Slashdot

An anonymous reader quotes a report from BleepingComputer: U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. The company states that it first became aware of the breach on August 9, 2025, with its investigations revealing that the attackers had gained long-term access to its system, including the company's BIG-IP product development environment and engineering knowledge management platform. F5 is a Fortune 500 tech giant specializing in cybersecurity, cloud management, and application delivery networking (ADN) applications. The company has 23,000 customers in 170 countries, and 48 of the Fortune 50 entities use its products. BIG-IP is the firm's flagship product used for application delivery and traffic management by many large enterprises worldwide. [...] F5 is still reviewing which customers had their configuration or implementation details stolen and will contact them with guidance. To help customers secure their F5 environments against risks stemming from the breach, the company released updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients. Despite any evidence "of undisclosed critical or remote code execution vulnerabilities," the company urges customers to prioritize installing the new BIG-IP software updates.

Read more of this story at Slashdot.

Google is introducing new recovery tools that aim to make it less frustrating to regain access when you're locked out of your account. The Verge: Instead of answering security questions or entering a recovery email address, Google's new security features allow account holders to verify their identity using a linked mobile number, or trusted friends or family members. The Recovery Contacts feature enables users to designate people to confirm their identity in order to regain access to accounts after getting hacked or losing their password or passkey. Google didn't specify how the verification process works, but says the feature provides "a simple and secure way to regain access when standard recovery methods fail." Recovery Contacts is available for eligible personal Google accounts, and can be found under the Security option in the account settings.

Read more of this story at Slashdot.

Alexis Ohanian, who helped build Reddit, says much of the internet has become dominated by bots and AI. Speaking on the podcast TBPN, he described the internet as increasingly "quasi-AI" and filled with what he called "LinkedIn slop." Ohanian referenced dead internet theory, the assertion that bot activity exceeds human activity on the web. In September, Sam Altman, OpenAI's CEO, posted that while he had not taken the theory seriously, he now sees "a lot of LLM-run twitter accounts."

Read more of this story at Slashdot.

The U.S. passport has fallen out of the top 10 most powerful passports globally for the first time in 20 years in the latest edition of the Henley Passport Index, which ranks nations based on the number of destinations a traveler can visit without needing a visa. From a report: The U.S. ranking is on a steep downward trend, with the U.S. passport now in 12th spot, tied with Malaysia, having already fallen from seventh place last year to 10th place in July. A decade ago, the U.S. passport topped the index. Christian H. Kaelin, chairman of Henley & Partners and creator of the index, said in a news release on Tuesday that the declining strength of the U.S. passport signaled a "fundamental shift in global mobility and soft power dynamics." Kaelin added: "Nations that embrace openness and cooperation are surging ahead, while those resting on past privilege are being left behind."

Read more of this story at Slashdot.

The UK should be prepared to cope with weather extremes as a result of at least 2C of global warming by 2050, independent climate advisers have said. BBC: The country was "not yet adapted" to worsening weather extremes already occurring at current levels of warming, "let alone" what was expected to come, the Climate Change Committee (CCC) wrote in a letter addressed to the government. The committee said they would advise that the UK prepare for climate change beyond the long-term temperature goal set out in the Paris Agreement. The letter came as the World Meteorological Organization (WMO) confirmed that 2024 had seen a record rise of carbon dioxide (CO2) in the atmosphere. CO2 is the gas mainly responsible for human-caused climate change and is released when fossil fuels are burnt, as well as other activities.

Read more of this story at Slashdot.

Almost 70% of adults in the US would be deemed to have obesity based on a new definition, research suggests. From a report: The traditional definition of obesity, typically based on having a body mass index (BMI) of 30 or greater, has long been contentious, not least as it does not differentiate between fat and muscle. In an effort to tackle the issue, in January medical experts from around the world called for a new definition to be adopted. This would encompass people either with a BMI greater than 40; or those with a high BMI and at least one raised figure for measures such as waist circumference, waist-to-hip ratio, or waist-to-height ratio; or those with two such raised figures regardless of BMI; or those with direct measures of excess body fat based on scans. In addition, they said obesity should be split into two categories: clinical obesity -- where there are signs of illness -- and pre-clinical obesity, where there are not. Now research suggests the revamped definition could result in a dramatic rise in the prevalence of obesity among adults in the US.

Read more of this story at Slashdot.

