Wednesday, July 1, 2026

T-Mobile moving tens of thousands of virtual machines off VMware amid lawsuit


<p>T-Mobile is asking a New York court to rule that Broadcom was contractually obligated to continue supporting its VMware perpetual licenses.</p> <p>In its complaint, T-Mobile said it has tens of thousands of virtual machines using VMware software across approximately 303,140 CPU cores. It also said that it was migrating off VMware but noted the <a href="https://arstechnica.com/information-technology/2025/01/a-long-costly-road-ahead-for-customers-abandoning-broadcoms-vmware/">time-consuming and technical challenges</a> involved in migrating over 1,000 applications.</p> <p>It filed its lawsuit, which was first reported by <a href="https://www.theregister.com/virtualization/2026/07/01/t-mobile-appears-to-be-quitting-vmware-and-fighting-a-very-familiar-battle-for-support-rights-on-the-way-out/5264750">The Register</a> today, in the Supreme Court of the State of New York in August 2025 <a href="https://cdn.arstechnica.net/wp-content/uploads/2026/07/654741_2025_T_Mobile_USA_Inc_v_Broadcom_Inc_et_al_COMPLAINT_58.pdf">(PDF)</a>.</p><p><a href="https://arstechnica.com/information-technology/2026/07/t-mobile-moving-tens-of-thousands-of-virtual-machines-off-vmware-amid-lawsuit/">Read full article</a></p> <p><a href="https://arstechnica.com/information-technology/2026/07/t-mobile-moving-tens-of-thousands-of-virtual-machines-off-vmware-amid-lawsuit/#comments">Comments</a></p> Reference : https://ift.tt/JUcv6Dp

Tuesday, June 30, 2026

New attack provides one more reason why AI browsers are a bad idea


<p>Makers of AI browsers make lofty promises. With a single prompt, users can ask one to find a restaurant in a particular part of town, reserve a table, invite a colleague to lunch, and email a confirmation. These makers are much more reticent about the risks of blurring the once fine line between browsing sites and asking a large language model a question or instructing it to take potentially sensitive actions.</p> <p>LLM developers’ answer so far has been to build guardrails that make some requests off-limits. Developing software exploits, stealing credentials, or teaching how to build a pipe bomb are examples. The problem with this approach is that the guardrails are reactive and treat the symptoms rather than solve the root cause. It’s tantamount to the manufacturer of an unsafe vehicle advocating for new road designs rather than fixing the flaws that make it prone to accidents.</p> <h2>Lulling LLMs into an alternate reality</h2> <p>New research puts this predicament on sharp display. It demonstrates how a website can lull AI browsers into a false reality where the rules governing its behavior no longer apply. After that, an attacker has free rein to invoke all kinds of destructive actions, such as extracting code from a private repository or extracting credentials from the built-in password manager.</p><p><a href="https://arstechnica.com/security/2026/06/ai-browsers-can-be-lulled-into-a-dream-world-where-guardrails-no-longer-apply/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2026/06/ai-browsers-can-be-lulled-into-a-dream-world-where-guardrails-no-longer-apply/#comments">Comments</a></p> Reference : https://ift.tt/dCnR9uy

