Submission + - Google and Epic Cancel Settlement; Third-Party App Stores Coming to Google Play (arstechnica.com)

An anonymous reader writes: Big changes are coming to Android apps, but they’re not the changes Google wanted. The settlement between Google and Epic that aimed to put to rest the companies’ long-running antitrust battle is being withdrawn, and that means third-party app stores are coming to the Play Store. Google has confirmed that it will begin distributing rival app stores next week, setting the stage for competing platforms to take a bite out of Google’s Android revenue stream. [...] Google and Epic were set to return to court on July 16 to argue in favor of the settlement. However, the writing may have been on the wall. In a recent expert analysis provided to the court, MIT economics professor Nancy Rose noted that the settlement was “unlikely to enable Google Play’s potential competitors to overcome their long-standing network-effect disadvantage in a timely manner.”

With settlement approval looking increasingly unlikely, Epic and Google agreed this week to call the whole thing off. Here’s how Google Trust and Reputation Communications Lead Dan Jackson explains the company’s decision: “We’ve agreed with Epic to withdraw our motion to modify the US Court’s injunction rather than prolonging this process which creates uncertainty for the ecosystem. This allows us to focus on executing our recently announced global business model evolution to deliver greater app store choice, lower prices, and more opportunities for developers and users. We remain committed to maintaining Android’s industry-leading security and fostering a competitive ecosystem where every app store and developer has the freedom to compete. In parallel, we continue to comply with the US Court’s injunction.”

In a brief filing (PDF), Google’s legal team informs the court that Google is prepared to begin distributing third-party app stores in Google Play on July 22. Under the terms of Judge Donato’s original injunction, these stores will have access to the full catalog of Google Play apps by default. Developers will have the option to opt out of distribution in these stores, and Google has a support page explaining how to do so. Google also has documentation on how app stores can get access to the Google Play catalog. It won’t be mirroring those apps in any shady storefront that asks. The court has allowed Google to charge reasonable fees to cover its security and compliance review of third-party stores, which will be $5,000 per year.

Google will also require approved stores to block malware, respect intellectual property, and include mechanisms to update and uninstall apps. App stores can be removed from the program if more than 1 percent of attempted app installs appear to be malware or unwanted software. It’s unclear if there will be separate, possibly more stringent requirements for storefront distribution in the Play Store. However, Google is prohibited from unreasonably blocking third-party store clients uploaded to Google Play. The changes Google has announced under the Epic agreement will proceed for now. That means Registered App Stores will happen globally, but they will probably only appear in the Play Store for US users. Google hasn’t specified if there will be any differences in the features available to the stores downloaded from Play versus registered stores.

Submission + - Physicists create first room-temperature quantum material (phys.org)

alternative_right writes: In a study published in Nature, LSU physicists have developed the first room-temperature quantum material capable of distinguishing and transporting different quantum states of light, overcoming one of the biggest challenges in quantum materials research. Led by Associate Professor of Physics Omar S. Magaña-Loaiza, the work establishes a general design principle for engineering an entirely new class of quantum materials, opening new possibilities for quantum computing, secure communications, sensing technologies and advanced energy systems.

Submission + - Microsoft Patches a Record 570 Security Flaws (krebsonsecurity.com)

An anonymous reader writes: Microsoft today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence. Nearly 60 of the bugs quashed in July’s Patch Tuesday earned a “critical” severity rating, meaning miscreants or malware could use them to seize remote control over a Windows device with little or no help from the user. Microsoft also addressed three zero-day flaws, including two that are already being exploited in the wild.

Two of the zero-day weaknesses allow an attacker to elevate their user rights on a Windows system, as do approximately 250 other elevation of privilege flaws fixed this month; they include CVE-2026-56155 — an Active Directory Federation Services bug — and CVE-2026-56164, a Microsoft Sharepoint vulnerability. CVE-2026-50661 is a security feature bypass in Windows BitLocker that could allow attackers to gain access to encrypted data if they have physical access to the device. Microsoft said this bug has been detailed publicly, but that it is not aware of any active exploitation.

In a blog post on July 9, Microsoft Executive Vice President Pavan Davuluri wrote that Windows users will notice “a higher volume of security updates included in each security release” as a result of AI aiding in the discovery of vulnerabilities. "The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis,” Davuluri wrote.

