Alvaro Lopez Ortega / 2025-09-17 Briefing

Created Wed, 17 Sep 2025 22:08:14 +0000 Modified Tue, 14 Oct 2025 02:15:21 +0000
3936 Words

Today’s headlines include a major supply chain attack compromising nearly 500 npm packages from CrowdStrike, Meta unveiling advanced smart glasses with 3K video and AI features, Waymo expanding autonomous rides to US airports, and a $42 billion US-UK tech trade deal boosting AI and infrastructure cooperation.

▶️ Internet Infrastructure

Supply Chain Attack Targets 500 CrowdStrike npm Packages in “Shai-Hulud” Campaign

A supply chain attack compromised nearly 500 npm packages from CrowdStrike, deploying malware that exfiltrates secrets via GitHub workflows, branded as “Shai-Hulud,” impacting over 100 packages since September 2025.

  • Ongoing supply chain attack targets nearly 500 CrowdStrike npm packages via compromised crowdstrike-publisher account
  • Malware includes a bundle.js script that downloads and executes TruffleHog, searches for tokens/credentials, creates unauthorized GitHub Actions workflows, and exfiltrates data to hxxps://webhook[.]site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7
  • Attack campaign branded as “Shai-Hulud,” with malware written into bundle.js and shai-hulud.yaml workflow file, impacting over 100 packages across multiple versions

Meta Unveils Oakley Meta Vanguard Smart Glasses with 3K Video and AI Features

Meta unveiled Oakley Meta Vanguard smart glasses at Connect 2025, featuring 3K video, 12MP camera, 9-hour battery, AI button, and IP67 rating, launching October 21 for $499.

  • Meta announced the Oakley Meta Vanguard smart glasses at Connect 2025, launching October 21 for $499
  • Features include a large unified front lens, 3K video capture, 12MP camera with 122° wide-angle lens, and programmable AI trigger button
  • Battery life is up to 9 hours, with a charging case providing an additional 36 hours; 50% charge in 20 minutes; IP67 dust/water resistance; open-ear speakers 6dB louder than previous models; compatible with Garmin and Strava

Waymo Expands Autonomous Rides to Airports and Major U.S. Cities by 2026

Waymo received permits for commercial autonomous rides at SFO and SJC airports in 2025, expanding its service footprint across major U.S. cities, with plans for Nashville and Dallas in 2026, supported by over 100 million miles driven.

  • Waymo received a pilot permit for commercial autonomous operations at San Francisco International Airport (SFO) on September 16, 2025, starting with employee testing and expanding to passenger pickups at the Kiss & Fly area.
  • The company announced plans to bring fully autonomous rides to Nashville in partnership with Lyft in 2026, with service accessible via the Waymo and Lyft apps.
  • Waymo is expanding to Dallas in 2026, aiming to serve more riders in Texas, and has also received authorization for autonomous operations at San José Mineta International Airport, with testing beginning in fall 2025.
  • The company has driven over 100 million miles on public roads, supporting its scaling efforts across multiple U.S. cities including Seattle, Denver, Austin, and New York, with ongoing partnerships and regulatory approvals.
  • Next-generation vehicles include Jaguar I-PACE with the 5th-generation Waymo Driver and Zeekr RT with the 6th-generation Waymo Driver, engineered for harsher climates and winter weather resilience.

Axiom Space and Spacebilt to Launch On-Orbit Data Centers on ISS by 2027

Axiom Space and Spacebilt plan to deploy multiple interconnected Orbital Data Center Nodes on the ISS by 2025-2027, supporting hybrid cloud workloads with optical communication links, despite ISS deorbit plans by 2030.

  • Axiom Space and Spacebilt plan to launch two AxODC Nodes to the ISS by end of 2025, with at least three operational by 2027
  • AxDCU-1, a prototype launched in August, was roughly the size of a shoebox; AxODC Nodes will be interconnected with optical communication terminals (OCT)
  • AxODC hardware will support hybrid cloud, applications, cloud-native workloads, and connect via OCT to satellites and spacecraft; Spacebilt supplies Large In-Space Servers with Phison SSDs
  • Axiom Space aims to increase on-orbit computing capacity and integrate commercial optical communication terminals, enabling mesh network connectivity
  • The ISS is due for deorbit by 2030, raising questions about the longevity of on-orbit data center hardware; Axiom plans to develop its own space station by 2028
  • The company has not confirmed if its ODC hardware will be transferred to new modules or the legal jurisdiction for data processing on orbit

Researchers Uncover ‘Phoenix’ DDR5 Rowhammer Vulnerability

Google and ETH Zurich discovered a new DDR5 Rowhammer attack, “Phoenix,” exploiting DDR5’s resistance to traditional defenses, with potential for privilege escalation and data corruption, affecting SK Hynix modules.

