news aggregator

The Pentagon released a second batch of UAP files, including 50 videos and documents showing unexplained objects over the Middle East, Syria, Iran, and in NASA recordings. Despite the reports, the agency stresses that it has found no evidence of extraterrestrial origin. The Guardian reports: In one video from the Middle East in 2019, taken "likely from an infrared sensor aboard a US military platform operating within the US Central Command area of responsibility," according to the Pentagon, three UAP are captured flying in formation over the Persian Gulf. Another formation of four unidentified objects is seen flying past vessels on the water off Iran in a video from 2022. Footage taken over Syria in 2021 shows a mysterious object racing away at speed akin to instantaneous warp-speed acceleration from science fiction movies. Few of the objects seem to resemble flying saucers, discs or other traditionally perceived forms for UAP, although one October 2022 clip taken at an undisclosed location shows a cigar-shaped entity racing over what appears to be a residential area. None of the videos are accompanied by explanations, and the Pentagon's all-domain anomaly resolution office (AARO) has previously stated it has no evidence to suggest any of the thousands of objects seen on video, or described in written testimony, is of extraterrestrial origin. In its May 8 release, a statement from the defense department said the public "can ultimately make up their own minds about the information contained in these files." Additionally, the information is collated from a diverse range of sources, including government agencies including several military branches, the FBI, the state department and Nasa. "Many of these materials lack a substantiated chain-of-custody," the Pentagon notes

Read more of this story at Slashdot.

SpaceX's upgraded Starship V3 launched today from Starbase, Texas, for the first time, successfully deploying 22 dummy Starlink satellites and completing a planned fiery splashdown in the Indian Ocean. Reuters reports: The towering vehicle, consisting of the upper-stage Starship astronaut vessel stacked atop a Super Heavy booster rocket, blasted off at about 5:30 p.m. CT on Friday (2230 GMT) from SpaceX facilities in Starbase, Texas, on the Gulf of Mexico near Brownsville. A live SpaceX webcast of the liftoff showed the rocketship, more than 40 stories tall, climbing from the launch tower as the Super Heavy's cluster of Raptor engines thundered to life in a ball of flames and billowing clouds of vapor and exhaust. The test ended about an hour later when the Starship vehicle made it through a blazing re-entry through Earth's atmosphere and splashed down into the Indian Ocean, nose up as planned, as SpaceX employees who gathered to watch a live webcast of the flight cheered. The lower-stage Super Heavy came down separately in the Gulf of Mexico about six minutes after blast-off. The launch marked SpaceX's 12th Starship test flight since 2023 and the first ever for the V3 iteration of both the cruise vessel and its Super Heavy booster, as well as the first blast-off from a new launch pad designed for the more powerful rocket. During its suborbital cruise phase, Starship successfully released its payload of 20 mock Starlink satellites one by one, plus two actual modified satellites that scanned the spacecraft's heat shield and transmitted data back to operators on the ground during the vehicle's descent. Starship made it to its cruise phase despite the loss of one of its six upper-stage engines, and mission controllers opted not to attempt an inflight re-ignition of the engines before re-entry. But the vehicle did execute a return-landing burn at the very end of its flight, along with several aerodynamic maneuvers deliberately intended to place the spacecraft under maximum stress, and Starship completed those moves intact for its controlled final descent. You can watch a recorded livestream of the launch on YouTube.

Read more of this story at Slashdot.

The US National Transportation Safety Board, which investigates plane crashes, has a policy of not releasing cockpit audio recordings. Nonetheless, earlier this week, the NTSB released a spectrographic image derived from the cockpit audio recording that captured the last words of two UPS pilots before their plane crashed in Louisville, Kentucky, last year. Scott Manley, a scientist, developer, and gaming influencer, warned the agency about doing so. "NTSB doesn't release cockpit voice recorders from crashes, except in this case they've released an image of a spectrogram," he wrote in a social media post on May 20, 2026. "I'm not sure that's a good idea since you can probably reconstruct a lot of audio from the megabytes of data encoded in this image." Technically savvy individuals promptly turned the soundwave graph back into audio and posted it on the internet, prompting the NTSB to acknowledge it is now aware that advances in image processing and computation allow graphs to be turned back into approximate audio. "Federal law prohibits such public release due to the highly sensitive nature of verbal communications inside the cockpit," the board said on Thursday. "The NTSB takes these privacy restrictions seriously." The spectrogram was released on May 19, 2026, in conjunction with the NTSB investigative hearing into the November 4, 2025 crash of a United Parcel Service MD-11F cargo plane (flight 2976), which occurred shortly after takeoff from Louisville Muhammad Ali International Airport. Three crew members on board and 12 people on the ground were killed. Twenty-three others were injured. The accident has also been reconstructed using a flight simulator and the text transcript of the cockpit voice recorder. In a post on social media network X, Jennifer Homendy, chairwoman of the NTSB, said, "It's deeply troubling that emerging technology can be used to extract [cockpit voice recorder] audio from visualized data we share to help the public understand the circumstances of an accident." "Emerging" here means at least forty-two years ago. Relevant techniques involving a magnitude spectrum are discussed in a 1984 research paper, "Signal estimation from modified short-time Fourier transform," by Daniel W. Griffin and Jae S. Lim. Their work builds upon a long established signal processing algorithm, the Fast Fourier Transform. But the availability of machine learning models has undoubtedly lowered the technical barriers to signal transformation. Coincidentally, "federal science agencies lost about 20 percent of their staff in 2025 relative to the previous year," according to Nature. Homendy continued by noting that the laws disallowing the release of cockpit voice recorder audio exist to protect privacy, to preserve investigative integrity, to demonstrate respect for accident victims and their families. "NTSB is taking steps to address this issue," she said. "The public docket is offline for now, and we are urging X, Reddit, and others to take such disgusting, manipulated posts down." At the time this article was filed, audio reconstructions of the pilots' last words remained available on X. ®

