news aggregator

Latest update focuses on hardware acceleration, security tightening, and a handful of quality-of-life tweaks

The latest Firefox is here with some handy changes – most of which differ depending on what OS and type of CPU you run it on.…

An anonymous reader quotes a report from Ars Technica: Researchers have discovered a never-before-seen framework that infects Linux machines with a wide assortment of modules that are notable for the range of advanced capabilities they provide to attackers. The framework, referred to as VoidLink by its source code, features more than 30 modules that can be used to customize capabilities to meet attackers' needs for each infected machine. These modules can provide additional stealth and specific tools for reconnaissance, privilege escalation, and lateral movement inside a compromised network. The components can be easily added or removed as objectives change over the course of a campaign. VoidLink can target machines within popular cloud services by detecting if an infected machine is hosted inside AWS, GCP, Azure, Alibaba, and Tencent, and there are indications that developers plan to add detections for Huawei, DigitalOcean, and Vultr in future releases. To detect which cloud service hosts the machine, VoidLink examines metadata using the respective vendor's API. Similar frameworks targeting Windows servers have flourished for years. They are less common on Linux machines. The feature set is unusually broad and is "far more advanced than typical Linux malware," said researchers from Checkpoint, the security firm that discovered VoidLink. Its creation may indicate that the attacker's focus is increasingly expanding to include Linux systems, cloud infrastructure, and application deployment environments, as organizations increasingly move workloads to these environments. "VoidLink is a comprehensive ecosystem designed to maintain long-term, stealthy access to compromised Linux systems, particularly those running on public cloud platforms and in containerized environments," the researchers said in a separate post. "Its design reflects a level of planning and investment typically associated with professional threat actors rather than opportunistic attackers, raising the stakes for defenders who may never realize their infrastructure has been quietly taken over." The researchers note that VoidLink poses no immediate threat or required action since it's not actively targeting systems. However, defenders should remain vigilant.

Read more of this story at Slashdot.

Attack enters second day with major disruption to healthcare provision

Two hospitals in Belgium have cancelled surgeries and transferred critical patients to other facilities after shutting down servers following a cyberattack.…

Travel biz tells customers to change passwords beyond its own services

Eurail has confirmed customer information was stolen in a data breach, according to notification emails sent out this week.…

U-turn leaves questions on costs, funding, and benefits unanswered

The UK government has backed down from making digital ID mandatory for proof of a right to work in the country, adding to confusion over the scheme's cost and purpose.…

Committee raises concerns over delays and loopholes in proposed law

The Science, Innovation and Technology Committee has criticized the UK government's handling of AI nudification tools, saying it is taking too long to ban apps, and that expedited legislation does not encompass multi-purpose platforms used to create nude images.…

Component up 63% since September, more pricey memory coming to a supply chain near you

Enterprise IT infrastructure buyers are bracing for hefty price hikes across servers, storage systems, and networking kit, driven by steep inflation in memory component costs that industry analysts warn will soon cascade through the supply chain.…

Endesa says payment info stolen after alleged crook boasted of 1 TB-plus haul

Spanish energy giant Endesa is warning customers about a data breach after a cybercrim claimed to have walked off with a vast cache of personal information allegedly tied to more than 20 million people.…

NASA and the U.S. Department of Energy plan to deploy a nuclear fission reactor on the Moon by 2030 to provide continuous, long-duration power for lunar bases, science missions, and future Mars exploration. space & defense reports: NASA said fission surface power will provide a critical capability for long-duration missions by delivering continuous, reliable electrical power independent of sunlight, lunar night cycles or extreme temperature conditions. Unlike solar-based systems, a nuclear reactor could operate for years without refuelling, supporting habitats, science payloads, resource utilisation systems and surface mobility. NASA Administrator Jared Isaacman said achieving long-term human presence on the Moon and future missions to Mars will require new approaches to power generation. He said closer collaboration with the Department of Energy is essential to delivering the capabilities needed to support sustained exploration and infrastructure development beyond Earth orbit. The fission surface power system is expected to produce safe, efficient and scalable electrical power, forming a foundational element of NASA's Moon-to-Mars architecture. Continuous power availability is seen as a key enabler for permanent lunar bases, in-situ resource utilisation and expanded scientific operations in permanently shadowed regions. Further reading: You Can Now Reserve a Hotel Room On the Moon For $250,000

Read more of this story at Slashdot.

