One of the world’s most active ransomware groups exploited a critical vulnerability in Oracle’s PeopleSoft software suite and used it to target about 100 customers and extort at least one of them to pay up in exchange for not leaking stolen data, researchers said.

The group, tracked as ShinyHunters, had been exploiting the PeopleSoft vulnerability for more than two weeks before Oracle flagged it. CVE-2026-35273, as the vulnerability is tracked, carries a severity rating of 9.8 out of 10, making the former zero-day one of the year’s most critical vulnerabilities to be exploited.

Google’s Mandiant security team said it’s an SSRF (server-side request forgery), a vulnerability that allows attackers to send requests from a susceptible server to systems used by the targeted organization. Oracle said the SSRF is remotely exploitable, and the company has issued a stopgap mitigation but has yet to fully patch the flaw. Google has confirmed that victims are receiving extortion demands.

Read full article

Comments

Title VII of the Foreign Intelligence Surveillance Act (FISA) is set to expire at midnight tonight after Congress failed to pass an extension of the controversial spying law. But that doesn't mean the government's spying powers will disappear.

Surveillance under Section 702 of FISA "operates under yearlong certifications approved by the FISA Court," the Brennan Center for Justice at New York University School of Law explained this week. The current certification will remain in place until March 2027 under the yearlong certification issued by the Foreign Intelligence Surveillance Court on March 17, 2026.

"In order to pressure members to accept a bill without meaningful reforms, surveillance hawks are claiming that Section 702 surveillance will 'go dark' on June 12 if Congress hasn’t renewed the law," the Brennan Center said. "Contrary to that claim, Congress planned for potential lapses and made very clear that Section 702 surveillance may continue under existing certifications even if the statute sunsets. Members must not be fearmongered into passing a reauthorization without protecting Americans from warrantless government access to their private communications."

Read full article

Comments

In November, Jeff Bezos announced that he would become co-CEO of a new startup called Prometheus. At the time, the startup said it would focus on "physical AI"—an increasingly common term for applying the same deep learning principles behind large language models or generative AI to things like robotics and manufacturing—but specifics were scarce. Now, with a major new round of funding, Bezos and co-founder Vik Bajaj have talked about it in slightly more detail.

The funding round is significant—$12 billion now, after an initial round of $6.2 billion last year, for a valuation of $41 billion. The funding comes from JPMorgan Chase, Goldman Sachs, BlackRock, and others, plus a sizable amount from Bezos' coffers. The startup currently employs 150 people.

Much of that funding will be put toward buying compute. "One of the reasons we’ve had to raise a significant amount of funding is because... what we’re doing is very compute-intensive and we need to create that data," Bezos told CNBC.

Read full article

Comments

Founded during the US Civil War to provide advice to the government, the National Academies of Science have become one of the most prestigious scientific organizations. Its primary function is to prepare comprehensive reports on scientific and technological issues, aided by its ability to attract top talent from across the country.

Those reports have not been afraid to weigh in on matters of public controversy and risk offending powerful groups, which it has managed to do without losing the respect of the governmental organizations that fund these reports. But this year, there have been increasing signs that the Academies' ability to dodge political firestorms has reached its limit. Yesterday, a deeply reported story from Politico explained the breakdown between the National Academies and Republican politicians.

The National Academies is preparing an expert report on attribution of weather events to human-driven climate change, and fossil fuel companies are worried it will lead to findings of liability in the many cases where those companies are being sued.

Read full article

Comments

Fully autonomous drones killed Russian soldiers during a battlefield test two years ago, according to a Ukrainian drone manufacturer. If true, the incident would represent another milestone in a war that has spurred unprecedented developments in military drones, robots, and AI-guided weaponry.

The one-time test was revealed by Alexander Kokhanovskyy, CEO of the Ukrainian drone maker Aero Center, during an interview with New Scientist at a press event hosted by the Ukrainian embassy in London. Kokhanovskyy described the test—which did not involve his current company Aero Center—using quadcopter drones that were preprogrammed to fly to a front-line area before activating an AI-powered “Terminator mode” that would seek out and attack any target in the given area.

There was apparently no video feed or anything else to show what the “Terminator” drones targeted and attacked. But Kokhanovskyy told New Scientist that human-piloted drones sent to check out the aftermath found “a couple” of dead Russian soldiers, which led to the conclusion that the fully autonomous drones had killed them.

Read full article

Comments

It's clear that communities now have an effective playbook to block data center construction. This week, researchers flagged the first quarter of 2026 as producing the "most blocked and delayed data center projects on record," NBC News reported.

Data Center Watch, a project from AI intelligence firm 10a Labs that tracks data center fights around the US, reported that protestors "blocked or delayed at least 75 projects nationwide worth about $130 billion from January through March," NBC News reported.

