Agregátor RSS

The US government has ordered Anthropic to block all foreign nationals from accessing Fable 5 and Mythos 5, forcing the company to suspend both models worldwide. Anthropic is complying but disputes the basis, calling the cited jailbreak narrow and the capability widely available elsewhere. [...]

Vědci našli obří hlubinné pohřebiště velryb staré miliony let • Extrémní tlak a minerály dokonale zakonzervovaly jejich kosti • Gigantické ložisko neustále roste a sytí neznámé formy života

Doba, kdy byly digitální kompakty nejrozšířenějším typem fotoaparátu a jejich pořizovací cena byla podobná, jako je tomu dnes u mobilu střední třídy, je již dávno pryč. Na letošní rok však připadá jedno zajímavé jubileum: 30 let od uvedení prvního digitálního kompaktu Canon PowerShot.

Americká vláda nařídila firmě Anthropic, aby znepřístupnila dva své nejvýkonnější modely Fable 5 a Mythos 5 každému, kdo nemá americké občanství. Odkazuje se při tom na směrnici o kontrole exportu, kterou opírá o pravomoci v oblasti národní bezpečnosti. Nařízení samo o sobě nepožaduje kompletní ...

Vyšetřování tragické havárie indického Boeingu 787 nabírá zpoždění • Detailní analýzu motorů a řídicích jednotek provádějí experti v USA • Záznamy odhalily záhadné vypnutí přívodu paliva těsně po startu

Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., citing national security concerns. The AI company said it received an order at 5:21 p.m. ET, instructing it to suspendRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Společnost Murena představila (YouTube) novou verzi 4.0 mobilního operačního systému /e/OS (Wikipedie) založeného na Androidu a LineageOS bez aplikací a služeb od Googlu.

NanoClaw, a secure agent framework, has partnered with supply chain platform JFrog to allow AI agents to fetch resources from JFrog's reviewed registries. Gavriel Cohen, creator of NanoClaw and co-founder of NanoCo AI, announced the tie-up on Thursday evening in San Francisco at a JFrog event that concluded with a World Cup watch party. Cohen explained that one of the features of Claw agents – OpenClaw and variations like NanoClaw – is that they can improve themselves by fetching tools and resources that they don't have. That works fine, he explained, when there's a manual approval process for accessing known local data. But it's not ideal for npm packages, even when the agent involved is sandboxed and isolated as it is in NanoClaw. Malicious code within a container may still be able to take harmful actions, even if the scope of potential activity is constrained. Developers, Cohen said, may not be familiar with a given package and it can take time to thoroughly assess whether a package is legitimate and uncompromised. "So we teamed up with JFrog and we integrated NanoClaw with JFrog's registries," said Cohen. The arrangement provides a way to reduce the agent's exposure to untrusted content. When the agent downloads new tools and libraries, the software comes from a vetted source. Cohen also announced the availability of what he called an agent factory, his company's homegrown system used to handle pull requests (PRs) using NanoClaw agents. The agent factory, he explained, is an attempt to triage pull requests, which have surged thanks to AI coding agents. "It's very easy now to point a coding agent at a repo and say, 'open a pull request for this repo,'" he explained. "And it's very difficult as a maintainer to tell the difference between a high quality contribution from somebody who's really using the open source project versus someone who's just trying to build up the reputation [using automated methods]. So to help us tackle this, we built an agent factory that helps us review every single contribution to NanoClaw." The agent factory is referred to as the PR Factory in the actual pull request. It's built with NanoClaw and hosted on exe.dev, a service that provides VMs with persistent storage. "When a PR opens, the factory spins up a dedicated worker agent for it, posts a thread to Slack, and the worker triages the change, reviews the diff, and proposes a test plan," Cohen explains in the documentation. "Nothing consequential happens on its own: merges, test runs, and credentialed GitHub actions each surface as an approval card in the thread, and only fire when a human clicks approve." Cohen acknowledged that some developers will think it's madness to process unsanitized PRs that could contain prompt injections or unsafe code. And he asked the assembled audience of developers how many had seen the phrase on the projected slide: "Never, ever, ever do this." Anyone who has spent time using and configuring AI agents in a development context has seen something of the sort in configuration files like Claude.md, which gets loaded as instructions to the underlying agent and model. "If you see something like this in the Claude.md file and the agent instructions say, 'Important: Never run drop database production,' it tells you two things. You know that that agent has deleted a production database before. And you know that it can actually still do it again. That's why the instruction is there." This elicited a knowing laugh from the audience. Cohen went on to say that the agent will do it again because instructions are not a way of enforcing security or safety. "Instructions help steer an agent AI towards valuable output, but it's not a safety mechanism," he said. "The only way to reliably prevent an agent from taking undesired action is not allowing it to take that action, not giving it the ability to take the action." That is the purpose of NanoClaw. ®

