Disney's Star Wars: The Mandalorian and Grogu "suffered a catastrophic 70% drop in its second weekend," reports Variety, suggesting the movie isn't finding audiences "beyond an aging group of core fans."

"Despite playing on far more screens, The Mandalorian and Grogu landed in third place on weekend charts behind Backrooms and Obsession." (described as "two buzzy horror films.") Suprisingly, both movies were directed by 20-something YouTube stars, "and cost nearly nothing to produce." Analyst Jeff Bock of Exhibitor Relations tells Variety, "We knew indie horror was hot, but we didn't know how hot. It's actually competing with the big summer blockbuster." Directed by 20-year-old Kane Parsons, "Backrooms" has earned $118 million globally so far... With a production budget of roughly $10 million, it's already one of the most profitable movies of the year. Though a sequel hasn't been announced, Parsons has already started toying with the idea of turning "Backrooms" into a film franchise... [The "Backrooms" premise seems to have originated on 4chan, then expanded in a YouTube video Parsons filmed when he was 16.] "Backrooms" also ranked as the biggest debut in history for original horror, as well as the best start for a first-time filmmaker on a non-franchise film. Parsons is the youngest director, by far, to have the No. 1 film at the box office. Based on Parsons' hit web series, "Backrooms" follows a furniture store owner (Chiwetel Ejiofor) who finds a secret doorway that leads him to a seemingly endless stretch of nondescript rooms. When he disappears, his therapist (Renate Reinsve) ventures into the unknown to rescue him.

Nearly 85% of audiences were under the age of 35, and more than 50% were 25 or younger, according to PostTrak data. Parsons and [26-year-old Obsession director/writer Curry] Barker are part of a wave of YouTubers who have turned their talents to the big screen — and brought their enormous, youthful fanbases along with them. Earlier this year, YouTube creator Mark Fischback directed, self-financed and distributed the horror film "Iron Lung," which earned a stellar $50 million against a $3 million budget.

What's all the more impressive is that "Backrooms" and "Obsession" aren't cannibalizing each other at the box office. In fact, "Obsession" rose 10% from the prior weekend, which was already up a stunning 39% from its solid $17 million debut. It's defying box office norms as the first film since "E.T. The Extraterrestrial" in 1982 to see ticket sales increase in its second and third weekends outside of the holiday season, according to Focus. After three weekends of release, "Obsession" has grossed $106 million domestically and $148 million worldwide against a mere $1 million production budget.
The first-weekend box office for The Mandalorian and Grogu was the worst since 2002's Attack of the Clones, but then it's second-weekend drop in sales was also the largest ever, reports ScreenRant. The next-worst drop in sales (for a second weekend) was 2017's The Last Jedi, they point out, but The Last Jedi was dropping from a 2.5x larger debut. Their article suggests The Mandalorian/Grogu box office "may not ever hit a total large enough for the titular duo to return to the big screen," although it could eventually show a profit. "While it likely won't break even in theaters, it will earn additional revenue from merchandising on top of its impending streaming, video on demand, and physical media releases."

Variety adds that Disney "is hoping that next summer's Star Wars: Starfighter, an original adventure directed by Shawn Levy and starring Ryan Gosling, serves as a fresh start for the franchise."

"In the future, AI agents will be able to find one another using the Domain Name System (DNS), instead of crawling about and probing ports or checking configured resources," writes The Register.

InfoWorld writes that "numerous proprietary agent registries are on the market, but the Linux Foundation suggests we simply extend the distributed, open Domain Name System (DNS) infrastructure we already have." The foundation is now inviting contributions to the DNS-AID project, a standard way for AI agents to discover, verify, and communicate with one another over DNS that requires no new infrastructure. It enables agents and Model Context Protocol (MCP) servers to use DNS as a global, vendor-neutral directory.

