Microsoft announced last month that Chinese state-sponsored hackers exploited vulnerabilities in SharePoint to breach hundreds of companies and government agencies, including the National Nuclear Security Administration and Department of Homeland Security. The company omitted that SharePoint support is handled by China-based engineers who have maintained the software for years.

ProPublica reviewed screenshots of Microsoft's internal systems showing China-based employees recently fixing bugs for SharePoint "OnPrem," the version targeted in the attacks. Microsoft told the publication that the China-based team operates under U.S. supervision and the company is relocating this work.

Disney "cloned" Dwayne Johnson when filming a live-action Moana, reports the Wall Street Journal, using an AI process that they were ultimately afraid to use: Under the plan they devised, Johnson's similarly buff cousin Tanoai Reed — who is 6-foot-3 and 250 pounds — would fill in as a body double for a small number of shots. Disney would work with AI company Metaphysic to create deepfakes of Johnson's face that could be layered on top of Reed's performance in the footage — a "digital double" that effectively allowed Johnson to be in two places at once... Johnson approved the plan, but the use of a new technology had Disney attorneys hammering out details over how it could be deployed, what security precautions would protect the data and a host of other concerns. They also worried that the studio ultimately couldn't claim ownership over every element of the film if AI generated parts of it, people involved in the negotiations said. Disney and Metaphysic spent 18 months negotiating on and off over the terms of the contract and work on the digital double. But none of the footage will be in the final film when it's released next summer...

Interviews with more than 20 current and former employees and partners present an entertainment giant torn between the inevitability of AI's advance and concerns about how to use it. Progress has at times been slowed by bureaucracy and hand-wringing over the company's social contract with its fans, not to mention its legal contract with unions representing actors, writers and other creative partners... For Disney, protecting its characters and stories while also embracing new AI technology is key. "We have been around for 100 years and we intend to be around for the next 100 years," said the company's legal chief, Horacio Gutierrez, in an interview. "AI will be transformative, but it doesn't need to be lawless...." [As recently as June, a Disney/Comcast Universal lawsuit had argued that Midjourney "is the quintessential copyright free-rider and a bottomless pit of plagiarism."]

Concerns about bad publicity were a big reason that Disney scrapped a plan to use AI in Tron: Ares — a movie set for release in October about an AI-generated soldier entering the real world. Since the movie is about artificial intelligence, executives pitched the idea of actually incorporating AI into one of the characters... as a buzzy marketing strategy, according to people familiar with the matter. A writer would provide context on the animated character — a sidekick to Jeff Bridges' lead role named Bit — to a generative AI program. Then on screen, the AI program, voiced by an actor, would respond to questions as Bit as cameras rolled. But with negotiations with unions representing writers and actors over contracts happening at the same time, Disney dismissed the idea, and executives internally were told that the company couldn't risk the bad publicity, the people said...

Disney's own history speaks to how studios have navigated technological crossroads before. When Disney hired Pixar to produce a handful of graphic images for its 1989 hit The Little Mermaid, executives kept the incorporation a secret, fearing backlash from fans if they learned that not every frame of the animated film had been hand-drawn. Such knowledge, executives feared, might "take away the magic."
Disney invested $1.5 billion in Fortnite creator Epic Games, acccording to the article, and is planning a world in Fortnite where gamers can interact with Marvel superheroes and creatures from Avatar. But "an experiment to allow gamers to interact with an AI-generated Darth Vader was fraught. Within minutes of launching the AI bot, gamers had figured out a way to make it curse in James Earl Jones's signature baritone." (Though Epic patched the workaround within 30 minutes.)

But the article spells out another concern for Disney executives. "If a Fortnite gamer creates a Darth Vader and Spider-Man dance that goes viral on YouTube, who owns that dance?

Established in 1943 to coordinate America's building of the first atomic bomb, the Los Alamos National Lab in New Mexico is still "one of the world's largest and most advanced scientific institutions" notes Wikipedia.

And it now has a "National Security AI Office," where senior director Jason Pruet is working to help "prepare for a future in which AI will reshape the landscape of science and security," according to the lab's science and technology magazine 1663. "This year, the Lab invested more in AI-related work than at any point in history..." Pruet: AI is starting to feel like the next great foundation for scientific progress. Big companies are spending billions on large machines, but the buy-in costs of working at the frontiers of AI are so high that no university has the exascale-class machines needed to run the latest AI models. We're at a place now where we, meaning the government, can revitalize that pact by investing in the infrastructure to study AI for the public good... Part of what we're doing with the Lab's machines, like Venado — which has 2500 GPUs — is giving universities access to that scale of computing. The scale is just completely different. A typical university might have 50 or 100 GPUs.

