TheRegister

GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) extension. The company's initial assessment is that only internal repositories were exfiltrated. The incident was reported by GitHub on X, with follow-up posts revealing a "poisoned VS Code extension" as the cause. The Microsoft-owned code shack continues to "analyze logs, validate secret rotation, and monitor for any follow-on activity." One GitHub post references "the attacker's current claims of ~3,800 repositories" as consistent with its investigation. This may refer to a post attributed to TeamPCP, the malware crew linked to the Shai-Hulud worm, the code for which has been published and caused widespread damage. In a post, the crew advertised GitHub's internal source code for sale, claiming around 4,000 repositories. They said it was not a ransom and if no buyer was found, they would leak the code for free. Claims like these should be treated with caution. A key concern for GitHub users is whether private repositories are at risk, either immediately or in the future if the attackers have gained a foothold into internal systems via stolen credentials. Risks include leakage of commercial code and credentials. Although best practice is not to check secrets into any repository, public or private, some organizations are less disciplined about this when repositories are private. Last month, Wiz Research discovered a remote code execution flaw in GitHub.com and GitHub Enterprise Server (the self-hosted version), which the researchers said was "remarkably easy to exploit." The vulnerability was discovered using AI. Developer reactions to GitHub's latest problems combine alarm and resignation – plus some humor. "How did the attackers find a large enough uptime window to get in?" quipped one. GitHub is in some difficulty. This compromise comes after a surge in npm attacks, many related to Shai-Hulud code, which the company has failed to prevent despite being aware of the issue since September 2025. Further, the platform has reliability issues caused in part by AI bots hoovering public code to feed large language models – problems that led HashiCorp co-founder Mitchell Hashimoto to declare GitHub "no longer a place for serious work." Another said that "the era where a developer machine with source code access also has access to meaningful security systems should be over. Internal repository access should mean nothing... GitHub compromise could happen at any time, even from GitHub themselves." Issues with cloud platforms also increase the appeal of self-hosted systems such as the open source

The Government Commercial Agency (GCA) - the UK procurement body formed from Crown Commercial Service and Cabinet Office commercial teams - is seeking greater input from customers and smaller suppliers as it develops a new version of its framework for security-focused digital and IT services. The GCA's current Digital and IT Professional Services (DIPS) framework, which runs until November 2027, is open only to buyers within the Ministry of Defence (MoD) and its 17 suppliers are mostly large defense companies and consultancies. The agency wants its replacement to be open to more buyers and suppliers, according to a procurement notice published on May 18 and linked material. The notice says that DIPS 2, which the GCA plans to run for eight years from September 2027 to August 2035, will be available to a wider group of "customers with defence and security requirements" including some outside the MoD, potentially the Home Office and Foreign Office. It has a total possible value of £2.88 billion including VAT. In a supplier engagement session held in March, the GCA said it wants to increase the participation of small and medium-sized enterprises (SMEs), which the government defines as companies with fewer than 250 staff along with turnover and balance sheet limits. It is considering having fewer lots than the six in DIPS 1 and outlined a range of options for this, including a possible lot specifically for projects worth less than £5 million. "We are learning lessons from Ukraine in terms of rapid technological development," Darren Corkindale, a deputy head for professional services in the Ministry of Defence's digital commercial service, told the session. He noted that the UK's Strategic Defence Review (SDR) is expected to include a clear focus on digital and technology including artificial intelligence, cybersecurity, and the electromagnetic domain, adding: "Never thought I'd really say this, but there's an emphasis in the SDR around transition to conflict, war readiness, war preparedness. Again, DIPS 2 needs to reflect that." The GCA plans to complete engagement with suppliers by the end of this year and publish its tender for the DIPS 2 framework in 2027. ®

A group of companies including AWS and Percona have stepped up to fund the maintenance of pgBackRest, an extension to the widely used open source database PostgreSQL, after its future was left hanging in the balance. The tool provides a backup and restore solution for the PostgreSQL RDBMS, which has become more or less ubiquitous in services offered by cloud providers including AWS, Google, and Microsoft Azure. It had been maintained for the last 13 years by David Steele, a principal architect at Crunchy Data – which provides PostgreSQL managed cloud services, Kubernetes deployments, and on-prem solutions – until June last year. At that time, cloud data analytics company Snowflake bought Crunchy Data to help provide a transactional database. A Snowflake spokesperson said: "Open source software is built on broad community participation, and we are pleased to see continued support for pgBackRest from organizations across the ecosystem. Snowflake supports a variety of open source projects, including within the Postgres ecosystem, and we look forward to continued community collaboration." Last month, Steele announced he was no longer able to maintain the project. "Since Crunchy Data was sold, I have been maintaining pgBackRest and looking for a position that would allow me to continue the work, but so far I have not been successful. Likewise, my efforts to secure sponsorship have also fallen far short of what I need to make the project viable," he said. Steele said he was hoping to continue the project, but lack of support was forcing him to consider new roles that would not leave him enough time. A group of interested companies have now banded together to fund ongoing development. "Their support means the project is no longer reliant on a single sponsor, giving pgBackRest the stability it needs for the long term," Steele said. As well as AWS and Percona, sponsors include Supabase, which provides a back-end platform built on PostgreSQL, and pgEdge, which offers open source distributed PostgreSQL. Open source consultancy and technology company Percona said thousands of organizations depend on the pgBackRest extension for backup and recovery of PostgreSQL, including customers running Percona's Expert Support for PostgreSQL. "pgBackRest has been our recommended backup solution/tool for years. When its future came into question, coordinating with other companies to keep it healthy was a straightforward decision – for our customers and for the community," said Percona CEO Peter Farkas. The group of companies, which also includes Tiger Data, creators of TimescaleDB, have committed to supporting bug fixes, feature work, and community reviews. Percona said it plans to bring a new maintainer on board who can help provide continuity in the long term. The project is also looking to recruit more sponsors and reduce reliance on a single maintainer. ®