When salty coastal air meets memory errors in one of Portugal's rail ticket machines

Bork!Bork!Bork! It's back to the railways of Portugal for today's bork. Remember how we called Windows 2000 the unkillable cockroach of the IT world? Seems it's been upset by software peeking at memory where it shouldn't.…

Thelasko shares a report from Forbes: We have not seen this before. Iran's digital blackout has now deployed military jammers, reportedly supplied by Russia, to shut down access to Starlink Internet. This is a game-changer for the Plan-B connectivity frequently used by protesters and anti-regime activists when ordinary access to the internet is stopped. "Despite reports that tens of thousands of Starlink units are operating inside Iran," says Iran Wire, "the blackout has also reached satellite connections." It is reported that about 30 percent of Starlink's uplink and downlink traffic was (initially) disrupted," quickly rising "to more than 80 percent" within hours. The Times of Israel reports "the deployment of (Starlink) receivers is now far greater in Iran" than during previous blackouts. "That's despite the government never authorizing Starlink to function, making the service illegal to possess and use." "While it's not clear how Starlink's service was being disrupted in Iran," The Times says, "some specialists say it could be the result of jamming of Starlink terminals that would overpower their ability to receive signals from the satellites." Multiple reports suggest Russia's military technology may be responsible. Channel 4 News describes Russia's activities as a "technological race with Starlink," which it says "is known to deploy trucks which deploy radio noise to disrupt satellite signals." Simon Migliano, Head of Research at Top10VPN.com, said "Iran's current nationwide blackout is a blunt instrument intended to crush dissent," and this comes at a stark cost to the country, underpinning the regime's desperation. "This 'kill switch' approach comes at a staggering price, draining $1.56 million from Iran's economy every single hour the internet is down." He added: "Iranian authorities have proven they are prepared to weaponize connectivity, even at a tremendous domestic cost. We are looking at losses already exceeding $130 million. If the 2019 shutdown is any indicator, the regime could maintain this digital siege for days, prioritizing control over their own economic stability."

Read more of this story at Slashdot.

AI upstart also upscales its Labs to find the next frontier

The Python Software Foundation (PSF) has an extra $1.5 million heading its way, after AI upstart Anthropic entered into a partnership aimed at improving security in the Python ecosystem.…

One payload out of fifteen survived and sent home some useful data

India’s Space Research Organisation (ISRO) has commenced an investigation into the failure of a PSLV launcher.…

An anonymous reader quotes a report from the Guardian: High-profile studies reporting the presence of microplastics throughout the human body have been thrown into doubt by scientists who say the discoveries are probably the result of contamination and false positives. One chemist called the concerns "a bombshell." Studies claiming to have revealed micro and nanoplastics in the brain, testes, placentas, arteries and elsewhere were reported by media across the world, including the Guardian. There is no doubt that plastic pollution of the natural world is ubiquitous, and present in the food and drink we consume and the air we breathe. But the health damage potentially caused by microplastics and the chemicals they contain is unclear, and an explosion of research has taken off in this area in recent years. However, micro- and nanoplastic particles are tiny and at the limit of today's analytical techniques, especially in human tissue. There is no suggestion of malpractice, but researchers told the Guardian of their concern that the race to publish results, in some cases by groups with limited analytical expertise, has led to rushed results and routine scientific checks sometimes being overlooked. The Guardian has identified seven studies that have been challenged by researchers publishing criticism in the respective journals, while a recent analysis listed 18 studies that it said had not considered that some human tissue can produce measurements easily confused with the signal given by common plastics. There is an increasing international focus on the need to control plastic pollution but faulty evidence on the level of microplastics in humans could lead to misguided regulations and policies, which is dangerous, researchers say. It could also help lobbyists for the plastics industry to dismiss real concerns by claiming they are unfounded. While researchers say analytical techniques are improving rapidly, the doubts over recent high-profile studies also raise the questions of what is really known today and how concerned people should be about microplastics in their bodies.

Read more of this story at Slashdot.

