Un’intrusione di dati è stata rilevata da Cloudflare, dove un aggressore esperto ha potuto accedere e quindi rubare i dati sensibili dei propri clienti da quella che era l’istanza Salesforce messa a disposizione proprio dalla società. La violazione faceva parte di un attacco più ampio alla supply chain che sfruttava una vulnerabilità nell’integrazione del chatbot Salesloft Drift, colpendo centinaia di organizzazioni in tutto il mondo.

E’ importante notare, che oltre CloudFlare, sono rimaste vittima di questo incidente alla supply chain anche:

• Palo Alto Networks : l’azienda di sicurezza informatica ha confermato l’esposizione di informazioni di contatto aziendali e dati di vendita interni dalla sua piattaforma CRM.
• Zscaler : l’azienda di sicurezza cloud ha segnalato che sono state effettuate violazioni delle informazioni dei clienti, tra cui nomi, recapiti e alcuni contenuti dei casi di supporto.
• Google: oltre a svolgere il ruolo di investigatore, Google ha confermato che un “numero molto limitato” di account Workspace è stato violato tramite token compromessi.

L’incidente che ha colpito Cloudflare, insieme a realtà di primo piano come Palo Alto Networks, Zscaler e persino Google, dimostra quanto un singolo punto di vulnerabilità in una piattaforma SaaS sul cloud possa generare effetti a catena devastanti. Un attacco mirato alla supply chain, come quello che ha sfruttato l’integrazione del chatbot Salesloft Drift, ha permesso all’attore della minaccia di ottenere accesso a dati sensibili gestiti da Salesforce, coinvolgendo centinaia di organizzazioni nel mondo. La portata dell’evento evidenzia come anche i leader della sicurezza informatica non siano immuni quando le loro attività si basano su infrastrutture esterne, che diventano bersagli privilegiati.

In una comunicazione dettagliata, Cloudflare ha spiegato che l’autore della minaccia, che il suo team di intelligence ha denominato GRUB1, ha ottenuto l’accesso non autorizzato al suo ambiente Salesforce tra il 12 e il 17 agosto 2025.

Per gestire l’assistenza clienti e la gestione interna, la società si avvale di Salesforce. I dati sensibili sono stati sottratti dagli hacker proprio dai “casi” archiviati su Salesforce, nella maggior parte dei casi relativi a ticket di assistenza tecnica dei clienti. Tra le informazioni compromesse figurano quelle contenute nei campi di testo dei casi di supporto. Tali dati comprendono i dettagli di contatto dei clienti, il testo dell’oggetto e il corpo delle corrispondenze relative ai casi.

È stato evidenziato da Cloudflare che, anche se non è richiesta la condivisione di informazioni sensibili da parte dei clienti nei ticket di supporto, tutte le credenziali, le chiavi API, i registri o le password che sono stati eventualmente incollati nei campi di testo dai clienti dovrebbero essere considerati ormai compromessi. L’azienda ha riportato che non è stato effettuato alcun accesso agli allegati e nessun servizio Cloudflare o infrastruttura principale è stato violato a seguito di questo incidente.

L’indagine ha rivelato che l’attacco è iniziato con una ricognizione il 9 agosto, mentre la compromissione iniziale si è verificata il 12 agosto. L’autore della minaccia ha utilizzato le credenziali rubate dall’integrazione Salesloft Drift per accedere ed esplorare sistematicamente il tenant Salesforce di Cloudflare prima di esfiltrare i dati del caso di supporto il 17 agosto.

Questo episodio ci ricordano ancora una volta che il cloud, pur offrendo scalabilità, comodità e flessibilità operativa, porta con sé rischi che spesso non sono immediatamente visibili. La natura interconnessa delle piattaforme SaaS, unite alle numerose integrazioni di terze parti, aumenta esponenzialmente la superficie di attacco. In questo contesto, anche le procedure più rigorose di gestione della sicurezza interna rischiano di non bastare: un errore o una vulnerabilità in un singolo anello della catena può compromettere l’intero ecosistema digitale.

La lezione principale è che la fiducia cieca nel cloud non può sostituire una strategia di sicurezza multilivello. Le aziende devono adottare approcci di zero trust, monitoraggio continuo e pratiche di riduzione dei privilegi, valutando con attenzione ogni integrazione esterna. L’incidente di agosto 2025 ci mostra chiaramente che, nel mondo digitale, la resilienza dipende non solo dalla forza delle difese interne, ma dalla capacità di prevedere e contenere i rischi derivanti da terze parti: perché oggi, un singolo incidente SaaS può trasformarsi in una compromissione globale.