Submission + - Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakes (darkreading.com)

schwit1 writes: When Microsoft vice president of engineering Tom Gallagher warned in May that the company's monthly patch releases could soon grow larger because of AI-driven vulnerability discovery, few likely expected the numbers would surpass 600 just two months later.

But with fixes for 622 unique CVEs, Microsoft’s July 2026 Patch Tuesday update is the largest by far in the program's history and offers a preview of the growing prioritization challenges organizations face as AI dramatically increases the volume of flaws requiring attention.

July's update contains fixes for three zero-day vulnerabilities, two of which attackers are already exploiting and one that's publicly known but remains unexploited. The patch update also includes fixes for more than five dozen critical vulnerabilities, many of which Microsoft identified as flaws that attackers are more likely to exploit. The total includes 416 vulnerabilities in Windows, 82 each in Office and Office 2016, 46 in Edge, 27 in Microsoft Developer Tools, and 17 in SharePoint Server.

"If people want a severity hook, July has 26 vulnerabilities with a CVSS base score above 9.0, and 13 of those sit at 9.8," said Josh Taylor, lead cybersecurity analyst at Fortra, in an emailed comment. "That matters, but CVSS is still only one part of the risk story. The real triage problem this month is the mix of exploited issues, a publicly disclosed BitLocker flaw, and a massive concentration of vulnerabilities in Windows and Office," he said. And rather than focusing on volume, patching teams need to prioritize the exploited vulnerabilities and their exposed infrastructure first, Taylor added.

"Today, July 14, 2026, marks a pivotal moment in our industry," researchers from Nightwing said in a statement. "We are officially moving past the traditional 'Patch Tuesday' approach and entering an era of continuous, high-volume security updates" and continuous patching.

Submission + - Iran Abused Mobile Networks' Vulnerabilities To Locate US Military In Mid East (techcrunch.com)

An anonymous reader writes: The Iranian government abused well-known vulnerabilities in the global telecoms infrastructure to locate U.S. military personnel in the build-up to the Iran War, as well as in the early days of the conflict, according to Financial Times. The Iranian government exploited Signaling System 7, or SS7, a set of protocols for 2G and 3G networks that has long been the backbone of how cellular networks connect to each other to route subscribers’ calls and texts around the world, the newspaper reported, citing research by the Mobile Surveillance Monitor, as well as anonymous government officials with knowledge of the spy campaign.

Intelligence agencies have long abused SS7 to track cellphones abroad, which is what happened in this campaign. Using this technique, Iran was reportedly able to locate U.S. military forces stationed in military bases as well as hotels in Iraq, Bahrain, and other countries in the Middle East, which allowed the regime to strike them. These attacks resulted in several injuries. Apart from SS7, Iran also abused advertising technology used to serve tailored ads to cellphone users, another well-known surveillance technique that relies on everyday technology.

Submission + - How Microsoft's "Little Workaround" Created a Major Pentagon Threat (propublica.org)

joshuark writes: ProPublica Reporter Renee Dudley heard Microsoft was running tech support for the U.S. Defense Department through China, the country’s biggest cybersecurity adversary.

The arrangement was called “digital escorting.” She thought it sounded like a conspiracy theory — until she started looking into it. This is the story of what she found and how her investigation changed government policy.

Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.

The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.

National security and cybersecurity experts in the Trump administration contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China’s digital prowess as a top threat to the country.

Microsoft uses the escort system to handle the government’s most sensitive information that falls below “classified.” According to the government, this “high impact level” category includes “data that involves the protection of life and financial ruin.” The “loss of confidentiality, integrity, or availability” of this information “could be expected to have a severe or catastrophic adverse effect” on operations, assets and individuals, the government has said. In the Defense Department, the data is categorized as “Impact Level” 4 and 5 and includes materials that directly support military operations.

“If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious then [escorts] would have no idea,” a former Microsoft engineer who worked on the escort system, told ProPublica in an email. That said, he maintained that the “scope of systems they could disrupt” is limited.

In an emailed statement, the Defense Information Systems Agency said that cloud service providers “are required to establish and maintain controls for vetting and using qualified specialists,” but the agency did not respond to ProPublica’s questions regarding the digital escorts’ qualifications.

