technology 24 for you

Tuesday, June 9, 2026

High-severity vulnerability in Linux caused by a single errant character

Researchers have analyzed a high-severity vulnerability in Linux that’s able to escalate untrusted users to root by exploiting a bug you don't often see: a single errant character inside the kernel. The vulnerability, tracked as <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-23111">CVE-2026-23111</a>, is located in nf_tables, a subsystem of the Linux kernel that provides packet filtering capabilities. It’s used to manage firewall rules and replaces older subsystems such as iptables, ip6tables, arptables, and ebtables. <h2>!!!WTF!!!</h2> The presence of a single mis-issued exclamation point in code implementing nf_tables introduced a use-after-free, a class of vulnerability that corrupts memory by placing malicious code at memory addresses that haven’t been properly freed of their previous contents. CVE-2026-23111 can be exploited by an unprivileged user or process to elevate system rights to root.<a href="https://arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/">Read full article</a> <a href="https://arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/#comments">Comments</a> Reference : https://ift.tt/wmiASWa

Beyond Dexterity: Why Contact May Define the Next Era of Robotics

<img src="https://spectrum.ieee.org/media-library/humanoid-robot-with-four-arms-holding-a-red-balloon-sculpture-at-a-tech-expo.jpg?id=66870200&width=1245&height=700&coordinates=0%2C0%2C0%2C1"/> This article is brought to you by <a href="https://www.agilink-ai.com/" target="_blank">AGILINK</a>.Throughout the exhibition hall at the 2026 IEEE International Conference on Robotics (ICRA), in Vienna, one demonstration seemed to attract a disproportionate amount of attention.Two robotic hands were making a balloon dog. Slowly and deliberately, the robot twisted a long balloon into loops, bends, and joints without popping it. Visitors stopped, watched, and often returned with colleagues to watch again. <img alt="Crowd at a robotics expo watches a humanoid robot demonstrate its arm movements." class="rm-shortcode" data-rm-shortcode-id="29a8797093705fd5d7f3a0b18b28e8a0" data-rm-shortcode-name="rebelmouse-image" id="821bd" loading="lazy" src="https://spectrum.ieee.org/media-library/crowd-at-a-robotics-expo-watches-a-humanoid-robot-demonstrate-its-arm-movements.jpg?id=66870218&width=980"/> AGILINK’s balloon dog demonstration draws a crowd at ICRA 2026.AGILINKAt first glance, the demonstration appeared almost playful. Among roboticists, however, balloon twisting is widely recognized as an unusually difficult manipulation task.A balloon is lightweight, highly deformable, slippery, and extremely sensitive to force. Every twist changes its geometry and internal pressure, turning a seemingly simple activity into a continuously changing physical interaction problem.Humans navigate those changes almost intuitively. While making a balloon animal, people rarely think consciously about force regulation, slip prevention, or contact stability. They simply adjust.For robots, those adjustments remain remarkably difficult. The challenge is not merely moving fingers to the right positions. The harder part is maintaining stable interaction while the object itself is changing. <iframe frameborder="0" height="auto" lazy-loadable="true" scrolling="no" src="https://www.youtube.com/embed/eoGcFGwQNkw?rel=0" style="position:absolute;top:0;left:0;width:100%;height:100%;" width="100%"></iframe>Highlights from AGILINK’s ICRA 2026 demonstrations, including visuotactile sensing, in-hand manipulation, balloon-animal shaping, and other contact-rich tasks enabled by the company’s latest OmniHand platform.AGILINKThat distinction helps explain why the balloon dog drew so much attention in Vienna. What appeared to be a dexterity demonstration was, in many ways, a demonstration about contact itself.As robotic manipulation continues to advance, a growing number of researchers are arriving at a similar conclusion: many of the hardest problems in robotics begin only after contact occurs.<h2>Motion and Contact Intelligence for Robot Manipulation</h2>Balloon twisting combines two challenges that robotics has traditionally struggled to solve simultaneously: long-horizon task execution and contact-rich manipulation.The first concerns motion.A balloon dog is not created through a single grasp or twist. It emerges through a carefully ordered sequence of manipulations, each setting the conditions for what follows. A small rotational error introduced early may appear insignificant at first, yet several steps later it can prevent the final structure from forming altogether.In that sense, balloon twisting is a long-horizon task. Success depends not only on performing individual actions correctly, but also on preserving the future feasibility