Daily Archives: September 7, 2025

Critical, make-me-super-user SAP S/4HANA bug being exploited

Posted on by

A critical code-injection bug in SAP S/4HANA that allows low-privileged attackers to take over your SAP system is being actively exploited, according to security researchers.

SAP issued a patch for the 9.9-rated flaw in August. It is tracked as CVE-2025-42957, and it affects both private cloud and on-premises versions.

According to SecurityBridge Threat Research Labs, which originally spotted and disclosed the vulnerability to SAP,  the team “verified actual abuse of this vulnerability.” It doesn’t appear to be widespread (yet), but the consequences of this flaw are especially severe.

“For example, SecurityBridge’s team demonstrated in a lab environment how an attacker could create a new SAP superuser account (with SAP_ALL privileges) and directly manipulate critical business data,” the researchers said in a Thursday write-up alongside a video demo of the exploit.

It’s low-complexity to exploit. The bug enables a user to inject arbitrary ABAP code into the system, thus bypassing authorization checks and essentially creating a backdoor that allows full system compromise, data theft, and operational disruption. In other words: it’s effectively game over.

[…]

Source: Critical, make-me-super-user SAP S/4HANA bug being exploited • The Register

Europe must reach for the bazooka‚ or be humiliated

Posted on by

Last week, Donald Trump issued a stark warning: European states that enforce EU law against American tech giants risk trade tariffs. This is not a negotiation tactic. It is an assertion of power‚ a demand that Europe surrender its legal order to foreign influence.

This is not a negotiation. It is a test.

Europe possesses a “trade bazooka” designed for this precise scenario. The Anti-Coercion Instrument is designed to respond to the kind of threats and actions that Trump now alludes to. To delay its use is to invite further encroachments. 

But the current crisis is not merely economic, nor is it confined to tariffs and subsidies. It is a confrontation over the very foundations of democratic governance: the rule of law, the capacity of nations to govern themselves without foreign interference, and the protection of our children in the digital age.   

The U.S. understands that power is not only measured in military might or economic output, but also in control over information and infrastructure and the conditions under which democracy can survive. By threatening sanctions for upholding European law, Washington is testing whether Europe will tolerate coercion in the name of the alliance.

We should now know the risk of inaction. A decade ago, the General Data Protection Regulation was enacted to put power over data back into the hands of citizens. But Ireland, as a jurisdiction of choice for multinationals, became a conduit for regulatory evasion. And the European Commission turned a blind eye.

Over the same period, our fragmented single market and the Commission’s narrow view of competition enforcement handed our digital market to foreign firms. The result is that we became dependent on foreign technology firms, most of them American, which are now accustomed to operating with impunity. They shape our public discourse and influence our elections.   

Consequently, authoritarianism has risen again in our midst. Proxies who serve foreign interests before their own are algorithmically pushed into people’s feeds by giant American and Chinese social media companies. Those same algorithms push self-harm and suicide onto our children’s feeds. And yet we hesitate. 

If we do not stand by our laws then we will not merely lose a trade dispute. We will lose the authority to govern ourselves. We will signal that democratic sovereignty can be traded for security promises that may not be kept. We will expose ourselves to unrelenting assault by algorithms directed to impose home-grown authoritarians upon our people.  

President von der Leyen committed to keeping inviolate Europe’s rules on digital media and market power in an interview in April. She must now go further and actively protect those rules. Speaking last week, Chancellor Merz said Europe will not allow itself to be pressured. Those words must be backed up by action.  

But the signs are not good. Take the Commission’s competition case against Google, in which the EU executive has not only backed down from its plan to break up Google’s ad business by instead issuing a mere fine, it has even dropped the fine for fear of offending Trump. The case concerns market violations that have been proven against Google in a U.S. court. Such timidity undermines the hope of a level playing field in the relationship with our American partners.

We are not blind to the risks of confrontation with Donald Trump. But if we do not stand by our laws and use the Anti-Coercion instrument to defend them, then we will not merely lose a trade dispute. We will lose the authority to govern ourselves.  

Source: Europe must reach for the bazooka‚ or be humiliated – Euractiv

Did Apple do an Anthropic? Faces lawsuit over alleged use of pirated books for AI training

Posted on by

Two authors have filed a lawsuit against Apple, accusing the company of infringing on their copyright by using their books to train its artificial intelligence model without their consent. The plaintiffs, Grady Hendrix and Jennifer Roberson, claimed that Apple used a dataset of pirated copyrighted books that include their works for AI training. They said in their complaint that Applebot, the company’s scraper, can “reach ‘shadow libraries'” made up of unlicensed copyrighted books, including (on information) their own. The lawsuit is currently seeking class action status, due to the sheer number of books and authors found in shadow libraries.