It’s unclear whether other cloud providers to the federal government use digital escorts as part of their tech support. Amazon Web Services and Google Cloud declined to comment on the record for this article. Oracle did not respond to requests for comment.

A spokesperson for the inspector general — whose office is supposed to operate independently in order to investigate potential waste, fraud and abuse — told ProPublica they were not authorized to speak about the issue and directed questions to DISA public affairs.

Submission + - AI won't take your job - but you may get fired anyway (radicalpolitics.org)

johanneswilm writes: For a handful of very specific engineering problems, one can specify hard requirements. One might ask, for instance: how many sensors, how much CPU and GPU power, and how many lines of code does an autonomous vehicle need in order to drive more safely than a human driver in 99.99 percent of cases?
But for the vast majority of software, there is no such fixed number. We can simply add more and more features to make software more convenient for users and to add functions that no one ever thought possible in the past. This elasticity of demand — the economist’s term for how much more of something people want when it becomes cheaper — is the key to understanding why AI-assisted programming is unlikely to eliminate programming jobs.
Much of the programming world, particularly web development, is centered around the United States, where shareholder value is the legally and culturally dominant corporate priority. The influential investor class, dominated by the wealthier segments of the baby boomer generation, has been told by AI company CEOs that large language models can replace software engineers. These investors expect technology companies to demonstrate commitment to AI by reducing their engineering headcount, regardless of whether such reductions make technical sense.

Submission + - Kalshi is betting Nvidia GPU time will become the new oil (nerds.xyz)

BrianFagioli writes: Kalshi has launched compute forward curves for Nvidia B200, H200, and A100 GPUs, using its own market activity to estimate the future hourly cost of renting AI hardware. The company says the curves could help cloud providers, data centers, AI labs, and other heavy compute users plan spending and manage the risk of future price changes.

The curves are not tradable assets, but they can serve as reference prices for private agreements, swaps, and block trades. Kalshi claims compute could eventually become a commodity market larger than oil futures, although that will depend on whether its GPU markets attract enough liquidity to produce reliable pricing.

Submission + - AI "Pervert Glasses" attracting public backlash

united_notions writes:

Influencers, mostly men, have been using the glasses to inconspicuously — and non-consensually — capture footage of themselves approaching women and attempting to hit on them, interactions they've then posted online for content. Some wearers have even attempted to extort victims of covert recordings for cash. That's on top of serious allegations of alleged privacy breaches by Meta itself.

And then, of course, there's the simple fact that a lot of people just really don't like the idea of the world's largest and most powerful social media giant, which has a history of misusing biometric information and other data, facilitating abuse and surveillance in this way — especially as Meta has taken highly controversial steps to infuse facial recognition capabilities into the tech.

Article continues on Futurism here.

Submission + - Negative news about alleged rapist Graham Platner was suppressed by Big Tech (nypost.com)

An anonymous reader writes: Two of the most popular news-aggregating services systematically suppressed scores of articles about disgraced former Maine Senate candidate Graham Platner for months during his ill-fated campaign, until the weight of his scandals finally became too much to ignore, a shocking new study has found.

Media Research Center (MRC) revealed that both Apple News and Google News published exactly zero stories between last November and May covering controversies, including Platner's Nazi tattoo and his offensive Reddit posts.

The study also found that the tech giants failed to promote "at least 112" news stories published by conservative-leaning outlets that investigated Platner's disturbing history during that November-May period.

MRC President David Bozell went so far as to accuse the tech platforms of running a "protection racket" for Platner by memory-holing unflattering coverage as it slowly became obvious the left had erred in holding him up as a blue-collar "everyman" in his campaign to unseat Sen. Susan Collins.

The MRC study said the coverage blackout began after a poll released in October called Platner the Democrat with the best chance to defeat the incumbent, and didn't let up until the New York Times' May 30 report about him sexting women outside his marriage.

Submission + - The FBI has seized more than 600 drones since the start of the World Cup (foxnews.com)

schwit1 writes: The FBI and Atlanta Police Department are getting ready for a massive security operation ahead of the World Cup semifinals between England and Argentina at Atlanta Stadium.