Right now, for example, we have partnerships with the University of California, the University of Michigan, and many other universities where researchers can tap into this infrastructure. That's something we want to expand on. Having university collaboration will be critical if the Department of Energy is going to have a comprehensive AI program at scale that is focused on national security and energy dominance...

There was a time when I wouldn't have advocated for government investment in AI at the scale we're seeing now. But the weight of the evidence has become overwhelming. Large models — "frontier models" — have shown such extraordinary capabilities with recent advances in areas as diverse as hypothesis generation, mathematics, biological design, and complex multiphysics simulations. The potential for transformative impact is too significant to ignore.
"He no longer views the technology as just a tool, but as a fundamental shift in how scientists approach problems and make discoveries," the article concludes.

"The global race humanity is now in... is about how to harness the technology's potential while mitigating its harms."

Thanks to Slashdot reader rabbitface25 — also a Los Alamo Lab science writer — for sharing his article.

The women-only app Tea now "faces two class action lawsuits filed in California" in response to a recent breach," reports NPR — even as the company is now boasting it has more than 6.2 million users.

A spokesperson for Tea told the CBC it's "working to identify any users whose personal information was involved" in a breach of 72,000 images (including 13,000 verification photos and images of government IDs) and a later breach of 1.1 million private messages. Tea said they will be offering those users "free identity protection services." The company said it removed the ID requirement in 2023, but data that was stored before February 2024, when Tea migrated to a more secure system, was accessed in the breach... [Several sites have pointed out Tea's current privacy policy is telling users selfies are "deleted immediately."]

Tea was reportedly intended to launch in Canada on Friday, according to information previously posted on the App Store, but as of this week the launch date is now in February 2026. Tea didn't respond to CBC's questions about the apparent delay. Yet even amid the current turmoil, Tea's waitlist has ballooned to 1.5 million women, all eager to join, the company posted on Wednesday. A day later, Tea posted in its Instagram stories that it had approved "well over" 800,000 women into the app that day alone.

So, why is it so popular, despite the drama and risks?
Tea tapped into a perceived weakness of ther dating apps, according to an associate health studies professor at Ontario's Western University interviewed by the CBC, who thinks users should avoid Tea, at least until its security is restored.

Tech blogger John Gruber called the incident "yet another data point for the argument that any 'private messaging' feature that doesn't use E2EE isn't actually private at all." (And later Gruber notes Tea's apparent absence at the top of the charts in Google's Play Store. "I strongly suspect that, although Google hasn't removed Tea from the Play Store, they've delisted it from discovery other than by searching for it by name or following a direct link to its listing.")

Besides anonymous discussions about specific men, Tea also allows its users to perform background and criminal record checks, according to NPR, as well as reverse image searches. But the recent breach, besides threatening the safety of its users, also "laid bare the anonymous, one-sided accusations against the men in their dating pools." The CBC points out there's a men's rights group on Reddit now urging civil lawsuits against tea as part of a plan to get the app shut down. And "Cleveland lawyer Aaron Minc, who specializes in cases involving online defamation and harassment, told The Associated Press that his firm has received hundreds of calls from people upset about what's been posted about them on Tea."

Yet in response to Tea's latest Instagram post, "The comments were almost entirely from people asking Tea to approve them, so they could join the app."

In Shanghai at the World Artificial Intelligence Conference (which ran until Tuesday), the Chinese government "announced an international organization for AI regulation and a 13-point action plan aimed at fostering global cooperation to ensure the technology's beneficial and responsible development," reports the Washington Post.

The theme of the conference was "Global Solidarity in the AI Era," the article notes, and "the expo is one part of Beijing's bid to establish itself as a responsible AI leader for the international community."

CNN points out that China's announcement comes "just days after the United States unveiled its own plan to promote U.S. dominance." Chinese Premier Li Qiang unveiled China's vision for future AI oversight at the World AI Conference, an annual gathering in Shanghai of tech titans from more than 40 countries... While Li did not directly refer to the U.S. in his speech, he alluded to the ongoing trade tensions between the two superpowers, which include American restrictions on advanced semiconductor exports — a component vital for powering and training AI, which is currently causing a shortage in China. "Key resources and capabilities are concentrated in a few countries and a few enterprises," said Li in his speech on Saturday. "If we engage in technological monopoly, controls and restrictions, AI will become an exclusive game for a small number of countries and enterprises...."

