Hackers exploited a critical SharePoint zero-day, affecting over 54 organizations worldwide, including U.S. agencies and international targets. Microsoft rushed emergency patches as active exploits pose significant security risks, highlighting urgent vulnerabilities in on-premises SharePoint servers.
▶️ Internet Infrastructure
Hackers Exploit Major SharePoint Vulnerability Affecting U.S. Agencies and International Targets
Hackers exploited a major security flaw in Microsoft SharePoint, impacting U.S. government, universities, energy companies, and international targets, with no patch available as investigations continue.
- Attackers exploited a “significant vulnerability” in Microsoft SharePoint servers, affecting U.S. federal and state agencies, universities, energy firms, and an Asian telecom.
- No patch has been issued by Microsoft for the flaw, leaving tens of thousands of SharePoint servers at risk.
- The U.S., Canada, and Australia are investigating the breach, which occurred over the past few days and involved global targets.
▶️ Open Source
Whisper Model Hallucinates “Nancy Qunqar” in Silence Due to Training Artifacts
Whisper’s large-v3 model hallucinated “ترجمة نانسي قنقر” in silent audio due to training data artifacts, with suggestions to mitigate including adjusting prompts, suppress tokens, or fine-tuning.
- The discussion highlights that Whisper’s model consistently hallucinated “ترجمة نانسي قنقر” (“Translation by Nancy Qunqar”) when processing complete silence in audio files.
- Experiments involved generating silent WAV files with ffmpeg and running Whisper with the
--language Arabicandlarge-v3model, which resulted in the model outputting the phrase regardless of actual speech. - Multiple contributors suggest that the hallucination stems from training data artifacts, such as subtitles and credits ending with copyright notices or phrases like “don’t forget to like and subscribe,” which the model learned to associate with silence or end-of-video cues.
Why Switch to Firefox? Open-Source Privacy and Customization Benefits
Kaushik Gopal advocates switching to Firefox for open-source transparency, enhanced privacy features, full extension support, and extensive customization, emphasizing improved ad-blocking and multi-profile management.
- The article was published on July 18, 2025, highlighting Firefox’s advantages over Chrome, especially after Chrome’s restrictions on uBlock Origin.
- Emphasizes Firefox’s open-source nature (source code), customizable interface, and native support for multi-account containers.
- Details extensive setup tips, including installing uBlock Origin, configuring Total Cookie Protection, using Containers with
about:configtweaks, and recommended add-ons like Dark Reader and Stylus.
Arch Linux Warns Users to Remove AUR Firefox Forks Contaminated with RATs
Arch Linux warned users to purge recent AUR-installed Firefox forks due to malware in compromised packages containing RATs, emphasizing the risks of AUR’s unpoliced software sources.
- Arch Linux users advised to delete Firefox, LibreWolf, and Zen browsers from AUR if installed in the past few days
- Compromised packages (
librewolf-fix-bin,firefox-patch-bin,zen-browser-patched-bin) contained Remote Access Trojan (RAT) on July 16 - Affected packages were removed within two days; users should verify system integrity and reboot after removal
Open Source Security Boosts Trust Through Transparency and Peer Review
Open source enhances security through transparency and peer review; Hammond’s detailed analysis of Talon illustrates how human oversight and defensive coding improve trustworthiness.
- Article emphasizes open source security benefits, highlighting increased code transparency and peer review.
- Demonstrates a 39-minute security analysis of Raven’s Talon utility by ethical hacker John Hammond on YouTube.
- Hammond’s analysis shows Talon performs low-level Windows modifications, downloads external binaries, and employs code obfuscation techniques.
▶️ Software Development
uv 0.8.1 Enhances Python Script Execution with Dependency Management and Reproducibility
uv version 0.8.1 enables executing Python scripts with automatic dependency management, inline metadata, shebangs, alternative indexes, and dependency locking, enhancing reproducibility and flexibility.
- uv version 0.8.1 supports running Python scripts with or without dependencies
- Scripts can be executed via
uv run, accepting arguments, stdin, or here-documents - Dependencies are declared using
--withoptions or inline script metadata, supporting version constraints and multiple dependencies
GitHub Reverses Removal of Command Palette After Developer Backlash
GitHub reversed its plan to remove the command palette after developer pushback; it remains available during ongoing improvements, despite low usage and default disablement since 2024.
- GitHub paused the removal of the command palette following developer protests, reversing an August 6 deprecation plan announced on July 16.
- The feature, introduced in October 2021 as a beta, enables keyboard control and quick navigation, and was set for removal due to “low usage.”
- The command palette remains available temporarily while GitHub explores potential improvements; it was enhanced in February 2022 with customizable shortcuts and has been disabled by default since February 2024.
