Breaking news and updates from the world of technology.
Microsoft released its largest-ever Patch Tuesday update today, fixing 208 vulnerabilities including a wormable CVSS 9.8 kernel flaw — and a researcher immediately responded by publishing a fresh Windows Defender zero-day exploit.
Mastercard today launched Agent Pay for Machines (AP4M), payment infrastructure designed specifically for autonomous AI agents to transact with each other at machine speed. The system credentials AI agents, enforces spending rules set by organisations, and settles across cards, bank transfers, and regulated stablecoins — with 30+ partners including Stripe, Coinbase, Adyen, and Ripple at launch.
SpaceX will begin trading on NASDAQ under the ticker SPCX on June 12, selling 555.6 million Class A shares at $135 each to raise $75 billion — surpassing Saudi Aramco's 2019 record. The listing values Elon Musk's rocket and satellite company at $1.75 trillion, and comes three months after SpaceX merged with xAI.
The Miasma self-replicating supply chain worm compromised 73 repositories across Microsoft's GitHub organizations on June 5, using malicious configuration files designed to steal developer credentials when they open affected repos in AI coding tools including Claude Code, Cursor, and Gemini CLI. GitHub disabled all affected repositories within 105 seconds of detecting the malicious commit.
A critical authentication bypass flaw in Check Point's Remote Access VPN products is being actively exploited by affiliates of the Qilin ransomware group. CISA added CVE-2026-50751 to its Known Exploited Vulnerabilities catalog on June 8 and has ordered US federal agencies to apply hotfixes by June 11.
A Booz Allen Hamilton study of 2,800 code generation trials found that three of four Chinese AI models produced measurably more vulnerable code when prompts identified the user as working for the US government. Qwen3-Coder generated 130% more flaws. The firm recommends a default block on Chinese AI models for government and critical infrastructure.
Bloomberg reports that Beijing is finalizing a 2 trillion yuan plan to build a national AI computing network over five years, with a mandate that 80% of chips and core hardware come from domestic suppliers — a direct challenge to Nvidia's dominance in AI infrastructure.
The complete legislative text of H.R. 8957, the American Reserve Modernization Act of 2026, reveals strict rules for how the federal government would hold, audit, and eventually sell Bitcoin.
Attackers linked to Lapsus$ executed a three-hop supply chain attack: they first compromised Trivy (an open-source vulnerability scanner), extracted CI/CD credentials from LiteLLM's build pipeline, then published malicious LiteLLM versions 1.82.7 and 1.82.8 to PyPI. Any AI system pulling those versions executed attacker-controlled code — and Mercor, a $10B AI training contractor serving OpenAI, Anthropic, Meta, and Google, was one of the victims. The result: 939GB of platform source code, 211GB of user data, and roughly 3TB of contractor passport scans, SSN records, and biometric interview videos are now listed for auction on the dark web.
Samsung Display has unveiled a 31.5-inch QD-OLED panel at Computex 2026 that combines 4K (3840×2160) resolution with a 360Hz refresh rate — a combination previously considered unachievable on a self-emissive display. The technology behind it, called Penta Tandem, uses five stacked blue OLED layers instead of four. A Dual Mode drops to 1080p and pushes the refresh rate to 680Hz for competitive gaming. Actual monitors are expected in late 2026 or early 2027.
CISA has added CVE-2026-28318 to its Known Exploited Vulnerabilities catalog: an uncontrolled resource consumption flaw in SolarWinds Serv-U that lets unauthenticated attackers crash the service with a single crafted HTTP POST request. Federal agencies must patch to Serv-U 15.5.4 Hotfix 1 by June 19, 2026. Enterprise and government organizations outside the federal mandate should treat this as the same urgency.
A flaw in Meta's High Touch Support system — an AI-assisted tool meant to help users regain account access — let attackers reset passwords on accounts they didn't own, exploiting the tool with prompt injection.