Security Scares, Politeness Costing AI, and Tech Industry Shakeups

LITS bits:

This week, Matt and Griff dig into manners, hacks, and tech power plays.

Momma Said Manners Didn’t Cost Anything… But She Might’ve Been Wrong

Sam Altman recently acknowledged a surprising consequence of digital politeness: those tiny courtesies like “please” and “thank you” could cost tens of millions in computing power when users address AI like ChatGPT. While charming, these extra characters add no value to the system’s function and, at scale, contribute significantly to processing costs. That said, Altman considers the price well worth the humanity it preserves. So, maybe manners do cost something—but they might still be worth every cent.

🔗 Read more here

CentreStack & Triofox Vulnerability: What You Need to Know

Security researchers at Huntress recently uncovered a critical flaw in Gladinet CentreStack and Triofox platforms used widely for file sync and share services. Tagged CVE-2025-30406 with a staggering CVSS score of 9.8, the vulnerability stems from hard-coded cryptographic keys in the software's default setup.

Threat actors exploited these keys to bypass ASP.NET ViewState protections, potentially escalating their access to full system control. Thankfully, organizations like Lighthouse, whose Harmony Cloud Drive is built on CentreStack, had already implemented mitigation tactics like key rotation and were able to patch systems immediately—without disrupting service.

No indicators of compromise were found post-patch, and Huntress’ existing monitoring infrastructure (deployed widely due to recent CrushFTP attacks) made identification swift.

🔗 Full analysis here

Oracle Cloud Breach Spurs CISA Action

A reported breach involving Oracle Cloud’s SSO/LDAP systems has sparked concern. Despite Oracle initially denying the claim, security firm CloudSEK presented compelling evidence, including real customer data, matching subdomains, and use of the high-severity CVE-2021-35587 (CVSS 9.8).

Though Oracle hasn’t confirmed the breach outright, it reportedly contacted affected clients, raising more questions than answers. As a precaution, CISA recommends:

• Resetting passwords
• Enabling MFA
• Monitoring logs for suspicious activity

🔗 DarkReading Report

We Really DOGEd a Bullet: CVE Program Almost Shut Down

For a few tense hours, it looked like the CVE Program—the gold standard for tracking software vulnerabilities—might vanish. Why? Its contract with MITRE, the non-profit responsible for maintaining it, lapsed without renewal.

Fortunately, a temporary fix was found: the contract was extended for 11 months, and MITRE established the CVE Foundation to secure independent funding going forward. Without CVE, the industry would lose a foundational tool used in virtually every cybersecurity briefing.

🔗 Learn more

Apple’s Strategic Moves: Headsets, OS Overhaul, and Supply Chain Shifts

Apple is doubling down on innovation and global supply diversification:

• Vision Pro Headsets: New models are in development, reinforcing Apple’s commitment to immersive tech and future AR glasses.
• iPadOS Redesign: Expect a macOS-inspired interface for improved usability.
• India Manufacturing Push: Despite U.S. tariff exemptions, Apple is betting big on India for iPhone production.
• iPhone 16e in Brazil: Apple is working with Foxconn to expand its footprint in South America.

🔗 More on Vision Pro and iPadOS

Big Tech vs. The World

Two major antitrust battles are heating up:

• Meta vs. FTC: The FTC seeks to undo Meta’s acquisitions of Instagram and WhatsApp, arguing anti-competitive behavior. Meta claims competition exists with TikTok and YouTube.
• Google’s Ad Tech Monopoly: A federal judge found Google guilty of illegal monopolistic practices in ad tech, opening the door to possible divestitures.

🔗 Meta Antitrust Case

Shifting Sands in Big Tech

• OpenAI Eyes the Browser: CEO Sam Altman hinted at acquiring or building a browser—perhaps even Google Chrome—to deepen AI's web integration.
• Google's Reversals: Third-party cookies are sticking around for now, and Google is consolidating its global search platform under google.com.
• Gemini Goes Global: A deal with Samsung puts Google's Gemini AI app preinstalled on devices, including ad revenue-sharing incentives.

🔗 Gemini Deal Details

Social Media Now Wants to Teach You How to Use It

Social platforms are embracing user education:

• LinkedIn launched a new mini-site packed with tips and videos to help users become better content creators.
• Pinterest Academy added four new learning paths, offering short videos and courses for marketing success.

Enjoyed what you heard? We release a new episode every two weeks, so be sure to come back for the next one!