Two British Scattered Spider members were sentenced to 5.5 years for the 2024 Transport for London cyberattack, the UK’s largest cybercrime prosecution. A tech support scam at Qantas exposed data of 5.7 million people. An AWS CloudFront outage due to storm winds disrupted sites like the UK National Lottery. Meta will notify parents if teens discuss suicide or self-harm with its AI chatbot, with global rollout planned.
🛡️ Security & Infrastructure
Brit Scattered Spider duo handed tickets to prison over Transport for London attack
Two British members of the Scattered Spider cybercrime group, Owen Flowers and Thalha Jubair, have been sentenced to five and a half years in prison for their roles in the 2024 cyberattack on Transport for London. The sentencing marks the largest cybercrime prosecution in UK history.
- Brit Scattered Spider duo handed tickets to prison over Transport for London attack — theregister.com
AWS CloudFront outage serves errors instead of websites
An AWS CloudFront outage caused errors instead of serving websites, affecting services including Hugging Face and the UK’s National Lottery. The disruption was attributed to storm-related winds impacting the cloud provider’s infrastructure.
- AWS CloudFront outage serves errors instead of websites — theregister.com
Law firm insisted on one password to rule them all
A law firm required a single administrative password for all accounts, meaning anyone with access could impersonate any user and view all data. This centralized password created a major security vulnerability, allowing unrestricted access across the entire system.
- Law firm insisted on one password to rule them all — theregister.com
Tech support scam caused massive data breach at Australian airline Qantas
A tech support scam at Australian airline Qantas led to a data breach exposing the personal information of 5.7 million people. Despite the leak, the incident did not breach privacy regulations.
- Tech support scam caused massive data breach at Australian airline Qantas — theregister.com
Cyberattack threatens utterly critical infrastructure in Japan: KFC
A cyberattack on a logistics partner has forced KFC in Japan to halt online orders and consider store closures. The incident threatens the fast-food chain’s operations, highlighting vulnerabilities in critical infrastructure.
- Cyberattack threatens utterly critical infrastructure in Japan: KFC — theregister.com
A Filtering engine and DB for unpropagated kernel security patches
A filtering engine and database scans public kernel commits to estimate the likelihood of unpropagated security patches, using automated estimates rather than authoritative advisory. The tool displays categories like “Very likely” and “Likely + very likely” for filtered commits, but emphasizes it is not an official security advisory.
- A Filtering engine and DB for unpropagated kernel security patches — patchless.natey.sh
MacOS users, beware: newly discovered stealthy stealer requires no exploits
ClickLock Stealer is a newly discovered macOS malware that requires no exploits, tricking users into pasting a Terminal command disguised as a Cloudflare verification. It forces victims to enter their system password by killing all visible processes, then steals passwords, browser data, and crypto wallets while installing a persistent backdoor. Over half of identified victims are in Europe, with targets spanning 33 countries.
🤖 AI & Language Models
xAI slowed by internal chaos as Musk pushed Grok to match Claude; now turning a corner under Nicolls
xAI aims to compete with Anthropic’s Claude, but has been hindered by internal chaos and inconsistent strategy under Elon Musk. After Michael Nicolls took over, he inherited a messy situation following a merger with SpaceX that led to employee departures and operational disarray.
- xAI slowed by internal chaos as Musk pushed Grok to match Claude; now turning a corner under Nicolls — bloomberg.com
Meta to notify parents if teens discuss suicide/self-harm with AI, working on emergency alerts
Meta announced it will notify parents if their teen discusses suicide or self-harm with its Meta AI chatbot, with alerts already live in several countries and a global rollout planned. The company is also developing the ability to contact emergency services for users at risk, extending existing practices from social media posts to AI conversations.
- Meta to notify parents if teens discuss suicide/self-harm with AI, working on emergency alerts — techcrunch.com
The LLM Critics Are Right. I Use LLMs Anyway
The author acknowledges valid criticisms of LLMs—ethical, environmental, and quality issues—but continues to use them, highlighting a widespread “dissonance” among engineers. This is exemplified by Armin Ronacher’s company, which builds an LLM-powered coding agent yet auto-closes almost all PRs from LLMs. The article explores this contradiction and describes patterns of LLM use despite acknowledged flaws.
- The LLM Critics Are Right. I Use LLMs Anyway — theocharis.dev
EU officials peeved after Anthropic sends junior staffer to testify about safety
European policymakers criticized Anthropic for sending a junior technical employee, Donny Greenberg, instead of the requested head of public policy, Sarah Heck, to testify about advanced AI risks. Greenberg, who joined in April, emphasized he was not a policy person.
