Many trains in the U.S. are vulnerable to a hack that can remotely lock a train's brakes, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the researcher who discovered the vulnerability. From a report:The railroad industry has known about the vulnerability for more than a decade but only recently began to fix it. Independent researcher Neil Smith first discovered the vulnerability, which can be exploited over radio frequencies, in 2012.

"All of the knowledge to generate the exploit already exists on the internet. AI could even build it for you," Smith told 404 Media. "The physical aspect really only means that you could not exploit this over the internet from another country, you would need to be some physical distance from the train [so] that your signal is still received."

Perplexity CEO Aravind Srinivas warned young entrepreneurs that tech giants will "copy anything that's good" during a talk at Y Combinator's AI Startup School, telling founders they must "live with that fear." Srinivas said that companies raising tens of billions need to justify capital expenditures and search for new revenue streams.

Perplexity pioneered web-crawling chatbots when it launched its answer engine in December 2022, but Google's Bard added internet-crawling three months later, followed by ChatGPT in May 2023 and Anthropic's Claude in March 2025. The competition has extended to browsers, with Perplexity launching its Comet browser on July 9 and Reuters reporting that OpenAI is developing a web browser to challenge Google Chrome. Perplexity's communications head Jesse Dwyer said larger companies will "drown your voice."

A team of Japanese researchers has set a new world record for internet speed, transmitting data at 125,000 gigabytes per second over 1,120 miles using a new type of 19-core optical fiber. "That's about 4 million times the average internet speed in the U.S. and would allow you to download the entire Internet Archive in less than four minutes," notes Live Science. It's also "more than twice the previous world record of 50,250 Gbps, previously set by a different team of scientists in 2024." From the report: To achieve this new speed -- which has not been independently verified -- the team developed a new form of optical fiber to send information at groundbreaking speeds over roughly the distance between New York and Florida. Details about this achievement were presented April 3 at the 48th Optical Fiber Communication Conference in San Francisco, according to a statement from Japan's National Institute of Information and Communications Technology.

The new type of optical fiber is equivalent to 19 standard optical fibers in its data transmission capacity. The new optical fiber is better suited to long-haul transmission than existing cables because the centers of all 19 fibers interact with light in the same way, so they encounter less light fluctuation, which results in less data loss. The new cable squeezes 19 separate fibers into a diameter of five-thousandths of an inch (0.127 millimeters), which is the same thickness as most existing single-fiber cables already in use. This effort means the new cable can transmit more data using existing infrastructure. [...] For this demonstration, the data ran through a transmission system 21 times, finally reaching a data receiver after traveling the equivalent of 1,120 miles.

An anonymous reader quotes a report from Ars Technica: Samuel Herman and Alexander Baciu never liked using Comcast's cable broadband. Now, the residents of Saline, Michigan, operate a fiber Internet service provider that competes against Comcast in their neighborhoods and has ambitions to expand. "All throughout my life pretty much, I've had to deal with Xfinity's bullcrap, them not being able to handle the speeds that we need," Herman told Ars. "I lived in a house of 10. I have seven other brothers and sisters, and there's 10 of us in total with my parents." With all those kids using the Internet for school and other needs, "it just doesn't work out," he said. Herman was particularly frustrated with Comcast upload speeds, which are much slower than the cable service's download speeds. "Many times we would have to call Comcast and let them know our bandwidth was slowing down... then they would say, 'OK, we'll refresh the system.' So then it would work again for a week to two weeks, and then again we'd have the same issues," he said. Herman, now 25, got married in 2021 and started building his own house, and he tried to find another ISP to serve the property. He was familiar with local Internet service providers because he worked in construction for his father's company, which contracts with ISPs to build their networks. But no fiber ISP was looking to compete directly against Comcast where he lived, though Metronet and 123NET offer fiber elsewhere in the city, Herman said. He ended up paying Comcast $120 a month for gigabit download service with slower upload speeds. Baciu, who lives about a mile away from Herman, was also stuck with Comcast and was paying about the same amount for gigabit download speeds.