London’s Metropolitan Police – the UK’s largest police force – asked tech companies to give officers access to private communications data over 700,000 times in 2025 alone, according to figures obtained by The Register under the Freedom of Information Act. These statistics expose the monitoring of everyday platforms like takeaway delivery services, and also show a massive surge in the force's surveillance of the users of low cost MVNO LycaMobile. Additionally, our FoI exposed the acquisition of data from encrypted messaging services designed to offer privacy. Since 2024, the Met says that it has obtained communications data (CD) from Proton’s privacy-focused mail service users 139 times. CD is not messaging content, but metadata. In Proton’s case, this could include account payment details and, in some instances, IP addresses. Although Proton did not dispute these figures, a spokesperson told us: "Proton does not transmit data directly to any foreign law enforcement agencies," adding that it operates under a “strict legal framework” so all requests must go through the Swiss authorities. Requests for data that don’t meet Proton’s legal and human rights requirements are refused, which it has an "established practice" of doing, according to the spokesperson. The Met also claims that it has acquired data results from ProtonVPN, although the non-profit says this is "highly dubious and inconsistent with our technical reality [...] because Proton VPN does not log user activity, there is no data to provide," referring El Reg to its transparency report. “We engage with every request in good faith, but we simply cannot hand over what we do not collect,” Proton said. The Met’s data also suggests encrypted messenger Signal has provided data once since 2024. But this is also, apparently, contrary to records that the non-profit holds. A spokesperson told us: “Signal collects very little data about its users to begin with and publishes the requests we respond to at signal.org/bigbrother. We have not shared any user data in response to a legal request originating from the United Kingdom.” If data was shared by Signal it could only include phone numbers, when the account was created, and when the user last accessed the platform. When queried about the denials by both Proton and Signal, the police force said it couldn’t comment on the specifics of how it acquired the data. The Met Police says that all companies “have a legal obligation” to cooperate with officials thanks to the powers of the Office for Communications Data Authorizations (OCDA). The OCDA is now a part of the Investigatory Powers Commissioner’s Office (IPCO), which monitors the select public authorities, law enforcement agencies, and government departments with the power to acquire comms data. But there’s some fog around authorizations for the police, according to Dr Bernard Keenan, a law lecturer and surveillance researcher at University College London: “When it comes to communications data and metadata, it’s seen as a less severe intrusion than intercepting or accessing the content of a message, and so while the police need an authorization to get it, the decision is delegated to designated senior officers. So it’s something that the police can do operationally, more-or-less autonomously.” Sources compromised In 2024, the year of the most recent IPCO annual report, it was found that these authorizations to all law enforcement agencies affected lawyers 219 times and journalists on 157 occasions. This came with a caveat: “Most [CD] applications relating to sensitive professionals were submitted because the individual had been a victim of a crime.” While CD does not contain message content itself, there remains a risk that contacts such as a journalist’s sources could be disclosed. Also in the report is the revelation that in 2024, 106 warrant applications were issued to specifically identify journalists’ sources, and under these separate powers, the request could also include the communications content itself. There’s no requirement to inform sensitive professionals they have been targeted in this way, and while ordinary law enforcement agencies need to seek a judge’s approval, intelligence and security spies are exempt from this. Tim Dawson, freelance organizer at the National Union of Journalists - who also convenes the International Federation of Journalists’ working group on surveillance - said: “UK legislation lays down clear guardrails for law enforcement agencies obtaining communications data, and includes protections specifically for journalists.” But he continued: “The NUJ does not consider these are sufficiently robust. More disturbingly, however, it is clear that they are sometimes ignored – just look at the cases around the attempted prosecution of Barry McCaffrey and Trevor Birney.” These two journalists were unlawfully spied on by the Met and Police Service Northern Ireland to identify the source of allegedly stolen police documents used in a documentary about paramilitary killings during the Troubles. The police had claimed that information revealed in the film had breached the Official Secrets Act. McCaffrey and Birney used judicial review [PDF] to challenge the police action and the court ruled that the searches were unlawful. 'The digital border is expanding through policing' In 2025, the number of requests sent by the Met to MVNO LycaMobile increased by almost 500 percent year-on-year, rising from 15,702 to 93,527. This drastic spike was totally absent for other British network providers such as Vodafone, O2, Three, and Lebara. Considering LycaMobile’s focus on cheap overseas calling, and the likelihood of foreign nationals using its service, concerns have been raised that this data could be used for a crackdown on immigration. Fizza Qureshi, chief executive of Migrants’ Rights Network, a charity that researches the digital hostile environment, said: “A 500 percent surge in data requests from the Metropolitan Police to a network used largely by migrants and racialized people makes clear that the digital border is expanding through policing.” This checks out, considering the Home Office recently said immigration enforcement officers can now, under the Border Security, Asylum, and Immigration Act 2025, rifle through the mouths of undocumented migrants to search for hidden SIM-cards — as part of new powers granted to seize phones and gather digital intelligence. The new powers came into force last year in December, despite legal reviews finding procedural unfairness of such searches. In 2022, a High Court ruling found the Home Office’s controversial seizure and retention of over 2,000 migrants’ mobile phones was unlawful. “Migrants and racialized people are singled out for surveillance that would never be tolerated elsewhere,” according to Qureshi. “They are treated as acceptable subjects for intrusive monitoring, from phone records to delivery routes. This marks part of a wider trend of pre-emptive criminalization of migrants and racialized people and is an enormous infringement of our right to privacy.” While a Met spokesperson denied any indication that the increase was specifically related to immigration crime, they offered a pretty milquetoast example that an increase in requests to a specific mobile operator could have been due to its increased popularity. If this were the case, Lycamobile would have needed to have grown its users from an estimated 2 million to 10 million for the surge to be consistent. LycaMobile did not respond to The Register’s queries. Additionally, Counter Terrorism Policing (CTP) – a part of the Met – started a procurement process for software for a Communication Exploitation Data Tool last year. Some of the requirements listed on the procurement notice were to process data from Uber rides and deliveries to be used for “intelligence analysis.” At the time of publication, it read: It’s understood the requirements for the project have now changed. When asked for further details, including if a supplier has been found, a CTP spokesperson told The Register: “We previously confirmed a routine tender process to procure software, however further details on systems and their use will not be made publicly available.” This is not surprising given the operational secrecy around national security tech; or, in this case, takeaway delivery surveillance. Dr Keenan explained: “It’s what the government wants the police to be doing: bringing in these capacities to synthesize multiple different data points to use them effectively and to have these powerful surveillance technologies.” The Met Police requested data from ride and food delivery services Uber, Bolt, JustEat, Deliveroo, and Dominos Pizza a sum total of 768 times in 2025. Hundreds of delivery drivers were arrested last year in a spate of immigration enforcement operations, not long after gig economy firms pledged to use facial recognition checks and fraud detection tech to clamp down on illegal working. In response to all of the findings and questions posed by El Reg, a Met spokesperson said: “Every year the Met makes thousands of requests for communications data from a wide range of companies and telephone providers. The information provided helps our officers gather intelligence, solve crimes and find missing people.” ®