  • Researchers from Google and ETH Zurich identified a new Rowhammer vulnerability called “Phoenix” affecting DDR5 memory from SK Hynix.
  • The attack exploits increased resistance of DDR5 to traditional Rowhammer, achieving data corruption without additional refresh commands.
  • The vulnerability is assigned CVE-2025-6202 with a CVSS score of 7.1; responsible disclosure involved informing SK Hynix, AMD, CPU vendors, and cloud providers.

Pure Storage Evergreen//One™ Revolutionizes Medical Imaging Storage

Pure Storage’s Evergreen//One™ for Medical Imaging provides a purpose-built storage solution that aligns with healthcare’s operational needs, offering predictable pricing, guaranteed performance, and enhanced security.

  • Healthcare imaging storage infrastructure is outdated, struggling with AI workloads, modality changes, and long-term retention demands.
  • Traditional storage planning models are misaligned with modern clinical needs, causing delays, slow AI responses, and access issues.
  • Pure Storage’s Evergreen//One™ offers predictable per-study pricing, guaranteed performance, automatic scaling, instant access to older studies, and built-in security features like ransomware recovery SLAs and immutable snapshots.

UEFI Secure Boot Grows on Linux Arm64 with U-boot and Distribution Support

Support for UEFI Secure Boot on Linux Arm64 is emerging, relying on u-boot and hardware-specific UEFI implementations, with Linux distributions gradually enabling secure boot with signed binaries.

  • UEFI Secure Boot on Linux Arm64 remains uncommon but is progressing, with support via u-boot and chain-loading UEFI implementations on devices like Raspberry Pi 3/4 and RK3588.
  • U-boot provides UEFI compliance without pre-installed certificates; users must generate and deploy their own keys for Secure Boot.
  • Linux distributions such as Debian, Ubuntu, and SUSE support UEFI Secure Boot on Arm, while Fedora and Red Hat variants require manual setup or have unsigned shim, complicating out-of-the-box functionality.

Colt’s Cyberattack Recovery Continues Amid Ongoing Service Disruptions

Colt’s recovery from the August cyberattack, linked to Warlock ransomware, is ongoing until late November, with core systems confirmed safe but key services still disrupted.

  • Colt’s recovery from August cyberattack, attributed to Warlock ransomware group, may extend into late November.
  • External cybersecurity experts confirmed the core system is safe; key systems are restored, but core products remain unavailable.
  • Network infrastructure is operational; customer platforms, billing, and APIs are still affected, with delays in invoice issuance and customer management services.
  • Colt has filed over 75 reports to authorities across 27 countries and continues phased recovery efforts, prioritizing critical services within 8-10 weeks.
  • The attack involved exploitation of SharePoint vulnerabilities, with evidence of data exfiltration; stolen data remains auctioned on dark web.
  • External pentests indicate operational support system (OSS) is secure; business support system (BSS) and core processes are being restored sequentially.
  • Customer portal, network as a service portal, and hosting APIs are still unavailable; payments are accepted via existing methods despite delays.
  • Colt has notified law enforcement and cybersecurity agencies globally; ongoing updates on service restoration are planned.

US-UK $42 Billion Tech and Innovation Trade Pact

US and UK announced a $42 billion trade deal involving major tech investments and cooperation on AI, nuclear, and quantum research, aiming to boost infrastructure and innovation.

  • US and UK announced a $42 billion (£31 billion) trade pact funded by Microsoft, Google, and others, focusing on infrastructure and technology sharing.
  • The deal includes investments of $30 billion (£22 billion) by Microsoft over three years for data centers and AI infrastructure; Google plans $6.83 billion (£5 billion) for datacenters; Salesforce commits $2 billion (£1.4 billion); Blackrock invests $683 million (£500 million); Scale AI allocates $53 million (£39 million); Nvidia supplies 120,000 GPUs for UK projects.
  • The agreement promotes cooperation on AI, quantum computing, nuclear research, and nuclear fusion, with initiatives to streamline nuclear licensing and establish joint AI taskforces; critics argue it favors US companies over local UK innovation.