Math teachers across American schools are contending with a classroom disruption that has proven impossible to contain. The numbers six and seven now trigger instant pandemonium among students. They scream the phrase and perform a palms-up seesaw hand gesture whenever the numbers appear in equations or instructions. Teachers have begun avoiding breaking students into groups of six or seven or asking them to turn to page 67. The meme has no meaning, reports WSJ. That absence of meaning is the point. The phenomenon traces back to late last year when Philadelphia rapper Skrilla released "Doot Doot (6 7)," a song referencing 67th street where his friends grew up. The phrase spiraled into youth culture in March through a viral video of a boy with forward-swept hair lurching toward a camera to deliver an animated "six seven." Skrilla is now touring venues where audiences wait for the six-seven line. Some teachers have attempted to neutralize the meme by saying it themselves.

Read more of this story at Slashdot.

Apple is releasing its new 14-inch MacBook Pro with the M5 chip in European markets without a charger. Customers in the U.S., Ireland, Germany, Italy, France, Spain, the Netherlands, Norway, and other European countries must supply their own power adapter. Buyers in the U.S. and other regions will receive Apple's 70-watt USB-C adapter. Apple attributed the decision to environmental goals as the European Union implements regulations on electronic waste. A USB-C to MagSafe 3 cable remains included. The adapter costs 59 pounds in the United Kingdom.

Read more of this story at Slashdot.

An anonymous reader shares a report: On Wednesday, Pew Research Center published a survey assessing how parents in the US with children under 12 manage their kids' screen time, which revealed that 61% of respondents overall reported their child ever uses or interacts with smartphones -- including 38% of those with children under 2 years old. Much of this smartphone screen time is likely made up by parents streaming kid-friendly cartoons for their little ones to watch on the go: the study also found that YouTube use among children under 2 has risen sharply from 45% to 62% over the last five years. But it appears that most American toddlers only need to wait a few years before they can get devices of their very own. The same survey showed that almost one in four US parents overall allow their children aged 12 and under to have their own smartphones, and this ballooned to nearly 60% when just looking at kids aged 11-12 years old.

Read more of this story at Slashdot.

The Japanese government has made a formal request asking OpenAI to refrain from copyright infringement. The request came after Sora 2 began generating videos featuring copyrighted characters from anime and video games. Minoru Kiuchi spoke at the Cabinet Office press conference on Friday and described manga and anime as "irreplaceable treasures" that Japan boasts to the world. The request was made online by the Cabinet Office's Intellectual Property Strategy Headquarters. Sora 2, which launched recently, generates twenty-second videos at 1080p resolution. Social media is getting filled with videos showing characters from One Piece, Demon Slayer, Pokemon and Mario. Digital Minister Masaaki Taira expressed hopes that OpenAI would comply voluntarily. He indicated that measures under Japan's AI Promotion Act may be invoked if the issue remains unresolved.

Read more of this story at Slashdot.

Apple will increase investment in China, the company's CEO Tim Cook said during a meeting with the country's industry minister in Beijing on Wednesday, according to an official summary of their exchange. From a report: Many U.S. companies have become cautious about relations with China as the world's two biggest economies have clashed over trade tariffs and as U.S. President Donald Trump seeks to promote manufacture in the United States rather than elsewhere. But Cook told China's industry minister Li Lecheng the iPhone maker will keep investing in China, the Chinese ministry said, although the summary gave no details of the size of the projected investment.

Read more of this story at Slashdot.

Several leading news organizations with access to Pentagon briefings have formally said they will not agree to a new defense department policy that requires them to pledge they will not obtain unauthorized material and restricts access to certain areas unless accompanied by an official. The Guardian: The policy, presented last month by the defense secretary, Pete Hegseth, has been widely criticized by media organizations asked to sign the pledge by Tuesday at 5pm or have 24 hours to turn in their press credentials. The move follows a shake-up in February in which long-credentialed media outlets were required to vacate assigned workspaces which was cast as an "annual media rotation program." A similar plan was presented at the White House where some briefing room spots were given to podcasters and other representatives of non-traditional media. On Monday, the Washington Post joined the New York Times, CNN, the Atlantic, the Guardian, Reuters, the Associated Press, NPR, HuffPost and trade publication Breaking Defense in saying it would not sign on to the agreement.

Read more of this story at Slashdot.

