Servers running on motherboards sold by Supermicro contain high-severity vulnerabilities that can allow hackers to remotely install malicious firmware that runs even before the operating system, making infections impossible to detect or remove without unusual protections in place.
One of the two vulnerabilities is the result of an incomplete patch Supermicro released in January, said Alex Matrosov, founder and CEO of Binarly, the security firm that discovered it. He said that the insufficient fix was meant to patch CVE-2024-10237, a high-severity vulnerability that enabled attackers to reflash firmware that runs while a machine is booting. Binarly discovered a second critical vulnerability that allows the same sort of attack.
“Unprecedented persistence”
Such vulnerabilities can be exploited to install firmware similar to ILObleed, an implant discovered in 2021 that infected HP Enterprise servers with wiper firmware that permanently destroyed data stored on hard drives. Even after administrators reinstalled the operating system, swapped out hard drives, or took other common disinfection steps, ILObleed would remain intact and reactivate the disk-wiping attack. The exploit the attackers used in that campaign had been patched by HP four years earlier but wasn’t installed in the compromised devices.
Function Multi-Versioning (FMV) is the compiler feature that allows developers to specify multiple versions of the same function that can be used for optimizing execution for specific target features. For example, FMV can allow optimized functions to be called if the CPU supports AVX, AVX-512, SSE4.2, or other differing ISA capabilities. With the GCC 16 compiler release, AArch64/ARM64 now considers its FMV support to be stable and complete…
Israel–Premier Tech’s main sponsor, Premier Tech, has demanded publicly that the team drops ‘Israel’ from its name and adopts a new identity and brand image.
In a press release published yesterday, the Canadian multinational company said: “We are sensitive and attentive to the situation on the international scene, which has evolved considerably since our arrival on the World Tour in 2017”.
Premier Tech has been involved in cycling for more than 30 years and said it “always placed the development of the sport and Quebec and Canadian cyclists at the heart of its involvement”.
Israel–Premier Tech has supported Canadian cyclists since its inception, including Michael Woods and Derek Gee, who recently terminated his contract with the team.
“However, the current situation regarding the team name is no longer sustainable to achieve our goal, which is the very reason for our involvement in cycling,” the press release said.
Factor has said its sponsorship of Israel–Premier Tech is untenable without a change of name and flag. Simon von Bromley / Our Media
On Monday, Cyclingnews revealed that Factor Bikes had informed the team’s co-founder, Sylvan Adams, that its sponsorship of the team was “untenable” unless it changed its name and nationality.
“I’ve already told the team: Without a name change, without a flag change, we won’t continue,” said Factor Bikes founder Rob Gitelis.
“It’s not a matter of right or wrong anymore. It’s become too controversial around our brand, and my responsibility is to my employees and my shareholders, to give them maximum space with which to grow this company and make it profitable,” Gitelis explained.
Israel–Premier Tech told BikeRadar: “The team is currently in the planning phase for 2026 team branding and will communicate any potential changes in due course.”
The pressure on Israel–Premier Tech to change its name follows protests at the Vuelta a España against the participation of Israel–Premier Tech, due to its claimed sportswashing of the state of Israel.
However, Jean Christophe Rattel, the founder of Ekoi, which supplies cycling clothing, sunglasses and helmets to Israel–Premier Tech, told BikeRadar that the company remains committed to the team.
“At Ekoi, we are driven by passion for the teams we sponsor. Abandoning them in such a moment would feel like an act of cowardice,” said Rattel.
Rattel explained that when Israel–Premier Tech changed kits at La Vuelta to remove ‘Israel’ due to safety concerns, Ekoi produced the new jerseys in three days “to show our support for the team during this difficult context”.
A Protest In Ribadeo against Israel’s participation La Vuelta a España. Carlos Castro / Getty Images
Rattel explained that cycling is facing tough times, with the Arkéa B&B–Hotel team, which also uses Ekoi equipment, losing its sponsors at the end of this season.
“In this environment, both Ekoi and myself remain committed and stand in solidarity with the teams and people who count on us,” said Rattel.
“This is an international team, with riders from many different countries, led by a manager I have known for years. I also have personal ties with several of the riders, and walking away now – simply because of the geopolitical situation – would feel like betraying them,” Ekoi’s founder explained.
Commenting on Factor Bikes’ decision to distance itself from Israel–Premier Tech, Stephanie Adam, an organiser with the Palestinian Campaign for the Academic and Cultural Boycott of Israel, which called for the protests at La Vuelta, told BikeRadar: “This step would clearly weaken the team’s underlying goal of providing propaganda for Israeli apartheid and is a tribute to the many protests against the team at major races, including most recently at La Vuelta.