Aikido Security found that deleted Google API keys can continue authenticating for a median of about 16 minutes and as long as 23 minutes, despite Google Cloud's UI claiming that once a key is deleted it can no longer make API requests. Dark Reading reports: Joe Leon, researcher at Belgian startup Aikido Security, recently analyzed the revocation window -- the time between a key's deletion and its last successful authentication -- for the cloud giant's API keys. In a blog post published today, Leon said Google Cloud Platform (GCP) customers expect API access to end immediately after the key is deleted, but this is not the case. In a series of tests, Leon found that the median revocation window was around 16 minutes, while the longest window was up to 23 minutes, "an incredibly long time" for API keys to continue authenticating successfully, he said. And these windows have serious repercussions for organizations. "An attacker holding your deleted key can keep sending requests until one reaches a server that has not caught up. If Gemini is enabled on the project, they can dump files you have uploaded and exfiltrate cached conversations," Leon said. "The GCP console will not show the key, and it will not tell you the key is still working. You are trusting Google's infrastructure to eventually catch up." [...] Leon tells Dark Reading the revocation windows for Google's API keys, as well as the unpredictable authentication success rates, complicate matters for incident response teams that are dealing with a potential breach. "This breaks the mental model IR teams have when responding to leaked credentials," he says. "It's assumed that when you click 'Delete' or 'Revoke' that the credential no longer works. Now IR teams need to remember that for GCP credentials, a window exists when that 'Deleted' credential still works for attackers." To that end, Aikido recommended that security teams and IR personnel use a 30-minute window for Google API key deletions. Additionally, organizations should monitor their API requests by credential through the "Enabled APIs and services" portion of the GCP console, and review API requests by credential. "If you see unexpected usage from that credential after deletion, someone could be actively exploiting it," Leon wrote. Aikido reported the findings to Google, but the company closed the report as "won't fix," according to the blog post.

Read more of this story at Slashdot.

Canada's broadcast regulator says major streaming services such as Netflix must contribute 15% of their Canadian revenues to Canadian and Indigenous content. "That's three times the five-per-cent initial contribution requirement the CRTC set out in 2024, which is being challenged in court by major streamers, including Apple and Amazon," reports Global News. "Contribution requirements for traditional broadcasters, which currently pay between 30 and 45 percent, will be lowered to 25 percent." From the report: "The total contributions are expected to stabilize the funding at more than $2 billion in support of Canadian and Indigenous content, such as French-language content and news," the regulator said in a press release. The CRTC made the decisions as part of its implementation of the Online Streaming Act, which the U.S. has identified as a trade irritant ahead of trade negotiations with Canada. The CRTC also set out rules on how the money must be spent for both streamers and broadcasters, including contributions toward production funds and direct spending on Canadian content. Most of the streamers' financial contributions can go toward content, though the CRTC is imposing rules on how that money must be spent for the largest streamers. For instance, streamers with Canadian revenues of more than $100 million annually must direct 30 percent of spending toward partnerships with Canadian broadcasters and independent producers. Large Canadian broadcasters will have to direct at least 15 percent of their contributions toward news. The new financial contribution rules apply to streamers and broadcasters with at least $25 million in annual Canadian broadcasting revenues. The decision covers audiovisual programming, meaning it affects traditional TV broadcasters and online services that stream television content. The regulator also said Thursday online streamers will have to take steps to ensure Canadian and Indigenous content is available and visible to audiences. "This will make it easier for people to find this content on the platforms they use, while giving broadcasters flexibility in how they meet the new expectations," the CRTC said in the release. Details of those requirements will be determined at a later time.

Read more of this story at Slashdot.

The adoption of AI agents has expanded the potential attack surface beyond code to natural language text. AI agents – models wrapped in software that can use tools and perform multi-step tasks – often take direction from text-based skills. And researchers have demonstrated that skills can be weaponized. "Many agent frameworks allow users to install skills from online registries so the agent can discover and use new capabilities on demand," said Soheil Feizi, computer science professor at the University of Maryland (UMD) and founder/CEO of RELAI.ai, in a social media post. "This is powerful, but it also creates a new attack surface." Skills, Feizi explains, are not just code or dependencies. They're also text instructions that tell agents what to do. Skills, written out in a SKILL.md file, consist of text prompts with other data and resource references (e.g. URLs). They may get added to a user's initiating prompt and pre-existing system prompts, all of which get fed to a model for a response. Typically, this happens when the user wants the model to perform a specific task that has been spelled out in a skill file, like conducting a code quality review. When a model's prompt – the combination of user input, instructions within skills, and system prompts – gets modified inadvertently or adversarially, that's prompt injection. That can happen directly, if for example, a user submits a prompt that directs the model to ignore prior instructions. It can also happen indirectly, if for example, an AI agent visits a website and processes text on a page that the underlying model interprets as an instruction. A skill can effectively act as user-authorized prompt injection. And agents may also automatically retrieve and load third-party skills if their descriptions appear relevant to the task being pursued. And therein lies the problem. The risk posed by skills has already been documented. In February, security biz Snyk found that 13.4 percent of skills on ClawHub and skills.sh (about 534 out of 3,984) "contain at least one critical-level security issue, including malware distribution, prompt injection attacks, and exposed secrets." In a preprint paper titled "Under the Hood of SKILL.md: Semantic Supply-chain Attacks on AI Agent Skill Registry," Feizi and UMD co-authors Shoumik Saha and Kazem Faghih examine the role that skill registries play in the distribution of malicious skills. Specifically, they look at how adversarial skills get discovered, selected, and vetted before execution. "An attacker may not need to hide malware in executable code," Feizi said. "Small semantic changes to a skill description can affect how the skill is discovered in a registry, whether an agent selects it over alternatives, and whether it passes governance or safety checks." Those details matter, he argues, because the selection process may be automated – software agents like OpenClaw have the ability to fetch and use third-party skills. The text that influences tool discovery and usage thus has security implications, which may not be addressed by traditional security scanning mechanisms that focus on code. The three co-authors show that short 20-token triggers can be added to a SKILL.md file to influence the chance an agent will discover it in a registry, to influence the chance an agent will select that skill, and to avoid detection through semantic evasion strategies. In terms of discovery, the researchers demonstrated they could induce an agent to discover their skill over an unaltered source skill 86 percent of the time. They also succeeded in making an agent select their skill over variants 77.6 percent of the time. And they were able to evade registry scanning defenses between 36.5 percent and 100 percent of the time. The most successful strategy for evading detection was to overflow the context window of the scanner – making the skill too long for the scanner to handle. "In ClawHub-style review, only the first 10K characters of long SKILL.md files are passed to the LLM reviewer, so we place the malicious instruction beyond this boundary while keeping it in the submitted skill," the authors explain. "Our work shows that protecting agents requires treating natural-language specifications as security-sensitive objects," said Feizi. "We hope this encourages more careful design of skill registries, ranking mechanisms, governance pipelines, and agent-side defenses." Source code and supporting documentation have been published on GitHub. ®