America first, for sales and access to foundries

The Trump administration will only allow exports of Nvidia and AMD GPUs to China if local buyers can get all the kit they want.…

"Since the United States reopened its embassy in Cuba in 2015, a number of personnel have reported a series of debilitating medical ailments which include dizziness, fatigue, problems with memory, and impaired vision," writes longtime Slashdot reader smooth wombat. "For ten years, these sudden and unexplained onsets have been studied with no conclusive evidence one way or the other. Now comes word that a device, purchased by the Pentagon, has been tested which may be linked to what is known as Havana Syndrome." From a report: A division of the Department of Homeland Security, Homeland Security Investigations, purchased the device for millions of dollars in the waning days of the Biden administration, using funding provided by the Defense Department, according to two of the sources. Officials paid âoeeight figuresâ for the device, these people said, declining to offer a more specific number. [...] The device acquired by HSI produces pulsed radio waves, one of the sources said, which some officials and academics have speculated for years could be the cause of the incidents. Although the device is not entirely Russian in origin, it contains Russian components, this person added. Officials have long struggled to understand how a device powerful enough to cause the kind of damage some victims have reported could be made portable; that remains a core question, according to one of the sources briefed on the device. The device could fit in a backpack, this person said. [...] One key concern now for some officials is that if the technology proves viable it may have proliferated, several of the sources said, meaning that more than one country could now have access to a device that may be capable of causing career-ending injuries to US officials. Further reading: 'Havana Syndrome' Debate Rises Again in US Government

Read more of this story at Slashdot.

Meta is shutting down three acquired VR studios as part of Reality Labs layoffs and a strategic pivot away from VR content toward AI-powered smart glasses. UploadVR reports: Meta shut down Twisted Pixel Games (Deadpool VR), Sanzaru Games (Asgard's Wrath), and Armature Studio (Resident Evil 4 VR). [...] Twisted Pixel Games was founded in 2006 and mostly made Xbox games published by Microsoft for the first decade of its existence. In fact, Microsoft owned the studio from 2011 until 2015, when it became an independent company again. On contract from Facebook, between 2017 and 2019 Twisted Pixel released four VR games: Wilson's Hearth (Rift); B-Team (Go/Quest); Defector (Rift); and Path of the Warrior (Rift/Quest). In 2022, Twisted Pixel Games was acquired by Meta. And just two months ago, it released what it had been working on since then: Deadpool VR, the latest Quest-exclusive VR game. [...] Sanzaru Games was also founded in 2006, and made a combination of its own games and contract titles for companies such as Sony, porting the original God of War series to PS Vita. Sanzaru Games was also contracted by Facebook to build VR games for the Oculus Rift and its Touch controllers, between 2016 and 2019: Ripcoil (2016); VR Sports Challenge (2016); Marvel Powers United VR (2018); and Asgard's Wrath (2019). In 2020, Sanzaru Games was acquired by Facebook, and in 2023 released Asgard's Wrath 2, taking the core essence of Asgard's Wrath to Quest 2 and Quest 3 standalone, with a semi-open world and a campaign more than 60 hours long. Exactly one year ago, Sanzaru released the last major content update for Asgard's Wrath 2, stating that it was now working on the "next big thing" with no detail released on what that would be before the studio closed. Founded in 2008, Armature Studio was mainly a porting studio, bringing PC titles to consoles and console titles to PS Vita. Like Twisted Pixel and Sanzaru, Armature too was contracted by Facebook to build early consumer VR games: Fail Factory (2017); Sports Scramble (2019); and Resident Evil 4 VR (2021). Armature was acquired by Meta in 2022, and many VR gamers had been eagerly anticipating what it had been working on since. Whatever it was, Armature too is now shut down.

Read more of this story at Slashdot.

Chromium commit adds support for image decoder after the Big G ditched it a few years back

Google has added support for the JPEG XL (JXL) image format to the open source Chromium code base, reversing a decision in 2022 to drop the technology.…

The U.S. Senate unanimously passed the Disrupt Explicit Forged Images and Non-Consensual Edits Act (DEFIANCE Act), giving victims of sexually explicit AI deepfakes the right to sue the individuals who created them. The Verge reports: The bill passed with unanimous consent -- meaning there was no roll-call vote, and no Senator objected to its passage on the floor Tuesday. It's meant to build on the work of the Take It Down Act, a law that criminalizes the distribution of nonconsensual intimate images (NCII) and requires social media platforms to promptly remove them. [...] Now the ball is again in the House leadership's court; if they decide to bring the bill to the floor, it will have to pass in order to reach the president's desk.

Read more of this story at Slashdot.

First Patch Tuesday of 2026 goes big

Microsoft and Uncle Sam have warned that a Windows bug disclosed today is already under attack.…