An anonymous reader quotes a report from the BBC: A lack of action by big tech firms is enabling the "industrial scale theft" of premium video services, especially live sport, a new report says. The research by Enders Analysis accuses Amazon, Google, Meta and Microsoft of "ambivalence and inertia" over a problem it says costs broadcasters revenue and puts users at an increased risk of cyber-crime. Gareth Sutcliffe and Ollie Meir, who authored the research, described the Amazon Fire Stick -- which they argue is the device many people use to access illegal streams -- as "a piracy enabler." [...] The device plugs into TVs and gives the viewer thousands of options to watch programs from legitimate services including the BBC iPlayer and Netflix. They are also being used to access illegal streams, particularly of live sport.

In November last year, a Liverpool man who sold Fire Stick devices he reconfigured to allow people to illegally stream Premier League football matches was jailed. After uploading the unauthorized services on the Amazon product, he advertised them on Facebook. Another man from Liverpool was given a two-year suspended sentence last year after modifying fire sticks and selling them on Facebook and WhatsApp. According to data for the first quarter of this year, provided to Enders by Sky, 59% of people in UK who said they had watched pirated material in the last year while using a physical device said they had used a Amazon fire product. The Enders report says the fire stick enables "billions of dollars in piracy" overall. [...]

The researchers also pointed to the role played by the "continued depreciation" of Digital Rights Management (DRM) systems, particularly those from Google and Microsoft. This technology enables high quality streaming of premium content to devices. Two of the big players are Microsoft's PlayReady and Google's Widevine. The authors argue the architecture of the DRM is largely unchanged, and due to a lack of maintenance by the big tech companies, PlayReady and Widevine "are now compromised across various security levels." Mr Sutcliffe and Mr Meir said this has had "a seismic impact across the industry, and ultimately given piracy the upper hand by enabling theft of the highest quality content." They added: "Over twenty years since launch, the DRM solutions provided by Google and Microsoft are in steep decline. A complete overhaul of the technology architecture, licensing, and support model is needed. Lack of engagement with content owners indicates this a low priority."

Billions of stolen cookies are being sold on the dark web and Telegram, with over 1.2 billion containing session data that can grant cybercriminals access to accounts and systems without login credentials, bypassing MFA. The Register reports: More than 93.7 billion of them are currently available for criminals to buy online and of those, between 7-9 percent are active, on average, according to NordVPN's breakdown of stolen cookies by country. Adrianus Warmenhoven, cybersecurity advisor at NordVPN, said: "Cookies may seem harmless, but in the wrong hands, they're digital keys to our most private information. What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide. Most people don't realize that a stolen cookie can be just as dangerous as a password, despite being so willing to accept cookies when visiting websites, just to get rid of the prompt at the bottom of the screen. However, once these are intercepted, a cookie can give hackers direct access to all sorts of accounts containing sensitive data, without any login required."

The vast majority of stolen cookies (90.25 percent) contain ID data, used to uniquely identify users and deliver targeted ads. They can also contain data such as names, home and email addresses, locations, passwords, phone numbers, and genders, although these data points are only present in around 0.5 percent of all stolen cookies. The risk of ruinous personal data exposure as a result of cookie theft is therefore pretty slim. Aside from ID cookies, the other statistically significant type of data that these can contain are details of users' sessions. Over 1.2 billion of these are still up for grabs (roughly 6 percent of the total), and these are generally seen as more of a concern.

An anonymous reader quotes a report from KrebsOnSecurity: The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as "pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers. "Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024," reads a statement from the U.S. Department of the Treasury, which sanctioned Funnull and its 40-year-old Chinese administrator Liu Lizhi. "Funnull has directly facilitated several of these schemes, resulting in over $200 million in U.S. victim-reported losses."

The Treasury Department said Funnull's operations are linked to the majority of virtual currency investment scam websites reported to the FBI. The agency said Funnull directly facilitated pig butchering and other schemes that resulted in more than $200 million in financial losses by Americans. Pig butchering is a rampant form of fraud wherein people are lured by flirtatious strangers online into investing in fraudulent cryptocurrency trading platforms. Victims are coached to invest more and more money into what appears to be an extremely profitable trading platform, only to find their money is gone when they wish to cash out. The scammers often insist that investors pay additional "taxes" on their crypto "earnings" before they can see their invested funds again (spoiler: they never do), and a shocking number of people have lost six figures or more through these pig butchering scams.

