Using off the shelve software, UK researchers cloned human voices in 5 minutes.
Then they tested if people could distinguish between the real person and AI generated speech and most people could not identify who was the real person speaking.
Obviously this is a dangerous tool for automating phone phishing scams.
Here are some simple improvements that Java 25 brings to your everyday code.
public class HelloWorld {
public static void main(String[] args) {
System.out.println("Hello, World!");
}
}void main() {
IO.println("Hello, World!");
}If I'm counting well, we go down from 89 characters to 40 characters, That's less than half of the code. Additionally the code is more intuitive to understand. This feature is called compact source files. The above improvement usesa launchable main method. The method automatically resides in a top level class in the unnamed packageA new Input/Output class void main() {
List<String> ducklings = List.of("Huey", "Dewey", "Louis");
IO.print("Hello " + ducklings);
}
We're all used to not having to import java.lang.String because Java automatically imports java.lang.*.Java now automatically imports the java.base module.Importing a module implies importing all public top level classes and interfaces in packages exported by that module.The top level packages are defined in the module definitions, which exist since Java 9.One of the packages exported by the java.base is java.util.*. Hence we do not needimport java.util.List;for the code above to run anymore.Additionally a program can now import modules without having to be a module itself, making modules more accessible to developers who never dabbled with them themselves.You import modules (here java.util.desktop) usingimport module java.util.desktop;ChatGPT has reported they closed a vulnerability exploited by the Shadowleak malware that was disclosed recently by Radware.
Shadowleak uses prompt injection, the attacker tries to feed instructions to your AI service.
Security vectors have been warning against such an attack vector: when you let for example AI summarise a web page, hackers could try to craft malicious web pages that try to trick that AI.
ShwdowLeak uses ChatGPT DeepSearch, an AI tool that helps you automate email jobs. Shadowleak sends a malicious email to you and DeepSearch will happily report on the content of your email archive to the attacker.
Particlarly worrying about the attack is that it is executed entirely on the OpenAI servers, so you cannot detect on your local machine an attack is happening.
Radware recommends to limit the actions an AI agent can take on your system to limit the damage of such attacks.Get-CimInstance Win32_Process -Filter "Name = 'javaw.exe'" | select ParentProcessId
Or in a script. This one takes the process name as a parameter and also shows the , this time with the parent process name:
$targetProcessName = $args[0]
$targetProcessName = $args[0]
$targetProcesses = Get-CimInstance -ClassName Win32_Process -Filter "Name = '$targetProcessName'"
foreach ($process in $targetProcesses) {
$parentProcessId = $process.ParentProcessId
$parentProcess = Get-CimInstance -ClassName Win32_Process -Filter "ProcessId = $parentProcessId"
Write-Output "Process: $($process.processId) $($process.Name), Parent Process: $($ParentProcessId) $($parentProcess.Name)"
}
Get-Process -Id (Get-NetTCPConnection -LocalPort 8080).OwningProcess
Once you have the id you can shoot it using
taskkill /PID <processid> /F
One of the hidden costs of AI is the hunt for training data by ripping content from websites.
The bots are massively using content from websites without paying for it, ignoring any copyright that may be associated to that content. They are even using AI to find content that is hidden behind JavaScript logic.
AI providers often argue that they refer to their sources and that this leads to more visists to those websites. Cloudflare, a major CDN provider, has shown that often the referrals are very low compared to the bot traffic, OpenAI being the worst with 1 referral for 1600 crawls:
Cloudflare is now preparing a service to install a payment wall for crawling.
Not only are the AI bots not paying for the content they are sucking from the content providers. Again according to Cloadflare, they represent 30% of the traffic going to these websites. And who is paying for the consumed bandwidth?Indeed, the content providers themselves are paying for the bandwidth their servers need.
Last year OpenAI lost $8 billion and Anthrophic lost $3 billion.
Cursor and Claude code have multplied the cost of their monthly subscriptions by 10, now at about $200.
Even wit this price tag, the increased productivity is still worth it in most cases, but it is not a free ride anymore.
Companies might have to do a thorough cost benefit analysis on their AI expenses.
Some researchers even think we have reached the limits of the current AI techniques, while the AI industry claims Artificial General Intelligence (AI at or surpassing the level of human intelligence) is nigh.
AI generated content can infringe copyrights, but what about copyrighting content that you generated with AI?
AI generated content (text, images...) cannot be copyrighted as there is no human to give the credit to. It can be trademarked though.
With release 1.8 compose multiplatform is now moving IOS from beta to stable. Web support is moving from alpha to beta.
Stable platforms now include
Most remarkable features for me in this release:
AI can help hackers to quickly write exploit code from published security problems.
Here's an interesting report of the journey to generate hacking code using AI.
The engineer generated the initial code using chapGpt. The code did not work, then he fixed it with Cursor and Claude Sonnet.
The impleciation is that security administrators now even have a shorter time to install patches, as the hackers can generate the attacks in no time.
When installing a 2025 upgrade to a JetBrains product you have to accept a new user agreement.
Biggest change I see is the removal of the right to use an old product indefinitely.
This is effectively moving the products from a buy and use to a subscription model. Quite a big change to force without any explanation.
Some of AI generated code is wrong (hallucinations).
When AI generate dependencies attackers could create packages with commonly hallucinated names.
When the developer loads the dependencies, running the code is a security risk.
With version 10 Google stopped referring to Android versions using dessert names. Internally these names do still exist however. With version 13 I'm seeing external references to the desserts again.
/// Markdown comments
Posts