L'articolo Anche Cloudflare violata nell’incidente Salesforce! I rischi del cloud colpiscono tutti proviene da il blog della sicurezza informatica.

If there’s one certainty in life, it is that Nintendo Famicom and similar NES clone consoles are quite literally everywhere. What’s less expected is that they were used for a half-serious attempt at making an educational family computer in the early 2000s. This is however what [Nicole Branagan] tripped over at the online Goodwill store, in the form of a European market Famiclone that was still in its original box. Naturally this demanded an up-close investigation and teardown.

The system itself comes in the form of a keyboard that seems to have been used for a range of similar devices based on cut-outs for what looks like some kind of alarm clock on the top left side and a patched over hatch on the rear. Inside are the typical epoxied-over chips, but based on some scattered hints it likely uses a V.R. Technology’s VTxx-series Famiclone. The manufacturer or further products by them will sadly remain unknown for now.

While there’s a cartridge slot that uses the provided 48-in-1 cartridge – with RAM-banked 32 kB of SRAM for Family BASIC – its compatibility with Famicom software is somewhat spotty due to the remapped keys and no ability to save, but you can use it to play the usual array of Famicom/NES games as with the typical cartridge-slot equipped Famiclone. Whether the provided custom software really elevates this Famiclone that much is debatable, but it sure is a fascinating entry.

hackaday.com/2025/09/03/the-ni…

“Le parole di Tajani sulla Global Sumud Flotilla sono deludenti, anche se non sorprendono viste le posizioni del nostro governo.” Lo dichiara la Segretaria Nazionale di Possibile Francesca Druetti, commentando la dichiarazione del ministro degli esteri secondo cui gli attivisti delle navi in partenza verso Gaza “non sono terroristi, ma si può dire di non essere d’accordo, che si tratti di iniziative inopportune.”
“Le parole di Tajani” — continua Druetti — sono appunto inopportune. Perché l’iniziativa della Global Sumud Flotilla andrebbe semplicemente sostenuta dal nostro governo. Perché i quattro obiettivi della spedizione (lo stop all’assedio, lo stop alla fame usata come arma, lo stop alla disumanizzazione della popolazione palestinese, lo stop al genocidio) non dovrebbero nemmeno essere oggetto di dibattito, ma la posizione minima di umanità da cui partire per trovare una soluzione politica e diplomatica.

“Di fronte a quanto succede ogni giorno a Gaza — conclude Druetti — alle decine di morti ogni giorno, alla carestia imposta da uno Stato contro cui continuiamo a vendere armi e a offrire supporto internazionale, l’invito alla moderazione di Tajani a Ben Gvir (che aveva minacciato di trattare gli attivisti alla stregua di terroristi una volta arrivati sulle coste di Gaza) è semplicemente ridicolo. Continuiamo a sostenere, in ogni modo, la Global Sumud Flotilla. Quando arriverà a destinazione, saremo tutte e tutti chiamati a mobilitarci, con i nostri corpi e con la pressione istituzionale.”

L'articolo Druetti (Pos): Tajani sbaglia su Global Sumud Flotilla, non può dire che l’iniziativa è inopportuna proviene da Possibile.

Questa settimana è stato pubblicato un exploit proof-of-concept per il bug CVE-2025-53772, una vulnerabilità critica di esecuzione di codice remoto nello strumento IIS Web Deploy (msdeploy) di Microsoft, che ha sollevato urgenti allarmi nelle community .NET e DevOps.

Il CVE-2025-53772 è una vulnerabilità RCE critica negli endpoint msdeploy.axd e msdeployagentservice di Microsoft Web Deploy, causata dalla deserializzazione non sicura dei dati dell’intestazione HTTP in formato GZip + Base64. Consente a un utente malintenzionato autenticato di eseguire codice da remoto.

Microsoft ha assegnato un punteggio CVSS di 8,8 per il CVE-2025-53772. Le misure di mitigazione immediate includono la disabilitazione del servizio Web Deploy Agent (MsDepSvc), l’applicazione di ACL di rete rigorosi sull’endpoint msdeploy.axd e l’applicazione di filtri in ingresso per bloccare intestazioni MSDeploy.SyncOptions inaspettate.

