samleecole shares a report from 404 Media: An app developer has jailbroken Echelon exercise bikes to restore functionality that the company put behind a paywall last month, but copyright laws prevent him from being allowed to legally release it. Last month, Peloton competitor Echelon pushed a firmware update to its exercise equipment that forces its machines to connect to the company's servers in order to work properly. Echelon was popular in part because it was possible to connect Echelon bikes, treadmills, and rowing machines to free or cheap third-party apps and collect information like pedaling power, distance traveled, and other basic functionality that one might want from a piece of exercise equipment. With the new firmware update, the machines work only with constant internet access and getting anything beyond extremely basic functionality requires an Echelon subscription, which can cost hundreds of dollars a year.

App engineer Ricky Witherspoon, who makes an app called SyncSpin that used to work with Echelon bikes, told 404 Media that he successfully restored offline functionality to Echelon equipment and won the Fulu Foundation bounty. But he and the foundation said that he cannot open source or release it because doing so would run afoul of Section 1201 of the Digital Millennium Copyright Act, the wide-ranging copyright law that in part governs reverse engineering. There are various exemptions to Section 1201, but most of them allow for jailbreaks like the one Witherspoon developed to only be used for personal use. [...] "I don't feel like going down a legal rabbit hole, so for now it's just about spreading awareness that this is possible, and that there's another example of egregious behavior from a company like this [...] if one day releasing this was made legal, I would absolutely open source this. I can legally talk about how I did this to a certain degree, and if someone else wants to do this, they can open source it if they want to."

A widely used Node.js utility called fast-glob, relied on by thousands of projectsâ"including over 30 U.S. Department of Defense systems -- is maintained solely by a Russian developer linked to Yandex. While there's no evidence of malicious activity, cybersecurity experts warn that the lack of oversight in such critical open-source projects leaves them vulnerable to potential exploitation by state-backed actors. The Register reports: US cybersecurity firm Hunted Labs reported the revelations on Wednesday. The utility in question is fast-glob, which is used to find files and folders that match specific patterns. Its maintainer goes by the handle "mrmlnc", and the Github profile associated with that handle identifies its owner as a Yandex developer named Denis Malinochkin living in a suburb of Moscow. A website associated with that handle also identifies its owner as the same person, as Hunted Labs pointed out.

Hunted Labs told us that it didn't speak to Malinochkin prior to publication of its report today, and that it found no ties between him and any threat actor. According to Hunted Labs, fast-glob is downloaded more than 79 million times a week and is currently used by more than 5,000 public projects in addition to the DoD systems and Node.js container images that include it. That's not to mention private projects that might use it, meaning that the actual number of at-risk projects could be far greater.

While fast-glob has no known CVEs, the utility has deep access to systems that use it, potentially giving Russia a number of attack vectors to exploit. Fast-glob could attack filesystems directly to expose and steal info, launch a DoS or glob-injection attack, include a kill switch to stop downstream software from functioning properly, or inject additional malware, a list Hunted Labs said is hardly exhaustive. [...] Hunted Labs cofounder Haden Smith told The Register that the ties are cause for concern. "Every piece of code written by Russians isn't automatically suspect, but popular packages with no external oversight are ripe for the taking by state or state-backed actors looking to further their aims," Smith told us in an email. "As a whole, the open source community should be paying more attention to this risk and mitigating it." [...]

Hunted Labs said that the simplest solution for the thousands of projects using fast-glob would be for Malinochkin to add additional maintainers and enhance project oversight, as the only other alternative would be for anyone using it to find a suitable replacement. "Open source software doesn't need a CVE to be dangerous," Hunted Labs said of the matter. "It only needs access, obscurity, and complacency," something we've noted before is an ongoing problem for open source projects. This serves as another powerful reminder that knowing who writes your code is just as critical as understanding what the code does," Hunted Labs concluded.

