An anonymous reader shares a report: Microsoft's business-oriented "Link" mini-desktop PC, which connects directly to the company's Windows 365 cloud service, is now available to buy for $349.99 in the US and in several other countries. Windows 365 Link, which was announced last November, is a device that is more easily manageable by IT departments than a typical computer while also reducing the needs of hands on support.

Microsoft has pulled back on data center projects around the world, suggesting the company is taking a harder look at its plans to build the server farms powering artificial intelligence and the cloud. From a report: The software company has recently halted talks for, or delayed development of, sites in Indonesia, the UK, Australia, Illinois, North Dakota and Wisconsin, according to people familiar with the situation. Microsoft is widely seen as a leader in commercializing AI services, largely thanks to its close partnership with OpenAI. Investors closely track Microsoft's spending plans to get a sense of long-term customer demand for cloud and AI services.

It's hard to know how much of the company's data center pullback reflects expectations of diminished demand versus temporary construction challenges, such as shortages of power and building materials. Some investors have interpreted signs of retrenchment as an indication that projected purchases of AI services don't justify Microsoft's massive outlays on server farms. Those concerns have weighed on global tech stocks in recent weeks, particularly chipmakers like Nvidia which suck up a significant share of data center budgets.

An anonymous reader quotes a report from TechCrunch: Anthropic announced on Wednesday that it's launching a new Claude for Education tier, an answer to OpenAI's ChatGPT Edu plan. The new tier is aimed at higher education, and gives students, faculty, and other staff access to Anthropic's AI chatbot, Claude, with a few additional capabilities. One piece of Claude for Education is "Learning Mode," a new feature within Claude Projects to help students develop their own critical thinking skills, rather than simply obtain answers to questions. With Learning Mode enabled, Claude will ask questions to test understanding, highlight fundamental principles behind specific problems, and provide potentially useful templates for research papers, outlines, and study guides.

Anthropic says Claude for Education comes with its standard chat interface, as well as "enterprise-grade" security and privacy controls. In a press release shared with TechCrunch ahead of launch, Anthropic said university administrators can use Claude to analyze enrollment trends and automate repetitive email responses to common inquiries. Meanwhile, students can use Claude for Education in their studies, the company suggested, such as working through calculus problems with step-by-step guidance from the AI chatbot. To help universities integrate Claude into their systems, Anthropic says it's partnering with the company Instructure, which offers the popular education software platform Canvas. The AI startup is also teaming up with Internet2, a nonprofit organization that delivers cloud solutions for colleges.

Anthropic says that it has already struck "full campus agreements" with Northeastern University, the London School of Economics and Political Science, and Champlain College to make Claude for Education available to all students. Northeastern is a design partner -- Anthropic says it's working with the institution's students, faculty, and staff to build best practices for AI integration, AI-powered education tools, and frameworks. Anthropic hopes to strike more of these contracts, in part through new student ambassador and AI "builder" programs, to capitalize on the growing number of students using AI in their studies.

Microsoft is pushing businesses to shift away from perpetual Office licenses to Microsoft 365 subscriptions, citing collaboration limitations and rising IT costs associated with standalone software. "You may have started noticing limitations," Microsoft says in a post. "Your apps are stuck on your desktop, limiting productivity anytime you're away from your office. You can't easily access your files or collaborate when working remotely."

In its pitch, the Windows-maker says Microsoft 365 includes Office applications as well as security features, AI tools, and cloud storage. The post cites a Microsoft-commissioned Forrester study that claims the subscription model delivers "223% ROI over three years, with a payback period of less than six months" and "over $500,000 in benefits over three years."

Cloud providers like the security of running things in virtual machines "at scale" — even though VMs "are not known for having fast cold starts or a small footprint..." noted Microsoft's Open Source blog last November. So Microsoft's Azure Core Upstream team built an open source Rust library called Hyperlight "to execute functions as fast as possible while isolating those functions within a VM."

But that was just the beginning... Then, we showed how to run Rust functions really, really fast, followed by using C to [securely] run Javascript. In February 2025, the Cloud Native Computing Foundation (CNCF) voted to onboard Hyperlight into their Sandbox program [for early-stage projects].

[This week] we're announcing the release of Hyperlight Wasm: a Hyperlight virtual machine "micro-guest" that can run wasm component workloads written in many programming languages...