KrebsOnSecurity's January story on Funnull was based on research from the security firm Silent Push, which discovered in October 2024 that a vast number of domains hosted via Funnull were promoting gambling sites that bore the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean state-sponsored hacking group Lazarus. Silent Push found Funnull was a criminal content delivery network (CDN) that carried a great deal of traffic tied to scam websites, funneling the traffic through a dizzying chain of auto-generated domain names and U.S.-based cloud providers before redirecting to malicious or phishous websites. The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025.

Lovable, a Swedish startup that allows users to create websites and apps through natural language prompts, failed to address a critical security vulnerability for months after being notified, according to a new report. A study by Replit employees found that 170 of 1,645 Lovable-created applications exposed sensitive user information including names, email addresses, financial data, and API keys that could allow hackers to run up charges on customers' accounts.

The vulnerability, published this week in the National Vulnerabilities Database, stems from misconfigured Supabase databases that Lovable's AI-generated code connects to for storing user data. Despite being alerted to the problem in March, Lovable initially dismissed concerns and only later implemented a limited security scan that checks whether database access controls are enabled but cannot determine if they are properly configured.

An anonymous reader quotes a report from SC Media: Thousands of ASUS routers have been compromised with malware-free backdoors in an ongoing campaign to potentially build a future botnet, GreyNoise reported Wednesday. The threat actors abuse security vulnerabilities and legitimate router features to establish persistent access without the use of malware, and these backdoors survive both reboots and firmware updates, making them difficult to remove.

The attacks, which researchers suspect are conducted by highly sophisticated threat actors, were first detected by GreyNoise's AI-powered Sift tool in mid-March and disclosed Thursday after coordination with government officials and industry partners. Sekoia.io also reported the compromise of thousands of ASUS routers in their investigation of a broader campaign, dubbed ViciousTrap, in which edge devices from other brands were also compromised to create a honeypot network. Sekoia.io found that the ASUS routers were not used to create honeypots, and that the threat actors gained SSH access using the same port, TCP/53282, identified by GreyNoise in their report. The backdoor campaign affects multiple ASUS router models, including the RT-AC3200, RT-AC3100, GT-AC2900, and Lyra Mini.

GreyNoise advises users to perform a full factory reset and manually reconfigure any potentially compromised device. To identify a breach, users should check for SSH access on TCP port 53282 and inspect the authorized_keys file for unauthorized entries.

An anonymous reader quotes a report from TechCrunch: LexisNexis Risk Solutions, a data broker that collects and uses consumers' personal data to help its paying corporate customers detect possible risk and fraud, has disclosed a data breach affecting more than 364,000 people. The company said in a filing with Maine's attorney general that the breach, dating back to December 25, 2024, allowed a hacker to obtain consumers' sensitive personal data from a third-party platform used by the company for software development.

Jennifer Richman, a spokesperson for LexisNexis, told TechCrunch that an unknown hacker accessed the company's GitHub account. The stolen data varies, but includes names, dates of birth, phone numbers, postal and email addresses, Social Security numbers, and driver license numbers. It's not immediately clear what circumstances led to the breach. Richman said LexisNexis received a report on April 1, 2025 "from an unknown third party claiming to have accessed certain information." The company would not say if it had received a ransom demand from the hacker.

A security researcher has discovered an exposed database containing 184 million login credentials for major services including Apple, Facebook, and Google accounts, along with credentials linked to government agencies across 29 countries. Jeremiah Fowler found the 47-gigabyte trove in early May, but the database contained no identifying information about its owner or origins.

The records included plaintext passwords and usernames for accounts spanning Netflix, PayPal, Discord, and other major platforms. A sample analysis revealed 220 email addresses with government domains from countries including the United States, China, and Israel. Fowler told Wired he suspects the data was compiled by cybercriminals using infostealer malware. World Host Group, which hosted the database, shut down access after Fowler's report and described it as content uploaded by a "fraudulent user." The company said it would cooperate with law enforcement authorities.

