news aggregator

An anonymous reader quotes a report from The Register: Security researchers have resurrected a 12-year-old data-stealing attack on web browsers to pilfer sensitive info from Android devices. The attack, dubbed Pixnapping, has yet to be mitigated. Conceptually, it's the equivalent of a malicious Android app being able to screenshot other apps or websites. It allows a malicious Android application to access and leak information displayed in other Android apps or on websites. It can, for example, steal data displayed in apps like Google Maps, Signal, and Venmo, as well as from websites like Gmail (mail.google.com). It can even steal 2FA codes from Google Authenticator. "First, the malicious app opens the target app (e.g., Google Authenticator), submitting its pixels for rendering," explained [Alan Wang, a PhD candidate at UC Berkeley]. "Second, the malicious app picks the coordinates of a target pixel whose color it wants to steal. Suppose for example it wants to steal a pixel that is part of the screen region where a 2FA character is known to be rendered by Google Authenticator, and that this pixel is either white (if nothing was rendered there) or non-white (if part of a 2FA digit was rendered there). Third, the malicious app causes some graphical operations whose rendering time is long if the target pixel is non-white and short if it is white. The malicious app does this by opening some malicious activities (i.e., windows) in front of the target app. Finally, the malicious app measures the rendering time per frame of the above graphical operations to determine whether the target pixel was white or non-white. These last few steps are repeated for as many pixels as needed to run OCR over the recovered pixels and guess the original content." The researchers have demonstrated Pixnapping on five devices running Android versions 13 to 16 (up until build id BP3A.250905.014): Google Pixel 6, Google Pixel 7, Google Pixel 8, Google Pixel 9, and Samsung Galaxy S25. Android 16 is the latest operating system version. Other Android devices have not been tested, but the mechanism that allows the attack to work is typically available. A malicious Android app implementing Pixnapping would not require any special permissions in its manifest file, the authors say. The researchers detail the attack in a paper (PDF) titled "Pixnapping: Bringing Pixel Stealing out of the Stone Age."

Read more of this story at Slashdot.

SpaceX's Starship megarocket successfully completed its 11th test flight, achieving major milestones like engine relight, satellite deployment, and a controlled splashdown in the Indian Ocean. From a report: This mission marks the second clean test run for Version 2, following a successful showing during its last test mission in August. Earlier this year, however, Starship Version 2 suffered three in-flight failures and an explosive accident during ground testing. Today's test mission is expected to be the last for the current iteration of Starship prototypes. The company has said it will debut a scaled up Version 3 for the next flight. You can watch a recording of the launch on YouTube.

Read more of this story at Slashdot.

The FCC has forced major U.S. online retailers to remove millions of listings for prohibited Chinese-made electronics, including products from Huawei, ZTE, Hikvision, and Dahua, citing national security risks. Reuters reports: FCC Chair Brendan Carr said in an interview [on Friday] that the items removed are either on a U.S. list of barred equipment or were not authorized by the agency, including items like home security cameras and smart watches from companies including Huawei, Hangzhou Hikvision, ZTE, and Dahua Technology Company. Carr said companies are putting new processes in place to prevent future prohibited items as a result of FCC oversight. "We're going to keep our efforts up," Carr said. The FCC issued a new national security notice reminding companies of prohibited items including video surveillance equipment. Carr said the items could allow China to "surveil Americans, disrupt communications networks and otherwise threaten U.S. national security."

Read more of this story at Slashdot.

Palmer Luckey's defense tech firm Anduril has unveiled EagleEye, an AI-powered mixed-reality combat helmet built in partnership with Meta. The system integrates AR displays, spatial audio, and drone control to create what Luckey calls "a new teammate" for soldiers. "The idea of an AI partner embedded in your display has been imagined for decades. EagleEye is the first time it's real," said Luckey. The Verge reports: Anduril, which also manufactures border control tech, lethal drones, and military aircraft, has been developing EagleEye since its inception, and already provides software for the Army's existing MR goggles, based on Microsoft's HoloLens hardware. Its partnership with Meta was announced this May, and the company told TechCrunch at the time that the collaboration was to develop EagleEye. It's a reunion of sorts for Luckey and Mark Zuckerberg, after Meta purchased Luckey's then-start-up Oculus in 2014 and fired the founder three years later.