While many details remain to be worked out, the proposal suggests domain owners create a new well-known address that can provide a starting point for agents looking for one another: _index._agents.{domain}. This approach ensures that agent discovery remains scalable, secure, and compatible with the protocols that underly the internet, the Linux Foundation said.
The Linux Foundation descrbes DNS-AID as enabling a standard way for AI agents to discover and communicate with one another. "By leveraging the internet's existing Domain Name System (DNS) infrastructure, DNS-AID provides a robust, decentralized alternative to the centralized registries and hardcoded URLs currently limiting AI interoperability."

The standard was originally developed by Infoblox, their announcement notes, but "Because the protocol is implementation-agnostic, it functions across any DNS provider, ensuring that organizations maintain control over their agent infrastructure without relying on proprietary, centralized services."

The state of Ohio — one of America's hot regions for data center construction — "is suspending a tax break that has been critical to its competition with other states," reports the Associated Press.

The move "comes as tax breaks for energy-hungry AI data centers are increasingly playing a role in state budgets," the article points out. But they also note the expanding data center industry "is under pressure to pay the full costs" The size of Ohio's tax break skyrocketed, dwarfing previous projections, as opposition to data centers is sweeping through cities, suburbs and towns there and prompting lawmakers to form a committee to study the impact. In the meantime, residents are trying to bypass the GOP-controlled Legislature and get a referendum on November's midterm election ballot that's designed to permanently ban hyperscale data centers, likely the strictest such statewide ban under consideration in the U.S... The state, in 2024, had used previous history in projecting that the exemption would total $136 million in fiscal 2025 and $142 million in fiscal 2026. It was $554 million in 2024 and nearly $1.6 billion in 2025, the state reported...

State tax breaks for the massive data center industry are facing growing criticism by governors and lawmakers... Thirty-eight states have some form of a sales tax break for data centers, according to the National Conference of State Legislatures... [Though many were passed before 2022, when data centers were smaller.] Ohio's exemption is fairly broad, applying not only to construction materials, but to the expensive equipment — such as server racks and cooling systems — used in data centers. Operators might buy new server racks every couple of years as the technology improves.

Rockstar Games has a 2,000-employee studio in Scotland called Rockstar North. And Thursday its workers announced they'd formed a union, reports the gaming news site Aftermath: The union [part of the wider Independent Workers of Great Britain (IWGB) union] includes workers from Rockstar Games offices in Leeds, London, Edinburgh, Dundee, and Lincoln, the Rockstar Games Workers Union said in a YouTube video published on Thursday... Last year, Rockstar Games employees told Aftermath that the company's insistence on return-to-office policies was a problem for many workers.

Rockstar Games, for its part, claimed the policies were related to productivity and security concerns... The video posted Thursday outlines what happened over the past several months, starting with the firing of more than 30 Rockstar Games employees in October 2025 for what the company said was "discussing confidential information in a public forum," a Rockstar Games spokesperson said in a statement to Bloomberg in November. The union disagreed: It said at the time that the workers were gathered in a private Discord server with employees and union organizers — the beginnings of the union announced Thursday. The IWGB is working to fight the firings in court.

Workers and outside union supporters gathered globally after the employees were fired, in front of Rockstar Games' offices, to protest what the union called union busting by Rockstar Games... "We believe the [firings] were unlawful and retaliatory — connected to the workers' collective activity of organizing at Rockstar," IWGB Game Workers Union co-founder Austin Kelmore told Aftermath at the time. "This action by Rockstar came shortly after reaching 10 percent of eligible workers at Rockstar in the union...." [10% is the threshhold for legal recognition by the U.K. government.] The workers have received support from government officials; in December, UK Prime Minister Keir Starmer called the firings of the unionizing workers "a deeply concerning case."

