LinuxCritical 'Bad Epoll' Linux Kernel Vulnerability Disclosed, Affecting Servers and Android DevicesA severe security flaw, dubbed "Bad Epoll" (CVE-2026-46242), has been publicly disclosed in the Linux kernel, allowing an unprivileged local user to escalate privileges to root access. This critical vulnerability impacts a wide array of Linux-based systems, including servers, desktops, and Android devices. The flaw is a use-after-free race condition residing within the kernel's `epoll` subsystem, which manages file descriptor monitoring. Researchers have released a full technical writeup and working exploit code. The bug reportedly existed in the mainline Linux kernel for nearly three years before its discovery. While a fix for the "Bad Epoll" vulnerability has been made public, system administrators and Android users are urged to apply vendor-provided security updates immediately to protect against potential exploitation. Cloud providers and organizations running multi-tenant Linux hosts are particularly advised to prioritize this patch.
SoftwareMicrosoft 365 Commercial Subscriptions See Price Hikes, Bundling AI FeaturesMicrosoft has implemented a significant commercial pricing update for the majority of its Microsoft 365 Business, Enterprise, and Frontline plans, effective July 1, 2026. This adjustment includes price increases ranging from 5% to 43% across various subscriptions, with Business Basic climbing by 16% and some Frontline plans seeing the steepest increases. The company attributes these changes to continuous innovation in AI, security, and IT management over the past year. These price revisions are not solely a cost increase; they also integrate baseline Copilot Chat capabilities, such as inbox and calendar awareness and agents for Word, Excel, and PowerPoint, directly into most core packages. This means that generative AI assistance is now a standard utility cost within Microsoft 365, rather than an optional add-on. Users who renewed their subscriptions before July 1 will retain their old pricing until their next renewal date. For businesses, this update necessitates a re-evaluation of budgets and a careful audit of existing seat counts and add-ons like Defender to mitigate the impact of higher list prices. The move signifies Microsoft's strategy to embed AI deeper into its core productivity offerings, making advanced AI features an inherent part of the subscription.
SoftwareCritical SharePoint Vulnerability Demands Immediate Patching by July 4 DeadlineOrganizations running on-premises Microsoft SharePoint servers faced an urgent deadline to patch a critical vulnerability, CVE-2026–45659, which is actively being exploited. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this flaw to its Known Exploited Vulnerabilities (KEV) catalog on July 1, instructing federal civilian agencies to apply fixes by July 4, 2026. The vulnerability is a remote code execution (RCE) bug with a high CVSS severity score of 8.8 out of 10. This means attackers can run their own commands on affected servers, a severe threat far beyond crashing systems or unauthorized file access. The underlying technical cause is insecure deserialization, where servers mishandle data from untrusted sources. Microsoft has linked exploitation activity to the Storm-2603 threat group, known for deploying Warlock ransomware against SharePoint vulnerabilities. This situation highlights a recurring problem: patches for this flaw were available in May, yet active exploitation and emergency deadlines emerged in July. This gap between patch availability and application is often where most breaches occur, emphasizing the need for organizations to implement fixes promptly.
HardwarePlayStation Moves to All-Digital Future, Ending Physical Disc Production by 2028Sony has announced a significant shift in its gaming strategy, revealing that it will cease the production of physical game discs for PlayStation consoles starting January 2028. This move signals a definitive push towards an all-digital ecosystem for its gaming platform, with implications for upcoming console generations. The decision strongly suggests that the highly anticipated PlayStation 6, expected to launch around the same timeframe, will likely be a digital-only console. For existing PlayStation users, this means a future where new game purchases will exclusively be digital downloads, potentially requiring a disc-drive accessory for those wishing to play their current physical game libraries on future hardware. This strategic change reflects a broader industry trend towards digital content distribution, driven by convenience, cost efficiencies, and evolving consumer habits. However, it also raises concerns among gamers and preservationists regarding game ownership, backward compatibility, and the future of physical media.
Inteligencia ArtificialAnthropic's Fable 5 Returns: Lessons from a 19-Day Government-Ordered AI ShutdownAnthropic's advanced AI models, Claude Fable 5 and Mythos 5, have been restored for global use after a 19-day shutdown mandated by the U.S. Department of Commerce. The export controls, imposed on June 12, 2026, were lifted on June 30, following intensive negotiations and the implementation of new safeguards to address cybersecurity concerns. This event marked a significant intervention by a government into a commercial AI model's global availability, raising crucial questions about AI governance and enterprise reliance. The shutdown was triggered by an Amazon-reported jailbreak technique that bypassed Fable 5's safeguards, allowing it to identify software vulnerabilities. In response, Anthropic developed an improved safety classifier, which now blocks over 99% of such attempts. Fable 5 became available to general users on July 1 across Anthropic's platforms, while Mythos 5's access remains restricted to approved U.S. organizations involved in defensive cybersecurity. The company also committed to pre-release government access for future frontier models and to collaborate on industry-wide security standards. This incident highlights the growing entanglement of national security with cutting-edge AI development, forcing businesses to reassess their AI vendor dependencies and prompting discussions on international policy implications for technological sovereignty and access to advanced AI.
CiberseguridadNew BlueHammer Vulnerability in Microsoft Defender Exploited by RansomwareThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that ransomware groups are actively exploiting a Microsoft Defender vulnerability, dubbed BlueHammer (CVE-2026-33825), as a zero-day threat. This critical flaw allows authenticated attackers to gain elevated privileges on compromised Windows systems, significantly escalating the severity of attacks. This local privilege escalation flaw was publicly disclosed by a researcher in early April 2026, ahead of Microsoft's official patch release on April 14, 2026. However, evidence indicates that the vulnerability was already being exploited in the wild before the patch was widely available, highlighting a critical window of exposure for users. The exploit allows attackers to enhance their access and facilitate the deployment of ransomware. For millions of Windows users relying on Microsoft Defender, this exploitation underscores the constant threat landscape and the importance of prompt updates. CISA has added BlueHammer to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies and other organizations to apply patches without delay to mitigate potential compromises.