which it says can reduce energy storage costs by 20 percent compared to conventional Li-ion systems. According to the company’s own analysis, the US could avoid around 2 terawatt hours of wasted energy per year if everyone were to dump lithium iron phosphate energy storage systems in favor of its passively-cooled Na-ion systems. Sodium-ion batteries aren’t without their own challenges, though. GM mentions that advanced Na-ion cells can handle more charge cycles than their lithium-ion cousins, but sodium-ion batteries have historically come with tradeoffs of their own, most notably lower energy density and a far less established manufacturing ecosystem. Researchers have been working to address that, and others claim that their sodium cell designs have already surpassed Li-ion units. Despite those claims, lithium-ion batteries still dominate the energy storage space, both on and off the grid. China is home to the vast majority of sodium-ion battery factories, and it’s not clear whether GM’s ambitions will turn into scalable competition for overseas battery tech development. We reached out to the automaker with questions about its sodium-ion plans, as well as a timeline for the project, but didn’t hear back. ®

Energy consumed by datacenters is set to grow 26 percent this year thanks to AI, and grid supply may be unable to keep pace with demand by 2030, Gartner warns. The research giant expects global datacenter electricity consumption to reach 565 terawatt-hours (TWh) in 2026, as power demand rises from 104 GW in 2025 to 132 GW this year. This is higher than the 500 TWh per year Gartner estimated two years ago that AI-optimized servers would consume by 2027. And as everyone knows by now, the culprit is the ballooning requirement for compute power to drive AI workloads, as fear of missing out (FOMO) drives otherwise sensible companies to throw money at AI projects, despite seldom seeing much of any return on their investment. In fact, Gartner notes that AI-optimized servers are what continue to fuel the increase in datacenter power consumption. This has been reported before, with hyperscalers and other buyers funneling much of their server budgets into heavily configured systems to meet the requirements of AI processing. Now, the firm estimates that AI-optimized servers will account for 31 percent of all datacenter power consumption this year, and that, by next year, their combined power consumption will surpass that of all conventional servers in operation. This matches up with earlier forecasts that AI was on track to overtake all other server workloads – such as databases and analytics – and become the top workload by server deployment by 2027. But this continued expansion points to a worrying forecast. Total datacenter electricity consumption is estimated by Gartner to pass 1,200 TWh by 2030, and it says that grid supply may be insufficient to support additional datacenter capacity. There have been earlier warnings about the bit barn energy demands outpacing the capacity of the grid to deliver. Goldman Sachs estimated that their combined energy use would more than double by the end of the decade, but if Gartner’s figures are correct, demand is already higher than where that report estimated it would be for 2027. Energy infrastructure biz Schneider Electric also published four scenarios for future electricity consumption by AI datacenters at the start of last year, but Gartner’s latest estimate for total datacenter electricity demand in 2030 surpasses even Schneider's most aggressive forecast. Power grid operators and datacenter developers in the US in particular are in a bind, as The Register reported recently, and energy analysts can't see an easy way out. “Surging demand for compute-intensive AI workloads is driving unprecedented datacenter power growth, while AI capacity is now constrained by power availability, making datacenter power security the new battle ground for scaling and protecting margins in the global AI race,” commented Gartner director analyst Linglan Wang. But can anything be done to mitigate this coming power apocalypse? “Infrastructure and operations (I&O) leaders must prioritize efficiency upgrades and secure grid access. They also need to invest in high-efficiency cooling systems and edge computing to mitigate power constraints and ensure sustainable, scalable growth,” Wang said, helpfully. ®