Canada's tech job market has collapsed from its pandemic-era boom, with postings down 19% from 2020 levels. Analysts say the decline was sharper than the overall job market and worsened after ChatGPT's debut in 2022 fueled AI-driven shifts in workforce demand. The Canadian Press reports: "The Canadian tech world remains stuck in a hiring freeze," said Brendon Bernard, Indeed's senior economist. "While both the tech job market and the overall job market have definitely cooled off from their 2022 peaks, the cool off has been much sharper in tech." He thinks the fall was likely caused by the market adjusting after a pandemic boom in hiring along with recent artificial intelligence advances that have reduced tech firms' interest in expanding their workforces.

"We went from this really hot job market with job postings through the roof to one where job postings really crashed, falling well below their pre-pandemic levels," Bernard said. However, he sees AI's recent boom as a "watershed moment." While much of the decline in tech job postings has been in software engineer roles, Indeed found hiring for AI-related jobs was still up compared to early 2020. In fact, machine learning engineers and roles that support AI infrastructure, such as data engineers and data centre technicians, were among the job titles with postings still above early-2020 levels.

At the same time, Indeed saw postings for senior and manager-level tech jobs drop sharply from their 2022 peak, but as of early 2025, they were still up five per cent from their pre-pandemic levels. Meanwhile, basic and junior tech titles were down 25 per cent. When it compared Canada's overall decline in tech job postings, Indeed found the country's decrease from pre-pandemic levels was somewhat milder than the retrenchment it has observed in the U.S., U.K., France and Germany. The U.S. fall amounted to 34 per cent, while in the U.K. it was 41 per cent. France saw a 38 per cent drop and Germany experienced a 29 per cent decrease. "All this just highlights is that this tech hiring freeze is a global tech hiring freeze," Bernard said.

BrianFagioli shares a report from NERDS.xyz: Hosting.com has acquired Rocket.net, bringing the fast-growing managed WordPress hosting company under its corporate umbrella. The move gives hosting.com a proven SaaS platform and a strong brand in WordPress hosting, while Rocket.net gains the capital and global reach of a much larger player. Financial details of the deal were not disclosed.

Rocket.net will continue to operate under its own name, but it is now part of hosting.com's family of brands. As part of the deal, Rocket.net founder and CEO Ben Gabler has been appointed Chief Product Officer at hosting.com, where he will lead product and software engineering across the entire company. [...] For hosting.com, the acquisition strengthens its ability to serve a wider range of customers. The company, founded in 2019, already operates more than 20 data centers, powers over 3 million websites, and serves 600,000 customers worldwide with a team of 900 employees.

The Rocket.net platform will now be rolled out across hosting.com's global footprint, including the USA, UK, Germany, and Singapore, as well as new regions such as Mexico, the UAE, and Australia. Both companies stress that their commitment to WordPress and open source will remain intact. Hosting.com already sponsors global WordCamps and encourages employees to contribute to the WordPress project, while Rocket.net has long positioned itself as a champion of the open web.

According to The Information, Apple executives have debated acquiring Mistral AI and Perplexity to strengthen its AI capabilities. MacRumors reports: Services chief Eddy Cue is apparently the most vocal advocate of a deal to buy AI firms to bolster the company's offerings. Cue previously supported propositions of Apple acquiring Netflix and Tesla, both of which Apple CEO Tim Cook turned down. Other executives such as software chief Craig Federighi have reportedly been reluctant to acquire AI startups, believing that Apple can build its own AI technology in-house. [...]

Apple is said to be hesitant to do a deal, which would likely cost billions of dollars. Apple has rarely spent more than a hundred million dollars on an acquisition, with Beats at $3 billion and Intel's wireless modem business at $1 billion. If a federal ruling ends the $20 billion deal between Apple and Alphabet that makes Google the default search engine on its devices, the company could be compelled to acquire an AI-powered search startup to fill that gap. For now, Apple apparently told bankers that it plans to continue with its strategy of focusing on smaller deals in AI.

The Document Foundation, which operates the popular open source productivity suite LibreOffice, is positioning the suite's newest release, v25.8, as a strategic asset for digital sovereignty, targeting governments and enterprises seeking independence from foreign software vendors and cloud infrastructure.