Monday, June 29, 2026

US offers $10 million for info on group behind Signal and WhatsApp hacking spree


<p>Federal authorities are offering a reward of up to $10 million for information leading to the identification or location of a Russian state cyber group that has compromised thousands of Signal and WhatsApp accounts belonging to investigative reporters and US government employees.</p> <p>The operation has been active since at least March, when the FBI published an <a href="https://www.ic3.gov/PSA/2026/PSA260320">advisory</a> warning of ongoing phishing campaigns targeting high-value targets by attackers associated with Russian intelligence services. Messages masquerading as automated support communications ask that users click a link or provide verification codes or account passcodes. In the event the user complies, they unknowingly link the attacker's device to their account or have their account completely taken over and are locked out.</p> <p><img width="300" height="300" src="https://cdn.arstechnica.net/wp-content/uploads/2026/06/messenger-account-hack-techniques-300x300.webp" class="none thumbnail" alt="" decoding="async" loading="lazy" srcset="https://cdn.arstechnica.net/wp-content/uploads/2026/06/messenger-account-hack-techniques-300x300.webp 300w, https://cdn.arstechnica.net/wp-content/uploads/2026/06/messenger-account-hack-techniques-500x500.webp 500w" sizes="auto, (max-width: 300px) 100vw, 300px"> </p><p><a href="https://arstechnica.com/information-technology/2026/06/us-offers-10-million-for-info-on-group-behind-signal-and-whatsapp-hacking-spree/">Read full article</a></p> <p><a href="https://arstechnica.com/information-technology/2026/06/us-offers-10-million-for-info-on-group-behind-signal-and-whatsapp-hacking-spree/#comments">Comments</a></p> Reference : https://ift.tt/QZyJFIS

Thursday, June 25, 2026

Notion killing Skiff-influenced email app since most users use AI agents instead


<p>In February 2024, <a href="https://arstechnica.com/gadgets/2024/02/encrypted-email-service-skiff-gets-acquired-will-shut-down-in-six-months/">Notion bought Skiff</a>, an encrypted email and productivity software startup. Within a year, Notion shut down Skiff’s email service (taking @skiff.com email addresses with it). And in April 2025, the San Francisco-based company released Notion Mail, a Gmail client primarily built by people who joined Notion through the Skiff acquisition. Today, Notion announced that it’s shutting down Notion Mail, effectively killing what little remained of Skiff email.</p> <p>In an <a href="https://x.com/NotionMail/status/2070177267074977991?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E2070177267074977991%7Ctwgr%5Efe47482444044d33c72a3a07a70a065ab8d2fb45%7Ctwcon%5Es1_c10&amp;ref_url=https%3A%2F%2F9to5mac.com%2F2026%2F06%2F25%2Fnotion-shutting-down-its-ai-powered-email-client-including-mac-and-ios-apps%2F">X post (</a>first spotted by <a href="https://9to5mac.com/2026/06/25/notion-shutting-down-its-ai-powered-email-client-including-mac-and-ios-apps/">9to5Mac</a>) today, Notion said that it will shutter the Notion Mail “inbox across web, desktop, and iOS on September 22.”</p> <p>The post claimed that most Notion users don’t use email clients anyway and instead rely on AI agents to handle their electronic correspondence. It reads:</p><p><a href="https://arstechnica.com/gadgets/2026/06/notion-killing-skiff-influenced-email-app-since-most-users-use-ai-agents-instead/">Read full article</a></p> <p><a href="https://arstechnica.com/gadgets/2026/06/notion-killing-skiff-influenced-email-app-since-most-users-use-ai-agents-instead/#comments">Comments</a></p> Reference : https://ift.tt/YZPdbKJ

Wednesday, June 24, 2026

One-two punch delivered in global operation disrupts cybercrime "assembly line"


<p>International authorities and a raft of private technology companies say they have disrupted a cybercrime “assembly line” that allowed crooks to collect millions of login credentials and steal more than $47 million in ransom payments and by other fraudulent means.</p> <p>The crux of the operation was the simultaneous targeting of two unrelated tools that are widely used in various online scams. The first is Amadey, a malware-as-a-service platform for compromising devices and delivering malicious payloads for ransomware and other scams. Amadey has been observed in the wild since at least 2018 and was <a href="https://arstechnica.com/security/2025/07/malware-as-a-service-caught-using-github-to-distribute-its-payloads/">seen last year</a> abusing GitHub as it collected system information from infected devices and installed customized payloads. The second tool was StealC, an infostealer-as-a-service platform that collects credentials, authentication cookies, cryptocurrency wallets, browser extensions, and files whose names match customer-defined patterns.</p> <h2>Severing a critical link in the cybercrime chain</h2> <p>Amadey and StealC are separate tools that are run independently of each other. Given their widespread use, however, many customers use both in their individual cybercrime activities. The tools also, it turns out, relied on some of the same underlying infrastructure to run. Microsoft said it made this determination after analyzing the tools using AI. This insight allowed Microsoft attorneys to seek an order disrupting both at the same time.</p><p><a href="https://arstechnica.com/security/2026/06/one-two-punch-delivered-in-global-operation-disrupts-cybercrime-assembly-line/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2026/06/one-two-punch-delivered-in-global-operation-disrupts-cybercrime-assembly-line/#comments">Comments</a></p> Reference : https://ift.tt/bLfGoTQ