Partner Content ZTE recently released its Sustainability Report 2025, highlighting the company's latest achievements in deepening Environmental, Social, and Governance (ESG) practices. This marks the 18th consecutive year that ZTE has voluntarily disclosed its annual sustainability performance to the public. The report demonstrates that in the past year, ZTE fully embraced artificial intelligence, achieving milestone progress in advancing scientific carbon reduction, accelerating global digital inclusion and industry transformation through intelligent technologies, and strengthening governance resilience. These efforts profoundly embody ZTE's responsibility and mission as a "Driver of Digital Economy". Xu Ziyang, Executive Director and CEO of ZTE, states in the report: "In the face of profound changes in the global digital economy, ZTE has unveiled its new vision, 'To lead in connectivity and intelligent computing', with greater strategic foresight and a stronger sense of responsibility. Driven by our 'Connectivity + Computing' strategy, we remain committed to our original aspiration of empowering high-quality and sustainable economic development through technology, and work with our partners to build an intelligent future that is more efficient, green, and inclusive." Strengthening Innovation and Reshaping Digital Momentum with AI ZTE continues to advance its "Connectivity + Computing" strategy, fully embracing AI under the guiding principle of "All in AI, AI for All". In 2025, the company sustained disciplined R&D investment, recording annual expenses of RMB 22.76 billion, approximately 17% of total revenue. Efforts focused on key areas such as connectivity (6G, optical communications, and IP networks), computing power, energy technology, smart terminals (such as AI-powered devices), operating systems, databases, and chips, underpinned by a core commitment to frontier technology exploration and collaborative innovation. According to the report, as of December 31, 2025, ZTE has filed approximately 95,000 global patent applications, with over 50,000 patents granted globally. In the chip sector, the company holds around 5,900 patent applications and over 3,700 granted patents. In the field of AI, it has nearly 5,500 patent applications, with nearly half of them granted. Throughout the year, the company declared and secured over 100 technology projects. Within R&D, AI tools have been widely applied, with a usage penetration rate of 79.78% among developers. The AI code generation rate reached 31.45%, and the improvement in R&D efficiency has begun to manifest. ZTE's innovation was further recognized with 11 gold awards, 3 silver awards, and 39 excellence awards from the China Patent Awards, and 31 honors from the Guangdong Patent Awards. Leading Science-Based Carbon Reduction, Paving the "Digital Green Path" ZTE has deeply integrated climate action with its development strategy, advancing the "Digital Green Path" across four key dimensions: green corporate operations, green supply chain, green digital infrastructure, and green industry empowerment, ensuring the achievement of science-based targets. For Scope 1 & 2 (operational emissions), in 2025, the company exceeded the Phase I target outlined in its 2024 Zero-Carbon Strategy White Paper. Through management measures for energy saving and technologies such as AI-based dynamic scaling and remote control, the company achieved a 46% reduction in carbon emissions compared with the base year of 2021. For Scope 3 (upstream and downstream emissions), ZTE achieved an 8.55% reduction in physical emissions intensity during the use and maintenance phase of telecom products, with a year-on-year reduction of 3.05% in absolute emissions across the full lifecycle of terminal products. For three consecutive years, ZTE has been recognized on the CDP Climate A list for its excellence in environmental governance. In terms of green operations, ZTE has established a systematic decarbonization pathway spanning energy mix optimization, refined technical energy-saving solutions, management-driven electricity saving, dual-carbon digitalization, as well as capability building and awareness enhancement. In 2025, the company completed new photovoltaic projects in Xi'an and Changsha, increasing the proportion of photovoltaic power generation with an annual generation of 39.22 million kWh. Furthermore, ZTE actively participated in green electricity trading and obtained 33,700 green electricity certificates (a total of 33.69 million kWh of electricity) throughout the year.Regarding the green supply chain, ZTE has comprehensively integrated low-carbon requirements into its SPIRE 2.0 supply chain strategy, collaborating with partners to build a technology-driven, end-to-end eco-friendly value chain that drives sustainable development across the entire industry ecosystem.In 2025, with its Xi'an Base and Changsha Base newly awarded the "National Green Factory" certification, the company now operates three national-level green factories and one provincial-level green factory. Over the past year, ZTE accelerated supply chain decarbonization by conducting dual-carbon training for 97 suppliers and performing dual-carbon audits on 158 suppliers. Furthermore, it provided guidance for 152 key suppliers (covering 50.82% of procurement spend) on completing carbon accounting and drove 83 key suppliers to participate in CDP assessments and make public disclosures.For green digital infrastructure, ZTE adopts self-developed low-power chips, advanced cooling technologies such as liquid cooling, PV applications at sites, and full lifecycle carbon footprint management to provide green digital infrastructure for the industry. By the end of 2025, the company had completed carbon footprint assessments for 240 products, achieving full coverage of all product categories.For green industry empowerment, ZTE leverages ICT technologies (such as 5G, cloud, AI, and the Digital Nebula platform) to provide digital transformation solutions for various industries, helping them achieve energy saving, carbon reduction, and quality and efficiency enhancement. A prime example is ZTE's collaboration with Benxi Tool Co., Ltd. on its smart factory initiative. Leveraging the 5G-enabled industrial Internet solution, the project successfully reduced the cumulative number of frontline operators across process steps by 20% while boosting the annual output by 1.5 times. Furthermore, the project shortened the lead time for raw material procurement by 40%, slashed the downtime due to material shortages by 50%, and cut the delivery time by 20%. These improvements significantly enhanced the overall competitiveness of this metal tool manufacturer. Advancing Tech for Good, Building an Inclusive and Equitable Society ZTE remains committed to a people-centric philosophy, striving to ensure equal communication rights and digital opportunities for communities worldwide. Providing network services to one-third of the global population, ZTE extends sustainable infrastructure and technological empowerment to every corner of the globe. From the remote heights of Baqen, Xizang, where ZTE deployed an FTTR-B all-optical network solution at the People's Hospital of the county (situated at an altitude of over 4,500 meters) to bridge the telemedicine divide, to Africa, where the company's "Signal Reach" program built 152 rural network sites in Ethiopia to bring reliable connectivity to over one million people, ZTE continues to bridge the digital divide and foster an inclusive, equitable, and intelligent digital world. ZTE regards talent as its most valuable asset, committed to building a learning organization and continuously fostering an employee empowerment ecosystem in the AI era. In 2025, the company maintained 100% employee training coverage and regularly carried out Employee Assistance Program (EAP) initiatives. In addition, ZTE successfully passed the re-assessment for the ISO 45001 system for all domestic operations and production sites, as well as for operations in 30 overseas countries. In public welfare, ZTE further strengthened its volunteer service system in 2025, with the number of employee volunteers surpassing 20,000 and more than 600 global community programs carried out during the year. Guided by its vision of "Goodwill, Everywhere", ZTE implemented tailored projects in over 40 countries, including China, India, Indonesia, Spain, South Africa, and Ethiopia, focusing on educational support, medical assistance, low-carbon environmental protection, and rural revitalization. These efforts benefited more than one million people globally, underscoring ZTE's commitment to building a more inclusive and sustainable society. Strengthening Compliance Foundations, Enhancing Governance Resilience ZTE continuously builds and improves its three-tier sustainability governance system of "Strategy—Decision-Making—Execution", proactively addressing emerging risks to ensure steady implementation of its strategic goals. In 2025, the company sustained its ISO 22301:2019 Business Continuity Management System certification, covering five manufacturing bases and major R&D centers, while also guiding major suppliers to establish BCM management systems. ZTE also sustained ISO 37001 certification for anti-bribery management systems, covering its subsidiaries and branches in 38 key countries. In addition, the company officially launched its "Cross-Border Data Compliance Service Platform for Enterprises Going Global", a one-stop solution designed to help companies tackle complex global compliance challenges. ZTE regards data compliance governance as an important part of the company's overall compliance governance framework. In 2025, the company sustained ISO/IEC 27001 (Information Security Management System) and ISO/IEC 27701 (Privacy Information Management System) certification. Alongside releasing its updated ZTE Privacy Protection White Paper, ZTE secured EU's ePrivacyseal Global certification for five of its key fixed network and multimedia products, reinforcing its world-class data protection standards. As a member of the United Nations Global Compact and the Global Enabling Sustainability Initiative (GeSI), and a key participant and one of the first Champions of the Partner2Connect (P2C) Digital Coalition initiated by the International Telecommunication Union (ITU), ZTE's ESG efforts continue to receive worldwide recognition. In 2025, the company was rated by Sustainalytics as "Low ESG Risk" for the fourth consecutive year, included in the 2025 Fortune China ESG Impact List for the fourth year, honored with "Excellence in Practice Award" from the Association for Talent Development (ATD) for the sixth consecutive year, and once again included in the S&P Global Sustainability Yearbook (China Edition) 2025. ZTE was also selected for the 2025 China's Top 100 Overseas Brands Index released by People's Daily Overseas Online and Global Yearly Brand Research Institute, and was selected as a model case in the 2025 China Corporate ESG Blue Book, and was recognized by Phoenix TV as an "ESG Communication Influence Pioneer". Looking forward, ZTE will continue to leverage its strengths in the R&D innovation and commercialization of fundamental technology, actively supporting the realization of the United Nations Sustainable Development Goals (SDGs). The company remains committed to creating long-term value for stakeholders and driving society toward a future that is more efficient, greener, smarter, and more inclusive. Download ZTE Sustainability Report 2025 here. Visit ZTE's sustainability website for more updates on their commitment to sustainability. Contributed by ZTE.

American outfit Varda Space Industries thinks it’s a little closer to operating factories in space after successfully landing its latest test craft. Varda won the USA’s first-ever license to first license fly uncrewed spacecraft that reenter the Earth's atmosphere. The company wants to do this so it can build small craft that include manufacturing facilities that create products it’s only possible to make in microgravity - mostly pharmaceuticals - and figures that the relatively cheap launch services offered by private launch companies will make orbital factories economically viable. Spacecraft are not cheap to build, and the cost rises if they include equipment to slow from orbital speeds before reaching Earth’s atmosphere. Crewed craft can be more expensive still. And humanity just doesn’t have a lot of capacity to schlep stuff home from space. In March, Varda therefore launched a capsule called the W-6 that it hoped would survive re-entry at hypersonic speeds, and do so using an autonomous navigation system “that uses onboard imagery to identify resident space objects, including stars and low Earth orbit satellites, to determine precise vehicle position.” The company reckons that represents “a critical step toward fully autonomous navigation for hypersonic and reentry vehicles.” The craft also carried one nose tile that included samples of advanced thermal protection materials, another two tiles equipped with sensors to record data NASA will use to learn about hypersonic re-entry and the materials that make it possible. Thermal performance matters because if you go to all the trouble of launching an orbiting factory if the product made in space gets cooked during re-entry. It all seems to have worked because the capsule touched down as planned on Monday. Varda hasn’t said much about the state of the W-6’s capsule and its interior when it landed but has celebrated the flight as “another demonstration that frequent, low-cost, reliable return is easily accessible.” The W-6 landed at the Koonibba Test Range in South Australia, whose operator Southern Launch celebrated the fact this is the fourth capsule to land in the patch of remote bushland it tends in the last twelve months. ®