The Document Foundation released the update last week with zero telemetry architecture, full offline capability, and OpenPGP encryption for documents, directly addressing national security concerns about extraterritorial surveillance and software backdoors. The suite requires no internet access for any features and maintains complete transparency through open source code that governments can audit. Government bodies in Germany, Denmark, and France, alongside national ministries in Italy and Brazil, have deployed LibreOffice to meet GDPR compliance, national procurement laws, and IT localization mandates while eliminating unpredictable licensing costs from proprietary vendors.

"It's time to own your documents, own your infrastructure, and own your future," the foundation wrote in a blog post.

Entry-level workers in AI-exposed occupations have seen employment drop 13% since late 2022, according to Stanford University research analyzing millions of payroll records. The decline affects software developers, customer service representatives, and administrative assistants aged 22 to 25, while employment for older workers in the same roles continued growing.

The study [PDF], based on ADP payroll data covering tens of thousands of firms, found the steepest drops in occupations where AI automates tasks rather than augments human capabilities. Among software developers aged 22-25, employment fell nearly 20% from its late 2022 peak.

Workers in less AI-exposed fields like nursing saw employment growth across all age groups. The research controlled for firm-level effects and other economic factors, isolating AI's impact from broader trends like interest rate changes and pandemic-era hiring patterns.

Mark Tyson writes via Tom's Hardware: On this day 34 years ago, an unknown computer science student from Finland announced that a new free operating system project was "starting to get ready." Linus Benedict Torvalds elaborated by explaining that the OS was "just a hobby, [it] won't be big and professional like GNU." Of course, this was the first public outing for the colossal collaborative project that is now known as Linux. Above, you can see Torvalds' first posting regarding Linux to the comp.os.minix newsgroup. The now famously caustic, cantankerous, curmudgeon seemed relatively mild, meek, and malleable in this historic Linux milestone posting.

Torvalds asked the Minix community about their thoughts on a free new OS being prepared for Intel 386 and 486 clones. He explained that he'd been brewing the project since April (a few months prior), and asked for direction. Specifically, he sought input about other Minix users' likes and dislikes of that OS, in order to differentiate Linux. The now renowned developer then provided a rough summary of the development so far. Some features of Linux that Torvalds thought were important, or that he was particularly proud of, were then highlighted in the newsgroup posting. For example, the Linux chief mentioned his OS's multithreaded file system, and its absence of any Minix code. However, he humbly admitted the code as it stood was Intel x86 specific, and thus "is not portable."

Last but not least, Torvalds let it be known that version 0.01 of this free OS would be out in the coming month (September 1991). It was indeed released on September 17, 1991, but someone else decided on the OS name at the last minute. Apparently, Torvalds didn't want to release his new OS under the name of Linux, as it would be too egotistical, too self-aggrandizing. He preferred Freax, a portmanteau word formed from Free-and-X. However, one of Torvald's colleagues, who was the administrator for the project's FTP server, did not think that 'Freax' was an appealing name for the OS. So this co-worker went ahead and uploaded the OS as 'Linux' on that date in September, without asking Torvalds.

Nvidia has launched its Jetson AGX Thor robotics chip module, a $3,499 "robot brain" developer kit that starts shipping next month. CNBC reports: After a company uses the developer kit to prototype their robot, Nvidia will sell Thor T5000 modules that can be installed in production-ready robots. If a company needs more than 1,000 Thor chips, Nvidia will charge $2,999 per module. CEO Jensen Huang has said robotics is the company's largest growth opportunity outside of artificial intelligence, which has led to Nvidia's overall sales more than tripling in the past two years. "We do not build robots, we do not build cars, but we enable the whole industry with our infrastructure computers and the associated software," said Deepu Talla, Nvidia's vice president of robotics and edge AI, on a call with reporters Friday.

The Jetson Thor chips are based on a Blackwell graphics processor, which is Nvidia's current generation of technology used in its AI chips, as well as its chips for computer games. Nvidia said that its Jetson Thor chips are 7.5 times faster than its previous generation. That allows them to run generative AI models, including large language models and visual models that can interpret the world around them, which is essential for humanoid robots, Nvidia said. The Jetson Thor chips are equipped with 128GB of memory, which is essential for big AI models. [...] The company said its Jetson Thor chips can be used for self-driving cars as well, especially from Chinese brands. Nvidia calls its car chips Drive AGX, and while they are similar to its robotics chips, they run an operating system called Drive OS that's been tuned for automotive purposes.

