“So long as the visit proceeds smoothly and Trump concludes he was treated respectfully, then the uneasy calm in the bilateral relationship will endure. If, on the other hand, Trump leaves feeling disrespected or trifled with, then he could have a change of heart,” says Ryan Hass, Director of the John L Thornton China Centre at the Brookings Institute.
Both privilege escalation vulnerabilities stem from bugs in the kernel’s handling of page caches stored in memory, allowing untrusted users to modify them. They target caches in networking and memory-fragment handling components. Specifically, CVE-2026-43284 attacks the esp4 and esp6 () processes, and CVE-2026-43500 zeroes in on rxrpc. Last week’s CopyFail exploited faulty page caching in the authencesn AEAD template process, which is used for IPsec extended sequence numbers. A 2022 vulnerability named Dirty Pipe also stemmed from flaws that allow attackers to overwrite page caches.
Researchers from security firm Automox wrote:
Dirty Frag belongs to the same bug family as Dirty Pipe and Copy Fail, but it targets the frag member of the kernel’s struct sk_buff rather than pipe_buffer. The exploit uses splice() to plant a reference to a read-only page-cache page (for example, /etc/passwd or /usr/bin/su) into the frag slot of a sender-side skb. Receiver-side kernel code then performs in-place cryptographic operations on that frag, modifying the page cache in RAM. Every subsequent read of the file sees the corrupted version, even though the attacker only ever had read access.
CVE-2026-43284 is found in the esp_input() process on the IPsec ESP receive path. When an skb object is non-linear but lacks a frag list, the code skips skb_cow_data() and decrypts AEAD in place on the planted frag. From there, an attacker can control the file offset and the 4-byte value of each store.
CVE-2026-43500, meanwhile, resides in rxkad_verify_packet_1(). The process decrypts RxRPC payloads using a single-block process. Splice-pinned pages become both a source and destination. That, paired with the decryption key being freely extracted using the add_key (rxrpc), allows an attacker to rewrite contents in memory.
Either exploit used separately is unreliable. Some Ubuntu configurations use AppArmor to prevent untrusted users from creating namespace contents. That, in turn, neutralizes the ESP technique. Most other distributions by default don’t run rxrpc.ko, which neutralizes the RxRPC arm. When chained together, however, the two exploits allow attackers to obtain root on every major distribution Kim tested. Once the exploits run, attackers can use SSH access, web-shell execution, container escapes, or compromise low-privilege accounts.
“Dirty Frag is notable because it introduces multiple kernel attack paths involving rxrpc and esp/xfrm networking components to improve exploitation reliability,” Microsoft researchers wrote. “Rather than relying on narrow timing windows or unstable corruption conditions often associated with Linux local privilege escalation exploits, Dirty Frag appears designed to increase consistency across vulnerable environments.”
Researchers at Google-owned Wiz said exploits will be less likely to break out of hardened containerized environments such as Kubernets with default security settings in place. “However, the risk remains significant for virtual machines or less restricted environments.”
The best response for anyone using Linux is to install patches immediately. While fixes likely require a reboot, protection from a threat as severe as Dirty Frag outweighs the cost of disruptions. Anyone who can’t install immediately should follow the mitigation steps laid out in the posts linked above. Additional guidance can be found here.
Microsoft is using dynamic CPU scaling to speed up the Start menu, app opening times, and more.
Microsoft is using dynamic CPU scaling to speed up the Start menu, app opening times, and more.
Microsoft is currently testing a new speed boost feature in Windows 11 that is designed to improve app launch times and make things like the Start menu feel more responsive. The feature, which is reportedly called “Low Latency Profile,” will ramp up CPU frequency in short bursts to improve the speed of menus, flyouts, apps, and more — much like how macOS handles similar tasks.
Windows 11 testers have been trying out the new unannounced feature over the past week, and noticing significant speed improvements launching File Explorer or the Start menu, as well as apps like Outlook, the Microsoft Store, and Paint.
Windows Central reports that this new boost mode can result in up to 40 percent faster app times for Microsoft’s own apps, and up to 70 percent faster for the Start menu and context menus throughout Windows 11. While the early results look promising, some online commentators have criticized Microsoft for using CPU bursts to improve its operating system, drawing the attention of a Microsoft executive.