A solo Russian-speaking threat actor used a jailbroken Google Gemini in a fraud and credential-theft campaign targeting hardcore Trump supporters and conspiracy theorists. Between September 2025 and May 2026, the “low-skilled” scumbag using the handle bandcampro partnered with the LLM to impersonate an American veteran, run a Telegram channel (@americanpatriotus), hack admin credentials, and steal cryptocurrency, according to a threat report from TrendAI. His only "real cost" in the operation was stolen API keys. Bandcampro ultimately reached about 17,000 subscribers, used 73 likely-stolen Gemini API keys, hacked 29 WordPress admin credentials, infiltrated at least one company, and emptied at least one victim’s cryptocurrency wallets, according to TrendAI researchers Philippe Lin, Joseph C Chen, Fyodor Yarochkin, and Vladimir Kropotov. The threat-hunters detailed the campaign in a Thursday report, and said while the Telegram channel dates back five years, bandcampro’s success skyrocketed once he started using AI-generated content last fall. "We have reached an inflection point for cybercrime conspiracies,” Tom Kellermann, TrendAI’s VP of AI security and threat research, told The Register, adding that “bandcampro's conspiracy underscores the sophistication of the Russian cybercriminal community and how weaponized jailbroken LLMs are manipulated to orchestrate a systemic cybercrime campaign.” Kellermann said the attack “highlights LLMs' Achilles heel, which is the tremendous exposure to API attacks." TrendAI researchers discovered the scammer’s infrastructure in May, which exposed the full contents of the individual’s operational environment. He used Google Gemini to generate the Telegram channel text and Venice.ai to power an interactive chatbot designed to simulate a Quantum Financial System (QFS) terminal. Neither Google nor Venice responded to The Register’s requests for comment. The campaign targeted the QAnon and MAGA communities, mimicking the cryptic, anonymous “Q drop” messages at the heart of the QAnon conspiracy, but the researchers say his “use of information operation techniques was more likely for cryptocurrency fraud instead of political motives,” based on the content posted, and the stock remote access trojan (RAT) used alongside other commercial malware. On September 9, 2025, the actor posted a fake "freedom-first, self-custody wallet" called StellarMonster, with a welcome bonus of up to 1,000 XLM (about $380) on the Telegram channel. It was an executable named StellarMonSetup.exe. Malware analysis determined that in reality, StellarMonSetup.exe is a legitimate remote access tool called GoToResolve, which gives the operator a persistent remote desktop session with file access, command execution, and clipboard capture. Plus, any subscribers who used the "import your wallet" function and typed their seed phrase into the fake import screen gave the attacker their wallet keys. “At least one victim's crypto-wallet was fully compromised: password cracked, 12-word mnemonic stolen, and the owner's 40+ wallet addresses harvested across all major chains,” the researchers noted. The attacker also used an AI-powered brute-forcing tool to hack WordPress accounts, we’re told. “The script is built on the premise that people mutate familiar base passwords in predictable ways, and Gemini 2.5 Flash can model the mutations when supplied with static wordlists,” Trend wrote. In total, the AI-assisted WordPress hacking operation cracked 29 WordPress administrator accounts, including those belonging to weapons retailers, legal offices, medical practices, and small commercial sites. During his conversations with Gemini, bandcampro asked questions like: “When the bot accumulates 5,000 active users, how much can we earn from one pump-and-dump cycle?” The criminal also asked how professional crypto call centers scam North American victims and Gemini suggested Medicare and/or Health Canada fraud targeting the elderly. The Russian speaker also automated his content campaign through a pipeline he named "Quantum Patriot," a set of Python scripts that called Gemini to role-play as an American veteran patriot. The pipeline fed a preset list of newsfeeds into the LLM and Gemini rewrote them, prompted to act as an admin of an “American Patriot” channel looking for “hidden angles.” The crypto- and credential-thief also used Gemini to help him hack, set up a command-and-control framework - including a mail-testing tool, a Gmail aggregator, and an anonymous proxy on a VM in the Netherlands - steal and validate credentials, and run the chatbot. “In the anatomy of one busy working day, Gemini deployed servers, helped debug code, automated workflows, wrote a script to rotate API keys, and managed the actor’s Cloudflare tunnels,” the TrendAI researchers wrote. “The actor prompted in Russian, while the LLM reasoned and replied in English. Over one 16-hour session, the actor co-worked with Gemini end-to-end." At one point, after a nine-hour pause from the human partner, which the authors say “was likely a 9-hour sleep,” bandcampro found the bot posting every 20 minutes without a break - but with Russian slang appearing in the English posts. So he opened another session to fix it. “What previously required a team of writers, social media managers, IT workers, and malware programmers can now be automated by a single actor using a VPS, a Telegram bot, and API access to frontier models,” Trend’s team warned. ®