More than 30,000 Python developers from around the world answered questions for the Python Software Foundation's annual survey — and PSF Fellow Michael Kennedy tells the Python community what they've learned in a new blog post. Some highlights: Most still use older Python versions despite benefits of newer releases... Many of us (15%) are running on the very latest released version of Python, but more likely than not, we're using a version a year old or older (83%). [Although less than 1% are using "Python 3.5 or lower".] The survey also indicates that many of us are using Docker and containers to execute our code, which makes this 83% or higher number even more surprising... You simply choose a newer runtime, and your code runs faster. CPython has been extremely good at backward compatibility. There's rarely significant effort involved in upgrading... [He calculates some cloud users are paying up to $420,000 and $5.6M more in compute costs.] If your company realizes you are burning an extra $0.4M-$5M a year because you haven't gotten around to spending the day it takes to upgrade, that'll be a tough conversation...

Rust is how we speed up Python now... The Python Language Summit of 2025 revealed that "Somewhere between one-quarter and one-third of all native code being uploaded to PyPI for new projects uses Rust", indicating that "people are choosing to start new projects using Rust". Looking into the survey results, we see that Rust usage grew from 27% to 33% for binary extensions to Python packages... [The blog post later advises Python developers to learn to read basic Rust, "not to replace Python, but to complement it," since Rust "is becoming increasingly important in the most significant portions of the Python ecosystem."]

PostgreSQL is the king of Python databases, and only it's growing, going from 43% to 49%. That's +14% year over year, which is remarkable for a 28-year-old open-source project... [E]very single database in the top six grew in usage year over year. This is likely another indicator that web development itself is growing again, as discussed above...

[N]early half of the respondents (49%) plan to try AI coding agents in the coming year. Program managers at major tech companies have stated that they almost cannot hire developers who don't embrace agentic AI. The productive delta between those using it and those who avoid it is simply too great (estimated at about 30% greater productivity with AI).
It's their eighth annual survey (conducted in collaboration with JetBrains last October and November). But even though Python is 34 years old, it's still evolving. "In just the past few months, we have seen two new high-performance typing tools released," notes the blog post. (The ty and Pyrefly typecheckers — both written in Rust.) And Python 3.14 will be the first version of Python to completely support free-threaded Python... Just last week, the steering council and core developers officially accepted this as a permanent part of the language and runtime... Developers and data scientists will have to think more carefully about threaded code with locks, race conditions, and the performance benefits that come with it. Package maintainers, especially those with native code extensions, may have to rewrite some of their code to support free-threaded Python so they themselves do not enter race conditions and deadlocks.

There is a massive upside to this as well. I'm currently writing this on the cheapest Apple Mac Mini M4. This computer comes with 10 CPU cores. That means until this change manifests in Python, the maximum performance I can get out of a single Python process is 10% of what my machine is actually capable of. Once free-threaded Python is fully part of the ecosystem, I should get much closer to maximum capacity with a standard Python program using threading and the async and await keywords.
Some other notable findings from the survey:

• Data science is now over half of all Python. This year, 51% of all surveyed Python developers are involved in data exploration and processing, with pandas and NumPy being the tools most commonly used for this.

• Exactly 50% of respondents have less than two years of professional coding experience! And 39% have less than two years of experience with Python (even in hobbyist or educational settings)...

• "The survey tells us that one-third of devs contributed to open source. This manifests primarily as code and documentation/tutorial additions."

The Hill reports: Russian state-sponsored hackers have targeted thousands of networking devices associated with U.S. critical infrastructure sectors over the past year, the FBI warned Wednesday. The cyber actors are associated with the Russian Federal Security Service's (FSB) Center 16 and have taken aim at a vulnerability in certain Cisco devices, according to an agency public service announcement.

In some cases, hackers have been able to modify configuration files to enable unauthorized access, which they have used to conduct reconnaissance on networks. This has "revealed their interest in protocols and applications commonly associated with industrial control systems," the FBI said.

