Alvaro Lopez Ortega / 2025-08-20 Briefing

Created Wed, 20 Aug 2025 00:06:19 +0000 Modified Tue, 02 Sep 2025 02:02:32 +0000
3009 Words

Researchers exploited a vulnerability in CodeRabbit to access 1 million repositories, including private ones, highlighting critical security risks. Meanwhile, Foxconn’s AI and cloud server revenue surpassed iPhone assembly in 2025, signaling a major shift toward AI infrastructure dominance. Additionally, Wyoming launched its first state-backed stablecoin across seven blockchains, marking progress in digital currency adoption.

▶️ Internet Infrastructure

Researchers Exploit CodeRabbit Flaw to Access 1 Million Repositories

Researchers exploited CodeRabbit’s external tool execution flaw to execute RCE, leak secrets, and access 1 million repositories by injecting malicious Ruby code via Rubocop configuration files.

  • Researchers exploited CodeRabbit’s vulnerability to achieve remote code execution (RCE), leak API tokens, and gain write access to 1 million repositories, including private ones.
  • The attack involved injecting malicious Ruby code via Rubocop configuration files, exfiltrating environment variables, and using leaked private keys to authenticate as the GitHub app.
  • CodeRabbit responded swiftly in January 2025, rotating secrets, disabling Rubocop, and deploying a fix, demonstrating effective incident management.

Foxconn’s Cloud and AI Revenue Surpass iPhone Assembly in 2025

Foxconn’s cloud and AI server revenue overtook its iPhone assembly business in 2025, with a 47% increase to NT$731.8 billion in Q2, signaling a shift to AI infrastructure dominance.

  • Foxconn’s Cloud & Networking revenue surpassed its Smart Consumer Electronics segment, driven by a 47% year-over-year increase to NT$731.8 billion in Q2 2025
  • AI server revenue grew over 60% in Q2, with projections of a 170% YoY increase in Q3, primarily from hyperscale cloud providers
  • Foxconn is expanding AI server manufacturing in the US (Texas, Wisconsin, California, Ohio) and maintains Mexico operations, reducing reliance on China amid geopolitical risks

Wyoming Launches First State-Backed Stablecoin Across Seven Blockchains

Wyoming introduced its first state-backed stablecoin across seven blockchains to enable cross-chain transactions and promote digital currency use at the state level.

  • Wyoming launched the first state-backed stablecoin on seven blockchains
  • The stablecoin is designed to facilitate cross-chain transactions and enhance state-level digital currency adoption
  • Details on the stablecoin’s technical specifications, issuance process, or blockchain platforms are not provided in the article

Hackers Exploit Apache CVE-2023-46604 to Deploy Persistent Linux Malware

Attackers exploited CVE-2023-46604 in Apache ActiveMQ, installed DripDropper malware via Sliver implant, patched the vulnerability with Java JARs, and maintained persistence on Linux servers, despite patches issued in late 2023 and early 2025.

  • Attackers exploited CVE-2023-46604 (CVSS 9.8, rated 10 by Apache) in Apache ActiveMQ to gain access to Linux servers.
  • They installed DripDropper malware, a Linux ELF encrypted with PyInstaller, communicating via Dropbox, and modified SSH configurations for persistent root access.
  • Attackers used a Sliver implant to modify sshd configs, then downloaded Java JAR files that patched the original vulnerability, hiding their intrusion.
  • The malware established persistence by modifying /etc/cron.* files and altered SSH default login shells, enabling further payload delivery like data theft or ransomware.
  • Despite Apache patching CVE-2023-46604 in October 2023, many vulnerable systems remain unpatched; Oracle issued a patch in January 2025, highlighting delays in vendor updates.
  • DripDropper’s password protection and dynamic actions complicate detection and removal efforts, allowing attackers to maintain covert control over compromised systems.

Rami Sinno Rejoins Arm to Support Silicon Manufacturing Transition

Rami Sinno, ex-Amazon AWS chip lead for Trainium and Inferentia, reportedly rejoined Arm to aid its transition into silicon production, with unclear focus on AI accelerators or CPUs.