macOS 27 may have dealt a blow to Intel Macs, but it has also caused headaches for Linux on Apple Silicon, according to the Asahi Linux team. Apple's next operating system debuted at WWDC this week and promptly landed as a beta, but the Asahi developers say the update has "changed how the boot picker and Startup Disk application detect valid OS boot volumes." The upshot is that the Asahi partition is no longer visible, which means no Linux booting on Apple Silicon for the time being. The advice for Asahi Linux users is not to upgrade to macOS 27 until the issue is resolved. The team added: "If you insist on trying out macOS 27 as soon as possible, please ensure you install a secondary copy of macOS 26 first, or install macOS 27 itself on a secondary volume." They've also updated the installer to prevent installs from running on macOS 27 for now. For anyone who ignored all of the above, "we will not support users who have installed the macOS 27 beta without ensuring at least one stable version of macOS is installed." Considering macOS 27 is in beta, the issue may be accidental rather than an attempt by Apple to block Linux on its hardware. The Asahi team said it has filed bug report. The good news for anyone who pulled the trigger on installing the macOS 27 beta is that although the partition might not be visible, it hasn't gone anywhere. The Asahi team wrote: "If you have already upgraded to the beta and noticed that your Asahi partition has disappeared, do not stress. Your Asahi partition is still there, and you have not lost any data." Asahi Linux has come a long way on Apple Silicon despite some turbulence, including a leadership shake-up earlier this year. The project released Fedora Asahi Remix 44 in April and remains the leading option for Linux on Apple hardware. This is a bump in the road, not a dead end. And to anyone who installed a beta OS without backups or a fallback plan... well. You know. ®

Vercel will escape civil penalties over a contempt of court case brought by the US government, but has admitted wrongdoing and overhauled its data retention practices. The cloud hosting provider failed to comply in a timely manner with a federal search warrant issued in August 2025 at the FBI's request, sought in connection with an unidentified individual's Vercel account, which was deleted before the company acted on the warrant. At the heart of the legal issue was that the user's account was placed into Vercel's deletion queue. Deletion queues let data-heavy organizations erase requested information - user accounts and all associated data - thoroughly and without disrupting the live database. Vercel believed the data had already been deleted, however, it was still sitting in a deletion queue, and so the company only handed over part of what the FBI was looking for, falling short of full compliance with the warrant. On February 2, Vercel's reps attended a hearing to decide whether it would be held in civil contempt as a result of its non-compliance. Magistrate Judge Carson found the US government had established a prima facie case for civil contempt, referring it to a district judge for further consideration. Three days later, Vercel handed over all the "files it previously believed it did not possess and previously could not locate", according to a Justice Department announcement. Vercel's civil contempt case will not go any further after it agreed to a stipulated dismissal, a legal mechanism under which the parties agree to end a case permanently. However, the dismissal came with requirements for Vercel, including an admission of wrongdoing. Vercel admitted its legal process response tools were inadequate in two areas: the Trust and Safety team was unable to locate, preserve, or produce "certain content," and it was also unable to do the same with respect to content held in a deletion queue. Officials said Vercel has since updated its legal processes to allow it to comply more quickly with future warrants of a similar nature, and it covered the government's legal fees. "When a federal court issues a search warrant, it is not a suggestion, but a mandatory directive, essential to the pursuit of justice, that a recipient company must comply with," said A. Tysen Duva, assistant attorney general at the Justice Department's Criminal Division. "The Criminal Division pursues technology companies who fail to uphold their lawfully mandated obligations. We are pleased Vercel has belatedly complied and accepted responsibility for the unnecessary costs incurred by the government in this matter." ®

Linux Lite 8.0 is now available, rebuilt atop Ubuntu 26.04 and with its custom helper apps rewritten around GTK4. It arrives almost exactly two years after we looked at Linux Lite 7, itself two years after Linux Lite 6.0. The regularity of the release cycle is a sign of its maturity: the project is now 14 years old. Version 8 is based on Ubuntu 26.04 Resolute Raccoon, but it eliminates the vexed question that many distros pose: which desktop to use. Linux Lite uses version 4.20 of the Xfce desktop, which in our opinion is an excellent choice. While Ubuntu continues to pile on the pounds, this release of Linux Lite is slightly smaller than its predecessor – the download is 410 MB less. As ever, it includes neither Snap nor Flatpak, which should help users to keep it slim and light. Each major version number of Linux Lite is rebased on a new LTS version of Ubuntu, and will be followed by point releases – very similarly to Linux Mint. Linux Lite 8.x sees some substantial changes, although to be fair, some of these first appeared late in the 7.x release series. The default web browser is now Mozilla Firefox – Google Chrome has got the boot. We can't help but wonder if this is at least in part inspired by Google