Airbus’s Silicon Valley-based innovation center, Acubed, and artificial intelligence and quantum-focused Google spinout SandboxAQ are on a mission to demonstrate an alternate way. It involves a small, toaster-size box, lasers, a single GPU chip and a deep knowledge of the Earth’s magnetic field.
The technology, known as quantum sensing, has been in development for decades at a number of companies and is now inching closer to commercialization in aerospace.
SandboxAQ’s MagNav quantum-sensing device.
Acubed recently took MagNav, SandboxAQ’s quantum-sensing device, on a large-scale test, flying with it for more than 150 hours across the continental U.S. on a general aviation aircraft that Acubed calls its “flight lab.”
MagNav uses quantum physics to measure the unique magnetic signatures at various points in the Earth’s crust. An AI algorithm matches those signatures to an exact location. During the test, Acubed found it could be a promising alternative to GPS in its ability to determine the plane’s location throughout the flights.
“The hard part was proving that the technology could work,” said SandboxAQ Chief Executive Jack Hidary, adding that more testing and certifications will be required before the technology makes it out of the testing phase. SandboxAQ will target defense customers first but then also commercial flights, as a rise in GPS tampering makes the need for a backup navigation system on flights more urgent.
[…]
The quantum sensing device is completely analog, making it essentially unjammable and unspoofable, SandboxAQ’s Hidary said. Unlike GPS, it doesn’t rely on any digital signals that are vulnerable to hacking. The information it provides is generated entirely from the device on board, and leverages magnetic signatures from the Earth, which cannot be faked, he said.
Quantum sensing will likely not replace all the applications of traditional GPS, but it can be a reliable backup and help pilots actually know when GPS is being spoofed, Hidary said.
How it works
Inside SandboxAQ’s device, essentially a small black box, a laser fires a photon at an electron, forcing it to absorb that photon. When the laser turns off, that electron goes back to its ground state, and releases the photon. As the photon is released, it gives off a unique signature based on the strength of the Earth’s magnetic field at that particular location.
Every square meter of the world has a unique magnetic signature based on the specific way charged iron particles in the Earth’s molten core magnetize the minerals in its crust. SandboxAQ’s device tracks that signature, feeds it into an AI algorithm that runs on a single GPU, compares the signature to existing magnetic signature maps, and returns an exact location.
The flight paths used in the tests of SandboxAQ’s quantum-sensing device, MagNav.
The Federal Aviation Administration requires that while planes are en route they must be able to pinpoint their exact location within 2 nautical miles (slightly more than 2 miles). During Acubed’s testing, it found that MagNav could pinpoint location within 2 nautical miles 100% of the time, and could even pinpoint location within 550 meters, or a bit more than a quarter of a nautical mile, 64% of the time.
“It’s the first novel absolute navigation system to our knowledge in the last 50 years,” Hidary said.
What else can quantum sensing do?
EY’s Global Chief Innovation Officer Joe Depa said the applications for quantum sensing go beyond aerospace. In defense, they can also be used to detect hidden submarines and tunnels.
And in healthcare, they can even detect faint magnetic signals from the brain or heart, theoretically allowing for better diagnosis of neurological and cardiac conditions without invasive procedures.
While the technology has been in the lab for decades, we are starting to see more examples of quantum sensing entering the real world, Depa said.
Some analysts estimate the quantum-sensing market could reach between $1 billion and $6 billion by 2040, he said.
There was a disturbance in the force on July 14 after Cloudflare borked a configuration change that resulted in an outage, impacting internet services across the planet.
On the day itself, “Cloudflare’s 1.1.1.1 Resolver service became unavailable to the internet starting at 21:52 UTC and ending at 22:54 UTC. The majority of 1.1.1.1 users globally were affected. For many users, not being able to resolve names using the 1.1.1.1 Resolver meant that basically all Internet services were unavailable,” Cloudflare said.
But the problem originated much earlier.
The outage was caused by a “misconfiguration of legacy systems” which are used to uphold the infrastructure advertising Cloudflare’s IP addresses to the internet.
“The root cause was an internal configuration error and not the result of an attack or a BGP hijack,” the corp said.
Back on June 6 this year, as Cloudflare was preparing a service topology for a future Data Localization Suite (DLS) service, it introduced the config gremlin – prefixes connected to the 1.1.1.1 public DNS Resolver were “inadvertently included alongside the prefixes that were intended for the new DLS service.”
“This configuration error sat dormant in the production network as the new DLS service was not yet in use, but it set the stage for the outage on July 14. Since there was no immediate change to the production network there was no end-user impact, and because there was no impact, no alerts were fired.”
On July 14, a second tweak to the service was made: Cloudflare added an offline datacenter location to the service topology for the pre-production DNS service in order “to allow for some internal testing.” But the change triggered a refresh of the global configuration of the associated routes, “and it was at this point that the impact from the earlier configuration error was felt.”
Things went awry at 2148 UTC.
“Due to the earlier configuration error linking the 1.1.1.1 Resolver’s IP addresses to our non-production service, those 1.1.1.1 IPs were inadvertently included when we changed how the non-production service was set up… The 1.1.1.1 Resolver prefixes started to be withdrawn from production Cloudflare datacenters globally.”