Apple unveiled a new 14-inch MacBook Pro on Wednesday that features the company's M5 chip and represents what Apple describes as the next major advancement in AI performance for its Mac lineup. The laptop delivers up to 3.5 times faster AI performance than the M4 chip and up to six times faster performance than the M1 chip through a redesigned 10-core GPU architecture that incorporates a Neural Accelerator in each core. The improvements extend beyond AI processing to include graphics performance that runs up to 1.6 times faster than the previous generation and battery life that reaches up to 24 hours on a single charge. Apple also integrated faster storage technology that performs up to twice as fast as the prior generation and allows configurations up to 4TB. The 10-core CPU delivers up to 20% faster multithreaded performance compared to the M4. The laptop runs macOS Tahoe and includes a Liquid Retina XDR display available in a nano-texture option, a 12MP Center Stage camera, and a six-speaker sound system. The 14-inch MacBook Pro is available for pre-order starting Wednesday in space black and silver finishes and begins shipping October 22. The base model costs $1,599.

Read more of this story at Slashdot.

The Free Software Foundation (FSF) has launched the LibrePhone Project, an initiative to create a fully free and open-source mobile operating system that eliminates proprietary firmware and binary blobs. From the FSF: "Librephone is a new initiative by the FSF with the goal of bringing full freedom to the mobile computing environment. The vast majority of software users around the world use a mobile phone as their primary computing device. After forty years of advocacy for computing freedom, the FSF will now work to bring the right to study, change, share, and modify the programs users depend on in their daily lives to mobile phones. ... Practically, Librephone aims to close the last gaps between existing distributions of the Android operating system and software freedom. The FSF has hired experienced developer Rob Savoye (DejaGNU, Gnash, OpenStreetMap, and more) to lead the technical project. He is currently investigating the state of device firmware and binary blobs in other mobile phone freedom projects, prioritizing the free software work done by the not entirely free software mobile phone operating system LineageOS." The project site can be found here.

Read more of this story at Slashdot.

A new study shows that common baker's yeast (Saccharomyces cerevisiae) can survive Mars-like conditions, including meteorite shock waves and toxic perchlorate salts found in Martian soil. Phys.org reports: Published in PNAS Nexus, Purusharth I. Rajyaguru and colleagues subjected Saccharomyces cerevisiae, which is a widely used model yeast, to shock waves and perchlorates. The authors chose the yeast in part because it has already been studied in space. When stressed, yeast, humans, and many other organisms form ribonucleoprotein (RNP) condensates, structures made of RNA and proteins that protect RNA and affect the fates of mRNAs. When the stressor passes, the RNP condensates, which include subtypes known as stress granules and P-bodies, disassemble. The authors simulated Martian shock waves at the High-Intensity Shock Tube for Astrochemistry (HISTA) housed in the Physical Research Laboratory in Ahmedabad, India. Yeast exposed to 5.6 Mach intensity shock waves survived with slowed growth, as did yeast subjected to 100 mM sodium salt of perchlorate (NaClO4) -- a concentration similar to that in Martian soils. Yeast cells also survived exposure to the combined stress of shock waves and perchlorate stress. In both cases, the yeast assembled RNP condensates. Shock waves induced the assembly of stress granules and P-bodies; perchlorate caused yeast to make P-bodies but not stress granules. Mutants incapable of assembling RNP condensates were poor at surviving the Martian stress condition. Transcriptome analysis identified specific RNA transcripts perturbed by Mars-like conditions.

Read more of this story at Slashdot.

schwit1 shares a report from Hackread: On October 3, 2025, Hackread.com published an in-depth report in which hackers claimed to have stolen 989 million records from 39 major companies worldwide by exploiting a Salesforce vulnerability. The group demanded that Salesforce and the affected firms enter negotiations before October 10, 2025, warning that if their demands were ignored, they would release the entire dataset. The hackers, identifying themselves as "Scattered Lapsus$ Hunters," a collective said to combine elements of Scattered Spider, Lapsus$, and ShinyHunters, have now published data allegedly belonging to 6 of the 39 targeted companies. The companies named in the leak are as follows: Fujifilm, GAP, INC., Vietnam Airlines, Engie Resources, Quantas Airways Limited, and Albertsons Companies, Inc. In all 6 leaks, the record contains personal details of customers, business, including email addresses, full names, addresses, passport numbers, phone numbers. The hackers said on Telegram that they will not be releasing any additional information, stating, "A lot of people are asking what else will be leaked. Nothing else will be leaked. Everything that was leaked was leaked, we have nothing else to leak, and obviously, the things we have cannot be leaked for obvious reasons."

Read more of this story at Slashdot.