“This also sends a strong signal to UCI and other sporting bodies that teams sportswashing genocide and apartheid will never be accepted in world sports.”
InterceptSuite is an open-source, cross-platform network traffic interception tool designed for TLS/SSL inspection, analysis, and manipulation at the network level.
The tool features a cross-platform C# GUI and supports Python extensions for protocol dissection. Notably, it allows TLS upgrades, such as STARTTLS and custom upgrades, enabling interception of plaintext protocols that transition to TLS. capabilities not found in any proxy solutions. Additionally, it supports specific IoT protocols like MQTT.
WhatsApp is a hugely popular, free, proprietary messaging, social media, and voice-over-IP (VoIP) service that lets users send text, voice messages, and video messages, as well as make voice and video calls over an internet connection. WhatsApp’s client application runs on mobile devices, and can be accessed from computers
HandBrake 1.10.2, an open-source video transcoder, brings fixes for Windows and macOS, including better driver handling, Apple Silicon crash workaround, and more.
Asciinema is an open-source terminal recording tool that makes it super easy to share your command-line work with others. Unlike traditional screen recorders that capture heavy video files, Asciinema records your terminal activity in a lightweight, text-based format, which means the recordings are tiny in size, perfectly reproducible, and can be shared or embedded it into your website or blog with just a small snippet of code.
Spotify just announced integration with popular DJ software platforms like rekordbox, Serato and djay. This will make it much easier to build out sets from playlists and to do cool stuff like blend tracks.
The company says that users “will be able to access their entire library and playlists directly within desktop DJ software,” with just one caveat. This is only for Premium subscribers. The integration is available in 51 global markets.
It looks pretty easy to get started. Just log into a Premium account directly inside of the preferred DJ software. That’s pretty much it.
This article originally appeared on Engadget at https://www.engadget.com/entertainment/music/spotify-now-directly-integrates-with-dj-software-090055300.html?src=rss
Foundations say billions of downloads rely on registries running on fumes – and someone’s gotta pay the billsThe Open Source Security Foundation (OpenSSF) has had enough of being the unpaid janitor of the world’s software supply chain.…
Cinelli has worked with British-Nigerian artist and designer Yinka Ilori on a limited-edition collaboration – called Dream Together, You Can Still Win – which will be launched officially on 29 September.
It’s the second artist collaboration by Cinelli in 2025, part of an ongoing series, with Cinelli previously working with Brooklyn, New York based artist Futura’s Futura Laboratories design studio.
Cinelli has also recently worked with Oakley to release limited-edition retro sunglasses, with Italian streetwear brand Iuter, and with Kask to offer limited-edition Protone Icon and Utpoia Y helmets. Back in 2022, it worked on a collab with the Italian football club Inter, including custom Cinelli bikes and cycling kit.
There’s a one-off track bike frame painted by Ilori.
The collaboration with Ilori showcases a one-off edition of the Cinelli Vigorelli track bike. It also includes a cycling jersey and cap, and a striking casual T-shirt. We’ve previously reviewed the Vigorelli in road-legal form, decked out with rim brakes and a 1×11-speed SRAM Apex groupset.
The collection includes this artist-designed jersey.
Cinelli and Ilori claim the Dream Together, You Can Still Win collection’s vivid colours are inspired by the freedom of cycling and its connection to the living world, saying that: “At its core, cycling remains a spiritual, joyful and recreational experience; ‘Dream Together, You Can Still Win’ flips the concept of competition, redefining what it means to ‘win’.”
“Bike culture has been an integral part of my childhood, shaping many of my experiences as an inner city kid in London. The bike itself symbolizes freedom – it’s a tool which allows you to venture, to escape and to expand your horizons,“ says Ilori.
Community bike ride through Milan
There’s also a matching T-shirt.
There will be a one-off event in Milan on 29 September to mark the launch of the new limited-edition collection, featuring an exhibition of bikes from Cinelli’s vintage collection and, of course, a community bike ride, slated to take one hour and visiting some of Milan’s cultural and creative hot spots.
“Cinelli holds a decades-long reputation for collaborating with creatives, exploring the interplay between art and cycling. It’s a pleasure to be able to contribute my own spin on this, collaborating with Cinelli’s creative team to take cycling back to its essence,” says Ilori.
Offensive Security announced today the release and general availability of Kali Linux 2025.3 as the third update to this Debian-based distribution for ethical hacking and penetration testing in 2025.
Longtime Slashdot reader schwit1 shares a report from ICO Bench: As of September 1, 2025, banks across Vietnam are closing accounts deemed inactive or non-compliant with new biometric rules. Authorities estimate that more than 86 million accounts out of roughly 200 million are at risk if users fail to update their identity verification.
