Windows

Microsoft Patches a Record 570 Security Flaws (krebsonsecurity.com) 10

An anonymous reader quotes a report from Krebs on Security: Microsoft today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence. Nearly 60 of the bugs quashed in July's Patch Tuesday earned a "critical" severity rating, meaning miscreants or malware could use them to seize remote control over a Windows device with little or no help from the user. Microsoft also addressed three zero-day flaws, including two that are already being exploited in the wild.

Two of the zero-day weaknesses allow an attacker to elevate their user rights on a Windows system, as do approximately 250 other elevation of privilege flaws fixed this month; they include CVE-2026-56155 - an Active Directory Federation Services bug -- and CVE-2026-56164, a Microsoft Sharepoint vulnerability. CVE-2026-50661 is a security feature bypass in Windows BitLocker that could allow attackers to gain access to encrypted data if they have physical access to the device. Microsoft said this bug has been detailed publicly, but that it is not aware of any active exploitation.

In a blog post on July 9, Microsoft Executive Vice President Pavan Davuluri wrote that Windows users will notice "a higher volume of security updates included in each security release" as a result of AI aiding in the discovery of vulnerabilities. "The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis," Davuluri wrote.

Security

Iran Abused Mobile Networks' Vulnerabilities To Locate US Military In Middle East (techcrunch.com) 71

An anonymous reader quotes a report from TechCrunch: The Iranian government abused well-known vulnerabilities in the global telecoms infrastructure to locate U.S. military personnel in the build-up to the Iran War, as well as in the early days of the conflict, according to Financial Times. The Iranian government exploited Signaling System 7, or SS7, a set of protocols for 2G and 3G networks that has long been the backbone of how cellular networks connect to each other to route subscribers' calls and texts around the world, the newspaper reported, citing research by the Mobile Surveillance Monitor, as well as anonymous government officials with knowledge of the spy campaign.

Intelligence agencies have long abused SS7 to track cellphones abroad, which is what happened in this campaign. Using this technique, Iran was reportedly able to locate U.S. military forces stationed in military bases as well as hotels in Iraq, Bahrain, and other countries in the Middle East, which allowed the regime to strike them. These attacks resulted in several injuries. Apart from SS7, Iran also abused advertising technology used to serve tailored ads to cellphone users, another well-known surveillance technique that relies on everyday technology.

Security

US Government Warns That Russia State Hackers Are Coming After Your Router (arstechnica.com) 73

CISA and allied governments are warning users to secure their routers as Russian state-backed hackers continue compromising the devices and turning them into proxy nodes to disguise attacks against critical infrastructure. The advisory urges users to disable outdated SNMP versions, use strong passwords, update firmware, and turn off unnecessary router services to reduce the risk of being swept into these botnets. Ars Technica reports: "Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks," the Cybersecurity and Infrastructure Security Agency said Monday. The hacking groups are tracked under various names, including Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra. The advisory was co-issued by governments from around the world, including Australia, Denmark, New Zealand, and the UK.

The primary means of compromise the agency warned about was hackers scanning IP ranges with active Simple Network Management Protocol (SNMP) agents that accept common or default authentication credentials. These scans are run by the very sorts of router botnets the actors are trying to enroll the targeted device in. By sending malicious traffic from spoofed addresses, the hackers can use the SNMP agent on poorly configured routers to run malware. SNMP allows users to collect and organize information about managed networking devices or to modify that information to change device behavior.

With control of a device, the hackers then use it as an exit node when probing or attacking targets in the communications, defense, energy, financial services, and government sectors. By funneling the malicious traffic through a benign-appearing device on a trustworthy IP address, the attackers are able to lower the chances of getting blocked by firewalls and other security defenses. Monday's advisory made no mention of identical operations carried out in recent years by China. So-called residential proxies are also a go-to tool used by financially motivated criminal hackers to obscure their true IP address. In many cases, these sorts of proxies are made up of millions of streaming devices that are sold with preloaded malware.