Secretary-General of the Association of Southeast Asian Nations, Dr. Kao Kim Hourn, also called for "robust governance" of artificial intelligence to mitigate potential threats, including misinformation, deepfakes, and cybersecurity threats... Former Google CEO Eric Schmidt reiterated the call for international collaboration, explicitly calling on the U.S. and China to work together... "We have a vested interest to keep the world stable, keep the world not at war, to keep things peaceful, to make sure we have human control of these tools."
China's plan "called for establishing an international open-source community," reports the Wall Street Journal, "through which AI models can be freely deployed and improved by users." Industry participants said that plan "showed China's ambition to set global standards for AI and could undermine the U.S., whose leading models aren't open-source... While the world's best large language model is still American, the best model that everyone can use free is now Chinese."

"The U.S. should commit to ensuring that powerful models remain openly available," argues an opinion piece in The Hill by Stability AI's former head of public policy. Ubiquity is a matter of national security: retreating behind paywalls will leave a vacuum filled by strategic adversaries. Washington should treat open technology not as a vector for Chinese Communist Party propaganda but as a vessel to transmit U.S. influence abroad, molding the global ecosystem around U.S. industry. If DeepSeek is China's open-source "Sputnik moment," we need a legislative environment that supports — not criminalizes — an American open-source Moon landing.

An anonymous reader quotes a report from Wired: An airline leaving all of its passengers' travel records vulnerable to hackers would make an attractive target for espionage. Less obvious, but perhaps even more useful for those spies, would be access to a premium travel service that spans 10 different airlines, left its own detailed flight information accessible to data thieves, and seems to be favored by international diplomats. That's what one team of cybersecurity researchers found in the form of Airportr, a UK-based luggage service that partners with airlines to let its largely UK- and Europe-based users pay to have their bags picked up, checked, and delivered to their destination. Researchers at the firm CyberX9 found that simple bugs in Airportr's website allowed them to access virtually all of those users' personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US.

Airportr's CEO Randel Darby confirmed CyberX9's findings in a written statement provided to WIRED but noted that Airportr had disabled the vulnerable part of its site's backend very shortly after the researchers made the company aware of the issues last April and fixed the problems within a few day. "The data was accessed solely by the ethical hackers for the purpose of recommending improvements to Airportr's security, and our prompt response and mitigation ensured no further risk," Darby wrote in a statement. "We take our responsibilities to protect customer data very seriously." CyberX9's researchers, for their part, counter that the simplicity of the vulnerabilities they found mean that there's no guarantee other hackers didn't access Airportr's data first. They found that a relatively basic web vulnerability allowed them to change the password of any user to gain access to their account if they had just the user's email address -- and they were also able to brute-force guess email addresses with no rate limitations on the site. As a result, they could access data including all customers' names, phone numbers, home addresses, detailed travel plans and history, airline tickets, boarding passes and flight details, passport images, and signatures.

By gaining access to an administrator account, CyberX9's researchers say, a hacker could also have used the vulnerabilities it found to redirect luggage, steal luggage, or even cancel flights on airline websites by using Airportr's data to gain access to customer accounts on those sites. The researchers say they could also have used their access to send emails and text messages as Airportr, a potential phishing risk. Airportr tells WIRED that it has 92,000 users and claims on its website that it has handled more than 800,000 bags for customers. [...] The researchers found that they could monitor their browser's communications as they signed up for Airportr and created a new password, and then reuse an API key intercepted from those communications to instead change another user's password to anything they chose. The site also lacked a "rate limiting" security measure that would prevent automated guesses of email addresses to rapidly change the password of every user's account. And the researchers were also able to find email addresses of Airportr administrators that allowed them to take over their accounts and gain their privileges over the company's data and operations. "Anyone would have been able to gain or might have gained absolute super-admin access to all the operations and data of this company," says Himanshu Pathak, CyberX9's founder and CEO. "The vulnerabilities resulted in complete confidential private information exposure of all airline customers in all countries who used the service of this company, including full control over all the bookings and baggage. Because once you are the super-admin of their most sensitive systems, you have have the ability to do anything."

