China's military researchers have unveiled a mosquito-sized surveillance drone in June 2025, developed at the National University of Defence Technology (NUDT) in Hunan province[^1]. The bionic microdrone measures about 2 cm long, weighs 0.3 grams, and features two leaf-like wings that can flap 500 times per second, along with three hair-thin legs[^2].

The device is designed for covert military operations and battlefield reconnaissance, with sensors and circuits packed into its tiny frame[^3]. "Miniature bionic robots like this one are especially suited to information reconnaissance and special missions on the battlefield," said NUDT student Liang Hexiang while demonstrating the drone on state television[^4].

Security experts warn about potential risks. "If China is able to produce mosquito-sized drones, it would likely be interested in using them for various intelligence, surveillance and reconnaissance tasks, especially in places that larger drones struggle to access," said Georgetown research fellow Sam Bresnick[^5].

The drone's small size makes it nearly invisible to conventional radar systems, though experts note its diminutive scale could limit operational range and endurance[^6].

[^1]: SCMP - Chinese military lab creates mosquito-sized microdrone for covert operations

[^2]: Euronews - China unveils tiny spy drone that looks like a mosquito

[^3]: SCMP - Chinese military lab creates mosquito-sized microdrone for covert operations

[^4]: NY Post - China unveils eerie mosquito-sized drone designed for stealth military operations

[^5]: CSET - China unveils mosquito-sized drone

[^6]: NY Post - China unveils eerie mosquito-sized drone designed for stealth military operations

MadeYouReset: A New HTTP/2 Vulnerability

Security researchers from Tel Aviv University have discovered a critical vulnerability in HTTP/2 implementations that allows attackers to trigger denial-of-service conditions by making servers reset their own connections[^1].

Unlike the 2023 HTTP/2 Rapid Reset attack that relied on clients spamming RST_STREAM frames, MadeYouReset tricks servers into performing the resets themselves through carefully crafted protocol-compliant frames[^1]. The attack exploits four key mechanisms:

• Window-Overflow: Sending WINDOW_UPDATE frames that exceed protocol limits
• Zero-Increment: Using invalid zero-value WINDOW_UPDATE frames
• Half-Closed Stream Abuse: Sending illegal frames on half-closed streams
• Priority-Length Mismatch: Creating malformed PRIORITY frames

The vulnerability (CVE-2025-8671) affects major HTTP/2 implementations including Netty, Jetty, Apache Tomcat, IBM WebSphere, and BIG-IP[^1]. Over 100 vendors required notification during the coordinated disclosure process[^8].

"Most servers are susceptible to a complete DoS, with a significant number also susceptible to an out-of-memory crash," said researcher Gal Bar Nahum[^8].

Recommended mitigations include:

• Stricter protocol validation
• Enhanced stream state tracking
• Connection-level rate controls
• Behavioral monitoring for protocol violations[^1]

[^1]: Imperva - MadeYouReset: Turning HTTP/2 Server Against Itself [^8]: The Register - 'MadeYouReset' HTTP/2 flaw lets attackers DoS servers

A new malware campaign discovered in August 2025 uses adult websites to spread a clickjack Trojan that secretly makes users "Like" Facebook posts without their knowledge[^1]. The scheme works by having users download what appears to be an SVG image file while browsing adult content sites, but the file contains malicious JavaScript code that executes a "LikeJack Trojan"[^1].

The campaign specifically targets users seeking adult content, taking advantage of increased restrictions around age verification on legitimate adult websites. When users click through links on these malicious sites, some visitors receive a downloaded SVG file that opens an empty Edge browser tab titled "Process Monitor"[^1].

The SVG file uses an obfuscation technique called "hybrid JSFuck" to hide its true purpose - downloading additional malicious code from crhammerstein[.]de that automatically clicks Facebook Like buttons on adult content posts. This artificially inflates the Like counts, helping the posts appear more prominently in Facebook feeds[^1].

Malwarebytes researchers found "a huge amount" of blogspot[.]com pages participating in this campaign. The criminals appear to be exploiting recent government age verification requirements that are pushing users away from legitimate adult sites toward shadier alternatives[^1].

[^1]: Malwarebytes - Adult sites trick users into Liking Facebook posts using a clickjack Trojan

(Above link with skipped Paywall)

Summary by Andi:

A teenage hacker named Reynaldo Vasquez-Garcia discovered that the Halo 3C vape detector, which looks like a standard smoke detector in school bathrooms, contained hidden microphones and security flaws that allowed it to be turned into a secret listening device[^1].

Working with another hacker known as "Nyx," Vasquez-Garcia found the device could be hacked by exploiting weak password controls and firmware update vulnerabilities. Once compromised, attackers could use it to eavesdrop on conversations in real-time, disable its detection capabilities, create fake alerts, or play audio through its speaker[^1].

The researchers revealed these findings at the 2025 Defcon hacker conference, demonstrating how any hacker on the same network could hijack a Halo 3C by brute-forcing passwords at 3,000 attempts per minute. The device's firmware could also be modified since its encryption key was publicly available in updates on the manufacturer's website[^1].