A senior CIA official, David Rush, was arrested after investigators found more than $40 million in gold bars and about $2 million in cash at his Virginia home. According to the New York Times, "The only charge lodged against David Rush is that he inflated his academic credentials and obtained military leave pay worth tens of thousands of dollars." From the report: The court papers describe Mr. Rush as a "former senior executive service-level employee at a United States government agency." People familiar with the investigation say he until very recently held a senior position at the C.I.A. In a joint statement, the C.I.A. and F.B.I. said the arrest occurred on May 19, after the agency alerted the bureau. "After a C.I.A. internal investigation identified potential violations of the law, C.I.A. Director John Ratcliffe referred the information to the F.B.I. for a law enforcement investigation," the statement said.

From last November to March, the court papers say, Mr. Rush asked for, and received, "a significant quantity of foreign currency and tens of millions of dollars in gold bars for work-related expenses." When the C.I.A. conducted a review of where the gold and currency were stashed, the agency was "unable to locate the gold bars or significant amounts of the foreign currency," according to court papers.

On May 18, F.B.I. agents searched Mr. Rush's home and found "approximately 303 gold bars, each of which weighed approximately one kilogram," according to an affidavit. Based on the price of gold, the affidavit said, the estimated value of the gold exceeded $40 million. Investigators also seized nearly three dozen luxury watches, many of them Rolexes. The court papers do not indicate why Mr. Rush appears to have kept so much gold, and $2 million in U.S. currency, in his home, or what work project would have required him to amass such wealth.

Valve's Steam Deck has sold out again despite a steep price increase that pushed the 1TB OLED model as high as $949 -- about $300 above its original price. "Even with the $300 price bump, the Steam Deck sold out after less than 24 hours back in stock," reports IGN's Jacqueline Thomas. "I don't know how many units Valve was able to stock into its store, but it does seem like Valve spent a couple weeks building up its stock before putting the handheld back on its store." IGN reports: Over the last couple weeks, Valve has been receiving plenty of "game console" shipments from China. At first, I thought this was a sign that the company was getting ready to finally release the Steam Machine, but it looks like at least a portion of these shipments â" if not all of them -- were Steam Deck restocks. That's a lot of Steam Decks to sell through at these inflated prices, but it's also possible that Valve is just staggering its stock so that its delivery infrastructure isn't overwhelmed.

Now its just a question of when the Steam Deck will come back in stock. Before yesterday, the Deck was sold out for months. At the time, it was the most affordable way to get into PC gaming, especially in the face of the RAM crisis. That's no longer true, but it looks like the Steam Deck's popularity is enough to make it sell out regardless. Maybe the higher price will at least help Valve keep it in stock for people who still want to buy it, no matter the cost. Earlier this week, Valve announced a price increase of more than 40% for two of its Steam Deck models, citing "rising memory and storage costs."

The price changes, according to Valve, reflect "the current state of component costs and other global logistical challenges across the industry as a whole."

"The 512GB tier of its OLED handheld gaming PC -- the newer model with an upgraded display -- will now cost $789, an increase of 43%," notes the BBC. "The larger 1TB model will cost $949, an increase of 46%."

IBM and Red Hat are committing $5 billion to a new initiative called "Project Lightwell," which aims to secure open-source software supply chains with AI-assisted vulnerability discovery, triage, patch validation, and upstream maintenance. Longtime Slashdot reader wiggles shares a press release from IBM: IBM and Red Hat today announced Project Lightwell, a $5 billion commitment backed by new frontier AI capabilities and a global force of more than 20,000 engineers to help enterprises secure open source software. Together, these investments establish a new model for enterprise use of open source software, from upstream development through production environments.

Project Lightwell will establish a trusted enterprise clearinghouse combined with a global force of engineers to identify and fix vulnerabilities at scale. The clearinghouse will serve as a security coordination layer, using advanced AI capabilities to validate and test fixes across an unprecedented volume of open source code. These capabilities will be offered through commercial subscriptions, allowing enterprises to integrate secure patches directly into their existing software supply chains with enterprise-grade validation and lifecycle management.