Traditional virtual machines do a lot of work to be able to run programs. Not only do they have to load an entire operating system, they also boot up the virtual devices that the operating system depends on. Hyperlight is fast because it doesn't do that work; all it exposes to its VM guests is a linear slice of memory and a CPU. No virtual devices. No operating system. But this speed comes at the cost of compatibility. Chances are that your current production application expects a Linux operating system running on the x86-64 architecture (hardware), not a bare linear slice of memory...

[B]uilding Hyperlight with a WebAssembly runtime — wasmtime — enables any programming language to execute in a protected Hyperlight micro-VM without any prior knowledge of Hyperlight at all. As far as program authors are concerned, they're just compiling for the wasm32-wasip2 target... Executing workloads in the Hyperlight Wasm guest isn't just possible for compiled languages like C, Go, and Rust, but also for interpreted languages like Python, JavaScript, and C#. The trick here, much like with containers, is to also include a language runtime as part of the image... Programming languages, runtimes, application platforms, and cloud providers are all starting to offer rich experiences for WebAssembly out of the box. If we do things right, you will never need to think about whether your application is running inside of a Hyperlight Micro-VM in Azure. You may never know your workload is executing in a Hyperlight Micro VM. And that's a good thing.
While a traditional virtual-device-based VM takes about 125 milliseconds to load, "When the Hyperlight VMM creates a new VM, all it needs do to is create a new slice of memory and load the VM guest, which in turn loads the wasm workload. This takes about 1-2 milliseconds today, and work is happening to bring that number to be less than 1 millisecond in the future."

And there's also double security due to Wasmtime's software-defined runtime sandbox within Hyperlight's larger VM...

An anonymous reader shared this report from BleepingComputer: Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components. The issues allow local unprivileged users to create user namespaces with full administrative capabilities and impact Ubuntu versions 23.10, where unprivileged user namespaces restrictions are enabled, and 24.04 which has them active by default...

Ubuntu added AppArmor-based restrictions in version 23.10 and enabled them by default in 24.04 to limit the risk of namespace misuse. Researchers at cloud security and compliance company Qualys found that these restrictions can be bypassed in three different ways... The researchers note that these bypasses are dangerous when combined with kernel-related vulnerabilities, and they are not enough to obtain complete control of the system... Qualys notified the Ubuntu security team of their findings on January 15 and agreed to a coordinated release. However, the busybox bypass was discovered independently by vulnerability researcher Roddux, who published the details on March 21.

Canonical, the organization behind Ubuntu Linux, has acknowledged Qualys' findings and confirmed to BleepingComputer that they are developing improvements to the AppArmor protections. A spokesperson told us that they are not treating these findings as vulnerabilities per se but as limitations of a defense-in-depth mechanism. Hence, protections will be released according to standard release schedules and not as urgent security fixes.
Canonical shared hardening steps that administrators should consider in a bulletin published on their official "Ubuntu Discourse" discussion forum.

A breach of legacy Cerner servers at Oracle Health exposed patient data from multiple U.S. hospitals and healthcare organizations, with threat actors using compromised customer credentials to steal the data before it had been migrated to Oracle Cloud. Despite confirming the breach privately, Oracle Health has yet to publicly acknowledge the incident. BleepingComputer reports: Oracle Health, formerly known as Cerner, is a healthcare software-as-a-service (SaaS) company offering Electronic Health Records (EHR) and business operations systems to hospitals and healthcare organizations. After being acquired by Oracle in 2022, Cerner was merged into Oracle Health, with its systems migrated to Oracle Cloud. In a notice sent to impacted customers and seen by BleepingComputer, Oracle Health said it became aware of a breach of legacy Cerner data migration servers on February 20, 2025.

"We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud," reads a notification sent to impacted Oracle Health customers. Oracle says that the threat actor used compromised customer credentials to breach the servers sometime after January 22, 2025, and copied data to a remote server. This stolen data "may" have included patient information from electronic health records. However, multiple sources told BleepingComputer that it was confirmed that patient data was stolen during the attack.

Oracle Health is also telling hospitals that they will not notify patients directly and that it is their responsibility to determine if the stolen data violates HIPAA laws and whether they are required to send notifications. However, the company says they will help identify impacted individuals and provide templates to help with notifications.