Herman said he was the chief operating officer of his father's construction company and that he shifted the business "from doing just directional drilling to be a turnkey contractor for ISPs." Baciu, Herman's brother-in-law (having married Herman's oldest sister), was the chief construction officer. Fueled by their knowledge of the business and their dislike of Comcast, they founded a fiber ISP called Prime-One. Now, Herman is paying $80 a month to his own company for symmetrical gigabit service. Prime-One also offers 500Mbps for $75, 2Gbps for $95, and 5Gbps for $110. The first 30 days are free, and all plans have unlimited data and no contracts. "We are 100 percent fiber optic," Baciu told Ars. "Everything that we're doing is all underground. We're not doing aerial because we really want to protect the infrastructure and make sure we're having a reliable connection." Each customer's Optical Network Terminal (ONT) and other equipment is included in the service plan. Prime-One provides a modem and the ONT, plus a Wi-Fi router if the customer prefers not to use their own router. They don't charge equipment or installation fees, Herman and Baciu said.

Prime-One began serving customers in January 2025, and Baciu said the network has been built to about 1,500 homes in Saline with about 75 miles of fiber installed. Prime-One intends to serve nearby towns as well, with the founders saying the plan is to serve 4,000 homes with the initial build and then expand further. [...] A bit more than 100 residents have bought service so far, they said. Herman said the company is looking to sign up about 30 percent of the homes in its network area to make a profit. "I feel fairly confident," Herman said, noting the number of customers who signed up with the initial construction not even halfway finished.

A small fraction of hyperactive social media users generates the vast majority of toxic online content, according to research by New York University psychology professor Jay Van Bavel and colleagues Claire Robertson and Kareena del Rosario. The study found that 10% of users produce roughly 97% of political tweets, while just 0.1% of users share 80% of fake news.

Twelve accounts known as the "disinformation dozen" created most vaccine misinformation on Facebook during the pandemic, the research found. In experiments, researchers paid participants to unfollow divisive political accounts on X. After one month, participants reported 23% less animosity toward other political groups. Nearly half declined to refollow hostile accounts after the study ended, and those maintaining healthier newsfeeds reported reduced animosity 11 months later. The research describes social media as a "funhouse mirror" that amplifies extreme voices while muting moderate perspectives.

The advocacy group Free Press on Friday blasted America's Federal Communications Commission chief "for an order that rips net neutrality rules off the books, without any time for public comment, following an unfavorable court ruling," reports the nonprofit progressive news site Common Dreams: A panel from the U.S. Court of Appeals for the 6th Circuit ruled in January that broadband is an "information service" instead of a "telecommunications service" under federal law, and the FCC did not have the authority to prohibit internet service providers (ISPs) from creating online "fast lanes" and blocking or throttling web content... FCC Chair Brendan Carr said in a Friday statement that as part of his "Delete, Delete, Delete" initiative, "we're continuing to clean house at the FCC, working to identify and eliminate rules that no longer serve a purpose, have been on our books for decades, and have no place in the current Code of Federal Regulations...."

Responding in a lengthy statement, Free Press vice president of policy and general counsel Matt Wood said that "the FCC's so-called deletion today is little more than political grandstanding. It's true that the rules in question were first stayed by the 6th Circuit and then struck down by that appellate court — in a poorly reasoned opinion. So today's bookkeeping maneuver changes very little in reality... There's no need to delete currently inoperative rules, much less to announce it in a summer Friday order. The only reason to do that is to score points with broadband monopolies and their lobbyists, who've fought against essential and popular safeguards for the past two decades straight...."

Wood noted that "the appeals process for this case has not even concluded yet, as Free Press and allies sought and got more time to consider our options at the Supreme Court. Today's FCC order doesn't impact either our ability to press the case there or our strategic considerations about whether to do so," he added. "It's little more than a premature housekeeping step..."

Major space industry players -- including SpaceX, Boeing, and Blue Origin -- are urging Congress to maintain funding for the TraCSS space traffic coordination program, warning that eliminating it would endanger satellite safety and potentially drive companies abroad. Under the proposed FY 2026 budget, the Office of Space Commerce's funding would be cut from $65 million to just $10 million. "That $55M cut is accomplished by eliminating the Traffic Coordination System for Space (TraCSS) program," reports The Register. From the report: "One of OSC's most important functions is to provide space traffic coordination support to US satellite operators, similar to the Federal Aviation Administration's role in air traffic control," stated letters from space companies including SpaceX, Boeing, Blue Origin, and others. The letters argue that safe space operations "in an increasingly congested space domain" are critical for modern services like broadband satellite internet and weather forecasting, but that's not all. "Likewise, a safe space operating environment is vital for continuity of national security space missions such as early warning of missile attacks on deployed US military forces," the letters added.