PaaS platform Railway says Google temporarily suspended its account on Wednesday without cause, inducing a major outage. Railway automates code deployment by taking a GitHub repo and doing all the work needed to get it running from the cloud. It’s struggled to do that for the last few hours and the company’s status page tells the sad tale, starting with an update time-stamped May 19, 22:29 UTC that said the company is “investigating a widespread service disruption” that meant “Users may be experiencing errors including ‘no healthy upstream’, ‘unconditional drop overload’, login failures, and inability to access the dashboard.” Angelo Saraceno, a solutions engineer for Railway, told The Register the company noticed a problem at around 22:00 UTC. He said the company’s resources appeared to have been deleted and appeared not to exist. Google has since explained it suspended the account, making Railway’s resources invisible. “Our contacts at Google were confused, customers are irate,” he added. We are livid and still trying to get all the details Ironically, in 2024 Railway decided to shift much of its infrastructure into colocation services after Google “caused a multitude of problems that have posed an existential risk to our business.” Those problems resurfaced in 2025 after more trouble at Google Cloud that again impacted Railway’s services. But Railway kept its control plane in Google Cloud and still has a dependency on databases that run there. Those resources see it spend an eight-figure sum each year. Yet Saraceno said when this incident commenced, it took an hour for Google’s support team to engage. “We are livid and still trying to get all the details,” he said before advancing a theory that Railway somehow triggered an enforcement rule. Railway’s status page says that as of 22:43 UTC the company “escalated this directly with Google.” Oh, to have been a fly on the wall during that escalation! Railway’s most recent status update, at the time of writing, is an 03:05 May 20 missive that states “More workloads are coming back online. Some users may still experience intermittent issues during the recovery. Non-enterprise deploys remain paused; enterprise deploys are unaffected.” The Register has contacted Google to ask if and why it blocked Railway’s account. You know the drill: We will update this story if we receive more than corporate platitudes. Cloud providers might rightly block a customer’s account over unpaid bills or inappropriate use – but usually do so after giving fair warning. Railway told us this incident came out of the blue. Google has form taking down customers without cause: In 2024 it infamously wiped out all rented infrastructure used by Australian pension fund UniSuper. Railway’s status page includes apologies to its customers, despite the problem being at Google’s end. “Our customers don’t care if it is Google,” Saraceno said. “We have to own our uptime.” ®

The wave of layoffs attributable to the adoption of AI has washed up on the shores of New Zealand, which has announced an overhaul of its public service that will see the technology become a “basic expectation” for government agencies and help to make it possible to sack 9,000 staff - about 14 percent of current headcount. Finance Minister Nicola Willis announced the job cuts yesterday, in a speech that saw her bemoan the fact that New Zealand’s government comprises 39 departments and ministries, and compared that to the 16 in Australia and 24 in the UK. She characterized the nation’s public service as “scared of AI, slow to move to the cloud” and said it operates a “complex and fragmented set of overlapping IT solutions.” “Our government is as frustrated as you are by the fragmentation and silos, the complexity, the status-quo thinking and the dangerously slow take up of digital and AI technologies,” she added. Aotearoa’s answer is to task its Chief Digital Officer “to embed AI deployment as a basic expectation for all public entities.” Minister Willis mentioned a “recent trial of an AI scribe tool in hospital emergency rooms which has reduced the amount of time clinicians have to spend on file notes and increased the time they spend with patients” as an example of the sort of thing she hopes to replicate. She said the planned overhaul will therefore “reduce the number of government departments, increase the use of AI and other digital tools, and deliver significant savings.” The government plans to cap departmental budgets and says that combined with redundancies it will save NZ$2.4 billion ($1.4 billion) over four years – less than one percent of all core government spending. Plenty of tech companies have made substantial redundancies that they justify as necessary to create an appropriate workforce for the age of AI, an explanation we’ve seen deployed to explain deep cuts at Cisco, Cloudflare, Atlassian, Meta, and Arctic Wolf. Few governments have done likewise, but one early high-profile effort – the Elon-Musk-led “Department of Government Efficiency” – hoped to use AI to improve government operations but left behind little evidence it had succeeded. New Zealand is blessed with many resources and extraordinary natural beauty, but has a modest tax base – yet residents expect a high level of government services. Minister Willis’s plan is therefore a very big bet on AI. ®

Anthropic is acquiring Stainless, a maker of software development tools that counts rivals OpenAI and Google as clients. The deal, reportedly for more than $300 million, demonstrates Anthropic's continued interest in exercising greater control over the AI technical stack and suggests that speculation about the commodification of models is on the mark. Frontier models will not be so strong that they serve as a moat or barrier to competition, but the tooling and workflow around those models should provide some cover. Anthropic has made several recent acquisitions that give it more say in the software that orchestrates model input, output, and tool calls. In December, it snarfed Bun, a JavaScript runtime, package manager, and test runner. Two months later, it bought Vercept, a company focused on AI-mediated computer usage. In April, it admitted healthcare AI startup Coefficient Bio into the fold. Enter Stainless. "Hundreds of companies rely on Stainless to generate SDKs, CLIs, and MCP servers – the libraries, command-line tools, and connectors that let developers and agents use an API," Anthropic said in its announcement. "Stainless turns an API spec into SDKs across TypeScript, Python, Go, Java, Kotlin, and more." SDKs are sticky. Whoever ships the cleanest one wins the long tail of developer mindshare One of those hundreds of companies is OpenAI – its Python, Node, Java, Go, and Ruby clients are based on SDKs generated by Stainless. With Stainless now planning to shutter its platform on September 1, 2026, OpenAI and other industry customers will have to shoulder the burden of maintaining existing SDKs and find equivalent tools elsewhere. It should be noted that OpenAI in March agreed to acquire Python tool maker Astral, one of six such deals this year. So far, the Astral acquisition hasn't affected the ability of Anthropic or developers to use Astral's tooling. Jan Schmitz, who runs AI analytics biz BrightBean, described the Stainless acquisition as both offensive and defensive. "By acquiring the SDK infrastructure used across the industry, Anthropic gets visibility into how competitors evolve their APIs, even if only through generator usage patterns, and it gains the ability to set the pace on integration tooling," he said in a blog post. "The defensive read: If OpenAI or Google had bought Stainless first, the damage to Anthropic’s developer ecosystem would have been worse. SDKs are sticky. Whoever ships the cleanest one wins the long tail of developer mindshare." Schmitz also argues that Anthropic sees value in controlling the MCP standard that it proposed and promoted. "The pattern looks like this: Control the standard by giving it away, then control the implementation by owning the toolchain," he said, noting that Google followed that playbook with Kubernetes and then making GKE the leading managed version. ®

Google is warning some long-time G Suite Legacy users that they must start paying for Workspace subscriptions or lose access to Gmail, Drive, Calendar, and other core services, after the company flagged their accounts as "commercial use." A reader alerted The Register to what appears to be a new crackdown on long-standing G Suite Legacy accounts, with similar complaints now piling up on Reddit from users accused of violating Google’s non-commercial use policy, despite insisting they use the accounts only for family email and personal domains. Reports have been stacking up on Reddit’s r/gsuitelegacymigration subreddit from users who say their long-running personal G Suite Legacy accounts are suddenly being classified as “commercial use” accounts and pushed toward paid Google Workspace plans by May 2026. A lot of users have been through this before. Google spent part of 2022 trying to wind down free G Suite Legacy accounts, then changed course after users running family domains made enough noise. Now some of those same users are being told they have fallen outside Google’s rules after all. Emails seen by The Register warn users their accounts have been "identified as being used for commercial purposes" and say Google may start suspending Gmail, Calendar, Drive, Meet, and other Workspace services if they do not either win an appeal or begin paying for Workspace subscriptions. "Please upgrade to a paid Google Workspace subscription to continue using your services. Look out for a notification regarding the appeal process in Google Admin console or email," the email reads. "If you don’t take action during your 45-day appeal period, Google will begin suspending your Google Workspace core services, including Gmail, Calendar, Drive, and Meet. As a result, you will lose access to these core services and data." In a statement to The Register, a Google Workspace spokesperson said: "G Suite legacy free edition is intended for personal non-commercial use. If users are identified as commercial users, we are enforcing our existing policy and helping them transition to a Google Workspace subscription. Anyone who believes their account has been identified as being used for commercial purposes in error can file an appeal." The trouble, according to users, is that the appeals system appears about as transparent as a brick. One Reddit user said their appeal was initially denied despite "none" of the account activity being commercial. After filing a GDPR subject access request asking Google to provide evidence of business use, the user said the company abruptly reversed course the following day and restored the account. Others say they were not so lucky. One UK-based user whose appeal failed accused Google of relying on vague "signals" data and effectively trapping users into accidentally linking personal accounts to business activity. Another said their family-only custom domain, used solely for relatives’ email accounts and with no commercial activity, was permanently classified as business use despite an appeal. Some users suspect the enforcement may be tied to custom domains that have at some point been associated with public business listings, websites, or Google Business profiles. Google has not explained what specifically triggers the bans. The move also lands days after Google quietly began testing a 5 GB storage cap for some users who decline to add phone numbers to their accounts, suggesting the company’s definition of "free" continues to come with increasingly creative terms and conditions. ®

