SoylentNews

jelizondo writes:

CNN published a very interesting article:

German psychologist Wolfgang Köhler set up a famous experiment more than 100 years ago that changed how scientists understand animal intelligence and the power of insight — or spontaneous problem-solving.

Köhler made what he described as a playground for a group of chimpanzees with a banana hanging out of reach and various items — boxes, poles and sticks — lying around. The strewn objects offered opportunities for the animals to explore, and the food presented a challenge for them to unlock. After fruitlessly trying to snatch the banana, the chimps quickly started rearranging the items. The apes eventually stacked the boxes and easily grabbed the reward.

The experiment demonstrated that chimps were capable of insight. While most animals can do basic problem-solving, insight is a step up because it's an understanding of cause and effect that does not rely on trial and error, copying others, or previous knowledge. Scientists have observed this cognitive ability in only a handful of species: great apes, elephants and some birds. There is an ongoing scientific debate over whether even more species — invertebrates such as octopuses and certain spiders — should also join the ranks of the spontaneous problem solvers.

Now, a study published Thursday in the journal Science suggests that bumblebees possess insight. In a lab experiment, the insects were able to roll a plastic foam ball underneath an artificial blue flower, climb over the ball and use it to reach the flower, obtaining a sugary reward. "We showed for the first time that bumblebees can solve a completely novel object-manipulation task, spontaneously and without being trained to do so, or without any trial and error," said lead author Akshaye Bhambore, a doctoral researcher at the University of Oulu in Finland.

Bumblebees can use socially learned behaviors and logical reasoning to solve puzzles, previous studies have shown. In the new experiment, however, the researchers exposed the insects to the separate elements of the task but never trained them on the solution itself.

This result suggests that a tiny insect brain can support surprisingly flexible behavior, according to James Nieh, a professor in the department of ecology, behavior and evolution at the University of California San Diego, who was not involved with the study. "Bees do not normally move objects around to make platforms, so this is not a natural bumble bee behavior," he wrote in an email. "But the experiment shows that they can remember a hidden goal location and manipulate an object in relation to that goal."

This exciting new study shows that insects can learn and change their behavior in ways scientists are only just starting to understand, Natalie Hempel de Ibarra, an associate professor of neuroethology at the University of Exeter in England, said in an email. Hempel de Ibarra was not part of the research. This flexibility could shape how bees and other pollinators interact with flowers, helping them cope with challenges as environments and landscapes change, she added.

Journal Reference: Akshaye A. Bhambore et al., Spontaneous problem-solving in bumble bees, Science, 4 Jun 2026, Vol 392, Issue 6802, pp. 1046-1049 DOI: 10.1126/science.ady1618

Original Submission

Arthur T Knackerbracket writes:

China's support is greater relative to semiconductor industry revenue:

A report from the Organization for Economic Co-operation and Development (OECD) has found that semiconductor firms based in the United States received more government support than those based in any other region.

However, support for China's chip industry was larger relative to the revenue generated by Chinese semiconductor firms, reaching close to 10 percent of sales in the early 2020s.

The OECD - a forum for members espousing the market economy and democracy - said the global semiconductor market was worth $631 billion in 2024. It expected continued growth on the back of investment in datacenters, artificial intelligence, and autonomous driving. Its measure of the market includes chip design, manufacturing, testing and packaging, but not manufacturing equipment such as photolithography machines.

Firms based in the United States and Asia (eg Japan, Korea, and Taiwan) have long been the key players in the semiconductor sector, with Asia's role growing in importance as part of the supply chain was relocated there. Asia has, over the last two decades, become a global center for chip manufacturing and trade, although the United States maintains an important role in high-value segments of the supply chain, including in chip design. The sample of firms covered by the OECD MAGIC database thus includes a relatively large number of firms based in Asia and the United States, as well as large actors based in Europe, which largely serve the automotive industry. The sample is estimated to cover between 64 percent and 83 percent of global sales, depending on the year and how the sector's scope is defined.