Ucelený přehled článků, zpráviček a diskusí za minulých 7 dní.

Pozoruhodný systém komunikace mezi ptačími rodiči a jejich nevylíhlými potomky slouží jako účinná ochrana nové generace před ničivými vedry.

Černé díry jsou sice ikonické objekty astrofyziky, ale se všemi svými absurdními nekonečny jsou v mnoha ohledech přítěží. Dvojice fyziků z Frankfurtu nabízí jako alternativu gravastary, které obsahují kromě běžné i temnou hmotu. Zhroucení do černé díry v nich zarazí jejich vlastní malý Velký třesk a vznik minivesmmíru, jehož rozpínání stabilizuje gravastar.

Extremely powerful large language models (LLMs) still operate as though they’re typing on a keyboard, processing workloads in a simple left-to-right fashion. But in locally-run, single-user scenarios, this sequential processing can leave graphics processing units (GPUs) and tensor processing units (TPUs) underutilized.

Google is betting that DiffusionGemma can get around this bottleneck. The new experimental open model generates text “exceptionally fast,” creating entire blocks of text simultaneously through diffusion techniques rather than through token-by-token processing. The company says this technique results in 4x faster inference compared to auto-regressive models that rely on sequential processing.

It can also save users money. Technology analyst Carmi Levy noted that existing pay-per-token monetization models “penalize the use of less than optimally efficient AI solutions.”

But DiffusionGemma “could herald a new generation of task-defined, efficient solutions that can enable expanded compute capacity without draining the operations budget,” he said.

A contrast to left-to-right processing

Built on Google’s Gemma 4 family and its Gemini Diffusion research, DiffusionGemma is a 26B mixture-of-experts (MoE) model designed to maximize text output generation.

It essentially shifts how models use hardware, giving processors a larger hunk of work each cycle so it can draft full 256-token paragraphs in sequence. This allows the model to generate text up to 4x faster on GPUs, Google claims. It activates only 3.8B parameters during inference, and, when quantized, can fit within 18GB VRAM on high-end consumer GPUs like Nvidia RTX 5090.

“It upgrades your model inference from a single, sequential typewriter to a massive printing press that stamps the entire block of text simultaneously,” Google research scientists Brendan O’Donoghue and Sebastian Flennerhag wrote in a blog post.

AI image generators begin with pure, random ‘visual noise’ and iteratively refine that into a finalized picture (what’s known as ‘diffusion’); DiffusionGemma applies this same process to text. It does not generate tokens in order, but begins with a “canvas of random placeholder tokens” that it processes in multiple passes, identifying the context tokens it feels are most relevant and using those to refine the rest.

The model has the ability to self-correct, using confidence scoring to re-evaluate tokens in the next pass. “The model iteratively refines its own output, allowing it to evaluate the entire text block at once to fix mistakes in real-time,” O’Donoghue and Flennerhag explained.

DiffusionGemma also has bidirectional attention, they wrote. “Generating 256 tokens in parallel with each forward pass allows every token to attend to all others.” This can be particularly helpful in domains that are non-linear in nature, such as mathematical graphs, code infilling, and in-line editing, they said.

DiffusionGemma is optimized across Nvidia’s hardware stack, making it compatible with consumer setups as well as with high-performance enterprise systems like Hopper and Blackwell.

Because it is released under the Apache 2.0 license, developers can freely use, modify, distribute, and commercialize the software using their preferred tools. It can be run on GPUs or in the cloud through Google Cloud Model Garden or Nvidia NIM, and is available on Hugging Face, GitHub, and vLLM, with support for the open-source library llama.cpp coming soon.