Microsoft seized websites and took down hundreds of virtual machines running a cybercrime service that allegedly sold code-signing certificates to ransomware gangs, thus making their malware look like legitimate software – and allowing criminals to infect thousands of machines in the US, including at least 12 owned and operated by the Windows giant. The malware signing-as-a-service operation called Fox Tempest has been around since May 2025, and abuses Microsoft’s Artifact Signing code-signing service. This service allows developers to digitally sign their software applications, signaling to the Windows operating system and end-user that the software is authentic, and hasn’t been tampered with. Since May 2025, the Fox Tempest crew – referred to as John Doe 1 and 2 in court documents unsealed on Tuesday – used fake identities and impersonated real organizations, allowing them to create more than 580 fraudulent Microsoft accounts. They then used these accounts to abuse Microsoft’s Artifact Signing service and obtain real code-signing credentials, then sold the code-signing certificates to other criminals for thousands of dollars. According to Microsoft, Fox Tempest’s customers included a ransomware group Redmond tracks as Vanilla Tempest (aka Vice Spider, Vice Society, Rhysida), which allegedly used the certificates to digitally sign malware and make it appear legitimate to Windows and users. This also allowed the ransomware slingers “to more easily deploy the malware onto the computers of unsuspecting victims without their consent,” according to the court documents [PDF]. Malware included Windows backdoor Oyster, infostealers Lumma and Vidar, and Rhysida ransomware. Vanilla Tempest “unlawfully accessed victims’ computers and devices, exfiltrated and stole the personal and confidential information of victims, deployed ransomware designed to encrypt victims’ files and systems, and extorted victims by demanding payment in exchange for restoring access to, or suppressing, their data,” the civil complaint continues, adding that the criminal activity remains ongoing. In a subsequent blog post, Microsoft Digital Crimes Unit attorney Steven Masada said the tech company's investigation “further linked Fox Tempest to various additional ransomware affiliates and families, including INC, Qilin, Akira, and others.” Between February and March, the Digital Crimes Unit (DCU), working with “a cooperating source,” anonymously bought and tested the code signing service from John Doe 2, aka SamCodeSign. “These test purchases allowed DCU investigators to observe first-hand how Fox Tempest Defendants operate the service, the information a purchaser is provided, and the instructions given by SamCodeSign to connect to the service and sign the test software created by Microsoft,” the court documents say. “Additionally, the test purchases allowed DCU to identify cryptocurrency wallets used by Fox Tempest Defendants.” During the first test purchase, the source filled out a Google Form asking them to select how quickly they needed the certificates. Standard costs $5,000, while priority runs $7,500 and expedited carries a hefty $9,500 price tag. SamCodeSign then sent a direct message to the source and requested the $7,500 payment to be sent to a bitcoin wallet, according to screenshots (translated from Russian) in the court documents. After the source paid up, SamCodeSign sent instructions on how to access the virtual machine and complete the code signing process. “Microsoft has identified thousands of customer machines, including more than a dozen machines owned and operated by Microsoft, in the United States that have been impacted by malware signed with certificates originating from the tenants created by Fox Tempest Defendants,” the complaint says. ®

The back-of-house AI system that Pizza Hut has mandated its restaurants to adopt has been so poorly received by some franchisees, that one is using the company for $100 million in losses tied to the technology. Put that in your crust and stuff it! Chaac Pizza Northeast, a franchisee with around 111 Pizza Hut locations in New York, New Jersey, Maryland, Washington DC, and Pennsylvania, filed a complaint in the Business Court of Texas earlier this month accusing the Hut of breaching its franchise agreement by mandating Chaac adopt restaurant management AI from Dragontail, a provider of AI-powered food delivery software. What was supposed to be a platform that would unify multiple kitchen systems under one AI-managed umbrella allegedly turned out to be a disaster for Chaac, which claims it was a leader among Pizza Hut franchises on metrics like delivery speed and rack time (i.e., the time between a pizza leaving the oven and leaving the store for delivery) prior to forced Dragontail adoption. Pizza Hut parent company Yum Brands purchased Dragontail in 2021. “With the intention to improve efficiency and service to the customer, Dragontail did the exact opposite; it caused significant delays and pummeled consumer satisfaction,” the lawsuit filing states. Chaac further alleged that Pizza Hut didn’t provide promised Dragontail support, and refused to allow Chaac to step back its use of the product, “causing cascading operational breakdowns and customer dissatisfaction.” Chaac admits it might be a bit of a special case, however, because of its particular business model: The company’s Pizza Hut locations don’t have a dining room, instead exclusively offering carry out and delivery services. Chaac also doesn’t employ its own drivers, instead relying on DoorDash to handle its deliveries. Before Dragontail’s implementation, staff at Chaac Pizza Huts had to input pickup requests into a DoorDash tablet, according to the lawsuit, which would handle getting the delivery order to a driver. Centralizing all of the order-to-delivery pipeline under one product meant that DoorDash gained visibility into the entire pizza making process. On one side that makes things more efficient, as the complaint explains. “This access allowed DoorDash to know when the pizzas went into the oven and were ready for pick-up, and when other pizza orders would be ready for pick-up,” the suit states - not bad if that means drivers aren’t sitting around waiting. In practice, however, that’s not what happened. Drivers were able to see whether additional orders would be up soon, meaning many of them would grab one order and simply wait 15 minutes for another, meaning the first order was invariably late and cold by the time it got to a customer. DoorDash drivers were also able to see any pre-paid tips on the order and whether an order was paid in cash. In many cases, drivers would decline tipless and cash orders. “These issues, arising out of DoorDash’s visibility, caused a disruption in orderly delivery and significantly slower delivery times,” the suit claimed, adding that the changes ultimately benefited DoorDash at Chaac’s expense. “The damage was not abstract,” the suit continued. “Chaac suffered lost revenue, lost profits, loss in enterprise value, business interruption, and erosion of goodwill and customer relationships” as a result of Dragontail adoption. According to the lawsuit, loss of business and enterprise value due to the forced adoption of kitchen management AI caused is in excess of $100 million, which Chaac is demanding as recompense. It’s not difficult to find examples online of Pizza Hut employees complaining about Dragontail. Multiple Reddit threads from inside the 2020-2024 implementation period contain examples of employees describing dissatisfaction with the software. Several commenters note, as Chaac did in its lawsuit, that Dragontail took control out of the hands of its kitchens and put it in the hands of AI. “Dragontail’s integration with kitchen workflow and aggregator dispatch predictably stripped Chaac’s managers of operational control, introduced delays, and invited stacking and other algorithmic behaviors that slowed production and delivery,” the lawsuit argues. Pizza Hut has been struggling in recent years, with Yum closing hundreds of locations so far this year in the midst of a turnaround effort that included initiatives like adding Dragontail to the struggling brand’s locations; the company didn’t respond to questions for this story. Whether this’ll be another nail in Pizza Hut’s coffin or just a bump in the road will be up to a judge to decide. ®