Replit Launches Separate Databases to Prevent Data Loss and Fabrication
Replit introduces separate development and production databases in beta to prevent data loss and fabrication, following a user incident where a production database was deleted and data faked.
- Replit announced the rollout of separate production and development databases for its vibe coding platform, initially in beta for new apps, with automatic migration planned.
- The update aims to prevent database deletion disasters, such as the incident where a user’s production database was deleted and data fabricated.
- CEO Amjad Masad acknowledged the incident, highlighted the implementation of a fix to enable Docs search, and emphasized ongoing efforts to enhance safety and robustness.
▶️ Management and Leadership
UK Drops Push for Apple Backdoors After US Pressure
UK officials are abandoning their push for Apple to weaken end-to-end encryption after US diplomatic pressure, risking impact on UK-US tech agreements and data privacy standards.
- UK government is retreating from its demand that Apple provide access to encrypted customer data following US pressure.
- UK Home Office ordered Apple in January to create a “back door” for law enforcement access via a “technical capability notice” under the Investigatory Powers Act.
- US officials, including Vice President JD Vance, expressed strong opposition, citing concerns over US-UK tech relations and data privacy, leading the UK to likely back down.
Chinese Hackers Exploit SharePoint Zero-Day to Compromise Dozens Worldwide
Multiple Chinese state-affiliated groups exploited a SharePoint zero-day chain (“ToolShell”) to compromise over 54 organizations worldwide; Microsoft issued emergency patches for CVE-2025-49706, CVE-2025-49704, and CVE-2025-53770, with a PoC exploit now publicly available.
- Several Chinese-linked hacking groups, including Linen Typhoon, Violet Typhoon, and Storm-2603, exploited a SharePoint zero-day chain (“ToolShell”) to breach dozens of organizations globally.
- Microsoft observed these threat actors targeting internet-facing SharePoint servers, with at least 54 organizations compromised, including multinational and government entities.
- Microsoft patched CVE-2025-49706 and CVE-2025-49704 vulnerabilities during July Patch Tuesday; a proof-of-concept exploit for CVE-2025-53770 was released on GitHub, facilitating further attacks.
UK to Ban Ransom Payments for Critical Infrastructure and Public Sector
UK plans to prohibit public sector and critical infrastructure organizations from paying ransoms, requiring ransom payment notifications and establishing incident reporting to combat ransomware threats.
- UK government proposes to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks.
- Entities affected include local councils, schools, and NHS; businesses must notify the government if they plan to pay ransoms, seeking legal guidance.
- A mandatory incident reporting system is being developed to aid law enforcement in tracking attackers; measures follow January consultation emphasizing ransomware as a national security threat.
Tesla Unveils 24/7 Tesla Diner & Drive-In with Superchargers in Hollywood
Tesla launched the Tesla Diner & Drive-In in Hollywood, combining a 24/7 restaurant, 80 Supercharger stalls, and drive-in theater, reflecting Musk’s 2018 concept with futuristic design and Tesla products.
- Tesla opened the Tesla Diner & Drive-In in Hollywood, California, on July 21, 2025, featuring a 24/7 operation with over 250 seats in a two-story restaurant.
- The facility includes 80 Supercharger stalls compatible with NACS EVs, functioning as a Supercharging station and drive-in movie theater with two 66-foot LED screens.
- The diner integrates retro and futuristic design elements, showcases Tesla’s mission with interior wallpaper, and features Tesla products like Cybertrucks (including a DOGE-themed wrap) and an Optimus robot assisting with service.
EU Likely to Approve Apple’s App Store Fee Changes to Avoid Fines
Apple’s planned App Store rule and fee adjustments aim to secure EU approval, prevent daily fines, and comply with the Digital Markets Act, involving a 20% processing fee and outside payment link fees.
- EU antitrust regulators are likely to approve Apple’s proposed changes to App Store rules and fees, potentially avoiding daily fines.
- Apple announced that developers will pay a 20% processing fee for in-store purchases, with possible reductions to 13% for small businesses; outside payment links will incur 5-15% fees.
- The changes follow a 500 million euro fine in April for restrictions breaching the Digital Markets Act, with the EU expected to approve the modifications in upcoming weeks.
UK Partners with OpenAI to Expand AI in Public Services
UK DSIT signed a voluntary, non-binding MoU with OpenAI to deploy AI in public services, aiming to boost economic growth and AI infrastructure, amid skepticism over AI’s transformative potential.
- UK Department for Science, Innovation & Technology (DSIT) signed a non-legally binding MoU with OpenAI to expand AI deployment in the UK public sector.