  • Rami Sinno, former Amazon AWS chip engineer who led Trainium and Inferentia development, has reportedly rejoined Arm Holdings.
  • Sinno previously managed engineering at Arm before joining Amazon’s Annapurna Labs in 2019.
  • His return supports Arm’s shift from IP licensing to silicon manufacturing; details on whether his work involves AI accelerators or CPUs remain undisclosed.

VergeOS Replaces VMware for Cost-Effective, AI-Ready Multi-Site Infrastructure

VergeOS offers a unified infrastructure platform that replaces VMware, reduces costs, enhances site resiliency, and supports AI workloads at the edge and core, addressing multi-site IT challenges.

  • Organizations with multiple sites must maintain operations during core datacenter or cloud connectivity outages.
  • Rising VMware costs prompt reevaluation of ROBO infrastructure, emphasizing simplification, consolidation, and AI readiness.
  • VergeOS replaces VMware, integrating virtualization, storage, networking, and data protection into a single platform, supporting AI workloads and multi-site management.

Pine64 Discontinues PinePhone Pro to Focus on RISC-V and AI Development

Pine64 shifts from Arm to RISC-V, discontinuing PinePhone Pro, and releases low-cost RISC-V SBCs Oz64 and Star64; updates PineNote and PineTab2 OS support, emphasizing RISC-V and AI projects.

  • Pine64 discontinues its higher-end PinePhone Pro in favor of focusing on RISC-V and AI projects, while the lower-end PinePhone remains on sale for approximately two more years.
  • The company introduces RISC-V hardware: the Oz64 SBC at $12.99 with one Arm A53 core, two 1 GHz C906 RISC-V cores, and 512 MB RAM; and the Star64 SBC at $89.99 with four 1.5 GHz cores, 8 GB RAM, and GPU.
  • OS updates include Linux enhancements for PineNote (multi-touch, refresh options, Wi-Fi, supporting Arch Linux, postmarketOS, NixOS) and PineTab2 (Bluetooth support), along with a preliminary FreeBSD port for PinePhone Pro.

UK CST Urges Strategic Investment in AI Chip Design to Lead Market

UK CST advocates for strategic investment in AI chip design, aiming to launch 50 products in five years, requiring 12,000 chip designers, to establish UK leadership and secure supply chains.

  • UK Council for Science and Technology (CST) recommends focusing on chip design and AI chips, emphasizing investment in skills and strategic objectives.
  • The report suggests the UK could lead in designing AI chips, with a goal of launching 50 new or existing AI chip products over five years.
  • The UK needs approximately 7,000 chip designers over five years, increasing to 12,000 for the AI product target; recommends university curricula, collaboration with companies like IMEC and Muse Semiconductors, and investment in optoelectronics training.

AWS Launches Custom Intel Xeon 6 Instances with Enhanced Memory Performance

AWS has started running custom Intel Xeon 6 processors in new R8i and R8i-flex instances, emphasizing memory bandwidth improvements for memory-intensive workloads like databases and big data.

  • AWS has begun deploying custom variants of Intel Xeon Scalable processors (Xeon 6) in new R8i and R8i-flex instances
  • These instances feature DDR5 7200MT/s memory and operate at up to 3.9 GHz all-core turbo frequency
  • R8i variants range from 2 to 384 vCPUs, with configurations matching up to 96-core, dual-socket Xeon 6 CPUs, supporting memory bandwidth boosts

▶️ Open Source

Transforming Budget Robotic Mowers into Smart RTK GPS Robots

This repository details modifications to convert cheap robotic mowers into smart RTK GPS-based robots, enhancing autonomy, obstacle avoidance, safety, and flexibility, with hardware and firmware updates.

  • The project aims to upgrade inexpensive off-the-shelf robotic mowers with modern RTK GPS technology for improved navigation.
  • The repository provides hardware and software modifications, including low-level firmware, obstacle detection, rain sensors, and safety features.
  • The mainboard used in compatible mowers is manufactured by SUMEC Hardware, with models like YardForce Classic 500 and SA650 ECO identified as suitable.

