Alvaro Lopez Ortega / 2025-09-11 Briefing

Created Thu, 11 Sep 2025 22:59:33 +0000 Modified Sat, 13 Sep 2025 02:06:52 +0000
2985 Words

Today’s headlines highlight a record $40 billion US data center spend driven by Big Tech’s trillion-dollar plans, a major EU ‘Chat Control’ opposition from security experts, a 1.5 Gpps UDP flood attack from hijacked IoT devices, and OpenAI’s significant restructuring into a $100 billion nonprofit, signaling major shifts in tech infrastructure, security, and AI governance.

▶️ Internet Infrastructure

US Data Center Spending Hits $40B as Big Tech Plans Exceed $1 Trillion

US data center construction spending hit a record $40 billion in June, driven by Big Tech’s $1 trillion+ plans and Oracle’s $35 billion capex forecast, supported by $317 billion AI contracts.

  • US data center construction spending reached $40 billion annually in June, a 30% increase from the previous year.
  • Big Tech companies, including Amazon, Microsoft, Google, Meta, Apple, and Oracle, are driving the spending boom with plans exceeding $1 trillion by 2028.
  • Oracle projects $35 billion in capital expenditures for FY2025, fueled by $317 billion in new AI contracts, notably with OpenAI’s Stargate project.

600 Security Experts Oppose EU ‘Chat Control’ Over Privacy and Security Risks

EU legislation called “Chat Control” seeks to mandate encryption backdoors and client-side scanning for messaging apps, facing opposition from over 600 security professionals due to privacy, security, and feasibility concerns.

  • Over 600 security experts oppose EU legislation known as “Chat Control,” which mandates scanning user content and backdooring encryption to combat child sexual abuse.
  • The proposed law, in development since 2022 and set for a full vote next month, aims to require ISPs and messaging platforms like WhatsApp, Signal, and Telegram to implement client-side scanning and detection systems.
  • Critics argue the legislation is unworkable, highly intrusive, and risks false positives with an estimated 10% error rate, potentially leading to wrongful accusations; experts warn encryption backdoors could expose all data and threaten security.

FastNetMon Detects 1.5 Gpps UDP Flood from Hijacked IoT Devices

FastNetMon detected a 1.5 Gpps UDP flood from hijacked routers and IoT devices, targeting a European DDoS scrubbing provider, demonstrating the threat of high packet-rate attacks and botnet activity.

  • FastNetMon detected a 1.5 Gpps UDP flood attack from hijacked routers and IoT devices across over 11,000 networks worldwide on September 11, 2025
  • The attack targeted a Western European DDoS scrubbing vendor; another similar incident (1.49 Gpps) was observed targeting an Eastern European provider
  • Attackers used compromised MikroTik routers; extortion emails were linked to the second incident; detection was enabled by FastNetMon’s automated systems, preventing major outage

Neo4j’s Infinigraph Uses Property Sharding to Boost Scalability and Transactions

Neo4j’s Infinigraph employs “property sharding” to improve scalability and enable transactional workloads, integrating with Microsoft AuraDB and Fabrics.

  • Neo4j introduces “property sharding” to enhance scalability and support transactional workloads
  • Infinigraph, launched in September 2025, enables distributed graph architecture in Neo4j’s self-managed and cloud offerings, including Microsoft AuraDB and Fabrics
  • Property sharding stores graph structure in a single shard, distributed across clusters, maintaining search and traversal capabilities within each shard

Arm Server Market Share Reaches 25% Amid Nvidia’s Growth in Data Centers

Arm’s server market share reached 25% in Q2 2025, driven by Nvidia’s Arm-based Grace CPUs and platforms, with ongoing growth expected as more chip designers develop server chips.