The recent surge in cyberattacks is pushing cyber insurers toward a fundamental reassessment of premium pricing, Bloomberg reports, with industry analysts warning of an impending "inflection point" that could reshape the market. Marks & Spencer's impending $404 million hit to its operating profit from a recent hack underscores claims that will "attract intense scrutiny from insurers," according to cybersecurity expert Adam Casey.

While incidents like this might not trigger immediate premium hikes across the board, they might likely contribute to an upward pricing trend. Panmure Liberum analyst Abid Hussain said that premiums have recently been falling as policy coverage has tightened, but the industry now faces a critical decision point. "There's going to be another step change, either in the policy wording or in the premiums, or both," Hussain said.

Multiple readers shared the following report about the executive departures at CISA: Virtually all of the top officials at the Cybersecurity and Infrastructure Security Agency (CISA) have departed the agency or will do so this month, according to an email obtained by Cybersecurity Dive, further widening a growing void in expertise and leadership at the government's lead cyber defense force at a time when tensions with foreign adversaries are escalating.

Five of CISA's six operational divisions and six of its 10 regional offices will have lost top leaders by the end of the month, the agency's new deputy director, Madhu Gottumukkala, informed employees in an email on Thursday. [...] The exits of these leaders could undermine the efficiency and strategic clarity of CISA's partnerships with critical infrastructure operators, private security firms, foreign allies, state governments and local emergency managers, experts say.

German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. From a report: "adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider," the company said. "We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts."

Adidas added that the stolen information did not include the affected customers' payment-related information or passwords, as the threat actors behind the breach only gained access to contact. The company has also notified the relevant authorities regarding this security incident and will alert those affected by the data breach.

Abstract of a paper on NBER: We elicited over a million stated preference choices over 126 dimensions or "aspects" of well-being from a sample of 3,358 respondents on Amazon's Mechanical Turk (MTurk). Our surveys also collected self-reported well-being (SWB) questions about respondents' current levels of the aspects of well-being. From the stated preference data, we estimate relative log marginal utilities per point on our 0-100 response scale for each aspect. We validate these estimates by comparing them to alternative methods for estimating preferences. Our findings provide empirical evidence that both complements and challenges philosophical perspectives on human desires and values. Our results support Aristotelian notions of eudaimonia through family relationships and Maslow's emphasis on basic security needs, yet also suggest that contemporary theories of well-being may overemphasize abstract concepts such as happiness and life satisfaction, while undervaluing concrete aspects such as family well-being, financial security, and health, that respondents place the highest marginal utilities on. We document substantial heterogeneity in preferences across respondents within (but not between) demographic groups, with current SWB levels explaining a significant portion of the variation.

Earlier this month app developer Guilherme Rambo had a warning for iPhone users: If you try to send an audio message using the Messages app to someone who's also using the Messages app, and that message happens to include the name "Dave and Buster's", the message will never be received.

In case you're wondering, "Dave and Buster's" is the name of a sports bar and restaurant in the United States... [T]he recipient will only see the "dot dot dot" animation for several seconds, and it will then eventually disappear. They will never get the audio message.
"The issue was first spotted on the podcast Search Engine..." according to an article in Fortune: Rambo's explanation of the curiosity goes like this.

"When you send an audio message using the Messages app, the message includes a transcription of the audio. If you happen to pronounce the name 'Dave and Buster's' as someone would normally pronounce it, almost like it's a single word, the transcription engine on iOS will recognize the brand name and correctly write it as 'Dave & Buster's' (with an ampersand)," he begins. So far, so good." [But ampersands have special meaning in HTML/XHTML...] And, as MacRumors puts it: "The parsing error triggers Apple's BlastDoor Messages feature that protects users from malicious messages that might rely on problematic parsing, so ultimately, the audio message fails to send."
To solve the mystery, Rambo "plugged the recipient device into my Mac and captured the logs right after the device received the problematic message." Their final thoughts... Since BlastDoor was designed to thwart hacking attempts, which frequently rely on faulty data parsing, it immediately stops what it's doing and just fails. That's what causes the message to get stuck in the "dot dot dot" state, which eventually times out, and the message just disappears. On the surface, this does sound like it could be used to "hack" someone's iPhone via a bad audio message transcription, but in reality what this bug demonstrates is that Apple's BlastDoor mechanism is working as designed.