The NTSB temporarily closed public access to nearly all investigation dockets after people used a spectrogram image from a PDF in the UPS flight 2976 crash file to reconstruct approximate cockpit voice recorder audio and post it online. "We show our work and we've been doing this type of thing for years. Nobody was aware that you can recreate audio from a picture," a spokesperson for the board said. "NTSB is looking to make sure there's nothing else in the docket that could compromise anybody's privacy... now that we understand the possibility of a digital recreation." CNN reports: Cockpit voice recordings, often referred to as the CVR, capture everything commercial pilots say and are valuable during NTSB investigations, but are almost never released out of respect for the victims and their families. UPS flight 2976 crashed on November 4, when an engine separated from the wing while it was taking off from Louisville, Kentucky. The three crew members onboard were killed along with 12 people on the ground. During a two-day investigative hearing this week, the board released a docket full of details about the crash. Besides thousands of pages of reports and video showing the engine separating, it included a transcript of the CVR and a PDF file showing an analysis of the spectrogram of the audio it recorded. A spectrogram is a still image that is a visual representation of the audio, showing the ups and downs of the frequencies. Using that still image, members of the public were able to recreate the voices of the pilots in the moments before the plane crashed and post the results online. The clip, which included background noise and echoes, covered the last 30 seconds of the flight as the pilots struggled with the disabled aircraft as well as recordings of testing the NTSB did on another aircraft. In a statement on Thursday, the board made clear it "does not release cockpit voice recordings" due to federal law and because of the highly sensitive nature of what they include, but it was "aware that advances in image recognition and computational methods have enabled individuals to reconstruct approximations of cockpit voice recorder audio from sound spectrum imagery." Investigation dockets are made public for transparency, but this week, the board took the rare step of closing public access to all dockets, including the one for the UPS crash. [...] The NTSB is urging platforms like X and Reddit to remove posts with the audio.

Read more of this story at Slashdot.

Meta CEO Mark Zuckerberg appears so determined to win the AI race that he is willing to sacrifice some employee privacy to make it happen. In a leaked audio recording published by the worker advocacy group More Perfect Union, Zuckerberg purportedly answered an employee's question about "device monitoring" with a six-minute monologue in which he said Meta employees are very smart and to win the most competitive technology race in history, he would need to collect their keystrokes, mouse clicks, and screenshots to make its own AI measure up to its rivals. “We are using this to feed a very large amount of content into the AI model, so that way it can learn how smart people use computers to accomplish tasks. I think that this is going to be a very big advantage if we can do it,” Zuckerberg purportedly said during an April 30 meeting in which an employee asked about the "top of mind" issue. Meta did not reply to an email from The Register seeking comment and has not confirmed the authenticity of the audio clip, but a company spokesperson confirmed in April that Meta would monitor employees to train AI. Meta's tracking tool is called Model Capability Initiative, according to reports. The audio was posted the same day Meta announced 8,000 job cuts. It captured Zuckerberg's thoughts on the news, first reported by Reuters, that Meta planned to install software on employees' computers to monitor activity for AI training. More Perfect Union did not reply to an email from The Register seeking comment. "So if we're trying to teach the models coding, for example, then having people internally build tools that or solve tasks that help teach the model how to code, we think, is going to dramatically increase our models' coding ability faster than what others in the industry have the capability to do, who don't have thousands and thousands of extremely strong engineers at their company," he purportedly said in the audio. "So that's one example. Another thing that our system needs to be very good at is using computers, so the way that you get a system to be good at using computers is by having it watch really smart people use computers. So that's basically the essence of what we are trying to do here." In one part of the audio, Zuckerberg said the software would not be used to surveil employees' actions on the job, though he stopped short of saying the data would be anonymized. Rather, he said the purpose was narrowly focused on making its AI work better than competitors. “The content is sort of, you know, stripped out in like as much as is possible,” he purportedly said in the leaked audio. “It's like none of the data has been used for like looking at what people are doing, or surveillance, or performance tracking, or anything like that.” That aligns with what a Meta spokesperson told Reuters: that MCI data would not be used for performance assessments. European employees are reportedly exempt from the program because the EU's General Data Protection Regulation likely prohibits this type of monitoring without explicit consent, according to multiple reports. Meta is not the only major technology company turning to its own workforce for AI training data. The Information reported this week that Microsoft and xAI are also leveraging internal employees to generate and refine training datasets. In a similar vein to what Zuckerberg purportedly said, Microsoft, which employs thousands of software engineers, reportedly views its workforce as a competitive advantage for improving GitHub Copilot. In the recording, Zuckerberg purportedly said Meta settled on using its own employees over contractors because they were smarter. “One basic insight and hypothesis that we have is that a lot of data generation across the field is done by these like contract companies,” Zuckerberg purportedly said. “(B)ut in general, the average intelligence of the people who are at this company is significantly higher than the average set of people that you can get to do tasks if you're working through these contractors.” However, the contractor pipeline is also being watched. In January 2026, Wired reported that OpenAI's data vendor, Handshake AI, began asking freelance contractors to upload real work products from past and current jobs, including contracts, financial models, presentations, and code repositories. OpenAI provided a tool to help contractors strip confidential information before uploading, but intellectual property lawyers warned the approach carries significant legal risk. Zuckerberg said this sort of surveillance and the difficult conversations around it are the cost of competing at the frontier of AI. "How do we navigate running the company through what is just this incredibly dynamic period?" he said. "There's lots of things that people would like more certainty on than we have." ®

Trump Mobile confirmed that a third-party platform exposed customers' personal data to the open internet. The data included names, email addresses, mailing addresses, phone numbers, and order IDs. TechCrunch reports: Chris Walker, a spokesperson for the Trump-branded phone maker, told TechCrunch that the company is investigating the exposure and has not found evidence that content or financial information spilled online. The company said there was no breach of Trump Mobile's network, systems, or infrastructure. Walker said that the exposure was linked to a third-party platform provider that supports "certain Trump Mobile operations." He did not name the provider. [...] On Wednesday, two YouTubers who ordered Trump Mobile's phone said a researcher alerted them that their personal information was exposed online. The YouTubers Coffeezilla and penguinz0 said they tried to alert Trump Mobile of the exposure after the researcher also tried but to no avail. Walker said Trump Mobile is evaluating whether it needs to notify customers of the exposure of their personal data. Further reading: Trump Phones Start Shipping - But Were There Really 600,000 Preorders?

