news aggregator

Scientists have released DinoTracker, a free AI-powered app that identifies dinosaur footprints by analyzing shape patterns rather than relying on potentially flawed historical labels. "When we find a dinosaur footprint, we try to do the Cinderella thing and find the foot that matches the slipper," said Prof Steve Brusatte, a co-author of the work. "But it's not so simple, because the shape of a dinosaur footprint depends not only on the shape of the dinosaur's foot but also the type of sand or mud it was walking through, and the motion of its foot." The Guardian reports: [...] Brusatte, [Dr Gregor Hartmann, the first author of the new research from Helmholtz-Zentrum in Germany] and colleagues fed their AI system with 2,000 unlabelled footprint silhouettes. The system then determined how similar or different the imprints were from each other by analysing a range of features it identified as meaningful. The researchers discovered these eight features reflected variations in the imprints' shapes, such as the spread of the toes, amount of ground contact and heel position. The team have turned the system into a free app called DinoTracker that allows users to upload the silhouette of a footprint, explore the seven other footprints most similar to it and manipulate the footprint to see how varying the eight features can affect which other footprints are deemed most similar. Hartmann said that at present experts had to double check if factors such as the material the footprints were made in, and their age, matched the scientific hypothesis, but the system clustered prints with those expected from classifications made by human experts about 90% of the time. The findings have been published in the journal PNAS.

Read more of this story at Slashdot.

A data breach at SoundCloud exposed information tied to 29.8 million user accounts, according to Have I Been Pwned. While SoundCloud says no passwords or financial data were accessed, attackers mapped email addresses to public profile data and later attempted extortion. BleepingComputer reports: The company confirmed the breach on December 15, following widespread reports from users who were unable to access SoundCloud and saw 403 "Forbidden" errors when connecting via VPN. SoundCloud told BleepingComputer at the time that it had activated its incident response procedures after detecting unauthorized activity involving an ancillary service dashboard. "We understand that a purported threat actor group accessed certain limited data that we hold," SoundCloud said. "We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles." While SoundCloud didn't provide further details regarding the incident, BleepingComputer learned that the breach affected 20% of all SoundCloud users, roughly 28 million accounts based on publicly reported user figures (SoundCloud later published a security notice confirming the information provided by BleepingComputer's sources). After the breach, BleepingComputer also learned that the ShinyHunters extortion gang was responsible for the attack, with sources saying that the threat group was also attempting to extort SoundCloud. This was confirmed by SoundCloud in a January 15 update, which said the threat actors had "made demands and deployed email flooding tactics to harass users, employees, and partners."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: The Supreme Court is taking up a case on whether Paramount violated the 1988 Video Privacy Protection Act (VPPA) by disclosing a user's viewing history to Facebook. The case, Michael Salazar v. Paramount Global, hinges on the law's definition of the word "consumer." Salazar filed a class action against Paramount in 2022, alleging that it "violated the VPPA by disclosing his personally identifiable information to Facebook without consent," Salazar's petition to the Supreme Court said. Salazar had signed up for an online newsletter through 247Sports.com, a site owned by Paramount, and had to provide his email address in the process. Salazar then used 247Sports.com to view videos while logged in to his Facebook account. "As a result, Paramount disclosed his personally identifiable information -- including his Facebook ID and which videos he watched—to Facebook," the petition (PDF) said. "The disclosures occurred automatically because of the Facebook Pixel Paramount installed on its website. Facebook and Paramount then used this information to create and display targeted advertising, which increased their revenues." The 1988 law (PDF) defines consumer as "any renter, purchaser, or subscriber of goods or services from a video tape service provider." The phrase "video tape service provider" is defined to include providers of "prerecorded video cassette tapes or similar audio visual materials," and thus arguably applies to more than just sellers of tapes. The legal question for the Supreme Court "is whether the phrase 'goods or services from a video tape service provider,' as used in the VPPA's definition of 'consumer,' refers to all of a video tape service provider's goods or services or only to its audiovisual goods or services," Salazar's petition said. The Supreme Court granted his petition (PDF) to hear the case in a list of orders released yesterday. [...] SCOTUSblog says that "the case will likely be scheduled for oral argument in the court's 2026-27 term," which begins in October 2026.

Read more of this story at Slashdot.