IBM and Red Hat have already begun collaborating with a select group of early adopters on Project Lightwell, including Bank of America, BNY, Citi, Goldman Sachs, JPMorganChase, Mastercard, Morgan Stanley, Royal Bank of Canada, State Street, Visa and Wells Fargo. The real-world insights from these initial deployments will actively shape how vulnerabilities are identified, validated, and remediated at scale across complex software supply chains.

An anonymous reader quotes a report from CNBC: Federal prosecutors charged a Google employee with fraud on Wednesday, alleging that he made $1.2 million off of bets using insider information on Polymarket. Prosecutors claim that Michele Spagnuolo, a staff information security engineer at Google, used confidential information to place trades correctly betting that singer d4vd would be Google's most searched person in 2025. Spagnuolo has been charged with money laundering, commodities fraud and wire fraud. The complaint, filed in the Southern District of New York, was unsealed on Wednesday.

Spagnuolo was arrested Wednesday morning in New York, ABC reported. "Spagnuolo had access to Google's internal data systems, including a particular Google internal software tool that provided him access to confidential, nonpublic Year in Search data," the prosecutors said in their complaint. Some observers of the Polymarket platform flagged the user "AlphaRaccoon" back in December for suspicious trades on the most searched person contracts. The complaint Wednesday said that Spagnuolo was the person behind that account. "Google officially and publicly announced its Year in Search 2025 results on or about December 4, 2025. Soon after it did so, Spagnuolo's AlphaRaccoon account, profited approximately $1.2 million on his Google Year in Search 2025-related bets," the complaint said.

[...] Spagnuolo is also facing a civil case from the Commodity Futures Trading Commission, where he's charged with insider trading. The complaint detailed that Spagnuolo correctly predicted the outcomes of a slew of other search markets, including contracts like "Will Zohran Mamdani rank in the Top 5 most searched" and "Will Squid Game be the #1 searched TV show." "Spagnuolo misappropriated the material Confidential Information by knowingly or recklessly using it to trade the 2025 Year in Search List Contracts in breach of his duties of trust and confidentiality," the CFTC complaint alleged.

Meta will begin testing paid subscriptions for its Meta AI app and website, with a $7.99/month Meta One Plus plan and a more capable $19.99/month Meta One Premium plan offering. The test will start next month in Singapore, Guatemala, and Bolivia as Meta looks for AI revenue beyond advertising while continuing to offer a free tier. CNBC reports: Naomi Gleit, the head of product at Meta, revealed the subscription testing in an Instagram video, announcing that the plans "give people who use Meta AI more to work with, more capacity, bigger, more complex requests, and more room to create for businesses and creators."

Meta One Plus will cost $7.99 a month and the Meta One Premium plan will cost $19.99 a month, the company confirmed. The more expensive version offers users additional computing capacity to produce more comprehensive responses and other advanced features. The company will continue to provide a free version of the app and site.

"We're offering premium tools that allow you to enhance presence, supercharge content, automate tasks, and protect your brand," Gleit said in the post. "We're also thinking about how to bring this all together in a way that makes sense."

An anonymous reader quotes a report from The Verge: How newsrooms should use AI -- or if they should at all -- has been a recurrent debate within the media industry over the last several years. Increasingly, these rules are being hammered out at the bargaining table between unions and publishers. Right now, employees at The New York Times are gearing up for a fight. Unionized staff with the Tech Guild say Times management has refused to provide the union with information related to how the company has used AI, its plans for AI use in the future, and how it will affect employees' jobs and workflow. (The union filed an unfair labor practice charge earlier this month.) The Tech Guild, a NewsGuild of New York unit of around 700 software engineers, designers, product and project managers, and data analysts, also filed grievances saying Times management violated their collective bargaining agreement when it started using two internal AI tools that track and evaluate employee performance and activity.