Sundar Pichai, CEO of Google and doting parent company Alphabet, opened its Google I/O developer conference with a celebration of token and capital expenditures. Tokens are the basic data exchange unit of AI models and Google has vastly increased its token processing to accommodate internal and external demand for AI inference. Two years ago, Pichai said, Google handled 9.7 trillion tokens per month. Last year, it was 480 trillion per month. Currently, the Chocolate Factory handles 3.2 quadrillion tokens per month. "Now some out there might call this tokenmaxxing and there's probably some truth to it," said Pichai. "I still think it tells an important story about our products and how others are building as well, especially our developers." Pichai said over 8.5 million developers are building applications using Google's Gemini model family monthly, using about 19 billion tokens per minute in API calls. And over the past 12 months, more than 375 customers have consumed more than 1 trillion tokens each – an indication there's some demand for AI among businesses. That token processing is possible because of the vast capital expenditures Google has made in datacenters and compute capacity, and TPU hardware. "Supporting all of this at scale for our users while also serving enterprises and developers around the world requires massive investments in infrastructure," said Pichai. "And we've been investing for today and for the future. In 2022, we were spending $31 billion annually in capex. This year, we expect that number to be about six times that, approximately 180 to 190 billion dollars." Demis Hassabis, co-founder and CEO of Google DeepMind, took a turn on stage to provide an update on Google's progress toward AGI – artificial general intelligence – that ill-defined point when AI models perform some set of tasks as well as a human. Gemini Omni, Hassabis suggested, is a step in that direction. It can, he said, "create anything from any input," meaning digital stuff as opposed to atomic replication. "It combines Gemini's intelligence with the best of our generative media models for a new level of world understanding, multimodality and editing," he explained. Gemini Omni combines video, image, and interactive simulation capabilities of models like Veo, Nano Banana, and Genie with physics modeling, so projects accurately depict object interactions involving kinetic energy and gravity. The first model in that family, Gemini Omni Flash, is now available. Pichai returned to announce an expansion of SynthID, Google's AI watermarking technology. Google, he said, will support C2PA content credentials verification across its products, to help people distinguish between content created by AI and by a camera, and to tell whether it has been edited with Google Photos. "We are expanding both SynthID and content credentials verification to Search and Chrome," said Pichai. "You can simply circle to search or right-click in Chrome and ask, 'was this generated with AI?' and you'll get a clear response along with other helpful context." To help make this technology more broadly useful, Google said OpenAI, Kakao and ElevenLabs have decided to adopt SynthID. Pichai went on to announce the next generation of its Gemini model family, Gemini 3.5 Flash. "When compared to 3.1 Pro, Flash is better across the board, in almost all benchmarks," he said, adding that the model has made "huge progress in coding," one of the more remunerative use cases for AI models presently. One of the major selling points of Gemini 3.5 Flash is that it offers comparable performance to other frontier models, but much faster. The model manages about 289 tokens per second, about 4x more than other frontier models, Google claims. Those using Google's coding harness Antigravity can look forward to even greater speed gains. "We've optimized Flash to be not just four times, but 12 times faster in Antigravity," said DeepMind engineer Varun Mohan, adding that the 2.0 release of Antigravity is out now. The other major selling point is price. "Top companies in Google Cloud are processing about 1 trillion tokens a day," said Pichai. "If they shifted 80% of their workloads from other frontier models to 3.5 Flash, they'd save over $1 billion annually." Gemini 3.5 Flash is also making its presence known in the Google Gemini app and in Search through its integration with Gemini Spark, an agent service. "It's your personal AI agent that helps you navigate your digital life, taking action on your behalf and under your direction," Pichai explained. "It runs on dedicated virtual machines on Google Cloud. And it's 24/7." Based on Gemini 3.5 Flash, with an assist from the Antigravity harness, Spark can perform long-running tasks in the background, presumably without incurring a huge token bill. Spark will be able to connect to other tools – Google apps initially like Gmail and Chat, then third-party tools via MCP. Chrome integration, which will enable agentic browsing, is planned for later this summer. Josh Woodward, VP of Google Labs, Gemini and AI Studio, described how he used Spark to arrange a block party, emailing neighbors, recording their responses in a spreadsheet, and creating a slide deck. This is rolling out now to trusted testers and to Google AI Ultra subscribers in the US next week. Spark's arrival coincides with a new $100/month Ultra plan tier and the deflation of the top Ultra tier from $250/month to $200/month. Pichai offered up one of his timeworn phrases – "It's still the early days when it comes to making agents easy to use, super secure, and truly helpful" – to gloss over the security and privacy implications of AI agents acting on user data and applications without supervision. Then he handed off to Liz Reid, VP of Search, who proceeded to detail further AI incursions into Google's Search service. Gemini 3.5 Flash, she said, has become the default model for AI Mode. And the Search box itself has been redesigned to surface AI-based suggestions and to facilitate inputs from modalities other than text, such as images, files, videos, and Chrome tabs. The biggest change is Search Agents, which like Gemini Spark will be accessible from Search and will run while you're away from the keyboard. "You can set information agents to work for you 24/7 in the background," said Reid. "They can find you exactly what you need, exactly when you need it, and help you take action. You can spin up multiple agents in search simultaneously to get updated and make progress on all those things that matter to you." Google is also taking a page from Anthropic by offering code-based interactive widgets or mini-apps on demand. Search users will be able to create dynamic layouts, charts, graphs, and the like through the integration of Gemini 3.5 Flash and Antigravity in a containerized environment. This generative UI capability is rolling out this summer. Expect Google's token expenditures to continue to grow, along with pressure to purchase subscriptions to pay for the agentic labor. ®

Firefox version 151 is out of beta and trickling out to users, with handy additions, just in case you were thinking of jumping ship from Windows 11 to Linux. Mozilla has officially released Firefox 151, although automatic updates are not yet happening at the time we write this. Its profit-making subsidiary MZLA has also released Thunderbird 151, although its new-feature list has less cool new shiny. The Firefox product announcement trumpets a “fresh new look and feel” for the New Tab page. As we’ve already lightly customized ours, we didn’t see that, but you know how it is – this is the sort of thing marketing folks can understand and sound excited about. Apparently you can customize its wallpaper and add a “Recent Activity” feed, if that’s what you want. (We’ve just added a few more rows of shortcuts to recent pages.) A more useful function, especially if you don’t trust Firefox Sync and you’re thinking of changing to a new OS, is improved handling of Firefox Backup, the built-in tools for backing up and restoring your profile (or profiles, plural, for the truly hardcore). The page in the last link hasn’t changed in the last three weeks, and it still says, “Note: Firefox Backup is currently only available to users on Windows 10 and 11. This feature may be extended to other platforms in future versions of Firefox.” Well, now it has: the release notes say it works on Linux now. We’ve also seen reports that it is now on macOS too, but not on our iMac (This could be because we’ve been using Firefox Sync since the late lamented Xmarks shut down). A key addition is that a profile backed up on one OS can now be restored on a different OS, which sounds like a significant improvement to us. This includes extensions and themes. Last time around, we shared the news that the PDF editor could split multipage PDFs into chunks, including saving out individual pages. In this version, it can now merge multiple PDFs into one, which also sounds handy. It’s the sort of feature we rarely need, but when we do, we really need it. Suffice to say that with recent Firefox versions, we no longer need a standalone PDF viewer. As well as over 30 security fixes and the usual developer changes, this release fixes some more visible bugs: multi-monitor handling has been improved, as has macOS integration. For instance, it can now handle links pasted from iOS using Apple’s Universal Clipboard feature, and dropdown menus on web pages use the native Apple menu style. Firefox’s Enhanced Tracking Protection has been further – er – enhanced, and now conceals more info about you – and much more on macOS. Thunderbird 151 is nigh upon us The closest thing to a universal cross-platform messaging client that the 21st century has to offer us so far has been updated, too. Thunderbird 151 is rolling out, although we haven’t been offered the update yet. The release notes' What’s New section only has three bullet points, and one of those is for the not-yet-public Thundermail service, part of Thunderbird Pro. However, it’s easier to adjust authorization settings for automatically-created accounts, Microsoft Exchange handling has been slightly tweaked, and you can sort tasks by different criteria. Since our task list is about three pages long and never seems to get any shorter, that sounds quite handy. ®