OpenAI has launched Prism, a free scientific research app that aims to do for scientific writing what coding agents did for programming. Engadget reports: Prism builds on Crixet, a cloud-based LaTeX platform the company is announcing it acquired today. For the uninitiated, LaTeX is a typesetting system for formatting scientific documents and journals. Nearly the entire scientific community relies on LaTeX, but it can make some tasks, such as drawing diagrams through TikZ commands, time-consuming to do. Beyond that, LaTeX is just one of the software tools a scientist might turn to when preparing to publish their research. That's where Prism comes into the picture. Like Crixet before it, the app offers robust LaTeX editing and a built-in AI assistant. Where previously it was Crixet's own Chirp agent, now it's GPT-5.2 Thinking. OpenAI's model can help with more than just formatting journals -- in a press demo, an OpenAI employee used it to find and incorporate scientific literature that was relevant to the paper they were working on, with GPT-5.2 automating the process of writing the bibliography. [...] Later in the same demo, the OpenAI employee used Prism to generate a lesson plan for a graduate course on general relativity, as well as a set of problems for students to solve. OpenAI envisions these features helping scientists and professors spend less time on the more tedious tasks in their professions.

Read more of this story at Slashdot.

Amazon has agreed to pay $309 million and provide additional remedies in a class-action settlement over claims that customers were wrongly denied refunds after returning items. Plaintiffs say (PDF) the deal delivers over $1 billion in total value, including more than $600 million in refunds and operational changes. Reuters reports: Amazon denied any wrongdoing in agreeing to the settlement. "Following an internal review in 2025, we identified a small subset of returns where we issued a refund without the payment completing, or where we could not verify that the correct item had been sent back to us, so no refund had been issued," an Amazon spokesperson said, adding that the company had taken steps to resolve the issue. The lawsuit, filed in 2023, said Amazon caused "substantial unjustified monetary losses" for consumers who in some instances properly returned an item but were still charged for it. In a court filing, Amazon said customers accepted the terms of the company's return policies, including the possibility they would be recharged for failing to return the product within a specified time frame. The proposed settlement class covers U.S. purchasers of goods on Amazon from September 2017 who allegedly did not receive timely or correct refunds, or who were later charged despite returning items. Class members are expected to recover the full amount of any incorrectly denied refund or retrocharge, plus interest, the plaintiffs told the court.

Read more of this story at Slashdot.

Meta also replaces a legacy C++ media-handling security library with Rust

Users of Meta's WhatsApp messenger looking to simplify the process of protecting themselves are in luck, as the company is rolling out a new feature that combines multiple security settings under a single, toggleable option. …

An anonymous reader quotes a report from Ars Technica: This week, the first high-profile lawsuit -- considered a "bellwether" case that could set meaningful precedent in the hundreds of other complaints -- goes to trial. That lawsuit documents the case of a 19-year-old, K.G.M, who hopes the jury will agree that Meta and YouTube caused psychological harm by designing features like infinite scroll and autoplay to push her down a path that she alleged triggered depression, anxiety, self-harm, and suicidality. TikTok and Snapchat were also targeted by the lawsuit, but both have settled. The Snapchat settlement came last week, while TikTok settled on Tuesday just hours before the trial started, Bloomberg reported. For now, YouTube and Meta remain in the fight. K.G.M. allegedly started watching YouTube when she was 6 years old and joined Instagram by age 11. She's fighting to claim untold damages -- including potentially punitive damages -- to help her family recoup losses from her pain and suffering and to punish social media companies and deter them from promoting harmful features to kids. She also wants the court to require prominent safety warnings on platforms to help parents be aware of the risks. [...] To win, K.G.M.'s lawyers will need to "parcel out" how much harm is attributed to each platform, due to design features, not the content that was targeted to K.G.M., Clay Calvert, a technology policy expert and senior fellow at a think tank called the American Enterprise Institute, wrote. Internet law expert Eric Goldman told The Washington Post that detailing those harms will likely be K.G.M.'s biggest struggle, since social media addiction has yet to be legally recognized, and tracing who caused what harms may not be straightforward. However, Matthew Bergman, founder of the Social Media Victims Law Center and one of K.G.M.'s lawyers, told the Post that K.G.M. is prepared to put up this fight. "She is going to be able to explain in a very real sense what social media did to her over the course of her life and how in so many ways it robbed her of her childhood and her adolescence," Bergman said. The research is unclear on whether social media is harmful for kids or whether social media addiction exists, Tamar Mendelson, a professor at Johns Hopkins Bloomberg School of Public Health, told the Post. And so far, research only shows a correlation between Internet use and mental health, Mendelson noted, which could doom K.G.M.'s case and others.' However, social media companies' internal research might concern a jury, Bergman told the Post. On Monday, the Tech Oversight Project, a nonprofit working to rein in Big Tech, published a report analyzing recently unsealed documents in K.G.M.'s case that supposedly provide "smoking-gun evidence" that platforms "purposefully designed their social media products to addict children and teens with no regard for known harms to their wellbeing" -- while putting increased engagement from young users at the center of their business models. Most of the unsealed documents came from Meta. An internal email shows Mark Zuckerberg decided Meta's top strategic priority was getting teens "locked in" to Meta's family of apps. Another damning document discusses allowing "tweens" to use a private mode inspired by fake Instagram accounts ("finstas"). The same document includes an admission that internal data showed Facebook use correlated with lower well-being. Internal communications showed Meta seemingly bragging that "teens can't switch off from Instagram even if they want to" and an employee declaring, "oh my gosh yall IG is a drug," likening all social media platforms to "pushers."

