Submission + - Physicists create first room-temperature quantum material (phys.org)

alternative_right writes: In a study published in Nature, LSU physicists have developed the first room-temperature quantum material capable of distinguishing and transporting different quantum states of light, overcoming one of the biggest challenges in quantum materials research. Led by Associate Professor of Physics Omar S. Magaña-Loaiza, the work establishes a general design principle for engineering an entirely new class of quantum materials, opening new possibilities for quantum computing, secure communications, sensing technologies and advanced energy systems.

Submission + - Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakes (darkreading.com)

schwit1 writes: When Microsoft vice president of engineering Tom Gallagher warned in May that the company's monthly patch releases could soon grow larger because of AI-driven vulnerability discovery, few likely expected the numbers would surpass 600 just two months later.

But with fixes for 622 unique CVEs, Microsoft’s July 2026 Patch Tuesday update is the largest by far in the program's history and offers a preview of the growing prioritization challenges organizations face as AI dramatically increases the volume of flaws requiring attention.

July's update contains fixes for three zero-day vulnerabilities, two of which attackers are already exploiting and one that's publicly known but remains unexploited. The patch update also includes fixes for more than five dozen critical vulnerabilities, many of which Microsoft identified as flaws that attackers are more likely to exploit. The total includes 416 vulnerabilities in Windows, 82 each in Office and Office 2016, 46 in Edge, 27 in Microsoft Developer Tools, and 17 in SharePoint Server.

"If people want a severity hook, July has 26 vulnerabilities with a CVSS base score above 9.0, and 13 of those sit at 9.8," said Josh Taylor, lead cybersecurity analyst at Fortra, in an emailed comment. "That matters, but CVSS is still only one part of the risk story. The real triage problem this month is the mix of exploited issues, a publicly disclosed BitLocker flaw, and a massive concentration of vulnerabilities in Windows and Office," he said. And rather than focusing on volume, patching teams need to prioritize the exploited vulnerabilities and their exposed infrastructure first, Taylor added.

"Today, July 14, 2026, marks a pivotal moment in our industry," researchers from Nightwing said in a statement. "We are officially moving past the traditional 'Patch Tuesday' approach and entering an era of continuous, high-volume security updates" and continuous patching.

Submission + - How Microsoft's "Little Workaround" Created a Major Pentagon Threat (propublica.org)

joshuark writes: ProPublica Reporter Renee Dudley heard Microsoft was running tech support for the U.S. Defense Department through China, the country’s biggest cybersecurity adversary.

The arrangement was called “digital escorting.” She thought it sounded like a conspiracy theory — until she started looking into it. This is the story of what she found and how her investigation changed government policy.

Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.

The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.

National security and cybersecurity experts in the Trump administration contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China’s digital prowess as a top threat to the country.

Microsoft uses the escort system to handle the government’s most sensitive information that falls below “classified.” According to the government, this “high impact level” category includes “data that involves the protection of life and financial ruin.” The “loss of confidentiality, integrity, or availability” of this information “could be expected to have a severe or catastrophic adverse effect” on operations, assets and individuals, the government has said. In the Defense Department, the data is categorized as “Impact Level” 4 and 5 and includes materials that directly support military operations.

“If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious then [escorts] would have no idea,” a former Microsoft engineer who worked on the escort system, told ProPublica in an email. That said, he maintained that the “scope of systems they could disrupt” is limited.

In an emailed statement, the Defense Information Systems Agency said that cloud service providers “are required to establish and maintain controls for vetting and using qualified specialists,” but the agency did not respond to ProPublica’s questions regarding the digital escorts’ qualifications.

It’s unclear whether other cloud providers to the federal government use digital escorts as part of their tech support. Amazon Web Services and Google Cloud declined to comment on the record for this article. Oracle did not respond to requests for comment.

A spokesperson for the inspector general — whose office is supposed to operate independently in order to investigate potential waste, fraud and abuse — told ProPublica they were not authorized to speak about the issue and directed questions to DISA public affairs.