The Register: Following our report last week on IBM's ongoing layoffs, current and former employees got in touch to confirm what many suspected: The US cuts run deeper than reported, and the jobs are heading to India. IBM's own careers site numbers back that up. On January 7, 2024, Big Blue listed just 173 open positions in India. On November 23, 2024, there were 2,946 jobs available in the nation. At the time of writing, the IT titan listed 3,866 roles in India.

American jobs listed for these three periods are 192, 376, and 333, respectively, though at least among those being laid off, there's doubt those roles will be filled with job seekers in the States. A current IBMer who won't be there much longer said that after being told to teach recently hired workers in India "everything I know," the reward was a resource action, or RA -- Big Blue's euphemism for a layoff. After receiving an RA notification, employees typically have a set period of time to apply for open roles elsewhere in the mega-corporation. But just because there are open positions listed in the US doesn't mean IBM is making much of an effort to fill them, we are told.

An anonymous reader shares a report: For decades, India's economic promise has rested on its demographic dividend -- the competitive edge of a massive, young, and increasingly educated workforce. Economists and policymakers have routinely cited the country's population profile as its ticket to economic superpower status, with projections of reaching $10 trillion in GDP and achieving high-income status by 2047. These forecasts depend heavily on a critical assumption: that roughly 500 million Indians currently aged 5-24 will find productive employment as they enter the workforce over the next two decades. But a sobering new analysis from Bernstein suggests this fundamental premise may be crumbling under the weight of rapid advances in AI.

"The advent of AI threatens to erode all the advantages of India's rich demographic dividend," write Bernstein analysts Venugopal Garre and Nikhil Arela, who characterize their assessment as a potential "doomsday scenario" for a nation that has hitched its economic wagon to services-led growth. At stake is India's $350 billion services export sector -- a sprawling ecosystem of IT outsourcing, business process management, and offshore knowledge centers that employs over 10 million workers, mostly in jobs that place them in the top 25% of the country's income distribution.

While India's IT giants have successfully navigated previous technological shifts -- from basic call centers in the late 1980s to cloud computing and data analytics more recently -- AI poses a fundamentally different challenge. Unlike earlier transitions that required human adaptation, today's AI systems threaten to replace rather than complement the workforce. "AI subscriptions that come at a fraction of the costs of India's entry level engineers can be deployed to perform tasks at higher precision and speed," the report note.

An anonymous reader quotes a report from BleepingComputer: Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. Last week, a person named 'rose87168' claimed to have breached Oracle Cloud servers and began selling the alleged authentication data and encrypted passwords of 6 million users. The threat actor also said that stolen SSO and LDAP passwords could be decrypted using the info in the stolen files and offered to share some of the data with anyone who could help recover them.

The threat actor released multiple text files consisting of a database, LDAP data, and a list of 140,621 domains for companies and government agencies that were allegedly impacted by the breach. It should be noted that some of the company domains look like tests, and there are multiple domains per company. In addition to the data, rose87168 shared an Archive.org URL with BleepingComputer for a text file hosted on the "login.us2.oraclecloud.com" server that contained their email address. This file indicates that the threat actor could create files on Oracle's server, indicating an actual breach. However, Oracle has denied that it suffered a breach of Oracle Cloud and has refused to respond to any further questions about the incident.

"There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data," the company told BleepingComputer last Friday. This denial, however, contradicts findings from BleepingComputer, which received additional samples of the leaked data from the threat actor and contacted the associated companies. Representatives from these companies, all who agreed to confirm the data under the promise of anonymity, confirmed the authenticity of the information. The companies stated that the associated LDAP display names, email addresses, given names, and other identifying information were all correct and belonged to them. The threat actor also shared emails with BleepingComputer, claiming to be part of an exchange between them and Oracle.

The U.S. has added 80 entities to its export blacklist to prevent China from acquiring advanced American chips for military development, including AI, quantum tech, and hypersonic weapons. The Verge reports: More than 50 of the new entities added to the list are based in China, with others located in Iran, Taiwan, Pakistan, South Africa, and the United Arab Emirates. BIS says the restrictions have been applied to entities that acted "contrary to US national security and foreign policy," and are intended to hinder China's ability to develop high-performance computing capabilities, quantum technologies, advanced artificial intelligence, and hypersonic weapons.

