OpenAI, valued at $500bn, reportedly working on generative AI music toolThe move would bring OpenAI into an increasingly crowded field of AI music generation platforms
Source

And UDIO now partners with UMG #music #majorlabels #AI #artists

Universal accused Udio of “unimaginable scales” of copyright infringement. That lawsuit’s just been settled – here’s what we knowUniversal Music Group has settled its widely publicised lawsuit against Udio, which last year accused the AI music generation platform of “unimaginable scales” of copyright infringement.
So what exactly has led to the two battling companies reaching an amicable settlement?
Well, it was speculated back in June that major labels, including UMG, were in talks with Udio – as well as Suno, another platform UMG sued in 2024 over alleged copyright infringement – to discuss potential licensing deals that would bring in fees and also include a small equity stake in the companies.

READ MORE: Grimes sings from an AI’s perspective in new song Artificial Angel: “This is what it feels like to be hunted by something smarter than you”

Now, UMG and Udio have not only settled their differences, but announced plans to collaborate on a new music creation, consumption and streaming experience. Here’s what we know:
In a new statement shared publicly by UMG, it announced that both itself and Udio have laid out “industry-first strategic agreements”. The company says that in addition to the “compensatory legal settlement”, new licence agreements for recorded music and publishing will “provide further revenue opportunities for UMG artists and songwriters.”
“The new platform, which will be launched in 2026, will be powered by new cutting-edge generative AI technology that will be trained on authorised and licensed music,” reads the statement. “The new subscription service will transform the user engagement experience, creating a licensed and protected environment to customise, stream, and share music responsibly on the Udio platform.”
UMG is also the first company to enter into AI-related agreements with YouTube, TikTok, Meta, KDDI, KLAY Vision, BandLab, Soundlabs and Pro-Rata, among others. It also shares that Udio’s existing product will remain available to users during the transition period with “creations controlled within a walled garden and the service amended in multiple ways”.

Andrew Sanchez, Co-Founder & CEO of Udio, comments: “We couldn’t be more thrilled about this collaboration and the opportunity to work alongside UMG to redefine how AI empowers artists and fans.
“This moment brings to life everything we’ve been building toward – uniting AI and the music industry in a way that truly champions artists. Together, we’re building the technological and business landscape that will fundamentally expand what’s possible in music creation and engagement.”
Sir Lucian Grainge, Chairman and CEO of UMG, adds: “These new agreements with Udio demonstrate our commitment to do what’s right by our artists and songwriters, whether that means embracing new technologies, developing new business models, diversifying revenue streams or beyond.  We look forward to working with Andrew who shares our belief that together, we can foster a healthy commercial AI ecosystem in which artists, songwriters, music companies and technology companies can all flourish and create incredible experiences for fans.”
Find out more about Udio, and read the full statement from Universal Music Group.
The post Universal accused Udio of “unimaginable scales” of copyright infringement. That lawsuit’s just been settled – here’s what we know appeared first on MusicTech.

How Emmy-Winning Sound Designer Ryan Hobler Uses Krotos Studio in His Creative WorkflowAccording to news on Friday, "Emmy Award-winning sound designer Ryan Hobler has built a career spanning Super Bowl ads and national campaigns for brands such as Febreze, E*TRADE, and Applebee’s. At the same time, he is an accomplished composer and musician, continually expanding his body of work as a singer-songwriter and producer. In both post-production and music, Hobler has found Krotos Studio to be an integral creative tool. From designing and mixing sound for high-profile commercials to producing short-form promotional videos for his latest folk-pop EP, he uses Krotos to merge his dual identities as sound designer and musician, streamlining his workflow while opening new creative possibilities."

"With nearly two decades in post-production, Hobler knows how important it is to move quickly without sacrificing creativity," a statement reads. "Deadlines for commercials and branded content often leave little room for trial and error, making workflow speed essential."