IIS Web Deploy (msdeploy) è un set di strumenti che impacchetta e trasferisce applicazioni Web, configurazioni IIS e risorse basate su provider in un ambiente di destinazione. Supporta due tipi di meccanismi di accesso: tramite Web Management Service (WMSvc) su endpoint HTTP(S): /msdeploy.axd tramite Web Deploy Agent Service (MsDepSvc):msdeployagentservice

Le funzionalità principali includono: Sincronizzazione e distribuzione tramite provider per file, siti Web, certificati, database, ecc. Flussi di lavoro per la creazione di pacchetti ( GetPackage) e l’applicazione di pacchetti ( Sync) Questa elevata flessibilità, se combinata con progetti di serializzazione che non convalidano rigorosamente gli input, amplia la superficie di attacco.

Per una correzione a lungo termine è necessario sostituire BinaryFormatter con un serializzatore sicuro (ad esempio, DataContractSerializer con contratti di tipo espliciti) e convalidare tutti gli input dell’intestazione prima della deserializzazione.

Con la diffusione degli exploit PoC, le organizzazioni che sfruttano IIS Web Deploy devono dare priorità all’applicazione di patch e al rafforzamento per impedire agli aggressori autenticati di sfruttare questo vettore RCE critico.

L'articolo Vulnerabilità critica in IIS Web Deploy: l’exploit PoC è ora pubblico proviene da il blog della sicurezza informatica.

WELCOME TO DIGITAL POLITICS. I'm Mark Scott, and this edition marks the one-year anniversary for this newsletter. That's 61 newsletters, roughly 130,000 words and, hopefully, some useful insight into the world of global digital policymaking.

To thank all subscribers for your support, I'm offering a discounted offer to the paid version of Digital Bridge published each Monday. You can go for either a monthly or an annual subscription — at 25 percent off the regular price. You can also keep receiving these monthly free updates.

Also, for anyone in Brussels, I'll be in town next week from Sept 8 - 11. Drop me a line if you're free for coffee.

— The outcome to a series of legal challenges to online safety legislation will be made public in the coming weeks. The results may challenge how these laws are implemented.

— We are starting to see the consequences of what happens when policymakers fail to define what "tech sovereignty" actually means.

— The vast amount of money within the semiconductor industry comes from the design, not manufacture, of high-end microchips.

Let's get started:

LEGAL CHALLENGES TO ONLINE SAFETY RULES

WE'RE ABOUT TO FIND OUT WHERE THE limits are to some of the Western world's attempts to rein in social media platforms and e-commerce giants.

On Sept. 3, Zalando, the German online shopping site (my decade-old profile here) will find out if one of the European Union's top courts agrees that it should not be designated as a Very Large Online Platform, or VLOP, under the bloc's Digital Services Act. The Berlin-based retailer claims it doesn't represent a so-called "systemic risk" within the EU. Zalando's focus on business customers (in contrast to retailer customers) also means the platform does not technically have 45 million users within the EU, it also argues. Expect a decision from the European Court of Justice before midday CET on Sept. 3 (documents here.)

By challenging Brussels' ability to designate which tech companies fall within its VLOP definition (in which the requirement to have at least 45 million local users is critical), Zalando is taking on a central component of the EU's online safety regime. Under the DSA, these large firm take on greater responsibilities and reporting requirements — and are overseen directly by the European Commission, and not EU national regulators — compared to their smaller counterparts.

Currently, how the bloc determines the threshold for 45 million users is cloaked in secrecy — mostly because officials typically have to rely on company estimates to make such adjudications. Telegram, for instance, maintains it has less than that benchmark, allowing it to avoid the most strenuous oversight offered by the DSA. By challenging the European Commission's (opaque) methodology, Zalando's case (no matter the outcome) will force Brussels to up its game when determining which companies fall within its VLOP definition.

Thanks for reading the free monthly version of Digital Politics. Paid subscribers receive at least one newsletter a week. If that sounds like your jam, please sign up here.

Here's what paid subscribers read in August:
— Google and Meta's separate decisions to end political ads in Europe is a mistake; What Big Tech's quarterly earnings teach us about geopolitics; Most Brits have yet to jump on the AI bandwagon. More here.
— Everything you need to know about India's AI Impact Summit; How Russia's propaganda machine weaponized the Trump-Putin meeting in Alaska; Who's Who in the shake-up in the European Commission's DG CNECT. More here.
— Why focusing on protecting kids online should not come at the price of breaking encryption; What Kremlin-backed media took from the Trump-Putin summit; The cottage industry of copyright lawsuits targeting AI companies. More here.
— The US, EU and China are building rival "AI Stacks" that will split the world into competing camps; How to understand the EU-US trade framework when it comes to tech and future tensions; The "AI Divide" is playing out in global research. More here.