of the entire manipulation process.To address this challenge, <a href="https://www.agilink-ai.com/" target="_blank">AGILINK</a> began by collecting demonstrations from professional balloon artists. Human actions were mapped onto robotic hands to establish an initial manipulation policy. But successful demonstrations alone were insufficient.In practice, some of the most valuable learning occurred when execution began to drift toward failure. Whenever instability emerged, human operators intervened and corrected the manipulation in real time. Those interventions were recorded and incorporated into reinforcement-learning cycles, allowing the system to learn not only how successful demonstrations unfold, but also how experienced operators recover when things start to go wrong.Through this process, the robot gradually acquired the capabilities required for long-horizon task execution—a collection of abilities that AGILINK groups under the term motion intelligence: the ability to generate actions, coordinate bimanual behaviors, and execute extended manipulation sequences under real-world uncertainty. <img alt="Two robotic hands, one white open palm and one black forming an OK gesture, on display." class="rm-shortcode" data-rm-shortcode-id="7fb13b51d34cf6b0574f614644438b3b" data-rm-shortcode-name="rebelmouse-image" id="779ba" loading="lazy" src="https://spectrum.ieee.org/media-library/two-robotic-hands-one-white-open-palm-and-one-black-forming-an-ok-gesture-on-display.png?id=66870278&width=980"/> OmniHand 3 Ultra-M on display at ICRA 2026.AGILINKYet motion alone does not explain why balloon twisting remains difficult. The second challenge is contact.The robot must continuously regulate force, adjust contact locations, and respond to subtle changes in the object’s state. These decisions are difficult to encode through explicit rules. Even skilled human operators often rely on tactile intuition developed through experience rather than consciously articulated strategies.Analysis of those interventions revealed that many failures did not originate from incorrect action sequences, but from the breakdown of contact itself.To better capture those interaction dynamics, AGILINK collected contact-centric intervention data and incorporated those interactions into reinforcement-learning training. Rather than learning only which motions to perform, the system also learned how humans maintain stability when contact conditions begin to deteriorate.AGILINK describes this capability as contact intelligence: the ability to establish, maintain, and adapt physical interaction as force distribution, friction, deformation, and contact geometry continuously evolve.The distinction between the two capabilities is subtle but important. Motion intelligence determines what the robot intends to do. Contact intelligence determines whether it can continue doing it. For balloon twisting, both are necessary. One provides the sequence of actions. The other keeps those actions physically viable. <img alt="Robot makes balloon animal for visitor at tech expo booth." class="rm-shortcode" data-rm-shortcode-id="a214019840e864e15e6b91d8d70e6e74" data-rm-shortcode-name="rebelmouse-image" id="431a1" loading="lazy" src="https://spectrum.ieee.org/media-library/robot-makes-balloon-animal-for-visitor-at-tech-expo-booth.jpg?id=66870268&width=980"/> YouTuber KhanFlicks follows OmniHand’s motions while learning to fold a balloon dog at the AGILINK booth.AGILINKBetween a balloon slipping away and a balloon bursting lies a narrow region of stability. Successful manipulation depends on finding that region—and remaining within it throughout the task.<h2>Introducing the OmniHand 3 Ultra-M Dexterous Hand</h2>The balloon dog demonstration showcased a manipulation capability. It also revealed a broader question. How much contact intelligence can be achieved through learning alone? A robot can only regulate what it can perceive. It can only respond as quickly as its hardware allows.As manipulation tasks become increasingly complex, researchers are finding that progress depends not only on better policies, but also on richer sensing and faster physical response.That realization formed the backdrop for AGILINK’s second major announcement at ICRA 2026. Alongside the balloon dog demonstration, the company introduced the <a href="https://www.agilink-ai.com/ultra-m.html" target="_blank">OmniHand 3 Ultra-M</a>. <img alt="Two robotic hands beside a human hand, all raised open on a display table." class="rm-shortcode" data-rm-shortcode-id="8c59fb0ca42c4a24bb1b54d98d25513f" data-rm-shortcode-name="rebelmouse-image" id="e7eda" loading="lazy" src="https://spectrum.ieee.org/media-library/two-robotic-hands-beside-a-human-hand-all-raised-open-on-a-display-table.jpg?id=66870269&width=980"/> OmniHand 3 Ultra-M closely matches the size of an adult human hand.AGILINKThe two exhibits represented different stages of the same technological trajectory. If the balloon dog demonstrated what contact intelligence can already accomplish today, Ultra-M was designed to explore what contact intelligence may require next.