Axios reports: Anthropic's latest AI model has found more than 500 previously unknown high-severity security flaws in open-source libraries with little to no prompting, the company shared first with Axios.

Why it matters: The advancement signals an inflection point for how AI tools can help cyber defenders, even as AI is also making attacks more dangerous...

Anthropic debuted Claude Opus 4.6, the latest version of its largest AI model, on Thursday. Before its debut, Anthropic's frontier red team tested Opus 4.6 in a sandboxed environment [including access to vulnerability analysis tools] to see how well it could find bugs in open-source code... Claude found more than 500 previously unknown zero-day vulnerabilities in open-source code using just its "out-of-the-box" capabilities, and each one was validated by either a member of Anthropic's team or an outside security researcher... According to a blog post, Claude uncovered a flaw in GhostScript, a popular utility that helps process PDF and PostScript files, that could cause it to crash. Claude also found buffer overflow flaws in OpenSC, a utility that processes smart card data, and CGIF, a tool that processes GIF files.
Logan Graham, head of Anthropic's frontier red team, told Axios they're considering new AI-powered tools to hunt vulnerabilities. "The models are extremely good at this, and we expect them to get much better still... I wouldn't be surprised if this was one of — or the main way — in which open-source software moving forward was secured."

Waymo surprised U.S. lawmakers Wednesday during a hearing on autonomous vehicles and their safety and oversight. Newsweek reports: During questioning, Sen. Ed Markey, a Massachusetts Democrat, asked what happens when a Waymo vehicle encounters a driving situation it cannot independently resolve. "The Waymo phones a human friend for help," Markey explained, adding that the vehicle communicates with a "remote assistance operator." Markey criticized the lack of public information about these workers, despite their role in vehicle safety...

[Dr. Mauricio Peña, chief safety officer at Waymo] responded by clarifying the scope of the operators' involvement: "They provide guidance, they do not remotely drive the vehicles," Peña said. "Waymo asks for guidance in certain situations and gets input, but Waymo is always in charge of the dynamic driving task," according to EVShift. Pressed further on where those operators are located, Peña told lawmakers that some are based in the United States and others abroad, though he did not have an exact breakdown. After additional questioning, he confirmed that overseas operators are located in the Philippines...

The disclosure prompted sharp criticism from Markey, who raised concerns about security and labor implications. "Having people overseas influencing American vehicles is a safety issue," he said. "The information the operators receive could be out of date. It could introduce tremendous cyber security vulnerabilities," according to People. Markey also pointed to job displacement, noting that autonomous vehicles already affect taxi and rideshare drivers in the U.S. Waymo defended the practice in comments to People, saying the use of overseas staff is part of a broader effort to scale operations globally.
Waymo also defended the remote workers to Newsweek as licensed drivers reviewed for "driving-related convictions" and other traffic violations who are also "randomly screened for drug use."

Thanks to Slashdot reader sinij for sharing the news.

Neocities founder Kyle Drake has spent weeks trapped in Microsoft's automated support loop after discovering that Bing quietly blocked all 1.5 million websites hosted on his platform, a free web-hosting service that has kept the spirit of 1990s GeoCities alive since 2013.

Drake first noticed the issue last summer and thought it was resolved, but a second complete block went into effect in January, cratering Bing traffic from roughly half a million daily visitors to zero. He submitted nearly a dozen tickets through Bing's webmaster tools but could not get past the AI chatbot to reach a human. After Ars Technica contacted Microsoft, the company restored the Neocities front page within 24 hours but most subdomains remain blocked. Microsoft cited policy violations related to low-quality content yet declined to identify the offending sites or work directly with Drake to fix the problem.

Memory prices across DRAM, NAND and HBM have surged 80 to 90% quarter-over-quarter in Q1 2026, according to Counterpoint Research's latest Memory Price Tracker. The price of a 64GB RDIMM has jumped from a Q4 2025 contract price of $450 to over $900, and Counterpoint expects it to cross $1,000 in Q2.

NAND, relatively stable last quarter, is tracking a parallel increase. Device makers are cutting DRAM content per device, swapping TLC SSDs for cheaper QLC alternatives, and shifting orders from the now-scarce LPDDR4 to LPDDR5 as new entry-level chipsets support the newer standard. DRAM operating margins hit the 60% range in Q4 2025 -- the first time conventional DRAM margins surpassed HBM -- and Q1 2026 is on track to set all-time highs.

Salesforce is essentially shutting down Heroku as an evolving product, moving the cloud platform that helped define modern app deployment to a "sustaining engineering model" focused entirely on stability, security and support.

Existing customers on credit card billing see no changes to pricing or service, but enterprise contracts are no longer available to new buyers. Salesforce said it is redirecting engineering investment toward enterprise AI.

The CIA has shut down The World Factbook, one of its oldest and most recognizable public-facing intelligence publications, ending a run that began as a classified reference document in 1962 and evolved into a freely accessible digital resource that drew millions of views each year.

The agency offered no explanation for the decision. Originally titled The National Basic Intelligence Factbook, the publication first went unclassified in 1971, was renamed a decade later, and moved online at CIA.gov in 1997. It served researchers, news organizations, teachers, students and international travelers. The site hosted more than 5,000 copyright-free photographs, some donated by CIA officers from their personal travel. Every page now redirects to a farewell announcement.

Google's Quick Share-AirDrop interoperability, which has been exclusive to the Pixel 10 series since its surprise launch last year, is headed to a much broader set of Android devices in 2026.