đź’» Software & Development
How Our Rust-to-Zig Rewrite is Going
The Roc compiler team completed a 487-day rewrite of their 300,000-line Rust codebase into Zig, achieving feature parity. The new compiler produces a 31KB WebAssembly binary for a sample game, less than half the original size. They note the rewrite took much longer than Bun’s 11-day port from Zig to Rust due to significant architectural changes.
- How Our Rust-to-Zig Rewrite is Going — rtfeldman.com
Forgejo v16.0 is available
Forgejo v16.0, released July 16, 2026, includes breaking changes such as SSRF hardening for Git mirroring, removal of EXIF stripping due to an AGPL licensing issue, and a security fix for trusted proxies in containers. The update also adds granular repository watch settings for notifications on issues, pull requests, and releases.
- Forgejo v16.0 is available — forgejo.org
Gecode 6.3.0 and 6.4.0 are released
Gecode 6.3.0 and 6.4.0 have been released after a long pause, with 6.3.0 incorporating seven years of accumulated changes and 6.4.0 serving as a new starting point with CMake as the intended build system and source-only releases. Version 6.4.0 also adds MiniZinc integration updates, including an experimental black-box propagator interface, and new propagation choices like selectable support representations for extensional integer constraints.
- Gecode 6.3.0 and 6.4.0 are released — zayenz.se
Guix: creating a package from a binary
The author describes packaging Caddy as a binary in Guix, since it is not yet officially packaged. They define a package record with metadata, a source URL for the pre-built binary, and a SHA256 hash for integrity verification. This approach serves as a temporary workaround until Caddy is packaged from source.
- Guix: creating a package from a binary — aloysberger.com
Bring modern package management to Meson’s native wrap ecosystem
Collider extends Meson’s native wrap ecosystem with modern package management features, including automatic dependency resolution, lockfiles, and a streamlined workflow. It supports publishing, sharing, adding, upgrading, and removing dependencies with version constraints, while remaining fully compatible with WrapDB and enabling offline builds and reproducible dependency locking.
- Bring modern package management to Meson’s native wrap ecosystem — collider.ee
Reynard: A real Firefox web browser for iOS 13 or later
Reynard is a Gecko-based web browser for iOS 13 or later that bypasses Apple’s WebKit requirement, allowing older iOS devices stuck with outdated WebKit to load modern websites. It can be sideloaded via TrollStore, AltStore, or jailbreak methods and supports Firefox add-ons, but remains in early experimental development.
- Reynard: A real Firefox web browser for iOS 13 or later — github.com
Bluesky Trademarks ATProto
Bluesky acquired the trademark for “ATPROTOCOL” and its variants from a company that had threatened legal action, allowing the atproto community to continue using the mark. The company is using the trademark defensively to protect developers from bad actors, with no plans to charge licensing fees for most non-commercial or descriptive uses.
- Bluesky Trademarks ATProto — atproto.com
🖥️ Hardware & Gadgets
How to teach an old Intel Mac new tricks with OpenCore Legacy Patcher
OpenCore Legacy Patcher (OCLP) lets users install newer macOS versions on unsupported Intel Macs, but it currently cannot handle macOS 26 “Tahoe” due to limited x86 support. The tool has matured to version 2.4.1 and can assist with macOS Sequoia, though users should be aware of potential pitfalls when creating bootable installers.
- How to teach an old Intel Mac new tricks with OpenCore Legacy Patcher — theregister.com
Vital Signals launches $399 Signal Ring for cuffless systolic/diastolic BP readings
Vital Signals has launched the $399 Signal Ring, which claims to measure systolic and diastolic blood pressure as accurately as a traditional arm cuff without requiring calibration. Unlike other wearables, it provides actual readings, not just trends, and could represent a major breakthrough in consumer health tech with potential for medical diagnoses.
- Vital Signals launches $399 Signal Ring for cuffless systolic/diastolic BP readings — bloomberg.com
WHOOP 4.0 without a subscription
Openstrap Edge is a third-party app that restores functionality to a WHOOP 4.0 band without a subscription by reverse-engineering its Bluetooth protocol and computing health metrics locally from published research. It offers features like heart rate, sleep staging, and workout tracking, but users are warned not to switch between this app and the official WHOOP app to avoid firmware conflicts.
- WHOOP 4.0 without a subscription — github.com
đź’Ľ Business & Finance
HP resellers thought toner/ink too high - HP India facilitated illegal cartel
HP India was fined by regulators for facilitating an illegal cartel, as even its own resellers considered toner and ink prices excessively high. The penalty was imposed for rigged tender bids and collusion.