▶️ Open Source

Oura Ring 4 Tops Smart Rings for Accuracy and Ease of Use

The Oura Ring 4 is the top-rated smart ring for accurate health metrics and user-friendly app, while Samsung Galaxy Ring suits Android users with AI features; Ultrahuman Ring Air targets biohackers with advanced neuro insights.

  • The Oura Ring 4 is rated as the best overall smart ring for its accurate tracking, lightweight titanium design, and intuitive app, with 8-day battery life and 18 sensors.
  • Samsung Galaxy Ring offers AI-backed health tracking, 7-day battery life, no subscription fee, and compatibility only with Android devices.
  • Ultrahuman Ring Air provides advanced biohacking insights like circadian phase and brain health metrics, with a 5-day battery life and optional paid features.

▶️ Software Development

Google’s Gemini 2.5 AI Wins Gold at 2025 ICPC Finals

Google’s Gemini 2.5 AI, participating in the 2025 ICPC World Finals, solved 10 of 12 problems, demonstrating advanced multi-step reasoning and surpassing most human teams, marking progress toward artificial general intelligence.

  • Google’s Gemini 2.5 AI participated in the 2025 ICPC World Finals, achieving a gold medal by solving 10 of 12 problems within the five-hour competition.
  • Gemini 2.5 correctly solved 8 problems in 45 minutes and completed all 12 problems with the top university teams, using enhanced reasoning and dynamic programming techniques.
  • The AI model was not newly trained for ICPC but was “enhanced” to process thinking tokens over five hours, with solutions available on GitHub and notable success on problems like the multi-dimensional “bride of pipestream” challenge.

Oracle Launches JDK 25 with FFM API and Simplified Syntax

Oracle launched JDK 25, the first long-term support release since 2021, introducing beginner-friendly syntax, concise module imports, and the FFM API, impacting enterprise Java development.

  • Oracle released JDK 25, the first LTS version since JDK 21, on September 17, 2025
  • New features include simplified source files, succinct module imports, and more flexible constructors
  • JDK 25 fully releases the Foreign Function and Memory (FFM) API, replacing JNI for native library interop; available as release build

Replit Agent 3 Launch Sparks User Outcry Over Unexpected Cost Increases

Replit’s September 10 release of Agent 3 caused user protests over unexpected cost increases, with complex subagent operations and effort-based pricing significantly raising bills, especially on existing projects.

  • Replit launched Agent 3 on September 10, claiming it to be “most advanced and autonomous,” with “3x faster and 10x more cost-effective” performance
  • Users report surprise cost overruns, especially when editing older code, with some bills exceeding $1,000 in a week, compared to previous $180–$200/month
  • Increased costs attributed to subagents performing multiple tasks, with effort-based pricing bundling complex tasks into expensive checkpoints, leading to higher charges for existing app edits

▶️ Management and Leadership

Doximity and OpenEvidence Clash Over AI Trade Secrets and Cybersecurity Lawsuits

Doximity and OpenEvidence filed dueling lawsuits over AI trade secret theft, prompt injection attacks, and false advertising, impacting legal standards for AI cybersecurity and intellectual property.

  • Doximity sued OpenEvidence on September 17, 2025, alleging false advertising and defamation, following OpenEvidence’s June lawsuit accusing Doximity of trade secret theft.
  • OpenEvidence, valued at $3.5 billion and backed by Sequoia, Google Ventures, and Kleiner Perkins, filed lawsuits since February 2025 claiming AI prompt injection attacks and trade secret misappropriation.
  • The legal disputes involve claims of prompt injection attacks, impersonation, and misuse of proprietary AI code, potentially setting new precedents for AI-related trade secret and cybersecurity law.

Australia mandates multi-method age verification for social media by 2025

Australia’s eSafety regulator requires social media platforms to use multiple independent age assurance methods, including content and activity analysis, to block under-16s by December 10, 2025, with imperfect tech and flexibility for platforms.