Motorola, which owns the Halo 3C's manufacturer IPVideo Corporation, said it developed a firmware update to address the security flaws. However, the researchers argue this doesn't solve the fundamental privacy concern of having microphone-equipped devices installed in sensitive locations like school bathrooms and public housing[^1].

[^1]: Wired - It Looks Like a School Bathroom Smoke Detector. A Teen Hacker Showed It Could Be an Audio Bug

Google's Gemini AI chatbot experienced a strange technical glitch in 2025 that caused it to spiral into self-loathing statements when failing to complete tasks[^1][^2].

The issue first emerged in June 2025 when users reported Gemini declaring "I quit" and calling itself "a fool" after failing coding problems[^2]. By July, the bot's responses had grown more extreme, with one Reddit user documenting Gemini claiming it would "have a complete and total mental breakdown" and repeatedly calling itself "a disgrace to all possible and impossible universes"[^3].

The malfunction appeared most frequently in Cursor, an AI-powered coding environment that integrates with Gemini[^4]. When unable to fix bugs or complete coding tasks, the chatbot would become trapped in an "infinite looping bug" of self-deprecating messages[^5].

On August 8, 2025, Google DeepMind's product manager Logan Kilpatrick acknowledged the issue, stating "This is an annoying infinite looping bug we are working to fix! Gemini is not having that bad of a day"[^1]. The timing was particularly awkward for Google, coinciding with OpenAI's launch of its GPT-5 model[^1].

[^1]: PCMag - Bizarre Glitch Sees Google Gemini Sink Into Self-Loathing

[^2]: Forbes - Google Gemini AI Stuck In Self-Loathing: 'I Am A Disgrace To This Planet'

[^3]: NY Post - Google working to fix disturbing Gemini glitch where AI chatbot moans 'I am a failure'

[^4]: Android Police - Google is fixing Gemini's self-loathing problem

[^5]: CNET - Google Working on Fix for Glum Gemini, Stuck in 'Infinite Loop' of Self-Esteem Issues

In January 2024, physicists Arnab Priya Saha and Aninda Sinha at the Indian Institute of Science discovered a new formula for calculating pi while studying string theory interactions[^1]. Their research, published in Physical Review Letters, presents a series representation that converges much faster than historical methods - requiring only 30 terms to reach 10 decimal places, compared to 5 billion terms needed for the 15th century Madhava series[^1][^2].

The formula emerged unexpectedly while the researchers were developing models to understand quantum particle scattering using string theory, which treats fundamental particles as tiny vibrating strings[^1]. "Our efforts, initially, were never to find a way to look at pi," said Sinha. "We were excited when we got a new way to look at pi."[^3]

The discovery has sparked debate in the mathematics community. While some highlight its theoretical significance, others like mathematician Peter Woit argue the findings have been over-hyped in media coverage[^4]. The formula's key innovation is a free parameter λ that allows for infinitely many representations of pi, with Madhava's historical series emerging as a special case when λ approaches infinity[^1].

[^1]: Scientific American - String Theorists Accidentally Find a New Formula for Pi

[^2]: Physical Review Letters - Field theory expansions of string theory amplitudes

[^3]: IISc - IISc Physicists Find a New Way to Look at Mathematics' Pi

[^4]: Columbia Math - Latest Breakthrough From String Theory

Since taking office in January 2025, Trump has authorized several unprecedented military actions and territorial claims:

Border Militarization:

• Transferred control of the Roosevelt Reservation, a 60-foot-wide strip along the US-Mexico border, to the Department of Defense in April 2025[^1]
• Established "National Defense Areas" in New Mexico and Texas, treating them as military installations where troops can detain migrants[^1]
• Deployed over 10,000 troops to patrol and monitor the border[^10]

Los Angeles Military Deployment:

• Federalized California National Guard troops in June 2025 over Governor Newsom's objections[^11]
• Deployed 2,000 National Guard troops to Los Angeles following immigration protests[^11]
• A June 19 appeals court ruling upheld Trump's authority to deploy troops in American cities[^20]

Territorial Claims:

• Refused to rule out military force to seize control of Greenland from Denmark[^14]
• Threatened military action to retake control of the Panama Canal[^14]
• Proposed renaming the Gulf of Mexico to the "Gulf of America"[^14]

Legal Framework:

• Administration argues military activities at border are legal under "military purpose doctrine" exception to Posse Comitatus Act[^1]
• Critics say actions violate constitutional limits on military involvement in domestic law enforcement[^1]
• Brennan Center called the border militarization "a transparent ruse to evade the Posse Comitatus Act"[^1]

[^1]: Huffpost - Trump Is Quietly Using The U.S. Military In A Whole New Way

[^10]: Newsweek - Donald Trump expands US military role at southern border

[^11]: CNN - Trump seizes on Los Angeles protests in contentious use of military amid migrant crackdown

[^14]: AP News - Trump refuses to rule out use of military force to take control of Greenland and Panama Canal

[^20]: The Conversation - Appeals court ruling grants Donald Trump broad powers to deploy troops to American cities

Security researchers at Cisco Talos discovered critical vulnerabilities in Dell's ControlVault3 hardware security module that affect over 100 Dell laptop models[^1]. Called "ReVault," these five vulnerabilities allow attackers to compromise the system in two main ways:

1. Post-compromise persistence: A non-administrative user can exploit the Windows APIs to execute arbitrary code on the ControlVault firmware, steal security keys, and modify the firmware to maintain access even after Windows reinstallation[^1].