Key use cases

The model is particularly useful in local workflows that are “speed critical,” such as generation of non-linear text structures, and unlocks what Google calls “new patterns of model behavior” like multimodal understanding and generating and rendering code in near real-time.

Levy explained, “DiffusionGemma is particularly well suited for interactive coding and editing where its efficiency allows rapid processing and iterations,” noting that its ability to fit within 18GB of VRAM and its deployability on commonly available local GPUs can potentially benefit customer service-related workloads that lean heavily on real-time interaction and local processing.

“DiffusionGemma also incorporates a thinking mode that is especially adept at problem solving,” he said. For instance, the model was fine-tuned to play Sudoku, a typically challenging task for autoregressive models because each token depends on future tokens. This “rather handily” illustrates the model’s capability to solve more complex problems, Levy noted.

Limitations

Google freely admits that DiffusionGemma is geared to specific workflows, and there are “key trade-offs.”

The model is engineered for small batch size inferencing and low-latency, high-speed generation low-to-medium batch sizes on a “single capable accelerator.”

In high-QPS cloud serving environments, (where infrastructure is designed to handle tens or hundreds of thousands of requests per second with ultra-low latency), DiffusionGemma’s parallel coding “offers diminishing returns,” and can even result in higher serving costs, Google conceded. In addition, its overall output quality is lower than that of standard Gemma 4, which is built for apps demanding maximum quality.

However, Levy noted that while DiffusionGemma “can be less precise than other models in certain workloads,” subsequent refinement cycles could overcome this limitation.

While Google isn’t sharing runtime costs, it’s clear that this is an efficiency play, he added. “When deployed across the kinds of workloads that would optimally benefit from its architecture, DiffusionGemma seems to have the potential to reduce processing overhead and related costs,” he said.

This article originally appeared on InfoWorld.

Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future. [...]

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate Swati Khandelwalhttp://www.blogger.com/profile/[email protected]

One of the world’s most active ransomware groups exploited a critical vulnerability in Oracle’s PeopleSoft software suite and used it to target about 100 customers and extort at least one of them to pay up in exchange for not leaking stolen data, researchers said.

The group, tracked as ShinyHunters, had been exploiting the PeopleSoft vulnerability for more than two weeks before Oracle flagged it. CVE-2026-35273, as the vulnerability is tracked, carries a severity rating of 9.8 out of 10, making the former zero-day one of the year’s most critical vulnerabilities to be exploited.

Google’s Mandiant security team said it’s an SSRF (server-side request forgery), a vulnerability that allows attackers to send requests from a susceptible server to systems used by the targeted organization. Oracle said the SSRF is remotely exploitable, and the company has issued a stopgap mitigation but has yet to fully patch the flaw. Google has confirmed that victims are receiving extortion demands.