Cisco's threat intelligence research arm, Talos, explained in a separate advisory that a subcluster of this group, which it has named "Static Tundra," is targeting a seven-year-old vulnerability in the company's Smart Install feature. The firm has offered a patch for the vulnerability, but it remains a problem in unpatched and end-of-life network devices, it warned.
"Once they establish initial access to a network device, Static Tundra will pivot further into the target environment, compromising additional network devices and establishing channels for long-term persistence and information gathering," warns the Talos blog. "This is demonstrated by the group's ability to maintain access in target environments for multiple years without being detected."

In a statement emailed to The Register, a Cisco spokesperson "said the company is aware of ongoing exploitation targeting this flaw." "We strongly urge customers to immediately upgrade to fixed software versions as outlined in the security advisory and follow our published security best practices," the spokesperson said, directing customers to the FBI's announcement and Cisco Talos blog for additional details.

The ongoing campaign targets telecommunications, higher education, and manufacturing organizations across North America, Asia, Africa, and Europe, "with victims selected based on their strategic interest to the Russian government," according to Talos researchers Sara McBroom and Brandon White. "We assess that the purpose of this campaign is to compromise and extract device configuration information en masse, which can later be leveraged as needed based on then-current strategic goals and interests of the Russian government," McBroom and White wrote.

And while both security alerts focus on the FSB's latest round of network intrusions, "many other state-sponsored actors also covet the access these devices afford," the Talos team warned. "Organizations should be aware that other advanced persistent threats (APTs) are likely prioritizing carrying out similar operations as well."
Some context from Hot Hardware: Cisco indicated in its advisory that "Only Smart Install client switches are affected by the vulnerability". The list of affected devices is in Table A-1 here. For a successful attack, hackers exploit a vulnerability tracked as CVE-2018-0171. This was a vulnerability that was patched way back in 2018.

Last weekend New Zealand experienced an hour-long air traffic control failure that disrupted flights, leaving five plans circling and four others unable to take off, according to Radio New Zealand.

The country's sole air traffic service provider, Airways, now says it was caused by a software glitch when flight data was unable to be transferred between systems: [Airways chief executive James Young told Morning Report] "We noticed that was not occurring as it should and as a result of that our air traffic controllers took measures to manage traffic, either by holding on the ground or in an air hold." Airways operated a modern air traffic control system that involved back up systems but Young said they were not instantaneous and it took time to validate flight information data.

"At no point did we lose control of all aircraft. We were able to communicate with all aircraft and we had line of sight of all aircraft," Young said. He said flights in the New Zealand air space were held, put into a hold with two eventually continuing on and three returning to origin... "What we couldn't do was process any changes to the flight path during the period of the outage, which lasted for about one hour."
Thanks to Slashdot reader twosat for sharing the news.

The Free Software Foundation announced a special photography contest honoring its 40th anniversary: The technology we use every day has changed dramatically since our founding nearly forty years ago, including the way we interact with it... We're incredibly grateful for the countless hours that developers and users have put into the free software programs that exist today. Without all the people who cared enough to make and use software that respects the four freedoms four decades or even a year ago, we wouldn't have much to celebrate.

We want to honor the hard work that has gone into free software and its development with the FSF40 Photo Contest. Starting on August 14, 2025, we're inviting free software supporters worldwide to share how they use free software on a daily basis. While we can think of hundreds of ways that free software can be used, there's almost certainly many of you who have thought of much more creative ways to involve libre software every day!

Shortly after the photo contest closes on August 31, 2025, we will invite you and other free software supporters to vote for your favorite of the #FSF40Photos... We will be displaying the winning photos at our fortieth [anniversary] celebration in Boston, MA on October 4, 2025 — we hope you get to see them on a big screen with us!
Earlier this month the FSF also shared 40 links from around the FSF and GNU sites "that give a sense of what we've been doing all this time as we work for your freedom." (For example, 2007's announcement of the GNU General Public License, version 3.)

