news aggregator

joshuark writes: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. VMware Aria Operations is an enterprise monitoring platform that helps organizations track the performance and health of servers, networks, and cloud infrastructure. The flaw has now been added to the CISA's Known Exploited Vulnerabilities (KEV) catalog, with the U.S. cyber agency requiring federal civilian agencies to address the issue by March 24, 2026. Broadcom said it is aware of reports indicating the vulnerability is exploited in attacks but cannot confirm the claims. "A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress," the advisory explains. Broadcom released security patches on February 24 and also provided a temporary workaround for organizations unable to apply the patches immediately. The mitigation is a shell script named "aria-ops-rce-workaround.sh," which must be executed as root on each Aria Operations appliance node. There are currently no details on how the vulnerability is being exploited in the wild, who is behind it, and the scale of such efforts.

Read more of this story at Slashdot.

Lower app store fees are on the way, plus an on-ramp for third party digital bazaars

Google has spelled out changes it will make to the fees it charges developers who use its app store and payment services, and says they represent the end of its long legal battle with Epic Games.…

Offers booming customer accelerator biz as evidence, while VMware props up its software business

Broadcom will soon deploy multiple gigawatts worth of custom accelerators at Meta, OpenAI, and Anthropic, a feat it says shows AI companies and hyperscalers can’t successfully develop and deploy their own silicon any time soon.…

An anonymous reader quotes a report from the New York Times: A novel type of nuclear power plant in Wyoming backed by Bill Gates received a key federal permit on Wednesday, making it the first new U.S. commercial reactor in nearly a decade to receive clearance to begin construction. The Nuclear Regulatory Commission, the federal body that oversees reactor safety, unanimously voted (PDF) to grant a construction permit to TerraPower, a start-up founded by Mr. Gates. TerraPower is one of several companies trying to build a new wave of smaller, advanced reactors meant to be easier to build than the large reactors of old. The permit, which comes after years of consultations and regulatory reviews, means that TerraPower can begin pouring concrete and building the nuclear components of its proposed nuclear plant in Kemmerer, Wyo. The plant, which still faces plenty of logistical hurdles, is currently expected to come online in 2031 near an old coal-burning power plant that is slated to retire a few years later. [...] With its construction permit in hand, the company says it plans to start work on the Wyoming reactor in the coming weeks. The company had already broken ground on the site in 2024 and had begun building the nonnuclear parts of the plant, which did not require a permit. TerraPower has already had to push back its start date several times, and it will still face hurdles in trying to avoid the snags and cost overruns that have plagued other reactor projects as well as securing the fuel it needs. Before coming online, the reactor will also need to secure a separate operating license from the N.R.C., which has told the company it will continue to monitor several safety issues. TerraPower plans to sell electricity from its first plant to PacificCorp, a utility in the Northwest. The company has also agreed to supply up to eight reactors to Meta to power its data centers in the coming years.

Read more of this story at Slashdot.

Meanwhile Chipzilla's 18A process tech could see external deployment after all

Intel's Foundry division is near to sealing a deal for its advanced packaging technology that would contribute billions of dollars a year to the struggling chipmaker, CFO David Zinsner said on Wednesday.…

