Microsoft Fabric IQ adds ‘semantic intelligence’ layer to Fabric
With Fabric IQ, Microsoft is adding new semantic intelligence capabilities to its unified data and analytics platform, Fabric, that it says will help enterprises maintain a common data model and automate operational decisions. We’ll be hearing a lot more about “IQ” from Microsoft, which has also just introduced Work IQ, the semantic intelligence layer for […]
Read More
Do you really need all those GPUs?
For years, the narrative around artificial intelligence has centered on GPUs (graphics processing units) and their compute power. Companies have readily embraced the idea that expensive, state-of-the-art GPUs are essential for training and running AI models. Public cloud providers and hardware manufacturers have promoted this belief, marketing newer, more powerful chips as crucial for remaining […]
Read More
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
The final payload (BeaverTail) showed previously seen capabilities, including “usage of Axioms as embedded HTTP client, enumeration and exfiltration of system information, searching browser profiles and extension directories for sensitive data, and searching for and exfiltrating Word documents, PDF files, screenshots, secret files, files containing environment variables, and other sensitive files such as the logged-in […]
Read More
Red Hat Linux bolsters AI assistance
Also with the new RHEL releases, Red Hat users now can more easily install validated drivers for leading AI accelerators from AMD, Intel, and Nvidia. This move will have RHEL delivering validated drivers to provide a secure foundation for emerging, mission-critical workloads, helping to reduce bottlenecks and accelerate the AI/ML life cycle, Red Hat said. […]
Read More
Worm flooding npm registry with token stealers still isn’t under control
A coordinated token farming campaign continues to flood the open source npm registry, with tens of thousands of infected packages created almost daily to steal tokens from unsuspecting developers using the Tea Protocol to reward coding work. On Thursday, researchers at Amazon said there were over 150,000 packages in the campaign. But in an interview […]
Read More
Copy-paste vulnerability hits AI inference frameworks at Meta, Nvidia, and Microsoft
Why this matters for AI infrastructure The vulnerable inference servers form the backbone of many enterprise-grade AI stacks, processing sensitive prompts, model weights, and customer data. Oligo reported identifying thousands of exposed ZeroMQ sockets on the public internet, some tied to these inference clusters. If exploited, an attacker could execute arbitrary code on GPU clusters, […]
Read More
Databricks fires back at Snowflake with SQL-based AI document parsing
According to analysts, Databricks and Snowflake’s offerings would help enterprises cut down the complexity of workflows required to analyze unstructured data, especially documents. Enterprises, historically, have had to build complex, slow, brittle OCR pipelines if they want to bring data from documents, such as PDFs, into an AI workflow, resulting in the culmination of RAG, […]
Read More
Malicious npm package sneaks into GitHub Actions builds
Lessons in defense Barr pointed out that higher privileges in CI/CD pipelines make them an ideal target. Attackers who compromise a build runner can inject code at the source, sign releases with legitimate credentials, or push authentic-looking artifacts. Mitigations, Cipot recommended, would include short-lived, scoped tokens with regular secret rotations. Automated scanning for suspicious packages […]
Read More
Snowflake to acquire Datometry to bolster its automated migration tools
“SnowConvert AI excels at static code conversion, but it still requires code extraction and re‑insertion. Hyper‑Q complements this with on‑the‑fly translation to tackle dynamic constructs and application‑embedded SQL that converters often miss,” Dai said. Seconding Dai, Pareekh Jain, senior analyst at Jain Consulting, pointed out that this acquisition could help Snowflake differentiate itself from rivals […]
Read More
Runtime bugs break container walls, enabling root on Docker hosts
Console and Write-Gadget Lurkers: CVE-2025-52565 & CVE-2025-52881 The second vulnerability, tracked as CVE-2025-52565, targets “/dev/console” bind-mount handling. An attacker can replace the target path with a symlink, which will cause runc to bind-mount the wrong target, allowing the attacker to gain write access to procfs paths. “As with CVE-2025-31133, this happens after pivot_root(2) and so cannot […]
Read More