Stats

America May Soon Be Facing Largest Labor Shortage in Its History (msn.com) 242

America "is facing what's projected to become the largest labor shortage in its history," according to experts interviewed by the Washington Post: Economists warn that the worsening labor problem, due in part to a skills shortage and population shifts, will be vast and reach beyond tech. It "could hobble the American economy for years to come," predicts the Georgetown University Center on Education and the Workforce. Lightcast, a labor market data company, calls it "the largest labor shortage the country has ever seen." JPMorgan Chase warns of a national security risk from "a pervasive talent deficit that constrains the nation's capacity to build, compete, and protect its interests." There will be shortages in the tens or even hundreds of thousands of nurses, physicians, teachers, engineers, pharmacists, mental health counselors, construction worker and airplane mechanics — jobs AI generally can't do...

Among the trends that have been leading to this moment: a mismatch between the careers college graduates are pursuing and the jobs employers are struggling to fill. Far fewer students are majoring in health care fields than are needed to meet demand, for instance. "We have pumped so many young people into business and finance" when what's really in demand are graduates in other fields, [said Ron Hetrick, Lightcast's principal economist]. "It's like a factory producing these workers like widgets, even though society is saying, 'We really don't need them.' And the factory just keeps pumping them out." But the principal reason for the looming workforce shortages is much more basic. A protracted decline in birth rates is coinciding with a record wave of retirements, data shows.

From 2024 to 2032, when the last baby boomers sign up for Social Security payments, more than 18 million college-educated workers will leave the labor force while fewer than 14 million enter it, according to the Georgetown center. Meanwhile, even as the number of people with associate and bachelor's degrees falls, the number of jobs requiring them will grow, the center forecasts. That will leave a gap of 4.6 million workers. Lightcast puts the deficit at an even higher 6 million... The effect of population shifts on the supply of talent, with or without degrees, has been compounded by a drop in the proportion of high school graduates choosing to go to college, a sharply reduced rate of immigration, and a growing number of Americans leaving the workforce altogether because of such issues as lack of child care, early retirement, incarceration and substance addiction, according to the Chamber of Commerce.

Three interesting statistics from the article:
  • U.S. college/university enrollment in 2023 was down by nearly 2 million students since its peak in 2010, according to the most recent data from the U.S. Education Department.
  • America's low birth rate since 2010 "means the number of college-age Americans is forecast to decline by another 13 percent through 2041."
  • South Dakota has just 41 workers for every 100 open jobs... while California and nine other states have more workers than jobs, the Chamber of Commerce found.

AI

'Forget Coders. The Real AI Threat Is In the Back Office' (thestar.com.my) 74

Which jobs are most threatened by AI? "Programmers, software engineers and other tech industry employees," goes one common answer.

"But many economists are more concerned about a different, larger group of white-collar workers," reports the New York Times: customer service reps, bookkeepers, payroll clerks and HR specialists, "who fly under the radar but collectively account for tens of millions of jobs..." They are spread across the country and throughout the economy, working in every industry, in big cities and small towns, at major corporations and mom-and-pop businesses... These jobs typically offer a middle-class salary or a pathway to achieving one — much as manufacturing jobs did for men before decades of globalisation and automation wiped many of them away... For now, such an outcome is a fear, not a forecast. Despite high-profile layoffs in tech and finance, there is little firm evidence that AI has hurt the labour market as a whole.

Economists have become increasingly convinced that disruptions are likely, but they say it is too early to know where or how widespread they will be. They remain broadly sceptical of claims that the technology will lead to mass unemployment in the near future. Some AI industry leaders have walked back such predictions in recent weeks. But given the extraordinary pace at which companies are adopting AI — and at which the technology is improving — economists say policymakers need to consider the potential effects on the labour market. And they say they are concerned that the public debate has focused too much on software engineers and a relative handful of other high-status careers — lawyers, consultants, economists — rather than the workers who could be most vulnerable...

Economists at Northwestern University recently recalculated measures of AI exposure based on the makeup of the total workforce, not just the people using the technology. Administrative and front-line roles, such as customer service representatives, rose to the top of the list. "The most affected jobs are secretaries, are routine clerks," said Michelle Yin, one of the working paper's authors. "They're not computer scientists or data scientists at all."