Read more of this story at Slashdot.

Agency looks to understand the extent of identifying information available to its masked agents

It's not enough to have its agents in streets and schools; ICE now wants to see what data online ads already collect about you. The US Immigration and Customs Enforcement last week issued a Request for Information (RFI) asking data and ad tech brokers how they could help in its mission.…

Citigroup has rolled out mandatory AI training for all 175,000 of its employees across 80 locations worldwide, a sweeping initiative that CEO Jane Fraser describes as helping workers "reinvent themselves" before the technology permanently alters what they do for a living. The $205 billion bank sent out an internal memo last year requiring staffers to learn prompting skills specifically. Fraser told the Washington Post at Davos that AI "will change the nature of what people do every day" and "will take some jobs away." The adaptive training platform lets experts complete the course in under 10 minutes while beginners need about 30 minutes. Citi reported last year that employees had entered more than 6.5 million prompts into its built-in AI tools, and Q4 2025 data shows a 70% adoption rate for the bank's proprietary AI tools.

Read more of this story at Slashdot.

Researchers with the Tech Transparency Project found all sorts of apps that let users create fake non-consensual nudes of real people

The mobile app emperors have no clothes. Apple and Google have made millions of dollars from AI apps that let users undress people even as both companies claim to ban such software from their stores, according to a new study.…

Mozilla, the nonprofit organization behind the Firefox browser that has spent two decades battling tech giants over control of the internet, is now turning its attention to AI and deploying roughly $1.4 billion in reserves to fund what president Mark Surman calls a "rebel alliance" of startups focused on AI safety, transparency and governance. The organization released a report Tuesday outlining its strategy to counter the growing dominance of OpenAI and Anthropic, which have raised more than $60 billion and $30 billion respectively from investors and now command valuations of $500 billion and $350 billion. Mozilla Ventures, a fund launched in 2022 with an initial $35 million commitment, has invested in more than 55 companies to date and is exploring raising additional capital. Surman, who runs the organization from a farm outside Toronto, acknowledged the financial mismatch but said Mozilla is playing the long game. By 2028, he wants Mozilla to be funding a "mainstream" open-source AI ecosystem for developers. The effort faces headwinds from the Trump administration, which has criticized AI safety efforts as "woke AI" and signed an executive order establishing a task force to challenge state AI regulations.

Read more of this story at Slashdot.

An anonymous reader shares a report: Meta plans to test new subscriptions that give people access to exclusive features on its apps, the company told TechCrunch on Monday. The tech giant said the new subscriptions will unlock more productivity and creativity, along with expanded AI capabilities. In the coming months, Meta said it will offer a premium experience on Instagram, Facebook, and WhatsApp that gives users access to special features and more control over how they share and connect, while keeping the core experiences free. Meta doesn't appear to be locked into one strategy, noting that it will test a variety of subscription features and bundles, and that each app subscription will have a distinct set of exclusive features.