<h2>Building Hardware for Contact Intelligence</h2>Roughly the size of an adult human hand, the <a href="https://www.agilink-ai.com/uploads/upload/files/20260530/a7b12675ce5e3b4e9b913801c0c6f659.pdf" target="_blank">OmniHand 3 Ultra-M integrates 20 active degrees of freedom</a> within a human-scale form factor.Its most distinctive feature is a fully direct-drive architecture. By adopting direct-drive actuation throughout the system, the hand is designed to enable faster and more transparent force regulation and higher force-control bandwidth, enabling faster response as contact conditions change. For contact-rich manipulation, responsiveness can be as important as sensing itself.By adopting direct-drive actuation throughout the system, the OmniHand 3 Ultra-M is designed to enable faster and more transparent force regulation and higher force-control bandwidth, enabling faster response as contact conditions change.The platform also incorporates tactile sensing across nearly the entire hand. Each fingertip contains a miniature vision-based tactile sensor, while more than 300 three-dimensional tactile sensing points are distributed throughout the palm. Together, they provide information not only about where contact occurs, but how contact is evolving.The system is designed to estimate pressure distribution, shear forces, local deformation, slip tendencies, and other interaction dynamics that often remain invisible to conventional position-based control systems.According to AGILINK’s tests, individual sensors achieve force resolution of approximately 0.005 N—roughly equivalent to detecting the weight of a sheet of paper resting on a fingertip. Spatial resolution reaches approximately 0.04 mm, while sensing density approaches 50,000 sensing points per square centimeter. <img alt="Robot arm delicately holds a feather, inset shows colorful dotted texture close-up." class="rm-shortcode" data-rm-shortcode-id="c9f9836a2a34c6020d974a51c0da7158" data-rm-shortcode-name="rebelmouse-image" id="8f1f1" loading="lazy" src="https://spectrum.ieee.org/media-library/robot-arm-delicately-holds-a-feather-inset-shows-colorful-dotted-texture-close-up.png?id=66870273&width=980"/> OmniHand 3 Ultra-M recognizes feather texture through vision-based tactile sensing.AGILINKFor dexterous robots, contact has traditionally been a largely hidden process. Ultra-M is designed to make that process more observable.Rather than simply detecting that contact has occurred, the system attempts to resolve where interaction is happening, how forces are distributed, whether instability is beginning to emerge, and how manipulation strategies should adapt in response.The balloon dog offered a glimpse of what contact intelligence can already accomplish. Ultra-M explores a different question: what capabilities may be required to push contact intelligence further?<h2>The Physical World Remains the Hardest Benchmark</h2>The significance of contact intelligence extends far beyond balloon animals. Many tasks that continue to resist automation involve unstable or deformable interaction: cable insertion, garment handling, flexible packaging, delicate assembly, connector mating, tool use, and household manipulation.These tasks are difficult not because robots cannot reach the correct location, but because maintaining stable interaction after contact begins remains extraordinarily hard.For decades, robotics achieved many of its successes by reducing uncertainty. Factories were engineered to make robotic motion predictable, repeatable, and highly structured. The physical world behaves differently.A growing share of robotics research is shifting toward interaction itself—understanding how robots can establish, maintain, and adapt physical contact within environments that remain fundamentally unpredictable.Objects shift. Materials deform. Friction changes. Contact evolves. Real environments rarely follow scripts. Seen through that lens, the balloon dog was never really about the balloon dog. What attracted attention at ICRA was not simply a visually impressive demonstration, but what it revealed: intelligence in the physical world is ultimately measured through interaction.As motion generation continues to mature, a growing share of robotics research is shifting toward interaction itself—understanding how robots can establish, maintain, and adapt physical contact within environments that remain fundamentally unpredictable.For robots moving beyond structured environments and into less predictable real-world settings, managing contact may become as important as motion itself. Reference: https://ift.tt/GO2Mfi1