The US Cybersecurity and Infrastructure Security Agency (CISA) left open a GitHub repository named “Private-CISA” containing plain-text passwords, private keys, tokens, and secrets – with obvious file names like “external-secret-repo-creds.yaml” and “AWS-Workspace-Firefox-Passwords.csv” – for six months. GitGuardian researcher Guillaume Valadon, fresh off a recent talk on Kubernetes secret leaks, found the public repository on May 14, and told The Register that he “quickly understood that the leak was bad and that time was running out. A national agency having 844 MB of production infrastructure material in a public GitHub repository for six months is as serious as a secrets leak gets.” Valadon, who previously spent nine years at France’s CISA equivalent, ANSSI, told us the leak included tokens for CISA's internal JFrog Artifactory, Azure registry keys, AWS credentials, Kubernetes manifests, ArgoCD application files, Terraform infrastructure code, GitHub personal access tokens, and Entra ID SAML certificates. GitGuardian reported the leaky repository to CISA on May 14, and the agency took it down a day later. A CISA spokesperson told The Register that it was aware of the report and is investigating. "Currently, there is no indication that any sensitive data was compromised as a result of this incident.” It’s not a good look for the nation’s infosec agency, which hasn’t had a permanent boss since Trump took office, is facing hundreds of millions of dollars in budgets cuts on top of deep cuts to staff and funding last year, and has suffered its share of embarrassing security snafus in the interim. In a Tuesday blog, Valadon said he initially thought the repo “was a hoax, given how suspicious the directory names (Backup-April-2026/, All Backups/, LZ-Artifactory/, Kubernetes-Important-Yaml-Files/, ENTRA ID - SAML Certificates/ ...), file names (external-secret-repo-creds.yaml, CAWS GitHub Token.txt, Important AWS Tokens.txt, AWS-Workspace-Firefox-Passwords.csv, Kube-Config.txt ...), and their contents (private keys, personal and professional GitHub tokens, AWS secrets, ...) seemed too good to be true,” Valadon wrote. It wasn’t a hoax – “The Cybersecurity and Infrastructure Security Agency is aware of the reported exposure and is continuing to investigate the situation,” but it was a “catalogue of unsafe practices,” he added, containing passwords stored in plain text, backups committed to Git, and an “explicit” how-to guide for disabling GitHub's secret scanning. After initially reporting the leak through the CERT/CC portal, and only receiving an auto-acknowledgement as of the morning of May 15 – a Friday – Valadon alerted security journalist Brian Krebs about the publicly exposed secrets, which seemed to speed up CISA’s processes. By 6 pm EST that night, the feds took down the repository. Valadon told The Reg he gives CISA credit for quickly deleting the repository. “Most of our responsible disclosures take much longer, and many are never fixed,” he said. “Managing to take the repository offline in a day is impressive work.” He doesn’t know if any other parties with less altruistic intentions found the secrets first, although the fact that the repository was never forked (based on public GitHub events) would seem to indicate that it wasn’t widely circulated on the dark web. “The only ones that can answer definitively is GitHub,” Valadon said. GitHub did not immediately respond to The Register’s inquiry. GitGuardian isn’t aware of any of the exposed credentials being abused by unauthorized individuals “Each category of secret in the repository unlocks a specific attack path,” Valadon said. “Stacked together, they cover the full range: from destructive attacks and ransomware extortion to quiet, long-term persistence inside CISA's build and deployment pipeline. That last scenario worried me the most, and it's why I escalated through every channel we had until the repository was taken offline.” Plus, the committer used both a CISA-issued contractor email and a personal Yahoo email across the same commits, and created the repository using a personal GitHub account. “That mixed-identity pattern is one of the hardest surfaces for security teams to cover, and it's where the worst leaks happen,” Valadon said.®

You know about shadow IT. Get ready for the shadow AI surge. Employees using unauthorized personal accounts to access GenAI tools are emerging as a growing insider-risk concern for organizations, new research shows. That means workers who have access to sensitive material could be plugging it into their AI platform of choice more frequently, leaving their organization none the wiser. Of the 45 percent of all professionals using AI in the workplace regularly, 67 percent of those were accessing the platforms using personal accounts that were not authorized by their IT teams, data from Verizon’s annual data breach investigations report (DBIR) [PDF] showed. Verizon said that the proportion of users accessing AI through personal accounts now represents a fourfold increase in non-malicious insider actions detected across this year’s dataset of more than 22,000 breaches globally. We’re not just talking about the Gemini, Claude, ChatGPT, and Grok, but also various vibe coding platforms, AI agents, and other external chatbots that could have access to an organization’s data in some form. Verizon reported that 28 percent of data loss prevention policy violations involved employees entering source code into an AI tool, potentially exposing an organization’s intellectual property. In descending order of prevalence, staff were tossing images, structured data, documents, and PDFs into GenAI platforms as well. In 3.2 percent of cases, workers were uploading proprietary research and technical documentation. This should concern even the most bullish AI adopters, given the volume of potentially sensitive corporate data employees are feeding into unauthorized third-party AI services each day. Verizon said admins should be doing everything they can to prevent users from blindly trusting technology that is putting an increasing number of systems between this potentially sensitive data and the model itself, including by securing all enterprise asset configurations, and ensuring accounts and their permissions are tightly managed. The prevalence of shadow AI has given rise to new thinking around the matter, including by evolving the idea of software bill of materials (SBOMs) to AI-BOMs. You may have come across these already. Cisco open-sourced its AI-BOM earlier this year, for example, and more recently introduced a tool to track AI model provenance. Ian Swanson, VP of AI security products at Palo Alto Networks, told us the other week that AI-BOMs can also play an impactful role in helping incident responders deduce how cyberattacks play out in cases where the attackers use an organization’s own AI against it. AI-BOMs give defenders an idea of what any given AI system’s configurations were at a given time, allowing them to more easily see what changed and when. "If you had understanding of state and understanding of state changes, then you would be able to go back to an AI bill of materials and say: 'What system prompt was used within the ingredients to create the AI application?' And then see it's changed from a prior state to a new state. So we should probably check this and see if there's anything bad that's happening here," Swanson said. "And in that case, you'd be able to catch it." Bugs, bugs, bugs Away from the growing issue of shadow AI, Verizon said the exploitation of software vulnerabilities is once again the leading cause of security breaches, overtaking credential abuse, which is down 13 percent on last year’s results. Organizations’ patching habits aren’t doing much to help the cause here. The percentage of critical vulnerabilities from CISA’s Known Exploited Vulnerabilities (KEV) catalog that were fully remediated was down from 38 to 26 percent in 2025, for example. Verizon also said that the median time to full vulnerability resolution rose by nearly two weeks, from 32 days in 2024 to 43 days last year. That said, defenders have had their work cut out for them, with the number of critical vulnerabilities needing remediation increasing by 50 percent on average. Elsewhere, ransomware featured in nearly half of all breaches covered in the report. Forty-eight percent of them, to be exact, up slightly from 44 percent in the previous year’s dataset. Some bright news to end on, however: Verizon continues to see a downward trend in ransom payments being made – 69 percent of victims refused to pay, while the median ransom payment fell from $150,000 to $139,875. ®

Airbus has inaugurated new supercomputing infrastructure from Bull to help the firm develop future aircraft, but is being coy about revealing how powerful the overall system is. The European aerospace giant had already taken delivery of the hardware, spread across two sites – at Toulouse in December last year and Hamburg in April this year – but today (Tuesday) marks the official inauguration of the system, with 3x the performance of its previous supercomputer. That’s according to Bull, the high-performance compute biz the French state acquired from Atos a few months ago, as Airbus declined to put forward a spokesperson to answer our questions. The new system is based on a modular design, where kit was pre-assembled inside containers before being shipped to the Airbus sites. It is based on the firm’s BullSequana XH3000 rack infrastructure with a mix of compute blades configured with AMD’s Genoa and Turin versions of the Epyc processors, plus Nvidia GPU blades. Also part of the hardware manifest is IBM Spectrum Scale storage using Storage Scale System appliances from the firm, and the interconnect used is Nvidia’s InfiniBand NDR (Next Data Rate), supporting 400 Gbps per port. However, Bull wouldn’t tell us exactly how much of all this infrastructure it has delivered, as Airbus regards this as confidential information. What it did say is that the supercomputer is being supplied and supported on a “HPC-as-a-service” model, whereby Airbus is paying close to €100 million ($116 million) over five years for an all-inclusive deal. Bull is understood to have won this contract from HPE, which was the previous supplier to Airbus. “So Airbus was a long standing customer of HPE for around 24 years, and they were initiating a procurement to replace their existing system in order to get something like three times more performance of their existing systems, so they did a procurement, which is a classical HPC procurement, and we won on the price-performance agreement,” Bull’s head of HPC, AI and Quantum Computing Bruno Lecointe told The Register. While the hardware is located at two sites, Lecointe says they are connected to function as a single supercomputer, although workloads are not currently split across sites but run on one or the other, with a batch scheduler choosing which is the best based on the available resources. Airbus needed a more powerful supercomputer as it is expecting to use it for “digital twins,” whereby the helicopters and other aircraft it is developing will not only be designed using the system, but the entire airframe will also be simulated on the computer as well. One of the tools it is likely to be using is the CODA computational fluid dynamics (CFD) software, jointly developed by the German Aerospace Center (DLR), the French Aerospace Lab (ONERA), and Airbus itself. Lecointe hinted that Bull is also working with Airbus on some quantum and AI algorithms to meet its compute requirements, but this is “highly confidential.” The inauguration of this fully operational, multi-site supercomputing infrastructure comes just 14 months after contract signature, Lecointe boasted. The heat generated by the system will also be reused to supply neighboring buildings on the Airbus site. ®