"Some joyless ne'er-do-well has loosed a botnet on the community-driven Arch Linux distro," reports the Register, with a distributed denial of service (DDoS) attack that apparently started a week ago.

Arch maintainer Cristian Heusel announced Thursday on the project's web site that the attack "primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums." We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards... As a volunteer-driven project, we appreciate the community's patience as our DevOps team works to resolve these issues.
A status update Friday acknowledged "we are suffering from partial outages." The Register reports: The attack comes as the project has been enjoying a boost in mainstream success. The distro was picked by Valve to underpin the SteamOS software running on its Steam Deck handheld gaming gadget, with the company providing the project with funding for further development. Late last year, a new version of the archinstall tool was released, with a view to making the system more friendly to newcomers...

For now, the Arch team is working to mitigate the attack's impact, which highlights a bootstrapping issue. Tools designed to shift traffic to mirrors in the event the main infrastructure is unavailable rely on a mirror list obtained from that same main infrastructure, with Heusel advising that users should "default to the mirrors listed in the pacman-mirrorlist package" if tools like reflector fail. Installation media can be downloaded from a range of mirrors, too, but should be checked against the project's official signing key before being trusted.

BrianFagioli shares a report from NERDS.xyz: LibreOffice 25.8 has landed, and while it packs in new features and speed improvements, the biggest headline is who just got left behind. If you are still running Windows 7 or Windows 8/8.1, this is the end of the road. LibreOffice will not run on those systems anymore, and there are no workarounds. The suite has slammed the door shut.

For years, LibreOffice kept older Windows users afloat while Microsoft and other developers moved on. That lifeline is gone. Anyone stubbornly clinging to Windows 7 or 8 now has two choices: upgrade or stay stuck on outdated software. LibreOffice has made it clear that it will not carry dead platforms any further. And the cuts do not stop there. 32-bit Windows builds are on their way out, with deprecation already in place. On the Mac side, 25.8 is the last release that runs on macOS 10.15. Starting with LibreOffice 26.2, only macOS 11 and newer will be supported. In other words, if your computer is too old to run modern systems, LibreOffice is walking away.

Google has released (PDF) a new analysis of its AI's environmental impact, showing that it has cut the energy use of AI text queries by a factor of 33 over the past year. Each prompt now consumes about 0.24 watt-hours -- the equivalent of watching nine seconds of TV. An anonymous reader shares an excerpt from an Ars Technica article: "We estimate the median Gemini Apps text prompt uses 0.24 watt-hours of energy, emits 0.03 grams of carbon dioxide equivalent (gCO2e), and consumes 0.26 milliliters (or about five drops) of water," they conclude. To put that in context, they estimate that the energy use is similar to about nine seconds of TV viewing. The bad news is that the volume of requests is undoubtedly very high. The company has chosen to execute an AI operation with every single search request, a compute demand that simply didn't exist a couple of years ago. So, while the individual impact is small, the cumulative cost is likely to be considerable.

The good news? Just a year ago, it would have been far, far worse. Some of this is just down to circumstances. With the boom in solar power in the US and elsewhere, it has gotten easier for Google to arrange for renewable power. As a result, the carbon emissions per unit of energy consumed saw a 1.4x reduction over the past year. But the biggest wins have been on the software side, where different approaches have led to a 33x reduction in energy consumed per prompt.

The Google team describes a number of optimizations the company has made that contribute to this. One is an approach termed Mixture-of-Experts, which involves figuring out how to only activate the portion of an AI model needed to handle specific requests, which can drop computational needs by a factor of 10 to 100. They've developed a number of compact versions of their main model, which also reduce the computational load. Data center management also plays a role, as the company can make sure that any active hardware is fully utilized, while allowing the rest to stay in a low-power state.

The other thing is that Google designs its own custom AI accelerators, and it architects the software that runs on them, allowing it to optimize both sides of the hardware/software divide to operate well with each other. That's especially critical given that activity on the AI accelerators accounts for over half of the total energy use of a query. Google also has lots of experience running efficient data centers that carries over to the experience with AI. The result of all this is that it estimates that the energy consumption of a typical text query has gone down by 33x in the last year alone.