That's "the most in a three-month period since the group began tracking in 2023," and it shouldn't be parsed as "a cyclical spike," the researchers said. Instead, there's been a "structural shift," as "communities have internalized an opposition playbook, legislative sessions introduced formal regulatory uncertainty, and the number of active opposition groups more than doubled to 833 across 49 states," researchers said.

Read full article

Comments

If you hang out in any even vaguely AI-skeptical parts of the Internet, you've probably stumbled on plenty of memes and posts premised on data centers' insatiable thirst for water to power evaporative cooling. But a new report from Amazon highlights just how little water all these AI data centers are using in aggregate, on a relative basis, even as individual data centers can strain local water supplies.

In a Thursday blog post, Amazon claims its data centers withdrew "about 2.5 billion gallons" globally in 2025. That number sounds incredibly large at first glance, but it looks downright puny compared to the 117 trillion gallons of water withdrawn in the US alone in 2015. It's also useful to compare Amazon's number to stats from more water-intensive areas, from the 3.3 trillion gallons used annually on US lawns and landscaping to the 1.3 trillion gallons a year used in California almond orchards to the 531 billion gallons a year used just for US golf courses.

Amazon is just one company, of course, and a relative latecomer to reporting its data center water usage numbers. Google data centers withdrew about more than 6.1 billion gallons of water in 2024, on top of about 2.75 billion gallons from Microsoft and about 1.4 billion gallons from Meta in the same year.

Read full article

Comments

Google loves telling us all the ways people are using its generative AI products to build new things, grow businesses, and save the world. Supposedly. Of course, people are also using AI for crime. Google has announced a new legal salvo aimed at a Chinese group called Outsider Enterprise, which is allegedly responsible for a massive AI-powered scam campaign. Google says it's working with law enforcement and mobile carriers to fight back.

According to Google's legal filing, Outsider Enterprise operates through Telegram. The group offers phishing-as-a-service to individuals who may not be technically savvy enough to set up fraudulent websites and text campaigns on their own. In its Telegram channels, Outsider Enterprise reportedly provided instructions on how to use Google's Gemini AI to create websites that imitate those of Google, YouTube, and government agencies such as New York’s E-ZPass. The group offered nearly 300 scam templates.

Google says that scams enabled by Outsider Enterprise resulted in more than 2.5 million text messages being sent to Android users. About 55,000 of those messages happened in a two-week period last month. In all, Google has tracked 9,000 fake websites and 1 million URLs connected to the scam network.

Read full article

Comments

Anti-vaccine Health Secretary Robert F. Kennedy Jr. posted a long, enraged social media response to a New York Times article reporting that health department insiders think Kennedy is disengaged from the work of his sprawling agency. His response, however, seems to back the Times' claim.

The report, published Sunday, June 7, relied on accounts from a dozen people who have had direct contact with Kennedy during his time as health secretary. Collectively, the sources indicate that Kennedy has little interest in the details of the health department's work and little direct interaction with career staff. Kennedy misses critical, regularly scheduled meetings with agency leaders, is sometimes "checked out" in the meetings he attends, and has been out of the loop on key decisions, such as the firing of Tracy Beth Høeg, a political appointee elevated to top drug regulator at the Food and Drug Administration. In his stead, Kennedy often refers people to his protective, longtime assistant, Stefanie Spear, who colleagues say has slowed department operations and fueled some significant leadership departures.

On Wednesday night, Kennedy responded to the report with an 871-word diatribe on social media against the reporter, veteran journalist Sheryl Gay Stolberg, and the Times. His key argument was that much of the story could be refuted by a look at his jam-packed public calendar.

Read full article

Comments

One of motorsport's three biggest races takes place this weekend in France. It is the annual 24 Hours of Le Mans, an endurance race that, together with the Indianapolis 500 and the Monaco Grand Prix, make up the 'triple crown,' an unofficial achievement that only the late Graham Hill can claim to have won. This year, 62 different cars take the start, racing on a mix of permanent race track but also public roads that for the rest of the year are how locals get to the supermarket or the local McDos.

It's not the oldest race in the world, but it's up there—it was first held in 1923, and this year will be the 94th running. It was started as a way to give the automotive industry a grueling test for their new machinery and has remained the area of motorsport with the most road relevance. Disc brakes crossed over from aerospace to road cars at Le Mans, and better brakes continue to be tested there today, but it's also where companies like Porsche and Audi and Toyota proved new hybrid technology, brake-by-wire systems, direct-injection engines, and advanced headlights, to name but a few.

This year, the 62 cars are split across three different classes, each crewed by three drivers who take shifts at the wheel. Some of the drivers are pros—among the world's very best. But plenty are amateurs; in the past, lots of dentists, oddly enough. But with the cost of racing these days, it's the tech bros. The Ruby on Rails creator, the co-founder of GitHub, and the co-founder of Crowdstrike are all racing in the LMP2 class. And Valve's Gabe Newell owns the Aston Martin team that is competing in both Hypercar—with the outrageous-looking and -sounding Valkyrie—as well as in LMGT3, where his son Gray will be one of the drivers.