  • Australia’s eSafety commissioner mandates social media platforms to employ multiple age assurance techniques to prevent children under 16 from accessing services from December 10, 2025
  • Platforms must use a “waterfall approach” with techniques such as account age, content engagement, linguistic analysis, visual and audio content analysis, activity patterns, and user connections
  • The final report indicates age assurance technology works imperfectly; platforms must choose methods that do not block substantial numbers of adults to pass reasonableness tests
  • Guidance emphasizes “reasonable steps” to prevent under-16 access, including account suspension options and data preservation for minors
  • Platforms failing to implement adequate age verification face substantial fines; the approach allows flexibility but expects kindness and clear communication with underage users

UK Transfers Google to Microsoft Migration to Cut Costs Amid Delays

The UK Cabinet Office has transferred its delayed Google to Microsoft 365 migration project to DESNZ, aiming to cut costs from £51M to £23M, amid resource and timeline concerns.

  • The UK Cabinet Office has delegated the stalled migration from Google Workspace to Microsoft 365 (M365) to another department.
  • The project, initiated in May 2022 to migrate approximately 15,000 users, was initially managed under the “Falcon programme” aimed at building a custom IT system.
  • The National Infrastructure and Service Transformation Authority (NISTA) reported that the management of the project was not cost-effective, with the whole life cost estimated to decrease from £51 million to £23 million after shifting to the Department for Energy Security and Net Zero (DESNZ).
  • The revised plan involves moving digital services to the shared government platform, Integrated Corporate Services (ICS), managed by DESNZ, which is expected to extend the timeline but reduce long-term costs.
  • The project remains rated “red” by NISTA due to resource concerns and delays, notably the September 2025 pilot completion.
  • The cost savings stem from outsourcing migration resources to Microsoft and other government departments, eliminating the need for Cabinet Office to develop its own platform.
  • The transition is critical due to the incompatibility of Google and Microsoft systems, which hampers collaboration within government and with external partners.
  • The initial migration pause was announced last year, with the Cabinet Office hiring Capgemini for £12-15 million to assist with the process.
  • The project’s delay and management issues highlight ongoing challenges in UK government digital transformation efforts.

Scale AI Secures $41M Pentagon Deal for AI Data Labeling and Top Secret Deployment

Scale AI partnered with the Pentagon for a $41 million deal to provide data labeling, AI platform access, and models on Top Secret networks, enhancing AI’s role in national security.

  • Scale AI received a $41 million contract from the Pentagon for data labeling and AI application licensing, with a ceiling of $100 million over five years
  • The deal includes access to Scale’s GenAI Platform, Donovan decision-making platform, and Data Engine for transforming raw sensitive data into AI-ready datasets
  • The contract enables AI deployment on Top Secret networks, aiming to bridge commercial AI innovation with classified military environments

Microsoft Copilot Boosts Productivity but Struggles to Prove ROI

Microsoft acknowledges Copilot boosts productivity by 20-30% but struggles to prove clear ROI; enterprise adoption is growing amid significant investment and ongoing efforts to demonstrate value.

  • Microsoft executive Jared Spataro states Copilot improves productivity by 20-30% in many tasks but faces challenges in demonstrating clear ROI for knowledge work.
  • Only 70% of Fortune 500 companies are extensively using Copilot, with growth in seats and customer adoption, yet ROI remains difficult to justify.
  • Microsoft invests hundreds of billions in Copilot; despite its rapid growth and enterprise adoption, convincing customers of its value and ROI is ongoing.

Sky Plans Major Job Cuts and Global Restructuring Amid AI Trials

Sky intends to cut up to 500 UK Technology Group staff, move some engineering roles to India amid ongoing AI trials on critical network services, and restructure core network tool development by December.

  • Sky plans to reduce up to 600 employees across UK Technology, Consumer, and COO divisions, with approximately 500 in Group Technology.
  • AI trials involving ‘critical network services’ are underway, with some engineering roles being moved to India.
  • Proposed restructuring includes consolidating core network management tools development into a single team and shifting more work to global outsource partners, impacting around 900 staff, with 600 potentially leaving if proposals proceed.