"In absolute terms, firms based in the United States were the largest beneficiaries of government support, which notably includes the support these firms received in other jurisdictions in which they operate (eg in Asia), as well as the introduction of new subsidy programs in the United States. Subsidies to firms based in the OECD Asia-Pacific region also expanded steadily throughout the period for similar reasons. While subsidies to semiconductor manufacturers based in China have been modest in absolute terms, they represented a significant amount relative to their sales, reaching close to 10 percent of revenue in the early 2020s," the report said.

Arthur T Knackerbracket writes:

Alan Turing proposed a test for machine intelligence: could a computer convince a human it was human? We have begun conducting the same test on ourselves:

Typos are a sign of a human writer… for now

Recently, a friend told me over coffee about some disheartening feedback she had received. “They said it was good,” she said, “but that it read like it was written by AI.” Knowing her, I understood immediately what had happened. Her credibility was being questioned not because her work was poor, but because it was too good – too clear, too fluent, too polished.

The rapid acceleration of artificial intelligence tools is changing how we think about good writing. In the digital age, it is increasingly important to signal that an actual person – not a faceless large language model – is behind the words. One paradoxical way of doing this is, surprisingly, to damage the quality of your own writing.

Alan Turing even made such a suggestion in the 1950s: sprinkle in a few deliberate typographical errors to appear more convincingly human. The irony, of course, is that Turing was addressing that advice to machines.

My friend’s experience isn’t an isolated one. Writing well, once a mark of skill, has become, for a growing number of readers, reviewers and hiring managers, a source of moral suspicion. The skills we once used to signal intelligence and effort – clarity, precision, a well-turned sentence – are starting to lose their meaning.

The problem lies in our inability to easily detect AI-written content, making false positives (that is, wrongly accusing someone of using AI tools) a serious concern. Studies have shown that neither humans nor AIs can reliably distinguish between human- and machine-generated writing. When human- and AI-generated writing is intermixed, performance becomes even worse. As a result, many universities that had been using plagiarism-detection tools for AI detection have stopped due to concerns about their reliability.

Arthur T Knackerbracket writes:

But NASA's Jared Isaacman believes the launchpad, which exploded on May 28, may not be fixed until 2028:

Blue Origin may or may not have to sit out the most immediate moon-bound missions for NASA — it depends on who you ask. The agency's administrator, Jared Isaacman, told CNBC that it will "take some serious time" for Blue Origin to restore its New Glenn launchpad, which exploded on May 28, and that a 2028 timeframe is "within the realm" of possibility. However, Blue Origin's CEO believes his company can repair it much, much sooner. "We will fly again before the end of this year. Gradatim Ferociter," Dave Limp wrote on X.

If you'll recall, Blue Origin's Cape Canaveral launchpad exploded with the heavy-lift rocket while the company was conducting a hotfire test to prepare New Glenn for its fourth mission. Isaacman toured the facility, known as Launch Complex 36, on May 29 to see the damage firsthand and to talk to the team. The company had only just started testing the rocket after it was grounded by the Federal Aviation Administration (FAA), following its third mission wherein it failed to put its payload into orbit. It was given permission to launch New Glenn again after closing an investigation that found a "cryogenic leak" to be the cause of the incident.

It's still unclear what caused the explosion on May 28. Limp made the claim that New Glenn will fly again before the end of this year after Blue Origin regained access to the launchpad and was able to start its investigation. He said that the rocket's fuel tanks were in good shape and that the "support tower is damaged, but it can be repaired in place rather than torn down and replaced."

It's definitely in Blue Origin's best interests to get Launch Complex 36 repaired soon. The company is one of NASA's main launch providers for the Artemis and Moon Base programs, with New Glenn being instrumental in achieving the agency's goals. NASA even chose Blue Origin for the Moon Base I mission that's launching this fall. In addition, its fellow Jeff Bezos-owned company Amazon is depending on Blue Origin to launch Leo satellites for the broadband service that it was planning to launch later this year. New Glenn's fourth mission was supposed to carry 48 Leo satellites to orbit.