Traffic began to drop four minutes later and internal health alerts started to emerged. An “incident” was declared at 2201 UTC and a fix dispatched at 2220 to restore the previous configuration.
“To accelerate full restoration of service, a manually triggered action is validated in testing locations before being executed,” Cloudflare said in its explanation of the outage. Revolver alerts were cleared by 2254 UTC and DNS traffic on Resolver prefixes went back to typical levels, it added.
Data on DNSPerf shared with us by a reader indicates a length of the disruption of around three hours, far longer than Cloudflare’s summary suggests.
As a Reg reader pointed out: “Remember this is a DNS service. Every person using the service would have had no ability to use the internet. Every business using Cloudflare had no internet for the length of the outage. NO DNS = NO INTERNET.” ®
The F-35 stealth fighter is not meeting its potential in British service because of availability issues, a shortage of support personnel, and delays in integrating key weapons that are limiting the aircraft’s effectiveness.
The various problems are highlighted in a reality check from the UK’s National Audit Office (NAO) that offers a contrast to the typically measured tone of official government communications when it comes to the state of the country’s armed forces.
Its report calls on the Ministry of Defence (MoD) to address these problems in the F-35 fleet: firstly to increase the effectiveness of the aircraft but also to demonstrate the program is delivering value for the huge cost it represents to the taxpaying public.
Britain currently has 37 of the F-35B variant of the aircraft, which is designed for short take-off and vertical landing (STOVL) operations like the Harrier it effectively replaces in Royal Air Force (RAF) and Royal Navy service.
The NAO, a public sector spending watchdog, starts by noting that the F-35 offers capabilities “significantly superior to any previous UK aircraft,” not just because of its low radar observability, but due to its advanced sensor suite including an electro-optical targeting system and long-range infrared target sensors, which are combined to provide the pilot with an integrated picture of the space surrounding them.
However, the report finds the MoD has not been able to deliver on its own targets for aircraft availability – the proportion of time each aircraft is ready to fly – despite these targets being lower than those for the global program.
It claims that last year, the UK F-35 fleet had a mission-capable rate (the ability of an aircraft to perform at least one of its seven defined missions) about half of the MoD’s target. The full mission capable rate (the ability of an F-35 to perform all required missions) was only about one third of the MoD’s target and significantly lower than for F-35B aircraft operated by other nations.
Some reasons behind this poor performance are cited as a shortage of engineers able to work on the F-35 in Britain’s forces, plus a global shortage of F-35 spare parts.
In fact, the UK Lightning Force faces “major personnel shortages across a range of roles,” which the NAO says are not likely to be resolved for several years, although it notes the MoD is recruiting to fill some of these gaps.
According to the report, the MoD has previously underestimated the number of engineers and other staff required to support F-35 aircraft during operations.
This was highlighted during Operation Fortis, the UK-led carrier strike group deployment to the Pacific in 2021, when an aircraft was lost after a protective engine blank was erroneously left in one of the air intake ducts. This led to the aircraft not being able to generate enough thrust for take-off and ditching in the sea immediately after leaving the flight deck of HMS Queen Elizabeth.
As reported by Navy Lookout, the US Marines F-35 squadron that was onboard the carrier at the same time had 25 personnel for each jet, while the British squadron had only 14.
Just as worrying are the ongoing delays in getting key weapons integrated with the F-35 so that they can be used in operations. The report states that the original support date for the Spear 3 air-to-surface cruise missile and the Meteor medium range air-to-air missile was December last year, but the F-35 is not expected to get these until the early 2030s.
These delays have been caused by “poor supplier performance,” the NAO says, referring to the US defense firm responsible for the F-35, Lockheed Martin. However, it also criticizes Britain’s MoD for “negotiating commercial arrangements that failed to prioritize delivery” and the low priority given to Meteor by the global program.
This means that UK F-35s are currently only capable of operating with the Paveway IV laser-guided bomb and US-made missiles such as the AIM-120D.
Part of the problem is that support for many of the key weapons British forces wish to use was planned for the Block 4 upgrades to the aircraft’s systems software, and these have been massively delayed. Much of the blame for this lies with Lockheed Martin and the Joint Program Office (JPO), the agency within the US Department of Defense (DoD) responsible for overseeing the F-35 program.
It was originally expected that this would be fully delivered by 2022, but the NAO says that in 2023 the US Government Accountability Office (GAO) found that it would not be delivered until 2029, and now the JPO doesn’t expect Block 4 to be completely delivered before 2033.
There has been a certain suspicion that the US doesn’t see supporting European-made weapons as a priority, especially when F-35 operators are then forced to buy American kit instead.
Small wonder, perhaps, that Britain is pushing ahead with a program for its planned next-generation fighter – currently codenamed Tempest – that does not involve any US defense companies but partners with Japan and Italy instead.
[…]
The UK government has, however, recently disclosed that it intends to procure a new tranche of F-35 aircraft which will comprise a dozen of the F-35A version, which operates from an airfield, along with another 15 F-35B, although delivery of these is not expected until the end of the decade.