silently embedding a 4 GB LLM, or perhaps the restrictions that stopped uBlock Origin working from 2024. One of the benefits of Linux Lite for less experienced or technical users, who don't know where to go to do things like changing system settings, installing drivers, and so on, is its selection of handy pre-installed helper applications. The release notes list 15 of these that have been rewritten for this version, and now they use GTK4. The announcement also mentions "end-to-end GTK4 theming." That sounds great, but there's always a cost, and this time, it is that GTK4 no longer supports what the GNOME developers consider tired old UI metaphors like menu bars. So the new Lite apps have fondleslab-style hamburger menus instead, and the primary or default button appears in the title bar. Even years after GNOME 40, we find that a bizarre and unintuitive location. Some of these custom apps are important tools. For instance, Lite Terminal replaces Xfce Terminal. The announcement says it is a "super light, responsive built from the ground up terminal. Beautiful font rendering, predictive auto-complete, a slew of right click options," and calls out "a title bar that turns light red when you are in sudo" (which the new GNOME terminal Ptyxis does too). That's all good, but this vulture would rather just have a menu bar that responds to keyboard controls. The Lite Software app now replaces the venerable Synaptic. It's true, there's been little visible development in Synaptic for years, but we don't find Lite Software capable enough to replace it: for instance, it can only sort by name, not by any other columns – such as whether packages are installed or not, or by version. These changes mean that the new GTK4 apps aren't consistent with the rest of Xfce and its traditional menu bar/toolbar layout. Personally, this vulture doesn't care much about performance or appearance or fonts or themes; we care much more about a consistent working UI that can be driven by the keyboard alone. These GNOME-isms creeping in, such as disappearing menu bars, are not welcome – any more than they are in Linux Mint. Google Chrome has been ousted, but AI hasn't. There's a new MyAI function in Firefox (rather than as a standalone app), which offers a choice of local LLM tools. The announcement devotes over 100 words and eight big screenshots to this, saying: Yes, we understand that AI is a polarising topic. With an estimated 1.2 billion people using it, we felt a responsibility to provide the option, but in a way that respects people's choice rather than forcing it on them. So, yes, points for awareness, but we still feel that generative AI is a profoundly and irredeemably unethical and harmful technology – even privacy-centric local models with open weights burned huge amounts of resources in their training, using material from people who never got offered the choice of consent. We are saddened to see it installed by default in any FOSS-adjacent product. Saying that, we did appreciate the note at the end: If you don't want it: sudo apt purge myai Right click, Delete Bookmark in the Toolbar in Firefox. Good for the team for that concession. The docs also clearly state that it doesn't support Secure Boot: Secure Boot is not supported on Series 8. You must disable Secure Boot in firmware before installing. We made this call so the system stays simple and reliable for everyone – no MOK enrolment, no shim quirks, no surprise breakage after a kernel update. That's a good call, although some guidance on how to do that would be much better. It's not trivial. For all that many corporate coders like it, this jaded old hack feels that Richard Stallman's position on "Secure Boot" was right: Truly secure boot means YOU specify what system is allowed to run in your computer. On the desktop is a link called "Wiki," pointing to the project's online documentation. That's good, but it won't help someone to get online in the first place, and we felt its title in former releases, "Help Manual," was more informative. There are other significant changes. This version uses the Calamares cross-distro installer in place of Canonical's Ubiquity or Subiquity: it is clear and works well, although we've seen reports of problems on very low-end machines, and the release notes warn it could have problems on "potato computers." There are some handy additional tools, such as a junk-files cleaner. There's a one-click Lite Game Center: "Press the big button and it installs Steam, Lutris, Proton, Wine, game controller support and a few popular helpers all in one go." There are also kernel performance-testing tools and a choice of a lower-latency kernel. There are tools to strip the distro down to the core essentials too, and to remaster your own customized version. There's an OEM installation mode, so the end-user can create their own user account from the first boot. There's a custom system monitor app, an informative About applet, and in the shell, btop replaces htop. Version-to-version in-place upgrades are now supported, so it's possible to upgrade Linux Lite 7.x to 