Microsoft has discontinued Windows 11 SE, its education-focused operating system designed for low-cost school PCs. The company confirmed that Windows 11 SE will not receive the upcoming version 25H2 update and support will end in October 2026, including security updates and technical assistance.

Launched in 2021 as a Chrome OS competitor, Windows 11 SE featured artificial limitations like reduced multitasking capabilities and restricted app installation to create a simplified experience for students. The discontinuation leaves Microsoft without a dedicated lightweight Windows edition for the education market, where Chromebooks have gained significant popularity over the past decade.

Australia's spy chief has warned that defense workers are exposing themselves to foreign intelligence services through LinkedIn profiles that detail classified projects and security clearances. Director-General Mike Burgess said over 35,000 Australians on the platform indicate access to sensitive information, with 7,000 mentioning defense work and 400 listing involvement in the AUKUS nuclear submarine program. Foreign spies routinely scour professional networking sites posing as consultants and recruiters, Burgess said.

Hackers from the group UNC2891 attempted a high-tech bank heist by physically planting a 4G-enabled Raspberry Pi inside a bank's ATM network, using advanced malware hidden with a never-before-seen Linux bind mount technique to evade detection. "The trick allowed the malware to operate similarly to a rootkit, which uses advanced techniques to hide itself from the operating system it runs on," reports Ars Technica. Although the plot was uncovered before the hackers could hijack the ATM switching server, the tactic showcased a new level of sophistication in cyber-physical attacks on financial institutions. The security firm Group-IB, which detailed the attack in a report on Wednesday, didn't say where the compromised switching equipment was located or how attackers managed to plant the Raspberry Pi. Ars Technica reports: To maintain persistence, UNC2891 also compromised a mail server because it had constant Internet connectivity. The Raspberry Pi and the mail server backdoor would then communicate by using the bank's monitoring server as an intermediary. The monitoring server was chosen because it had access to almost every server within the data center. As Group-IB was initially investigating the bank's network, researchers noticed some unusual behaviors on the monitoring server, including an outbound beaconing signal every 10 minutes and repeated connection attempts to an unknown device. The researchers then used a forensic tool to analyze the communications. The tool identified the endpoints as a Raspberry Pi and the mail server but was unable to identify the process names responsible for the beaconing.

The researchers then captured the system memory as the beacons were sent. The review identified the process as lightdm, a process associated with an open source LightDM display manager. The process appeared to be legitimate, but the researchers found it suspicious because the LightDM binary was installed in an unusual location. After further investigation, the researchers discovered that the processes of the custom backdoor had been deliberately disguised in an attempt to throw researchers off the scent.

[Group-IB Senior Digital Forensics and Incident Response Specialist Nam Le Phuong] explained: "The backdoor process is deliberately obfuscated by the threat actor through the use of process masquerading. Specifically, the binary is named "lightdm", mimicking the legitimate LightDM display manager commonly found on Linux systems. To enhance the deception, the process is executed with command-line arguments resembling legitimate parameters -- for example, lightdm -- session child 11 19 -- in an effort to evade detection and mislead forensic analysts during post-compromise investigations. These backdoors were actively establishing connections to both the Raspberry Pi and the internal Mail Server."

CISA has publicly released Thorium, a powerful open-source platform developed with Sandia National Labs that automates malware and forensic analysis at massive scale. According to BleepingComputer, the platform can "schedule over 1,700 jobs per second and ingest over 10 million files per hour per permission group." From the report: Security teams can use Thorium for automating and speeding up various file analysis workflows, including but not limited to:

- Easily import and export tools to facilitate sharing across cyber defense teams,
- Integrate command-line tools as Docker images, including open-source, commercial, and custom software,
- Filter results using tags and full-text search,
- Control access to submissions, tools, and results with strict group-based permissions,
- Scale with Kubernetes and ScyllaDB to meet workload demands.

Defenders can find installation instructions and get their own copy of Thorium from CISA's official GitHub repository.

An anonymous reader quotes a report from Ars Technica: E-commerce giants everywhere felt the sting Wednesday when President Donald Trump announced that the US will be "suspending duty-free de minimis treatment for low-value shipments" worth $800 or less from anywhere in the world. Americans will likely soon feel the crunch, with one recent study estimating that the cost of eliminating the trade loophole overall to US consumers could fall between $10.9 billion and $13 billion while "disproportionately" hurting "lower-income and minority consumers" who buy a higher percentage of cheap imports.