Next up are Meta and TikTok. In a dual ruling on Sept. 10 (documents here and here), one of Europe's top courts will again decide a key part of the bloc's online safety rules. This time, both tech giants claim the so-called DSA supervisory fee, or annual levy all VLOPs must pay for the regulation's implementation, is disproportionate and opaque.

The fee — which increased 21 percent this year, to €58.2 million — is based on the European Commission's calculation of up to a 0.05 percent charge on these tech firms' annual global net income. Both Meta and TikTok (and, in a separate legal challenge, Google) say those figures should only come from each firm's profit within the 27-country bloc, and not from their overall global income. In response, Brussels says such levies — a tiny slice of these firms' annual profits — do not violate companies' rights.

Depending on how the court rules, the decision will have ramifications for the DSA's (stuttering) implementation.

Currently, the European Commission has scores of open investigations. Temu, the Chinese online retailer, was the latest firm to be accused of breaching the rules. A potential separate enforcement action against X is expected in the coming weeks. These probes cost money. If Europe's top judges start cutting the funds available for DSA enforcement — based on TikTok and Meta's claims — then the regulation's implementation will similarly slow.

If one of Europe's top courts sides with the tech giants, then expect Brussels to claim business-as-usual, and likely dedicate additional resources from the bloc's almost €2 trillion budget. But the ability to charge VLOPs for DSA supervision is a pillar of how these online safety rules are supposed to work. It forms the basis for the European Commission's mutlti-year work plan on DSA supervision and enforcement. To suggest everything is fine, if next week's court decision goes against Brussels, will be a fantasy.

The next legal challenge takes us across the English Channel to the United Kingdom's Online Safety Act, or OSA. There is already growing disquiet after the country's so-called "age assurance" rules came into force late last month. Now, 4chan and Kiwi Farms filed a lawsuit in a federal court in the United States to challenge how the UK's online safety rules apply to these US-based online platforms.

I'm no lawyer. But the lawsuit is worth a read for two reasons.

First, 4Chan and Kiwi Farms — both of which received requests from Ofcom, the UK's online safety regulator, to comply with mandatory transparency demands — relied heavily on history to suggest they did not have to comply with the British rules. (Disclaimer: I sit on an independent advisory committee at Ofcom, so anything I say here is done so in a personal capacity.)

"Where Americans are concerned, the Online Safety Act purports to legislate the Constitution out of existence," lawyers for both firms wrote in the lawsuit. "Parliament does not have that authority. That issue was settled, decisively, 243 years ago in a war that the UK’s armies lost and are not in any position to re-litigate.”

Shots fired, if you will.

Under the UK's online safety regime, a company does not have to have a physical presence within the country to fall under the legislation. Technically, a site only needs to be accessible to British internet users for the regulatory requirements, most of which focus on mandating a base level of transparency about how companies apply their internal online safety protocols. That means thousands of sites worldwide fall under the UK's OSA — even though almost none of them will be contacted as what happened with 4Chan and Kiwi Farms.

Determining how far the UK's OSA can extend to sites with no physical presence in the country — even if that comes via a US federal court — is a marker for how countries can extend their online safety rules in the name of protecting their citizens.

The second reason the case is important is more political.

Expect the federal lawsuit against Ofcom to be name-checked during a Congressional hearing, overseen by Congressman Jim Jordan, on Sept 3 entitled: "Europe's Threat to American Speech and Innovation." It will start at 10am ET and the current witness list includes noted online safety expert (jk!) Nigel Farage. Former European Commissioner Thierry Breton was invited, though he preferred to respond in an OpEd for The Guardian.

The 4Chan/Kiwi Farm lawsuit is important as it represents a new attack from some in the US who view any form of online safety regulation as a direct threat to Americans' First Amendment rights.

These individuals — most commonly associated with the "Censorship Industrial Complex" — have already accused researchers of acting in unison with the US federal government and social media platforms to censor those mostly on the political right. So far, there has been no evidence to back up those allegations.

Now, many are turning to non-US online safety legislation, most notably the EU's DSA and the UK's OSA, as a new attack vector to claim Americans' free speech rights are under attack. The 4Chan/Kiwi Farm lawsuit's arguments, including the illegal extraterritoriality of the British rules, are likely to be re-used in these ongoing efforts to thwart countries' push to protect their own citizens against online abuse and illegal content like terrorist propaganda.