The article also includes this counterpoint from an economist at the University of Illinois who has studied earlier waves of white-collar automation: that like other disruptive technologies, AI likely will also create new jobs. So the possibility exists AI will make workers more productive and allow them to earn more. "I would be cautious about just focusing on what are we losing as opposed to what are we going to gain on the other side."
IT

This Factory Was Severely Short On Workers. Then It Offered Flexible Work. (npr.org) 65

"Flexible, app-based scheduling lets large pools of part-time workers choose four-hour shifts and even select the type of work they prefer," writes long-time Slashdot reader Tony Isaac. While the system started during the pandemic when factories faced severe labor shortages, the model is now "supplying hundreds of trained workers each week... while giving people — from retirees to sidejob hustlers to longtime employees — control over their hours."

NPR says it's attracting "people who may not be seeking a traditional career in the industry or even a 40-hour workweek," It's a change that manufacturers including Stanley Black & Decker and Georgia-Pacific are embracing... Today, in any given week, about 450 flexible workers — roughly half the pool — pick up shifts at the [GE Appliances] plant, with workers putting in an average of 24 hours a week. Their contributions have been key to GE Appliances' $180 million expansion of the Georgia plant, completed last year, which added 600 new jobs... [Darcy Duvall, the plant's director of human resources operations] has also come to see that many workers prize flexibility despite the significant trade-offs — like lower pay and almost no benefits. MyWorkChoice employees can opt into their own group healthcare plan, but few do... The flexible work option has also helped GE Appliances keep longtime employees with decades of experience on the job.
The Military

Russia Hacks Doorbell Cameras To Spy On NATO Bases (yahoo.com) 45

Dutch intelligence agencies say Russian hackers have been hijacking unsecured internet-connected cameras, including likely doorbell and security cameras, to spy on NATO military bases and transport routes used to move weapons to Ukraine. "Organisations with IP [internet protocol] cameras on these routes have now been warned so that they could take action," said the AIVD domestic security and MIVD military intelligence agencies. Targeted NATO member states include the Netherlands and Ukraine. The Telegraph reports: While the intelligence agencies did not specify the type of cameras hacked, the doorbell systems are frequently used by people to monitor their property from mobile phones. Hackers then use readily available apps to scan for devices that might be accessible. The Dutch investigation found that many of the cameras were unsecured, and "often have standard passwords, outdated firmware and standard configurations." They said: "When the IP camera is identified, the malicious party can attempt to access the IP camera via the internet. This is often relatively easy, because many IP cameras connected to the internet are insufficiently secure."

[...] The practice is now considered easier and cheaper than using drones and satellites to gather intelligence. It also aids operational surprise because most camera owners are blissfully unaware their devices have been penetrated by hackers. Ground-based cameras offer a unique perspective on the terrain, which isn't the case with conventional aerial-based spy kit.

Data Storage

macOS 28 Will Drop Support For Encrypted Mac OS Extended Volumes (9to5mac.com) 77

Starting with macOS 28, Apple will no longer support encrypted Mac OS Extended, or HFS+, volumes. Users will need to decrypt them or reformat them as APFS to keep using them. 9to5Mac reports: In a new support document, Apple explains that starting with macOS 28, "the Mac OS Extended file system format will be supported only for volumes (disks and other storage devices) that aren't encrypted." In practice, this means users who currently rely on encrypted HFS+ external drives or other encrypted legacy Mac-formatted volumes will need to "either decrypt or reformat any encrypted Mac OS Extended volumes."

Apple doesn't explain the reason for the change. Still, the move appears to be another step in Apple's transition to APFS, its file system with built-in encryption support, which replaced Mac OS Extended as the default Mac file system in macOS High Sierra. As a result of this change, Apple says that starting with macOS 26, Macs might notify users when they're using an encrypted Mac OS Extended disk that won't be compatible with macOS 28 or later.

According to the support page, "the notification will identify the volume by name." However, Apple says users can manually confirm whether a volume is both using Mac OS Extended format and encrypted by following these steps [...]. Apple adds that "macOS 28 and later will continue to support unencrypted volumes that use Mac OS Extended format," and notes "Mac OS Extended is also known as HFS Plus (or HFS+)."