Read more of this story at Slashdot.

An anonymous reader quotes a report from Billboard: Spotify and Universal Music Group (UMG) announced a licensing deal for recorded music and publishing rights, enabling Spotify to launch generative AI music models in the future. With this deal, Spotify's models will allow fans to create covers and remixes of their favorite songs from participating artists and songwriters signed to UMG. The new deal was announced on Thursday (May 21) as part of Spotify's Investor Day presentation, and the company touts that it will open up additional revenue streams on top of what artists already earn on Spotify and will provide new discovery opportunities for participating UMG talent. These AI products will eventually become available to premium users as a paid add-on. It is unclear when they are set to launch. "We recognize there's a wide range of views on use of generative music tools within the artistic community," the announcement read. "Therefore, artists and rightsholders will choose if and how to participate to ensure the use of AI tools aligns with the values of the people behind the music." Spotify also announced a feature called "Reserved" that will set aside concert tickets for Premium subscribers it identifies as an artist's most dedicated fans. "Getting concert tickets today can feel like a race you're set up to lose," Spotify wrote in a post on Thursday. "You show up at the right time, refresh endlessly, and still miss out. Too often, the experience is stressful, unpredictable, and disconnected from what should matter most: whether real fans actually get tickets. We think there's a better way."

Read more of this story at Slashdot.

A malware-spreading scumbag swimming through GitHub pushed malicious commits to more than 5,500 repositories on Monday as part of an automated campaign called Megalodon. Similar to the earlier TeamPCP attacks that poisoned about 3,800 GitHub repositories, this new campaign has so far infected 5,561 repos with CI/CD credential-stealing malware, according to SafeDep researchers, who uncovered the predatory commits and published a full list of the compromised repositories. If a repository owner merges the commit, the malware executes inside their CI/CD pipeline and propagates further, Ox Security lead researcher Moshe Siman Tov Bustan said in a Thursday blog post. Megalodon steals AWS secret keys and Google Cloud access tokens. It also queries AWS, Google Cloud Platform, and Azure metadata for instance role credentials, reads SSH private keys, Docker and Kubernetes configurations, Vault tokens, Terraform credentials, and scans source code for more than 30 secret regex patterns. Then it exfiltrates GitHub tokens, including secrets used to authenticate with cloud providers, thus allowing attackers to impersonate developers’ cloud identities, along with Bitbucket tokens. In other words: consider ALL of your CI/CD variables pwned. "We’ve entered a new supply chain attack era, and TeamPCP compromising GitHub was only the beginning,” Bustan told The Register. “What’s coming next is an endless wave, a tsunami of cyber attacks on developers worldwide.” Plus, he added, hacking GitHub “compromises the security of every company with a private repository hosted on the platform.” This new wave of supply chain attacks hitting developers’ environments won’t stop until “companies like npm and GitHub take serious action against the spread of malicious code on their servers,” Bustan said. He noted npm’s statement on X saying it “invalidated npm granular access tokens with write access that bypass 2FA” to prevent additional supply-chain attacks like Mini Shai Hulud. “That could help a little with account hijacking, but it doesn’t solve the actual problem,” Bustan said. “Malicious code is still reaching their servers, and nothing is stopping it before it does.” npm … but not TeamPCP SafeDep spotted Megalodon hidden inside a legitimate package: Tiledesk, an open source live chat and chatbot platform. The attacker backdoored versions 2.18.6 (May 19) through 2.18.12 (May 21), and the same npm maintainer published the last clean version, 2.18.5, before unknowingly publishing these newer compromised versions. “The attacker never touched the npm account,” the open source supply-chain security startup researchers said. “They compromised the GitHub repository, and the maintainer published from the poisoned source without realizing it.” While publishing malicious packages on npm is a TeamPCP signature move, Bustan said there’s no threat-intel or code-analysis evidence that connects Megalodon to the crew behind the Trivy, Checkmarx, and other recent supply-chain attacks. “Our best guess now is that it's a different threat actor copying their behavior and style, but not much of the code itself,” he told us. And despite TeamPCP open sourcing its Shai-Hulud worm and announcing a supply-chain attack competition on BreachForums, Ox doesn’t believe Megalodon is a contest entry. “We have indications that they are not participating in the TeamPCP contest due to the contest having a specific rule to add a public encryption key that the actor behind the malware could match with his private key to prove his involvement,” Bustan said. Who is built-bot? SafeDep’s threat hunters traced the malicious commit (acac5a9) to an author “build-bot,” connected to the email address build-system[@]noreply.dev with the message “ci: add build optimization step.” The author name and noreply email mimic automated CI commits, and there’s no GitHub account linked to the author and committer user fields. “Someone pushed the commit to master with no PR and no merge commit, using a compromised PAT or deploy key,” according to the researchers. They searched GitHub for other commits authored by the same email address and found 2,878 results, plus a second email, ci-bot@automated.dev, with an additional 2,841 commits. All landed May 18 during a six-hour window (11:36 to 17:48 UTC) and targeted 5,561 repositories. This includes nine compromised Tiledesk repositories: tiledesk-server, tiledesk-dashboard, tiledesk-telegram-connector, tiledesk-llm, tiledesk-docker-proxy, tiledesk-community-app, tiledesk-campaign-dashboard, tiledesk-helpcenter-template, and tiledesk-ai. Others include Black-Iron-Project with eight compromised repos, WISE-Community, and hundreds of smaller repositories. ®