Scott Hanselman, vice president of technical staff for CoreAI, GitHub, and Windows, defended Microsoft’s speed boost changes to Windows 11 over the weekend, pointing out in a post on X that “your smartphone already does this” and that Microsoft isn’t cheating by boosting CPU clocks temporarily. Microsoft is using a common practice, used by macOS and Linux, to dynamically scale a CPU to prioritize interactive tasks. “Apple does this and y’all love it,” said Hanselman. “Let Windows cook.”
Microsoft’s latest speed boost to Windows 11 is part of sweeping changes coming to the operating system to improve performance, reliability, and user experience. Microsoft has also started removing “unnecessary” Copilot buttons from Windows 11, and made Windows Update a lot less annoying.
Circle Internet Group has raised $222 million in the presale of Arc, the native token of its new blockchain, as the company looks to expand beyond its core business of issuing the USDC stablecoin, CNBC has learned.
Andreessen Horowitz served as the lead investor in the raise with a $75 million investment. Other investors include BlackRock, Apollo Funds, New York Stock Exchange parent Intercontinental Exchange, SBI Group, Janus Henderson Investors, Standard Chartered Ventures, General Catalyst, Marshall Wace, ARK Invest, IDG Capital, Haun Ventures and the crypto exchange and CoinDesk owner Bullish.
The raise gives Arc a fully diluted network valuation of $3 billion.
“[Blockchain] infrastructure is becoming as important as mobile operating systems or cloud platforms,” Circle CEO Jeremy Allaire told CNBC in an exclusive interview. “We want to build an operating system that has many, many stakeholders in it … major companies who are running the infrastructure with us and who ultimately help to govern it.”
“We’re becoming a broader internet platform company,” Allaire added. “We’re entering the operating system business and we’re doing it by building this multi-stakeholder distributed model with a token, with a distributed network. But it is an operating system business. And we’re also getting into the apps business.”
Arc is a public blockchain designed for institutional finance. Allaire emphasized it’s about more than stablecoins and payments — noting it can “run the actual economy.”
“The economy is not just representations of values, it’s every contract that undergirds those financial relationships … the systems of governance that we use to govern all these economic institutions,” Allaire said.
As a 25% stakeholder in Arc’s initial supply of 10 billion tokens, Circle can participate in operating validator infrastructure, generating new fee revenue and earning staking income. The majority of the tokens, 60%, will go to participants who build on, use and contribute to the Arc network. The remaining 15% will be allocated to a long-term reserve.
Investors should follow transactions, asset issuance and success on the network found by the developer community, Allaire said.
He added that the economy is becoming increasingly machine-operated, with AI agents handling more of the operational and contractual work currently managed by humans.
“We’re entering this era where software machines will power the economic system,” he said. “Software will do most of the work — that is what AI agents represent.”
The company also unveiled a set of services and tools designed to help developers build AI agents that can manage transactions, access online services and make payments using USDC.
Circle’s ambitions with Arc reflect the existential shift other crypto firms are facing: They need to evolve beyond the businesses that were built in crypto’s early days around the speculative cycles of cryptocurrencies, and toward more durable businesses with steadier and more diversified revenue.
“While USDC has become the trusted digital dollar for banks, corporations, and financial
institutions seeking the speed of crypto without its volatility, there remains a problem. The internet infrastructure which USDC runs on today wasn’t built with big institutions in mind. It was built for individuals and crypto enthusiasts. That’s where Arc comes in,” a16z crypto wrote in a blog post Monday morning.
If Arc is successful, it could allow Circle to own more of the infrastructure its flagship USDC stablecoin runs on. Today, USDC depends heavily on networks like Ethereum and Solana for settlement and distribution partners like Coinbase.
The initiative is as much about playing defense as it is about growth. While regulation supporting stablecoins legitimizes them – including the GENIUS Act signed into law last year and the STABLE Act, which is set to get an initial vote this week in the Senate Banking Committee – some investors worry banks and fintechs may launch their own competing dollar tokens, removing the need for a third-party issuer.
Circle is the first publicly listed company to conduct a token presale – an early sale of digital tokens before a blockchain project officially launches.
Crypto companies like token sales for their ability to raise large amounts of capital and build an early user community. They are frequently likened to IPOs since both represent public-facing fundraising mechanisms that result in a transferable financial interest.