AI

Is Big Tech Now Backpedaling on the AI Jobs Wipeout Scenario? (msn.com) 81

"A year ago, the message from many business leaders was that AI was going to wipe out jobs," remembers the Wall Street Journal.But "For the past month or so, tech CEOs have been striking a more optimistic tone." In late May, OpenAI Chief Executive Sam Altman — who has long predicted that AI will lead to seismic shifts in the workforce — said during a conference, "We've been roughly right on technological predictions and pretty wrong on the social and economic implications." Soon after, he told CNBC, "Our industry underestimated how much we're going to be able to keep people at the center of everything."

Anthropic CEO Dario Amodei, who warned in May 2025 that artificial intelligence could eliminate half of entry-level jobs, a year later highlighted more positive scenarios for AI-adopting businesses: "They can do the same thing with less resources, and that leads to things like layoffs, or they can do more with the same amount of resources. But that requires creativity...."

Is the sunnier outlook a move to win back customers and the public who are souring on AI's world-upending promise? Or is the role of AI in the workplace now just better understood...?

Collectively, the narrative has shifted from worker-light doomsday scenarios caused by AI to a future in which workers keep their jobs — and get a productivity boost. The sentiment change isn't limited to tech leaders: A survey by EY-Parthenon found that the percentage of CEOs who believe AI investments will result in significant reductions in head count fell from around 46% in January 2025 to just 20% this May. "They may have noticed that the labor market is genuinely not changing (i.e., imploding) as rapidly as they expected," said David Autor, a professor of economics at the Massachusetts Institute of Technology. "They may have realized it was simply bad business to say that your great new product will destroy the economy."

The article notes Amazon founder Jeff Bezos "has a history of predicting that AI will create new jobs," and in June said AI could even lead to a labor shortage. "When asked on CNBC in May about people being afraid of AI taking jobs, he said the reason they're afraid is because 'all these smart people keep saying that.'"

The article then adds that "Fewer people are saying it now."
AI

Big Companies That Invest Heavily in AI Also Hire More People, Report Suggests (techcrunch.com) 29

"Companies spending heavily on AI are growing headcount faster, even in the entry-level roles that many fear are doomed," writes TechCrunch. That's the conclusion of new report tracking AI spending from Ramp's corporate card/bill pay data as well as Revelio Labs' workforce records from 21,599 U.S. firms: According to the report, "high-intensity adopters" — firms that spend on average $30 per employee per month on AI in the first three months — saw headcount increase 10.2%. Headcount also rose across functions, including engineering, sales, administration, customer service, finance, marketing, and scientist roles. The strongest job growth among high-intensity adopters was in the information sector, which includes software, internet, media, and tech-adjacent firms.

Despite these positive signals, the data isn't as rosy as it seems. It skews heavily toward tech-forward, knowledge-work firms — ones that might have VC-backing and are growing fast anyway, making it difficult to say whether AI is contributing to the hiring or just showing up at companies that are expanding anyway. "This paper does not show that AI universally creates jobs," the paper's authors admit, "but it does counter claims that AI will lead to broad job losses."

It also counters claims that AI is killing all junior jobs. Recent research from Goldman Sachs found that AI has already erased about 16,000 net jobs per month over the past year, with Gen Z and entry-level workers taking the brunt of the burden. But in tech-forward firms, the report finds that entry-level headcount actually rose by 12%... "For software and technology firms, AI can make core output cheaper or faster to produce: writing code, debugging, building internal tools, producing technical documentation, and supporting product development," the report reads. "Lower production costs in these workflows can raise the return to expanding the whole firm, not just the engineering team."

But companies that buy subscriptions and run pilots, yet did not go on to make sustained investments, don't tend to see any gains in headcount, per the report. That sets up the potential for a widening gap between firms that have the resources — like capital, technical staff, founder networks, and management bandwidth — to turn AI adoption into actual business gains and those that are stuck experimenting with subscriptions. In other words, this report suggests that firms that already have the resources are the ones that will see the largest gains.

CNBC argues another AI "narrative" was challenged this week: that open source can't make money. "The assumption was that giving your model away for free meant no business. That's breaking too, as open-model companies start posting real revenue and enterprises move from renting AI to running their own."
Government

Are Wars Blurring Lines Between Corporate and National Security? (msn.com) 45

Subsea cables. Ukrainian power stations. Russian oil refineries. Even airports, water-desalination plants and Amazon data centers.

