Tech & AI Roundup — June 9, 2026

Apple's WWDC AI Overhaul, Meta's Smart Glasses Privacy Blunder, and the Linux Typo That Opened Root Access

Apple's WWDC 2026: "Siri AI" Arrives, macOS 27 Ends the Intel Era

Apple's WWDC 2026 keynote delivered the most significant software overhaul in years, centered around a deeply integrated AI assistant. The headline: "Siri AI" — a dramatically more conversational version of Siri powered by a two-tiered AI model system running both on-device and on Google Cloud.

Apple revealed that some Siri AI models run on Google's servers, but insisted they do so without giving Google access to user data through private cloud compute technology. The system encrypts and processes user requests in secure enclaves that even Google cannot access. It's a technically interesting middle ground between on-device privacy and cloud-scale intelligence, though privacy advocates are watching closely.

On the OS side, macOS 27 "Golden Gate" requires Apple Silicon — officially ending support for Intel Macs. The move was widely expected but still significant: it draws a clean line under the Intel transition that started six years ago, forcing remaining Intel Mac users to upgrade or stay on macOS 26. iOS 27 and iPadOS 27, by contrast, drop support for zero iPhone models and only a handful of older iPads, continuing Apple's pattern of long device support on mobile while pushing the Mac ecosystem forward.

Apple also reiterated its privacy-first stance on AI, publishing detailed transparency reports showing that its private cloud compute infrastructure handled zero data breaches since launching. Whether that holds as Siri AI scales to millions of daily queries remains the open question.

Meta Pulls Facial Recognition from Ray-Ban Smart Glasses — One Day After Discovery

Meta removed facial recognition code from its Ray-Ban Meta smart glasses just one day after independent researchers discovered it was present in the latest firmware. The company offered no explanation for why the feature was there, and did not commit to whether or when it might return.

Ray-Ban Meta glasses already include a camera, microphone, and Meta's AI assistant. Adding facial recognition — even in what Meta described as an "experimental prototype" — would have raised severe privacy and regulatory concerns, particularly in Europe where strong biometric data protections exist under the GDPR and AI Act. The incident highlights the tension between Meta's AI ambitions and its track record on privacy, as the company pushes deeper into wearable AI hardware while regulators watch for enforcement opportunities.

The discovery came as Meta also filed a legal motion alleging that NSO Group violated a prior injunction by developing new WhatsApp spear-phishing attacks, asking a US court to hold the spyware firm in contempt.

Microsoft Packages Laced with Credential Stealer — Second Incident in Weeks

For the second time in weeks, malicious packages on Microsoft's own platforms have been found laced with credential-stealing malware. Security researchers identified 73 packages on npm and PyPI that deploy a self-replicating credential stealer as soon as they are opened, particularly targeting AI agents and automated build pipelines.

The malware is designed to propagate autonomously: once an AI agent or developer runs the package, the stealer extracts stored credentials, API keys, and environment variables, then uses them to infect downstream dependencies. The attack surface is significant because AI coding agents increasingly install packages autonomously to complete tasks, without human review of each dependency.

The incident follows a similar Microsoft supply-chain compromise just weeks earlier, raising questions about whether the company's package registry security measures are keeping pace with the explosion of AI-driven package consumption. For enterprises running AI coding assistants, the attacks underscore the need for strict dependency scanning and agent sandboxing.

Linux Kernel Zero-Day: Single Errant Character Opened Root Access

A single errant character in the Linux kernel introduced a high-severity use-after-free vulnerability that attackers can exploit to escape sandbox protections and gain root access. The bug, introduced in a seemingly mundane code change, creates a memory safety issue that bypasses standard kernel hardening measures.

While the vulnerability requires local access to exploit, it is especially dangerous in containerized and cloud environments where attackers typically need to escape a container sandbox to reach the host kernel. The bug affects all major Linux distributions and patches have been issued. The incident is a reminder that kernel security can hinge on the smallest errors — a single character slipped through code review in one of the most scrutinized codebases on the planet.

Quick Hits

• FCC lifts Amazon's Kuiper deadline: The Federal Communications Commission gave Amazon more time to launch its LEO satellite broadband constellation, easing what was previously a looming regulatory deadline for Project Kuiper.
• Russian GPS jamming tests: New analysis suggests Russian satellites can jam GPS signals on a continental scale, raising concerns about navigation infrastructure resilience in conflict zones.
• Falcon 9 reuse record: A Falcon 9 booster turned five years old and set a remarkable reuse record, underscoring SpaceX's dominance in launch economics.
• AI weather models questioned: Ars Technica published a critical analysis arguing that the AI revolution in weather and climate science isn't as revolutionary as claimed, with physics-based models still outperforming pure ML approaches in key areas.
• Meta alleges NSO violated spyware injunction: WhatsApp disrupted new NSO Group spear-phishing attacks and asked a US court to hold the Israeli spyware firm in contempt for violating a prior injunction.