Both agencies have used drones to search for potential threats on the ground and in the sky. The FBI is enforcing the Federal Aviation Administration's Temporary Flight Restrictions around the venue.

The FBI has confiscated more than 600 drones nationwide since the World Cup began. Special Agent in Charge of the FBI Atlanta Field Office Marlo Graham said 86 of those drones were seized in Atlanta.

Graham said the FBI uses a "mechanism" that allows agents to see unauthorized drones in restricted airspace. Agents then work to mitigate the threat posed by unknown drones.

"We've been able to safely land drones that have been unauthorized in the flight restricted area," Graham said.

There is a one-mile restriction around World Cup stadiums on non-match days, and a three-mile restriction on game day.

Submission + - StubHub, CEO Hit With 'Deceptive Practices' Class Action Over Mass Scalping (www.cbc.ca)

An anonymous reader writes: StubHub and its CEO, Eric Baker, have been hit with a proposed $5-million class-action lawsuit in the United States over the company's ties to large-scale scalpers — connections reported by CBC News last week. The suit, filed Monday by New York ticket buyer Louis Sanquini, alleges deceptive practices and fraudulent misrepresentation over StubHub's promoting itself as a "marketplace for fans to buy and sell tickets."

The online ticket resale giant has faced a storm of customer complaints after cancelling thousands of World Cup tickets. The company has repeatedly said it is simply a technology platform that does not buy, sell or possess tickets. However, CBC reported last week that Baker disclosed in recent filings with the U.S. Securities and Exchange Commission that he runs Andro Capital, a hedge fund that engages in large-scale resale of millions of dollars' worth of sports and concert tickets on the StubHub resale platform.

Sanquini filed the proposed class action in the Southern District of New York, arguing consumers were kept in the dark and that he believed StubHub was a "neutral" marketplace. Lead counsel Kevin Steinberg told CBC News in an emailed statement that "consumers deserve honesty and transparency." A CBC investigation found that the CEO of online ticket reseller StubHub owns and manages a hedge fund that scalps millions of dollars of its own tickets. "While what StubHub is alleged to have engaged in and perpetrated upon millions of patrons is unfathomable, this case is about transparency and consumer trust. If companies make representations to the public, consumers are entitled to expect that those representations are complete and accurate," he said.

The claim reads: "Defendants' failure to disclose this conflict of interest, while affirmatively marketing StubHub as a fan-to-fan marketplace, deceived Plaintiff and the Class and caused them to pay prices, and accept terms, they would not have accepted had the truth been known." Sanquini argues that had he known StubHub's CEO held a financial interest and that the company was helping finance professional resellers, he would never have used the resale site to buy tickets to see rock band Kiss in 2023 or to attend a New York Red Bulls-New York City FC Major League Soccer match in 2024.

Submission + - Gravitricity energy storage goes bankrupt, but two others keep on trying (autonocion.com)

Geoffrey.landis writes: Gravitricity, a Scottins corporation that proposed using gravitational potential energy to store electrical energy, went bankrupt at the end of 2025. The basic idea is so simple, even a freshman physics student could describe it: use an electric motor to raise a weight up against gravity, and then when you need energy, lower the weight back down, and use the energy to run a generator. The difficulty, however, is in scale. Their proof of concept unit, a 40-ton block of steel falling the height of a 30-story building, stores an amount of energy equal to about eight hours of an average American home’s electricity. Their solution was to go big: there are literally millions of abandoned mine shafts around the world, many of them kilometer and more deep. They proposed a full GraviStore system would hang up to 24 separate weights of 500 metric tons each from cabled winches inside a single shaft. Twelve thousand metric tons of suspended steel, going up and down forever. But turning their concept into a reality ended up spending money faster than it could be invested, and, so quietly it took investors three months to even notice, the company went bankrupt.
But the basic concept may not be dead. Several other companies are still working at turning the concept into reality. And hundreds of thousands of abandoned mines are scattered across the United States, most of them a liability, a few of them with a kilometer of free vertical drop and a hoist house and a grid connection already sitting on site.

