NerdNews

Microsoft has introduced two new 'reasoning agents' to its Microsoft 365 Copilot platform, designed to assist with research and analysis tasks. The Researcher agent can compile documents and reports, while the Analyst agent can help visualize data and generate Python code. These agents utilize OpenAI's deep research model and Microsoft Graph data to provide more accurate and context-aware results.

OpenAI has temporarily limited image generation requests for ChatGPT due to high demand, with CEO Sam Altman stating 'our GPUs are melting'. The company is working to increase efficiency and make image generation more accessible, but free users will be limited to generating up to three images per day.

GitHub Copilot's integration into Windows Terminal Canary introduces an AI-driven feature called Terminal Chat, enabling users to receive command suggestions and explanations directly within the terminal environment. This feature is accessible to all GitHub Copilot subscribers and can be managed through Group Policy settings.

Nvidia unveiled advancements in AI, GPUs, and quantum computing at GTC 2025, including the GeForce RTX 5090, Blackwell Ultra GB300 GPUs, and Nvidia Dynamo AI data center OS. The company also introduced new AI models, robotics technologies, and a roadmap for future GPUs.

OpenAI's new 4o Image Generation model is a powerful AI image generator that can create realistic images from text prompts. It is integrated into the ChatGPT interface and allows for conversational image editing. The model has improved text rendering and can analyze uploaded images to incorporate their details into new generations. However, it has limitations, such as struggling with non-Latin text fonts and dense charts. The technology has the potential to further erode trust in remotely produced media and may lead to new forms of media manipulation.

Chrome 135 introduces a customizable select element that can be styled with CSS, allowing for rich HTML content and improved accessibility. The new feature is the result of collaborative specification work and engineering efforts, and is designed to be compatible with older browsers. Developers can now customize the select element using CSS, and the feature is available behind a Finch experiment in case of emergency.

Garmin introduces Garmin Connect+, a paid tier with AI-powered features like personalized insights, performance dashboards, and training guidance. It costs $7/month or $70/year, competing with Strava's similar features at a lower price point.

Researchers found that GitHub's Copilot and Amazon's CodeWhisperer can be exploited to extract hard-coded secrets from their training data, posing a significant security risk. The study revealed that by crafting specific prompts, attackers can extract valid and operational secrets, including AWS Access Keys and GitHub OAuth Access Tokens.

GitHub Copilot, an AI-powered code completion tool, poses security and privacy concerns, including potential leakage of secrets and private code, insecure code suggestions, and poisoned data. To use Copilot safely, review code suggestions carefully, avoid using secrets in code, and tune Copilot's privacy settings.

The article discusses the rapid growth of AI coding tools, which are disrupting the software engineering industry. Companies like Cursor, Lovable, and Anthropic are experiencing explosive growth, with some reaching $1.4 billion in annualized revenue. However, the industry is also facing challenges like high churn rates and competition. The article highlights the importance of context and understanding how AI tools fit into existing workflows, and how this trend may impact other knowledge workers in the future.

A recent infostealer campaign has compromised 10 npm packages, targeting developers by stealing environment variables and other sensitive data. The malicious code was discovered in two obfuscated scripts and is found in packages such as 'country-currency-map' and '@keepkey/device-protocol'. The attack is believed to have been caused by poor npm maintainer account security, with the malicious code being introduced via updates to the packages.

Researchers discovered 46 vulnerabilities in solar inverters from leading manufacturers, which could be exploited to control devices, execute code remotely, or disrupt power grids. The vulnerabilities were found in products from Sungrow, Growatt, and SMA, and could potentially be used to hijack inverters, steal user data, or even hold devices for ransom. The manufacturers have patched the vulnerabilities, but the report highlights the potential risks to power grid stability and user privacy.

Google has developed an automated data tiering system called L4, which dramatically improves the performance of its storage systems by moving frequently accessed data from hard disk drives (HDDs) to solid state disks (SSDs). The system uses machine learning to decide which data to place on SSDs, resulting in improved IOPS and throughput. Google's Colossus universal storage platform, which underpins YouTube, Gmail, and other applications, has seen significant performance gains with L4.

Amazon GameLift Streams is a new managed service that enables developers to stream games directly to WebRTC-enabled browsers at up to 1080p and 60fps, providing near-instant gameplay for AAA, AA, and indie titles without downloads. The service simplifies game streaming by allowing developers to upload games built with various 3D engines to AWS, provision streaming capacity across six AWS Regions, and immediately begin streaming.

The UK's Information Commissioner's Office (ICO) has warned companies that they can expect hefty fines if they fail to implement multi-factor authentication (MFA). The warning comes after the ICO fined IT software provider Advanced £3.07m for a data breach that occurred due to a lack of MFA. The ICO's Deputy Commissioner, Stephen Bonner, stated that there is no excuse for not deploying MFA, and that the benefits far outweigh any costs. The ICO is keen to send a message to data processors about their security obligations, and has warned that bigger fines will come in the future if basic security controls are not implemented.

Nischal HP discusses the role of data credibility in combating greenwashing and enabling climate action. He shares how technology can create verifiable data on carbon sequestration, empowering farmers and corporations to participate in carbon markets. AI and machine learning models can predict agricultural practices and estimate carbon sequestration, helping to build a new economy based on sustainable development.

A cyber-crime ring called Arkana has allegedly stolen data from 403,000 customers of US cable operator WideOpenWest, including usernames, passwords, and credit card details. The group is demanding a ransom payment and has released a music video to prove the hack. The incident highlights the growing threat of ransomware attacks and the need for organizations to prioritize info-stealer monitoring.

China's FamousSparrow hacking group has resurfaced after a period of inactivity, compromising a US financial-sector trade group and a Mexican research institute. The group used a previously unknown exploit to deploy a webshell backdoor and gain access to the organizations' networks. They also developed two new versions of their custom SparrowDoor backdoor, which contains significant code overlaps with the older version. The group's activities have been linked to China-aligned APT groups, but researchers believe they are a distinct cluster.

Resecurity, a cybersecurity vendor, has broken into the infrastructure of the BlackLock ransomware gang, gathering data and passing it to national agencies to help victims. The gang's website was shuttered after Resecurity found a vulnerability in its TOR-based data leak site and exploited a Local File Include (LFI) vulnerability to gather server-side data. The breach revealed the gang's reliance on the clearnet file-sharing platform Mega and exposed a history of commands entered by one of the gang's main operators.

The UK's Information Commissioner's Office (ICO) has fined Advanced Computer Software Group £3.07 million for a ransomware attack that affected NHS care. The attack, carried out by the Russian-speaking LockBit gang, stole data including instructions on how to enter vulnerable people's homes. The ICO cited gaps in multi-factor authentication, vulnerability scanning, and patch management as the primary facilitators of the attack.