  • Arm CPUs captured 25% of the server market in Q2 2025, up from 15% a year earlier, according to Dell’Oro Group
  • Nvidia’s Grace-Blackwell platforms, featuring 72-core Grace CPUs based on Arm Neoverse V2 architecture and NVLink-C2C interface, drive this growth
  • Nvidia’s Blackwell Ultra architecture-based systems began shipping in late 2024, with volume deployment in Q2 2025; these machines include 72 Nvidia Grace CPUs and 72 Nvidia GPUs per 120-kW rack
  • Nvidia’s Grace CPUs, introduced in 2022, are optimized for data movement and are used in AI and high-performance computing workloads
  • Arm’s server market share remains below the 50% target set by Arm infrastructure chief Mohamed Awad; Nvidia is developing a new Arm-based CPU called Vera, with Qualcomm and Fujitsu also working on server chips
  • Arm’s broader goal includes reaching 50% of Windows PC sales by 2029; other chip designers like AWS, Microsoft, and Google are expanding their Arm-based offerings
  • Dell’Oro forecasts the server and storage component market will grow 46% in 2025 amid ongoing AI-driven expansion, with DPU and SmartNIC sales roughly doubling year-over-year
  • Nvidia’s efforts include developing custom chip architectures and integrating with Nvidia’s NVLink Fusion technology for broader AI and data center applications

Microsoft Outlook Outage Disrupts North American Mailboxes

Microsoft experienced a widespread Outlook outage in North America affecting mailbox access, with ongoing investigation and infrastructure adjustments; issues also impacted related services like OneDrive.

  • Microsoft confirmed a major Outlook outage across North America, preventing mailbox access via any Exchange Online connection, starting at 0936 local time (1636 UTC).
  • The outage persisted for over two hours with ongoing investigation; Microsoft reported data analysis efforts and applied infrastructure changes.
  • Downdetector recorded a surge in Outlook and Microsoft 365 problems approximately four hours after initial incident; Microsoft acknowledged service degradation on consumer products.

ETH Zurich Uncovers VMSCAPE Spectre Flaw in AMD and Intel CPUs

ETH Zurich revealed VMSCAPE, a Spectre-based vulnerability affecting AMD Zen and Intel Coffee Lake CPUs, allowing cloud guest attackers to leak hypervisor secrets via branch predictor exploitation, mitigated by software patches increasing overhead.

  • ETH Zurich researchers identified VMSCAPE (CVE-2025-40300), a Spectre-based transient execution vulnerability affecting AMD Zen CPUs and Intel Coffee Lake processors.
  • VMSCAPE enables a malicious guest in cloud environments to leak hypervisor secrets without code modifications, exploiting incomplete branch predictor isolation.
  • The attack can leak QEMU process memory at 32 B/s on AMD Zen 4, extracting cryptographic keys within 772 seconds; hardware fixes are infeasible, mitigated via software with performance overhead.

▶️ Open Source

Figure Technology’s IPO Sparks Market Surge and Valuation Double

Figure Technology’s IPO increased its market capitalization to $6.6 billion, with shares opening 44% above the IPO price, amid its blockchain-based credit offerings.

  • Figure Technology shares rose 24% after raising $787.5 million in an IPO
  • Shares closed at $31.11, 24% above the IPO price of $25
  • The company’s market value is approximately $6.6 billion, up from a 2021 valuation of $3.2 billion

Oracle Layoffs Fuel Fears Over MySQL’s Future

Oracle’s September 2025 layoffs of around 70 MySQL team members raise concerns about the future of the open-source database, with critics fearing a decline in community support and development.

  • Oracle conducted widespread layoffs affecting approximately 70 MySQL development team members in September 2025
  • The layoffs have raised concerns about the future of the open-source database MySQL
  • Monty Widenius, co-author of MySQL, expressed sadness but not surprise over the job cuts and the potential decline of MySQL Community edition

RSL Standardizes AI Web Crawling Licenses for Fair Compensation

RSL standardizes AI web crawling licensing by requiring crawlers to present valid licenses or payments via HTTP headers, aiming to ensure fair compensation for content creators and improve content control.