The company is developing another launchpad inside the Vandenberg Space Force Base in California, but it's far from ready. It just recently negotiated a lease for Space Launch Complex (SLC)-14 with the US government. However, it will take around two years to prepare the facility for launch, which means the Vandenberg launchpad will not be ready until 2028, as well.

Original Submission

Arthur T Knackerbracket writes:

Here's why Anthropic and OpenAI are on board with Illinois safety testing:

A few days after President Donald Trump abruptly canceled a plan that would have given the federal government power to vet frontier AI models over fears that it might hobble innovation, Illinois lawmakers passed the nation's strongest AI safety law.

On Wednesday, the Illinois legislature passed SB 315. If Illinois Governor J.B. Pritzker signs the bill into law, the largest AI firms would be required to submit public safety plans and annual reports summarizing the results of independent, third-party safety testing of their frontier models. They would also have to report any critical safety incidents to the state within 72 hours—or within 24 hours if there's potentially "an imminent risk of death or serious physical harm." And their employees will have a clear avenue for reporting emerging safety risks that companies may be tempted to downplay, with protections provided by the state's whistleblower laws.

On X, Pritzker confirmed his intent to sign, proclaiming that "Illinois is leading the nation in holding Big Tech accountable."

"I look forward to signing SB 315 and working with the legislature so that AI, when used, is used responsibly," Pritzker said.

Both OpenAI and Anthropic, whose models would be vetted by the state, supported SB 315.

OpenAI's chief of global affairs Chris Lehane told Wired that the AI firm is pushing to pass similar laws in other states in what seems like a move to avoid having to comply with a patchwork of starkly different state laws.

Anthropic's head of state and local government relations, Cesar Fernandez, told NBC News that the law's requirements mirror safety testing protocols that leading AI firms are already voluntarily doing. However, he described the landmark law as important for establishing a "baseline that every leading AI developer is expected to meet."

Reading between the lines, the companies' support suggests that the big AI firms may benefit from requirements that they can easily meet but might pose a greater challenge to smaller AI firms.

Arthur T Knackerbracket writes:

https://arstechnica.com/security/2026/06/dozens-of-red-hat-packages-backdoored-through-its-offical-npm-channel/

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said.

The supply-chain attack began Monday and remained active at the time this post went live, according to researchers at security firm Aikido. It's the result of the threat actor responsible for the hack taking control of @redhat-cloud-services, a legitimate channel in the npm repository that's reserved for official Red Hat packages. As such, the channel is widely trusted by developers who rely on Red Hat cloud services.

It's unclear precisely how the threat actor took control of the namespace, but it almost certainly involved the compromise of credentials required to access it, possibly through a previous supply-chain attack. More than 30 packages seem to be affected.

The packages execute an obfuscated payload that can run during the npm install process, which occurs before a developer imports or actually uses the package in a production environment. Security firm Socket said an analysis of the malware revealed that it's designed to collect sensitive credentials, including GitHub action secrets, npm tokens, Kubernetes and Vault material, and credentials for other cloud services. The worm then spreads by republishing backdoored packages to third-party accounts the infected device has access to. Most, but not all, of the packages had been taken down in the hours following the incident.

"Organizations should treat any system that installed one of the affected @redhat-cloud-services package versions as potentially compromised," Socket researchers wrote. "The payload executes during npm install, before application code imports or uses the package, so exposure depends on installation or CI execution, not runtime use."

Once a system is infected, it encrypts the credentials and sends them through a web request. A fallback mechanism allows the malware to publish the encrypted data into a compromised GitHub repository, assuming it has possession of the credentials for it.