8.x – conspicuously absent in earlier releases. We've covered Linux Lite enough in previous reviews, so this is just an overview of the highlights in the new version 8. The additional tools are of real value: things like software updates, driver installers (adopted from Linux Mint), easy point-and-click installation of native packages of popular apps from Audacity to Zoom. Linux Lite adds a lot of polish and improved fit-and-finish over even rivals such as Zorin OS or Linux Mint, and comfortably surpasses what you get with Ubuntu, or even Xubuntu. Post-install, it detected some 160 available updates. We installed them, which showed a friendly if not very informative progress bar: it went straight to 100 percent and then stayed there for many more minutes as it worked away. After a reboot, it found over 40 more. It has some very nice less-obvious customizations, such as the Starship custom shell prompt for bash. The default search engine is the project's own instance of SearXNG. Thanks to the appalling enshittification of Google in the mid-2020s, a custom search engine is more useful than ever. We installed it in a current VirtualBox release, and the driver installer didn't offer the FOSS guest additions – but then that tool is borrowed from Linux Mint, and it never offers them either. Post-update, a full install used 7.8 GB of disk space and idled on 897 MB of RAM – which is almost exactly the same as Xubuntu, while offering a lot more help, guidance, and useful supplementary tools. It's not perfect. We're not delighted by the new Gtk4 Lite apps, and would have preferred the developers favored a consistent classic-Windows like UI over new shiny. There's nothing wrong with the Xfce terminal, Synaptic, and other time-polished tools, or indeed, with Gtk3: better to embrace the classics, and find ways to add value elsewhere. The customizations are great, but could go further: for instance, Xfce's Docklike Taskbar gives a lovely panel that resembles the Windows 7 one, and the fish shell would complement the Starship prompt nicely. These minor criticisms aside, this is one of the best offerings in the greater Ubuntu market. As of version 8, Linux Lite has finally grown into its name. By modern full-fat desktop standards, such as Ubuntu itself, or other downstream distros such as Zorin OS and Linux Mint, it is a lightweight distro – and yet, it offers more assistance and guidance for Windows migrants than any of them. ®

Almost all UK workers now have to deal with AI, but few firms report big productivity gains because of all the time lost in hand-holding the systems and cleaning up their mistakes. So says a report by the Work AI Institute, a research arm of AI biz Glean Technologies. It claims there are productivity gains to be had from introducing AI-based tools, yet much of this is being negated by the amount of time employees waste making them work – a phenomenon it has christened "botsitting." The organization surveyed 1,500 digital workers for "The Work AI Index: UK 2026" report, finding 90 percent are now required to use AI in their roles, 80 percent use multiple AI tools every week, and 39 percent use four or more. The workers indicate AI automation saves them roughly 12 hours a week, or just under a third of their working week. Yet only 18 percent agree AI has significantly improved their organization's performance. The time freed up isn't flowing into productive work, it's being absorbed by the unglamorous human labour required to keep those systems running, according to the Work AI Institute. For every hour a UK staffer spends getting output from their AI tools, they spend roughly another hour making it usable. Part of the reason so much time disappears into botsitting is how often the tools fail, with employees finding that more than a third (36 percent) of AI sessions fail outright, requiring a full restart or substantial reworking. On average, Brit workers waste 5.8 hours each week in these botsitting processes, the report says. This time is typically taken up by loading the context window with information the AI should already have, and overseeing the output. The latter involves reviewing answers and trying to catch outputs that are wrong, incomplete, or missing important context. When workers spot a problem with the output, they may have to re-prompt, add more context, swap models, and re-prompt again until something usable comes back, the researchers claim. And if they aren't diligent enough to spot when an AI tool has goofed up, the mess lands on colleagues who weren't involved with the work, but now have to fix something they didn't break. Most of this botsitting effort is grunt work, the report notes, such as reloading context into different tools, catching hallucinations, and verifying outputs that may appear perfectly fine at first glance. In effect, workers are serving as the integration layer for their company's AI tools, having to tell them which information sources to use, which documents are current, and what other key details matter, as well as correcting their mistakes. Interfaces and