Technology

Over the last 6 months a major project has been underway by the Element server team and the Matrix.org Foundation security team to investigate “state resets”: scenarios where Matrix’s state resolution algorithm can give unexpected results. As part of this work we’ve identified two high severity protocol vulnerabilities (CVE-2025-49090; the other not yet allocated a CVE).

Security updates will continue, but new features will require Windows 11.

Developers took 19% longer to finish tasks using AI tools

Google will merge ChromeOS and Android into a unified platform, according to Sameer Samat, President of Android Ecosystem at Google. "We're going to be combining ChromeOS and Android into a single platform, and I am very interested in how people are using their laptops these days and what they're getting done," Samat said during a recent interview.

Archive: https://archive.is/2025.07.18-203048/https://www.theverge.com/ai-artificial-intelligence/710020/openai-review-test-new-release-chatgpt-agent-operator-deep-research-pro-200-subscription

Write up of a simple trigger for kernel panic in latest iOS and macOS

Finally, I can get my eyeballs as close to TikTok as humanly possible.

A ProPublica investigation found that a Microsoft program could expose Pentagon computers to cyberattacks from China, the nation’s greatest cyber adversary. Here are the biggest takeaways from our reporting.

BulletVPN has announced its abrupt closure, but users of the VPN service can get a free subscription with an alternative provider.

Offc

Part I in Anonym’s Rewiring the Rules Series

Amazon Web Services has updated its AWS Free Tier program, allowing new customers to receive up to $200 in AWS credit that can be spent on various AWS services.

France, Spain, Italy, Denmark and Greece will test a blueprint for an age verification app to protect children online, the European Commission said on Monday, amid growing global concern about the impact of social media on children's mental health.

Like YouTube, Meta says it won't penalize users who are engaging with other people's content, doing things like making reaction videos, joining a trend, or adding their own takes.

OpenAI is following Perplexity and is working on its own AI-powered browser codenamed "Aura."

Google recently disabled uBlock Origin and other extensions for Chrome users with no apparent option to restore them. The good news is that you can still make uBlock Origin work. Here is how.

Key findings

• Between March and June 2025, Proofpoint Threat Research observed three Chinese state-sponsored threat actors conduct targeted phishing campaigns against the Taiwanese semiconductor industry. In all cases, the motive was most likely espionage.
• Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well as financial investment analysts specializing in the Taiwanese semiconductor market.
• This activity likely reflects China’s strategic priority to achieve semiconductor self-sufficiency and decrease reliance on international supply chains and technologies, particularly in light of US and Taiwanese export controls.

China-aligned threat actors have routinely targeted the semiconductor industry for many years. This activity likely aligns with China’s internal strategic economic priorities, which have increasingly emphasized the importance of semiconductor technologies in successive national economic development initiatives, including the Five-Year Plans. A growing focus on ensuring strategic self-reliance for semiconductor technologies, accelerated by external pressures from export controls, has likely reinforced the priority of intelligence collection operations directed at this industry. This is reflected in China-aligned espionage activity tracked by the Proofpoint Threat Research team, where we are currently observing an elevated level of targeting of the industry by China-aligned groups compared to historical activity.

Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor industry. This included a China-aligned threat actor tracked as UNK_FistBump targeting semiconductor design, manufacturing, and supply chain organizations in employment-themed phishing campaigns resulting in the delivery of Cobalt Strike or the custom Voldemort backdoor.

Additionally, Proofpoint observed another China-aligned threat actor tracked as UNK_DropPitch targeting individuals in multiple major investment firms who specialize in investment analysis specifically within the Taiwanese semiconductor industry. This UNK_DropPitch targeting is exemplary of intelligence collection priorities spanning less obvious areas of the semiconductor ecosystem beyond just design and manufacturing entities. Finally, we also observed an actor tracked as UNK_SparkyCarp conducting credential phishing activity against a Taiwanese semiconductor company using a custom Adversary in the Middle (AiTM) phishing kit.

[...]

The ‘H/W Quick Erase’ function, which fries the flash memory, should probably have a more forbidding name.