The worm, dubbed Shai-Hulud, has all the hallmarks of malware released last month as freely available open source. TeamPCP was the first group to use Shai-Hulud, and it promoted a competition that promised a $1,000 payment to the hacker who carried out the biggest supply-chain attack using the malware. TeamPCP has also been behind a rash of previous supply-chain attacks. Now that the worm is in the hands of many other threat groups, supply-chain attacks may ramp up further.

The malware devotes considerable attention to CI/CD (continuous integration/continuous delivery) systems, which allow for faster and more reliable software releases by automating the building, testing, and deploying of code changes. The malware spread in Monday's attack was published through GitHub Actions OIDC (OpenID Connect), indicating that Red Hat's CI/CD pipeline was compromised. OIDC is a security measure designed to interact with cloud services through the use of temporary credentials.

Once installed, the malware targets other organizations' CI/CD credentials. The compromise of Red Hat's GitHub Actions OIDC was very possibly the result of a previous supply-chain attack that infected an employee's machine.

Arthur T Knackerbracket writes:

https://www.theregister.com/on-prem/2026/06/01/ohio-hits-pause-on-datacenter-tax-breaks-draining-its-coffers/5249137

The US state of Ohio has suspended tax breaks for datacenters, amid claims that the policy cost the state more than $1.5 billion in revenue during in 2025 alone.

Ohio's Republican Governor Mike DeWine declared a pause in the state's server farm subsidy, directing its Tax Credit Authority to stop considering new datacenter sales tax exemption requests while officials review the industry's costs and impacts.

According to the Associated Press, the amount of money involved in Ohio's tax break has ballooned, hugely exceeding earlier estimates, while opposition to the building of giant bit barns has also grown, as in other areas of the US that have become datacenter hotspots.

Nonprofit research org Good Jobs First puts the cost of the sales tax exemption to the state at more than $1.5 billion in 2025, about 11 times the state's $136 million forecast. It cites figures from news network Signal Ohio, which found the figure had inflated from $555 million in lost revenue the previous year, which was itself four times more than the state government had forecast.

However, the pause is only on the approval of new tax exemptions – those projects in operation that have already had their tax breaks rubber-stamped will continue to feel the benefit.

The sales tax exemption granted by Ohio is understood to be generous, covering not only building supplies for construction of the data halls, but also the server racks, cooling facilities, and other infrastructure to fill them.

According to Good Jobs First, the revelation means Ohio joins the small club of US states now losing more than $1 billion annually on tax breaks for cloud-hosting campuses. The other three are Virginia – the "datacenter capital of the world" – Texas, and Georgia, where subsidies are projected to cost $2.5 billion this year.

The organization has been agitating for greater transparency in the concessions afforded to datacenter operators for some time, claiming that in many cases, schemes which were supposed to attract investment and create jobs were resulting in taxpayers helping some of the richest corporations on the planet buy servers, equipment, and power infrastructure.

Last November, it published a list of 36 states that exempt building materials and IT equipment for datacenters from sales and use taxes, yet only 5 states disclose estimated or actual total costs of those exemptions.

In April, it upped the ante by claiming that many US states and local authorities are violating generally accepted accounting principles (GAAP) by failing to disclose revenue lost to bit barn tax subsidy schemes.

One of those it pointed the finger at is Indiana, but the state has since come clean and confirmed the tax exemptions cost it $655 million annually. Most of that - $561 million - is going to Amazon

Back in Ohio, a campaign has started to get a constitutional ban on datacenters that consume more than 25 MW of power. The group behind it, Ohio Residents for Responsible Development, claims to have gathered 25,000 signatures in five weeks.

According to reports, communities in other parts of the US, including Nevada, California, and Maryland are planning to hold ballots on some form of datacenter ban in their areas as well.

Original Submission

"c0lo" writes:

The Newest Instagram "Exploit" is the Goofiest I've Seen:

Yesterday, a slew of Instagram accounts, including some high profile ones like the Obama White House account, seemingly got hacked.