  • The Really Simple Licensing (RSL) standard aims to enable websites to programmatically present licensing terms to AI crawlers, requiring them to show a license or credit card.
  • RSL builds on RSS, introducing a compliance mechanism where crawlers must include a valid RSL License Token in the Authorization header using RFC 7235 HTTP Authentication.
  • RSL is managed by the nonprofit RSL Collective, backed by organizations including Reddit, Yahoo, Medium, and others, and supports various licensing models such as free, attribution, subscription, and pay-per-crawl.

▶️ Software Development

Microsoft Launches .NET 10 RC with Major Performance Boosts and Compatibility Updates

Microsoft released the .NET 10 RC with “go-live” support, showcasing major performance gains across JSON, compression, JIT, and threading, detailed in a 55,000-word analysis, with compatibility updates and experimental MAUI runtime changes.

  • .NET 10 RC with “go-live” license released, supporting production use, compatible with Visual Studio 2026 and reportedly also with Visual Studio 2022
  • Performance improvements detailed in a 55,000-word post, including significant gains in JSON, compression, JIT, thread pool, and System.IO.Compression API, with some operations faster by 65% or more
  • Enhancements to ASP.NET Core, Blazor, Entity Framework Core (SQL Server vector search, complex types), and experimental MAUI support using CoreCLR runtime on Android (not for production), with Native AOT in development

▶️ Management and Leadership

OpenAI and Microsoft Tentatively Revise Partnership to Support Restructuring

OpenAI and Microsoft have agreed on a tentative, non-binding partnership revision to support OpenAI’s restructuring into a for-profit entity, enabling continued growth and addressing past tensions.

  • OpenAI and Microsoft have reached preliminary terms on a revised partnership agreement, with a non-binding memorandum of understanding signed and final contractual terms being negotiated.
  • The deal aims to facilitate OpenAI’s restructuring, allowing the company to move forward with its plans to convert into a for-profit entity with a stake exceeding $100 billion, while retaining control through its nonprofit structure.
  • The partnership has faced strains due to OpenAI’s growth, competition for customers, and limitations on Microsoft’s access to OpenAI technology once certain AI milestones are reached; the deal requires regulatory approval amid opposition from various groups.

FTC Orders Tech Giants to Report on Chatbot Impact and Restrictions for Minors

The FTC mandated Google, OpenAI, Meta, Snap, xAI, and Character.AI to disclose their measures on chatbot impacts on children, focusing on monitoring, testing, and restricting minors’ access.

  • FTC ordered Google, OpenAI, Meta, Snap, Elon Musk’s xAI, and Character.AI to provide information on their chatbots’ impact on children.
  • The agency aims to study how these firms measure, test, monitor, and restrict chatbot use by kids and teens.
  • The inquiry includes companies’ efforts to limit access and data collection related to minors under US law.

OpenAI Restructures to Create $100 Billion Nonprofit Stake in New Public Benefit Company

OpenAI’s restructuring, announced by Bret Taylor, establishes a nonprofit with a $100 billion stake in a new public benefit corporation, enabling significant fundraising and emphasizing safety and community impact.

  • OpenAI and Microsoft are nearing a resolution of their contractual dispute, leading to the creation of one of the world’s richest charities.
  • The new structure grants OpenAI’s nonprofit a stake worth over $100 billion in the restructured for-profit entity.
  • The nonprofit’s valuation rivals major foundations like the Gates Foundation and the Novo Nordisk Foundation.

OpenAI Restructures as Public Benefit Corp with $100B Stake and Microsoft Deal

OpenAI plans to restructure into a public benefit corporation after allocating a $100 billion stake to its nonprofit and settling financial terms with Microsoft, which holds 49% of its profits from over $13 billion investments.

  • OpenAI reached a tentative deal to give a $100 billion equity stake to its controlling nonprofit and settle financial issues with Microsoft.
  • The moves enable OpenAI to restructure from a nonprofit to a public benefit corporation.
  • Microsoft invested over $13 billion in OpenAI from 2019 to 2023, holding approximately 49% of future profits, complicating structural changes.