Monday, June 8, 2026

IEEE Celebrates Technology’s Brightest Minds at Annual Event

<img src="https://spectrum.ieee.org/media-library/a-dimly-lit-ballroom-filled-with-dinner-tables-during-an-awards-ceremony.jpg?id=66857734&width=1200&height=800&coordinates=0%2C83%2C0%2C84"/> New York City was the backdrop of this year’s IEEE <a href="https://spectrum.ieee.org/ieee-2026-honors" target="_self">Honors Ceremony</a>, held on 24 April.The event celebrates engineering pioneers who have developed technologies that have changed how people connect and learn about the world. This year’s celebrants included the engineers behind innovations such as text-to-donate technology, <a href="https://spectrum.ieee.org/abhishek-appaji-ai-diagnostic-tool" target="_self">AI-powered diagnostic tools</a>, and the graphics processing unit, among many others.Prior to the Honors Ceremony, IEEE hosted a forum on 23 April for a select group of early-career achievers to exchange ideas and experiences with laureates and awardees, speakers, and IEEE leaders. Attendees from around the world, working in a variety of technical areas, shared their journeys and explored the intersections of technologies, disciplines, and missions. The event culminated in Friday evening’s black tie Honors Ceremony, where IEEE celebrated medal laureates, including <a href="https://spectrum.ieee.org/2026-ieee-medal-of-honor" target="_self">Jensen Huang</a>, who received IEEE’s highest recognition, the <a href="https://spectrum.ieee.org/tag/ieee-medal-of-honor" target="_self">IEEE Medal of Honor</a>. Huang is a cofounder of <a href="https://www.nvidia.com/en-us/" rel="noopener noreferrer" target="_blank">Nvidia</a> and its chief executive. “IEEE has always been a home to those who see the future before others see it,” <a href="https://spectrum.ieee.org/ieee-presidents-note-engineering-renaissance" target="_self">Mary Ellen Randall</a>, IEEE president and CEO, said in her welcome speech. <a href="https://corporate-awards.ieee.org/ieee-awards-videos/" rel="noopener noreferrer" target="_blank">Video highlights</a> and <a href="https://corporate-awards.ieee.org/events/photo-and-video-gallery/" rel="noopener noreferrer" target="_blank">photos from the event</a> are available on the <a href="https://corporate-awards.ieee.org/" rel="noopener noreferrer" target="_blank">IEEE Awards website</a>.<h2>Exploring mission-driven tech and AI in art</h2>Friday morning began with a conversation between Randall and <a href="https://www.youtube.com/watch?v=OignKQOJT-U" rel="noopener noreferrer" target="_blank">Marian Croak</a>, the recipient of this year’s <a href="https://corporate-awards.ieee.org/award/ieee-founders-medal/" rel="noopener noreferrer" target="_blank">IEEE Founders Medal</a>. Croak was honored for “leadership in communication networks, including acceleration of digital equity, responsible artificial intelligence, and the promotion of diversity and inclusion.”Croak, who serves as vice president of engineering at <a href="https://about.google/" rel="noopener noreferrer" target="_blank">Google</a>, headquartered in Mountain View, Calif., pioneered Voice over Internet Protocol (VoIP) technologies. When a person speaks into a telephone, VoIP converts their voice into digital signals that are transmitted over the Internet rather than traditional phone lines. Her work enabled audio and video conferencing. She also developed text-to-donate technology to raise money for those affected by <a href="https://en.wikipedia.org/wiki/Hurricane_Katrina" rel="noopener noreferrer" target="_blank">Hurricane Katrina</a>, which devastated New Orleans in 2005. The technology enables customers to donate money to a charity via their mobile service provider, which then bills them. “Empathy has always been a driving force in the engineering that I’ve done,” she said.She shared advice on how to stay creative: “Get out of the office. Go to an art museum, exercise, or play with children.” Croak said her grandchildren inspire her.