Chart of the Week

EVERY COUNTRY UNDER THE SUN wants to be a semiconductor superpower. That's especially true in the global battle between rival "AI stacks" reliant on next generation semiconductors.

But there's a significant difference between those who make semiconductors and where the value resides in the overall global chip market.

The chart on the left depicts the 2024 worldwide revenue, divided as a percentage per company, for semiconductor foundries, or facilities that manufacture microchips. The chart on the right represents overall market values for semiconductor companies (based on Dec. 31, 2024 prices), divided by companies and countries.

On manufacturing, Taiwan is the global leader, by some margin. But in overall semiconductor value, the US (and, to a large degree, NVIDIA) are the ones to beat.

That's a reminder for any country spending taxpayers' dollars to entice semiconductor foundries to be built locally. Just because you back such in-country manufacturing doesn't mean the overall value within the semiconductor supply chain will follow.

Source: JPMorgan; Companiemarketcap.com. Data as of Dec. 2024

The consequences of tech sovereignty

I KNOW I'M BIASED. BUT IT'S HARD NOT TO VIEW the first eight months of 2025 as a demonstration of what happens when countries blend politics and technology in ways that lead to bad outcomes. Think the US-China stand-off on pretty much everything. Think the EU-US dispute over trade/digital regulation. Think the failure of Middle Powers to articulate a path on digital that is different to that offered by China, the US and Europe, respectively.

This is what happens when politicians and policymakers put forward a vision of "tech sovereignty" without thinking through what happens when you mix national/regional political needs with the global nature of how technology actually works.

Back in March, I made a plea for a more joined-up approach to that amorphous definition that, ever since European Commission president Ursula von der Leyen went hard on "tech sovereignty" five years ago, has been plagued with false starts, conflicting efforts and a failure to understand how such digital policymaking would end up playing out in the real world.

Fast forward to late(ish) 2025, and we are starting to feel the consequences of rival and, frustratingly, allied countries implementing "tech sovereignty" concepts that will inevitably harm citizens' fundamental rights and their ability to take advantage of what technology has to offer.

For me, those concepts include: countries asserting legal claims over the global internet; politicians subsidizing the creation/support of domestic industries that do not have the scale to compete on the global stage; the creation of artificial barriers between digital markets/goods that undermine fundamental rights; the politicization of apolitical digital regulation aimed at quelling abuse.

Some of these issues were almost inevitable, given the vast differences between how countries approach both digital policymaking and industrial policy. The US — based on its financial muscle, deregulatory stance and domestic industry — is just in a different place to, say, Singapore, which must approach questions about how technology affects its society in ways that meet its own domestic needs.

What I worry, though, is that the push toward 'tech sovereignty' has reached a point where it may be difficult to bring countries back from the edge of creating siloed digital worlds. That goes for everything from high-tech manufacturing that may face high import tariffs elsewhere to digital regulation aimed at safeguarding people's fundamental rights.

Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

As technology has become a powerful engine, both for politics and industry, it was inevitable that politicians would want to exert greater power over digital areas of the economy and society. Where we are currently, however, is nearing a point of potentially killing the golden goose.

Technology, at its basic level, is an apolitical tool. And ever since the Web 1.0 era, that has been based on a borderless, hand-off approach to digital oversight — something that just isn't possible given the geopolitical nature of technology in 2025.

What I've been thinking a lot about is how can we marry the best of this laissez-faire approach to technology — one that allows firms and people to connect to each other, within seconds, across the globe — with the ability for politicians and policymakers to both protect citizens from harm and harness what technology has to offer to serve domestic economic interests.

Right now, that balance is failing, and badly.

It is leading to the siloing of citizens within national/regional digital fiefdoms. It is embracing a top-down approach to "tech sovereignty" that relegates people to passive spectators as their digital experiences are dictated for them. It is leaving millions behind as digital policymaking falls into three camps: led by China, the EU and US, respectively.

Watch this space for thoughts on how to fix that.

What I'm reading

— The Molly Rose Foundation analyzed TikTok and Instagram and found an ongoing high-level risk of exposure for minors to content linked to suicide, self-harm and depression-related material. More here.

— Bits of Freedom, a Dutch non-profit organization, filed a lawsuit against Meta so that its local users could access their Instagram and Facebook feeds in ways not based on user profiling. More here.