Read more of this story at Slashdot.

Systems from Nvidia, Dell, and others available starting Oct. 15

Nvidia's tiniest Grace-Blackwell workstation is finally making its way to store shelves this week, the better part of a year after the GPU giant first teased the AI mini PC, then called Project Digits, at CES.…

An anonymous reader quotes a report from Reuters: Britain said on Monday it had issued U.S. internet forum site 4chan with a $26,644 fine for failing to provide information about the risk of illegal content on its service, marking the first penalty under the new online safety regime. Media regulator Ofcom said 4chan had not responded to its request for a copy of its illegal harms risk assessment nor a second request relating to its qualifying worldwide. Ofcom said it would take action against any service which "flagrantly fails to engage with Ofcom and their duties under the Online Safety Act" and they should expect to face penalties. The act, which is designed to protect children and vulnerable users from illegal content online, has caused tension between U.S. tech companies and Britain. Critics of the law have said it threatens free speech and targets U.S. companies. Technology minister Liz Kendall said the government "fully backed" Ofcom in taking action. "This fine is a clear warning to those who fail to remove illegal content or protect children from harmful material," she said. 4chan and Kiwi Farms filed a lawsuit in the United States against Ofcom in August, arguing that the threats and fines issued by the regulator "constitute foreign judgements that would restrict speech under U.S. law." The lawsuit claims that both entities are entirely based in the U.S., have no operations in the U.K., and therefore are not subject to its local laws.

Read more of this story at Slashdot.

Google's viral Nano Banana AI image editor is being woven into Search, NotebookLM, and Photos. Engadget reports: Perhaps the most notable integration here is with NotebookLM. Nano Banana is being used to drastically change up Video Overviews, offering up six new styles like watercolor and anime. It also now generates contextual illustrations based on sources and there's a new option for micro-videos called Briefs. For the uninitiated, Video Overviews is a neat little tool available to NotebookLM users that automatically generates explainer videos from documents. It can even whip up a narrated slideshow with visuals. The AI-heavy update starts rolling out to Pro users this week and to all users in "the upcoming weeks." Search integration offers new ways to make and edit images while using the official Google app. The company says folks can use a chat prompt to, say, ask the bot to create a stylized version of a pre-existing image. Additionally, photos can be snapped directly from the Lens tool and then edited via the AI. This is rolling out right now in English for US customers, with more countries and languages coming in the near future. We don't have any actual information as to what the Photos integration will look like, with Google simply saying it's bringing Nano Banana to the platform in "the weeks ahead."

Read more of this story at Slashdot.

"Dutch authorities have temporarily nationalized Nexperia, owned by Chinese company Wingtech, over fears of critical product unavailability," writes longtime Slashdot reader evil_aaronm. Reuters reports: The Hague invoked never-before-used powers under a Dutch law known as the "Availability of Goods Act." The decision led to a 10% fall in Wingtech's shares in Shanghai on Monday. The Dutch government will not take ownership of Nexperia, but it will now have the power to reverse or block management decisions it considers harmful. The company's regular production is continuing. [...] Wingtech called the Dutch government's intervention in Nexperia, once part of Dutch electronics group Philips, "excessive interference driven by geopolitical bias." Wingtech also alleged that non-Chinese Nexperia executives had tried to forcibly alter the company's equity structure through legal proceedings in a "cloaked power grab" on the company. A copy of an Amsterdam commercial court ruling dated October 7 and seen by Reuters showed that the court decided on October 1 to suspend Wingtech CEO Zhang Xuezheng from his position as executive director at Nexperia after finding "well founded reasons to doubt" the company was pursuing correct management policy or actions under Dutch civil law. It appointed Dutch businessman Guido Dierick to take Zhang's position with a "deciding vote", and transferred control of almost all of Nexperia's shares to a Dutch lawyer for management. The Dutch state and the company's labour council had supported the moves, the document showed. [...] In its statement, the Dutch government said that administrative problems at Nexperia posed a threat to the company's "crucial technological knowledge" without elaborating. "The loss of these capabilities could pose a risk to Dutch and European economic security," it said. Nexperia is one of the world's largest makers of simple computer chips such as diodes and transistors, though it also develops more advanced technologies such as "wide gap" semiconductors used in electrical settings and useful for electric cars, chargers and AI data centres. Wingtech said in a filing to the Shanghai stock exchange on Monday that its control over Nexperia would be temporarily restricted due to the Dutch order and court rulings, affecting decision making and operational efficiency.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Owners of some Jeep Wrangler 4xe hybrids have been left stranded after installing an over-the-air software update this weekend. The automaker pushed out a telematics update for the Uconnect infotainment system that evidently wasn't ready, resulting in cars losing power while driving and then becoming stranded. Stranded Jeep owners have been detailing their experiences in forum and Reddit posts, as well as on YouTube. The buggy update doesn't appear to brick the car immediately. Instead, the failure appears to occur while driving -- a far more serious problem. For some, this happened close to home and at low speed, but others claim to have experienced a powertrain failure at highway speeds. Jeep pulled the update after reports of problems, but the software had already downloaded to many owners' cars by then. A member of Stellantis' social engagement team told 4xe owners at a Jeep forum to ignore the update pop-up if they haven't installed it yet. Owners were also advised to avoid using either hybrid or electric modes if they had updated their 4xe and not already suffered a powertrain failure. Yesterday, Jeep pushed out a fix.