Industry trade groups sent the letters to the Democratic and Republican leadership of the House and Senate budget subcommittees for Commerce, Justice, Science, and Related Agencies, claiming to represent more than 450 US companies in the space, satellite, and defense sectors. The letters argue for the retention of the OSC's FY 2025 budget of $65 million, as well as keeping control of space traffic coordination within the purview of the Department of Commerce, under which the OSC is nested, and not the Department of Defense, where it was previously managed. "Successive administrations have recognized on a bipartisan basis that space traffic coordination is a global, commercial-facing function best managed by a civilian agency," the companies explained. "Keeping space traffic coordination within the Department of Commerce preserves military resources for core defense missions and prevents the conflation of space safety with military control."

In the budget request document, the government explained the Commerce Department was unable to complete "a government owned and operated public-facing database and traffic coordination system" in a timely manner. The private sector, meanwhile, "has proven they have the capability and the business model to provide civil operators" with the necessary space tracking data. But according to the OSC, TraCSS would have been ready for operations by January 2026, raising the question of why the government would kill the program so late in the game.

An anonymous reader quotes a report from TechCrunch: On Sunday, Block CEO and Twitter co-founder Jack Dorsey launched an open source chat app called Bitchat, promising to deliver "secure" and "private" messaging without a centralized infrastructure. The app relies on Bluetooth and end-to-end encryption, unlike traditional messaging apps that rely on the internet. By being decentralized, Bitchat has potential for being a secure app in high-risk environments where the internet is monitored or inaccessible. According to Dorsey's white paper detailing the app's protocols and privacy mechanisms, Bitchat's system design "prioritizes" security.

But the claims that the app is secure, however, are already facing scrutiny by security researchers, given that the app and its code have not been reviewed or tested for security issues at all -- by Dorsey's own admission. Since launching, Dorsey has added a warning to Bitchat's GitHub page: "This software has not received external security review and may contain vulnerabilities and does not necessarily meet its stated security goals. Do not use it for production use, and do not rely on its security whatsoever until it has been reviewed." This warning now also appears on Bitchat's main GitHub project page but was not there at the time the app debuted.

As of Wednesday, Dorsey added: "Work in progress," next to the warning on GitHub. This latest disclaimer came after security researcher Alex Radocea found that it's possible to impersonate someone else and trick a person's contacts into thinking they are talking to the legitimate contact, as the researcher explained in a blog post. Radocea wrote that Bitchat has a "broken identity authentication/verification" system that allows an attacker to intercept someone's "identity key" and "peer id pair" -- essentially a digital handshake that is supposed to establish a trusted connection between two people using the app. Bitchat calls these "Favorite" contacts and marks them with a star icon. The goal of this feature is to allow two Bitchat users to interact, knowing that they are talking to the same person they talked to before.

Over 240 browser extensions with nearly a million total installs have been covertly turning users' browsers into web-scraping bots. "The extensions serve a wide range of purposes, including managing bookmarks and clipboards, boosting speaker volumes, and generating random numbers," reports Ars Technica. "The common thread among all of them: They incorporate MellowTel-js, an open source JavaScript library that allows developers to monetize their extensions." Ars Technica reports: Some of the data swept up in the collection free-for-all included surveillance videos hosted on Nest, tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive and Intuit.com, vehicle identification numbers of recently bought automobiles along with the names and addresses of the buyers, patient names and the doctors they saw, travel itineraries hosted on Priceline, Booking.com, and airline websites, Facebook Messenger attachments and Facebook photos, even when the photos were set to be private. The dragnet also collected proprietary information belonging to Tesla, Blue Origin, Amgen, Merck, Pfizer, Roche, and dozens of other companies.

Tuckner said in an email Wednesday that the most recent status of the affected extensions is:

- Of 45 known Chrome extensions, 12 are now inactive. Some of the extensions were removed for malware explicitly. Others have removed the library.
- Of 129 Edge extensions incorporating the library, eight are now inactive.
- Of 71 affected Firefox extensions, two are now inactive.

Some of the inactive extensions were removed for malware explicitly. Others have removed the library in more recent updates. A complete list of extensions found by Tuckner is here.

The UK has transformed its broadband infrastructure in five years -- with full-fiber coverage jumping from 12% of properties in January 2020 to more than 78% by 2025, according to communications regulator Ofcom and ThinkBroadband data. Northern Ireland leads with 96% of premises in postcodes served with full-fiber connections.