Price hikes will likely come this fall, as the trade loophole will be closed starting on August 29, with Amazon emerging as perhaps the biggest question mark for US consumers wondering how hard their wallets may be hit by the major trade policy change ahead of the holiday shopping season. In February, Trump temporarily ended the de minimis exemption for all imports from China, prompting China-based retailers Temu and Shein to raise their prices.

Beijing has summoned Nvidia over alleged security issues with its chips, in a blow to the US company's push to revive sales in the country after Washington granted approval for the export of a made-for-China chip. From a report: China's cyber regulator on Thursday said it had held a meeting with Nvidia over what it called "serious security issues" with the company's artificial intelligence chips.

It said US AI experts had "revealed that Nvidia's computing chips have location tracking and can remotely shut down the technology." The Cyberspace Administration of China requested that Nvidia explain the security problems associated with the H20 chip, which was designed for the Chinese market to comply with US export restrictions, and submit documentation to support their case.

Earlier this month, Hewlett-Packard Enterprise settled its antitrust case with the U.S. Justice Department, "paving the way for its acquisition of rival kit maker Juniper Networks" for $14 billion. According to Axios, the deal was heavily influenced by national security concerns and a desire to bolster American competition against China's Huawei. The outlet reports that the U.S. intelligence community "intervened to persuade the Justice Department that allowing the merger to proceed was essential to helping U.S. business compete with China's Huawei Technologies, among other national-security issues." From the report: "In light of significant national security concerns, a settlement ... serves the interests of the United States by strengthening domestic capabilities and is critical to countering Huawei and China." The official said blocking the deal would have "hindered American companies and empowered" Chinese competitors. A Justice Department spokesman added that DOJ "works very closely with our partners in the IC [intelligence community] and always considers their views when deciding how best to proceed with a case."

The merger was back in the news this week with reports that two senior enforcers in the DOJ's antitrust division were fired Monday amid infighting over the department's settlement greenlighting HPE's $14 billion acquisition of Juniper. Attorney General Pam Bondi had conversations with top intelligence officials that convinced her there was a strong national interest in not driving allies to Chinese technology, a senior administration official tells us.

An anonymous reader quotes a report from Ars Technica: In a rare move, Google has confirmed it will sign the European Union's AI Code of Practice, a framework it initially opposed for being too harsh. However, Google isn't totally on board with Europe's efforts to rein in the AI explosion. The company's head of global affairs, Kent Walker, noted that the code could stifle innovation if it's not applied carefully, and that's something Google hopes to prevent. While Google was initially opposed to the Code of Practice, Walker says the input it has provided to the European Commission has been well-received, and the result is a legal framework it believes can provide Europe with access to "secure, first-rate AI tools." The company claims that the expansion of such tools on the continent could boost the economy by 8 percent (about 1.8 trillion euros) annually by 2034.

These supposed economic gains are being dangled like bait to entice business interests in the EU to align with Google on the Code of Practice. While the company is signing the agreement, it appears interested in influencing the way it is implemented. Walker says Google remains concerned that tightening copyright guidelines and forced disclosure of possible trade secrets could slow innovation. Having a seat at the table could make it easier to bend the needle of regulation than if it followed some of its competitors in eschewing voluntary compliance. [...] The AI Code of Practice aims to provide AI firms with a bit more certainty in the face of a shifting landscape. It was developed with the input of more than 1,000 citizen groups, academics, and industry experts. The EU Commission says companies that adopt the voluntary code will enjoy a lower bureaucratic burden, easing compliance with the block's AI Act, which came into force last year.

Under the terms of the code, Google will have to publish summaries of its model training data and disclose additional model features to regulators. The code also includes guidance on how firms should manage safety and security in compliance with the AI Act. Likewise, it includes paths to align a company's model development with EU copyright law as it pertains to AI, a sore spot for Google and others. Companies like Meta that don't sign the code will not escape regulation. All AI companies operating in Europe will have to abide by the AI Act, which includes the most detailed regulatory framework for generative AI systems in the world. The law bans high-risk uses of AI like intentional deception or manipulation of users, social scoring systems, and real-time biometric scanning in public spaces. Companies that violate the rules in the AI Act could be hit with fines as high as 35 million euros ($40.1 million) or up to 7 percent of the offender's global revenue.