Submission + - AI won't take your job - but you may get fired anyway (radicalpolitics.org)

johanneswilm writes: For a handful of very specific engineering problems, one can specify hard requirements. One might ask, for instance: how many sensors, how much CPU and GPU power, and how many lines of code does an autonomous vehicle need in order to drive more safely than a human driver in 99.99 percent of cases?
But for the vast majority of software, there is no such fixed number. We can simply add more and more features to make software more convenient for users and to add functions that no one ever thought possible in the past. This elasticity of demand — the economist’s term for how much more of something people want when it becomes cheaper — is the key to understanding why AI-assisted programming is unlikely to eliminate programming jobs.
Much of the programming world, particularly web development, is centered around the United States, where shareholder value is the legally and culturally dominant corporate priority. The influential investor class, dominated by the wealthier segments of the baby boomer generation, has been told by AI company CEOs that large language models can replace software engineers. These investors expect technology companies to demonstrate commitment to AI by reducing their engineering headcount, regardless of whether such reductions make technical sense.

Submission + - Kalshi is betting Nvidia GPU time will become the new oil (nerds.xyz)

BrianFagioli writes: Kalshi has launched compute forward curves for Nvidia B200, H200, and A100 GPUs, using its own market activity to estimate the future hourly cost of renting AI hardware. The company says the curves could help cloud providers, data centers, AI labs, and other heavy compute users plan spending and manage the risk of future price changes.

The curves are not tradable assets, but they can serve as reference prices for private agreements, swaps, and block trades. Kalshi claims compute could eventually become a commodity market larger than oil futures, although that will depend on whether its GPU markets attract enough liquidity to produce reliable pricing.

Submission + - The FBI has seized more than 600 drones since the start of the World Cup (foxnews.com)

schwit1 writes: The FBI and Atlanta Police Department are getting ready for a massive security operation ahead of the World Cup semifinals between England and Argentina at Atlanta Stadium.

Both agencies have used drones to search for potential threats on the ground and in the sky. The FBI is enforcing the Federal Aviation Administration's Temporary Flight Restrictions around the venue.

The FBI has confiscated more than 600 drones nationwide since the World Cup began. Special Agent in Charge of the FBI Atlanta Field Office Marlo Graham said 86 of those drones were seized in Atlanta.

Graham said the FBI uses a "mechanism" that allows agents to see unauthorized drones in restricted airspace. Agents then work to mitigate the threat posed by unknown drones.

"We've been able to safely land drones that have been unauthorized in the flight restricted area," Graham said.

There is a one-mile restriction around World Cup stadiums on non-match days, and a three-mile restriction on game day.

Submission + - StubHub, CEO Hit With 'Deceptive Practices' Class Action Over Mass Scalping (www.cbc.ca)

An anonymous reader writes: StubHub and its CEO, Eric Baker, have been hit with a proposed $5-million class-action lawsuit in the United States over the company's ties to large-scale scalpers — connections reported by CBC News last week. The suit, filed Monday by New York ticket buyer Louis Sanquini, alleges deceptive practices and fraudulent misrepresentation over StubHub's promoting itself as a "marketplace for fans to buy and sell tickets."

The online ticket resale giant has faced a storm of customer complaints after cancelling thousands of World Cup tickets. The company has repeatedly said it is simply a technology platform that does not buy, sell or possess tickets. However, CBC reported last week that Baker disclosed in recent filings with the U.S. Securities and Exchange Commission that he runs Andro Capital, a hedge fund that engages in large-scale resale of millions of dollars' worth of sports and concert tickets on the StubHub resale platform.