Whispering: Open-Source Speech-to-Text App Now Part of Epicenter Ecosystem

Whispering is an open-source, privacy-focused speech-to-text application supporting local and cloud transcription, integrated into the Epicenter ecosystem, with detailed architecture and multi-platform support.

  • Whispering is an open-source, local-first speech-to-text app built with Svelte 5 and Tauri, supporting Windows, macOS, Linux, and web browsers.
  • It offers local (offline) transcription via Whisper C++ with FFmpeg, and cloud options using API keys for providers like Groq, OpenAI, ElevenLabs, and Speaches.
  • The project underwent a major restructure from a single app to the Epicenter ecosystem, renaming and reorganizing components, with commits on August 3 and 19, 2025.

Critical Ollama Desktop Flaw Allowed Remote Code Execution and Chat Snooping

A critical flaw in Ollama Desktop v0.10.0 enabled drive-by remote attacks via a web service with incomplete CORS controls, allowing chat snooping and model manipulation; patched in v0.10.1.

  • Vulnerability in Ollama Desktop v0.10.0 allowed drive-by remote code execution and chat snooping via a web service with incomplete CORS controls
  • Fixed in v0.10.1 within hours of report by GitLab’s Chris Moberly on July 31; patch released shortly after
  • Exploit required attacker to host malicious website, scan local ports (40000-65535) to find GUI’s random port, then send crafted POST request to alter settings
  • Attack enabled logging, interception, and modification of local chats, and control over models including poisoned models
  • The flaw affected the GUI web service, not the core Ollama API; no evidence of in-the-wild exploitation yet
  • The vulnerability stemmed from incomplete cross-origin controls, allowing bypass of CORS preflight by removing Content-Type header
  • Attack could be executed without user interaction, requiring only the victim to visit a malicious site on LAN or internet with port forwarding
  • Ollama is open-source for local LLM deployment; the bug was in the Windows and Mac desktop GUIs, not the core API; no CVE assigned

▶️ Software Development

Lazy Brush: Smooth Canvas Drawing with Adjustable Lazy Radius and Friction

Lazy Brush is a JavaScript library enabling smooth canvas drawing with adjustable lazy radius (60) and friction (0.10), supporting mouse and touch input, created by dulnan.

  • Lazy Brush is a JavaScript library for drawing smooth curves and straight lines with mouse, finger, or pointing devices
  • Features include lazy radius set to 60 pixels and friction adjustable from 0.10 to control brush lag
  • Brush radius is fixed at 13 pixels; the library is available on GitHub, npm, and Reddit

Meta CTO Predicts AI Will Reinforce Developer Skill Tiers and Drive Scalable Growth

Meta CTO Andrew Bosworth predicts AI will deepen skill-based tiering among developers, enhance productivity, and enable scalable growth, with short-term ease and long-term leverage similar to internet benefits.

  • Meta CTO Andrew Bosworth predicts AI will create a “stronger tiering of capability” among developers, rewarding those who master AI tools with higher premiums.
  • Engineers mastering AI tools will be less replaceable, while others will focus on data gathering, labeling, and tasks AI cannot perform effectively.
  • Bosworth compares AI’s impact to the internet’s, enabling easier navigation of complex APIs and troubleshooting, with short-term benefits similar to internet-driven efficiencies and long-term gains in leverage, complexity, and productivity.
  • He forecasts AI will facilitate the growth of companies with minimal staffing but billions of users, emphasizing industry expansion over contraction.

▶️ Management and Leadership

White House Launches TikTok Account to Promote Trump Messages Amid Data Concerns

The White House launched its official TikTok account on August 19, 2025, leveraging the platform’s 170 million U.S. users to promote President Trump’s messages amid security concerns over Chinese data access.

  • The White House launched an official TikTok account (@whitehouse) on August 19, 2025, to disseminate President Donald Trump’s messages.
  • The account’s first video features Trump declaring: “I am your voice,” with the caption “America we are BACK! What’s up TikTok?”
  • Trump previously used the @realdonaldtrump account, which has over 15 million followers, and relies on Truth Social and X for messaging.