Albania Appoints AI Bot Diella as Virtual Minister to Fight Tender Corruption

Albania appointed Diella, an AI bot, as a virtual minister to oversee public tenders, aiming to eliminate corruption and support EU accession efforts by ensuring transparent government contracting.

  • Albania appointed Diella, an AI-generated virtual assistant, as the first virtual cabinet member responsible for managing and awarding all public tenders.
  • Diella, launched earlier in 2025 on the e-Albania platform, aims to eliminate corruption in public procurement by being impervious to bribes and threats.
  • Prime Minister Edi Rama stated Diella will help make Albania’s public tenders 100% free of corruption, addressing longstanding graft issues linked to organized crime and EU accession challenges.

Experts Criticize Ofcom’s Limited Enforcement of the UK’s Online Safety Act

Experts criticize Ofcom’s enforcement of the UK’s Online Safety Act, citing limited scope, conflated algorithms, and ineffective safeguards like VPN bans, questioning its ability to prevent online harm and misinformation.

  • Experts and academics criticized Ofcom’s enforcement approach of the UK’s Online Safety Act (OSA), highlighting concerns over its effectiveness and scope.
  • The OSA’s enforcement claims, including preventing riots like Southport 2024, were questioned; legal experts noted limitations in addressing misinformation and harmful content.
  • Ofcom’s proposals to modify recommender systems focus on content demotion, conflating algorithms with moderation tools; legal analysis suggests limited regulatory leverage.
  • The scope of the OSA was narrowed, excluding “lawful but harmful” content, restricting Ofcom’s ability to regulate certain online content and recommendation algorithms.
  • The surge in VPN and proxy use since the law’s enactment complicates age verification efforts; experts argue VPN bans are ineffective and that children can still bypass safeguards.
  • Ofcom states its role is to ensure platforms have appropriate systems, not to intervene in individual content, acknowledging the law’s limited capacity to eliminate all online harm.

IT Pros Overwhelmed by Alerts and After-Hours Monitoring

Survey reveals 52% of IT pros check dashboards outside work hours; 76% find alerts disruptive; 62% credit alerts with preventing outages; emphasizes need for improved dashboards and system resilience.

  • 52% of 616 IT professionals check dashboards during nights, weekends, or vacations; 59% report increased obsessiveness after outages; 33% check at least hourly
  • 62% say alerts helped prevent major outages; 76% report alerts disrupt personal lives; 43% receive multiple alerts daily causing notification overload
  • 30% experienced downtime due to not reviewing dashboards before issues escalated; survey commissioned by Liquid Web highlights need for better dashboard design and system resilience

Intel’s Xeon Chief Architect Ronak Singhal Departs Amid Market Competition

Ronak Singhal, Intel’s Xeon chief architect since 1997, is leaving for new opportunities, amid ongoing executive turnover and intense competition from AMD and Arm in the server CPU market.

  • Ronak Singhal, Intel’s Xeon chief architect with nearly 30 years at the company, is leaving at the end of September 2025
  • Singhal contributed to development of Intel’s 22nm Haswell and 14nm Broadwell architectures, holding at least 30 patents
  • His departure follows a pattern of executive turnover in Intel’s datacenter division amid increased competition from AMD and Arm-based CPUs, with Arm now holding 25% of the server market and AMD about 41% of server revenues

LNER data breach exposes customer info but no financial details

LNER experienced a data breach at a third-party supplier exposing customer contact and journey info, with no impact on services or sensitive financial data; investigation ongoing.

  • LNER confirmed customer contact details and some journey information were accessed via a third-party supplier breach.
  • The affected third-party does not store bank details, payment cards, or passwords.
  • The incident does not impact ticketing or rail services; ongoing investigations do not specify the attacker or breach method.

Microsoft consolidates Copilots into Microsoft 365 Copilot at $30/month

Microsoft consolidates Sales, Service, and Finance Copilots into Microsoft 365 Copilot at $30/month, streamlining licensing and reducing fragmentation of AI-driven role-based solutions.