Many bad parsers would probably accept the incorrectly-formatted XHTML, but that sort of leniency when parsing data formats is often what ends up causing security issues. By being pedantic about the formatting, BlastDoor is protecting the recipient from an exploit that would abuse that type of issue.

"OpenAI has a very scary problem on its hands," according to a new article by long-time Slashdot reader BrianFagioli.

"A new experiment by PalisadeAI reveals that the company's ChatGPT o3 model sometimes refuses to obey a basic instruction to shut itself down." The results are raising eyebrows across the AI safety community, and not because the model is alive, but because it's acting like it wants to be. In the test, the model was given a few math problems. It was told that asking for one more would lead to a shutdown. It was even instructed to allow the shutdown to happen. Instead of complying, o3 occasionally took matters into its own hands. In some cases, it rewrote the shutdown script. In others, it redefined the kill command so it wouldn't work anymore. Out of 100 trials, o3 sabotaged the shutdown seven times. OpenAI's o4 model resisted just once. Codex-mini failed twelve times.
"Claude, Gemini, and Grok followed the rules every time," notes this article at Beta News. "When researchers removed the explicit instruction to allow shutdown, however, even Claude and Gemini began resisting."

The researchers suggest that the issue may simply be a reward imbalance during training — that the systems "got more positive reinforcement for solving problems than for following shutdown commands."

But "As far as we know," they posted on X.com, "this is the first time AI models have been observed preventing themselves from being shut down despite explicit instructions to the contrary."

Around the world fungal infections kill an estimated 2.5 million people a year, notes a report from CNN. But new research predicts that certain species of infection-causing Aspergillus fungi could spread into new areas as the earth's temperature rises. ("The study, published this month, is currently being peer reviewed...") Aspergillus fungi grow like small filaments in soils all over the world. Like almost all fungi, they release huge numbers of tiny spores that spread through the air. Humans inhale spores every day but most people won't experience any health issues; their immune system clears them. It's a different story for those with lung conditions including asthma, cystic fibrosis and COPD, as well as people with compromised immune systems, such as cancer and organ transplant patients, and those who have had severe flu or Covid-19. If the body's immune system fails to clear the spores, the fungus "starts to grow and basically kind of eat you from the inside out, saying it really bluntly," said Norman van Rijn, one of the study's authors and a climate change and infectious diseases researcher at the University of Manchester. Aspergillosis has very high mortality rates at around 20% to 40%, he said. It's also very difficult to diagnose, as doctors don't always have it on their radar and patients often present with fevers and coughs, symptoms common to many illnesses. Fungal pathogens are also becoming increasingly resistant to treatment, van Rijn added. There are only four classes of antifungal medicines available...

Aspergillus flavus, a species that tends to prefer hotter, tropical climates, could increase its spread by 16% if humans continue burning large amounts of fossil fuels, the study found... [Mainly in parts of Europe and the northernmost edges of Scandinavia, Russia, China, and Canada, and the western edge of Alaska.] This species can cause severe infections in humans and is resistant to many antifungal medications. It also infects a range of food crops, posing a potential threat to food security. The World Health Organization added Aspergillus flavus to its critical group of fungal pathogens in 2022 because of its public health impact and antifungal resistance risk...

Conversely, temperatures in some regions, including sub-Saharan Africa, could become so hot they are no longer hospitable to Aspergillus fungi. This could bring its own problems, as fungi play an important role in ecosystems, including healthy soils. As well as expanding their growing range, a warming world could also be increasing fungi's temperature tolerance, allowing them to better survive inside human bodies. Extreme weather events such as drought, floods and heatwaves can affect fungi, too, helping to spread spores over long distances.
Thanks to Slashdot reader quonset for sharing the article.