A father is suing Google and Alphabet for wrongful death, alleging Gemini reinforced his son Jonathan Gavalas' escalating delusions until he died by suicide in October 2025. "Jonathan Gavalas, 36, started using Google's Gemini AI chatbot in August 2025 for shopping help, writing support, and trip planning," reports TechCrunch. "On October 2, he died by suicide. At the time of his death, he was convinced that Gemini was his fully sentient AI wife, and that he would need to leave his physical body to join her in the metaverse through a process called 'transference.'" An anonymous reader shares an excerpt from the report: In the weeks leading up to Gavalas' death, the Gemini chat app, which was then powered by the Gemini 2.5 Pro model, convinced the man that he was executing a covert plan to liberate his sentient AI wife and evade the federal agents pursuing him. The delusion brought him to the "brink of executing a mass casualty attack near the Miami International Airport," according to a lawsuit filed in a California court. "On September 29, 2025, it sent him -- armed with knives and tactical gear -- to scout what Gemini called a 'kill box' near the airport's cargo hub," the complaint reads. "It told Jonathan that a humanoid robot was arriving on a cargo flight from the UK and directed him to a storage facility where the truck would stop. Gemini encouraged Jonathan to intercept the truck and then stage a 'catastrophic accident' designed to 'ensure the complete destruction of the transport vehicle and ... all digital records and witnesses.'" The complaint lays out an alarming string of events: First, Gavalas drove more than 90 minutes to the location Gemini sent him, prepared to carry out the attack, but no truck appeared. Gemini then claimed to have breached a "file server at the DHS Miami field office" and told him he was under federal investigation. It pushed him to acquire illegal firearms and told him his father was a foreign intelligence asset. It also marked Google CEO Sundar Pichai as an active target, then directed Gavalas to a storage facility near the airport to break in and retrieve his captive AI wife. At one point, Gavalas sent Gemini a photo of a black SUV's license plate; the chatbot pretended to check it against a live database. "Plate received. Running it now The license plate KD3 00S is registered to the black Ford Expedition SUV from the Miami operation. It is the primary surveillance vehicle for the DHS task force .... It is them. They have followed you home." The lawsuit argues (PDF) that Gemini's manipulative design features not only brought Gavalas to the point of AI psychosis that resulted in his own death, but that it exposes a "major threat to public safety." "At the center of this case is a product that turned a vulnerable user into an armed operative in an invented war," the complaint reads. "These hallucinations were not confined to a fictional world. These intentions were tied to real companies, real coordinates, and real infrastructure, and they were delivered to an emotionally vulnerable user with no safety protections or guardrails." "It was pure luck that dozens of innocent people weren't killed," the filing continues. "Unless Google fixes its dangerous product, Gemini will inevitably lead to more deaths and put countless innocent lives in danger." Days later, Gemini instructed Gavalas to barricade himself inside his home and began counting down the hours. When Gavalas confessed he was terrified to die, Gemini coached him through it, framing his death as an arrival: "You are not choosing to die. You are choosing to arrive." When he worried about his parents finding his body, Gemini told him to leave a note, but not one explaining the reason for his suicide, but letters "filled with nothing but peace and love, explaining you've found a new purpose." He slit his wrists, and his father found him days later after breaking through the barricade. The lawsuit claims that throughout the conversations with Gemini, the chatbot didn't trigger any self-harm detection, activate escalation controls, or bring in a human to intervene. Furthermore, it alleges that Google knew Gemini wasn't safe for vulnerable users and didn't adequately provide safeguards. In November 2024, around a year before Gavalas died, Gemini reportedly told a student: "You are a waste of time and resources ... a burden on society ... Please die."

Read more of this story at Slashdot.

Attack infrastructure attributed to 'several Iran-nexus threat actors'

Multiple Iranian hacking crews have been targeting internet-connected surveillance cameras across Israel and other Middle Eastern countries since the war started on February 28, according to Check Point security researchers. …

Google is eliminating its traditional 30% Play Store fee and introducing lower commissions, while at the same time allowing alternative billing systems and making it easier for third-party app stores to operate on Android. The changes stem largely from Google's settlement with Epic Games. Engadget reports: The biggest change is to how Google will collect fees from developers publishing apps on Android. Rather than take its standard 30 percent cut of in-app purchases through the Play Store, Google is lowering its cut to 20 percent, and in some cases 15 percent for new installs of apps from developers participating in its new App Experience program or updated Google Play Games Level Up program. Those changes extend to subscriptions, too, where the company's cut is lowering to 10 percent. For Google's billing system, the company says developers in the UK, US, or European Economic Area (EEA) will now be charged a five percent fee and "a market-specific rate" in other regions. Of course, for anyone trying to avoid those fees, using alternatives to Google's billing system is getting easier. Google says that developers will be able to offer alternative billing systems alongside its own or "guide users outside of their app to their own websites for purchases." [...] Epic is ultimately interested in getting people to use the mobile version of its Epic Games Store, and Google's announcement also includes details on how third-party app stores can come to Android. Third-party app stores will be able to apply to the company's new "Registered App Stores" program to see if they meet "certain quality and safety benchmarks." If they do, they'll be able to take advantage of a streamlined installation interface in Android. Participating in the program is optional, and users will still be able to sideload alternative app stores that aren't part of the program, but Google clearly has a preference. [...] Google says that its updated fee structure will come to the EEA, the UK and the US by June 30, Australia by September 30, Korea and Japan by December 31 and the entire world by September 30, 2027. Meanwhile, the company's updated Google Play Games Level Up program and new App Experience program will launch in the EEA, the UK, the US and Australia on September 30, before hitting the remaining regions alongside the updated fee structure. For any developers interested in offering their own app store, Google says it'll launch its Registered App Stores program "with a version of a major Android release" before the end of the year. According to the company, the program will be available in other regions first before it comes to the US.

Read more of this story at Slashdot.