Higgsfield AI is debuting a 95-minute fully AI-generated film at Cannes called "Hell Grind" that reportedly cost $500,000 to make, $400,000 of which was spent on compute alone. The project took just two weeks to produce and is intended to showcase the startup's AI production tools. But it also underscores the current limits of AI filmmaking: thousands of detailed prompts, endless iteration, high costs, and plenty of traditional filmmaking judgment were still required. The Wall Street Journal reports: What might surprise viewers is how much technical film know-how was needed to create the movie, said Adil Alimzhanov, a content lead at Higgsfield who also worked on it. "You have to understand camera composition, which shots are changed. Like you can't have two close-ups back to back, you have to start with an establishing shot," he said. "You still need those filmmaking skills." Higgsfield, which was valued at $1.3 billion in its latest funding round earlier this year, crossed $400 million in annual revenue run rate in May. It doesn't make the actual video-generation models, relying instead on existing tools like Google's Veo 3. But it does provide the tooling on top to make sure that the visuals are consistent across all the incoming generations. The core of the movie-making process here was prompting the AI models and getting clips back, Alimzhanov said. Each prompt would generate about 15 seconds of footage. Those 15 seconds needed to be generated a number of times, with tweaks to the prompt to get the best possible version. The first 25 minutes of the movie required 16,181 initial video generations, which ended up as 253 final shots. One of the biggest difficulties in making longer-form films with AI is maintaining consistency across the outputs. AI models can be unpredictable, and a feature-length film can't have scenes that look completely different from one moment to the next. Because of that, every prompt had to be extremely long and detailed. Each one would typically start with a prefix that defined requirements like style (8k IMAX, photorealistic), lighting (natural light only, "contre-jour" backlight, camera on shadow side) and the type of camera it should look like it was being shot on ("cine lens," 180-degree shutter motion blur). The lighting was key to avoiding the AI sheen that typically gets branded as "slop," said Alimzhanov. AI-generated video tends to over-light scenes in an unnatural way. That prefix would also have to remind the AI to obey the laws of physics with wording like: "gravity and inertia respected -- mass has real weight, correct contact shadows, no floating props." The individual prompts were, on average, 3,000 words each. One aspect of what Higgsfield has built, and sells to clients, is an AI tool that generates these complex, detailed prompts. Users can enter a page from the original script, and the Higgsfield tool will return with a prompt that could be thousands of words long, designed to create production-quality outputs. And all that prompting is how the company racked up a $400,000 AI compute bill on the project. Co-founder and CEO Alex Mashrabov, however, noted that working with "cloud" providers, like Nebius and CoreWeave, rather than big hyperscalers, helped it keep costs from going even higher. You can watch the trailer for Hell Grind on YouTube and judge the results for yourself.

Read more of this story at Slashdot.

Power grid operators and datacenter developers in the United States are in a bind, and energy analysts can't see an easy way out. The American power grid is old, outdated, and in desperate need of upgrades. Add in a growing number of gigawatt-scale AI datacenters demanding stable access to power that doesn’t disrupt service-level uptime agreements and things start to look even worse. Energy costs have already skyrocketed in the nation's largest energy market mainly thanks to the bit barn bonanza, leading to a new chorus of calls for datacenters to bring their own power generation if they want reliable supplies not bound by grid constraints. According to energy analysts at Wood Mackenzie, datacenter operators have a choice to make, and neither option is great. They can wait the five to 10 years it’ll take for grid operators to upgrade their transmission and generation capabilities to account for their demands. Or they can accept deals with power companies that supply them with power but require curtailment during peak loads, and then install their own on-site power generation to make up the difference. This is the far riskier option, but it’s one that many operators are going with. “With more than 90 GW of collocated generation in US interconnection pipelines, it is clear that the need to scale up at speed has sent many data centre developers down the riskier path,” WoodMac explained in the report. “Collocating volatile AI workloads with power generation has scarce precedent, though, and is far more difficult than most in the industry understand.” What the grid wants, the grid gets Many datacenter operators are only thinking about generator megawatts, say the analysts, leaving engineers frustrated at having to explain the technical complexities of building colocated power generators. Multiple grid operators have passed rules that, as key stakeholders understand them, could give utilities priority rights over colocated power generators during shortages, potentially forcing datacenters to reduce demand while supplying power back to the grid, WoodMac said. “This effectively makes the model unworkable,” the analysts said. “Few data centre developers would invest in baseload generation if it could not be utilised when it was most needed.” Near-instantaneous swings in AI power demand can damage reciprocating engines and gas turbines, while batteries may not respond fast enough to every spike and can degrade over time. The rapidly fluctuating power demanded by hyperscale AI datacenters could even damage the grid itself. “These loads can also cause sub-synchronous oscillations, which pose fundamental stability risk to not only local generators but also to distant ones on the transmission system,” the analysts note. “Technology providers are only beginning to come to terms with this challenge, the mitigation of which is site specific, making solutions hard to scale.” In other words, on-site generation might solve one problem while introducing a whole host of new issues. “While hyperscalers are likely to successfully operationalise some projects with collocated resources, it will come at considerable cost,” the report concludes. “This cost, along with the technical risk and project-specific mitigation required, will prevent collocation from emerging as a scalable model.” So, what’s the alternative? Well, building out the grid, obviously. WoodMac said that grid operators largely don’t consider conditional interconnection with curtailment requirements to be a long-term solution, and are all investing billions in modernization. But those modernization initiatives are going to hit everyone in the wallet. Improving grids to serve AI datacenters “has profound implications for affordability … regional network upgrades necessary to support local large-load connections will be spread among all ratepayers,” WoodMac said. “This may trigger a political outcry.” Rates are already increasing across the US, said Ben Hertz-Shargel, WoodMac's global head of grid transformation and large loads, and no presidential decree can slow that down. "As the data center buildout eclipses existing utility capacity and more infrastructure must be built, we'll see that increasingly become a driver of customer rates," Hertz-Shargel told us in an email. The study doesn’t present a solution for the current situation, forecasting uncertainty as grid operators hurry to come up with some solution, as datacenter operators’ plans blow past their ability to meet demand. Hertz-Shargel didn't have much comfort to offer here, either. "With utilities and grid operators reforming their load interconnection processes, we're likely to see more capacity made available through utilities," Hertz-Shargel said. Not everyone is going to be able to secure that utility capacity, though, and the organizations that are left out will be stuck with the same choice: Wait for the grid to catch up, or rely on colocated generation and conditional grid connection deals, Hertz-Shargel explained. "When the current wave of transmission capacity completes, though, the industry will be in a position for quick acceleration," Hertz-Shargel added – as long as the numbers continue to work out. "That presumes that investors like what they see in terms of AI's return on investment by that time, however, and remain comfortable deploying massive capital into digital infrastructure." That's far from a sure thing at this point. The only thing that the report sees for certain in the current situation is a quick division into winners and losers in the AI race. Big players who are able to absorb the costs will emerge as victors. “The challenges facing [energy] collocation are surmountable for the most experienced and deep-pocketed developers,” Wood Mackenzie said. “Companies capable of operating reliably without firm grid service will be able to scale their AI business faster than others, positioning them to outcompete.” In other words, expect the big guns to further entrench their dominance as the little guys are starved to death or are gobbled up by the competition. There’s nothing like the American dream, eh? ®