Look, I'm no spring chicken. I've spent almost a decade and a half identifying vulnerabilities and exploits at unicorn scale, but this is hands down the most unserious, "almost too stupid to be true" of them all.

• Step 01: Faking the Location & Initiating Support
  All the attacker needs to kick this off is your account username. Then, they hop on a VPN or proxy close to your city so Instagram's security algorithms don't suspect a thing. (You can quite easily get this from your public profile or "About" section or a hundred other ways.) Once it looks like the request is coming from the correct region, they tell the Meta support AI that the account is hacked and ask it to send the verification codes to an arbitrary email address they control.

• Step 02: That's It
  Really, that's it. The first proper zero auth password reset I've seen in production. There appears to be no additional check as to whether the email being given is actually something the user has used before. Once the AI sends the security code to the attacker's email, the attacker passes it right back to complete the verification. The platform hands over a fresh password reset link, granting full ownership to the attacker.

Instagram's AI may or may not ask the attacker for a video selfie to prove identity. It's not particularly discerning at the moment, so something as simple as an AI animated public photo from the target's feed has been widely reported to work.

In case you're wondering, because the system treats this high-privilege recovery flow as a total account reset by the "true" owner, the original 2FA gets thoroughly bypassed in the process.

Existing sessions are revoked and the password changed with no email, text, or push notification. The actual owner can't initiate recovery because the email and phone numbers now map to the attacker. There's no human to escalate to, it's just you arguing with a chat hoping to take control back while praying they don't do it again.

And if you're part of the A/B tested accounts on which the AI support option is active, tough luck, you can't even turn it off.

Multiple black market Telegram groups have sprung up offering "account takeover" services at steep rates and quick turnaround times. Considering short handles are worth hundreds of thousands to even millions of dollars, it's not a surprise, really.

Accounts have been flipped, like hey , or been used for propaganda, like obamawhitehouse or ocmssf , the account of the Chief Master Sergeant of the U.S. Space Force.

All the Telegram groups have quieted down as Meta seems to have patched it already, but it appears this particular method was active for weeks, if not months.

The very fact that a $1.5 trillion company lacks robust guard rails and their support AI will just change anyone's linked email if you ask it nicely enough is so terrifying, if it weren't so funny.

If you've reached this far, thank you for reading! :)

I thought multiple exits and retiring in my mid 30s would be fun but I've just been bored and depressed without morning Slacks and emails to wake up to. If you're building something interesting and could use an extra set of hands to ship, or just want to say hi, feel free to reach out . My inbox is open.

Original Submission

AnonTechie writes:

'Bots have now passed human traffic online,' Cloudflare boss laments — says agentic traffic wasn't expected to eclipse real people until next year. Bot (automated) vs. human HTTP requests are split 57.5 vs. 42.5 percent, according to the firm's latest data.

The rapid increase in agentic internet traffic means "bots have now passed human traffic online for the first time in the Internet's history," according to the CEO and co-founder of Cloudflare, Matthew Prince. "Welp, that happened faster than I predicted," Prince awkwardly admitted, making his previous expectations of the crossover happening sometime in 2027 seem way off the mark.

Before going on, it's important to differentiate this new surge in internet traffic from the traditional bots most will be aware of, things like website crawlers, search indexers, and bad stuff like fraud or abuse bots. It is different now, as Cloudflare is charting agents that browse the web much like humans on behalf of humans, and it is already at a massive scale.

[...] We were also interested in looking at Cloudflare's breakdown of human/bot traffic by country. The most bot-ridden traffic comes from the tiny island of Gibraltar (92.1%), followed by Singapore (76.4%), then Iran (76.4%). While some of these places have a lot of data centers and hosting infrastructure compared to population size, Iran's high bot count may rather come from the heavy use of VPNs with automated scraping and bypass tools. Cloudflare has also previously flagged Iran as a hotspot for malicious bot activity.

