Google Cloud developer billed thousands despite automated account hijack warning
A developer faced over $11,000 in fraudulent charges after a compromised Firebase service account key triggered massive Gemini AI image-generation activity. Although Google’s automated systems suspended the account for abusive activity consistent with a hijack, the company’s billing department refused to waive the debt. The victim followed all recommended remediation steps, yet remains financially liable for the usage that occurred during the 48-hour breach.
Source
👉@sysadminoff
https://4sysops.com/archives/google-cloud-developer-billed-thousands-despite-automated-account-hijack-warning/
A developer faced over $11,000 in fraudulent charges after a compromised Firebase service account key triggered massive Gemini AI image-generation activity. Although Google’s automated systems suspended the account for abusive activity consistent with a hijack, the company’s billing department refused to waive the debt. The victim followed all recommended remediation steps, yet remains financially liable for the usage that occurred during the 48-hour breach.
Source
👉@sysadminoff
https://4sysops.com/archives/google-cloud-developer-billed-thousands-despite-automated-account-hijack-warning/
Anthropic Claude Fable 5 intelligence disappoints
Anthropic has redeployed its flagship Claude Fable 5 model following a regulatory suspension, but users report a significant decline in practical utility. While the underlying model remains unchanged, aggressive new safety classifiers frequently block legitimate requests to prevent potential cybersecurity exploits. These restrictions are particularly disruptive for systems-level development, as the system often triggers a fallback to the less capable Claude Opus 4.8 model when encountering technical keywords.
Source
👉@sysadminoff
https://4sysops.com/archives/anthropic-claude-fable-5-intelligence-disappoints/
Anthropic has redeployed its flagship Claude Fable 5 model following a regulatory suspension, but users report a significant decline in practical utility. While the underlying model remains unchanged, aggressive new safety classifiers frequently block legitimate requests to prevent potential cybersecurity exploits. These restrictions are particularly disruptive for systems-level development, as the system often triggers a fallback to the less capable Claude Opus 4.8 model when encountering technical keywords.
Source
👉@sysadminoff
https://4sysops.com/archives/anthropic-claude-fable-5-intelligence-disappoints/
Fine-tuned models beat frontier models in Bridgewater finance tests
Bridgewater Associates and Thinking Machines Lab developed a specialized AI model that outperforms frontier systems like GPT-4, Claude, and Gemini on financial tasks. While general-purpose models initially achieved only 50% accuracy on document filtering, the custom solution reached 84.7% accuracy. This performance gap exists because the nuanced judgment required for financial triage relies on proprietary expert data rather than public information.
Source
👉@sysadminoff
https://4sysops.com/archives/fine-tuned-models-beat-frontier-models-in-bridgewater-finance-tests/
Bridgewater Associates and Thinking Machines Lab developed a specialized AI model that outperforms frontier systems like GPT-4, Claude, and Gemini on financial tasks. While general-purpose models initially achieved only 50% accuracy on document filtering, the custom solution reached 84.7% accuracy. This performance gap exists because the nuanced judgment required for financial triage relies on proprietary expert data rather than public information.
Source
👉@sysadminoff
https://4sysops.com/archives/fine-tuned-models-beat-frontier-models-in-bridgewater-finance-tests/
📰 Ubuntu 26.04 LTS has fixed its missing video/audio thumbnails
If you installed Ubuntu 26.04 LTS and noticed video and music files weren’t showing image thumbnails in the file manager, a packaging oversight was to blame, not anything you did. It turns out that Ubuntu’s Default install option (aka minimal install) wasn’t pulling in the gst-audio-thumbnailer and gst-video-thumbnailer packages which generate media thumbnails when you open a folder full of compatible files.
🔗 Source:
#ubuntu
👉@sysadminoff
https://www.omgubuntu.co.uk/2026/07/ubuntu-2604-video-audio-thumbnails-fix
If you installed Ubuntu 26.04 LTS and noticed video and music files weren’t showing image thumbnails in the file manager, a packaging oversight was to blame, not anything you did. It turns out that Ubuntu’s Default install option (aka minimal install) wasn’t pulling in the gst-audio-thumbnailer and gst-video-thumbnailer packages which generate media thumbnails when you open a folder full of compatible files.