Sanquini filed the proposed class action in the Southern District of New York, arguing consumers were kept in the dark and that he believed StubHub was a "neutral" marketplace. Lead counsel Kevin Steinberg told CBC News in an emailed statement that "consumers deserve honesty and transparency." A CBC investigation found that the CEO of online ticket reseller StubHub owns and manages a hedge fund that scalps millions of dollars of its own tickets. "While what StubHub is alleged to have engaged in and perpetrated upon millions of patrons is unfathomable, this case is about transparency and consumer trust. If companies make representations to the public, consumers are entitled to expect that those representations are complete and accurate," he said.

The claim reads: "Defendants' failure to disclose this conflict of interest, while affirmatively marketing StubHub as a fan-to-fan marketplace, deceived Plaintiff and the Class and caused them to pay prices, and accept terms, they would not have accepted had the truth been known." Sanquini argues that had he known StubHub's CEO held a financial interest and that the company was helping finance professional resellers, he would never have used the resale site to buy tickets to see rock band Kiss in 2023 or to attend a New York Red Bulls-New York City FC Major League Soccer match in 2024.

Submission + - Gravitricity energy storage goes bankrupt, but two others keep on trying (autonocion.com)

Geoffrey.landis writes: Gravitricity, a Scottins corporation that proposed using gravitational potential energy to store electrical energy, went bankrupt at the end of 2025. The basic idea is so simple, even a freshman physics student could describe it: use an electric motor to raise a weight up against gravity, and then when you need energy, lower the weight back down, and use the energy to run a generator. The difficulty, however, is in scale. Their proof of concept unit, a 40-ton block of steel falling the height of a 30-story building, stores an amount of energy equal to about eight hours of an average American home’s electricity. Their solution was to go big: there are literally millions of abandoned mine shafts around the world, many of them kilometer and more deep. They proposed a full GraviStore system would hang up to 24 separate weights of 500 metric tons each from cabled winches inside a single shaft. Twelve thousand metric tons of suspended steel, going up and down forever. But turning their concept into a reality ended up spending money faster than it could be invested, and, so quietly it took investors three months to even notice, the company went bankrupt.
But the basic concept may not be dead. Several other companies are still working at turning the concept into reality. And hundreds of thousands of abandoned mines are scattered across the United States, most of them a liability, a few of them with a kilometer of free vertical drop and a hoist house and a grid connection already sitting on site.

Submission + - Fastmail launches EU email hosting with one important privacy catch (nerds.xyz)

BrianFagioli writes: Fastmail is opening a new data center in Amsterdam and will begin moving European customers to EU hosted infrastructure in August. The primary copy of customer data will be stored inside the European Union, which could help with compliance and improve performance for users in the region.

There is one important catch. Fastmail says European customer data will still be replicated to the United States for resiliency. That means the service is not fully EU only, even though the primary copy will remain in Amsterdam.

Submission + - Californians sign up to have data brokers delete their personal information (eastbaytimes.com)

ZipNada writes: More than 300,000 Californians have demanded that hundreds of data brokers erase information about their locations, finances, health and personal lives as the state’s first-in-the-nation Delete Act requires brokers to start the mandatory process of removing data on Aug. 1.

Brokers must start accessing deletion requests within 45 days after Aug. 1, then once they have collected those requests, they have another 45 days to report what data they have purged to the agency — known as CalPrivacy — and people who have signed up. ...
The information Californians are asking brokers to erase can be extraordinarily sensitive. Of the nearly 600 data brokers in CalPrivacy’s registry, 110 sell people’s precise locations, the registry shows. More than 40 sell identity data that can include Social Security numbers. Almost 70 sell information on people’s gender identity. Seven sell data related to reproductive health, and six sell information on union membership. Eighteen sell minors’ data — and Kemp said children can sign up for deletion using DROP, or parents can do it for them.

Many of the brokers build — and sell to advertisers and marketers — dossiers that are increasingly processed using artificial intelligence to draw conclusions about a person’s interests, family, politics, lifestyle, finances, sexual orientation and health.