[Source]: Tom's Hardware

Original Submission

Arthur T Knackerbracket writes:

Lawmakers push DoD to tighten smartphone controls after adversaries exploited commercial tracking data:

Getting the location of troops at war might be as easy as buying the data from a legitimate business. America's foreign adversaries have exploited commercial geolocation data tied to US troops, the Pentagon admits, using it to target or surveil US personnel in the Middle East. Despite that, the Defense Department hasn't exactly moved fast to secure the information, elected officials say.

Senator Ron Wyden (D-OR), Representative Pat Harrigan (R-NC), and a dozen other Congress critters sent a letter to DoD CIO Kirsten Davies on Thursday, demanding a change in smartphone security posture among US military branches. Included in the letter is what lawmakers describe as the first public confirmation that commercial location data has been used to target or surveil American troops in active war zones. The information was shared with Wyden's office in April.

The reason for the delay in publishing the information, Wyden's team told The Register, was due to "markings that restricted public release," which Wyden reportedly pushed back on, leading to Thursday's letter and the attached responses [PDF] from the DoD confirming info purchased from commercial data brokers was used to target troops.

"USCENTCOM [US Central Command] has received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater," the DoD's responses from April indicate. 

As for how exactly data brokers got access to the data that allowed adversaries to locate troops and their movements, they got it from the same sources as anyone else buying data from a commercial broker: Smartphone advertising profiles. 

According to the DoD responses included in Wyden's letter, not only are US military personnel allowed to use personal devices within operational areas, there's no actual policy that requires servicemembers to turn off geolocation capabilities on their devices when located in active war zones. 

"USCENTCOM's geolocation risk guidance directs personnel to disable geolocation functionality when not needed; periodically review device and application privacy settings; and limit public sharing of information," the DoD said last month, while simultaneously admitting that such guidance doesn't always fully disable geolocation on smartphones. 

In addition to personally-owned devices, the DoD's own issued smartphones don't disable advertising profiles, either. 

[...] It's not like there haven't been plenty of examples of sloppy location data management compromising military operations, either. Data culled from workout tracking app Strava has been used to identify the workout routes of US military personnel jogging on base - and reveal the location of French President Emmanuel Macron thanks to his bodyguards' sloppy security practices - and social media has also been flagged as an OPSEC disaster waiting to happen. 

Despite all those examples and briefings going back a decade, the problem has continued right up to the latest operations in Iran. 

"That foreign adversaries are still able to buy location data collected from the phones of U.S. personnel serving in military hotspots is a direct result of DoD leadership's failure to prioritize this threat and implement commonsense cyber defenses," the letter charges. Whether anything will be done about it remains to be seen.

Original Submission

An Anonymous Coward writes:

https://techcrunch.com/2026/05/26/duckduckgo-installs-are-up-30-as-users-reject-being-force-fed-googles-ai-search/:

Last week, after Google announced its huge overhaul to Search, I overheard a woman on the phone saying she was switching to DuckDuckGo because you can "opt out of using AI."

"Google just isn't Google anymore," she said. It seems that others had the same idea.

At I/O, Google's annual developer conference, the company said it would transform its search box into a conversational engine that expands for longer queries, anticipates user intent, and autocompletes searches. Rather than just returning a list of links, it will use AI Overviews to answer questions directly first. Google also unveiled a more seamless AI Mode, allowing users to ask follow-up questions within AI Overviews.

While a Google spokesperson noted that AI Overviews have existed for two years and AI Mode is not the default, the backlash has been sharp.

Some have argued it will kill the open web, while others shared concerns that AI overviews surface inaccurate responses and take away control from users who might not want to use AI. It also overcomplicates simple things. Just try to Google the word "disregard."

In response to Google's changes, many have begun defecting to DuckDuckGo, a privacy-focused alternative that has never been able to break past Google's dominance, accounting for only around 2% of the U.S. search market.

During Google's search antitrust trial in 2023, DuckDuckGo CEO Gabriel Weinberg testified that Google's exclusive default search contracts harmed its ability to pitch itself as the default on other browsers.