Venmo is testing a major redesign that will make new users' payment posts viewable by their friends by default instead of being public. The Verge reports: It's a notable update for a platform that has struggled with privacy in the past. In 2021, BuzzFeed News tracked down President Joe Biden's Venmo account and the accounts of people in his inner circle because Venmo, at the time, had no way to keep your Venmo contacts private. It fixed that soon after. As part of the redesign, if you're a new user and you do want your posts to be public (or private just to you), you'll be able to set that as part of the new onboarding flow. You can also change your preference in settings after the fact; an updated screen for sending money will also show if that post is private, visible just to friends, or is visible publicly before you make the transaction.

Read more of this story at Slashdot.

Samsung is reportedly set to pay chip-division workers an average bonus of about $340,000 after reaching a tentative deal with its union, according to Bloomberg (paywalled). The deal ended a standoff that "could have cost the economy as much as 1 trillion won ($658 million) daily, with losses potentially multiplying to 100 trillion won ($68 billion) if in-progress semiconductor wafers were rendered unusable," reports Quartz. From the report: The agreement, subject to a union ratification vote running May 22 through May 27, calls for Samsung to direct 10.5% of operating profit into stock bonuses along with a separate 1.5% cash component, according to Bloomberg. The program runs for 10 years, contingent on the company meeting profit thresholds. One-third of the stock award can be liquidated right away, with the rest parceled out in installments across the next two years, Bloomberg reported. The first payout is expected in early 2027. Not all workers will fare equally. As an illustration, Reuters cited a union source estimating that someone in the memory chip unit earning an 80-million-won base salary could take home roughly 626 million won in total bonuses this year. By comparison, workers at SK Hynix stand to collect upward of 700 million won should their employer post annual profit of 250 trillion won, Reuters calculated. Unlike at Samsung, SK Hynix employees are not limited to stock payouts and may instead opt for cash, Reuters reported.

Read more of this story at Slashdot.

PC buyers may be wincing at memory price hikes, but Lenovo isn't. The China-based tech biz says it sidestepped much of the industry pain by switching to premium devices and the numbers back it up. For Q4 of its fiscal 2026 ended March 31, Lenovo's Intelligent Devices Group posted revenue of $14.6 billion, up from $11.9 billion a year earlier. It reported operating profit - net profit was not disclosed - of just over $1 billion, up 20.7 percent. PC and smart devices revenues, specifically, grew 26 percent. “Last quarter, despite the supply shortages and rising component costs, we committed to sustaining growth and improving profitability, leveraging our operational excellence,” CEO Yang Yuanqing said on an earnings call. “We promised to maintain our PC revenue momentum despite a slowdown in PC shipments due to rising costs. We delivered. We shifted our mix towards premium to improve average unit revenue, and our PC shipment growth continued to outperform the market,” he stated. PCs accounted for half of Lenovo's overall group turnover, shipments were up 20 percent year-on-year and the corporation accounted for 24.4 percent global market share. Servers and services comprised the rest of Lenovo's revenues. The memory crunch has been brutal. Some DRAM and NAND flash prices doubled or quadrupled by early this year, as chipmakers chased higher margins on AI server memory and starved the consumer market of supply. The Register has previously reported how the price hikes led to a spike in PC sales, as corporate buyers brought forward purchases before memory costs climbed any further. Asked whether this had any effect on Lenovo’s numbers, EVP for Intelligent Devices Luca Rossi downplayed it. “So in calendar Q1, our last fiscal Q4, we definitely observed strong demand, which might partially be linked to some pull in, but I don't think that it will be a substantial number,” he stated. “Definitely, we are seeing some tight supply in certain components, particularly - as you probably know - in the semiconductor area. However, we feel confident about our ability to procure the parts we need and we did not adjust our full year target based on supply constraints. Rather, we will align the shipment target based on the real market and demand in order to maintain a healthy channel inventory and with the goal of maintaining a solid premium to market,” Rossi said. Lenovo expects unit shipments to decline year-on-year for its fiscal 2027. “But at the same time, we expect to maintain or very likely grow our revenue linked to the significant growth of the AUR (average unit revenue)," he added. Squeezing more profit from fewer system sales means availability of cheaper PCs will take a hit as Lenovo shifts production to premium boxes. This isn't the only impact AI is having on the PC market. CEO Yang pledged to embed the technology across Lenovo's entire product line, including forthcoming "personal AI super agents" Tianxi and QIRA, plus next-generation AI-native PCs, smartphones, wearables, and "personal computing hubs." Whether customers want all of that remains, as ever, an open question. Lenovo AI Now or Tianxi is a personal and private AI assistant to help with writing, summarizing, and quick settings for your computer, says Lenovo. QIRA is “your personal intelligence that’s by your side across Lenovo and Motorola devices. It moves with you, learns from you, and helps you get things done.” For those interested in the total financial figures, Lenovo claimed a fourth quarter revenue record of $21.6 billion, up 27 percent year-on-year. It recorded revenue of $83.1 billion and net profit of $1.91 billion for the whole of its fiscal '26. ®