  • Microsoft rebrands and integrates Sales, Service, and Finance Copilots into Microsoft 365 Copilot with “role-based AI solutions” on September 11, 2025
  • Previously standalone Copilots cost $50 per user/month; now bundled into a $30 per user/month Microsoft 365 Copilot package
  • The integration aims to reduce product fragmentation and simplify licensing, with branding changes from “Copilot for Service” to “Microsoft 365 Copilot for Service”

Walmart Focuses on Change Management to Drive Company-Wide AI Adoption

Walmart emphasizes employee adoption over technology, with company-wide AI use driven by change management, rapid iteration, and process automation, aiming for all staff to integrate AI into their roles.

  • Walmart’s enterprise SVP, David Glick, states “everybody’s using AI every day” across the company.
  • The main challenge has shifted from technology development to change management and employee adoption.
  • Walmart has streamlined security processes, reducing project approval backlog from weeks/months to zero days to facilitate rapid AI deployment.

Senator Wyden urges FTC to probe Microsoft’s role in hospital ransomware attack

Senator Wyden calls for FTC investigation into Microsoft’s insecure defaults and unpatched vulnerabilities, citing a 2024 ransomware attack on Ascension that compromised 5.6 million patient records using Kerberoasting and RC4 encryption.

  • Senator Ron Wyden urged the FTC to investigate Microsoft for shipping “dangerous, insecure software” linked to a ransomware attack on Ascension, a US hospital network.
  • The attack exploited default configurations and a decades-old vulnerability, Kerberoasting, relying on RC4 encryption, which Microsoft has not yet disabled despite known risks and delayed patches.
  • The breach resulted in disruption of surgeries, use of pen-and-paper, and theft of personal and medical data of approximately 5.6 million patients; Wyden criticizes Microsoft’s security culture and default policies, accusing it of profit-driven neglect and setting insecure standards across critical infrastructure.

▶️ Technology

KDE Unveils Alpha Immutable Linux Built on Arch with Modern Features

KDE announced KDE Linux, an alpha immutable distribution based on Arch, employing Wayland, UEFI, Btrfs, EROFS, and systemd-sysupdate, aiming for modern, self-distributed OS for KDE software.

  • KDE Project released an alpha version of KDE Linux at Akademy 2025, targeting home, business, and OEM use.
  • KDE Linux is an immutable distribution based on Arch Linux packages, using Flatpak and compiled from source, with no Pacman or AUR dependency.
  • The system employs Wayland-only support, UEFI-only support, a Btrfs root filesystem, and an EROFS read-only /usr, with updates managed via systemd-sysupdate without delta updates.

Microsoft invests in in-house AI chip clusters to boost self-sufficiency and scale models

Microsoft intends to develop its own AI chip cluster for in-house model training, reducing reliance on OpenAI, with significant investments and infrastructure scaling, exemplified by MAI-1-preview trained on 15,000 Nvidia H100s.

  • Microsoft plans to invest heavily in its own AI chip cluster to achieve self-sufficiency in AI development.
  • The company aims to build world-class foundation models in-house, exemplified by the MAI-1-preview trained on 15,000 Nvidia H100s.
  • Suleyman indicated that current models are trained on clusters six to ten times larger than Microsoft’s tiny cluster, highlighting plans for scaling infrastructure.

Okta Warns of VoidProxy Phishing Service Targeting Google and Microsoft Accounts

Okta reports multiple cybercrime gangs using VoidProxy phishing-as-a-service to steal Google and Microsoft credentials, MFA codes, and session tokens via sophisticated, multi-layered AiTM attacks.

  • Okta uncovered multiple cybercriminal groups using VoidProxy for real-time credential, MFA code, and session token theft targeting Google and Microsoft accounts.
  • Attacks involve phishing sites hosted on low-cost domains behind Cloudflare, with victims redirected through URL shorteners and CAPTCHA challenges.
  • The phishing service offers a management dashboard for campaign monitoring, with infrastructure linked to dark web ads since August 2024; ongoing activity detected daily.