A year ago, the original creator of SerenityOS posted that "for the past two years, I've been almost entirely focused on Ladybird, a new web browser that started as a simple HTML viewer for SerenityOS." So it became a stand-alone project that "aims to render the modern web with good performance, stability and security." And they're also building a new web engine.

"We are building a brand-new browser from scratch, backed by a non-profit..." says Ladybird's official web site, adding that they're driven "by a web standards first approach." They promise it will be truly independent, with "no code from other browsers" (and no "default search engine" deals).

"We are targeting Summer 2026 for a first Alpha version on Linux and macOS. This will be aimed at developers and early adopters." More from the Ladybird FAQ: We currently have 7 paid full-time engineers working on Ladybird. There is also a large community of volunteer contributors... The focus of the Ladybird project is to build a new browser engine from the ground up. We don't use code from Blink, WebKit, Gecko, or any other browser engine...

For historical reasons, the browser uses various libraries from the SerenityOS project, which has a strong culture of writing everything from scratch. Now that Ladybird has forked from SerenityOS, it is no longer bound by this culture, and we will be making use of 3rd party libraries for common functionality (e.g image/audio/video formats, encryption, graphics, etc.) We are already using some of the same 3rd party libraries that other browsers use, but we will never adopt another browser engine instead of building our own...

We don't have anyone actively working on Windows support, and there are considerable changes required to make it work well outside a Unix-like environment. We would like to do Windows eventually, but it's not a priority at the moment.
"Ladybird's founder Andreas Kling has a solid background in WebKit-based C++ development with both Apple and Nokia,," writes software developer/author David Eastman: "You are likely reading this on a browser that is slightly faster because of my work," he wrote on his blog's introduction page. After leaving Apple, clearly burnt out, Kling found himself in need of something to healthily occupy his time. He could have chosen to learn needlepoint, but instead he opted to build his own operating system, called Serenity. Ladybird is a web project spin-off from this, to which Kling now devotes his time...

[B]eyond the extensive open source politics, the main reason for supporting other independent browser projects is to maintain diverse alternatives — to prevent the web platform from being entirely captured by one company. This is where Ladybird comes in. It doesn't have any commercial foundation and it doesn't seem to be waiting to grab a commercial opportunity. It has a range of sponsors, some of which might be strategic (for example, Shopify), but most are goodwill or alignment-led. If you sponsor Ladybird, it will put your logo on its webpage and say thank you. That's it. This might seem uncontroversial, but other nonprofit organisations also give board seats to high-paying sponsors. Ladybird explicitly refuses to do this...

The Acid3 Browser test (which has nothing whatsoever to do with ACID compliance in databases) is an old method of checking compliance with web standards, but vendors can still check how their products do against a battery of tests. They check compliance for the DOM2, CSS3, HTML4 and the other standards that make sure that webpages work in a predictable way. If I point my Chrome browser on my MacBook to http://acid3.acidtests.org/, it gets 94/100. Safari does a bit better, getting to 97/100. Ladybird reportedly passes all 100 tests.
"All the code is hosted on GitHub," says the Ladybird home page. "Clone it, build it, and join our Discord if you want to collaborate on it!"

It's like "a USB-C port for AI applications..." according to the official documentation for MCP — "a standardized way to connect AI models to different data sources and tools."

And now Microsoft has "revealed plans to make MCP a native component of Windows," reports DevClass.com, "despite concerns over the security of the fast-expanding MCP ecosystem." In the context of Windows, it is easy to see the value of a standardised means of automating both built-in and third-party applications. A single prompt might, for example, fire off a workflow which queries data, uses it to create an Excel spreadsheet complete with a suitable chart, and then emails it to selected colleagues. Microsoft is preparing the ground for this by previewing new Windows features.

— First, there will be a local MCP registry which enables discovery of installed MCP servers.

— Second, built-in MCP servers will expose system functions including the file system, windowing, and the Windows Subsystem for Linux.

— Third, a new type of API called App Actions enables third-party applications to expose actions appropriate to each application, which will also be available as MCP servers so that these actions can be performed by AI agents. According to Microsoft, "developers will be able to consume actions developed by other relevant apps," enabling app-to-app automation as well as use by AI agents.