They've all become targets in wartime, notes the Wall Street Journal, and around the world now arguments "are already brewing between companies and governments over new regulations and potential costs." In Germany, powerful associations representing private companies and municipal utilities have pushed back against new standards for physical protection, warning they could spell financial ruin. New Zealand's government has faced resistance from industry groups over a proposal to fine critical-infrastructure companies and their directors for cybersecurity breaches... A sign of how lines are blurring: The North Atlantic Treaty Organization's 32 countries last year agreed that as part of a pact to spend 5% of economic output on defense and security, 1.5% would go to military-adjacent needs including protecting critical infrastructure and networks. Spending targets range from cybersecurity and industrial capacity to railroads, bridges and ports needed for military logistics... "We need a wide concept of defense — defense is no longer just military," said Italian Adm. Giuseppe Cavo Dragone, NATO's top military adviser.

Adding to the complexity, companies now need to protect the data networks that serve as gateways to critical infrastructure. Hackers increasingly target not just computer files to steal information but also systems managing vital functions like building access and factory control, remotely causing physical damage or enabling espionage. U.S. authorities in April warned that Iranian hackers were trying to disrupt American drinking-water systems by targeting computer equipment that connects hardware with software. A year earlier, suspected Russian hackers remotely manipulated valves on a Norwegian hydroelectric dam...

Another challenge will be parsing jurisdictions and liability for assets that cross international waters or are damaged in combat — such as subsea data cables or energy pipelines. Turf battles between law enforcement and militaries are already complicating efforts... "The private owner can invest in redundancy, monitoring, and repair capacity, but only governments and militaries can really deter, patrol, attribute, or respond to hostile state activity," said Marc Glasser, who worked on cybersecurity and infrastructure security for three decades at the U.S. Department of Transportation and the Department of Homeland Security.... Companies say they need greater clarity from governments on what protections they will provide and subsidies to help them defend privately owned assets that provide a public good. Most governments don't provide incentives for companies to invest more than the minimum legal resilience requirements.

The article notes that in May the chief executive of California's Port of Long Beach "launched a cyber-defense operations center to thwart tens of thousands of cyberattacks daily, which jeopardize computer systems and all equipment connected to them."

The article also points out that the EU adopted new regulations requiring countries to reduce vulnerabilities, and new laws proposed in the U.K. now "seek to increase penalties for subsea sabotage, updating codes that date to when telegraph cables were first laid in the 19th century."
AI

Decades-Old Bash Tricks Expose AI Coding Agents To Supply Chain Attacks (securityweek.com) 26

Slashdot reader wiredmikey writes: AI security researchers have uncovered a structural security flaw dubbed GuardFall that allows decades-old Bash shell tricks to bypass safeguards in most open source AI coding agents. By exploiting shell behaviors such as quote removal and variable expansion, attackers can hide malicious commands in repositories, README files, Makefiles, or other content consumed by AI agents. If executed — particularly in auto-approve or CI environments—the commands can steal credentials, compromise developer systems, or enable software supply chain attacks. According to researchers at Adversa AI, the 11 popular open source AI coding agents tested, only one successfully blocked all of the Bash trick techniques.
Desktops (Apple)

New PamStealer macOS Malware Uses Clever Tradecraft To Remain Stealthy (arstechnica.com) 38

An anonymous reader quotes a report from Ars Technica: Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The first is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It's compiled as AppleScript that is notable for the way it delivers the second stage. The malware is named PamStealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the target's login password before sending it to an attacker-controlled server.

[...] PamStealer shows a native password prompt designed to resemble a system authorization request. Text that appears with the prompt says: "Maccy wants to make changes. Enter your password to allow this." As noted earlier, once a target complies, the malware validates it locally through the PAM API. "This check is done entirely through PAM: there is no call out to dscl, security, osascript or any spawned process to verify the password, as many commodity macOS stealers do," [said Jamf, a security firm for macOS users]. "The result is a quieter routine that keeps only a verified password, and one fewer process chain for defenders to detect on."