The rollout accelerated after Ofcom's May 2021 regulatory framework gave other providers access to BT's Openreach ducts and poles while promising the company regulatory certainty through a "fair bet" approach that avoided price caps. The framework sparked investment from alternative networks, or "altnets," which increased homes passed from 8.2 million in 2022 to 16.4 million by 2025.

OpenAI is close to releasing an AI-powered web browser that will challenge market-dominating Google Chrome, Reuters reported Wednesday. From the report: The browser is slated to launch in the coming weeks, three of the people said, and aims to use artificial intelligence to fundamentally change how consumers browse the web. It will give OpenAI more direct access to a cornerstone of Google's success: user data.

An anonymous reader quotes a report from 404 Media: For someone who says she is fighting AI bot scrapers just in her free time, Xe Iaso seems to be putting up an impressive fight. Since she launched it in January, Anubis, a "program is designed to help protect the small internet from the endless storm of requests that flood in from AI companies," has been downloaded nearly 200,000 times, and is being used by notable organizations including GNOME, the popular open-source desktop environment for Linux, FFmpeg, the open-source software project for handling video and other media, and UNESCO, the United Nations organization for educations, science, and culture. [...]

"Anubis is an uncaptcha," Iaso explains on her site. "It uses features of your browser to automate a lot of the work that a CAPTCHA would, and right now the main implementation is by having it run a bunch of cryptographic math with JavaScript to prove that you can run JavaScript in a way that can be validated on the server." Essentially, Anubis verifies that any visitor to a site is a human using a browser as opposed to a bot. One of the ways it does this is by making the browser do a type of cryptographic math with JavaScript or other subtle checks that browsers do by default but bots have to be explicitly programmed to do. This check is invisible to the user, and most browsers since 2022 are able to complete this test. In theory, bot scrapers could pretend to be users with browsers as well, but the additional computational cost of doing so on the scale of scraping the entire internet would be huge. This way, Anubis creates a computational cost that is prohibitively expensive for AI scrapers that are hitting millions and millions of sites, but marginal for an individual user who is just using the internet like a human.

Anubis is free, open source, lightweight, can be self-hosted, and can be implemented almost anywhere. It also appears to be a pretty good solution for what we've repeatedly reported is a widespread problem across the internet, which helps explain its popularity. But Iaso is still putting a lot of work into improving it and adding features. She told me she's working on a non cryptographic challenge so it taxes users' CPUs less, and also thinking about a version that doesn't require JavaScript, which some privacy-minded disable in their browsers. The biggest challenge in developing Anubis, Iaso said, is finding the balance. "The balance between figuring out how to block things without people being blocked, without affecting too many people with false positives," she said. "And also making sure that the people running the bots can't figure out what pattern they're hitting, while also letting people that are caught in the web be able to figure out what pattern they're hitting, so that they can contact the organization and get help. So that's like, you know, the standard, impossible scenario."

Jack Dorsey has launched Bitchat, a decentralized, peer-to-peer messaging app that uses Bluetooth mesh networks for encrypted, ephemeral chats without requiring accounts, servers, or internet access. The beta version is live on TestFlight, with a full white paper available on GitHub. CNBC reports: In a post on X Sunday, Dorsey called it a personal experiment in "bluetooth mesh networks, relays and store and forward models, message encryption models, and a few other things."

Bitchat enables ephemeral, encrypted communication between nearby devices. As users move through physical space, their phones form local Bluetooth clusters and pass messages from device to device, allowing them to reach peers beyond standard range -- even without Wi-Fi or cell service. Certain "bridge" devices connect overlapping clusters, expanding the mesh across greater distances. Messages are stored only on device, disappear by default and never touch centralized infrastructure -- echoing Dorsey's long-running push for privacy-preserving, censorship-resistant communication.

Like the Bluetooth-based apps used during Hong Kong's 2019 protests, Bitchat is designed to keep working even when the internet is blocked, offering a censorship-resistant way to stay connected during outages, shutdowns or surveillance. The app also supports optional group chats, or "rooms," which can be named with hashtags and protected by passwords. It includes store and forward functionality to deliver messages to users who are temporarily offline. A future update will add WiFi Direct to increase speed and range, pushing Dorsey's vision for off-grid, user-owned communication even further.

The Free Software Foundation's services face "ongoing (and increasing) distributed denial of service (DDoS) attacks," senior systems administrator Ian Kelling wrote Wednesday. But "Even though we are under active attack, gnu.org, ftp.gnu.org, and savannah.gnu.org are up with normal response times at the moment, and have been for the majority of this week, largely thanks to hard work from the Savannah hackers Bob, Corwin, and Luke who've helped us, your sysadmins."