"Google is force-feeding AI with no way to opt out," Weinberg said Tuesday in a statement, referring to Google's Search overhaul. "As a result, their results are getting worse, not better. We want to be the place that puts users in charge and allows them to decide how much or how little AI they want."

Now, it seems that DuckDuckGo is beginning to benefit as consumers flee AI.

[...] DuckDuckGo offers its own AI product called Duck.ai. It's free and doesn't require users to make an account, but provides access to models, including Anthropic's Claude 4.5 Haiku, Meta's Llama 4 Scout, Mistral's Small 3 24B, and OpenAI's GPT-5 mini. All chats are private because DuckDuckGo strips the user's IP address before requests reach model providers, deletes conversations within 30 days, and prevents chats from being used for training.

Related: Google Search is Becoming Something Fundamentally Different

Original Submission

Arthur T Knackerbracket writes:

https://www.theregister.com/security/2026/06/01/5k-election-domains-registered-ahead-of-us-midterms/5249764

The biggest threat to America's midterm elections in November likely isn't foreign attackers hacking US voting machines. Phishing and election-official impersonation are the bigger risks, according to Check Point, which documented more than 5,000 election-themed domains registered between April and May.

These domains can be used by attackers for phishing, impersonation, fraud, misinformation, or influence activity, especially when coupled with about 17,000 exposed credentials associated with fundraising orgs, political parties, and government-related services also spotted by the security shop's intelligence arm in May.

"Election-related domains and leaked credentials represent two sides of the same problem: infrastructure and access," Danielle Hess, a cyber threat intelligence analyst at Check Point Software, told The Register.

"A rise in election-themed domains not only creates more potential infrastructure that could be abused for phishing or impersonation, but also reflects a growing election-related ecosystem with more organizations, accounts, and users that can be targeted," Hess said. "When combined with a large pool of exposed credentials, attackers have more opportunities to conduct convincing and scalable election-related operations."

Plus, AI gives phishing, impersonation, election misinformation and other scam operations a massive boost, making them faster, cheaper, and easier to scale.

The uptick in election-related threats follows the Trump administration's efforts to gut America's lead cyber-defense agency and decimate its efforts to combat election-related fraud, while slashing its budget and workforce, and shutting down the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

According to a Monday report, Check Point has been monitoring registered domains and documented about 1,300 containing the keyword "election" and 2,957 containing "vote" in January. Three months later, between April 13 and May 14, about 1,140 newly registered domains contained the word "election," while the number containing "vote" had climbed to about 4,010.

Arthur T Knackerbracket writes:

https://arstechnica.com/health/2026/06/moderna-gets-50-million-to-develop-mrna-ebola-vaccine-against-bundibugyo/

The global health organization Coalition for Epidemic Preparedness Innovations (CEPI) announced Monday that it will "urgently accelerate development" of three vaccine candidates against Bundibugyo ebolavirus (BDBV), pledging a little over $60 million in the effort to extinguish an outbreak currently raging out of control in the Democratic Republic of the Congo.

Under the plans, CEPI has committed up to $50 million to US-based Moderna for preclinical development and Phase 1 clinical testing of its mRNA-based BDBV vaccine candidate. The funding will simultaneously allow the company to ramp up manufacturing capabilities and ready large-scale Phase 2/3 trials in the event the vaccine makes it through early testing. The vaccine will use Moderna's mRNA vaccine platform that allowed for rapid development of a COVID-19 vaccine during the pandemic.

"[W]e believe our mRNA platform can play an important role in responding rapidly to emerging infectious disease threats," Moderna CEO Stéphane Bancel said in a statement Monday. " We will move with urgency and scientific rigor to support the response and help bring a potential vaccine closer to the communities that need it most."