Journalist Jack Poulson accidentally discovered that Google had completely removed two of his articles from search results after someone exploited a vulnerability in the company's Refresh Outdated Content tool.

The security flaw allowed malicious actors to de-list specific web pages by submitting URLs with altered capitalization to Google's recrawling system. When Google attempted to index these modified URLs, the system received 404 errors and subsequently removed all variations of the page from search results, including the original legitimate articles.

The affected stories concerned tech CEO Delwin Maurice Blackman's 2021 arrest on felony domestic violence charges. In a statement to 404 Media, Google confirmed the vulnerability and said it had deployed a fix for the issue.

BrianFagioli writes: AI might be the future of software development, but a new report suggests we're not quite ready to take our hands off the wheel. Veracode has released its 2025 GenAI Code Security Report, and the findings are pretty alarming. Out of 80 carefully designed coding tasks completed by over 100 large language models, nearly 45 percent of the AI-generated code contained security flaws.

That's not a small number. These are not minor bugs, either. We're talking about real vulnerabilities, with many falling under the OWASP Top 10, which highlights the most dangerous issues in modern web applications. The report found that when AI was given the option to write secure or insecure code, it picked the wrong path nearly half the time.

Minnesota Governor Tim Walz has activated the National Guard to assist the City of Saint Paul after a cyberattack crippled the city's digital services on Friday. "The city is currently working with local, state, and federal partners to investigate the attack and restore full functionality, and says that emergency services have been unaffected," reports BleepingComputer. "However, online payments are currently unavailable, and some services in libraries and recreation centers are temporarily unavailable." From the report: The attack has persisted through the weekend, causing widespread disruptions across the city after affecting St. Paul's digital services and critical systems. "St. Paul officials have been working around the clock since discovering the cyberattack, closely coordinating with Minnesota Information Technology Services and an external cybersecurity vendor. Unfortunately, the scale and complexity of this incident exceeded both internal and commercial response capabilities," reads an emergency executive order (PDF) signed on Tuesday.

"As a result, St. Paul has requested cyber protection support from the Minnesota National Guard to help address this incident and make sure that vital municipal services continue without interruption." "The decision to deploy cyber protection support from the Minnesota National Guard comes at the city's request, after the cyberattack's impact exceeded St. Paul's incident response capacity. This will ensure the continuity of vital services for Saint Paul residents, as well as their security and safety while ongoing disruptions are being mitigated. "We are committed to working alongside the City of Saint Paul to restore cybersecurity as quickly as possible," Governor Walz said on Tuesday. "The Minnesota National Guard's cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts."

ZDNet's Steven Vaughan-Nichols shares his list of "what's new and improved" in the latest Linux 6.16 kernel. An anonymous reader shares an excerpt from the report: First, the Rust language is continuing to become more well-integrated into the kernel. At the top of my list is that the kernel now boasts Rust bindings for the driver core and PCI device subsystem. This approach will make it easier to add new Rust-based hardware drivers to Linux. Additionally, new Rust abstractions have been integrated into the Direct Rendering Manager (DRM), particularly for ioctl handling, file/GEM memory management, and driver/device infrastructure for major GPU vendors, such as AMD, Nvidia, and Intel. These changes should reduce vulnerabilities and optimize graphics performance. This will make gamers and AI/ML developers happier.

Linux 6.16 also brings general improvements to Rust crate support. Crate is Rust's packaging format. This will make it easier to build, maintain, and integrate Rust kernel modules into the kernel. For those of you who still love C, don't worry. The vast majority of kernel code remains in C, and Rust is unlikely to replace C soon. In a decade, we may be telling another story. Beyond Rust, this latest release also comes with several major file system improvements. For starters, the XFS filesystem now supports large atomic writes. This capability means that large multi-block write operations are 'atomic,' meaning all blocks are updated or none. This enhances data integrity and prevents data write errors. This move is significant for companies that use XFS for databases and large-scale storage.

Perhaps the most popular Linux file system, Ext4, is also getting many improvements. These boosts include faster commit paths, large folio support, and atomic multi-fsblock writes for bigalloc filesystems. What these improvements mean, if you're not a file-system nerd, is that we should see speedups of up to 37% for sequential I/O workloads. If your Linux laptop doubles as a music player, another nice new feature is that you can now stream your audio over USB even while the rest of your system is asleep. That capability's been available in Android for a while, but now it's part of mainline Linux.