The State Bank of Vietnam has also introduced stricter thresholds for transactions:
– Facial authentication is mandatory for online transfers above 10 million VND (about $379).
– Cumulative daily transfers over 20 million VND ($758) also require biometric approval.
The policy is part of the central bank’s broader “cashless” strategy, aimed at combating fraud, identity theft, and deepfake-enabled scams. […] While many Vietnamese citizens have updated their biometric data without issue, the measure has disproportionately affected foreign residents and expatriates who cannot easily return to local branches and dormant accounts that had been left inactive for years. schwit1 highlights a post on X from Bitcoin expert and TFTC.io founder Marty Bent: “If users don’t comply by the 30th they’ll lose their money. This is why we bitcoin.”
Disney is raising prices again for Disney+, Hulu, and ESPN Select starting October 21, 2025, with most ad-supported tiers going up by $2-3 per month and bundles also seeing increases. It marks the third consecutive year of U.S. streaming price hikes. Variety reports: It’s that time of year again, apparently: Disney is raising the prices of its Disney+ and Hulu plans in the U.S., including most bundles, as of next month. The standalone Disney+ with ads service is rising from $9.99 to $11.99/month on Oct. 21, 2025, while the Disney+ Premium (without ads) is going from $15.99 to $18.99/month. The Hulu standalone plan with ads is increasing from $9.99 to $11.99/month as of the same date; the premium version of Hulu with no ads will remain at $18.99 per month.
In addition, the price of ESPN Select (the service formerly known as ESPN+, which has a more limited content lineup than the recently launched ESPN Unlimited all-in app) will increase from $11.99 to $12.99 per month on Oct. 21. For now, the introductory price of the Disney+, Hulu and ESPN Unlimited bundle with ads will remain $29.99 per month (for the first 12 months). It’s the third time in three years Disney is raising the prices of the streaming services in the U.S., after price hikes for Disney+ and Hulu in October 2024 and in October 2023. Disney provided notifications of the latest price hikes Tuesday on its customer support sites.
Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishingGitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.…
Microsoft is preparing a Publisher Content Marketplace to pay publishers when their work is used in AI products like Copilot. Neowin reports: Microsoft is reportedly discussing with select US publishers a pilot program for its so-called Publisher Content Marketplace, a system that pays publishers for their content when it gets used by AI products, starting with its own Copilot assistant. The PCM will launch with a limited number of partners before Microsoft hopes to expand the program over time. The company pitched the idea to publishing executives at an invite-only Partner Summit in Monaco last week. Microsoft was allegedly courting them with the message: “You deserve to be paid on the quality of your IP.” No concrete launch date for the pilot was shared.
As Axios notes, Microsoft is the first major company to try to build a proper AI marketplace for publishers. Other AI labs like OpenAI have mostly focused on securing one-off licensing deals instead of building a platform for ongoing transactions. Companies like Cloudflare are also working on a more technical, network-level solution to this problem.
This is a video of Mark Zuerkerbrek (if you spell his name wrong he can’t track you on Facebook) demonstrating the latest iteration of Meta’s AI-powered smart glasses during a developer event and the glasses failing to cooperate. In the first scene, he can’t manage to answer an incoming call. In the second, the AI fails to help another Meta employee make a Korean inspired steak marinade, skipping steps and all around being the worst kitchen helper of all time. And that’s saying something, because my sous chef doesn’t do anything but threaten to stab me if I ask for something.
An anonymous reader quotes a report from InsideEVs: On Monday morning, I spoke to a Volvo EX90 owner who reported a litany of issues with her 2025 EX90: malfunctioning phone-as-a-key functionality, a useless keyfob, a keycard that rarely worked quickly, constant phone connection issues, infotainment glitches and error messages. I was surprised not because I hadn’t heard of these kinds of problems, but because I experienced them myself over a year ago at the EX90 first drive again. At the time, Volvo said software fixes were imminent. Today, we know the issues go deeper. To solve them, Volvo announced on Tuesday that it will replace the central computer of every 2025 EX90 with the new one from the 2026 EX90. It’s a tacit admission that the company can’t solve the EX90’s issues while simultaneously launching its next-generation software-defined vehicles, and that it’s easier to replace the original computer than to build bug-free software for it. But for some, the damage to the Volvo brand has already been done. “I say without exaggeration that this car is a dumpster fire inside a train wreck,” InsideEVs reader and EX90 owner Sally Greer told InsideEVs.
The report notes that Volvo will replace the computer inside the 2025 EX90 with a Nvidia Drive AGX Orin-based core computer that has contains over 500 TOPS (Trillion Operations Per Second) of power, which Volvo says will help power its autonomous driving ambitions.