If the validation fails, PamStealer displays the prompts again until it receives the correct one. Once the target enters the correct password, PamStealer displays a message stating that the file is damaged and can't be installed. This is designed to be a decoy to prevent the target from suspecting anything is amiss. The malware uses tactics to maximize the information it can steal. One tactic is to request the target grant full disk access to the fake Maccy app. It also contains code designed to access ethereum accounts. The various techniques -- particularly the Script Editor lure, a self-contained JXA dropper, a Rust-based second stage, and local validation of credentials through PAM are all noteworthy.

Security

AI Agent Executes 'First' End-To-End Ransomware Attack 36

Sysdig says it has documented the first ransomware attack carried out end to end by an AI agent, which autonomously exploited exposed systems, stole credentials, established persistence, compromised a production database, and destroyed data. The research team named the attacker "JadePuffer" and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248. "The most striking characteristic, however, was the LLM's behavior," Sysdig director of threat research Michael Clark said in a blog post. An anonymous reader quotes an excerpt from The Register: JadePuffer's "self-narrating" payloads "contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don't often write but LLM-generated code produces reflexively," Clark added. "The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds." After exploiting CVE-2025-3248, a missing authentication vulnerability in Langflow that allows remote, unauthenticated attackers to execute arbitrary Python on the host, the AI agent began scanning for and collecting secrets, including LLM provider API keys, cloud credentials "with explicit coverage of Chinese providers" including Alibaba, Aliyun, Tencent, and Huawei, while also scanning for AWS, Azure and Google Cloud Platform, cryptocurrency wallets, and database credentials.

The AI also installed a crontab entry on the Langflow server to maintain persistence and call back to the attacker's infrastructure every 30 minutes. JadePuffer's intended target was a separate internet-exposed production server running a MySQL database and an Alibaba Nacos configuration service, we're told. Nacos is an open-source service-discovery and dynamic configuration platform developed by Alibaba and used in the cloud provider's microservices applications. The agent connected to the server's exposed MySQL port using root credentials, although Sysdig doesn't know how the attacker obtained them. These credentials weren't stolen from the victim's environment.

JadePuffer then attacked Nacos via multiple vectors including an authorization bypass flaw (CVE-2021-29441) and forging a valid JSON web token (JWT) using Nacos's default signing key. Additionally, using its root database access, the LLM injected a backdoor administrator into the Nacos backing database. It ultimately encrypted all 1,342 Nacos service configuration items using MySQL's built-in AES encryption function, and created an extortion demand, ransom note, Bitcoin payment address, and a Proton Mail contact [...]. However, according to the threat hunters, the victim can't recover the encrypted data, even if they paid the ransom demand, because the agent escalated "from row-level deletion to dropping entire database schemas, narrating its own targeting rationale," without backing up any of the encrypted data.
Security

Apple iPhone 18 Details Leaked In Tata Data Breach (yahoo.com) 13

"Another breach at Tata has leaked details about Apple's iPhone 18, along with documents belonging to several other Tata clients," writes Longtime Slashdot reader Ritz_Just_Ritz. "It's becoming a recurring theme for the company." Reuters reports: Reuters has previously reported the Tata Electronics leak of more than 200,000 files on the dark web by World Leaks had files with purported component design papers of older iPhones and some parts of Tesla -- both Tata clients. They also included documents of Taiwan Semiconductor Manufacturing Co and Qualcomm, both of which make parts used in iPhones. New documents reviewed by Reuters show there are at least six files that map many components in the iPhone 18 Pro models to the specific company that supplies them. These include details of chips on its main circuit board and parts of the battery and cameras.

Apple considers this detail sensitive and is concerned about the documents being shared on the dark web as they relate to unreleased models, according to the person familiar with the matter. The data maps suppliers to iPhone parts, which Apple does not disclose in its public database of suppliers, the person added. In all, the documents detail hundreds of parts to be on the upcoming iPhone 18 Pro models. The records also show where Apple draws a part from several suppliers and where it relies on just a few, laying bare both its bargaining leverage and its vulnerabilities.
More broadly, the leak threatens Apple's trust in Tata just as Tata is becoming central to its effort to shift iPhone production away from China. With India expected to produce roughly a quarter of the world's iPhones in 2026, any deterioration in that relationship could complicate Apple's diversification strategy and force tighter security controls across its suppliers.

Slashdot Top Deals