Breaking news and updates from the world of technology.
The complete legislative text of H.R. 8957, the American Reserve Modernization Act of 2026, reveals strict rules for how the federal government would hold, audit, and eventually sell Bitcoin.
Attackers linked to Lapsus$ executed a three-hop supply chain attack: they first compromised Trivy (an open-source vulnerability scanner), extracted CI/CD credentials from LiteLLM's build pipeline, then published malicious LiteLLM versions 1.82.7 and 1.82.8 to PyPI. Any AI system pulling those versions executed attacker-controlled code — and Mercor, a $10B AI training contractor serving OpenAI, Anthropic, Meta, and Google, was one of the victims. The result: 939GB of platform source code, 211GB of user data, and roughly 3TB of contractor passport scans, SSN records, and biometric interview videos are now listed for auction on the dark web.
Samsung Display has unveiled a 31.5-inch QD-OLED panel at Computex 2026 that combines 4K (3840×2160) resolution with a 360Hz refresh rate — a combination previously considered unachievable on a self-emissive display. The technology behind it, called Penta Tandem, uses five stacked blue OLED layers instead of four. A Dual Mode drops to 1080p and pushes the refresh rate to 680Hz for competitive gaming. Actual monitors are expected in late 2026 or early 2027.
CISA has added CVE-2026-28318 to its Known Exploited Vulnerabilities catalog: an uncontrolled resource consumption flaw in SolarWinds Serv-U that lets unauthenticated attackers crash the service with a single crafted HTTP POST request. Federal agencies must patch to Serv-U 15.5.4 Hotfix 1 by June 19, 2026. Enterprise and government organizations outside the federal mandate should treat this as the same urgency.
A flaw in Meta's High Touch Support system — an AI-assisted tool meant to help users regain account access — let attackers reset passwords on accounts they didn't own, exploiting the tool with prompt injection.
In what is expected to be his last WWDC keynote as CEO, Tim Cook unveiled a Siri powered by a custom Google Gemini model, launched iOS 27, and introduced an Extensions system that lets users swap in any AI they want.
Notorious extortion group ShinyHunters has published the entire 234 GB haul stolen from dental benefits administrator DentaQuest after the company refused to pay their ransom demand. The leaked files contain names, addresses, government-issued IDs, Medicaid numbers, and health insurance details for an estimated 2.6 million individuals.
The Defense Department has formally authorized Amazon, Google, Microsoft, OpenAI, SpaceX, NVIDIA, Reflection AI, and Oracle to deploy their artificial intelligence systems on America's most sensitive classified networks—while a new White House directive mandates all defense agencies adopt multi-vendor AI within 120 days.
OpenAI has expanded Lockdown Mode — a security setting that disables web access, Agent Mode, Deep Research, and external connections — from enterprise customers to all ChatGPT accounts. It's the company's most direct response yet to the growing threat of prompt injection.
OpenAI's ChatGPT crossed 1 billion global monthly active users in May 2026, outpacing TikTok, Instagram, and YouTube to claim the fastest consumer app growth ever recorded. The milestone lands as the AI assistant race intensifies.
Security startup depthfirst ran an autonomous AI agent against FFmpeg's 1.5 million lines of C code and came back with 21 previously unknown vulnerabilities. The compute bill was $1,000. The oldest bug had been sitting untouched for 23 years. All 21 come with published proof-of-concept inputs.
A denial-of-service vulnerability in SolarWinds Serv-U lets unauthenticated attackers crash file transfer servers with a single malformed POST request. CISA added CVE-2026-28318 to its Known Exploited Vulnerabilities catalog on June 5 with a federal remediation deadline of June 19. The fix is in Serv-U 15.5.4 HF1.