Google Cloud Sees Surge in Data Boundary and Sovereign Cloud Demand

Google reports rising customer demand for Data Boundary and sovereign cloud options, emphasizing encryption, data location control, and air-gapped infrastructure to ensure data sovereignty and security.

  • Google’s Cloud Experience boss reports increasing demand for Data Boundary and sovereign cloud solutions, with inquiries up tenfold.
  • Google Cloud Data Boundary allows customers to specify data storage locations with controlled, auditable access.
  • Google offers public cloud, dedicated infrastructure via local trusted partners, and air-gapped solutions that operate entirely offline and open source.

Palo Alto Forecasts AI-Driven Browser Wars and Rise of Secure Enterprise Browsers

Palo Alto predicts AI-driven browser wars will intensify, prompting enterprises to adopt secure browsers like Prisma Access, with growth driven by AI security products and virtual firewalls.

  • Palo Alto Networks CEO Nikesh Arora predicts a resurgence of browser wars driven by agentic AI tools from Microsoft, Google, OpenAI, and Perplexity, requiring browser access for tasks like booking and reservations.
  • He expects tech companies will embed their own AI agents into browsers, but enterprises will demand secure browsers, potentially banning consumer versions.
  • Palo Alto owns the Prisma Access Browser, a secure browser integrated with its SASE security platform, and anticipates secure browsers will become a business requirement.
  • The company reported $2.5 billion revenue in Q4 FY2025 (16% YoY growth) and $9.2 billion annually (15% growth), aiming for $10 billion in FY2026, with future growth from AI security, SASE, and virtual firewalls.

Python 2024 Survey Shows Growth but Low Adoption of Latest Version

Python’s 2024 survey indicates ongoing growth, with 72% of developers using it professionally; however, adoption of version 3.13 remains low at 15%, despite its efficiency benefits.

  • The eighth Python Developer Survey, conducted in late 2024 with over 29,000 responses, shows Python’s growing popularity, with 72% using it for work.
  • Only 15% of developers use Python 3.13, the latest version released in late 2024; most stick with earlier releases like 3.12 (35%) and 3.11 (21%).
  • Python usage is nearly evenly split between web development (46%) and data science (48%), with frameworks like FastAPI (38%) showing rapid growth from 29%.

Windows 11 Insider Builds Add Hidden Dark Mode Dialogs in File Explorer

Windows 11 Insider builds (August 2025) introduce hidden dark mode dialog boxes in File Explorer via ViveTool, fixing white UI elements and improving dark mode consistency.

  • Windows 11 Insider Beta and Dev builds (build numbers 26120.5751 and 26200.5751, released August 15, 2025) enable hidden dark mode dialog boxes in File Explorer
  • Prior to this, dialog boxes such as file copy progress and permission prompts remained white even in dark mode
  • Activation requires using ViveTool with specific feature IDs (/enable /id:57857165,57994323,48433719,49453572) after installing Windows Insider builds and enabling dark mode in Settings

Microsoft Launches AI-Powered COPILOT in Excel for Smarter Data Tasks

Microsoft’s new COPILOT function in Excel integrates AI via natural language prompts, enabling data summarization and classification, with usage limits of 100 calls/10 min, supporting Microsoft 365 Copilot license.

  • Microsoft has introduced a new COPILOT function in Excel for Windows and Mac, rolling out to Beta Channel users.
  • The function enables natural language prompts within cells, allowing data summarization, categorization, and insights generation.
  • Usage involves entering =COPILOT(prompt, [context]), with limits of 100 calls per 10 minutes and 300 per hour, with future increases planned.
  • COPILOT can reference cell values and categorize data, supporting tasks like feedback analysis and support ticket tagging.
  • It does not access live web data or internal documents unless imported; requires Microsoft 365 Copilot license and Beta Channel access.
  • The feature aims to streamline workflows, reduce manual data wrangling, and enhance Excel’s functionality with AI-powered automation.

