Israel's parliament passed legislation 93-0 on Monday permitting the death penalty and public trials for individuals accused of involvement in the October 2023 Hamas-led attacks. The law creates a special military court framework for prosecuting captured members of Hamas's Nukhba special forces unit, with charges ranging from terrorism and murder to sexual violence and genocide. Key proceedings including opening statements, verdicts, and sentencing will be filmed and broadcast on a dedicated website. Supporters compare the trials to the 1962 prosecution of Nazi war criminal Adolf Eichmann, the only person previously executed by Israeli civil courts. Human rights organizations oppose the measure, warning against "show trials" and citing concerns about confessions potentially extracted through torture. The law follows a March statute allowing capital punishment for terrorism offenses, which could not apply retroactively to the October 2023 attacks.
The October 7, 2023 attacks killed over 1,200 people in southern Israel, mostly civilians, with 251 taken hostage. The subsequent Gaza war has killed over 72,000 people according to Hamas-run Health Ministry figures. Israel's Prison Service currently holds 1,283 people classified as unlawful combatants.
European Union foreign ministers approved sanctions Monday targeting seven Israeli settlers and settler organizations for violence against Palestinians in the occupied West Bank. The move ended months of delay after Hungary's government change removed former prime minister Viktor Orban's blockade. EU foreign policy chief Kaja Kallas stated that "extremism and violence carry consequences." Sanctioned entities reportedly include Daniella Weiss, known as the "godmother" of the settler movement, and organizations Nachala, Regavim, HaShomer Yosh, and Amana that promote or finance settlements. Israeli foreign minister Gideon Sa'ar rejected the decision as "arbitrary and political," defending Jewish settlement rights and objecting to the EU's comparison of Israeli citizens with Hamas representatives also newly sanctioned. The UN documented over 1,800 settler attacks in 2025 causing casualties or property damage across approximately 280 West Bank communities. Technical and legal steps remain before sanctions take full effect.
Israeli settlements in the West Bank and East Jerusalem, built on territory occupied since 1967, house approximately 700,000 Jews and are illegal under international law. Settlement expansion accelerated after Benjamin Netanyahu's right-wing coalition returned to power in late 2022. Several EU countries have pushed to ban settlement products, though bloc-wide consensus remains elusive.
The Senate voted 49-44 Monday to advance Kevin Warsh's nomination to the Federal Reserve Board of Governors, positioning him to replace Jerome Powell as Fed chair later this week. The procedural vote followed Senate Banking Committee approval and proceeded largely along party lines as expected. Warsh, who served as a Fed governor from 2006 to 2011, would take leadership of the central bank during a period of significant economic uncertainty including ongoing inflation concerns and the economic impacts of the Iran conflict. His nomination represents a potential shift in monetary policy direction, as Warsh has previously expressed skepticism about the Fed's aggressive bond-buying programs and has advocated for different approaches to inflation targeting. The full Senate confirmation vote is anticipated within days. The transition comes as markets watch for signals about interest rate trajectory and the Fed's response to fiscal pressures from the administration's spending priorities and tax policies.
The Federal Reserve chair sets US monetary policy, influencing interest rates, inflation control, and employment levels. Jerome Powell's term has been marked by pandemic-era stimulus, rapid rate hikes to combat inflation, and recent cuts. Warsh's appointment would give the Trump administration greater influence over central bank policy.
OpenAI announced Daybreak on Monday, a security-focused AI initiative combining GPT-5.5-Cyber and the Codex Security agent to detect and patch vulnerabilities before attackers exploit them. The system creates threat models from organizational code, identifies attack paths, validates vulnerabilities, and automates detection of high-risk issues. Daybreak arrives roughly a month after rival Anthropic introduced Claude Mythos, a security model Anthropic deemed too dangerous for public release and shared only privately through Project Glasswing. Several unauthorized parties subsequently gained access to Mythos. OpenAI's approach differs by integrating multiple models with industry and government partnerships while preparing to deploy increasingly capable cyber models. The launch reflects growing competition among AI labs to demonstrate security capabilities alongside general intelligence, with both companies positioning their systems as essential infrastructure for organizational cybersecurity rather than standalone research demonstrations.
AI security models represent a specialized frontier in artificial intelligence development, with labs competing to demonstrate capabilities in vulnerability discovery and automated defense. The tension between releasing powerful security tools and preventing misuse mirrors broader debates about AI openness and safety.
Linux systems face another critical vulnerability allowing low-privilege users including container tenants to gain root access, the second such flaw in two weeks. Dubbed Dirty Frag, the bug chains two kernel vulnerabilities in page cache handling to enable deterministic, stealthy privilege escalation across virtually all distributions. Exploit code leaked online three days ago; Microsoft has observed hackers experimenting with it. The vulnerability affects shared hosting environments particularly severely. Patches have now been released by Debian, AlmaLinux, and Fedora, with other distributions following. Dirty Frag follows Copy Fail, disclosed last week with similar characteristics but initially without available patches. Both stem from bugs in memory-fragment handling that allow attackers to modify read-only cached files like /etc/passwd through in-place cryptographic operations. The 2022 Dirty Pipe vulnerability exploited related page cache flaws. Security researchers emphasize immediate patching due to the exploit's reliability and silent operation.
Linux kernel privilege escalation vulnerabilities are particularly dangerous in multi-tenant cloud environments where containers or virtual machines share hardware. The page cache stores frequently accessed files in memory for performance; flaws allowing modification of cached pages enable attackers to alter critical system files without write permissions.