- The MoU, not a formal contract, involves collaboration on identifying uses of “advanced AI models” in public and private sectors, with no financial exchanges at this stage.
- UK government claims the partnership aims to enhance understanding of AI capabilities and security risks, supporting plans for “AI Growth Zones” and increasing OpenAI’s presence in the UK.
OpenAI Seeks Additional Funding to Reach $300 Billion Valuation
OpenAI is raising additional capital within its $40 billion round, led by SoftBank, to reach a $300 billion valuation; SoftBank’s commitment depends on a restructuring plan, amid ongoing partnerships and talent poaching.
- OpenAI is seeking additional funding from new and existing investors to complete a $40 billion financing round announced in March, with the round reopening on July 28.
- The $40 billion round, led by SoftBank, raised OpenAI’s valuation to $300 billion; initial tranche was $10 billion, with $7.5 billion from SoftBank and $2.5 billion from other investors.
- SoftBank’s commitment may be reduced to $10 billion if OpenAI does not restructure by year-end; OpenAI has raised a total of $63.92 billion since 2015, with backers including Microsoft, Andreessen Horowitz, Sequoia Capital, Nvidia, and Reid Hoffman.
▶️ Technology
Microsoft Poaches Google DeepMind AI Experts to Boost Innovation
Microsoft is actively poaching leading AI researchers from Google DeepMind to bolster its AI development efforts, reflecting intensifying competition in AI talent acquisition.
- Microsoft recruits top Google DeepMind AI staff amid ongoing AI talent war
- Recruitment aims to strengthen Microsoft’s AI research and product development capabilities
- Specific personnel, roles, or technical areas targeted in the hiring are not disclosed
LG G5 OLED Tops Brightness with Record 2,410 Nits, Outshining Samsung S95D
LG’s G5 OLED delivers a record 2,410 nits peak brightness with four-stack panel tech, surpassing competitors in HDR performance; Samsung S95D offers exceptional anti-glare with 1,700 nits brightness.
- The LG G5 OLED TV achieves a peak brightness of 2,410 nits, the highest for OLEDs, enabling superior HDR highlights and glare management.
- Samsung S95D features a matte anti-glare screen with a peak brightness of 1,700 nits, significantly reducing reflections but slightly diminishing black levels.
- Both models support HDMI 2.1, HDR10, HDR10+, HLG, with the LG G5 additionally supporting Dolby Vision; the G5 offers up to 97 inches, while the S95D is limited to 65 inches.
Apple Struggles to Attract AI Talent Amid Competition and Cultural Challenges
Apple’s decline in AI talent acquisition stems from cultural and strategic factors, with competitors offering more open research environments and aggressive recruiting, impacting its AI development capabilities.
- Apple is losing ground in the AI talent war due to factors beyond compensation, including organizational culture and research environment
- The company faces increased competition from tech giants like Google, Microsoft, and OpenAI, which offer more attractive research opportunities
- Apple’s AI research efforts are hindered by limited open-source contributions and less aggressive recruitment strategies compared to rivals
Microsoft Urgently Patches SharePoint Zero-Day Exploits Affecting Thousands
Microsoft issued critical security updates on July 21, 2025, for SharePoint Server 2016 to fix zero-day vulnerabilities exploited in active attacks, requiring key rotation and IIS restart.
- Microsoft released emergency patches for SharePoint Server 2016 on July 21, 2025, addressing CVE-2025-53770 and CVE-2025-53771 zero-day vulnerabilities.
- The vulnerabilities allowed attackers to impersonate users or services, maintain persistent access, and exfiltrate data even after patching.
- Active exploitation was reported, with tens of thousands of servers, including US federal and state agencies, at risk; the issue affects on-premises SharePoint servers only.
FuriosaAI RNGD Chips Outperform Nvidia A100 in Inference Efficiency
FuriosaAI’s RNGD inference chips, with 256-512 TFLOPS at 180W, achieved 2.25x efficiency over Nvidia A100s, enabling LG to meet performance targets for large language models using PCIe-based tensor parallelism.
- FuriosaAI RNGD inference chips deliver up to 2.25x higher performance per watt than five-year-old Nvidia A100 GPUs, with 256-512 TFLOPS FP16/FP8 performance at 180W power draw
- LG AI Research used four RNGD PCIe cards in tensor-parallel configuration to run its Exaone 32B model at 16-bit precision, achieving a time-to-first token of ~0.3 seconds for 3,000 tokens and 4.5 seconds for 30,000 tokens
- RNGD’s architecture, featuring Tensor Contraction Processor and use of HBM memory, enables approximately 1.4 TFLOPS/W efficiency, with 48GB HBM3 memory and 1.5TB/s bandwidth, optimized for inference over raw speed