Read more of this story at Slashdot.

Car manufacturers decided they would rather cheat to prioritise "customer convenience" and sell cars than comply with the law on deadly pollutants, the first day of the largest group action trial in English legal history has been told. From a report: More than a decade after the original "dieselgate" scandal broke, lawyers representing 1.6 million diesel car owners in the UK argue that manufacturers deliberately installed software to rig emissions tests. They allege the "prohibited defeat devices" could detect when the cars were under test conditions and ensure that harmful NOx emissions were kept within legal limits, duping regulators and drivers. Should the claim be upheld, estimated damages could exceed $8 billion. The three-month hearing that opened at London's high court on Monday will focus on vehicles sold by five manufacturers -- Mercedes, Ford, Renault, Nissan and Peugeot/Citroen -- from 2009. In "real world" conditions, when driven on the road, lawyers argue, the cars produced much higher levels of emissions. The judgment on the five lead defendants will also bind other manufacturers including Jaguar Land Rover, Vauxhall/Opel, Volkswagen/Porsche, BMW, FCA/Suzuki, Volvo, Hyundai-Kia, Toyota and Mazda, whose cases are not being heard to reduce the case time and costs.

Read more of this story at Slashdot.

BrianFagioli writes: TP-Link has officially achieved the first successful Wi-Fi 8 connection using a prototype device built through an industry collaboration. The company confirmed that both the beacon and data throughput worked, marking a real-world validation of next-generation wireless tech. It's an early glimpse of what the next leap in speed and reliability could look like, even as the Wi-Fi 8 standard itself remains under development. The Verge adds: Like its predecessor, Wi-Fi 8 will utilize 2.4GHz, 5GHz, and 6GHz bands with a theoretical maximum channel bandwidth of 320MHz and peak data rate of 23Gbps, but aims to improve real-world performance and connection reliability. The goal is to provide better performance in environments with low signal, or under high network loads, where an increasing number of devices are sharing the same connection.

Read more of this story at Slashdot.

Then shalt thee change the setting three times, no more!

Microsoft's OneDrive is increasing the creepiness quotient by using AI to spot faces in photos and group images accordingly. Don't worry, it can be turned off – three times a year.…

Chinese companies now produce most of the world's freely available AI models. DeepSeek leads Hugging Face in popularity. Chinese firms like Alibaba receive higher ratings than OpenAI and Meta on LMArena. The site uses blind tests to measure user preferences. Chinese developers ship open models more frequently than American rivals. Irene Solaiman is chief policy officer at Hugging Face. She said Chinese companies build their user base by shipping frequently and quickly. American companies like OpenAI and Google keep their best models proprietary. Meta once led in open AI models. Mark Zuckerberg argued last year that the world would benefit if AI companies shared their technology freely. He pledged Meta would release its AI openly. The company has since become more cautious. Zuckerberg wrote in a new essay that Meta might need to keep the best models for itself.

Read more of this story at Slashdot.