[...] Both the Tech Guild and the Times Guild (which represents 1,500 editorial, ad sales, and support staff at the Times) filed unfair labor practice charges against the Times, saying that company violated labor law by refusing to respond to their requests for information around AI use at the outlet. The Times did not respond to specific questions about how it uses DX and Glean, but spokesperson Danielle Rhoades Ha said in an email that the company disagrees with the characterizations made in grievances and that it would respond as part of its "normal contractual process." "Likewise, we will respond to this Request for Information (RFI) in due course as we've done with 80+ other RFIs from the Guild in recent years," Rhoades Ha said.

The Times Guild is currently bargaining a new contract, pushing for robust protections against AI, like requirements that a human is behind any AI tool being used, that any journalism utilizing AI is transparently labeled, and that staff are compensated for AI model training deals the company might make. The Times deploys artificial intelligence tools for some reporting, like using it to parse millions of documents related to Jeffrey Epstein or scan satellite images of Gaza to try to find where Israel had dropped a specific kind of bomb. [...] [Ben Harnett, a software engineer at the Times and chair of the unit's generative AI committee] emphasizes that the unit's position is not that AI shouldn't ever be used, but that workers should have a say in how it's deployed. Metrics like how many tokens an employee uses or how often they're using AI to do their jobs create pressure to do more and incentives that don't align with doing quality work. "It's going to distract [you] from actually doing a good job, which is what we think the company should want," he says. Two of the contentious AI tools mentioned in the report are DX and Glean. DX is an engineering productivity tool that tracks a developer's output, generative AI use, efficiency, and other related metrics. Meanwhile, Glean is an internal knowledge-search tool that indexes materials like wikis, GitHub documents, Google Docs, and emails so employees can query company information.

The concern, according to Times Tech Guild members, is that data meant to measure broader developer experience is now being applied to individuals and cited in performance or disciplinary contexts. There's also worry that it could be used to monitor individual contributions and produce false or misleading results.

YouTube will begin automatically labeling videos when its systems detect "significant" photorealistic AI use, while also making AI-content disclosures more visible below long-form videos and directly on Shorts. "We've heard consistently from our community that they value transparency when it comes to generative AI content," YouTube said in a blog post. "These changes are designed to balance transparency with creator control." Variety reports: Under YouTube's guidelines, creators will still be required to manually disclose when they use realistic AI. But starting this week, it also will roll out a new internal system to help identify AI-generated content. "If a creator doesn't specify whether or not they used AI, but our systems detect significant photorealistic AI use, we will now automatically apply a label," YouTube said.

YouTube creators who believe their content was incorrectly flagged as AI-generated can modify the disclosure status using the YouTube Studio tool. However, according to YouTube, the AI labels will "remain permanent" in some cases, including for content created using YouTube's own AI tools (such as Veo or Dream Screen) and for content that contains C2PA metadata (based on standards from the Coalition for Content Provenance and Authenticity) that indicates it was fully AI-generated.

In addition, YouTube is moving the disclosure label for photorealistic and meaningfully AI-altered or AI-generated content to a more prominent position. Until now, YouTube labeled AI content in a video's expanded description. Going forward, for long-form videos, the AI label will now appear directly below the video player and above the description. For YouTube Shorts, the label will appear as an overlay on the video itself. "The goal here is context at a glance. If it looks real but was made with AI, viewers will know immediately," said Rene Ritchie, YouTube head of editorial and creator liaison. He added that the AI labels alone "do not affect how our videos are recommended or whether they can earn money. This is purely about giving viewers the right information at the right time."

wiredmikey shares a report from SecurityWeek: Anthropic says its Claude Mythos model discovered thousands of severe vulnerabilities across more than 1,000 open source software (OSS) projects. According to the AI giant, Mythos Preview has identified more than 23,000 potential vulnerabilities. Of these, 1,900 have been reviewed by external security firms, and 1,726 have been confirmed, including over 1,000 rated "high" or "critical" severity.