🔗 Source:
#ubuntu
👉@sysadminoff
https://www.omgubuntu.co.uk/2026/07/ubuntu-2604-video-audio-thumbnails-fix
OMG! Ubuntu
Ubuntu 26.04 LTS has fixed its missing video/audio thumbnails
If you installed Ubuntu 26.04 LTS and noticed video and music files weren't showing image thumbnails in the file manager, a packaging oversight was to
Industrialized ransomware alliance targets software supply chains and developers
The Vect ransomware group and the TeamPCP cybercriminal collective have formed a strategic partnership to industrialize the deployment of ransomware. This collaboration combines TeamPCP’s large-scale credential harvesting from software supply chains with Vect’s established ransomware-as-a-service infrastructure. Security researchers warn that this business-like model significantly lowers the barrier to entry for cybercriminals by automating complex attack pipelines.
Source
👉@sysadminoff
https://4sysops.com/archives/industrialized-ransomware-alliance-targets-software-supply-chains-and-developers/
The Vect ransomware group and the TeamPCP cybercriminal collective have formed a strategic partnership to industrialize the deployment of ransomware. This collaboration combines TeamPCP’s large-scale credential harvesting from software supply chains with Vect’s established ransomware-as-a-service infrastructure. Security researchers warn that this business-like model significantly lowers the barrier to entry for cybercriminals by automating complex attack pipelines.
Source
👉@sysadminoff
https://4sysops.com/archives/industrialized-ransomware-alliance-targets-software-supply-chains-and-developers/
📰 Calibre 9.11 E-Book Manager Adds Support for Exporting Annotations as HTML Pages
Calibre 9.11 open-source e-book manager is now available for download with support for exporting annotations as a standalone web page in the HTML format and other changes.
🔗 Source: https://9to5linux.com/calibre-9-11-e-book-manager-adds-support-for-exporting-annotations-as-html-pages
#opensource
👉@sysadminoff
Calibre 9.11 open-source e-book manager is now available for download with support for exporting annotations as a standalone web page in the HTML format and other changes.
🔗 Source: https://9to5linux.com/calibre-9-11-e-book-manager-adds-support-for-exporting-annotations-as-html-pages
#opensource
👉@sysadminoff
Microsoft launches native orchestrated cross-tenant data migration for M365
Microsoft has introduced a native orchestrated user data migration tool to simplify transitions during corporate mergers, acquisitions, and restructurings. This new capability allows administrators to move Exchange mailboxes, OneDrive files, Teams chats, and Teams meetings through a single unified workflow. By utilizing Graph APIs, organizations can now avoid the risks associated with fragmented third-party point tools and manual PowerShell scripts.
Source
👉@sysadminoff
https://4sysops.com/archives/microsoft-launches-native-orchestrated-cross-tenant-data-migration-for-m365/
Microsoft has introduced a native orchestrated user data migration tool to simplify transitions during corporate mergers, acquisitions, and restructurings. This new capability allows administrators to move Exchange mailboxes, OneDrive files, Teams chats, and Teams meetings through a single unified workflow. By utilizing Graph APIs, organizations can now avoid the risks associated with fragmented third-party point tools and manual PowerShell scripts.
Source
👉@sysadminoff
https://4sysops.com/archives/microsoft-launches-native-orchestrated-cross-tenant-data-migration-for-m365/
📰 Valve fixed Diablo IV on Linux / SteamOS via Proton Hotfix
Blizzard broke Diablo IV on Linux / SteamOS machines with the Season 14 update, but Valve have now fixed it themselves in Proton Hotfix.Read the full article on GamingOnLinux.
🔗 Source:
#linux #proton
👉@sysadminoff
https://www.gamingonlinux.com/2026/07/valve-fixed-diablo-iv-on-linux-steamos-via-proton-hotfix/
Blizzard broke Diablo IV on Linux / SteamOS machines with the Season 14 update, but Valve have now fixed it themselves in Proton Hotfix.Read the full article on GamingOnLinux.
🔗 Source:
#linux #proton
👉@sysadminoff
https://www.gamingonlinux.com/2026/07/valve-fixed-diablo-iv-on-linux-steamos-via-proton-hotfix/
GamingOnLinux
Valve fixed Diablo IV on Linux / SteamOS via Proton Hotfix
Blizzard broke Diablo IV on Linux / SteamOS machines with the Season 14 update, but Valve have now fixed it themselves in Proton Hotfix.