Six of the newly blacklisted entities are subsidiaries of Inspur Group -- China's leading cloud computing service provider and a major customer for US chip makers such as Nvidia, AMD, and Intel -- which BIS alleges had contributed to projects developing supercomputers for the Chinese military. The Beijing Academy of Artificial Intelligence is another addition to the list, which has criticized its inclusion. "American technology should never be used against the American people," said Jeffrey Kessler, Under Secretary of Commerce for Industry and Security. "BIS is sending a clear, resounding message that the Trump administration will work tirelessly to safeguard our national security by preventing U.S. technologies and goods from being misused for high performance computing, hypersonic missiles, military aircraft training, and UAVs that threaten our national security."

Microsoft has walked away from new data center projects in the US and Europe that would have amounted to a capacity of about 2 gigawatts of electricity, according to TD Cowen analysts, who attributed the pullback to an oversupply of the clusters of computers that power artificial intelligence. From a report: The analysts, who rattled investors with a February note highlighting leases Microsoft had abandoned in the US, said the latest move also reflected the company's choice to forgo some new business from ChatGPT maker OpenAI, which it has backed with some $13 billion. Microsoft and the startup earlier this year said they had altered their multiyear agreement, letting OpenAI use cloud-computing services from other companies, provided Microsoft didn't want the business itself.

Microsoft's retrenchment in the last six months included lease cancellations and deferrals, the TD Cowen analysts said in their latest research note, dated Wednesday. Alphabet's Google had stepped in to grab some leases Microsoft abandoned in Europe, the analysts wrote, while Meta Platforms had scooped up some of the freed capacity in Europe.

A software engineer discovered that his newly purchased Bosch 500 series dishwasher locks basic functionality behind cloud connectivity, reigniting concerns about internet-dependent home appliances. Jeff Geerling found that features like rinse cycle, delayed start and eco mode on his $1,000 dishwasher require connecting to WiFi and creating an account with "Home Connect," Bosch's cloud service.

Geerling criticized the approach as potentially part of planned obsolescence, noting that without a current subscription fee, the company will likely either shutter the service or introduce payments for previously standard features.

An anonymous reader quotes a report from Reuters: German software company SAP overtook Danish healthcare company Novo Nordisk as Europe's largest company by market capitalization on Monday. At 0900 GMT, SAP had a market cap of $340 billion, slightly more than Novo Nordisk, according to Reuters calculations using LSEG Workspace data. SAP is Europe's largest software maker, providing business application software used by companies for finance, sales, supply chain and other functions.

Its shares have surged in recent years, in part due to optimism that its cloud business will be a major beneficiary of recent investment in generative artificial intelligence. While SAP shares are up 7% so far in 2025, underperforming the broader European STOXX 600 index, which is up 8.3% year-to-date, they have clocked a total return of 160% since the end of 2022, far outperforming the STOXX 600's 28%. In contrast, Novo Nordisk shares have underperformed the market in recent months after data from trials of its experimental next-generation obesity drug Cagrisema disappointed investors.

Google has confirmed that a technical issue has permanently deleted location history data for numerous users of its Maps application, with no recovery possible for most affected customers. The problem emerged after Google transitioned its Timeline feature from cloud to on-device storage in 2024 to enhance privacy protections. Users began reporting missing historical location data on support forums and social media platforms in recent weeks. "This is the result of a technical issue and not user error or an intentional change," said a Google spokesperson. Only users who manually enabled encrypted cloud backups before the incident can recover their data, according to Google. The company began shifting location storage policies in 2023, initially stopping collection of sensitive location data including visits to abortion clinics and domestic violence shelters.

IBM is laying off thousands of employees across the United States, with approximately 25% of staff at its Cloud Classic operation affected, The Register reports, citing a source. "Concrete numbers are being kept private," a source told the publication. "It is in the thousands."

Staff reductions have occurred in Raleigh, North Carolina; New York; Dallas, Texas; and California, the report said. Affected departments include consulting, corporate social responsibility, cloud infrastructure, sales, and internal systems teams. The report adds: With regard to IBM Cloud Classic -- the infrastructure-as-a-service (IaaS) outfit offering built on IBM's 2013 acquisition of SoftLayer -- another source told us: "It's a resource action. I don't know how many people are in IaaS classic. They don't typically make that information easy to find. What I can say is that they have been making a lot of changes to shift employment to India as much as possible."