Also known as “initial coin offerings,” or ICOs, token sales became notorious for their role in fueling the 2017 crypto peak – when the market grew so quickly that projects launched with little oversight, leading to some high-profile failures and scams.
The landscape has shifted significantly since then. Under the Trump administration’s more crypto-friendly regulatory posture, the Securities and Exchange Commission is increasingly focused on establishing frameworks for compliant tokenized securities and on-chain capital formation, creating conditions that could encourage the return of ICO-style fundraising in a more mature and sustainable structure.
“It is a major shift in how stakeholders can participate in the growth of networks,” Allaire said. “Every company in the world, over time, will be tokenized, meaning your shares will be tokens … [and] you will use digital tokens as mechanisms of engagement with your customers and stakeholders.”
Iran’s semi-official Tasnim news agency said Tehran’s proposal, sent via Pakistan, which has served as a mediator, included an immediate end to the war on all fronts, a halt to the US naval blockade of Iranian ports and guarantees of no further attacks on Iran.
Until recently, however, most evidence linking small sperm RNAs to environmental challenges and subsequent effects in offspring has been correlational. Attempts to pin down causality—by injecting RNAs directly into embryos—have often used far higher RNA concentrations than typically found in sperm. In fact, there was no proof that the RNA fragments even make it inside the egg.
But though puzzles remain, recent studies show that not only are paternal RNA fragments transferred to a fertilized egg, but also that they are capable of inducing changes in the offspring at the doses found in sperm.
Researchers first noticed the intergenerational effects of paternal lifestyle back in the 1960s, but it was decades before they started experimental investigations using animal models. Today, those studying the phenomenon are sure the effects exist but aren’t certain how they are transmitted. The end result, they believe, is adjustments to the activity of genes—a phenomenon known as epigenetics.
Such adjustments occur during normal development as tissues and organs adopt their different identities, which require certain genes to be active or to be turned off. Epigenetic changes also occur throughout our lives, due to factors including exposures to certain chemicals, and activities such as smoking—and, maybe, exercise, stress, fatty diets, and more. Such changes can occur in myriad body cells, including those that give rise to sperm.
As evidence mounted that sperm somehow transmit environmental information to a male’s children, researchers started probing the epigenetic mechanisms that might be responsible. Several possibilities exist: methyl groups that turn down gene activity when they accumulate on genes, and acetyl groups that attach to the protein spools called histones, around which the DNA wraps. These tend to ramp up activity of nearby genes.
While rivals push experimental telephotos, Vivo’s phone simply has three equally excellent cameras.
A few months ago, I wrote that the telephoto camera is the only lens that matters any more, at least when it comes to Ultra-class flagships. As phones got better, cameras became where manufacturers tried to stand out. As cameras got better, telephoto lenses became the next point of focus. The most recent Ultra phones from Xiaomi, Oppo, and Huawei have all made the telephoto, above all, their selling point. Vivo’s X300 Ultra is doing something different.
Instead of pushing its telephoto hardware to further extremes, Vivo has mostly left it be. The company has focused its efforts on a significantly improved 35mm main camera, unique among the competition for its narrow, natural focal length. Combined with the best ultrawide camera in any phone and new pro-level video features, the result is a camera system that feels equally balanced between all three rear lenses. It’s a less flashy approach, but the total package is more versatile and useful than its rivals and my favorite to use so far.
8
Verge Score
The main camera is certainly the best of the three. The 200-megapixel, 1/1.12-inch-type Sony Lytia 901 sensor delivers a serious jump in both size and resolution from last year’s X200 Ultra. But it preserves that camera’s best feature: a 35mm-equivalent focal length. That’s narrower than most other phones — 23–26mm is typical — but closer to what photographers tend to look for in their default lens because it feels natural, close in scope to the human eye. It’s also closer to the focal length many phones used to use. If you’ve ever lamented the fact that your main camera feels more and more like an ultrawide, this is the phone for you.
The telephoto camera also has 200-megapixel resolution, with an 85mm focal length and 1/1.4-inch sensor, essentially the same specs as the X200 Ultra. The slightly narrower f/2.7 aperture might make the X300 look like a downgrade, but improved stabilization and sensor and processing tweaks give this iteration an edge overall.