Read full article

Comments

Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phishing-as-a-service (PhaaS) software kit called Outsider, per the tech giant. "The operation weaponized Gemini to help Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A disgruntled IT worker faces 21 months behind bars after being found guilty of sabotaging his former employer’s systems for more than a year and half. Ezekiel Dean Potter, 34, was fired from his IT support job at Iowa’s SaydelU Community School District (SCSD) in April 2023. He was found guilty of causing various technical damages to SCSD’s systems betwUeen May 2023 and January 2025.UU At his sentencing hearing on June 11, the court heard thaUt the IT worker had gathered and stored more than 300 Saydel user accountU credentials before he was terminated from his position. Potter’s other offenses included deleting SCSD’s Facebook page on June 1, 2023, and data related to its Apple School Manager program, which prevented it from managing Macs and iPads. The disgruntled worker, who the prosection described in its sentencing memo [PDF] as “a plague on the Saydel Community School District,” was just one of two IT staff members who had the required privileges to make changes to the Facebook account. The deletion ended up being a permanent one, and SCDC had to create a new page in August. Following his intrusion into the district’s Apple School Manager on June 14, 2023, SCSD’s IT team had to work with Apple for a week to restore their access after Potter deleted users’ passwords, phone numbers, billing information, and the primary mobile device server management information, court documents [PDF] showed. He also attempted to delete all user accounts and restricted access for those who still had one. Potter’s next offense took place between July and August 2023, when he attempted to interfere with SCSD’s GoDaddy account, unsuccessfully resetting usernames and passwords. Potter logged into this GoDaddy account no less than 26 times, including on one occasion where he used his company-issued PC supplied by his subsequent employer, convenience store and pizza chain Casey’s. The IT specialist then took an extended break from his cyber sabotage. Court documents mention Potter successfully gaining access to SCDC’s Google and Gmail accounts in October 2024, but he waited even longer to act on this access. It wasn’t until January 2025 that he logged into SCDC’s PowerSchool-based Schoology learning platform using one of the district’s Google accounts to which he had access, and deleted the account of one of the organization’s IT staff. This had the knock-on effect of locking out teachers during a school day and, in turn, preventing them from teaching for two hours. He returned a week later and deleted an additional nine district Gmail accounts, including current and former staff, the district IT director, and superintendent. Investigations showed that even though Potter switched to a VPN during one of the January intrusions, his IP address was later traced back to him and his employer, The Printer Inc, which he joined after leaving Casey’s. He left that job on January 23, 2025, for reasons not disclosed. Potter seemingly trusted at least one of his coworkers enough to “wipe” a USB drive he left in his old desk, asking them to do so after he departed the company. That trust was misplaced, however, as the coworker instead reported the USB to management, and what followed ultimately proved to be Potter’s undoing. The Printer Inc passed the USB to law enforcement, and later the FBI, which forensically examined the device, finding spreadsheets filled with more than 300 district usernames and passwords, a floor plan for Saydel High School, as well as personal data pertaining to Potter and pay stubs from his employment at SCSD. In total, the district incurred $73,375 worth of costs related to employees' lost time, digital forensics, learning downtime, and time spent working with other vendors to remediate his intrusions. SCSD's insurer spent an additional $27,893.75 in payments for digital forensics and remediation work, taking the total losses up to $101,268.81. Potter was indicted on October 15, 2025, and arrested the following day, but released on pretrial supervision after accepting responsibility for his offenses. He later entered a guilty plea in January 2026, and was found guilty in February. At his sentencing hearing on Thursday, Potter expressed deep regret for his actions, especially for disrupting children’s learning, and for failing his family. "I never intended to negatively affect students, but I recognize that harm was still done and I'm deeply sorry," he said, according to local media. "This experience humbled me in ways I never expected, but I needed that." His defense attorney, Joseph Herrold, stated: “Mr. Potter now fully sees the impact of his actions and deeply regrets the harm he caused.” Herrold argued against a prison term, instead asking for a five-year probation term, owing to Potter’s deep regret and the strong deterrent that comes with his felony conviction. The public defender also pointed to Potter’s clean criminal background, noting only one prior harassment misdemeanor related to a 2010 case, when he was just 18 years old. Potter was convicted following immature conduct from the backseat of a vehicle, for which he received a $65 fine. Herrold also said Potter’s restitution order to repay $59,668.81 in total, with $31,775.06 going to SCSD and $27,893.75 to its insurer, Travelers Indemnity Company, only furthered the deterrent effect, and would impact his lifestyle for years to come. Prosecuting the case, US attorney David C. Waterman, pushed instead for a 26-month prison term, saying: “Defendant’s actions were not a one-time lapse in judgment. They were calculated, malicious, and seemingly motivated only by the defendant’s vindictiveness.” He added: “The defendant’s attacks on SCSD’s systems are troubling not just because of the significant damage he caused – tens of thousands of dollars, without accounting for the unknown but clearly extensive disruption to teaching and school activities – but also because of the defendant’s motivations. “It appears the defendant repeatedly assaulted SCSD out of spite and pure maliciousness, despite knowing his actions would affect not only his former boss and IT colleagues, but also school faculty, administrators, and students.” ®

A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]

Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components that decide who is allowed to sign in, planting its access where ordinary cleanup could not reach it. The network it targeted had no Swati Khandelwalhttp://www.blogger.com/profile/[email protected]