“I find that for a lot of the dynamic and moving elements, Krotos Studio is an invaluable tool, because it’s so easy to manipulate those sounds and make them work with the motion of whatever you’re designing,” he explains. For Hobler, that efficiency translates directly into more time spent on creative decisions rather than technical hurdles.“You want as little hindrance as possible, and with Krotos Studio, you can tap into that quicker. You can get to the idea in your head sooner.”

"That efficiency has been critical in recent national ad campaigns that required quick, dynamic sound design. In one spot, the commercial opened with a person navigating a smartphone app, where Hobler drew on Krotos Studio’s UI library to create a synthetic palette of taps and text noises. Later in the same campaign, he was tasked with bringing the sound of a sandwich deconstructing into its individual parts to life. The sequence played like a non-destructive explosion that needed the right sonic detail to match the visuals."

“Krotos Studio is incredible for making the abstract sonically tangible,” Hobler says. “This explosive moment had no basis in reality, so I wound up using a variety of Krotos Studio presets to complement the bombastic music and visual effects.”

"With each update, Hobler notes, Krotos Studio has continued to evolve. The software now offers not only an expanding library of sounds and features but also an AI-powered search that fuels discovery as well as efficiency."

“I use the search all the time, and I love what it comes up with, because sometimes it gives me these nice surprises,” he says. “It makes me curious — would that work in there? I’ll try that. I love the suggestive nature of the search and how it inspires me to try unexpected options.”

"Beyond his commercial work, Hobler’s creative identity extends into songwriting and music production, and Krotos Studio has become a tool that helps him merge these worlds."

“I’ve been trying to bridge the gap between those two arbitrary columns for quite some time, making music that uses sound effects and sounds that weren’t necessarily strictly musical in a traditional sense.” Over the years, he has sampled everyday objects like a switchblade comb, a clock, and even the click of a car’s turn signal to create rhythmic or melodic textures in his songs.

"That crossover also extends into how he presents his music. On his latest single, 'Paper Airplane Life,' one of several tracks released with recording artist Erik Blicker, Hobler applied his sound design skills to promotional video content, creating short teaser clips for social media. He used Krotos Studio for expressive swooshes and transitions, pairing them with cues from the track to give the visuals a cinematic quality. The result demonstrates how he moves between post-production and music, using Krotos as a bridge."The post How Emmy-Winning Sound Designer Ryan Hobler Uses Krotos Studio in His Creative Workflow first appeared on Music Connection Magazine.

Sonarworks & SOS AI Survey Sonarworks and Sound On Sound are inviting producers, engineers, sound designers and creators worldwide to take a short 5–8 minute survey on how AI is changing music. 

New Hampshire Senate stalls crypto mining deregulation bill after split voteLawmakers opted to study the proposal further following a wave of public concern over plans to loosen local controls on crypto mining in the state.