- HP resellers thought toner/ink too high - HP India facilitated illegal cartel — theregister.com
Alpaca raised $135M equity and $300M debt after $150M Series D in Jan
Alpaca raised $135 million in equity led by Peak XV Partners and $300 million in debt from Kraken and BMO, totaling $435 million. The funds will be used to expand its AI-powered trading infrastructure and explore entering the prime broking business.
- Alpaca raised $135M equity and $300M debt after $150M Series D in Jan — bloomberg.com
TSMC Q2 rev +36% YoY to $39.45B, net +77.4% to $21.9B, beat est.; 7nm+ 77% of wafer rev
TSMC reported Q2 revenue of $39.45 billion, up 36% year-over-year, and net income of $21.9 billion, up 77.4%, both exceeding estimates. Advanced chips of 7 nanometers or smaller accounted for 77% of wafer revenue, driven by strong AI demand from clients like Nvidia and Apple.
- TSMC Q2 rev +36% YoY to $39.45B, net +77.4% to $21.9B, beat est.; 7nm+ 77% of wafer rev — cnbc.com
AST SpaceMobile delays sat-to-phone service to 2027 after BO mishap, plans $1B convertible note
AST SpaceMobile is delaying its satellite-to-phone service to early 2027 after launch partner Blue Origin’s New Glenn rocket exploded, missing its previous late-2026 target. The company now expects to launch 45 BlueBird satellites in early 2027 instead of by end of 2025 and is raising $1 billion through convertible notes to secure additional launch capacity. AST has launched three BlueBirds via SpaceX’s Falcon 9, with three more planned, but still requires many more for full commercial service.
- AST SpaceMobile delays sat-to-phone service to 2027 after BO mishap, plans $1B convertible note — pcmag.com
British Steel taken into public ownership to protect ‘vital’ UK supply
The UK government has nationalized British Steel to protect jobs and preserve the country’s last source of virgin steel, though the Scunthorpe plant is losing over ÂŁ1 million daily. The move gives the government control over the plant’s future while keeping blast furnaces running, as shutting them would make the UK the only G7 nation unable to produce primary steel. Nationalization is seen as a temporary measure to avoid reliance on imports and support thousands of jobs until alternatives are available.
Ente – Opening Our Books
Ente has publicly disclosed its business metrics, including revenue, customer numbers, and account data, as announced on Vishnu’s Blog. The move makes previously private financial and operational information openly available.
- Ente – Opening Our Books — ente.com
🌍 Culture & Lifestyle
The lost joy of music piracy
Rob Sheridan, former creative director of Nine Inch Nails, reflects on the lost joy of music piracy, recalling how early file-sharing communities like Oink’s Pink Palace fostered musical discovery and challenged high CD prices. He contrasts the vibrant, community-driven experience of private BitTorrent trackers with the “banalities” of modern streaming services.
- The lost joy of music piracy — pigeonsandplanes.com
My Throw Decides My Aim
Large language models generate text token by token without pre-existing intention, making the “throw” (the generated output) appear to determine the “aim” (the apparent direction). Although Anthropic’s research reveals that models can plan ahead internally, their post-hoc explanations are not faithful to the actual process. This creates a paradox where LLMs seem intentional but lack a unified, prior intention behind their responses.
- My Throw Decides My Aim — thegustafson.com
If you want to create a button from scratch, you must first create the universe
The article explains why web accessibility guidelines strongly recommend using native HTML elements rather than recreating them, using a custom button as an example. It demonstrates that a custom button must meet numerous requirements—such as correct role, accessible label, keyboard activation, and form support—making the task overly complex. The author warns that re-implementing such features is a Sisyphean effort best avoided.
1,300 Beautiful Wildlife Illustrations from the 19th Century Now Restored
Nicholas Rougeux has digitally restored “The Naturalist’s Library,” a Victorian series of over 1,300 color plates, and made it freely available online. He used artificial intelligence to locate missing sources and fill visual gaps, and also offers physical prints and posters for purchase.
- 1,300 Beautiful Wildlife Illustrations from the 19th Century Now Restored — openculture.com
Where Americans Thrive in Europe
Around 180,000 Americans left the U.S. in 2025, but many return within two years due to overlooked factors like tax treaties, visa limitations, and language barriers. The article identifies Lyon, Toulouse, and Montpellier as top picks for retirees, citing France’s favorable tax treaty that protects Social Security, 401(k)s, and Roth accounts. Success depends on individual circumstances rather than a single best European city.
- Where Americans Thrive in Europe — palombo.substack.com