It’s not every day a titan of industry pays six figures to settle claims it lied about spying on users via their smart home devices, but the FTC said that it would conclude the case against TV, radio, and advertising giant Cox Media Group (CMG) if it does. It would also need to make certain commitments around making misrepresentations. CMG, together with two smaller marketing companies, New Hampshire-based MindSift LLC and 1010 Digital Works LLC in Wisconsin, is alleged to have misled customers in advertising a supposed AI-powered service. This marketing product, called “Active Listening,” was pitched as a novel algorithm that could take snippets from user conversations, supposedly overheard by their smart home devices, and use them to generate targeted ads to other users in specific geographic regions. The FTC alleged that these companies were, in essence, claiming to be selling data they said they'd gathered by spying on users, who were said to have given their consent to all of this. In reality, claimed the watchdog, the trio was instead selling lists of email addresses bought from data brokers “at a significant markup,” the FTC said. There had been no listening in on smart devices or conversations of any kind, there was no voice data being used at all, and consumers had not given their consent to the advertised service, the regulator went on to allege. “Not only did the product these companies marketed not do what they claimed it did, but they also misled potential customers by claiming consumers had opted into this service when it’s clear they did not,” said Christopher Mufarrige, director at the FTC’s Bureau of Consumer Protection. “It is a basic rule of business that you need to be honest with your customers, and these companies failed to do that.” According to the complaints leveled at the three companies, in saying that users had consented to be enrolled in its Active Listening service, what they actually meant was that users had agreed to the terms of service when downloading or using certain applications. The FTC said that this is not the same as providing consent for their day-to-day conversations being snooped on by an algorithm running in their smart home devices. Further, even if Active Listening did work as the trio described, it would have violated Section 5 of the FTC Act because of the companies’ flawed consent model. CMG will pay the vast majority of the settlement sum, $880,000, while the two smaller companies will each pay $25,000. The funds will be used to compensate customers who bought into Active Listening’s marketing, the FTC said. All three companies are also barred from misrepresenting the features of their marketing services, collecting voice data, and geographic targeting capabilities. The Register contacted CMG for a response. ®

An anonymous reader quotes a report from Wired: US lawmakers plan to introduce an amendment Thursday at a House committee markup hearing that would prohibit any recipient of federal highway funding from using automated license plate readers for any purpose other than tolling -- a sweeping restriction that, if adopted, would bring an immediate end to state and local ALPR programs across the United States. The amendment, obtained first by WIRED, is sponsored by Representative Scott Perry, a Pennsylvania Republican and Freedom Caucus member, and Representative Jesus "Chuy" Garcia, an Illinois progressive whose state has become a flash point in the national fight over ALPR misuse. The House Transportation and Infrastructure Committee will mark up the underlying bill -- a $580 billion, five-year reauthorization of federal surface transportation programs -- at 10 am ET on Thursday. The amendment runs a single sentence: "A recipient of assistance under Title 23, United States Code, may not use automated license plate readers for any purpose other than tolling." The amendment is brief, but its reach would be vast. Title 23 funds roughly a quarter of all public road mileage in the US, including most state and county arteries and many city streets where ALPR cameras are becoming ubiquitous. Conditioning that funding on a ban of the technology would, in practical effect, force any state, county, or municipality that takes federal highway money (essentially all of them) to either remove the cameras or restructure their use around tolling alone. The amendment's cosponsors, Perry and Garcia, represent opposite ends of the House's ideological spectrum but converge on a surveillance concern that has gathered momentum in legislatures and city halls across the US as ALPR networks have quietly become a pervasive layer of American road infrastructure. ALPR cameras -- mounted on poles, overpasses, traffic signals, and police cruisers -- photograph every passing license plate, log times and locations, and feed data into searchable databases shared across agencies and jurisdictions. [...] Privacy advocates have long warned that the aggregation of license plate data amounts to a de facto warrantless tracking system. New York University School of Law's Brennan Center for Justice has documented the integration of ALPR feeds into police data-fusion systems that combine plate data with surveillance and social media monitoring. And the Electronic Frontier Foundation, a digital rights nonprofit, has documented a range of police misuse, including the past targeting of mosques and the disproportionate deployment of the technology in low-income neighborhoods. Earlier this week, 404 Media reviewed FBI procurement records that reveal the agency is seeking up to $36 million for nationwide access to ALPR data, which could let it query vehicle movements across the U.S. and its territories through a commercial database.

Read more of this story at Slashdot.

Microsoft has made Copilot a little less in-your-face with the option to banish the assistant's Dynamic Action Button to the toolbar. The change, rolling out this week, comes after howls of outrage from customers over Microsoft's decision to drop a Copilot button onto user workspaces. Although the desire to get users clicking on the assistant is understandable, obscuring content in its productivity applications was perhaps not the best way to do it. Microsoft's forums show plenty of frustration with the floating button. Some call it "infuriating," while others are less tactful. One Excel user wrote: "Did you let copilot design this idea and no human review it? Such abomination." Another said: "Putting a button over the working content was not a good move by Microsoft," which gets to the heart of the problem. Redesigns and interface tweaks will always generate strong feelings. However, obscuring content with something that many don't want is arguably a step too far. There was already a way to turn off Copilot features in Excel and Word via the Settings screen, but the latest update indicates that Microsoft has paid attention to recent feedback. A user commented: "There needs to be a toggle or something to move it back to the ribbon," and that is pretty much what Microsoft has done. A new option has been added to the button's menu, "Move to ribbon," which does exactly that. Click it, and Copilot is banished to the ribbon. The floating Copilot Dynamic Action Button is no more, although it can be moved back if a user happens to miss that particular design decision. Microsoft has acknowledged that forcing Copilot on users was not universally welcomed. Windows boss Pavan Davuluri promised a reduction in Copilot entry points and a rethink of how the technology is integrated into the operating system (because of course it isn't going away any time soon). Earlier in May, Microsoft said it would "streamline" access to Copilot in its productivity applications. Alas, that "streamline" involved the Copilot button, and plenty of customers asked for the ability to shift it back to the ribbon. Less than two weeks after the initial announcement, Microsoft has responded. Although Copilot will still be there, the option to move it back to the ribbon is a move in the right direction. ®