NASA's Jet Propulsion Laboratory is laying off around 550 employees, or roughly 11% of its workforce, as part of an effort to "restructure and establish an appropriate size to ensure future success." According to JPL Director Dave Gallagher, the job cuts "are not related to the current government shutdown." CNBC reports: JPL is a research and development lab funded by NASA -- the federal space agency -- and managed by the California Institute of Technology. "While not easy, I believe that taking these actions now will help the Lab transform at the scale and pace necessary to help achieve humanity's boldest ambitions in space," Gallagher wrote in a separate mekor to JPL employees and contractors. Gallagher, in the public announcement, noted that the reorganization of JPL began in July, and "over the past few months, we have communicated openly with employees about the challenges and hard choices ahead." "This week's action, while not easy, is essential to securing JPL's future by creating a leaner infrastructure, focusing on our core technical capabilities, maintaining fiscal discipline, and positioning us to compete in the evolving space ecosystem -- all while continuing to deliver on our vital work for NASA and the nation," Gallagher wrote. Gallagher said that JPL employees will be notified of their status on Tuesday, and the "new Lab structure ... will become effective Wednesday."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Register: Security researchers have resurrected a 12-year-old data-stealing attack on web browsers to pilfer sensitive info from Android devices. The attack, dubbed Pixnapping, has yet to be mitigated. Conceptually, it's the equivalent of a malicious Android app being able to screenshot other apps or websites. It allows a malicious Android application to access and leak information displayed in other Android apps or on websites. It can, for example, steal data displayed in apps like Google Maps, Signal, and Venmo, as well as from websites like Gmail (mail.google.com). It can even steal 2FA codes from Google Authenticator. "First, the malicious app opens the target app (e.g., Google Authenticator), submitting its pixels for rendering," explained [Alan Wang, a PhD candidate at UC Berkeley]. "Second, the malicious app picks the coordinates of a target pixel whose color it wants to steal. Suppose for example it wants to steal a pixel that is part of the screen region where a 2FA character is known to be rendered by Google Authenticator, and that this pixel is either white (if nothing was rendered there) or non-white (if part of a 2FA digit was rendered there). Third, the malicious app causes some graphical operations whose rendering time is long if the target pixel is non-white and short if it is white. The malicious app does this by opening some malicious activities (i.e., windows) in front of the target app. Finally, the malicious app measures the rendering time per frame of the above graphical operations to determine whether the target pixel was white or non-white. These last few steps are repeated for as many pixels as needed to run OCR over the recovered pixels and guess the original content." The researchers have demonstrated Pixnapping on five devices running Android versions 13 to 16 (up until build id BP3A.250905.014): Google Pixel 6, Google Pixel 7, Google Pixel 8, Google Pixel 9, and Samsung Galaxy S25. Android 16 is the latest operating system version. Other Android devices have not been tested, but the mechanism that allows the attack to work is typically available. A malicious Android app implementing Pixnapping would not require any special permissions in its manifest file, the authors say. The researchers detail the attack in a paper (PDF) titled "Pixnapping: Bringing Pixel Stealing out of the Stone Age."

Read more of this story at Slashdot.

SpaceX's Starship megarocket successfully completed its 11th test flight, achieving major milestones like engine relight, satellite deployment, and a controlled splashdown in the Indian Ocean. From a report: This mission marks the second clean test run for Version 2, following a successful showing during its last test mission in August. Earlier this year, however, Starship Version 2 suffered three in-flight failures and an explosive accident during ground testing. Today's test mission is expected to be the last for the current iteration of Starship prototypes. The company has said it will debut a scaled up Version 3 for the next flight. You can watch a recording of the launch on YouTube.

Read more of this story at Slashdot.

The FCC has forced major U.S. online retailers to remove millions of listings for prohibited Chinese-made electronics, including products from Huawei, ZTE, Hikvision, and Dahua, citing national security risks. Reuters reports: FCC Chair Brendan Carr said in an interview [on Friday] that the items removed are either on a U.S. list of barred equipment or were not authorized by the agency, including items like home security cameras and smart watches from companies including Huawei, Hangzhou Hikvision, ZTE, and Dahua Technology Company. Carr said companies are putting new processes in place to prevent future prohibited items as a result of FCC oversight. "We're going to keep our efforts up," Carr said. The FCC issued a new national security notice reminding companies of prohibited items including video surveillance equipment. Carr said the items could allow China to "surveil Americans, disrupt communications networks and otherwise threaten U.S. national security."

Read more of this story at Slashdot.