Adding another variant of the F-35 is unlikely to help with the engineer shortage, since there are significant differences between the two versions.
Meanwhile, the MoD is also behind in delivering the Aircraft Signature Assessment Facility, which is needed to check that the F-35’s much-vaunted stealth technology is doing its job and has not been degraded by the harsh conditions of operating at sea.
what if, by spraying something akin to a nasal spray, you could thwart the onslaught of those pesky allergens before they latch onto your sensitive nasal passages?
This was the “simple but powerful idea” that inspired Kaissar Tabynov, who led the efforts to create a “molecular shield” that intercepts allergens the moment they approach our airways. For the experiment, they targeted mugwort pollen, which is the most common cause of pollen allergy in Central Asia and Europe. Tabynov and colleagues reported the first proof-of-principle for this technology, in this instance with mice, in a paper published today in Frontiers in Immunology.
[…]
Here’s how the “shield” works. Researchers first develop a monoclonal antibody, or a lab-made protein designed to attach to a specific molecule. In this case it’s aimed at a major allergy-causing protein found in mugwort pollen. These antibodies are applied to the nose, effectively snatching the allergens away from our natural antibodies, which trigger allergic responses when bound with allergens.
The immune system is an intricate network of cells and hormones, so adjusting the treatment such that it wouldn’t disrupt the natural system of mice proved to be a major challenge, explained Tabynov. Not only that, mugwort pollen is actually a combination of multiple allergy-causing particles (partly the reason they’re so insufferable), meaning Tabynov’s team had to focus on the most clinically relevant parts of the allergen complex.
After several adjustments, the team succeeded in making an antibody treatment that curbed nasal inflammation and asthma symptoms in mice, and it did so without harming the animals’ natural antibodies. Although the duration of the treatment was shorter than Tabynov hoped, he told Gizmodo that he and his team have already devised a strategy to potentially make the treatment last longer.
“What’s exciting about our approach is that it shows how precise, targeted biologics can be used not just for chronic therapy but for prevention, delivered right where allergens strike,” Tabynov added. “Our approach is non-invasive, needle-free, and fast-acting [and] reduces the allergen load on the immune system and may help prevent the progression of allergic rhinitis into more severe conditions such as bronchial asthma.”
A recruitment platform used by McDonald’s is alleged to have had such poor cybersecurity that researchers were able to log into it using a non-password and thus gain access to information on tens of millions of job applicants, including contact details and chat logs between the user and the restaurant’s AI bot.
The platform in question, called McHire, operates a chatbot, dubbed Olivia. Job applicants chat with Olivia, who, in an effort to decide whether they’re worthy of flipping hamburgers or not, assesses them via a personality test. The bot was created by a company called Paradox.ai.
Security researchers Sam Curry and Ian Carroll found that, using the username/password combination 123456/123456, they were able to log into the application, where they were given access to a treasure trove of information on job applicants. Indeed, Curry and Carroll were able to “retrieve the personal data of more than 64 million applicants,” the researchers write.
Their write-up is as hilarious as it is disturbing. The duo notes:
“Without much thought, we entered “123456” as the username and “123456” as the password and were surprised to see we were immediately logged in! It turned out we had become the administrator of a test restaurant inside the McHire system.
The information included names, email addresses, phone numbers, addresses, the state where the job candidate lived, and the auth token they used to gain access to the website. Additionally, Curry and Carroll could see “every chat interaction [from every person] that has ever applied for a job at McDonald’s.”
Cisco has issued a patch for a critical 10 out of 10 severity bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow an unauthenticated, remote attacker to run arbitrary code on the operating system with root-level privileges.
ISE is a network access control and security policy management platform, and ISE-PIC centralizes identity management across security tools. And this vulnerability, tracked as CVE-2025-20337, is about the worst of the worst, allowing miscreants to take total control of compromised computers easily. In other words – patch now.
The vendor disclosed CVE-2025-20337 on Wednesday in an update to a June security advisory about two other max-severity flaws in the same products. The new bug is related to CVE-2025-20281, one of the two disclosed in June, which also received a 10 CVSS rating and affects ISE and ISE-PIC releases 3.3 and 3.4, regardless of device configuration.
“These vulnerabilities are due to insufficient validation of user-supplied input,” Cisco noted. “An attacker could exploit these vulnerabilities by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.”
There are no workarounds, but Cisco has released a software update that fixes both flaws, along with another critical-rated bug tracked as CVE-2025-20282 disclosed in June.
The vendor noted that since the original publication of the security advisory last month, “improved fixed releases have become available” and customers should upgrade as follows:
If Cisco ISE is running Release 3.4 Patch 2, no further action is necessary.
If Cisco ISE is running Release 3.3 Patch 6, additional fixes are available in Release 3.3 Patch 7, and the device must be upgraded.
If Cisco ISE has either hot patch ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz or hot patch ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz installed, Cisco recommends upgrading to Release 3.3 Patch 7 or Release 3.4 Patch 2. The hot patches did not address CVE-2025-20337.