<h3>An inside look at microchips</h3> During Friday evening’s Honors Ceremony cocktail hour, attendees explored the history of microchips at the <a href="https://www.ieee.org/about/history-center/globalmuseum" target="_blank">IEEE Global Museum</a>’s Microchips That Shook the World exhibit. The Global Museum, an IEEE History and Heritage program, develops traveling and digital exhibits focused on the history of technology. The museum’s mission is to promote awareness of how technological progress unfolds over generations and how engineers and researchers build on past achievements to benefit humanity.Drawing from <a href="https://spectrum.ieee.org/" target="_self">IEEE Spectrum</a>’s <a href="https://spectrum.ieee.org/welcome-to-the-chip-hall-of-fame" target="_self">Chip Hall of Fame</a>, the Microchips That Shook the World exhibit conveys the roles integrated circuits play in fields such as signal processing, audio engineering, and <a href="https://spectrum.ieee.org/topic/telecommunications/" target="_self">telecommunications</a>.Co-curators <a href="https://spectrum.ieee.org/u/stephen-cass" target="_self">Stephen Cass</a>, Spectrum’s special projects editor, and <a href="https://www.linkedin.com/in/daniel-jon-mitchell-726b131b2" target="_blank">Daniel Mitchell</a>, the IEEE senior historian, served as onsite docents for guests. The <a href="https://spectrum.ieee.org/commodore-64" target="_self">Commodore 64</a>, one of the artifacts on display, brought up many treasured childhood memories for guests who used the home computer. The exhibit also featured a preview of IEEE’s immersive video project “Inside the Microchip,” which delves beneath the silicon surface of the Nvidia NV20 microchip thanks to forensic photography and sophisticated computer-generated renders. The video, which will be released later this year, aims to teach preuniversity students about the technology.Microchips that Shook the World is possible thanks to donations from semiconductor company <a href="https://www.asml.com/" rel="noopener noreferrer" target="_blank">ASML</a>, the <a href="https://themenschfoundation.org/" rel="noopener noreferrer" target="_blank">Bill and Dianne Mensch Foundation</a>, and the <a href="https://eds.ieee.org/" rel="noopener noreferrer" target="_blank">IEEE Electron Devices </a>and <a href="https://eps.ieee.org/" rel="noopener noreferrer" target="_blank">IEEE Electronics Packaging societies</a>The daytime program also spotlighted AI’s use in the visual arts. <a href="https://spectrum.ieee.org/u/kathleen-kramer1" target="_self">Kathleen Kramer</a>, the 2025 IEEE president, interviewed artist <a href="https://refikanadol.com/" rel="noopener noreferrer" target="_blank">Refik Anadol</a>, who is scheduled to open an AI art museum on 20 June in Los Angeles. <a href="https://dataland.art/" rel="noopener noreferrer" target="_blank">Dataland</a>’s exhibits are powered by an open-access model developed by Anadol’s studio.For the museum’s first exhibition, “Machine Dreams: Rainforest,” the model collected visual data about the natural world from the <a href="https://www.si.edu/museums/natural-history-museum" rel="noopener noreferrer" target="_blank">Smithsonian National Museum of Natural History</a>, London’s <a href="https://www.nhm.ac.uk/" rel="noopener noreferrer" target="_blank">Natural History Museum</a>, and the <a href="https://www.birds.cornell.edu/home/" rel="noopener noreferrer" target="_blank">Cornell Lab of Ornithology</a>, with their permission. The information, including up to a half billion images, will form the basis for a variety of AI-produced art, Anadol said.Anadol said he was inspired to mix AI with art by the movie <a href="https://en.wikipedia.org/wiki/Blade_Runner" rel="noopener noreferrer" target="_blank">Blade Runner</a>. He said he believes “machines can become collaborators,” as “data is a form of pigment.”Data also plays an important role in the work of artist and author <a href="https://giorgialupi.com/" rel="noopener noreferrer" target="_blank">Giorgia Lupi</a>. The artist is a partner at design firm <a href="https://www.pentagram.com/work/ieee-honors-ceremony-2026" rel="noopener noreferrer" target="_blank">Pentagram</a>.Lupi said she uses data to tell stories, including chronicling her struggles with a chronic illness.