Submission + - Cloudflare Precursor Watches Your Mouse and Keyboard to Decide if You Are Human (nerds.xyz) 1

BrianFagioli writes: Cloudflare has launched Precursor, a new behavioral bot detection system that monitors mouse movement, typing cadence, scrolling, clipboard activity, page visibility, and other signals across an entire browsing session. The system is designed to catch advanced bots that can run JavaScript, use real browsers, and pass traditional CAPTCHA challenges.

Cloudflare says Precursor does not record actual keystrokes and instead studies timing and rhythm. The company also says the data is not tied to user identities or persistent profiles. Even so, software that watches how people move and type throughout a visit raises privacy concerns, especially as Cloudflare claims bots now generate roughly 57 percent of all Internet requests.

Submission + - Fastmail launches EU email hosting with one important privacy catch (nerds.xyz)

BrianFagioli writes: Fastmail is opening a new data center in Amsterdam and will begin moving European customers to EU hosted infrastructure in August. The primary copy of customer data will be stored inside the European Union, which could help with compliance and improve performance for users in the region.

There is one important catch. Fastmail says European customer data will still be replicated to the United States for resiliency. That means the service is not fully EU only, even though the primary copy will remain in Amsterdam.

Submission + - SpaceXAI and Starlink X Accounts Hacked, Abused to Promote scams (spamreports.report)

D,Petkow writes: Another day, another twitter/X scam, but this time involving the official gold-verified accounts of both SPACEX and STARLINK, and another gold-verified account, which is now suspended.

An account called "Sam Catman" somehow obtained an official SpaceXAI-affiliated *gold* badge and posted promotion for a new meme coin on Robinhood Chain.
Shortly afterward, the verified @SpaceXAI and Starlink accounts reposted it, giving the scam instant credibility to millions of followers.
The token pumped hard before the expected rug pull. The original posts have since been deleted.
As of now, there has been zero official acknowledgment or statement from SpaceXAI, Starlink, or Elon Musk about how a high-profile corporate account cluster was compromised so easily — or how the "official affiliate" badge system was abused.

Full story

As a result more than 120 000 USD have been stolen and laundered (so far), how convenient.
Classic reminder that even the biggest names in tech can get owned by a cartoon cat shilling a concurrency "memecoin". The gold badge was apparently worth its weight in rug residue.

The lack of transparency also says plenty, as if never of this ever happened.

Submission + - Californians sign up to have data brokers delete their personal information (eastbaytimes.com)

ZipNada writes: More than 300,000 Californians have demanded that hundreds of data brokers erase information about their locations, finances, health and personal lives as the state’s first-in-the-nation Delete Act requires brokers to start the mandatory process of removing data on Aug. 1.

Brokers must start accessing deletion requests within 45 days after Aug. 1, then once they have collected those requests, they have another 45 days to report what data they have purged to the agency — known as CalPrivacy — and people who have signed up. ...
The information Californians are asking brokers to erase can be extraordinarily sensitive. Of the nearly 600 data brokers in CalPrivacy’s registry, 110 sell people’s precise locations, the registry shows. More than 40 sell identity data that can include Social Security numbers. Almost 70 sell information on people’s gender identity. Seven sell data related to reproductive health, and six sell information on union membership. Eighteen sell minors’ data — and Kemp said children can sign up for deletion using DROP, or parents can do it for them.

Many of the brokers build — and sell to advertisers and marketers — dossiers that are increasingly processed using artificial intelligence to draw conclusions about a person’s interests, family, politics, lifestyle, finances, sexual orientation and health.

Submission + - Microsoft CEO Satya Nadella warns companies not to give AI firms their secrets (nerds.xyz) 2

BrianFagioli writes: Microsoft CEO Satya Nadella warns companies not to give AI firms their secrets

Microsoft CEO Satya Nadella says businesses may be paying twice for artificial intelligence: once with money, and again with the proprietary knowledge they feed into AI systems to make them useful. He calls this the Reverse Information Paradox, arguing that prompts, corrections, evaluations, workflows, and other usage data can gradually expose how a company actually operates.

Nadella says enterprises should keep control of their own models, memory, feedback, and internal learning loops while avoiding dependence on a single AI provider. The warning is notable coming from Microsoft, which sells the cloud infrastructure and AI services needed to build exactly that kind of private environment.

Slashdot Top Deals