The main plaintiffs for the lawsuit are Grady Hendrix and Jennifer Roberson, both of whom have multiple books under their names. They said that Apple, one of the biggest companies in the world, did not attempt to pay them for “their contributions to [the] potentially lucrative venture.”

[…]

Anthropic, the AI company behind the Claude chatbot, recently agreed to pay $1.5 billion to settle a class action piracy complaint also brought by authors. Similar to this case, the writers also accused the company of taking pirated books from online libraries to train its AI technology. The 500,000 authors involved in the case will reportedly get $3,000 per work.

Source: Apple faces lawsuit over alleged use of pirated books for AI training

Google deletes net-zero pledge from sustainability website

Posted on by

Google’s CEO Sundar Pichai stood smiling in a leafy-green California garden in September 2020 and declared that the IT behemoth was entering the “most ambitious decade yet” in its climate action.

“Today, I’m proud to announce that we intend to be the first major company to operate carbon free — 24 hours a day, seven days a week, 365 days a year,” he said, in a video announcement at the time.

Pichai added that he knew the “road ahead would not be easy,” but Google “aimed to prove that a carbon-free future is both possible and achievable fast enough to prevent the most dangerous impacts of climate change.”

Five years on, just how hard Google’s “energy journey” would become is clear. In June, Google’s Sustainability website proudly boasted a headline pledge to achieve net-zero emissions by 2030. By July, that had all changed.

An investigation by Canada’s National Observer has found that Google’s net-zero pledge has quietly been scrubbed, demoted from having its own section on the site to an entry in the appendices of the company’s sustainability report.

Genna Schnurbach, an external spokesperson for Google, referring to its Environment 2025 report, told us: “As you can see from the document, Google is still committed to their ambition of net-zero by 2030.”

By tracing back through the history of Google’s Sustainability website, however, we found that the company edited it in late June, removing almost all mention of its lauded net-zero goals. (A separate website referring to data centres specifically has maintained its existing language around net-zero commitments.)

Five years ago, Google’s climate action ambitions were the gold standard for Big Tech. Then, with power demand spikes from AI data centres, in July it scrubbed its sustainability website of its 2030 net zero pledge.

The page on Operating Sustainably has been rebranded to Operations, and the section on net-zero carbon was deleted. In its place is a new priority area: Energy.

[…]

Source: Google deletes net-zero pledge from sustainability website | Canada’s National Observer: Climate News

Google hit with $3.45 billion EU antitrust fine over adtech practices where US judge also found guilt but refused to punish

Posted on by

Alphabet’s Google was hit with a 2.95-billion-euro ($3.45 billion) European Union antitrust fine on Friday for anti-competitive practices in its lucrative adtech business, a sharp sanction that riled up U.S. President Donald Trump.

The fine, the fourth penalty Google has faced in its decade-long fight with EU competition regulators, follows bubbling trade tensions between major global powers and U.S. threats of retaliation over EU scrutiny of American tech firms.

Trump said in a post on Truth Social that the action was “unfair” and “discriminatory” and later told reporters he will take the matter up with the EU directly.

“We cannot let this happen to brilliant and unprecedented American Ingenuity and, if it does, I will be forced to start a Section 301 proceeding to nullify the unfair penalties being charged to these Taxpaying American Companies,” Trump said.

Section 301 of the Trade Act of 1974 allows the United States to penalize foreign countries that engage in acts that are “unjustifiable” or “unreasonable,” or burden U.S. commerce.

The European Commission’s action was triggered by a complaint from the European Publishers Council. Trump, who has hit Europe with trade tariffs, has threatened to retaliate against the EU for any pushback against Big Tech.

“I will be speaking to the European Union,” Trump told reporters at the White House on Friday.

While Google plans to appeal, the Commission has warned of stronger remedies – including potential divestitures – if the company fails to address its conflicts of interest. The case underscores growing transatlantic friction over digital market regulation and the EU’s push to rein in dominant platforms.

The EU competition enforcer had originally planned to hand out the fine on Monday but opposition from EU trade chief Maros Sefcovic on concerns about the impact on U.S. tariffs on European cars derailed EU antitrust chief Teresa Ribera’s plan.