“Data is an abstraction of our reality,” she said.One of her recent projects, “<a href="https://www.mta.info/agency/arts-design/digital-art/data-love-letter" rel="noopener noreferrer" target="_blank">A Data Love Letter to the Subway</a>,” was shown last year in the <a href="https://en.wikipedia.org/wiki/Dey_Street_Passageway" rel="noopener noreferrer" target="_blank">Dey Street Passageway</a> in New York City. The video was made using data from the <a href="https://www.mta.info/" rel="noopener noreferrer" target="_blank">Metropolitan Transportation Authority</a> about each train line, including timetables, ridership, and people’s travel habits. Based on the information Lupi gathered, she documented how commuters traveling on different subway lines encountered one another without realizing it.By exploring data on this year’s IEEE award recipients, she collaborated with IEEE to create <a href="https://corporate-awards.ieee.org/intersections/" rel="noopener noreferrer" target="_blank">an animated video illustrating the shared pathways and collaborations among the honorees</a>. It debuted at the Honors Ceremony.<h2>Honoring engineering giants</h2>The Honors Ceremony, held at <a href="https://ciprianievents.com/venue/new-york-42nd-street/" rel="noopener noreferrer" target="_blank">Cipriani 42nd Street</a>, recognized more than 20 laureates and innovators.More than 92 million selfies are taken worldwide every day, <a href="https://photoaid.com/blog/mobile-photography-statistics/" rel="noopener noreferrer" target="_blank">PhotoAiD estimates</a>. A selfie wouldn’t be possible without <a href="https://ericfossum.com/" rel="noopener noreferrer" target="_blank">Eric Fossum</a>’s invention of the <a href="https://www.ansys.com/simulation-topics/what-is-cmos-image-sensor" rel="noopener noreferrer" target="_blank">CMOS image sensor</a>. Developed at <a href="https://www.nasa.gov/" rel="noopener noreferrer" target="_blank">NASA</a>’s <a href="https://www.jpl.nasa.gov/" rel="noopener noreferrer" target="_blank">Jet Propulsion Laboratory</a>, in Pasadena, Calif., the “camera on a chip” was intended for use in space, but it is now found in smartphones, medical devices, and vehicles. Fossum, an IEEE Life Fellow, received the <a href="https://corporate-awards.ieee.org/award/ieee-jun-ichi-nishizawa-medal/" rel="noopener noreferrer" target="_blank">IEEE Jun-ichi Nishizawa Medal</a>, which recognizes outstanding contributions to materials and device science and technology.“Engineering is a pursuit of what must be possible. [IEEE is] the spirit, the conscience, of our profession.” —Jensen Huang, founder and CEO of NvidiaThe medal, he said, “is at the top of the IEEE staircase of being recognized by your peers.”The <a href="https://corporate-awards.ieee.org/award/ieee-nick-holonyak-medal/" rel="noopener noreferrer" target="_blank">IEEE Holonyak Medal for Semiconductor Optoelectronic Technologies</a> went to <a href="https://www.materials.ucsb.edu/people/faculty/steven-p-denbaars" rel="noopener noreferrer" target="_blank">Steven P. DenBaars</a>, a professor of materials and electrical and computer engineering at the <a href="https://www.ucsb.edu/" rel="noopener noreferrer" target="_blank">University of California, Santa Barbara</a>. DenBaars was honored for his work in semiconductors, which laid the foundation for high-resolution LED and laser displays, modern solid-state lighting, and more.“This work has always been a team effort...I’m excited and curious about the role gallium nitride micro LEDs will play in optical communications,” he said in his acceptance speech.The ceremony ended with the Medal of Honor presentation to Huang, who received a standing ovation. He was recognized for his “leadership in the development of graphics processing units and their application to scientific computing and artificial intelligence.”The IEEE honorary member donated his cash prize to <a href="https://spectrum.ieee.org/ieee-tryengineering-20-years" target="_self">IEEE TryEngineering</a>, which provides teachers with a library of lesson plans and offers educational summer camps. The <a href="https://www.influencewatch.org/non-profit/jen-hsun-and-lori-huang-foundation/" rel="noopener noreferrer" target="_blank">Jen-Hsun and Lori Huang Foundation</a> matched his gift, and the additional donation is destined to fund scholarships for new graduates. “Engineering is a pursuit of what must be possible. [IEEE is] the spirit, the conscience, of our profession,” Huang said. Reference: https://ift.tt/x4CAlRX