— Researchers from the University of Amsterdam created a social media network based on AI agents, and discovered the platform quickly recreated levels of polarization seen in real-world networks. More here.

— The White House's recent AI Action Plan is full of contradictory policies that may lead to the concentration of power of the emerging technology, argue three former Joe Biden-appointed officials for Tech Policy Press.

— Meta's Oversight Board published its annual report, including details into the 217 voluntary policy recommendations it had made to the tech firm since 2027. More here.

digitalpolitics.co/newsletter0…

[VWestlife] ended up with an obscure piece of 80s satellite TV technology, shown above. The Micro-Scan is a fairly plan metal box with a single “Tune” knob on the front. At the back is a power switch and connectors for TV Antenna, TV Set, and “MW” (probably meaning microwave). There’s no other data. What was this, and what was it for?

Satellite TV worked by having a dish receive microwave signals, but televisions could not use those signals directly. A downconverter was needed to turn the signal into something an indoor receiver box (to which the television was attached) could use, allowing the user to select a channel to feed into the TV.

At first, [VWestlife] suspected the Micro-Scan was a form of simple downconverter, but that turned out to not be the case. Testing showed that the box didn’t modify signals at all. Opening it up revealed the Micro-Scan acts as a combination switchbox and variable power supply, sending a regulated 12-16 V (depending on knob position) out the “MW” connector.

So what is it for, and what does that “Tune” knob do? When powered off, the Micro-Scan connected the TV (plugged into the “TV Set” connector) to its normal external antenna (connected to “TV Antenna”) and the TV worked like a normal television. When powered on, the TV would instead be connected to the “MW” connector, probably to a remote downconverter. In addition, the Micro-Scan supplied a voltage (the 12-16 V) on that connector, which was probably a control voltage responsible for tuning the downconverter. The resulting signal was passed unmodified to the TV.

It can be a challenge to investigate vintage equipment modern TV no longer needs, especially hardware that doesn’t fit the usual way things were done, and lacks documentation. If you’d like to see a walkthrough and some hands-on with the Micro-Scan, check out the video (embedded bel0w).

youtube.com/embed/dhxh9BZcFXg?…

hackaday.com/2025/09/03/revers…

L’azienda cinese Tencent ha reso pubblico il codice sorgente di una nuova serie di modelli linguistici Hunyuan-MT, appositamente ottimizzati per le attività di traduzione. Gli sviluppatori affermano che gli algoritmi mostrano risultati migliori di Google Translate nel popolare benchmark WMT25.

La serie comprende quattro modelli, tra cui due modelli di punta: Hunyuan-MT-7B e Hunyuan-MT-Chimera-7B, ciascuno contenente 7 miliardi di parametri. Vengono inoltre presentate due versioni compresse, che utilizzano meno memoria, ma operano con una leggera perdita nella qualità della traduzione.

Tencent ha utilizzato quattro set di dati per l’addestramento. Due di questi includevano testi in 33 lingue senza traduzione, mentre gli altri due includevano diversi milioni di coppie di frasi e le relative traduzioni. Questo approccio ha permesso di combinare la conoscenza delle lingue con l’erudizione generale.

L’efficacia dei modelli è stata testata utilizzando il test MMLU-Pro, progettato per valutare le conoscenze generali. Hunyuan-MT ha mostrato risultati migliori rispetto a Llama-3-8B-Base, nonostante un numero inferiore di parametri.

Dopo l’addestramento iniziale, i modelli sono stati sottoposti a un ulteriore passaggio, utilizzando l’apprendimento per rinforzo. Tencent ha fornito loro compiti e feedback sulla qualità della traduzione, contribuendo a migliorarne l’accuratezza.

La qualità è stata valutata da un sistema di intelligenza artificiale separato, che ha analizzato la corrispondenza semantica della traduzione con l’originale e la correttezza dell’uso della terminologia in diversi campi.

Il primo modello della serie, Hunyuan-MT-7B, si basa sull’architettura classica dei modelli linguistici. La variante Chimera-7B utilizza un metodo di ensemble: diverse reti neurali elaborano una richiesta simultaneamente e le loro risposte vengono poi combinate in una versione finale di qualità superiore.

Nei test WMT25 che confrontano le traduzioni in 31 coppie di lingue, Hunyuan-MT ha superato Google Translate in 30 casi, con alcune coppie che hanno ottenuto risultati superiori del 65%.

Inoltre, la serie di Tencent ha ottenuto risultati migliori rispetto a GPT-4.1 e Claude 4 Sonnet di Anthropic nella maggior parte delle coppie di lingue dello stesso benchmark.