▶️ Technology

WebAssembly 3.0 Unveiled with 64-Bit Memory, Garbage Collection, and Native Exceptions

WebAssembly 3.0, released on September 17, 2025, introduces features like 64-bit address space, multiple memories, garbage collection, typed references, tail calls, native exception handling, relaxed SIMD, deterministic profile, and JS string builtins, expanding its ecosystem and application scope.

  • WebAssembly 3.0 was officially released on September 17, 2025, as the new “live” standard, three years after version 2.0.
  • Major features include 64-bit address space, multiple memories per module, garbage collection, typed references, tail calls, native exception handling, relaxed vector instructions, deterministic execution profile, custom annotation syntax, and JS string builtins.
  • 64-bit memory and table addresses now support up to 16 exabytes, with web limits at 16 gigabytes; multiple memories enable direct access and data copying within a single module; GC supports low-level memory management with struct, array types, and unboxed integers; new reference types allow safe indirect calls; tail calls optimize stack usage; exception handling introduces native try-catch semantics; relaxed SIMD instructions improve performance with implementation-dependent behavior; deterministic profile ensures reproducibility; annotations enhance source readability; JS API now supports external string manipulation. Support is integrated into most major browsers and engines like Wasmtime.

Meta Unveils $799 Ray-Ban Display Glasses with Built-In Screen and AI Features

Meta’s Ray-Ban Display glasses, priced at $799, incorporate a right-lens screen for notifications, AI interactions, and camera viewfinder, aiming to mainstream smart eyewear.

  • Meta launched the $799 Ray-Ban Display glasses with a built-in screen in the right lens
  • Features include displaying text messages, video calls, turn-by-turn maps, and AI query results
  • The display also functions as a viewfinder for the phone camera and music playback surface

Apple Watch Series 10 Debuts with Thinner Design Larger Displays and New Health Features

Apple Watch Series 10, released in September 2024, offers a slimmer design, larger displays, and new health features, powered by the S10 processor, with comparable battery life and faster charging.

  • Apple Watch Series 10 launched in September 2024, featuring a thinner profile, larger display sizes (42mm and 46mm), and a new titanium frame option
  • Powered by the latest S10 processor, supports watchOS 26, and introduces features like hypertension notifications, sleep score, and tide app
  • Maintains similar battery life (~1.5 days), with faster charging capabilities using a new charger and internals; no improvements in battery longevity

Meta’s Ray-Ban Display Glasses: A New Era in Wearable Tech

Meta’s Ray-Ban Display Glasses, priced at $800+, incorporate a right-lens electronic display, require a phone, and offer features like real-time translation and navigation, signaling a step toward wearable computing.

  • Meta’s Ray-Ban Display Glasses cost at least $800 and feature a small electronic display in the right lens for viewing texts, maps, and calls.
  • The glasses are an evolution of previous Ray-Ban models, controlled via a wristband that detects finger gestures; they require a paired phone to operate.
  • Weigh 69 grams, with a six-hour battery life, and include features like real-time translation, map navigation, video calls, and closed captioning.

Meta Unveils New Smartglasses with AR HUD and 12MP Camera at Connect 2025

Meta unveiled new smartglasses at Connect 2025, including second-gen Ray-Ban Meta glasses with 8-hour battery, 12MP camera, 3K HDR video, and AR Ray-Ban Display with HUD and gesture controls for $799.

  • Meta announced three new smartglasses at Connect 2025: second-gen Ray-Ban Meta glasses, Oakley Meta Vanguard sports glasses, and Meta Ray-Ban Display AR glasses.
  • The second-gen Ray-Ban Meta glasses retail at $379, feature up to 8-hour battery life, 12MP camera, 3K HDR video at 60fps, 32GB storage, water resistance IPX-4, and 48-hour charging case.
  • The Meta Ray-Ban Display glasses cost $799, include a translucent HUD for texts, AI prompts, directions, and video calls, with gesture controls via Meta Neural Band, launching September 30 in select US stores and early 2026 in Europe.

China bans tech firms from buying Nvidia’s AI chips amid US export restrictions

China prohibits tech firms from buying Nvidia’s AI chips (A100, H100) to curb AI development, amid US export controls restricting access to advanced semiconductor technology.

  • China bans tech companies from purchasing Nvidia’s AI chips, restricting access to advanced AI hardware.
  • The ban targets Nvidia’s A100 and H100 chips, effective immediately, impacting Chinese AI development and deployment.
  • The restriction is part of broader US-led export controls aimed at limiting China’s access to advanced semiconductor technology.