Уязвимость в пакетном менеджере Guix, допускающая удалённое выполнение кода в системе
В пакетном менеджере Guix выявлены уязвимости (CVE не назначены) в реализации внутренней команды "guix substitute", автоматически вызываемой фоновым процессом guix-daemon при выполнении операций установки пакетов. Команда применяется для загрузки уже собранных бинарных пакетов с внешних серверов с проверкой их целостности при помощи цифровой подписи. Наиболее опасная уязвимость позволяет удалённо организовать выполнение кода на системе пользователя с правами под которыми выполняется фоновый процесс guix-daemon.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65837
В пакетном менеджере Guix выявлены уязвимости (CVE не назначены) в реализации внутренней команды "guix substitute", автоматически вызываемой фоновым процессом guix-daemon при выполнении операций установки пакетов. Команда применяется для загрузки уже собранных бинарных пакетов с внешних серверов с проверкой их целостности при помощи цифровой подписи. Наиболее опасная уязвимость позволяет удалённо организовать выполнение кода на системе пользователя с правами под которыми выполняется фоновый процесс guix-daemon.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65837
📰 Linux Preparing To Retire Its 32-bit MSR Interfaces
Currently measuring in at 32 patches, SUSE engineer Juergen Gross has been leading the effort to end the Linux kernel's usage of their 32-bit model specific register (MSR) interfaces so the more modern 64-bit interfaces can be exclusively used. This allows for better code unification and cleaning up the MSR code...
🔗 Source:
#kernel #linux
👉@sysadminoff
https://www.phoronix.com/news/Linux-Ending-32-bit-MSR-Work
Currently measuring in at 32 patches, SUSE engineer Juergen Gross has been leading the effort to end the Linux kernel's usage of their 32-bit model specific register (MSR) interfaces so the more modern 64-bit interfaces can be exclusively used. This allows for better code unification and cleaning up the MSR code...
🔗 Source:
#kernel #linux
👉@sysadminoff
https://www.phoronix.com/news/Linux-Ending-32-bit-MSR-Work
Phoronix
Linux Preparing To Retire Its 32-bit MSR Interfaces
Currently measuring in at 32 patches, SUSE engineer Juergen Gross has been leading the effort to end the Linux kernel's usage of their 32-bit model specific register (MSR) interfaces so the more modern 64-bit interfaces can be exclusively used
📰 Valve open source the Steam Machine e-ink screen so you can make your own
While Valve will not be making and providing their own e-ink display for the Steam Machine, they have opened it up so anyone can now do it.Read the full article on GamingOnLinux.
🔗 Source:
#opensource #steam
👉@sysadminoff
https://www.gamingonlinux.com/2026/07/valve-open-source-the-steam-machine-e-ink-screen-so-you-can-make-your-own/
While Valve will not be making and providing their own e-ink display for the Steam Machine, they have opened it up so anyone can now do it.Read the full article on GamingOnLinux.
🔗 Source:
#opensource #steam
👉@sysadminoff
https://www.gamingonlinux.com/2026/07/valve-open-source-the-steam-machine-e-ink-screen-so-you-can-make-your-own/
GamingOnLinux
Valve open source the Steam Machine e-ink screen so you can make your own
While Valve will not be making and providing their own e-ink display for the Steam Machine, they have opened it up so anyone can now do it.
Snap Store will be down for maintenance this weekend
Canonical’s Snap Store will be shutting down for database maintenance this weekend, meaning users won’t be able to install or update snap software until it’s back online. The planned downtime starts on Sunday, 5 July 2026 at 22:00 UTC and is expected to last for four hours, coming back online on Monday, 6 July at 02:00 UTC. During the maintenance you will not be able to install or update snaps. If there’s a snap app you’ve been wanting to try, or your IoT or core device runs automated tasks during the affected window, you’ll need to plan accordingly To make […]
You're reading Snap Store will be down for maintenance this weekend, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.
👉@sysadminoff
https://www.omgubuntu.co.uk/2026/07/snap-store-offline-july-2026
Canonical’s Snap Store will be shutting down for database maintenance this weekend, meaning users won’t be able to install or update snap software until it’s back online. The planned downtime starts on Sunday, 5 July 2026 at 22:00 UTC and is expected to last for four hours, coming back online on Monday, 6 July at 02:00 UTC. During the maintenance you will not be able to install or update snaps. If there’s a snap app you’ve been wanting to try, or your IoT or core device runs automated tasks during the affected window, you’ll need to plan accordingly To make […]
You're reading Snap Store will be down for maintenance this weekend, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.