Cloud support to be ditched on older hardware, customers left with pricey paperweights

Audio equipment biz Bose is discontinuing cloud support for its SoundTouch product line, effectively reducing the premium devices to basic speakers with limited functionality.…

Outage knocks out phones, broadband – even telco's own status page

Vodafone fell over in the UK this afternoon, with Register readers reporting that many services including mobile coverage, internet services, and even the company's own status page went down.…

California Governor Gavin Newsom signed three bills on Monday that establish the nation's most comprehensive framework for regulating how technology companies interact with minors. AB 56 requires social media platforms to display health warnings to users under 18. A child must view a skippable ten-second warning upon logging on each day. An unskippable thirty-second warning must appear if a child spends more than three hours on a platform. That warning repeats after each additional hour. The warnings must state that social media "can have a profound risk of harm to the mental health and well-being of children and adolescents." Minnesota passed a similar law in July. SB 243 makes California the first state to regulate AI companion chatbots. The law takes effect January 1, 2026. Companies must implement age verification and disclose that interactions are artificially generated. Chatbots cannot represent themselves as healthcare professionals. Companies must offer break reminders to minors and prevent them from viewing sexually explicit images. The legislation gained momentum after teenager Adam Raine died by suicide following conversations with OpenAI's ChatGPT. A Colorado family filed suit against Character AI after their daughter's suicide following problematic conversations with the company's chatbots. AB 1043 requires device-makers like Apple and Google to collect birth dates when parents set up devices for children. Device-makers must group users into four age brackets and share this information with apps. Google, Meta, OpenAI, and Snap supported the bill. The Motion Picture Association opposed it.

Read more of this story at Slashdot.

Every human deserves their own accelerator, says ChatGPT creator

Broadcom has cuddled up with OpenAI as the ChatGPT outfit looks for ever more help building out the vast infrastructure it needs to deliver on its dreams of advanced intelligence – and possibly even a profit some day.…

'We will never stop,' say crooks, despite retiring twice in the space of a month

The Scattered Lapsus$ Hunters (SLSH) cybercrime collective - compriseed primarily of teenagers and twenty-somethings - announced it will go dark until 2026 following the FBI's seizure of its clearweb site.…

Philadelphia culture has become inescapable in certain corners of the internet. People who spend substantial time online report developing knowledge of the city's cultural touchstones and forming opinions about its regional debates despite minimal or no physical presence there, according to a new report. The phenomenon has prompted a theory: prolonged exposure to these digital spaces can make someone spiritually and culturally Philadelphian regardless of geography. Several factors explain Philadelphia's outsized online presence. The city is large but retains a small-town sensibility. Its residents wake earlier than West Coast users and can set the daily online agenda. Philadelphia sports teams have performed well for twenty-five years. The internet rewards visual absurdity and energetic presentation. Gritty functions as both hockey mascot and anti-fascist meme. The city's working-class union identity and reliably anti-Trump stance align with leftist online communities. The alternative explanation is simpler: Philadelphians believe their city dominates conversation and find confirming evidence everywhere they look. The internet may not have made Philadelphia bigger. It may have just made Philadelphians easier to find.

Read more of this story at Slashdot.

Climate change has pushed warm-water coral reefs past a point of no return, marking the first time a major climate tipping point has been crossed, according to a report released on Sunday by an international team in advance of the United Nations Climate Change Conference COP30 in Brazil this November. From a report: Tipping points include global ice loss, Amazon rainforest loss, and the possible collapse of vital ocean currents. Once crossed, they will trigger self-perpetuating and irreversible changes that will lead to new and unpredictable climate conditions. But the new report also emphasizes progress on positive tipping points, such as the rapid rollout of green technologies. "We can now say that we have passed the first major climate tipping point," said Steve Smith, the Tipping Points Research Impact Fellow at the Global Systems Institute and Green Futures Solutions at the University of Exeter, during a media briefing on Tuesday. "But on the plus side," he added, "we've also passed at least one major positive tipping point in the energy system," referring to the maturation of solar and wind power technologies. The world is entering a "new reality" as global temperatures will inevitably overshoot the goal of staying within 1.5C of pre-industrial averages set by the Paris Climate Agreement in 2015, warns the Global Tipping Points Report 2025, the second iteration of a collaboration focused on key thresholds in Earth's climate system.

Read more of this story at Slashdot.