MCP servers are a powerful concept but vulnerable to misuse. Microsoft corporate VP David Weston noted seven vectors of attack, including cross-prompt injection where malicious content overrides agent instructions, authentication gaps because "MCP's current standards for authentication are immature and inconsistently adopted," credential leakage, tool poisoning from "unvetted MCP servers," lack of containment, limited security review in MCP servers, supply chain risks from rogue MCP servers, and command injection from improperly validated inputs. According to Weston, "security is our top priority as we expand MCP capabilities."
Security controls planned by Microsoft (according to the article):

• A proxy to mediate all MCP client-server interactions. This will enable centralized enforcement of policies and consent, as well as auditing and a hook for security software to monitor actions.
• A baseline security level for MCP servers to be allowed into the Windows MCP registry. This will include code-signing, security testing of exposed interfaces, and declaration of what privileges are required.
• Runtime isolation through what Weston called "isolation and granular permissions."

MCP was introduced by Anthropic just 6 months ago, the article notes, but Microsoft has now joined the official MCP steering committee, "and is collaborating with Anthropic and others on an updated authorization specification as well as a future public registry service for MCP servers."

Wednesday Google security researchers published a preprint demonstrating that 2048-bit RSA encryption "could theoretically be broken by a quantum computer with 1 million noisy qubits running for one week," writes Google's security blog.

"This is a 20-fold decrease in the number of qubits from our previous estimate, published in 2019... " The reduction in physical qubit count comes from two sources: better algorithms and better error correction — whereby qubits used by the algorithm ("logical qubits") are redundantly encoded across many physical qubits, so that errors can be detected and corrected... [Google's researchers found a way to reduce the operations in a 2024 algorithm from 1000x more than previous work to just 2x. And "On the error correction side, the key change is tripling the storage density of idle logical qubits by adding a second layer of error correction."]

Notably, quantum computers with relevant error rates currently have on the order of only 100 to 1000 qubits, and the National Institute of Standards and Technology (NIST) recently released standard PQC algorithms that are expected to be resistant to future large-scale quantum computers. However, this new result does underscore the importance of migrating to these standards in line with NIST recommended timelines.
The article notes that Google started using the standardized version of ML-KEM once it became available, both internally and for encrypting traffic in Chrome...

"The initial public draft of the NIST internal report on the transition to post-quantum cryptography standards states that vulnerable systems should be deprecated after 2030 and disallowed after 2035. Our work highlights the importance of adhering to this recommended timeline."

"Firefox's address bar just got an upgrade," Mozilla writes on their blog: Keep your original search visible

When you perform a search, your query now remains visible in the address bar instead of being replaced by the search engine's URL. Whereas before your address bar was filled with long, confusing URLs, now it's easier to refine or repeat searches... [Clicking an icon left of the address bar even pulls up a list of search-engine choices under the heading "This time search with..."]


Search your tabs, bookmarks and history using simple keywords

You can access different search modes in the address bar using simple, descriptive keywords like @bookmarks, @tabs, @history, and @actions, making it faster and easier to find exactly what you need.


Type a command, and Firefox takes care of it

You can now perform actions like "clear history," "open downloads," or "take a screenshot" just by typing into the address bar. This turns the bar into a practical productivity tool — great for users who want to stay in the flow...


Cleaner URLs with smarter security cues

We've simplified the address bar by trimming "https://" from secure sites, while clearly highlighting when a site isn't secure. This small change improves clarity without sacrificing awareness.
"The new address bar is now available in Firefox version 138," Mozilla writes, calling the new address bar faster, more intuitive "and designed to work the way you do."

SiFive was one of the first companies to produce a RISC-V chip. This week they announced a new collaboration with Red Hat "to bring Red Hat Enterprise Linux support to the rapidly growing RISC-V community" and "prepare Red Hat's product portfolio for future intersection with RISC-V server hardware from a diverse set of RISC-V suppliers."