AMD ROCm 7.0 Boosts GPU Performance and Framework Support

AMD’s ROCm 7.0 software enhances GPU performance with up to 3.5x inference and 3x training improvements, supporting new datatypes, AITER, and latest frameworks to narrow Nvidia’s CUDA advantage.

  • AMD’s ROCm 7.0 software platform launched September 17, 2025, offers up to 3.5x inference and 3x training performance improvements over previous versions
  • Software enhancements include support for AMD’s MI355X GPU, with a 1.3x inference performance advantage over Nvidia’s B200 on DeepSeek R1, and a 3x boost in model training floating point performance
  • ROCm 7.0 introduces AMD’s AI Tensor Engine (AITER), supporting low-precision datatypes like OCP’s microscaling formats, boosting inference throughput by 2x, and extends support for frameworks including PyTorch 2.7/2.9, TensorFlow 2.19.1, and JAX 0.6

Global AI Spending to Hit $1.5 Trillion by 2025 Driven by Server Costs

Gartner forecasts $1.5 trillion global AI spend in 2025, with AI server costs doubling from $140 billion in 2024 to $330 billion in 2026, driven by widespread AI integration in consumer devices and enterprise software.

  • Global AI spending projected to reach $1.5 trillion in 2025, including $268 billion on optimized servers
  • AI server expenditure to more than double from $140 billion in 2024 to $330 billion in 2026, then increase to $380 billion in 2027
  • By 2026, AI-related product and infrastructure spending will surpass $2 trillion, embedded in devices like smartphones, TVs, and cars

OpenAI Study Reveals Language Models Are Trained to Hallucinate

OpenAI’s study reveals models are trained to produce plausible answers, not admit ignorance, causing hallucinations; evaluation metrics reinforce this behavior, impacting reliability.

  • OpenAI’s recent paper admits models are programmed to generate plausible-sounding answers rather than admit ignorance, leading to “hallucinations”
  • The paper, titled “Why Language Models Hallucinate,” states that mainstream evaluation metrics reward hallucination over uncertainty, with models often guessing on questions like birthdays
  • During pretraining, models embed behaviors favoring guesswork due to training data containing many correct examples, but fail when data lacks learnable patterns, increasing hallucination rates

Scattered Spider Targets US Bank in Ongoing Cyberattack Despite Retirement Claims

Despite claiming to retire, Scattered Spider targeted a US bank using social engineering, privilege escalation, credential dumping, and infrastructure compromise, indicating ongoing active cyber threats in the financial sector.

  • Despite claims of retirement, Scattered Spider conducted a cyberattack on a US bank, targeting the financial sector.
  • Initial access was gained via social engineering, resetting a Veeam service account password and escalating privileges.
  • The gang moved laterally through Citrix and VPN, compromised VMware ESXi infrastructure, and attempted data exfiltration from Snowflake, AWS, and other repositories.
  • The intrusion included credential dumping, privilege escalation, and virtual machine relocation to evade detection.
  • The attack followed previous claims by the group to exit cybercrime, highlighting ongoing threat activity despite public statements.
  • ReliaQuest linked the attack to increased domain activity associated with the group targeting finance, consistent with their predicted sector shift.
  • The group’s tactics mirror past operations, including exploiting Microsoft Entra ID, and targeting sensitive IT and security documents.
  • The incident underscores the persistent threat posed by cybercriminal groups like Scattered Spider, which continue evolving despite publicized retirements.

Meta Ray-Ban Gen 2 Smart Glasses Offer Longer Battery Life and 3K Video

Meta’s Ray-Ban Meta Gen 2 smart glasses feature up to 8 hours of battery, 3K video recording, and improved charging, competing with Oakley HSTN and starting at $379.

  • Meta announced Ray-Ban Meta Gen 2 smart glasses with up to 8 hours of continuous battery life, doubling the previous 4-hour limit.
  • The charging case now provides 50% charge in 20 minutes and offers an additional 48 hours of battery, up from 32 hours.
  • The glasses support recording 3K video at 30fps, 1440p at 30fps, and 1200p at 60fps for up to three minutes; later updates will add hyperlapse and slow-motion features, with expanded live translation support for German and Portuguese.