standards such as APIs and the Model Context Protocol (MCP) were supposed to solve this by letting tools talk to each other and share data, the Work AI Institute says, but they don't solve the context problem. Workers eventually tire and start to cut corners, becoming less diligent in checking outputs, verifying sources, or checking whether the AI's recommendations make any sense, the survey says. 70 percent of UK AI users admit to simply passing on the first output that looks "good enough." According to the Work AI Institute, the UK has moved fast on AI uptake, leading even the US on key adoption metrics. However, it is the depth of adoption that stands out, going beyond using it for content generation and moving it into the activities that shape working life. The report warns AI is now being used in higher-stakes areas where UK law is tightly regulated, such as HR decisions. It claims more than half of UK workers are comfortable with AI playing a role in performance evaluation, and nearly 40 percent say it is already used in reviews. British workers are more comfortable than Americans with AI in hiring, promotion, compensation, and even termination decisions. Even so, local organizations are less likely to use AI in termination decisions because employment law makes dismissal harder to defend than in the US. The report concludes that Britain has built a stronger institutional foundation for workplace AI than almost any other country, and claims this is a potential advantage. Yet the value of this AI investment will come from operational discipline, and measuring whether the work produced is better, not just faster. Otherwise the hours workers "save" are lost again in botsitting. "Adoption alone doesn't equal transformation," said Dr Rebecca Hinds, head of the Work AI Institute at Glean. "If employees are spending the productivity dividend on botsitting, companies haven't eliminated work – they've created a new layer of overhead." ®

GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly exploited by malicious packages such as the notorious Shai-Hulud worm. Maintainer Leo Balter said: "Install-time lifecycle scripts are the single largest code-execution surface in the npm ecosystem. Every npm install runs scripts from every transitive dependency, so a single compromised package anywhere in your tree can execute arbitrary code on a developer machine or CI (continuous integration) runner." In npm 12, due July, three security-focused defaults are changing. Scripts configured for preinstall, install, or postinstall will no longer run unless explicitly permitted via allow-scripts. The --allow-git flag, which pulls dependencies from remote URLs, will default to off, closing an attack path where a malicious .npmrc file could override the Git executable and achieve arbitrary code execution. Finally, allow-remote will default to none, blocking dependency downloads from remote URLs entirely. It will still be possible to allow scripts to run via an allowlist in the package.json configuration file. This will be pinned to the installed version of a package by default. These are breaking changes, and Balter recommended developers run the commands to allow scripts for every currently installed package in a project that requires them. "This gets you protected against new, unexpected scripts immediately," he said. The next step is to review these packages and deny scripts for those where they are not needed. Some packages require script approval to function, including native modules that compile on install, testing tools like Playwright and Puppeteer (which fetch binaries via postinstall), and Electron, which wraps the Chromium browser engine for cross-platform desktop applications. These features have been available since npm version 11.10.0, released in February, but as opt-in flags rather than defaults. That version also introduced min-release-age, which blocks installation of package version newer than a specified number of days, designed as a safeguard against newly published malicious packages. Best security practice for developers using npm 11.16, the current version, is to set these flags on in .npmrc or via environment variables, which will also prepare a project for the changes in version 12. One annoyance is that the existing flag ignore-scripts does not support an allowlist, other than via an additional tool. The ignore-scripts setting will override allow-scripts, so developers will need to remove it, if set to true, to enable approved scripts to run. The allowScripts setting exists in npm 11 but is advisory only. Will this fix npm security issues? Unfortunately not. "Now all the malware can move from the install script to the module itself where it will inevitably still be run," said one developer. Another common view is that developers should use pnpm, which already has safer defaults than npm, including a minimum release age. There is consensus, though, that these changes do improve npm security and are long overdue. The pull request for this change includes the remark that "npm is the only remaining major package manager that runs dependency install scripts by default. pnpm v10+, Yarn Berry, Bun, and Deno all block them." ®