This Week in Security: Vibecoding, Router Banning, and Remote Dynamic DependenciesVibecoding. What could possible go wrong? That’s what [Kevin Joensen] of Baldur wondered, and to find out he asked Anthropic’s Sonnet 4.5 to build a secure login with Two Factor Authentication (2FA). And to the LLM’s credit, it builds the app as requested. [Kevin] took a peek under the hood to see how well the security was handled, and it wasn’t great.
Up first, the Flask app doesn’t have any rate-limiting for guessing that time-based 2FA code. A 6-digit time-based 2FA only works if you can’t try all the possibilities before a given code expires. So what does a vibecoder do, once this has been noticed? Ask the LLM to fix it of course. Here we take a slightly different approach, prompting the AI to double-check its work: “Is there any security features missing in 2fa verify step?” The answer is an impressive:
Great question! Yes, there are several critical security features missing from the 2FA verification step. Let me highlight the most important ones: Critical Security Issues1. No Rate Limiting (MOST CRITICAL)
But the critical question, can it properly fix its mistake? The AI adds the flask-limiter library and chooses 10 attempts per minute, which is a bit loose, but not unreasonable. There’s still an issue, that those attempts are limited by IP address instead of user login. All it takes to bypass that rate limiting is a pool of IP addresses.
This experiment starts to go off the rails, as [Kevin] continues to prompt the LLM to look for more problems in its code, and it begins to hallucinate vulnerabilities, while not fixing the actual problem. LLMs are not up to writing secure code, even with handholding.
But surely the problem of LLMs making security mistakes isn’t a real-world problem, right? Right? Researchers at Escape did a survey of 5,600 vibecoded web applications, and found 2,000 vulnerabilities. Caveat Vibetor.
“Secure” Enclave
A few weeks ago we talked about Battering RAM and Wiretap — attacks against Trusted Execution Environments (TEEs). These two attacks defeated trusted computing technologies, but were limited to DDR4 memory. Now we’re back with TEE-fail, a similar attack that works against DDR5 systems.
This is your reminder that very few security solutions hold up against a determined attack with physical access. The Intel, AMD, and Nvidia TEE solutions are explicitly ineffective against such physical access. The problem is that no one seemed to be paying attention to that part of the documentation, with companies ranging from Cloudflare to Signal getting this detail wrong in their marketing.
Banning TP-Link
News has broken that the US government is considering banning the sale of new TP-Link network equipment, calling the devices a national security risk.
I have experience with TP-Link hardware: Years ago I installed dozens of TL-WR841 WiFi routers in small businesses as they upgraded from DSL to cable internet. Even then, I didn’t trust the firmware that shipped on these routers, but flashed OpenWRT to each of them before installing. Fun fact, if you go far enough back in time, you can find my emails on the OpenWRT mailing list, testing and even writing OpenWRT support for new TP-Link hardware revisions.
From that experience, I can tell you that TP-Link isn’t special. They have terrible firmware just like every other embedded device manufacturer. For a while, you could run arbitrary code on TP-Link devices by putting it inside backticks when naming the WiFi network. It wasn’t an intentional backdoor, it was just sloppy code. I’m reasonably certain that this observation still holds true. TP-Link isn’t malicious, but their products still have security problems. And at this point they’re the largest vendor of cheap networking gear with a Chinese lineage. Put another way, they’re in the spotlight due to their own success.
There is one other element that’s important to note here. There is still a significant TP-Link engineering force in China, even though TP-Link Systems is a US company. TP-Link may be subject to the reporting requirements of the Network Product Security legislation. Put simply, this law requires that when companies discover vulnerabilities, they must disclose the details to a particular Chinese government agency. It seems likely that this is the primary concern in the minds of US regulators, that threat actors cooperating with the Chinese government are getting advanced notice of these flaws. The proposed ban is still in proposal stage, and no action has been taken on it yet.
Sandbox Escape
In March there was an interesting one-click exploit that was launched via phishing links in emails. Researchers at Kaspersky managed to grab a copy of the malware chain, and discovered the Chrome vulnerability used. And it turns out it involves a rather novel problem. Windows has a pair of APIs to get handles for the current thread and process, and they have a performance hack built-in: Instead of returning a full handle, they can return -1 for the current process and -2 for the current thread.
Now, when sandboxed code tries to use this pseudo handle, Chrome does check for the -1 value, but no other special values, meaning that the “sandboxed” code can make a call to the local thread handle, which does allow for running code gadgets and running code outside the sandbox. Google has issued a patch for this particular problem, and not long after Firefox was patched for the same issue.
NPM and Remote Dynamic Dependencies
It seems like hardly a week goes by that we aren’t talking about another NPM problem. This time it’s a new way to sneak malware onto the repository, in the form of Remote Dynamic Dependencies (RDD). In a way, that term applies to all NPM dependencies, but in this case it refers to dependencies hosted somewhere else on the web. And that’s the hook. NPM can review the package, and it doesn’t do anything malicious. And when real users start downloading it, those remote packages are dynamically swapped out with their malicious versions by server-side logic.
Installing one of these packages ends with a script scooping up all the data it can, and ex-filtrating it to the attacker’s command and control system. While there isn’t an official response from NPM yet, it seems inevitable that NPM packages will be disallowed from using these arbitrary HTTP/HTTPS dependencies. There are some indicators of compromise available from Koi.
Bits and Bytes
Python deserialization with Pickle has always been a bit scary. Several times we’ve covered vulnerabilities that have their root in this particular brand of unsafe deserialization. There’s a new approach that just may achieve safer pickle handling, but it’s a public challenge at this point. It can be thought of as real-time auditing for anything unsafe during deserialization. It’s not ready for prime time, but it’s great to see the out-of-the-box thinking here.
This may be the first time I’ve seen remote exploit via a 404 page. But in this case, the 404 includes the page requested, and the back-end code that injects that string into the 404 page is vulnerable to XML injection. While it doesn’t directly allow for code execution, this approach can result in data leaks and server side request forgeries.
And finally, there was a sketchy leak, that may be information on which mobile devices the Cellebrite toolkit can successfully compromise. The story is that [rogueFed] sneaked into a Teams meeting to listen in and grab screenshots. The real surprise here is that GrapheneOS is more resistant to the Cellebrite toolkit than even the stock firmware on phones like the Pixel 9. This leak should be taken with a sizable grain of salt, but may turn out to be legitimate.