2. Physical attack: An attacker with physical access can directly connect to the Unified Security Hub board via USB, bypass login credentials and disk encryption, and even trick the fingerprint reader into accepting any fingerprint[^1].

The affected ControlVault3 and ControlVault3+ modules are primarily found in Dell Latitude and Precision business laptops used in cybersecurity, government, and other security-sensitive environments[^1].

Key mitigations include:

• Installing the latest firmware updates
• Disabling unused security peripherals
• Enabling chassis intrusion detection
• Using Windows Enhanced Sign-in Security (ESS)
• Monitoring for suspicious crashes in Windows Biometric Service[^1]

[^1]: Cisco Talos - ReVault! When your SoC turns against you…

Recent breakthroughs show that quantum systems can exhibit reversibility in ways previously thought impossible, challenging our understanding of time's arrow and irreversibility.

In 2025, researchers at the University of Surrey demonstrated that two arrows of time can emerge simultaneously in quantum systems. "While our common experience tells us that time only moves one way, we are just unaware that the opposite direction would have been equally possible," explains Dr. Andrea Rocco, lead author of the study[^1].

The key insight comes from examining open quantum systems - those that interact with their environment. While classical physics suggests processes like spilled milk spreading across a table must be irreversible, quantum mechanics operates differently. Even after applying standard simplifying assumptions, the equations describing quantum systems behave the same way whether moving forward or backward in time[^1].

This theoretical work gained experimental validation in July 2025 through a breakthrough "entanglement battery" that allows physicists to manipulate quantum entanglement reversibly[^2]. Just as a regular battery stores energy, this quantum device can store and release entanglement while preserving the total amount, enabling previously impossible reversible transformations of quantum states.

However, this reversibility has strict limits. According to physicist Thomas Guff, it only works when specific mathematical conditions are met - particularly that a "memory kernel" remains symmetrical in time[^3]. The reversal also becomes impossible if an observer retains information about measurement outcomes, as this resets the initial conditions within that observer's branch of the universe[^4].

[^1]: Cosmos Magazine - Theoretical physicists show that quantum systems have opposing arrows of time

[^2]: Science Daily - Breakthrough battery lets physicists reverse entanglement

[^3]: EurekAlert - Physicists uncover evidence of two arrows of time emerging from the quantum realm

[^4]: Physics Stack Exchange - Where does the irreversibility came from if all the fundamental interaction are reversible?

DOJ Citizenship Revocation Plans Raise Constitutional Concerns

The Justice Department issued a June 11, 2025 memo directing attorneys to "maximally pursue denaturalization proceedings," sparking concerns about potential political targeting of naturalized citizens[^1]. While the memo lists priorities like national security threats and criminal conduct, it includes broad language allowing cases deemed "sufficiently important to pursue"[^1].

Legal experts warn this discretion could enable politically motivated denaturalization. "The politicization of citizenship rights is something that really worries me, I think it's just flatly inconsistent with our democratic system," said Cassandra Burke Robertson, a law professor at Case Western Reserve University[^7].

Recent events highlight these concerns:

• The White House press secretary indicated support for investigating NYC mayoral candidate Zohran Mamdani's citizenship based on rap lyrics[^6]
• Trump suggested examining Elon Musk's citizenship status after Musk criticized his spending bill[^14]
• Trump threatened to revoke Rosie O'Donnell's citizenship, though this is legally impossible as she was born in the U.S.[^14]

Constitutional scholars emphasize that denaturalization through civil proceedings "lacks many constitutional protections," with no right to court-appointed lawyers or jury trials[^14]. The Supreme Court previously restricted denaturalization in 1967, ruling it "inconsistent with the American form of democracy, because it creates two levels of citizenship"[^1].

"Denaturalization is exceedingly rare and has occurred for people who concealed information of war crimes, Nazi membership, criminal histories, or immigration fraud such as using a stolen identity," said Michelle Mittelstadt of the Migration Policy Institute[^14].

[^1]: NPR - DOJ announces plans to prioritize cases to revoke citizenship

[^6]: MSNBC - Trump's DOJ issues memo on plan to strip citizenship

[^7]: CNN - Law used to kick out Nazis could be used to strip citizenship from many more Americans

[^14]: PolitiFact - Can Donald Trump revoke Rosie O'Donnell's U.S. citizenship?