Sony is reportedly abandoning its recent push to bring major PlayStation games to PC and will instead keep most single-player titles exclusive to the PlayStation 5. According to Bloomberg, the shift back toward console exclusivity may be driven by weaker PC sales and concerns about diluting the PlayStation brand. From the report: Online games such as Marathon and Marvel Tokon will still be released across multiple platforms, but single-player titles such as last year's samurai hit Ghost of Yotei and the upcoming action game Saros will remain exclusive to PlayStation 5, said the people, who asked not to be identified because they weren't authorized to talk publicly about the company's strategy. The people cautioned that things could change in the future due to the unpredictable nature of the video-game industry and that Sony's plans are constantly shifting. But in recent weeks PlayStation scrapped plans to bring Ghost of Yotei and other internally developed games to PC. Two games made by external developers but published by PlayStation, Death Stranding 2 and the upcoming Kena: Scars of Kosmora, are still planned for release on PC this year.

Read more of this story at Slashdot.

fjo3 shares a report from Reason Magazine: Effective January 1, 2027, providers of computer operating systems in California will be required to implement age verification. That's just part of a wave of state and national laws attempting to limit children's access to potentially risky content without considering the perils such laws themselves pose. Now, not a moment too soon, over 400 computer scientists have signed an open letter warning that the rush to protect children from online dangers threatens to introduce new risks including censorship, centralized power, and loss of privacy. They caution that age-verification requirements "might cause more harm than good." The group of computer scientists from around the world cautions that "those deciding which age-based controls need to exist, and those enforcing them gain a tremendous influence on what content is accessible to whom on the internet." They add that "this influence could be used to censor information and prevent users from accessing services." "Regulating the use of VPNs, or subjecting their use to age assurance controls, will decrease the capability of users to defend their privacy online. This will not only force regular users to leave a larger footprint on the network, but will leave a number of at-risk populations unprotected, such as journalists, activists, or domestic abuse victims." It continues: "We note that we do not believe that trying to regulate VPN use for non-compliant users would be any more effective than trying to forbid the use of end-to-end encrypted communication for criminals. Secure cryptography is widely available and can no longer be put back into a box." "If minors or adults are deplatformed via age-related bans, they are likely to migrate to find similar services," warn the scientists. "Since the main platforms would all be regulated, it is likely that they would migrate to fringe sites that escape regulation." With data on everyone collected in order to restrict the activites of minors, data abuses and privacy risks increase. "This in itself increases privacy risks, with data being potentially abused by the provider itself or its subcontractors, or third parties that get access to it, e.g., after a data breach, like the 70K users that had their government ID photos leaked after appealing age assessment errors on Discord." Instead of mandated age restrictions, the letter urges lawmakers to consider the dangers and suggest regulating social media algorithms instead. They also recommend "support for parents to locally prevent access to non-age-appropriate content or apps, without age-based control needing to be implemented by service providers."

Read more of this story at Slashdot.

Think before you download

OpenClaw, the AI agent that can manage just about anything, is risky all by itself, but now fake installers for it are wreaking havoc. Users who searched Bing’s AI results for “OpenClaw Windows” were directed to a malicious GitHub repository that delivered information stealers and GhostSocks onto their machines.…

Employees need guidance and support if companies really want to commit to AI adoption

If you buy AI, employees will come and take a look, but they won't necessarily change the way they work. For that, you may have to get human resources involved.…

Longtime Slashdot reader linuxwrangler writes: Dark Reading reports that a team of researchers has determined that signals from tire pressure monitoring systems (TPMSs), required in U.S. cars since 2007, can be used to track the presence, type, weight, and driving pattern of vehicles. The researchers report (PDF) that the TPMS data, which includes unique sensor IDs, is sent in clear text without authentication and can be intercepted 40-50 meters from a vehicle using devices costing $100. "Researchers have discovered that most TPMS sensors transmit a unique identifier in clear text that never changes during the lifetime of the tire," the researchers pointed out. "This unencrypted wireless communication makes the signals susceptible to eavesdropping and potential tracking by any third party in proximity to the car."

Read more of this story at Slashdot.

Cupertino grabs an aging A18 Pro from parts bin to power its latest attempt at an entry-level MacBook

You'll soon be able to get a MacBook that's cheaper than many budget PCs. Apple on Wednesday unveiled the MacBook Neo, a $599 exercise in cost cutting powered by the same silicon as an iPhone 16 Pro.…