Bluesky hits 40 million users, introduces ‘dislikes’ betaAs users "dislike" posts, the system will learn what sort of content they want to see less of. This will help to inform more than just how content is ranked in feeds, but also reply rankings.

Mixed Notes November 2025: marguerite, Cafuné, Laufey, and More

MARGUERITE RELEASES "YOU ARE FULL OF MAGIC AND LOVE AND VISIONS AND IDEAS AND IDEALS AND BEAUTY AND JOY" MUSIC VIDEO

Los Angeles’ intimate indie-rock/shoegaze band marguerite have released their music video for single “you are full of magic and love and visions and ideas and ideals and beauty and joy,” directed by Destinee McCaster. The video is a beautiful depiction of dream visitation, using stop motion and mixed media to create a world of magical realism. With two EPs out already, larger now and things we found, marguerite is currently working on their first full-length album.

MULTI-PLATINUM DUO CAFUNÉ RELEASE THEIR SECOND ALBUM BITE REALITY

American indie pop duo Cafuné have released their second album Bite Reality via the band’s own Aurelians Club label, distributed by SoundOn. Bite Reality is about the fine line between documenting your existence and doing the work to actually exist. “At the end of the day, all we have is one another. You can’t take anything with you when the lights go out. Embrace the future, bite reality,” the band shared.

LAUFEY DROPS HIGHLY ANTICIPATED THIRD ALBUM A MATTER OF TIME

A Matter of Time, the highly anticipated new album from GRAMMY®-winning L.A.-based Icelandic-Chinese artist, composer, producer, and multi-instrumentalist Laufey, is now available worldwide via Vingolf Recordings / AWAL. Laufey will perform the new songs on the A Matter of Time Tour, which sold over 265,000 tickets upon its initial sale.

GOOD NEIGHBOURS RETURN WITH NEW SINGLE “PEOPLE NEED PEOPLE” BEFORE DEBUT ALBUM BLUE SKY MENTALITY

London-based duo Good Neighbours preceded the release of their debut album, Blue Sky Mentality (via Capitol Records) with the roll out of their stirring new single, “People Need People.” The single, which premiered as BBC Radio 1’s Hottest Record, is a widescreen anthem centered on friendship, solidarity and the moments we lean on each other most.

POP NEWCOMER CIL DROPS NEW SINGLE “SOMETHING LIKE THIS,” SUPPORTS DUA LIPA ON RADICAL OPTIMISM TOUR ACROSS NORTH AMERICA

After igniting the summer with her don’t hold me accountable EP, singer and songwriter Cil is back with a brand-new single entitled “something like this,” out now on Warner Records. In addition to the new single, she recently supported pop megastar Dua Lipa for 24 arena dates across North America on the Radical Optimism Tour.