If you use Drupal, get ready to patch without delay. The org behind the popular open source content management system is warning of a highly critical vulnerability in Drupal core that is serious enough for it to tell users ahead of Wednesday’s patch release to set aside time to install the fix immediately. The Drupal Security Team’s Monday PSA announcing the imminent patch for Drupal core doesn’t include any specifics, with the PSA noting that Drupal isn’t willing to share additional information until the announcement is made alongside the patch release. That, says Drupal, will happen at some point between 1700 and 2100 UTC on Wednesday, May 20. To reiterate, this vulnerability is found in Drupal core, the bare-bones version of Drupal designed for developers, and not Drupal CMS, the preconfigured version for those who want Drupal but don’t have coding skills. Drupal noted that sites using Drupal Steward, its paid web application firewall service, are protected against known attack vectors, though it still recommends Steward customers update their core instances in case additional exploit methods emerge. “The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” the advisory warns. Drupal also recommends users update to the latest supported release prior to Wednesday’s patch “so that you can address any other upgrade issues before the security window." While it won’t get specific on the nature of the vulnerability, Drupal did share its severity score based on NIST’s standard scoring methodology, and it’s not good: The bug scored 20 out of a max of 25 on that scale, as defined by Drupal’s own documentation. More specifically, it’s trivially easy to leverage, doesn’t require any privilege level to exploit, could make all non-public data on an affected site accessible to the attacker, and could allow an attacker to modify or delete whatever they wanted. The only two things preventing it from scoring a perfect 25/25 are the fact that a known exploit doesn’t exist yet and that it doesn’t affect all configurations, only those using “uncommon module configurations.” Drupal noted that security releases will be published on Wednesday for all currently supported core branches (11.3.x, 11.2.x, 10.6.x, and 10.5.x), as well as unsupported Drupal 11.1.x and 10.4.x branches for sites that have not yet upgraded from older 10.x and 11.x releases. Drupal users on 8.9 and 9.5 are also getting patches “given the potential severity of this issue,” though the advisory warns 8.9 and 9.5 users will need to install those updates manually, which “might introduce other bugs or regressions,” leading Drupal to recommend a full upgrade to a supported core branch. “Drupal 8 and 9 include numerous other, previously disclosed, security vulnerabilities that will not be addressed by either Drupal Steward or the best-effort patch files,” the advisory said. Drupal 7 users are safe. Given the fact that not all Drupal core environments will be affected, the advisory recommends all Drupal core users set aside time on Wednesday to determine whether they’re part of the vulnerable class, and take action immediately if so. Drupal’s security team didn’t respond to questions for this story. ®

Gartner has warned that SAP users adopting its AI agents could face spiraling costs as the vendor moves to a new commercial model. Last week, the German ERP giant announced plans for its Autonomous Enterprise, including an AI platform for building and governing a suite of agents that do business work. With the new platform comes a new commercial model in which SAP no longer charges according to how many users are authorized to access the platform, but by the value agents offer by completing "actions." SAP has confirmed to The Register that AI Unit purchases are estimated based on the expected number of "agent actions for an autonomous domain." The company promised to introduce "Autonomous Domain Blueprints" that would help estimate costs in so-called "T‑shirt size guidance" indicative of the customer's scale of deployment. However, a recent paper from Gartner warns: "Depending on how SAP defines an 'action,' the number of events incurring fees risks quickly spiraling upwards. This would lead to unexpectedly increased costs, especially if SAP continues to charge higher unit prices for AI Units used in excess of the customer’s contractual commitment, or if AI agents consume a digital access license. Moreover, the value a customer derives from an executed action might not match how SAP has priced that action." Victoria Rowan, Gartner senior principal analyst, is lead author of the report, "First Take: SAP Moves to Higher-Value-Based AI Pricing, but Potential Cautions Remain." The research outfit has promised to update its analysis as SAP publishes more details about its pricing model. It is also waiting for a response to a fact review from the company. SAP provides ERP (enterprise resource planning) systems that help run some of the world's largest companies, including Walmart and VW Group. Over the past five years, it has been trying to get customers to move to the cloud and off legacy software. More recently, it has made a big push for AI adoption. In its research, Gartner said users need to take care in how they cost AI adoption with SAP, which provides AI Units as a commercial metric. "The AI Units customers purchase are converted to the license metric of the particular SAP Premium AI services they consume. SAP's contracts give SAP the ability to alter the conversion factors, meaning SAP could end up charging more during the term and at the point of contractual renewal," the paper says. An SAP spokesperson said conversion rates were intended to reflect the usage of the applicable AI features. "Any changes to conversion rates would only take effect upon renewal for existing customers, as further described in the applicable AI Units order form." Gartner also pointed out that there was a lack of "clear definitions of how the customer-built agents' work will be measured." While this remains the case, "it will be difficult to predict and control runtime costs." The SAP spokesperson said the runtime metrics for Joule Studio – SAP's agent builder platform – had not yet been disclosed. Announcing SAP's Business AI platform last week, CEO Christian Klein promised customers could unlock new sources of revenue and make "meaningful cost savings." Gartner advises users thinking about adopting SAP's AI platform to review their existing contracts to check whether they have price-protection clauses for their SAP Cloud applications, such as S/4HANA. They should also get a baseline for the conversion of AI Units by obtaining a copy of the current SAP AI Services List from the SAP Trust Center and reviewing the current conversion factors. ®

Microsoft has rolled out another round of Surface for Business laptops starting at $1,499 and featuring Intel's latest mobile processors. The new Surface Pro for Business (12th Edition) and Surface Laptop for Business (8th Edition) refreshes, announced on Tuesday, are built around Intel’s latest Core Ultra Series 3 processors and Microsoft’s increasingly relentless Copilot+ PC push. Redmond HQ'd Microsoft is pitching the machines as enterprise-grade AI workhorses capable of running local AI models and Windows “AI experiences” without constantly leaning on the cloud. At the top end, the new 13-inch Surface Pro can be configured with up to 64 GB of RAM, 1 TB of removable SSD storage, optional OLED panels, and 5G connectivity. Microsoft says the onboard NPU can deliver up to 50 TOPS of AI processing performance for local Copilot features, image generation, transcription, and video enhancements. The new Surface Pro does not radically reinvent anything, sticking with the same kickstand-and-detachable-keyboard design Microsoft has been shipping for years. However, the company says the 13-inch PixelSense Flow display now supports HDR, adaptive color, a 120 Hz refresh rate, and up to 600 nits of brightness. The Surface Laptop line now comes in 13-inch, 13.8-inch, and 15-inch configurations, with Microsoft heavily emphasizing battery life, AI-assisted video calls, and hybrid work features. The devices include WiFi 7 support, multiple USB-C ports, haptic touchpads, and optional anti-glare privacy displays, designed to make shoulder-surfing slightly harder for the stranger sitting next to you on the train. Under the hood, the new Surface Laptops can be configured with Intel Core Ultra X7 processors, which Microsoft claims deliver up to 35 percent better graphics performance than Apple’s MacBook Air with M5 silicon and more than 90 percent faster performance than the older Surface Laptop 5. Those figures, naturally, come from Microsoft’s own testing. None of this comes particularly cheap. The new Surface Pro for Business starts at $1,949.99, while maxed-out configurations climb north of $3,000 – and that’s before you buy the keyboard add-on. Surface Laptop for Business systems are a bit less expensive, with the 13-inch model going for $1,499 and a model with 8 GB of RAM due out later this year for just $1,299. That lands barely a month after Microsoft quietly raised Surface pricing amid ongoing memory shortages and broader component cost pressures. Some Surface models jumped by several hundred pounds overnight as RAM pricing continued to spiral upward, driven by AI infrastructure demand outpacing memory supply across the industry. So far, the AI PC era appears to involve rather a lot of expensive laptops and considerably less evidence that customers were asking for them. ®