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents. In all, <a href="https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents">multiple</a> researchers <a href="https://opensourcemalware.com/blog/miasma-reaches-azure">said</a>, 73 packages were flagged as malicious when automated systems on GitHub blocked them on the platform. Rather than noting they are malicious—and that developers who used AI agents to work with them should assume their systems are compromised—the Microsoft-owned GitHub said it disabled the packages “due to a violation of GitHub's terms of service.” The text went on to encourage the package owner to contact GitHub. <h2>Devs: Assume compromise and proceed accordingly</h2> It wasn’t until Monday that Microsoft even raised the possibility the packages were infected. In an email, the company stated: “We have temporarily removed some repositories as we investigate potential malicious content.”<a href="https://arstechnica.com/security/2026/06/for-the-2nd-time-in-weeks-microsoft-packages-laced-with-credential-stealer/">Read full article</a> <a href="https://arstechnica.com/security/2026/06/for-the-2nd-time-in-weeks-microsoft-packages-laced-with-credential-stealer/#comments">Comments</a> Reference : https://ift.tt/oDiTSer

Friday, June 5, 2026

How a USB-connected speaker can infect a PC without ever being touched

Operating system makers take many steps to prevent their wares from accepting commands from remote devices. The safeguards, designed to thwart malicious attacks, typically require hackers to jump through all kinds of hoops to bypass the measures. But what if remote code execution were as simple as being within Bluetooth range of a speaker connected to the targeted device? It turns out it can, at least when the speaker is a <a href="https://www.amazon.com/Creative-Blaster-Katana-Theater-System/dp/B0BBVM8T1K?th=1">Sound Blaster Katana V2X</a> sold by Singapore-based Creative Technologies. The speaker, which sells for $283, is widely acclaimed with <a href="https://gamingtrend.com/reviews/creative-labs-sound-blaster-katana-v2-review-you-guys-made-me-recommend-a-sound-bar/" target="_blank" rel="noopener noreferrer">numerous</a> reviews <a href="https://techjioblog.com/2022/11/10/review-creative-sound-blaster-katana-v2x/" target="_blank" rel="noopener noreferrer">showering</a> praise <a href="https://www.mmorpg.com/hardware-reviews/creative-sound-blaster-katana-v2x-review-lower-powered-audio-powerhouse-2000126769" target="_blank" rel="noopener noreferrer">on</a> the <a href="https://www.reddit.com/r/SoundBlasterOfficial/comments/1guxjbr/1_year_ownership_review_of_katana_v2x/" target="_blank" rel="noopener noreferrer">sound</a> and <a href="https://www.androidcentral.com/accessories/audio/creative-sound-blaster-katana-v2x-review" target="_blank" rel="noopener noreferrer">performance</a> of it and its predecessor, the Sound Blaster V2. <h2>A PC-pwning proxy</h2> Researcher Rasmus Moorats stumbled on the hack by accident, after he purchased a Katana V2X, a soundbar that connects to PCs, Macs, and Linux devices over USB or Bluetooth. Moorats was curious if he could create a Linux tool that communicated with his speaker. He discovered he could do so through CTP, a proprietary mechanism he guesses is short for Creative Transport Protocol.<a href="https://arstechnica.com/security/2026/06/highly-reviewed-speaker-can-be-hacked-over-the-air-to-infect-connected-devices/">Read full article</a> <a href="https://arstechnica.com/security/2026/06/highly-reviewed-speaker-can-be-hacked-over-the-air-to-infect-connected-devices/#comments">Comments</a> Reference : https://ift.tt/nTfmoQF