The findings are still being reviewed, and Anthropic estimates that nearly 3,900 critical and high-severity vulnerabilities will be confirmed based only on current findings. As the scans are ongoing, the company believes the number of severe vulnerabilities may reach 6,200. Anthropic says more than 1,100 unverified findings have been reported to vendors, and 75 issues with a critical or high severity rating have been patched. Vendors have published 65 security advisories. "The number of patches is still relatively low for three reasons. First, we're still early in the 90-day window that's set out in our Coordinated Vulnerability Disclosure policy: we expect many more patches to land soon," the AI company explained.

"Second, we are likely to be undercounting patches because some vulnerabilities are patched without a public advisory: in those cases, we're reliant on scanning for the patches ourselves using Claude. Third, the low volume of patches reflects a genuine problem: even at our relatively slow pace of disclosures, Mythos Preview is adding to an already-overloaded security ecosystem," it added.

Spain has temporarily blocked Polymarket and Kalshi while it investigates whether the prediction-market platforms are violating gambling laws by operating without a license. Engadget reports: The country's ministry in charge of consumer affairs said it blocked the websites as a precautionary measure pending an official investigation. This investigation will determine if the platforms violate Spain's gambling laws. It's set to complete within the next four months and could mandate that these companies require specific administrative licenses to operate.

California lawmakers are moving to exempt most open-source operating systems from the state's upcoming age-verification law after backlash from Linux and privacy advocates who warned that the original rules could force decentralized projects to collect users' ages. The amendment would likely shield major Linux distributions, though SteamOS and other Linux-based platforms tied to proprietary app stores may still face compliance questions. Tom's Hardware reports: Assembly Bill 1856 (AB 1856), currently moving through California's legislature ahead of committee reviews in June, would amend the state's earlier age-assurance law by excluding software distributed under licenses that allow users to "copy, redistribute, and modify the software." The proposed amendment specifically states: "Operating system provider" does not mean a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.

The amendment follows months of backlash after California passed the original Assembly Bill 1043 (AB 1043), formally known as the Digital Age Assurance Act, in late 2025. The law sought to shift online age verification away from individual websites and apps and down to the operating-system level instead. Under the original law, operating systems would be required to request a user's age or birth date during device setup, then expose an "age bracket signal" to apps and app stores. The law, which defined brackets such as "under 13," "13-15," "16-17," and "18+," immediately raised questions about how such requirements would apply to decentralized, open-source software ecosystems. [...]

AB 1856 does not repeal the original Digital Age Assurance Act. Instead, it narrows the definition of who qualifies as an "operating system provider" under the law. Commercial platforms with proprietary app ecosystems could remain subject to California's age-assurance requirements even if most open-source Linux distributions are ultimately exempted. California Assembly Member Buffy Wicks introduced the amendment on February 11, 2026. However, the open-source exemption language appeared in later revisions that began drawing attention across Linux and privacy communities. The latest version is dated May 18, 2026, and as of May 19, 2026, the bill was read a second time and ordered to third reading.

"Canonical says Ubuntu Pastebin will be decommissioned at the end of May 2026," writes Slashdot reader BrianFagioli, "as part of an infrastructure modernization effort." The announcement only appeared this week, giving the Linux community barely any warning before a service that has been tied to Ubuntu support culture for years suddenly disappears.

Ubuntu Pastebin has long been used for sharing logs, crash reports, config files, and terminal output across IRC, Ask Ubuntu, forums, bug reports, Reddit, and countless troubleshooting guides scattered around the internet. The bigger concern is link rot. Once the shutdown happens, years of old support discussions could lose critical debugging information overnight. Community members have already pointed out that some Ubuntu packages and scripts still reference paste.ubuntu.com directly.

While it is understandable that aging services eventually get retired, the extremely short transition period is rubbing many Linux users the wrong way, especially in a community where old documentation and archived troubleshooting threads still regularly help people solve problems a decade later.