The Commission said Google favoured its own online display technology services that reinforced its own ad exchange AdX’s central role in the adtech supply chain and allowed Google to charge high fees for its service, to the detriment of rivals and online publishers.

Google has abused its market power since 2014 until today, the EU watchdog said.

It ordered Google to stop the self-preferencing practices and take measures to cease its inherent conflicts of interest. The company has 60 days to inform the Commission how it plans to comply with this order, and another 30 days to do so.

The Commission reiterated its preliminary view that Google should divest part of its services but said it wants to first hear and assess Google’s compliance efforts, confirming a Reuters story last year.

[…]

Source: Google hit with $3.45 billion EU antitrust fine over adtech practices

It is good to see that at least the EU has the guts to do something about these monopolistic practices.

See also: EU Google antitrust penalty halted by low level commissioner amid Trump’s tariff threats

Judge who ruled Google is a monopoly says no need for punishment.

The worst possible antitrust outcome – unless you are Google

Scientists tap fresh water under the sea, raising hopes for a thirsty world

Posted on by

Deep in Earth’s past, an icy landscape became a seascape as the ice melted and the oceans rose off what is now the northeastern United States. Nearly 50 years ago, a U.S. government ship searching for minerals and hydrocarbons in the area drilled into the seafloor to see what it could find.

It found, of all things, drops to drink under the briny deeps — fresh water.

This summer, a first-of-its-kind global research expedition followed up on that surprise. Drilling for fresh water under the salt water off Cape Cod, Expedition 501 extracted thousands of samples from what is now thought to be a massive, hidden aquifer stretching from New Jersey as far north as Maine.

The sun sets behind the Liftboat Robert platform, home of Expedition 501, a global research expedition drilling for fresh water, in the North Atlantic, Saturday, July 19, 2025. (AP Photo/Carolyn Kaster)
The sun sets behind the Liftboat Robert platform, home of Expedition 501, a global research expedition drilling for fresh water, in the North Atlantic, Saturday, July 19, 2025. (AP Photo/Carolyn Kaster)

It’s just one of many depositories of “secret fresh water” known to exist in shallow salt waters around the world that might some day be tapped to slake the planet’s intensifying thirst, said Brandon Dugan, the expedition’s co-chief scientist

[…]

They’re out to solve the mystery of its origins — whether the water is from glaciers, connected groundwater systems on land or some combination.

The potential is enormous. So are the hurdles of getting the water out and puzzling over who owns it, who uses it and how to extract it without undue harm to nature.

[…]

Why try? In just five years, the U.N. says, the global demand for fresh water will exceed supplies by 40%. Rising sea levels from the warming climate are souring coastal freshwater sources while data centers that power AI and cloud computing are consuming water at an insatiable rate.

[…]

Source: Scientists tap fresh water under the sea, raising hopes for a thirsty world | AP News

Anthropic Agrees to $1.5 Billion Settlement for Downloading Pirated Books to Train AI

Posted on by

Anthropic has agreed to pay $1.5 billion to settle a lawsuit brought by authors and publishers over its use of millions of copyrighted books to train the models for its AI chatbot Claude, according to a legal filing posted online.

A federal judge found in June that Anthropic’s use of 7 million pirated books was protected under fair use but that holding the digital works in a “central library” violated copyright law. The judge ruled that executives at the company knew they were downloading pirated works, and a trial was scheduled for December.

The settlement, which was presented to a federal judge on Friday, still needs final approval but would pay $3,000 per book to hundreds of thousands of authors, according to the New York Times. The $1.5 billion settlement would be the largest payout in the history of U.S. copyright law, though the amount paid per work has often been higher. For example, in 2012, a woman in Minnesota paid about $9,000 per song downloaded, a figure brought down after she was initially ordered to pay over $60,000 per song.

In a statement to Gizmodo on Friday, Anthropic touted the earlier ruling from June that it was engaging in fair use by training models with millions of books.

“In June, the District Court issued a landmark ruling on AI development and copyright law, finding that Anthropic’s approach to training AI models constitutes fair use,” Aparna Sridhar, deputy general counsel at Anthropic, said in a statement by email.

[…]

Source: Anthropic Agrees to $1.5 Billion Settlement for Downloading Pirated Books to Train AI

Just to be clear: using books to train AI was fine. Pirating the books, however, was not. Completely incredible that these guys pirated the books. With mistakes of this idiocy, I would not invest in Anthropic ever, at all.