50 Years of The Institute

<img src="https://spectrum.ieee.org/media-library/portrait-of-a-smiling-white-woman-with-curly-hair.jpg?id=66860120&width=1245&height=700&coordinates=0%2C187%2C0%2C188"/> <a href="https://spectrum.ieee.org/the-institute/" target="_self">The Institute</a> is celebrating its 50th anniversary this year. Launched in 1976, the publication was designed to keep members informed about IEEE and what its constituents were doing, as well as to report on the organization’s initiatives, <a href="https://spectrum.ieee.org/collections/world-standards-day/" target="_self">technical standards</a>, products, and services.That directive expanded over the years to include our reporting on key historical technical achievements recognized as <a href="https://spectrum.ieee.org/tag/ieee-history" target="_blank">IEEE Milestones</a> and support for <a href="https://spectrum.ieee.org/collections/celebrating-young-professionals-and-students/" target="_self">young professionals</a> with <a href="https://spectrum.ieee.org/collections/tips-on-how-to-elevate-your-career/" target="_self">career-guidance</a> articles and information about <a href="https://spectrum.ieee.org/ieee-professional-development-suite" target="_self">educational resources</a>.The Institute has gone through many iterations in the past 50 years. What began as a monthly four-page insert in the print edition of <a data-linked-post="2650270368" href="https://spectrum.ieee.org/how-ieee-spectrum-was-born" target="_blank">IEEE Spectrum</a> became a separate newspaper published six times a year and mailed along with Spectrum in 1977, and then a monthly publication the following year.Today we publish all of The Institute’s articles online, with a curated selection appearing in our 16-page quarterly printed in the March, June, September, and December Spectrum issues.To provide members with a quick summary of the latest online news, in 2003 a bimonthly newsletter, The Institute Alert, began appearing in your inbox. You also can stay up to date by following our <a href="https://www.facebook.com/IEEETheInstitute" rel="noopener noreferrer" target="_blank">Facebook</a>, <a href="https://www.instagram.com/ieeetheinstitute/" rel="noopener noreferrer" target="_blank">Instagram</a>, and <a href="https://www.linkedin.com/in/ieeetheinstitute/" rel="noopener noreferrer" target="_blank">LinkedIn</a> pages.Although much has changed, an original subsection from 1976—“IEEE People”—has been maintained for the past five decades. We continue to celebrate IEEE members from around the world through our profiles, which are among our most popular articles.As the longest-serving editor in chief for The Institute, it is a privilege for me and my staff to chronicle the stories of remarkable IEEE individuals. They are often-unseen visionaries and problem-solvers who work tirelessly behind the scenes on technologies that are reshaping the world. By highlighting their careers and how IEEE has played a role in their professional growth, we hope to inspire the next generation of engineers and technologists to continue a legacy of innovation and service to humanity. Reference: https://ift.tt/46n9YZh

Thursday, June 4, 2026

Dashlane explains how attackers managed to download encrypted password vaults

Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to recover as many encrypted password vaults as possible. The password manager provider said fewer than 20 personal user vaults were downloaded before it shut down the operation. In a campaign that started Sunday, the unknown threat actor abused the mechanism that allows Dashlane users to add new devices, such as computers or phones, to their accounts. By abusing Dashlane's programming interfaces for device enrollment, the attackers sent requests to large numbers of existing users’ registered email addresses. In an <a href="https://support.dashlane.com/hc/en-us/articles/36038764990866-Security-advisory-Brute-force-attack-on-Dashlane-user-accounts#update-jun-4">update</a> published Thursday, Dashlane wrote: <blockquote>The threat actor targeted the API endpoints for device registration and used a brute force attack to send a large volume of automated requests to those endpoints. In response, Dashlane’s automated security systems operated as intended, triggering an automatic lockout of the targeted accounts to protect those users. Before the attack was fully mitigated, the threat actor was able to brute force and generate valid tokens for fewer than 20 personal plan customers, allowing them to register a new device on those accounts and download copies of users’ encrypted vaults.</blockquote> <h2>The flow and strategy of the attack</h2> When a user installs the Dashlane app on a new device and attempts to enroll it in their existing account, Dashlane first verifies the account holder's identity. This verification is completed by sending a one-time six-digit token to the user’s registered email address (or, for users who have enabled two-factor authentication, by validating a six-digit code generated by their authentication app).<a href="https://arstechnica.com/security/2026/06/dashlane-explains-how-attackers-managed-to-download-encrypted-password-vaults/">Read full article</a> <a href="https://arstechnica.com/security/2026/06/dashlane-explains-how-attackers-managed-to-download-encrypted-password-vaults/#comments">Comments</a> Reference : https://ift.tt/ReAbX54