Read full article

Comments

Last year, a 24-year-old Canadian woman was in a mental health crisis and turned to ChatGPT for help. Hours later, that woman, Alice Carrier, took her own life.

According to a new lawsuit filed Thursday in San Francisco Superior Court and brought by Carrier’s surviving family, her ChatGPT session “encouraged Alice to kill herself.”

This lawsuit, like numerous other similar cases that have come before it, alleges a design defect with ChatGPT itself and blames OpenAI for knowingly deploying a dangerous product.

Read full article

Comments

At the 2026 World Cup, the refs on the field and the officials on the sidelines will be able to use an abundance of tech to help call penalties, spot offside violations, and make other consequential decisions.

The video assistant referee system, known as VAR, and the semi-automated offside technology (SAOT) have been used in soccer for years. But the setup at this summer's World Cup represents some of the most advanced uses of adjudication tech to date—not just in soccer, but across all high-level sports.

During each match, the pitch will be awash in sensors, cameras, and new computer vision software. One especially notable advancement this year is the use of digital twins. Every player in the World Cup has had their body scanned by a computer. The digital twin of any athlete—which precisely matches their height, limb length, and shoe size—can be dropped into a virtual simulation of the game to determine their exact position relative to the ball, boundary lines, and other players. Officials can use all of this data to help spot infractions, determine penalties, and smooth out the edges of the beautiful game.

Read full article

Comments

Nearly a month into the Ebola outbreak in the Democratic Republic of the Congo, cases continue to rise as officials are still trailing the virus in their response efforts.

As of Thursday, June 11, the DRC has reported 676 confirmed cases, 136 deaths, and 119 suspected cases. Uganda is reporting 19 confirmed cases and two deaths.

The outbreak, caused by the Bundibugyo strain of Ebolavirus, is already the third largest Ebola outbreak on record. But health experts fear that it could grow much larger and had been quietly spreading for months before the outbreak was declared on May 15.

Read full article

Comments

A decade after the global craze for Pokémon Go peaked, an AI company has been using billions of real-world images captured by millions of players to develop navigation technologies for delivery robots and possibly military drones. That represents an intriguing but potentially discomfiting legacy for an augmented reality mobile game that has incentivized gamers to capture short smartphone videos of physical neighborhoods and landmarks.

The AI company, Niantic Spatial, was spun out of Pokémon Go game developer Niantic in May 2025, after Niantic separately sold its licensed games such as Pokémon Go to the Saudi-backed video game publisher Scopely. But before that deal, Niantic publicly announced plans to use scans from millions of Pokémon Go players along with data captured by users of the company’s Scaniverse app to train and develop a “large geospatial model”—a 3D model of the physical world trained on the geolocated images provided by app users scanning real-world locations.

“Ground scans were one component to help train Niantic Spatial's real-world foundation models —AI systems that learn to recognize and interpret physical spaces,” a Niantic Spatial spokesperson told Ars. “The models are the product of that training, not a copy of or a means of accessing the underlying scans, which were of public points of interest such as statues and fountains.”

Read full article

Comments

Verizon sent one of its customers a "refurbished" phone equipped with a Mobile Device Management (MDM) profile that gave the company remote control over the device. The serious mistake raises questions about Verizon's process for preparing refurbished phones to be sent to customers.

Tom Collery, the unlucky Verizon customer, called Verizon in February after having network problems, including dropped calls. Verizon responded by sending him a replacement for his phone, a Samsung Galaxy Z Flip7. But instead of a brand-new device or a properly functioning refurbished one, Verizon sent Collery a device managed with the same kind of software used to monitor and control company-owned phones.

It turned out the device was a store demo unit that wasn't properly wiped before it was sent to Collery. He said he used the phone for a couple of weeks before all of his data was erased, seemingly due to a remote action that triggered a complete reset.

Read full article

Comments

Welcome to Edition 8.45 of the Rocket Report! Even though we are now two weeks removed from the catastrophic loss of the New Glenn rocket and its LC-36A launch pad, it continues to dominate discussion in the space community. This week, NASA said it nominally plans to fly Blue Origin's test lander on New Glenn for the Artemis III mission, but officials quietly acknowledged that other launch vehicles, including Vulcan and the Falcon Heavy, could also get the job done. We'll obviously be watching closely.

As always, we welcome reader submissions, and if you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.

Isar raises funding, announces new launch date. German launch startup Isar Aerospace announced this week that it had closed a 270 million euro Series D to "drive global scaling and ramp up serial production," European Spaceflight reports. The company also said the previously delayed second launch attempt of its Spectrum rocket would now take place sometime between June 15 and June 21.

Read full article

Comments