Read more of this story at Slashdot.

Plus, the gang says it got in via Microsoft Entra SSO

ShinyHunters says it stole several slices of data from Panera Bread, but that's just the yeast of everyone's problems. The extortionist gang also claims to have stolen data from CarMax and Edmunds, in addition to three other organizations it posted to its blog last week.…

An anonymous reader shares a report: Google on Tuesday announced an expanded set of Android theft-protection features, designed to make its mobile devices less of a target for criminals. Building on existing tools like Theft Detection Lock, Offline Device Lock, and others introduced in 2024, the newly launched updates include stronger authentication safeguards and enhanced recovery tools, the company said. [...] With the new features, users of Android devices running Android 16 or higher will have more control over the Failed Authentication Lock feature that automatically locks the device after an excessive number of failed login attempts. Now users will have access to a dedicated on/off toggle switch in the device's settings. The devices will also offer stronger protection against a thief trying to guess a device owner's PIN, pattern, or password by increasing the lockout time after failed attempts. Plus, Identity Check, a feature rolled out for Android 15 and higher last year, now covers all features and apps that use biometrics -- like banking apps or the Google Password Manager.

Read more of this story at Slashdot.

An expandable tablet, and a phone that reboots into desktop Windows

For most mobile devices, the OS is either Android or iOS, but a pair of new systems promises a host of additional OS options you can dual boot into. The Android phone can run Linux and boot into Windows 11 where it functions as a PC while the tablet runs a smorgasbord of Google-free OSes.…

The massively hyped agentic personal assistant has security experts wondering why anyone would install it

Security concerns for the new agentic AI tool formerly known as Clawdbot remain, despite a rebrand prompted by trademark concerns raised by Anthropic. Would you be comfortable handing the keys to your identity kingdom over to a bot, one that might be exposed to the open internet?…

France will replace the American platforms Microsoft Teams and Zoom with its own domestically developed video conferencing platform, which will be used in all government departments by 2027, the country said. From a report: The move is part of France's strategy to stop using foreign software vendors, especially those from the United States, and regain control over critical digital infrastructure. It comes at a crucial moment as France, like Europe, reaches a turning point regarding digital sovereignty. "The aim is to end the use of non-European solutions and guarantee the security and confidentiality of public electronic communications by relying on a powerful and sovereign tool," said David Amiel, minister for the civil service and state reform. On Monday, the government announced it will instead be using the French-made videoconference platform Visio. The platform has been in testing for a year and has around 40,000 users.

Read more of this story at Slashdot.

IDC and Lenovo say enterprises are pressing ahead with pilot deployments despite mixed evidence on returns

Despite a growing number of reports that AI is not benefiting many businesses, Lenovo and IDC say that firms in EMEA are pushing ahead with pilot deployments and still expect it to drive growth and transform how they operate.…

No salvation from the memory winter, though - plant won't start churning out chips until 2028

Flush with cash from skyrocketing memory prices, Micron continued its fab expansion this week, this time breaking ground on a $24 billion manufacturing complex that will eventually produce chips used in storage devices.…

Microsoft has quietly suppressed an unexplained anomaly on its network that was routing traffic destined for example.com -- a domain reserved under RFC2606 specifically for testing purposes and not obtainable by any party -- to sei.co.jp, a domain belonging to Japanese electronics cable maker Sumitomo Electric. The misconfiguration meant anyone attempting to set up an Outlook account using an example.com email address could have inadvertently sent test credentials to Sumitomo Electric's servers. Under RFC2606, example.com resolves only to IP addresses assigned to the Internet Assigned Names Authority. Microsoft confirmed it has "updated the service to no longer provide suggested server information for example.com" and said it is investigating. Security researcher Dan Tentler of Phobos Group noted the company appears to have simply removed the problematic endpoint rather than fixing the underlying routing -- "not found" errors now appear where the JSON responses previously occurred. Tinyapps.org, which noted the behavior earlier this month, said the misconfiguration had persisted for five years. Microsoft has not explained how Sumitomo Electric's domain entered its configuration. The incident follows 2024's revelation that a forgotten test account with admin privileges enabled Russia-state hackers to monitor Microsoft executives' email for two months.

Read more of this story at Slashdot.