If security is a top priority for you, the 6.16 kernel now supports Intel Trusted Execution Technology (TXT) and Intel Trusted Domain Extensions (TDX). This addition, along with Linux's improved support for AMD Secure Encrypted Virtualization and Secure Memory Encryption (SEV-SNP), enables you to encrypt your software's memory in what's known as confidential computing. This feature improves cloud security by encrypting a user's virtual machine memory, meaning someone who cracks a cloud can't access your data. Linux 6.16 also delivers several chip-related upgrades. It introduces support for Intel's Advanced Performance Extensions (APX), doubling x86 general-purpose registers from 16 to 32 and boosting performance on next-gen CPUs like Lunar Lake and Granite Rapids Xeon. Additionally, the new CONFIG_X86_NATIVE_CPU option allows users to build processor-optimized kernels for greater efficiency.

Support for Nvidia's AI-focused Blackwell GPUs has also been improved, and updates to TCP/IP with DMABUF help offload networking tasks to GPUs and accelerators. While these changes may go unnoticed by everyday users, high-performance systems will see gains and OpenVPN users may finally experience speeds that challenge WireGuard.

Jack Dorsey's new app Bitchat is now available on the iOS App Store. The decentralized, peer-to-peer messaging app uses Bluetooth mesh networks for encrypted, ephemeral chats without requiring accounts, servers, or internet access. Dorsey said he built it over a weekend and cautioned that it "has not received external security review and may contain vulnerabilities..." TechCrunch reports: The app's UX is very minimal. There is no log-in system, and you're immediately brought to an instant messaging box, where you can see what nearby users are saying (if anyone is actually around you and using the app) and set your display name, which can be changed at any time. [...] Dorsey has not directly addressed the fake Bitchat apps on the Google Play store, but he did repost another user's X post that said that Bitchat is not yet on Google Play, and to "beware of fakes."

Cisco has donated its AGNTCY initiative to the Linux Foundation, aiming to create an open-standard "Internet of Agents" to allow AI agents from different vendors to collaborate seamlessly. The project is backed by tech giants like Google Cloud, Dell, Oracle and Red Hat. "Without such an interoperable standard, companies have been rushing to build specialized AI agents," writes ZDNet's Steven Vaughan-Nichols. "These work in isolated silos that cannot work and play well with each other. This, in turn, makes them less useful for customers than they could be." From the report: AGNTCY was first open-sourced by Cisco in March 2025 and has since attracted support from over 75 companies. By moving it under the Linux Foundation's neutral governance, the hope is that everyone else will jump on the AGNTCY bandwagon, thus making it an industry-wide standard. The Linux Foundation has a long history of providing common ground for what otherwise might be contentious technology battles. The project provides a complete framework to solve the core challenges of multi-agent collaboration:

- Agent Discovery: An Open Agent Schema Framework (OASF) acts like a "DNS for agents," allowing them to find and understand the capabilities of others.
- Agent Identity: A system for cryptographically verifiable identities ensures agents can prove who they are and perform authorized actions securely across different vendors and organizations.
- Agent Messaging: A protocol named Secure Low-latency Interactive Messaging (SLIM) is designed for the complex, multi-modal communication patterns of agents, with built-in support for human-in-the-loop interaction and quantum-safe security.
- Agent Observability: A specialized monitoring framework provides visibility into complex, multi-agent workflows, which is crucial for debugging probabilistic AI systems.

You may well ask, aren't there other emerging AI agency standards? You're right. There are. These include the Agent2Agent (A2A) protocol, which was also recently contributed to the Linux Foundation, and Anthropic's Model Context Protocol (MCP). AGNTCY will help agents using these protocols discover each other and communicate securely. In more detail, it looks like this: AGNTCY enables interoperability and collaboration in three primary ways:

- Discovery: Agents using the A2A protocol and servers using MCP can be listed and found through AGNTCY's directories. This enables different agents to discover each other and understand their functions.
- Messaging: A2A and MCP communications can be transported over SLIM, AGNTCY's messaging protocol designed for secure and efficient agent interaction.
- Observability: The interactions between these different agents and protocols can be monitored using AGNTCY's observability software development kits (SDKs), which increase transparency and help with debugging complex workflows You can view AGNTCY's code and documentary on GitHub.