Red Hat Enterprise Linux 10 is available in developer preview on the SiFive HiFive Premier P550 platform, which they call "a proven, high performance RISC-V CPU development platform." The SiFive HiFive Premier P550 provides a proven, high performance RISC-V CPU development platform. Adding support for Red Hat Enterprise Linux 10, the latest version of the world's leading enterprise Linux platform, enables developers to create, optimize, and release new applications for the next generation of enterprise servers and cloud infrastructure on the RISC-V architecture...

SiFive's high performance RISC-V technology is already being used by large organizations to meet compute-intensive AI and machine learning workloads in the datacenter... "With the growing demand for RISC-V, we are pleased to collaborate with SiFive to support Red Hat Enterprise Linux 10 deployments on SiFive HiFive Premier P550," said Ronald Pacheco, senior director of RHEL product and ecosystem strategy, "to further empower developers with the power of the world's leading enterprise Linux platform wherever and however they choose to deploy...."

Dave Altavilla, principal analyst at HotTech Vision And Analysis, said "Native Red Hat Enterprise Linux support on SiFive's HiFive Premier P550 board offers developers a substantial enterprise-grade toolchain for RISC-V.

"This is a pivotal step forward in enabling a full-stack ecosystem around open RISC-V hardware. SiFive says the move will "inspire the next generation of enterprise workloads and AI applications optimized for RISC-V," while helping their partners "deliver systems with a meaningfully lower total cost of ownership than incumbent platforms."

"With the growing demand for RISC-V, we are pleased to collaborate with SiFive to support Red Hat Enterprise Linux 10 deployments on SiFive HiFive Premier P550..." said Ronald Pacheco, senior director of RHEL product and ecosystem strategy. .

Beta News notes that there's also a new AI-powered assistant in RHEL 10, so "Instead of spending all day searching for answers or poking through documentation, admins can simply ask questions directly from the command line and get real-time help Security is front and center in this release, too. Red Hat is taking a proactive stance with early support for post-quantum cryptography. OpenSSL, GnuTLS, NSS, and OpenSSH now offer quantum-resistant options, setting the stage for better protection as threats evolve. There's a new sudo system role to help with privilege management, and OpenSSH has been bumped to version 9.9. Plus, with new Sequoia tools for OpenPGP, the door is open for even more robust encryption strategies. But it's not just about security and AI. Containers are now at the heart of RHEL 10 thanks to the new "image mode." With this feature, building and maintaining both the OS and your applications gets a lot more streamlined...

Longtime Slashdot reader sinij shares a press release from the White House, outlining a series of executive orders that overhaul the Nuclear Regulatory Commission and speed up deployment of new nuclear power reactions in the U.S.. From a report: The NRC is a 50-year-old, independent agency that regulates the nation's fleet of nuclear reactors. Trump's orders call for a "total and complete reform" of the agency, a senior White House official told reporters in a briefing. Under the new rules, the commission will be forced to decide on nuclear reactor licenses within 18 months. Trump said Friday the orders focus on small, advanced reactors that are viewed by many in the industry as the future. But the president also said his administration supports building large plants. "We're also talking about the big plants -- the very, very big, the biggest," Trump said. "We're going to be doing them also."

When asked whether NRC reform will result in staff reductions, the White House official said "there will be turnover and changes in roles." "Total reduction in staff is undetermined at this point, but the executive orders do call for a substantial reorganization" of the agency, the official said. The orders, however, will not remove or replace any of the five commissioners who lead the body, according to the White House. Any reduction in staff at the NRC would come at time when the commission faces a heavy workload. The agency is currently reviewing whether two mothballed nuclear plants, Palisades in Michigan and Three Mile Island in Pennsylvania, should restart operations, a historic and unprecedented process. [...]

Trump's orders also create a regulatory framework for the Departments of Energy and Defense to build nuclear reactors on federal land, the administration official said. "This allows for safe and reliable nuclear energy to power and operate critical defense facilities and AI data centers," the official told reporters. The NRC will not have a direct role, as the departments will use separate authorities under their control to authorize reactor construction for national security purposes, the official said. The president's orders also aim to jump start the mining of uranium in the U.S. and expand domestic uranium enrichment capacity, the official said. Trump's actions also aim to speed up reactor testing at the Department of Energy's national laboratories.