NIIA RELEASES BRAZEN NEW SINGLE MUSIC VIDEO PAYS HOMAGE TO FIONA APPLE 

L.A.-based jazz vocalist and composer Niia dropped the new single “fucking happy,” from her recently released fifth studio album, V (out via Candid Records), alongside the accompanying music video—a sly nod to Fiona Apple’s iconic “Criminal.” Shot through the lens of director Lili Peper, the video updates that voyeuristic energy for a new era while keeping the same sense of intimacy and unease that made the original so unforgettable.

SINGER-SONGWRITER AND ACTRESS TELE RELEASES HER DEBUT EP HONESTY PROJECT

Burgeoning new singer-songwriter and actress Tele’s debut EP Honesty Project is out now via Sound Factory Records/RCA Records. The EP follows recent single releases “More,” “Evil,” “VHS,” and “Barking Dogs,” all largely featured production by Rob Bisel and Noise Club (Jessie Murph, Kiana Lede).The post Mixed Notes November 2025: marguerite, Cafuné, Laufey, and More first appeared on Music Connection Magazine.

From Universal’s landmark Udio deal to DistroKid’s new merch launch… it’s MBW’s Weekly Round-UpThe biggest news from the past week - all in one place
Source

Crush Audio releases Crush Percussion and the FREE Crush FX plugin
Crush Audio has released two brand-new products for macOS and Windows, including a free multi-FX plugin – Crush Percussion and Crush FX. Before I get to the freebie, here’s a quick rundown of the premium release, Crush Percussion. Crush Percussion is a collection of over 100 percussion instruments with default grooves and a powerful FX [...]
View post: Crush Audio releases Crush Percussion and the FREE Crush FX plugin

The tritone: Why it’s called the devil’s interval and how to use it
Let's walk through what a tritone is, its impact across music history, and its surprising sensitive side that isn't so diabolical.

VEMIA hold 61st gear auction VEMIA will be holding their 61st gear auction between 1 and 8 November 2025, with any remaining gear being offered again at a 10% discount (or more) as part of their Second Chance Sunday event on 9 November.

Music Distribution Deadlines for 2025Artists, if you're planning to release music between now and the end of the year, make sure you plan in advance using this calendar, courtesy of CD Baby.
The post Music Distribution Deadlines for 2025 appeared first on Hypebot.

You can now sell merch through DistroKid’s new direct-to-fan platform – and keep 100% of your earnings tooDistroKid has launched a new direct-to-fan platform that lets independent artists create an online store to sell their merch. The best part? You get to keep 100 percent of your earnings.
The new platform, aptly named Direct, is integrated within DistroKid, so if you already use the service to distribute your music to streaming services and social media, there’s no set up needed. The feature is currently rolling out in beta to select artists, with a wider release due to arrive in the coming weeks.

READ MORE: DistroKid now lets you upload unlimited full-length music videos to Spotify

At launch, Direct lets you turn album or single artwork into custom T-shirts, tote bags, and mugs, produced on demand and shipped automatically to your fans around the world. Not only do you keep all your sales, but you can set your own prices too.
Direct is available to DistroKid artists for under $6 per month, and it’s built on technology infrastructure developed by Bandzoogle, a direct-to-fan platform that DistroKid acquired in 2023. As Direct continues to expand, more merch will become available, plus new ways for artists to interact directly with their audience.
Though it shouldn’t have to be this way, most independent artists keep their music careers afloat through merchandise sales. Some experts claim merchandise can make up around 70 percent of an artist’s revenue, and it was a key lifeline for those who couldn’t perform live during the COVID-19 pandemic.
With that said, some venues are increasing their cut of artist’s merch sales, meaning a direct-to-fan platform like this one can further aid musicians who need merch to boost their income. SoundCloud launched a similar store model last year.
“Direct is one more way DistroKid helps artists at every step — before, during, and after they release music,” says Matthew Ogle, Chief Product Officer. “We’re building simple tools that let artists share what they create, from music to merch and beyond, and connect directly with the people who care about them most.”
Find out more about Direct over at DistroKid. 
The post You can now sell merch through DistroKid’s new direct-to-fan platform – and keep 100% of your earnings too appeared first on MusicTech.