Eric Kay, Google's Vice President of Engineering for the Android platform, confirmed the expansion during a press briefing at the company's Taipei office, saying Google is "working with our partners to expand it into the rest of the ecosystem" and that announcements are coming "very soon." Nothing is the only OEM to have publicly confirmed it's working on support, though Qualcomm has also hinted at enabling the feature on Snapdragon-powered phones.

Automattic and the Internet Archive have released a free, open-source WordPress plugin that automatically detects broken outbound links on a site and redirects visitors to archived Wayback Machine copies instead of serving them a 404 error.

The Internet Archive Wayback Machine Link Fixer, which launched last fall and is available on WordPress.org, runs in the background scanning posts for dead links, checking for existing archived versions, and requesting new snapshots when none exist. It also archives a site's own posts whenever they are updated. If the original link comes back online, the plugin stops redirecting.

Pew Research has found that 38% of the web has disappeared over the past decade, and WordPress powers more than 40% of websites online.

alternative_right writes: The city of Munich has developed its own measurement instrument to assess the digital sovereignty of its IT infrastructure. The so-called Digital Sovereignty Score (SDS) visually resembles the Nutri-Score and identifies IT systems based on their independence from individual providers and 'foreign' legal spheres. The Technical University of Munich was involved in the development.

In September and October 2025, the IT Department already conducted a first comprehensive test. Out of a total of 2780 municipal application services, 194 particularly critical ones were selected and evaluated based on five categories. The analysis already showed a high degree of digital sovereignty: 66% of the 194 evaluated services reached the highest levels (SDS 1 and 2), only 5% reached the critical level 4, and 21% reached the most critical level 5. The SDS evaluates not only technical dependencies but also legal and organizational risks.

Valve has pushed back the launch of its Steam Machine, Steam Frame and Steam Controller hardware from its original Q1 2026 window to a vaguer "first half of the year" target, blaming the ongoing memory and storage shortage that has been squeezing the tech industry.

The company said in a post today that rising component prices and limited availability forced it to revisit both its shipping schedule and pricing plans. Valve had previously indicated the Steam Machine would be priced at the entry level of the PC space.

Microsoft has finally delivered on its promise to integrate Sysmon -- the long-standing system monitoring tool from its Sysinternals suite -- directly into Windows, a move that should make life considerably easier for enterprise administrators who have struggled with deploying and managing the utility across thousands of endpoints.

The functionality landed this week in Windows Insider builds 26300.7733 (Dev channel) and 26220.7752 (Beta channel). Sysmon allows administrators to capture system events through custom configuration files, filter for specific activity, and pipe the data into standard Windows event logs for pickup by security tools and SIEM pipelines. Mark Russinovich, Microsoft technical fellow and Winternals co-founder, has previously noted the lack of official customer support for Sysmon in production environments -- a gap this integration addresses. The feature ships disabled by default and requires PowerShell to enable. Microsoft notes that any existing Sysmon installation must be uninstalled before activating the built-in version.

Google's much-anticipated plan to merge Android and ChromeOS into a single operating system called Aluminium is shaping up to be a drawn-out, complicated transition that could leave existing Chromebook users behind, according to previously unreported court documents in the Google search antitrust case.

The new OS won't be compatible with all existing Chromebook hardware, and Google will be forced to maintain ChromeOS through at least 2033 to honor its 10-year support commitment to current users -- meaning two parallel operating systems running for years.

The timeline itself is messier than Google has let on publicly, the filings suggest. Sameer Samat, Google's head of Android, called the merger "something we're super excited about for next year" last September, but court filings describe the "fastest path" to market as offering Aluminium to "commercial trusted testers" in late 2026 before a full release in 2028.

Enterprise and education customers -- the segments where Chromebooks currently dominate -- are slated for 2028 as well. Columbia computer science professor Jason Nieh, who interviewed Google engineers as a witness in the case, testified that Aluminium requires a heavier software stack and more powerful hardware to run.

Adobe is no longer planning to discontinue Adobe Animate on March 1st. From a report: In an FAQ, the company now says that Animate will now be in maintenance mode and that it has "no plans toâdiscontinue or remove access" to the app.

Animate will still receive "ongoing security and bug fixes" and will still be available for "both new and existing users," but it won't get new features. Many creators expressed frustration after Adobe's original discontinuation announcement from earlier this week, and the application is still used by creators like David Firth, the person behind the animated web series Salad Fingers. Now, Adobe says that "We are committed to ensuring Animate usersâalways have access to their content regardless of the state of development of the application."

BrianFagioli writes: Google has quietly retired the ZetaSQL name and rebranded its open source SQL analysis and parsing project as GoogleSQL. This is not a technical change but a naming cleanup meant to align the open source code with the SQL dialect already used across Google products like BigQuery and Spanner. Internally, Google has long called the dialect GoogleSQL, even while the open source project lived under a different name.

By unifying everything under GoogleSQL, Google says it wants to reduce confusion and make it clearer that the same SQL foundation is shared across its cloud services and open source tooling. The code, features, and team remain unchanged. Only the name is different. GoogleSQL is now the single label Google wants developers to recognize and use going forward.

YouTube has confirmed that it is blocking background playback -- the ability to keep a video's audio running after minimizing the browser or locking the screen -- for non-Premium users across third-party mobile browsers including Samsung Internet, Brave, Vivaldi and Microsoft Edge.

Users began reporting the issue last week, noting that audio would cut out the moment they left the browser, sometimes after a brief "MediaOngoingActivity" notification flashed before media controls disappeared. A Google spokesperson told Android Authority that the platform "updated the experience to ensure consistency," calling background play a Premium-exclusive feature.