Developers are booting an open source version of Windows NT on the Raspberry Pi 5, and while useful software isn't here yet, it is a big step forward.

Owners of certain HP laptops are currently facing an annoying problem. Due to a faulty BIOS update, they are no longer able to update their devices or use them in any other way.

According to The Register, the update was automatically delivered to all affected users via Windows Update. The first problems arose around four months ago and are reminiscent of a similar issue where Windows users have…

The Register:
Cloud provider Railway says Google Cloud temporarily suspended its account without cause; in 2024, GCP deleted the account of an Australian pension fund — PaaS platform Railway says Google temporarily suspended its account on Wednesday without cause, inducing a major outage.

Simon Sharwood / The Register:
In his weekly Linux kernel post, Linus Torvalds says “AI tools are great” but the flood of duplicate AI bug reports has made the security list “unmanageable” — Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’

Fragnesia, the latest local privilege escalation vulnerability in the same family as Dirty Frag, emerges as an “unintended side effect of one of the patches addressing the original Dirty Frag vulnerabilities” according to the original creator of Dirty Frag, Hyunwood Kim.

Apple supplier Foxconn has confirmed a cyberattack on several of its U.S. factories, after a ransomware group claimed to have stolen confidential Apple project files as part of the hack.

The Nitrogen group posted the breach on its data leak site this week, claiming to have made off with 8TB of data spanning more than 11 million files. Alongside the allegedly stolen Apple files, Nitrogen claims…

แพ็กเกจ npm และ PyPI หลายตัวถูกฝังมัลแวร์ Mini Shai-Hulud ผ่าน GitHub Actions

Body

บริษัทความปลอดภัย Socket ประกาศตรวจพบว่าแพ็กเกจซอฟต์แวร์ชื่อดังหลายตัวในระบบ npm และ PyPI โดนฝัง มัลแวร์กลุ่ม Mini Shai-Hulud ที่เคยอาละวาดช่วงปลายปี 2025 (ตั้งชื่อตามหนอนยักษ์ในเรื่อง Dune) และก่อนหน้านี้เพิ่งเคยเจาะแพ็กเกจ npm ตัวอื่นคือ SAP, Intercom กับแพ็กเกจ PyPI lightning เมื่อช่วงปลายเดือนเมษายน…

Simon Sharwood / The Register:
Arm expects the AGI CPU, its own AI chip for data centers, to drive $2B in sales in FY2027 and FY2028, doubling its March 2026 sales guidance for the period — Someone other than Meta is buying $1bn of its new AGI chips — Chip design company Arm says the datacenter will soon be its biggest source of revenue.

Brandon Vigliarolo / The Register:
GitHub says it has begun collecting pseudonymous client-side telemetry from command-line interface (CLI) users and enabled it by default — Opt-out instructions included if you're not keen on GitHub watching you in the name of product improvement — Users of GitHub's command-line interface (CLI) who value privacy, beware.

Connor Jones / The Register:
The UK's High Court rules that London's Metropolitan Police can keep using live facial recognition; police say the tech has led to 2,100+ arrests since 2024 — London's Metropolitan Police Service (MPS) has survived a legal challenge that attempted to curb its rollout of live facial recognition (LFR) technology across the capital.

Has IPv6 finally reached its day of glory?

It’s fair to say that IPv6 has not had the level of take-up expected when the Internet Engineering Task Force (IETF) ratified it back in 1998. Take-up has been agonizingly slow, not reaching 5 percent of traffic until 2014. However, the use of IPv6 has been slowly climbing since, and according to Google statistics, briefly accounted for 50.1% of the…

Has IPv6 finally reached its day of glory?

It’s fair to say that IPv6 has not had the level of take-up expected when the Internet Engineering Task Force (IETF) ratified it back in 1998. Take-up has been agonizingly slow, not reaching 5 percent of traffic until 2014. However, the use of IPv6 has been slowly climbing since, and according to Google statistics, briefly accounted for 50.1% of the…

Hacker One says that the rise of AI bug reports is overwhelming projects, meaning the bug bounty system needs to be rethought.