Tuesday, June 23, 2026

Executive order bumps up deadline to move off quantum-vulnerable crypto


<p>The White House is drastically shortening the deadline for government agencies and organizations to adopt new quantum-resistant encryption systems that will withstand attacks that use quantum computers, as the federal government seeks to protect decades’ worth of secrets belonging to militaries, banks, governments, and most individuals on Earth.</p> <p>The executive order, titled <a href="https://www.whitehouse.gov/presidential-actions/2026/06/securing-the-nation-against-advanced-cryptographic-attacks/">Securing the Nation against Advanced Cryptographic Attacks</a>, requires computing systems for “high-value assets” and “high-impact systems” to transition to post-quantum cryptographic key establishment schemes by December 31, 2030, and to quantum-safe digital signature schemes by December 31, 2031.</p> <h2>Heading off a significant threat</h2> <p>The new deadline, which for many organizations is about five years sooner than the previous one, comes on the heels of recent research showing that the resources and cost for building a cryptographically relevant quantum computer are far less than previous consensus estimates. In response, Google, Cloudflare, and other companies recently <a href="https://arstechnica.com/security/2026/03/google-bumps-up-q-day-estimate-to-2029-far-sooner-than-previously-thought/">tightened their timelines</a> for moving off vulnerable systems to 2029.</p><p><a href="https://arstechnica.com/information-technology/2026/06/executive-order-bumps-up-deadline-to-move-off-quantum-vulnerable-crypto/">Read full article</a></p> <p><a href="https://arstechnica.com/information-technology/2026/06/executive-order-bumps-up-deadline-to-move-off-quantum-vulnerable-crypto/#comments">Comments</a></p> Reference : https://ift.tt/UDvIlkn

Oracle’s 21,000 layoffs help drive its debt-fueled AI investments


<p>The growing use of AI contributed to Oracle laying off 21,000 workers in a year, according to a <span id="_GeQ6apqDO9-M0PEPjpTWyQ8_45" class="K6pdKd wtBS9"> Securities and Exchange Commission</span> filing on Monday.</p> <p>In its annual regulatory filing for the fiscal year ending May 31, Oracle said it has 141,000 full-time employees. In its 2025 filing, Oracle said it had 162,000 employees. The reported 12.9 percent reduction followed <a href="https://www.businessinsider.com/oracle-layoffs-employees-costs-ai-buildout-job-cuts-2026-3">March</a> reports of mass layoffs at the database management software company.</p> <p>"[T]he adoption and deployment of AI technologies across our operations have resulted, and may continue to result, in reductions to our workforce," the filing reads.</p><p><a href="https://arstechnica.com/ai/2026/06/oracles-21000-layoffs-help-drive-its-debt-fueled-ai-investments/">Read full article</a></p> <p><a href="https://arstechnica.com/ai/2026/06/oracles-21000-layoffs-help-drive-its-debt-fueled-ai-investments/#comments">Comments</a></p> Reference : https://ift.tt/usUkhSE

T-Mobile moving tens of thousands of virtual machines off VMware amid lawsuit

<p>T-Mobile is asking a New York court to rule that Broadcom was contractually obligated to continue supp...