"We've shielded these sites for almost a full year of intense attacks now, and we'll keep on fighting these attacks for as long as they continue." Our infrastructure has been under attack since August 2024. Large Language Model (LLM) web crawlers have been a significant source of the attacks, and as for the rest, we don't expect to ever know what kind of entity is targeting our sites or why.

- In the fall Bulletin, we wrote about the August attack on gnu.org. That attack continues, but we have mitigated it. Judging from the pattern and scope, the goal was likely to take the site down and it was not an LLM crawler. We do not know who or what is behind the attack, but since then, we have had more attacks with even higher severity.

- To begin with, GNU Savannah, the FSF's collaborative software development system, was hit by a massive botnet controlling about five million IPs starting in January. As of this writing, the attack is still ongoing, but the botnet's current iteration is mitigated. The goal is likely to build an LLM training dataset. We do not know who or what is behind this.

- Furthermore, gnu.org and ftp.gnu.org were targets in a new DDoS attack starting on May 27, 2025. Its goal seems to be to take the site down. It is currently mitigated. It has had several iterations, and each has caused some hours of downtime while we figured out how to defend ourselves against it. Here again, the goal was likely to take our sites down and we do not know who or what is behind this.

- In addition, directory.fsf.org, the server behind the Free Software Directory, has been under attack since June 18. This likely is an LLM scraper designed to specifically target Media Wiki sites with a botnet. This attack is very active and now partially mitigated...

Even though we are under active attack, gnu.org, ftp.gnu.org, and savannah.gnu.org are up with normal response times at the moment, and have been for the majority of this week, largely thanks to hard work from the Savannah hackers Bob, Corwin, and Luke who've helped us, your sysadmins. We've shielded these sites for almost a full year of intense attacks now, and we'll keep on fighting these attacks for as long as they continue.
The full-time FSF tech staff is just two systems administrators, "and we currently lack the funds to hire more tech staff any time soon," Kelling points out. Kelling titled his post "our small team vs millions of bots," suggesting that supporters purchase FSF memberships "to improve our staffing situation... Can you join us in our crucial work to guard user freedom and defy dystopia?"

Kelling also points out they're also facing "run-of-the-mill standard crawlers, SEO crawlers, crawlers pretending to be normal users, crawlers pretending to be other crawlers, uptime systems, vulnerability scanners, carrier-grade network address translation, VPNs, and normal browsers hitting our sites..."

"Some of the abuse is not unique to us, and it seems that the health of the web has some serious problems right now."

An anonymous reader quotes a report from the Associated Press: Websites that displayed legally mandated U.S. national climate assessments seem to have disappeared, making it harder for state and local governments and the public to learn what to expect in their backyards from a warming world. Scientists said the peer-reviewed authoritative reports save money and lives. Websites for the national assessments and the U.S. Global Change Research Program were down Monday and Tuesday with no links, notes or referrals elsewhere. The White House, which was responsible for the assessments, said the information will be housed within NASA to comply with the law, but gave no further details. Searches for the assessments on NASA websites did not turn them up.

"It's critical for decision makers across the country to know what the science in the National Climate Assessment is. That is the most reliable and well-reviewed source of information about climate that exists for the United States," said University of Arizona climate scientist Kathy Jacobs, who coordinated the 2014 version of the report. "It's a sad day for the United States if it is true that the National Climate Assessment is no longer available," Jacobs said. "This is evidence of serious tampering with the facts and with people's access to information, and it actually may increase the risk of people being harmed by climate-related impacts."

"This is a government resource paid for by the taxpayer to provide the information that really is the primary source of information for any city, state or federal agency who's trying to prepare for the impacts of a changing climate," said Texas Tech climate scientist Katharine Hayhoe, who has been a volunteer author for several editions of the report. Copies of past reports are still squirreled away in NOAA's library. NASA's open science data repository includes dead links to the assessment site. [...] Additionally, NOAA's main climate.gov website was recently forwarded to a different NOAA website. Social media and blogs at NOAA and NASA about climate impacts for the general public were cut or eliminated. "It's part of a horrifying big picture," [said Harvard climate scientist John Holdren, who was President Obama's science advisor and whose office directed the assessments]. "It's just an appalling whole demolition of science infrastructure." National climate assessments are more detailed and locally relevant than UN reports and undergo rigorous peer review and validation by scientific and federal institutions, Hayhoe and Jacobs said. Suppressing these reports would be censoring science, Jacobs said.