Thomas Claburn / The Register:
Two versions of LiteLLM, an interface for accessing LLMs, have been removed from PyPI after a supply chain attack injected them with credential-stealing code — Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index …

L'Echo et Le Soir ont annoncé cette semaine que Palantir, le géant américain de l'analyse de données, piloté par Peter Thiel, l’ami personnel du vice-Président J.D. Vance, avait créé une filiale en Belgique en décembre 2025 — deux mois après une rencontre entre Theo Francken et ses représentants

Simon Sharwood / The Register:
The Linux Foundation announces $12.5M in total grants from Google and others to help FOSS maintainers cope with the influx of AI-generated security findings   —  Half a dozen Big Tech players have together delivered $12.5 million in grants towards a project that aims to help maintainers …

Tobias Mann / The Register:
Nvidia unveils a server rack with 256 Vera CPUs, with each CPU featuring 88 custom Olympus cores and LPDDR5X memory for up to 1.2 TB/s of bandwidth   —  GTC Intel and AMD take notice.  At GTC on Monday, Nvidia unveiled its latest liquid-cooled rack systems.

Jessica Lyons / The Register:
A US DOJ-led international law enforcement operation disrupted SocksEscort, a residential proxy network used to exploit residential routers worldwide   —  Cops from eight countries this week disrupted SocksEscort, a residential proxy service used by criminals to compromise hundreds of thousands …

Thomas Claburn / The Register:
The AI-assisted overhaul of a Python character encoding detection library raises questions about software relicensing and derivative versions of the original   —  Alarm bells are ringing in the open source community, but commercial licensing is also at risk  —  Earlier this week, Dan Blanchard …

Jessica Lyons / The Register:
Google's TIG documented 90 zero-day vulnerabilities exploited in 2025, up from 78 in 2024; commercial spyware vendors and China-linked groups led the abuse   —  Of the 90 zero-days GTIG tracked in 2025, 43 hit enterprise tech  —  Zero-day exploitation targeting enterprise tech products reached …

TL;DR:

Open Source SecurityCon Europe → Agenda live and registration open

Securing Agentic AI in Practice → March 17 Tech Talk on AI/ML security in action

Compiler Annotations Guide → Practical C/C++ hardening without rewrites

Security Slam 2026 → 30-day challenge to level up project security

CRA in Practice @ FOSDEM → Turning regulation into actionable steps

Package Repository Security…

Tim Anderson / The Register:
A Cloudflare engineer rebuilt Next.js from scratch in one week using AI, reimplementing 94% of its API and spending $1,100 on Claude tokens   —  Uses Vite and Claude to sidestep Vercel lock-in  —  A Cloudflare engineer says he has implemented 94 percent of the Next.js API by directing Anthropic's Claude …

Simon Sharwood / The Register:
HP says memory now accounts for 35% of its PC bill of materials, up from 15% to 18% in Q4 2025, and expects RAM's share to rise through 2026   —  HP Inc. has revealed that memory now accounts for 35 percent of the cost of materials it needs to build a PC, up from between 15 and 18 percent last quarter.

Wolfram Weimer möchte „wie die Amerikaner“ die Eigentumsfrage stellen. Das kann nur schiefgehen.

O grupo cibercriminoso ShinyHunters está chantageando a rede hoteleira Wynn Resorts , com empreendimentos em Las Vegas e Boston (Estados Unidos), além de Macau (China). A ameaça envolve a publicação dos dados de 800 mil clientes e funcionários , cobrindo informações como nomes completos, endereços de e-mail, telefone, cargos, salários, datas e outros dados.

Segundo o The Register, uma…

Meta สั่งซื้อชิปจาก NVIDIA เพิ่มอีกจำนวนมาก: Grace, Blackwell, Rubin

Body

Meta ประกาศความตกลงระยะยาวกับ NVIDIA จัดซื้อจีพียู Blackwell/Rubin, ซีพียู Grace และอุปกรณ์เครือข่าย Spectrum-X Ethernet สำหรับศูนย์ข้อมูล AI

การซื้อครั้งนี้ยังส่งผลให้ศูนย์ข้อมูลของ Meta มีเครื่องที่ใช้ซีพียู Grace ล้วนๆ (รันด้วยซีพียูอย่างเดียว ไม่ต้องใช้จีพียู) จำนวนมากเป็นครั้งแรกของ NVIDIA ด้วย (first large-scale…

Microsoft retiring standalone SharePoint Online Plan 1/2 and OneDrive for Business Plan 1/2. Sales end June 2026, renewals end January 2027, full retirement December 2029.