Submission + - Microsoft CEO Satya Nadella warns companies not to give AI firms their secrets (nerds.xyz) 2

BrianFagioli writes: Microsoft CEO Satya Nadella warns companies not to give AI firms their secrets

Microsoft CEO Satya Nadella says businesses may be paying twice for artificial intelligence: once with money, and again with the proprietary knowledge they feed into AI systems to make them useful. He calls this the Reverse Information Paradox, arguing that prompts, corrections, evaluations, workflows, and other usage data can gradually expose how a company actually operates.

Nadella says enterprises should keep control of their own models, memory, feedback, and internal learning loops while avoiding dependence on a single AI provider. The warning is notable coming from Microsoft, which sells the cloud infrastructure and AI services needed to build exactly that kind of private environment.

Submission + - The Mind-Bending Company That Gets a Million Job Applications—and Rejects (archive.ph) 2

schwit1 writes: Getting an offer from Bending Spoons, which owns AOL, has become harder than getting into Harvard

It’s a mind-bending number. The most cutthroat banks and consulting firms brag about hiring rates of 1%. Citadel and Citadel Securities took 0.36% of the quants who applied for internships this summer. NASA lets in 0.1% of those who want to be astronauts. But 0.04%? It means that getting a job at Bending Spoons is 100 times harder than getting into Harvard.

The company is run by executives in their 30s and early 40s. The employees are mostly in their 20s and 30s and have never worked anywhere else. Many are younger than the brands they take over.
“Being able to spot people who are unusually talented and motivated very early in their careers, then giving them unusually high levels of responsibility and coaching, has been an absolutely key advantage for us,” said Ferrari, who is 41.

It’s a key part of the business model, too. When Bending Spoons buys a company, it begins each radical transformation by slashing most of the acquired employees—and replacing them with the much leaner team of Spooners.

There are now about 700 people who made it through the notorious hiring process and now work in technical, product and growth roles across the organization. They move from one Bending Spoons acquisition to the next, making what Ferrari calls “very deep changes”—rewriting the code, rebuilding the infrastructure, redesigning the user interface. And they are “held to particularly demanding performance standards,” the company promises.

In fact, an entire team of Spooners does nothing but evaluate other Spooners and potential Spooners.

Submission + - Cloudflare, Netlify and Vercel with new toys for phishers and threat actors (cloudflare.com)

D,Petkow writes: Web Bros’ Latest Genius Move: Drop a Zip, Ship Malware

Cloudflare, Vercel, and Netlify have all launched their own “Drop” services: upload a zip, get a live site instantly on their edge networks.
Authentication and abuse protection? That’s for later. Right now it’s pure vibes.

This is peak industry brain rot. In a world already drowning in phishing, malware, and scam sites, these platforms just rolled out the easiest, fastest way for bad actors to host malicious content.
Drag-and-drop phishing kits on workers.dev, instant fake login pages on Vercel, malware droppers on Netlify — all live in seconds with zero friction.

No real verification. No serious upfront checks. Just “move fast and let the internet clean up our mess."
The hopium these web bros are smoking must be nuclear grade quality. They’ve spent years building trust in their platforms, only to turn them into free malware CDNs for anyone with a zip file.This isn’t democratizing the web.
This is handing phishers and scammers the keys with a smile.
Brilliant strategy, truly.

Nota bene — apparently real world bad actors beat red teams in abusing those new "services".

Slow clap

Apparently all the web bros are drinking the same hopium-flavored cool aid, where no phishers, c2s, implants and bad actors exist whatsoever.
https://cloudflare.com/drop/
Same concept from vercel and netlify
https://vercel.com/drop
https://app.netlify.com/drop

https://x.com/JCyberSec_/statu...

Try a DAP.LIVE or URLSCAN.IO query to see abuse and workers.dev (and pages.dev and r2.dev for that matter) — for each valid deployment, there are hundreds of confirmed fraud scams.
Nice statistics, which will only get worse now.
Good job.

Slashdot Top Deals