Then there’s the ultrawide. This also hasn’t changed much year over year, but remains unique for its sensor size. It’s larger than the one on the iPhone 17 Pro’s main camera and supports optical image stabilization too. It’s in every sense a main camera spec with an ultrawide lens on top. No other ultrawide comes close.
The selfie camera is the only one that isn’t especially impressive: a 50-megapixel shooter with a comparatively small 1/2.76-inch sensor. It’s fine; the other cameras are great.
Photos across all three rear lenses are of remarkably comparable quality, in almost any lighting. About the only difference I could find is that the telephoto and ultrawide are more susceptible to motion blur when shooting fast subjects like cats or cars, and even then only when it’s dark. Otherwise, picking between the lenses feels like choosing the right focal length to frame a shot, without the usual worries about tradeoffs in quality. Photos are helped by naturalistic color-processing and a wide range of quite impressive film simulations. Vivo’s color science is my favorite in any phone, and this year is no exception.
Vivo hasn’t just focused on still photography. This year it’s doubled down on video, though the upgrades here are really targeted at professionals. You can now record 4K, 120fps, 10-bit Log video across all of the three rear lenses, can import custom 3D LUTs, and use a Pro Video shooting mode for full manual controls. If you don’t know what half of that means, you’re not alone! This stuff is beyond the needs of most of us, myself included.
Like rival Ultra phones, there’s also a set of camera add-ons and accessories. My colleague Allison Johnson has already spent time playing around with Vivo’s camera grip and separate 200mm and 400mm telephoto extender lenses, which can take extraordinary shots at range that no other phone could ever manage. While at MWC Barcelona 2026, I got to briefly play around with the custom SmallRig camera cage developed for the phone too, which squeezes stabilization, cooling, and a fill light into a pretty compact package. All of these are sold separately and play into Vivo’s claim that the X300 Ultra can be the base of a semi-professional camera system if you want it to.
This is a phone though, not just a camera, so I’d better talk about the rest of it too. For me the big letdown in the X300 Ultra is its drab design. My black model is a pretty dull-looking device, and while the two-tone effects on the green and white versions are better, neither is a patch on the camera-inspired aesthetics of the latest Xiaomi and Oppo phones. The X300 Ultra’s camera island is also exceptionally raised, almost as thick as the phone, and for some reason Vivo has also ditched the physical shutter button, which I miss.
Other specs are on a par with rival Ultra phones, but impressive compared to Apple and Samsung: a combined IP68 and IP69 protection rating, a colossal 6,600mAh silicon-carbon battery, and a 144Hz refresh rate for its 6.8-inch OLED display. Then there’s the standard flagship stuff, like the Qualcomm Snapdragon 8 Elite Gen 5 chipset, up to 1TB storage and 16GB RAM, and a decent promise of five years of Android OS updates and seven years of security patches. The phone runs on Vivo’s OriginOS, much improved on its older software but still the weakest of the major players, with a bland design and too many preinstalled apps and ads.
Ultra flagships are as much tech demos as consumer products. They’re an excuse for phone companies not only to show off their technical abilities, but also to lay down a vision for what makes the “best” phone right now. As processors and displays and water-resistance ratings have coalesced into universal standards that have proved tricky to improve upon, it’s the cameras where manufacturers can set out their stalls. And Vivo’s pitch is clear: The best camera is the one that’s great across every lens, not just one or two.
As tech demos go, this feels like a pretty practical one, price aside. The X300 Ultra isn’t launching in either the US or UK, but is available across Asia, along with a handful of European countries including Spain, Italy, and Austria. Its €1,999 (about $2,340) price certainly isn’t cheap, and its photography accessories add on hundreds more, though it costs about the same as a 1TB iPhone 17 Pro Max in those same markets. It’s expensive, but for what you’re getting, it probably should be.
I don’t think this is the best phone you could get for that money. It is a very good phone, with an excellent display, big battery, and flagship performance through and through. But the design is bulky, and boring, and maybe just a bit ugly. Vivo’s software often annoys me too. Xiaomi’s 17 Ultra is a slightly better all-round package, with a striking design and more polished OS. But the X300 Ultra’s three extraordinary lenses are so consistent, and so consistently excellent, that when I use the camera all those other worries fall away.
If I was putting my own money down right now, I’d buy the Xiaomi. But if I just had to pick who’s winning this year’s Ultra camera contest, Vivo gets my vote.