L'articolo Tencent sfida i giganti! Il nuovo Hunyuan-MT batte Google Translate e GPT-4.1 proviene da il blog della sicurezza informatica.

In un momento in cui la controversia sull’impatto dell’intelligenza artificiale sulla salute mentale giovanile va crescendo, l’introduzione di un controllo parentale per ChatGPT è stata annunciata come una misura da OpenAI.

In un post sul blog pubblicato martedì, l’azienda di intelligenza artificiale con sede in California ha affermato di aver lanciato queste funzionalità in risposta alla necessità delle famiglie di supportare “la definizione di linee guida sane che si adattino alla fase di sviluppo unica di un adolescente”.

Grazie a queste modifiche, i genitori potranno collegare i propri account ChatGPT a quelli dei propri figli, disattivare alcune funzionalità, tra cui la memoria e la cronologia delle chat, e controllare il modo in cui il chatbot risponde alle query tramite “regole di comportamento del modello appropriate all’età”.

I genitori potranno anche ricevere notifiche quando i loro figli adolescenti mostrano segni di disagio, ha affermato OpenAI, aggiungendo che cercherà il contributo di esperti nell’implementazione della funzionalità per “sostenere la fiducia tra genitori e adolescenti”.

OpenAI, che la scorsa settimana ha annunciato una serie di misure volte a migliorare la sicurezza degli utenti vulnerabili, ha affermato che le modifiche entreranno in vigore entro il mese prossimo.

“Questi passi sono solo l’inizio”, ha affermato l’azienda.

“Continueremo ad apprendere e a rafforzare il nostro approccio, sotto la guida di esperti, con l’obiettivo di rendere ChatGPT il più utile possibile. Non vediamo l’ora di condividere i nostri progressi nei prossimi 120 giorni.”

In un contesto sempre più delicato, queste novità arrivano anche a seguito di procedimenti legali intentati da privati contro le aziende tecnologiche, accusate di non aver protetto adeguatamente i minori dall’impatto dei loro prodotti. In diversi casi, le famiglie hanno sostenuto che l’assenza di controlli adeguati e di sistemi di tutela abbia contribuito a gravi conseguenze psicologiche, fino al suicidio dei loro figli.

Negli Stati Uniti, ad esempio, la famiglia di una ragazza della California ha denunciato OenAI per aver incentivato il suicidio del figlio Adam Reid. Queste vicende hanno acceso il dibattito pubblico e rafforzato la pressione sulle aziende tecnologiche, spinte ad adottare strumenti concreti di prevenzione.

Le nuove funzionalità di parental control annunciate da OpenAI si inseriscono in questa cornice: un tentativo di coniugare innovazione e responsabilità sociale, cercando di prevenire altri casi drammatici e di ristabilire la fiducia delle famiglie nei confronti delle tecnologie basate sull’intelligenza artificiale.

L'articolo OpenAI mette i genitori al comando: arriva il parental control su ChatGPT proviene da il blog della sicurezza informatica.

Mit dem Versand der Abstimmungsunterlagen beginnt für die Piratenpartei Schweiz (PPS) und zahlreiche Unterstützer:innen die heisse Phase der Kampagne gegen das neue E-ID-Gesetz. Die Piraten als Referendumsführer und kritische Stimme der ersten Stunde sind froh, dass am 28. September 2025 die Stimmbevölkerung über eine Vorlage entscheiden darf, die weitreichende Folgen für Datenschutz, Privatsphäre und digitale Selbstbestimmung hätte.

Bereits bei der Ausstellung werden sensible biometrische Daten wie Gesichtsvideos erhoben und bis zu 15 Jahren gespeichert. Unternehmen können bei jeder Nutzung der E-ID zahlreiche persönliche und staatlich verifiziert Informationen anfordern. Dass diese Daten nicht ausgewertet und „veredelt“ werden dürfen ist nicht verboten – sie werden so auch zu einem heiss begehrten Ziel für Hacking.