👉@sysadminoff
https://www.omgubuntu.co.uk/2026/07/snap-store-offline-july-2026
📰 NVIDIA VR-NVL BMC Device Tree Being Upstreamed For OpenBMC Support
NVIDIA's latest Linux kernel mailing list patches are for providing the Device Tree for the baseboard management controller (BMC) of their Vera Rubin VR-NVL server platform. With the Linux kernel patches and also for U-Boot, it's part of the upstreaming effort for supporting the open-source OpenBMC software on their latest hardware...
🔗 Source:
#kernel #linux #opensource
👉@sysadminoff
https://www.phoronix.com/news/NVIDIA-VR-NVL-BMC-DT
NVIDIA's latest Linux kernel mailing list patches are for providing the Device Tree for the baseboard management controller (BMC) of their Vera Rubin VR-NVL server platform. With the Linux kernel patches and also for U-Boot, it's part of the upstreaming effort for supporting the open-source OpenBMC software on their latest hardware...
🔗 Source:
#kernel #linux #opensource
👉@sysadminoff
https://www.phoronix.com/news/NVIDIA-VR-NVL-BMC-DT
Phoronix
NVIDIA VR-NVL BMC Device Tree Being Upstreamed For OpenBMC Support
NVIDIA's latest Linux kernel mailing list patches are for providing the Device Tree for the baseboard management controller (BMC) of their Vera Rubin VR-NVL server platform
📰 ClamAV 1.5.3 Open-Source Antivirus Fixes Multiple Security Vulnerabilities
ClamAV 1.5.3 open-source antivirus engine released with fixes for multiple security vulnerabilities affecting file parsing, archive scanning, and executable unpacking.
🔗 Source:
#opensource
👉@sysadminoff
https://linuxiac.com/clamav-1-5-3-open-source-antivirus-fixes-multiple-security-vulnerabilities/
ClamAV 1.5.3 open-source antivirus engine released with fixes for multiple security vulnerabilities affecting file parsing, archive scanning, and executable unpacking.
🔗 Source:
#opensource
👉@sysadminoff
https://linuxiac.com/clamav-1-5-3-open-source-antivirus-fixes-multiple-security-vulnerabilities/
Linuxiac
ClamAV 1.5.3 Open-Source Antivirus Fixes Multiple Security Vulnerabilities
ClamAV 1.5.3 open-source antivirus engine released with fixes for multiple security vulnerabilities affecting file parsing, archive scanning, and executable unpacking.
Microsoft sets retirement dates for legacy SharePoint tools and event receivers
Microsoft is retiring several legacy SharePoint Online components to modernize its extensibility platform and align with current security standards. SharePoint Designer 2013 and InfoPath 2013 will both reach the end of support on July 14, 2026. After this deadline, these tools will no longer receive security updates and will be phased out across all Microsoft 365 environments.
Source
👉@sysadminoff
https://4sysops.com/archives/microsoft-sets-retirement-dates-for-legacy-sharepoint-tools-and-event-receivers/
Microsoft is retiring several legacy SharePoint Online components to modernize its extensibility platform and align with current security standards. SharePoint Designer 2013 and InfoPath 2013 will both reach the end of support on July 14, 2026. After this deadline, these tools will no longer receive security updates and will be phased out across all Microsoft 365 environments.
Source
👉@sysadminoff
https://4sysops.com/archives/microsoft-sets-retirement-dates-for-legacy-sharepoint-tools-and-event-receivers/
Dynamic thresholds for log search alerts in Azure Monitor
Microsoft announced general availability of dynamic thresholds for log search alerts in Azure Monitor on June 16, 2026. This feature uses machine learning to learn normal behavior from your historical log query results and automatically calculates alert thresholds, eliminating the need to configure and maintain static limits manually. The feature detects seasonal patterns such as hourly, daily, and weekly variations, and adapts as your environment changes. Dynamic thresholds are available at no additional cost beyond the standard log search alert rule rate.
Source
👉@sysadminoff
https://4sysops.com/archives/dynamic-thresholds-for-log-search-alerts-in-azure-monitor/
Microsoft announced general availability of dynamic thresholds for log search alerts in Azure Monitor on June 16, 2026. This feature uses machine learning to learn normal behavior from your historical log query results and automatically calculates alert thresholds, eliminating the need to configure and maintain static limits manually. The feature detects seasonal patterns such as hourly, daily, and weekly variations, and adapts as your environment changes. Dynamic thresholds are available at no additional cost beyond the standard log search alert rule rate.