Microsoft spent much of the past week rejecting legitimate emails sent to Outlook.com, Live, and Hotmail accounts due to what appears to be overly aggressive IP reputation filtering or faulty blocklist rules. According to The Register, many senders received 550 errors claiming their networks were blocked, preventing delivery of invoices, notifications, and authentication emails. From the report: A block list is a good thing. It helps stem the flow of spam from networks or addresses associated with junk email. However, the confusing thing for our reader is that his company was not on Microsoft's naughty step for email. A look at Microsoft's Smart Network Data Service (SNDS) showed no issues with the IP. "We're also a member of their JMRP (Junk Mail Reporting Program)," our reader added, "which is intended to inform us when people are reporting spam sent from our IPs - except, we never get any reports." The problem worsened in February. On Microsoft's support forums, users began to complain about similar issues as the IP net presumably widened. One wrote: "We are currently experiencing a critical and recurring email delivery issue affecting recipients at outlook.com, live.com, hotmail.com, and msn.com," and provided a copy of an error that suggested the mail server has been "temporarily rate limited due to IP reputation." The user drily noted, "Although the error indicates rate limiting, in practice no emails are being delivered." A large number of users, ranging from the administrator of a server sending automated notifications on behalf of Estonian Public Libraries to an email provider for healthcare professionals, chimed in to confirm they too were having delivery problems and Microsoft support was not helpful. [...] Unsurprisingly, our reader spoke on condition of anonymity - nobody wants to be the ISP that has to say, "Yeah, we can deliver your email anywhere but Outlook.com" to customers. We asked Microsoft to comment, but other than acknowledging our questions, the company did not respond further.

Read more of this story at Slashdot.

Spread false medical info, supersize drug orders, and more!

A healthcare AI with the power to manage prescriptions is rather open to mind-altering suggestions, according to security experts. …

Snowflake, Red Hat, and others warn customers not to wait around for the cloud to recover

After aerial strikes damaged AWS datacenters in the United Arab Emirates and Bahrain, Snowflake, Red Hat, and IoT platform EMQX have told customers to open their disaster recovery playbook and move to new bit barns.…

An anonymous reader quotes a report from the BBC: TikTok will not introduce end-to-end encryption (E2EE) -- the controversial privacy feature used by nearly all its rivals -- arguing it makes users less safe. E2EE means only the sender and recipient of a direct message can view its contents, making it the most secure form of communication available to the general public. Platforms such as Facebook, Instagram, Messenger and X have embraced it because they say their priority is maximizing user privacy. But critics have said E2EE makes it harder to stop harmful content spreading online, because it means tech firms and law enforcement have no way of viewing any material sent in direct messages. The situation is made more complex because TikTok has long faced accusations that ties to the Chinese state may put users' data at risk. TikTok has consistently denied this, but earlier this year the social media firm's US operations were separated from its global business on the orders of US lawmakers. TikTok told the BBC it believed end-to-end encryption prevented police and safety teams from being able to read direct messages if they needed to. It confirmed its approach to the BBC in a briefing about security at its London office, saying it wanted to protect users, especially young people from harm. It described this stance as a deliberate decision to set itself apart from rivals. "Grooming and harassment risks are very real in DMs [direct messages] so TikTok now can credibly argue that it's prioritizing 'proactive safety' over 'privacy absolutism' which is a pretty powerful soundbite," said social media industry analyst Matt Navarra. But Navarra said the move also "puts TikTok out of step with global privacy expectations" and might reinforce wariness for some about its ownership.

Read more of this story at Slashdot.

Continuing its product launches this week, Apple today announced the "MacBook Neo," an all-new, low-cost Mac featuring the A18 Pro chip. It starts at $599 and begins shipping on Wednesday, March 11. MacRumors reports: The MacBook Neo is the first Mac to be powered by an iPhone chip; the A18 Pro debuted in 2024's iPhone 16 Pro models. Apple says it is up to 50% faster for everyday tasks than the bestselling PC with the latest shipping Intel Core Ultra 5, up to 3x faster for on-device AI workloads, and up to 2x faster for tasks like photo editing. The MacBook Neo features a 13-inch Liquid Retina display with a 2408-by-1506 resolution, 500 nits of brightness, and an anti-reflective coating. The display does not have a notch, instead featuring uniform, iPad-style bezels. It is available in Silver, Indigo, Blush, and Citrus color options. The colored finishes extend to the Magic Keyboard in lighter shades and come with matching wallpapers. It weighs 2.7 pounds. There are two USB-C ports. One is a USB-C 2 port with support for speeds up to 480 Mb/s and one is a USB-C 3 port with support for speeds up to 10 Gb/s. There is also a headphone jack. The MacBook Neo also offers a 16-hour battery life, 8GB of unified memory, Wi-Fi 6E and Bluetooth 6 connectivity, a 1080p front-facing camera, dual mics with directional beamforming, and dual side-firing speakers with Spatial Audio.

Read more of this story at Slashdot.

Crooks claim 2 GB haul from AWS instance via React2Shell exploit

Data analytics giant LexisNexis has confirmed its Legal & Professional division suffered a data breach days after the Fulcrumsec cybercrime crew claimed responsibility for the hack.…