Stefan Sergi, Präsident Piratenpartei Aargau: „Kein IT-System ist abschliessend sicher, es ist nur eine Frage der Zeit, bis massenhaft gestohlene Identitäten im Umlauf sind.“

Melanie Hartmann, Vorstandsmitglied Piratenpartei Schweiz: „Wer Privatsphäre ernst nimmt, sagt Nein zu dieser E-ID“

Die E-ID ist nur theoretisch freiwillig. Gesetze und aktuelle Vorstösse verlangen die Identifikation beim Medienkonsum, auf Social Media, für Kommentare auf Newsseiten, Tickets für Sportanlässe etc. Für den Widerruf bei der Organspende ist die E-ID bereits fix eingeplant und für Tickets bei OeV und Events ist der Ausweiszwang heute der Quasi-Standard. Das führt zur digitalen Ausweispflicht im Alltag und öffnet alle Pforten für Profiling, Social-Scoring und die tägliche Überwachung, Analyse und Bewertung unseres digitalen Verhaltens – auch durch Firmen und Plattformen wie TikTok oder Disney+ oder Steam. Die andauernde Identifikation wird damit zur neuen Normalität.

Ivan Buechi, Präsident Piratenpartei Ostschweiz: „Wir laufen nicht durch die Bahnhofstrasse mit unserem Namen über dem Kopf und weisen uns im Laden oder Kino laufend aus. Aber genau das wird mit der E-ID geschehen.“

Pascal Fouquet, Vizepräsident Piratenpartei Kanton Bern: „Gute Digitalisierung braucht keine Überwachung. Auch mit dieser Vorlage wurde eine grosse Chance für gute Digitalisierung verpasst.“

Die E-ID wird von Bund und Wirtschaft als Fortschritt verkauft – doch sie bringt kaum Mehrwert für die Bevölkerung. Für digitale Behördengänge existieren bereits heute sichere, staatliche und datensparsame Lösungen wie AGOV.

Jorgo Ananiadis, Präsident der Piratenpartei Schweiz: „Die E-ID wird als Fortschritt gepriesen – doch sie löst keines der grundlegenden Probleme der Schweizer Digitalpolitik: Die Strategielosigkeit und mangelnde Digitalkompetenz bleiben bestehen und statt Lösungen bringt uns dieses E-ID-Gesetz neue Risiken – ohne spürbaren Nutzen für die Bevölkerung.“

Die Piratenpartei fordert ein E-ID-Gesetz, das folgende Kriterien erfüllt:
– Echte Freiwilligkeit – statt diskriminierendem Zwang
– Datensparsamkeit – statt noch mehr Datensammlung
– Digitale Selbstbestimmung – statt kollektive Gefährdung
– Eine vertrauenswürdige E-ID für uns – nicht für Konzerne oder einen Fichenstaat

Entsprechende Vorgaben müssen gesetzlich verankert sein, damit sich Verwaltung und Bundesrat nicht mehr über Verordnungen und Ausführungsbestimmungen hinwegsetzen können, so wie das aktuell beispielsweise beim BÜPF geschieht.

Die Piratenpartei Schweiz ruft deshalb alle Stimmberechtigten auf, sich zu informieren und am 28. September ein deutliches Zeichen für digitale Freiheit zu setzen: Wer Privatsphäre, Sicherheit und echte Freiwilligkeit will, sagt Nein zur E-ID.
Weitere Informationen zur Kampagne: www.referendum-eid.ch

piratenpartei.ch/2025/09/03/ab…

Every Thursday of the week, Bastian’s Night is broadcast from 21:30 CEST (new time).

Bastian’s Night is a live talk show in German with lots of music, a weekly round-up of news from around the world, and a glimpse into the host’s crazy week in the pirate movement.

If you want to read more about @BastianBB: –> This way

piratesonair.net/bastians-nigh…

Of the machines from the 16-bit era, the Commodore Amiga arguably has the most active community decades later, and it’s a space which still has the power to surprise. Today we have a story which perhaps pushes the hardware farther than ever before: a demo challenge for the Amiga custom chips only, no CPU involved.

The Amiga was for a time around the end of the 1980s the most exciting multimedia platform, not because of the 68000 CPU it shared with other platforms, but because of its set of custom co-processors that handled tasks such as graphics manipulation, audio, and memory. Each one is a very powerful piece of silicon capable of many functions, but traditionally it would have been given its tasks by the CPU. The competition aims to find how possible it is to run an Amiga demo entirely on these chips, by using the CPU only for a loader application, with the custom chip programming coming entirely from a pre-configured memory map which forms the demo.

The demoscene is a part of our community known for pushing hardware to its limits, and we look forward to seeing just what they do with this one. If you have never been to a demo party before, you should, after all everyone should go to a demo party!

Amiga CD32 motherboard: Evan-Amos, Public domain.

hackaday.com/2025/09/02/an-ami…