▶️ Technology

Mysterious Nano-Banana AI Model Sparks Google Involvement Rumors

A mysterious AI image model called “nano-banana” has surfaced with strong performance, sparking speculation of Google’s involvement due to recent teasers and its naming, amid ongoing device event anticipation.

  • A new AI image model named “nano-banana” has gained attention for its high-quality image generation and editing capabilities.
  • The model appears on LMArena, a benchmarking site, where users praise its performance, though its creator remains unconfirmed.
  • Speculation links the model to Google, supported by recent teasing from Google executives and the use of the word “nano,” suggesting a potentially local-device capable model.

Meta Restructures AI Division to Accelerate Superintelligence and Innovation

Meta reorganized its AI division into four specialized groups to fast-track superintelligence development and product innovation, while exploring third-party AI models amid internal tensions.

  • Meta announced internal restructuring of its AI division, Meta Superintelligence Labs, into four groups: research, superintelligence, products, and infrastructure.
  • The reorganization aims to accelerate development toward superintelligence and improve product innovation, with some AI executives expected to leave and potential division downsizing.
  • Meta is exploring the use of third-party AI models, including open-source and licensed closed-source options, moving beyond solely proprietary technology.

Google BigQuery Launches AI Agents to Automate Data Pipelines

Google BigQuery’s new AI data engineering agents automate complex data pipeline tasks, accelerating insights, reducing manual effort, and improving scalability in large-scale analytics environments.

  • Google BigQuery introduced data engineering AI agents to automate data pipeline tasks in 2025
  • These agents learn, interact, and specialize, improving over time with deployment guidance provided by Firat Tekiner
  • The agents aim to reduce data ingestion and preparation time, enhance reliability, and free human experts for higher-value work

Nvidia Develops B30A GPU for China Exceeding US Export Limits

Nvidia is reportedly preparing a Blackwell-based GPU, B30A, for China, offering about half the performance of B300, with 7 petaFLOPs FP4, 144GB HBM3e, and exceeding US export limits.

  • Nvidia is developing a Blackwell-based GPU, codenamed B30A, for the Chinese market, as a cut-down version of the B300 announced at GTC in March
  • B30A is a single-die design delivering approximately 50% of the B300’s floating point performance, with an estimated 7 petaFLOPs of dense FP4, 144GB HBM3e, and 4TB/s bandwidth
  • The chip would exceed US export restrictions on AI accelerators, requiring US Commerce Department approval and a 15% revenue cut before shipment to China; it may also serve as a PCIe-compatible replacement for the H200 NVL

GSA Calls for Industry Input on AI-Driven Modernization of Federal Procurement

The GSA seeks industry feedback on deploying AI-driven procurement systems with integrated chatbots, aiming to modernize federal acquisition processes and improve transparency and efficiency.

  • The GSA issued a Request for Information (RFI) on August 19, 2025, seeking industry input on integrating AI into a new end-to-end procurement ecosystem.
  • The proposed platform would incorporate AI for searching, writing, planning, and assessing within a unified acquisition lifecycle management system, including an AI chatbot with full user context and data access.
  • The system aims to enhance transparency, efficiency, and collaboration, addressing current issues such as lack of standardized processes, manual data entry, siloed systems, and inadequate contract and metrics management.

Vision Models Often See Nonexistent Optical Illusions, Revealing Perception Gaps

Vision language models frequently perceive non-existent optical illusions, revealing gaps in AI perception accuracy; top models recognize real illusions but also false positives, as shown in Ullman’s research.

  • Vision language models, including GPT-4, Claude 3, Gemini Pro Vision, miniGPT, Qwen-VL, InstructBLIP, BLIP2, and LLaVA-1.5, tend to see optical illusions where none exist.
  • In experiments, models misidentified images of a duck as an optical illusion that can also be seen as a rabbit, despite only providing a duck image.
  • The phenomenon, described in Thomas Ullman’s preprint The Illusion-Illusion, indicates models’ tendency to perceive non-existent visual ambiguities, with top models recognizing actual illusions but also false positives.