CEPI will also provide $3.2 million to the International AIDS Vaccine Initiative, which is developing a vaccine that uses the same technology as Merck's approved Ebola vaccine, Ervebo, which targets the more common Zaire ebolavirus strain.

Last, the CEPI is committing $8.6 million to the University of Oxford and Serum Institute of India, which is using its adenovirus-based vaccine platform, as it did for its COVID-19 vaccine during the pandemic.

There are two licensed vaccines against Ebola disease currently, including Ervebo and Zabdeno/Mvabea by Johnson & Johnson. Both vaccines target the Zaire strain, which has caused most of the large outbreaks to date, followed by the Sudan strain. The current outbreak is only the third driven by the Bundibugyo strain. As such, there are currently no licensed therapeutics or vaccines against it.

The lack of medical interventions is one of the challenges facing health officials responding to the outbreak. Detection of the outbreak was delayed, allowing the virus to spread out of control. Disease is also spreading in an area of DRC with armed conflict, large population mobility, and significant need for humanitarian assistance.

As of Friday, the World Health Organization reported 1,041 cases (135 confirmed, 906 suspected) and 241 deaths (18 confirmed, 223 suspected) in the outbreak.

Original Submission

Arthur T Knackerbracket writes:

https://www.theregister.com/ai-and-ml/2026/06/02/github-copilot-users-threaten-exit-as-metered-billing-kicks-in/5249826

Developers seem to hate Microsoft's new usage-based billing policy for GitHub Copilot as they report burning through a month's worth of credits in hours. 

"This is a staggering shift from a 'predictable subscription' to a 'stressful meter-based' service that hinders my productivity rather than helping it," wrote one developer on GitHub's user forum who said they were paying for Microsoft's $39-per-month Copilot Pro+ plan but burned through about 8 percent of their monthly AI Credits allocation in two hours under the new billing system. "At this rate, my 7,000-unit quota will be depleted in less than two days." 

Their outrage is a consistent and growing theme among the business users of AI who suddenly see eye-popping bills after years of experimenting with a nearly free service. One GitHub Copilot developer requested a single change to their project and burned more than $6, they wrote. 

"Not after a day of usage. Not after dozens of prompts. After ONE request," the developer stated on GitHub's user forum. "I understand that large projects require context, but this level of consumption feels completely unreasonable and impossible to predict. How are individual developers supposed to budget for this when a single feature request can consume such a large portion of the monthly allowance?" 

The changes went into effect across the site on Monday. In GitHub's April post announcing the new billing scheme, Microsoft said the change was made from monthly billing to usage-based because GitHub Copilot is "not the same product it was a year ago." 

"It now powers far more complex, agentic workflows that consume far more compute. This change is designed to deliver a more sustainable and reliable product experience by aligning pricing to actual usage and costs," the post to its user community reads. "We believe GitHub Copilot remains the best value and experience for agentic coding. Usage-based billing aligns cost more closely to actual usage and value, while continuing to offer developers the freedom to choose the models and agents that work best for them." 

GitHub Copilot lets developers access a range of AI models from within their development tools. That had allowed some users to make large numbers of requests across multiple models while paying as little as $10 per month for Copilot Pro, or $39 per month for Copilot Pro+.

An Anonymous Coward writes:

Welcome to this year's 22nd issue of DistroWatch Weekly! This week we are thrilled to present you with a special milestone edition of DistroWatch Weekly. As I write this, DistroWatch is celebrating its 25th anniversary! Not many websites get to survive for a quarter of a century and we're thrilled our readers continue to come along for the experience. Later in this Weekly we share some thoughts on our publication turning 25 years old and provide some statistics about our little corner of the Internet.

DistroWatch is a website that provides news, distribution pages hit rankings, and other general information about various Linux distributions as well as other free software/open source Unix-like operating systems. It now contains information on several hundred distributions and a few hundred distributions labeled as active.

How many of our community use Distrowatch? Do you view it regularly, daily, occassionally, or ask "Is Distrowatch still going...?".

Original Submission