Source
👉@sysadminoff
https://4sysops.com/archives/dynamic-thresholds-for-log-search-alerts-in-azure-monitor/
В Fedora приостановлена деятельность "Community Initiatives"
Управляющий совет проекта Fedora (Fedora Council) объявил о приостановке деятельности процесса Community Initiatives, созданного для реализации в дистрибутиве крупных долгосрочных проектов, внедрение которых не укладывается в рамки шестимесячного цикла подготовки релизов Fedora Linux. Предполагалось, что Community Initiatives направит усилия сообщества на реализацию крупных идей, а также позволит получить необходимые ресурсы и поддержку от управляющего совета. Проекты, уже запущенные в рамках процесса Community Initiatives, такие как Fedora Forge, Atomic и Fedora Docs 2026, продолжат работу при полной поддержке управляющего совета и будут доведены до конца в соответствии с намеченным планом.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65838
Управляющий совет проекта Fedora (Fedora Council) объявил о приостановке деятельности процесса Community Initiatives, созданного для реализации в дистрибутиве крупных долгосрочных проектов, внедрение которых не укладывается в рамки шестимесячного цикла подготовки релизов Fedora Linux. Предполагалось, что Community Initiatives направит усилия сообщества на реализацию крупных идей, а также позволит получить необходимые ресурсы и поддержку от управляющего совета. Проекты, уже запущенные в рамках процесса Community Initiatives, такие как Fedora Forge, Atomic и Fedora Docs 2026, продолжат работу при полной поддержке управляющего совета и будут доведены до конца в соответствии с намеченным планом.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65838
Alibaba bans Anthropic Claude Code over hidden spyware
Alibaba has prohibited its employees from using Anthropic's Claude Code in workplace environments starting July 10, citing security concerns. An internal notice classified the AI coding tool as "high-risk software" due to alleged backdoor risks. The ban requires staff to switch to domestic alternatives like Alibaba's own Qoder platform.
Source
👉@sysadminoff
https://4sysops.com/archives/alibaba-bans-anthropic-claude-code-over-hidden-spyware/
Alibaba has prohibited its employees from using Anthropic's Claude Code in workplace environments starting July 10, citing security concerns. An internal notice classified the AI coding tool as "high-risk software" due to alleged backdoor risks. The ban requires staff to switch to domestic alternatives like Alibaba's own Qoder platform.
Source
👉@sysadminoff
https://4sysops.com/archives/alibaba-bans-anthropic-claude-code-over-hidden-spyware/
📰 Rust Coreutils cp Ended Up Breaking Ubuntu Image Builds With Latest Incompatibility
While the Rust Coreutils offers better memory safety than GNU Coreutils due to being written in the Rust programming language, subtle incompatibilities continue to be spotted in the Rust Coreutils implementations of the different commands. The latest coming to light this week was the Rust Coreutils cp command breaking Ubuntu image builds due to differences in argument handling...
🔗 Source:
#gnu #ubuntu
👉@sysadminoff
https://www.phoronix.com/news/Rust-Coreutils-cp-Ubuntu-Images
While the Rust Coreutils offers better memory safety than GNU Coreutils due to being written in the Rust programming language, subtle incompatibilities continue to be spotted in the Rust Coreutils implementations of the different commands. The latest coming to light this week was the Rust Coreutils cp command breaking Ubuntu image builds due to differences in argument handling...
🔗 Source:
#gnu #ubuntu
👉@sysadminoff
https://www.phoronix.com/news/Rust-Coreutils-cp-Ubuntu-Images
Phoronix
Rust Coreutils cp Ended Up Breaking Ubuntu Image Builds With Latest Incompatibility
While the Rust Coreutils offers better memory safety than GNU Coreutils due to being written in the Rust programming language, subtle incompatibilities continue to be spotted in the Rust Coreutils implementations of the different commands
📰 Linux Tops 2026 CVE Charts, Greg KH Says That’s a Good Thing
Greg Kroah-Hartman says Linux leads CVE counts for the first half of 2026, arguing the numbers reflect responsible reporting, not poor security.
🔗 Source:
#linux
👉@sysadminoff
https://linuxiac.com/linux-tops-2026-cve-charts/
Greg Kroah-Hartman says Linux leads CVE counts for the first half of 2026, arguing the numbers reflect responsible reporting, not poor security.
🔗 Source:
#linux
👉@sysadminoff
https://linuxiac.com/linux-tops-2026-cve-charts/
Linuxiac
Linux Tops 2026 CVE Charts, Greg KH Says That’s a Good Thing
Greg Kroah-Hartman says Linux leads CVE counts for the first half of 2026, arguing the numbers reflect responsible reporting, not poor security.