The Pentagon's $25 billion estimate for two months of war with Iran captures only direct military expenditures like munitions and operations, argues Eric Boehm in Reason. Independent analyst Stephen Semler puts total costs near $72 billion including weapons, damaged assets, and subsidies to Israel. University of Michigan economist Justin Wolfers projects hundreds of billions to trillions in long-term costs from oil price spikes, inflation, higher interest rates, and slower growth. Americans have already paid over $37 billion in elevated gasoline prices since the conflict began February 28, when gas averaged under $3 per gallon versus Monday's approximately $4.52. The Penn Wharton Budget Model had projected $38-47 billion for two months of war. The administration requested $200 billion from Congress in March. Boehm notes the Pentagon's narrow accounting excludes base reconstruction, medical care for wounded, and human costs: 13 Americans killed, over 300 wounded, and thousands of casualties in Iran including dozens of schoolchildren.
The Trump administration launched Operation Epic Fury against Iran on February 28, 2026. The undeclared war has disrupted global oil markets and strained military resources already committed to other theaters. Cost accounting for modern conflicts typically separates direct appropriations from broader economic impacts.
Researchers have identified a new type of clathrate crystal within trinitite, the glassy material formed from sand fused during the 1945 Trinity nuclear test in New Mexico. The clathrate features cage-like silicon structures trapping calcium, copper, and iron atoms, created under conditions exceeding 1,500 degrees Celsius and several gigapascals of pressure—tens of thousands of times atmospheric pressure. Geologist Luca Bindi of the University of Florence, co-author of the study, describes it as completely novel, never before seen in nature or laboratory nuclear explosions. The extreme heat and pressure vaporized and rapidly cooled materials, preventing atoms from settling into stable configurations and producing metastable structures. The finding follows a 2021 discovery of a quasicrystal in the same trinitite sample—matter with ordered but non-repeating atomic structures previously thought impossible. Both crystals share iron, silicon, copper, and calcium composition. Scientists have not yet reproduced the quasicrystal in laboratory conditions, making these Trinity-derived materials rare examples of structures nature created that remain beyond current human replication.
The Trinity test, part of the Manhattan Project, detonated a plutonium bomb with 25 kiloton yield. Trinitite forms when desert sand melts and fuses with vaporized equipment. Clathrates are cage-like chemical structures; quasicrystals challenged conventional solid-state physics until their 1982 theoretical acceptance and subsequent laboratory synthesis.
An attacker published 84 malicious versions across 42 TanStack npm packages on May 11, exploiting a chain of GitHub Actions vulnerabilities including pull_request_target cache poisoning and runtime memory extraction of OIDC tokens. The attack combined the "Pwn Request" pattern with cross-fork cache manipulation to inject a 2.3 MB obfuscated payload that harvested AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH credentials, then exfiltrated them via the Session messenger network. External researcher ashishkurmi detected the compromise within 20 minutes; all affected versions have been deprecated. The payload self-propagated by enumerating other packages victims maintained and republishing them with identical injections. No npm credentials were stolen directly, but install hosts remain potentially compromised. TanStack creator Tanner Linsley emphasized that the release workflow itself was not breached; rather, the attack exploited trust boundaries between fork and base repository operations. Users who installed affected versions must rotate all potentially exposed credentials.
TanStack provides popular open-source tools for web development including React Query and TanStack Router. Supply-chain attacks on npm packages have escalated in sophistication, with attackers targeting CI/CD pipelines rather than direct registry compromise. The Session messenger network offers end-to-end encrypted file transfer without attacker-controlled infrastructure, complicating takedown efforts.
A Quality Technology Services data center in Georgia's Fayette County consumed nearly 30 million gallons of water without payment or monitoring while nearby residents faced drought restrictions and water pressure drops. County investigators found two industrial hookups: one installed without utility knowledge, the other unlinked to billing systems. QTS eventually paid approximately $150,000 after the issue was flagged, but faced no penalties for exceeding planning-phase limits. County water director Vanessa Tigert cited "customer service" toward their largest account and admitted understaffing prevented proper inspection. The county dismissed the incident as a "procedural mix-up." QTS denied improper usage, stating all water followed regulations. The case highlights risks as US localities rapidly approve AI-driven data center construction without updating water infrastructure. Georgia's Fayette County is transitioning to smart metering systems intended to catch such anomalies, but the sole meter inspector was "spread pretty thin." Residents expressed loss of trust in both the company and county officials who prioritized commercial relationships over conservation enforcement during drought conditions.
Data centers require substantial water for cooling, with AI training and inference workloads driving demand growth. Many US water systems rely on aging infrastructure and manual meter reading, creating gaps in usage tracking. Smart metering promises real-time monitoring but requires significant capital investment and staffing transitions.
AI startup Thinking Machines announced a research preview of interaction models designed to handle human collaboration natively rather than through external scaffolding. The models process continuous audio, video, and text streams, responding and acting in real time through a multi-stream, micro-turn architecture. The approach contrasts with current turn-based interfaces where models wait passively for user input completion and freeze perception during generation. Founders argue that autonomous agent interfaces, while valuable, exclude humans from iterative clarification processes essential to most real work. The research preview claims state-of-the-art combined performance in intelligence and responsiveness metrics. The announcement cites recent frontier model evaluations finding that synchronous "hands-on-keyboard" usage patterns yielded unclear benefits because users perceived models as too slow, with autonomous long-running harnesses better eliciting coding capabilities. Thinking Machines proposes copresence, contemporality, and simultaneity—concepts from communication theory—as design principles for AI interfaces that accommodate natural human collaborative behaviors including interruption, clarification, and joint attention.
Current large language models operate in discrete turns, creating latency and context loss during extended collaboration. "Scaffolding" refers to external systems that attempt to add interactivity to fundamentally turn-based models. Communication theorists Herbert Clark and Susan Brennan's work on "grounding in communication" informs the design philosophy.