Ripple Labs is applying for a U.S. national bank charter and a Federal Reserve master account, "following a similar move by stablecoin issuer Circle Internet Group as crypto firms look to be regulated to deepen ties with traditional finance," reports CoinTelegraph. From the report: Ripple CEO Brad Garlinghouse confirmed on X on Wednesday that the company is applying for a license with the US Office of the Comptroller of the Currency (OCC), following an earlier report by The Wall Street Journal. "True to our long-standing compliance roots, Ripple is applying for a national bank charter from the OCC," he wrote. Garlinghouse said if the license is approved, it would be a "new (and unique!) benchmark for trust in the stablecoin market" as the firm would be under federal and state oversight -- with the New York Department of Financial Services already regulating its Ripple USD (RLUSD) stablecoin. [...]

Ripple's Garlinghouse added that the company also applied for a Master Account with the Federal Reserve, which would give it access to the US central banking system. "This access would allow us to hold $RLUSD reserves directly with the Fed and provide an additional layer of security to future proof trust in RLUSD," Garlinghouse said. "Congress is working towards clear rules and regulations, and banks (in a far cry from the years of Operation Chokepoint 2.0) are leaning in," he added, mentioning the conspiracy that the Biden administration sought to cut off crypto from the financial system. Ripple applied for the account through Standard Custody, a crypto custody firm it acquired in February 2024.

Let's Encrypt, a certificate authority (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses. From a report: It's not the first CA to do so. PositiveSSL, Sectigo, and GeoTrust all offer TLS/SSL certificates for use with IP addresses, at prices ranging from $40 to $90 or so annually. But Let's Encrypt does so at no cost.

For those with a static IP address who want to host a website, an IP address certificate provides a way to offer visitors a secure connection with that numeric identifier while avoiding the nominal expense of a domain name.

China will launch digital IDs for internet use on July 15th, transferring online verification from private companies to government control. Users obtain digital IDs by submitting personal information including facial scans to police via an app. A pilot program launched one year ago enrolled 6 million people.

The system currently remains voluntary, though officials and state media are pushing citizens to register for "information security." Companies will see only anonymized character strings when users log in, while police retain exclusive access to personal details. The program replaces China's existing system requiring citizens to register with companies using real names before posting comments, gaming, or making purchases.

Police say they punished 47,000 people last year for spreading "rumours" online. The digital ID serves a broader government strategy to centralize data control. State planners classify data as a production factor alongside labor and capital, aiming to extract information from private companies for trading through government-operated data exchanges.

The UK government is preparing new legislation to address undersea cable sabotage as current laws are proving inadequate for modern threats. Ministry of Defence parliamentary under-secretary Luke Pollard told lawmakers yesterday that the Submarine Telegraph Act of 1885, which imposes 1,000 pound ($1,370) fines, "does seem somewhat out of step with the modern-day risk."

The government's Strategic Defence Review proposes a new defence readiness bill to cover state-sponsored cybercrime and subsea cable attacks. Chris Bryant, minister of state for data protection and telecoms, said fines could be increased to 5,000 pound ($6,850) through secondary legislation but "that just doesn't seem to meet the needs of the situation."

Recent incidents include Sweden's deployment of forces to the Baltic Sea following suspected Russian attacks on underwater data cables in January. The China Strategic Risks Institute found that eight of ten identified vessels in 12 sabotage incidents between January 2021 and April 2025 were linked to China or Russia through registration or ownership.

Cloudflare today announced a "Pay Per Crawl" program that allows website owners to charge AI companies for accessing their content, a potential revenue stream for publishers whose work is increasingly being scraped to train AI models. The system uses HTTP response code 402 to enable content creators to set per-request prices across their sites. Publishers can choose to allow free access, require payment at a configured rate, or block crawlers entirely.

When an AI crawler requests paid content, it either presents payment intent via request headers for successful access or receives a "402 Payment Required" response with pricing information. Cloudflare acts as the merchant of record and handles the underlying technical infrastructure. The company aggregates billing events, charges crawlers, and distributes earnings to publishers.

Alongside Pay Per Crawl, Cloudflare has switched to blocking AI crawlers by default for its customers, becoming the first major internet infrastructure provider to require explicit permission for AI access. The company handles traffic for 20% of the web and more than one million customers have already activated its AI-blocking tools since their September 2024 launch, it wrote in a blog post.