NASA has named the four astronauts set to fly the Artemis III mission in an announcement that raised as many questions as it answered. The quartet is comprised of a Space Shuttle veteran, Randy Bresnik, as commander, and the European Space Agency's Luca Parmitano, whose helmet filled with water during an International Space Station (ISS) spacewalk. NASA astronauts Frank Rubio and Andre Douglas will serve as mission specialists. In addition, NASA astronaut Bob Hines will serve as a backup crew member. Originally slated to land astronauts on the Moon, Artemis III was repurposed to test human lander technology from Blue Origin and SpaceX in low Earth orbit, similar to Apollo 9's check of the lunar module. The change also sidesteps an awkward problem: Orion and SLS may be closer to ready than the landers they were supposed to support. The official announcement sticks to the line that the aim is to test "one or both" commercial landers, and NASA presented a mission profile that includes both Blue Origin and SpaceX. The hope is that the Artemis III crew will first rendezvous with the Blue Moon lunar pathfinder, which, according to NASA's Jeremy Parsons, can loiter in orbit for up to 90 days. John Coulouris of Blue Origin then detailed the activities planned. As well as docking, the hatch will be opened, astronauts will enter and possibly perform a trial run at donning lunar spacesuits. Docked operations will last approximately two days, according to NASA. Once done, the Orion spacecraft will detach and await the arrival of SpaceX's test article, consisting of a Starship fitted with the docking equipment planned for the lunar lander variant. Docked operations are expected to last for around a day. There are several problems with this. The first is that SpaceX has yet to get a Starship into orbit and does not appear to be as far along in its lunar lander development as Blue Origin, at least as far as Artemis III is concerned. Blue Origin also suffered a significant anomaly in recent weeks. Its New Glenn rocket, required for launching its lander, exploded on the launchpad. While CEO Dave Limp insisted "we will fly again before the end of this year," Blue Origin has significant work to do to return to flight, and Artemis III is planned for the second half of 2027. Although Parsons said "we are confident that New Glenn will be ready for Artemis III," alternatives are being considered. The lander requires a heavy-lift rocket – something like a Falcon Heavy is a possibility, but the liquid hydrogen fuel used by Blue Origin's BE-7 engines would make the plumbing tricky, and any modifications could take as long as returning New Glenn to flight status. ®

It's patch time for Ivanti customers again after the security shop disclosed another two critical vulnerabilities in one of its products. Both bugs affect Ivanti Sentry, a mobile gateway that forms part of its broader unified endpoint management platform. The first and worst of the two is CVE-2026-10520 (10.0), a max-severity vulnerability that allows a remote, unauthenticated attacker to execute code with root privileges. Flaws that allow root-level code execution without authentication are about as bad as vulnerabilities get, which explains the perfect-10 rating. The only saving grace is that, by the vendor's reckoning, no one has successfully exploited it in the wild… yet. Public disclosures tend to start a figurative countdown timer when it comes to attackers exploiting bugs, and although Ivanti gave little away about CVE-2026-10520 in its advisory, other researchers have already published breakdowns of the patch, offering clues as to how unpatched systems could still be attacked. According to watchTowr, the vulnerability stemmed from an exposed API running under Apache Tomcat. An attacker could feed the API a specially crafted message, which is parsed as a MICS configuration command and executed by the backend handler with root privileges. It looks like Ivanti fixed this by preventing this attacker-supplied string from being accepted, replacing it with a single, hard-coded command. It also updated the Apache configuration rules to block unauthenticated access to the affected endpoint. The second critical Ivanti Sentry vulnerability is tracked as CVE-2026-10523, and is scarcely less serious, carrying a near-maximum 9.9 CVSS. The authentication bypass bug allows remote, unauthenticated attackers to create admin accounts, granting themselves top privileges on an affected system. Customers are advised to address both security flaws immediately. They can upgrade to versions 10.5.2, 10.6.2, or 10.7.1. Ivanti's disclosure this week comes after it fixed two separate critical vulnerabilities affecting its Endpoint Manager Mobile (EPMM) in January. The bugs were both handed 9.8 CVSS scores and were exploited as zero-days. Even the Dutch data protection authority reported itself to parliament after attackers breached it as part of the pre-patch exploits. ®