An anonymous reader quotes a report from The Register: Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month's SharePoint zero-day attacks, which appear to be related to a leak in Redmond's early-bug-notification program. The software behemoth gives some software vendors early bug disclosures under its Microsoft Active Protections Program (MAPP), which typically delivers info two weeks before Patch Tuesday. MAPP participants sign a non-disclosure agreement, and in exchange get vulnerability details so that they can provide updated protections to customers more quickly.

According to Microsoft spokesperson David Cuddy, who spoke with Bloomberg about changes to the program, MAPP has begun limiting access to companies in "countries where they're required to report vulnerabilities to their governments," including China. Companies in these countries will no longer receive "proof of concept" exploit code, but instead will see "a more general written description" that Microsoft sends at the same time as patches, Cuddy told the news outlet. "A leak happened here somewhere," Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register in July. "And now you've got a zero-day exploit in the wild, and worse than that, you've got a zero-day exploit in the wild that bypasses the patch, which came out the next day."

Childs said the MAPP change "is a positive change, if a bit late. Anything Microsoft can do to help prevent leaks while still offering MAPP guidance is welcome."

"In the past, MAPP leaks were associated with companies out of China, so restricting information from flowing to these companies should help," Childs said. "The MAPP program remains a valuable resource for network defenders. Hopefully, Microsoft can squelch the leaks while sending out the needed information to companies that have proven their ability (and desire) to protect end users."

Starting September 1st, Russia will require all smartphones and tablets sold in the country to come with MAX, a state-backed messaging app seen as a rival to WhatsApp and Telegram. Critics say the app could be used to track users. Reuters reports: The Russian government said in a statement that MAX, which will be integrated with government services, would be on a list of mandatory pre-installed apps on all "gadgets," including mobile phones and tablets, sold in Russia from September 1. State media says accusations from Kremlin critics that MAX is a spying app are false and that it has fewer permissions to access user data than rivals WhatsApp and Telegram. It will also be mandatory that from September 1, Russia's domestic app store, RuStore, which is pre-installed on all Android devices, will be pre-installed on Apple devices.

A Russian-language TV app called LIME HD TV, which allows people to watch state TV channels for free, will be pre-installed on all smart TVs sold in Russia from January 1, the government added. [...] MAX said this week that 18 million users had downloaded its app, parts of which are still in a testing phase. Russia's interior ministry said on Wednesday that MAX was safer than foreign rivals, but that it had arrested a suspect in the first fraud case using the new messenger.

Cisco, the San Jose-based technology giant, has announced another round of layoffs affecting Bay Area workers, marking a familiar pattern of reporting skyrocketing revenue followed by drastic job cuts. From a report: According to Aug. 13 WARN filings with California's Employment Development Department, the company will eliminate 221 positions across its Milpitas and San Francisco offices.

WARN documents are generally required by the state in the event of mass layoffs. Employees were notified of the layoffs on Aug. 14 and their terminations will be effective Oct. 13. The most cuts, affecting 157 jobs, largely in software engineering roles, were at Cisco's Milpitas office at 560 McCarthy Blvd.

Cisco's San Francisco office at 500 Terry A. Francois Blvd. will cut 64 positions, according to the filing. The filings came the same day Cisco released its fourth-quarter earnings, which reported $14.7 billion in revenue, an 8% increase from the same quarter last year. Revenue for the 2025 fiscal year was $56.7 billion, up 5% from the previous year.

The era of software without embedded AI assistants is increasingly ending as Adobe launches Acrobat Studio, adding collaborative AI workspaces to the 32-year-old PDF format. The new platform allows users to upload multiple documents into "PDF spaces" where personalized chatbot assistants parse and answer questions about their contents.

Adobe began integrating generative AI into Acrobat last year and now positions this release as the format's biggest transformation since its 1993 debut. The shift arrives amid growing user fatigue with AI features proliferating across everyday applications -- a Pew Research Center report found US adults more concerned than excited about AI's impact on their lives. Adobe's move cements 2025 as the year generative AI became inescapable in essential software, fundamentally altering how users interact with documents that once replicated the familiarity of paper.