Photography by Dominic Preston / The Verge
Richard Shimooka, a senior fellow at the Macdonald-Laurier Institute, a public policy think tank, said the Canadian Armed Forces currently have the capacity to deploy only a few thousand soldiers at a time, along with a limited number of fighter jets. By comparison, the UK military can deploy 10,000 troops if necessary, he said.
The head of one of the nation’s largest auto finance lenders isn’t overly concerned about rising consumer automotive debt and inflated used car prices leading to longer loans on vehicle purchases.
His main reasoning? The percentage of income consumers are spending on their vehicles has remained relatively flat compared with 2019, before the coronavirus pandemic led to inflated pricing as demand surged but inventories stayed low.
“If I just told you, ‘Car prices going up, interest rates going up, insurance prices going up,’ you would say, ‘You know what, consumers must be paying more as a ratio to the income,'” Capital One Auto President Sanjiv Yajnik told CNBC. “However, if you look at every quintile of salary and earnings of people, the payment-to-income ratio has remained fairly flat.”
While Capital One reports median monthly car ownership payments have jumped from $390 to $525 since 2019, data provided exclusively to CNBC from its automotive unit suggest that vehicle costs have stayed relatively stable compared with income. That’s because, overall, the payment-to-income ratio has remained flat at approximately 10% since 2019, according to the automotive arm of the American bank.
Capital One Auto found 80% of car purchasers who finance a vehicle are below the generally recognized payment to income threshold of 15%.
“The consumer is being cautious. They’re being responsible. This is a much healthier way to do things than the alternative, because it’s not a discretionary spend,” said Yajnik, referring to consumers prioritizing vehicle payments for transportation, including work.
To get to that goal, however, more consumers are taking on longer loans to keep payments affordable.
The auto finance veteran’s view contrasts with others in the industry who view the longer term loans as a detriment to consumers’ pocketbooks.
They argue that so-called “forever loans” of six years or more have led to many buyers, particularly of new vehicles, being underwater on the equity of their cars and trucks. That means they owe more than their vehicle is worth when they decide to trade it in.
Edmunds reports roughly 26% of used vehicles purchased that involved a trade-in vehicle had negative equity this year through April. The amount of negative equity averaged $5,105, a 35% increase from 2019.
“As loan term lengths increase on average, the pace at which consumers make progress paying down their balance slows,” Jessica Caldwell, head of insights for CarMax‘s Edmunds, wrote in a recent online post. “If consumers then trade in their vehicle too soon for any reason, they are increasingly left holding more loan debt.”
Regarding financing for new vehicles during the first quarter, 90.2% of new vehicle loans involving trade-ins with negative equity carried terms of at least 72 months, and 43% extended to 84 months, according to Caldwell. The average negative equity trade-in was $7,183 during the quarter for new vehicles, according to Edmunds.
Those figures have been climbing since 2022, when inflated used vehicle values caused by a pandemic-fueled chip shortage insulated more shoppers from carrying debt into their next vehicle.
Consumers need to keep their vehicles for more time to make the long loans worth it, according to Yajnik. But that can also cause increases in maintenance costs as well as the likelihood that a vehicle needs repairs that exceed its value or has to be scrapped altogether.
“Yes, it takes longer to get your equity, but in the meantime, you get a use of the car, and you’re earning money,” said Yajnik, a 28-year veteran of Capital One who has led the automotive lending division since 2008.
The average listed price of a used vehicle was $25,390 in March, according to Cox’s most recent data. That compares to new vehicles, which depreciate faster, at $48,667.
Cox Automotive reports if all other things are equal on a loan, financing for a $30,000 vehicle at a 9% annual percentage rate would cost $3,100 more on an 84-month term than a 48-month loan. However, there’s a $264 difference in the monthly payments, which Yajnik said makes it more affordable for many consumers, especially those in lower income brackets.
“There’s obviously going to be pockets that have problems, but one has to start from a different place, which is, for which reason are people buying cars, and are they doing so irrationally?” Yajnik said.
It will not dock directly in Tenerife but will instead anchor out at sea and its passengers will be ferried to the vast industrial port of Granadilla, in the south-east of the island, well away from residential areas. Soon after their arrival they will be repatriated, or, in the case of the 14 Spaniards aboard, taken to Madrid to be quarantined.