A third source, newly let go by Big Blue, said it was fair to characterize this a layoff. "Everyone I know that was affected, myself included, was simply offered a separation agreement," this individual said, estimating that 10 percent of the Cloud group (which is not the same as Cloud Classic) has been let go.

An anonymous reader shares a report: PCI Express 7 is nearing completion, the PCI Special Interest Group said, and the final specification should be released later this year. PCI Express 7, the backbone of the modern motherboard, is at the stage 0.9, which the PCI-SIG characterizes as the "final draft" of the specification. The technology was at version 0.5 a year ago, almost to the day, and originally authored in 2022.

The situation remains the same, however. While modern PC motherboards are stuck on PCI Express 5.0, the specification itself moves ahead. PCI Express has doubled the data rate about every three years, from 64 gigtransfers per second in PCI Express 6.0 to the upcoming 128 gigatransfers per second in PCIe 7. (Again, it's worth noting that PCIe 6.0 exists solely on paper.) Put another way, PCIe 7 will deliver 512GB/s in both directions, across a x16 connection.

It's worth noting that the PCI-SIG doesn't see PCI Express 7 living inside the PC market, at least not initially. Instead, PCIe 7 is expected to be targeted at cloud computing, 800-gigabit Ethernet and, of course, artificial intelligence. It will be backwards-compatible with the previous iterations of PCI Express, the SIG said.

SourceHut, an open-source-friendly git-hosting service, says web crawlers for AI companies are slowing down services through their excessive demands for data. From a report: "SourceHut continues to face disruptions due to aggressive LLM crawlers," the biz reported Monday on its status page. "We are continuously working to deploy mitigations. We have deployed a number of mitigations which are keeping the problem contained for now. However, some of our mitigations may impact end-users."

SourceHut said it had deployed Nepenthes, a tar pit to catch web crawlers that scrape data primarily for training large language models, and noted that doing so might degrade access to some web pages for users. "We have unilaterally blocked several cloud providers, including GCP [Google Cloud] and [Microsoft] Azure, for the high volumes of bot traffic originating from their networks," the biz said, advising administrators of services that integrate with SourceHut to get in touch to arrange an exception to the blocking.

The Dutch parliament approved motions urging the government to reduce reliance on U.S. software companies by developing a sovereign cloud platform and reconsidering contracts with American firms. Reuters reports: While such initiatives have foundered in the past due to a lack of viable European alternatives, lawmakers said changing relations with the United States under the presidency of Donald Trump have given the issue fresh urgency. "The question we as Europeans must ask ourselves is: do we feel comfortable with people like Trump, (Meta CEO Mark) Zuckerberg and (X owner Elon) Musk ruling over our data?" said Marieke Koekkoek of the pro-European Volt party, who authored one of the eight motions, in an email to Reuters.

In addition to launching a sovereign cloud services platform, the motions called on the government to re-examine a decision to use Amazon's web services for the Netherlands' internet domain hosting, and to develop alternatives to U.S. software and preferential treatment for European firms in public tenders. [...] Bert Hubert, a Dutch technology expert who has advocated for reducing dependency on the U.S., said: "This is only the first step in potentially doing something." But he said one important outcome would be forcing agencies to publicly report on risks related to their reliance on U.S. cloud firms. "With the advent of Trump 2.0, it has become clear that this is not something you can harmlessly sign off on," he said.

Google's parent company Alphabet is reportedly in talks to acquire cybersecurity startup Wiz for approximately $30 billion. Last July, negotiations had advanced on a $23 billion deal, but the talks were put on hold to prioritize Wiz's IPO. Around the same time, Alphabet also walked away from a potential acquisition of online marketing software company HubSpot. Reuters reports: The startup provides cloud-based cybersecurity solutions powered by artificial intelligence that help companies identify and remove critical risks on cloud platforms. A buyout of this size will most likely face regulatory scrutiny as tech giants are kept under close watch for possible monopolistic practices.

If the deal goes through, it could help Alphabet tap into the cybersecurity industry and expand its booming cloud infrastructure segment, which generated more than $43 billion in revenue last year. Wiz was last valued at $12 billion in a private funding round in May 2024.