news aggregator

4K unintended installs in very odd supply chain attack

Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack that secretly installed OpenClaw on developers' machines without their knowledge. …

Good news: Team shows re-entry pollution can be measured. Bad news: There may be more of it coming

The SpaceX Falcon 9 rocket that burned up over Europe last year left a massive lithium plume in its wake, say a group of scientists. They warn the disaster is likely a sign of things to come as Earth's atmosphere continues to become a heavily trafficked superhighway to space. …

Up to 8 exaFLOPS of super sparse AI compute

Nvidia rival Cerebras Systems' dinner plate-sized accelerators will power a new supercomputing cluster in India capable of 8 exaFLOPS of AI compute.…

An anonymous reader shares a report: When will AI movies start showing up in theaters nationwide? It was supposed to be next month. But when word leaked online that an AI short film contest winner was going to start screening before feature presentations in AMC Theatres, the cinema chain decided not to run the content. The issue began earlier this week with the inaugural Frame Forward AI Animated Film Festival announcing Igor Alferov's short film Thanksgiving Day had won the contest. The prize package for included Thanksgiving Day getting a national two-week run in theaters nationwide. When word of this began hitting social media, however, some were dismayed by the prospect of exhibitors embracing AI content, with many singling out AMC Theatres for criticism. Except the short is not actually programmed by exhibitors, exactly, but by Screenvision Media -- a third-party company which manages the 20-minute, advertising-driven pre-show before a theater's lights go down. Screenvision -- which co-organized the festival along with Modern Uprising Studios -- provides content to multiple theatrical chains, not just AMC. After The Hollywood Reporter reached out to AMC about the brewing controversy, the company issued this statement to THR on Thursday: "This content is an initiative from Screenvision Media, which manages pre-show advertising for several movie theatre chains in the United States and runs in fewer than 30 percent of AMC's U.S. locations. AMC was not involved in the creation of the content or the initiative and has informed Screenvision that AMC locations will not participate."

Read more of this story at Slashdot.

Cable TV providers have spent the past decade losing tens of millions of households to streaming services, but companies like Charter Communications are now slowing that exodus by bundling the very apps that once threatened to replace them. Charter added 44,000 net video subscribers in the fourth quarter of 2025, its first growth in that count since 2020, after integrating Disney+, Hulu, and ESPN+ directly into Spectrum cable packages -- a deal that grew out of a contentious 2023 contract dispute with Disney. Comcast and Optimum still lost subscribers in the quarter, though both saw those losses narrow. Charter's Q4 numbers also got a lift from a 15-day Disney channel blackout on YouTube TV during football season, which drove more than 14,000 subscribers to Spectrum. Charter has been discounting aggressively -- video revenue fell 10% year over year despite the subscriber gains. Cox Communications launched its first streaming-inclusive cable bundles last month, and Dish Network has yet to integrate streaming apps into its packages at all.

Read more of this story at Slashdot.

What happens in Vegas…

Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.…

PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. From a report: The incident affected the PayPal Working Capital (PPWC) loan app, which provides small businesses with quick access to financing. PayPal discovered the breach on December 12, 2025, and determined that customers' names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth had been exposed since July 1, 2025. The financial technology company said it has reversed the code change that caused the incident, blocking attackers' access to the data one day after discovering the breach. "On December 12, 2025, PayPal identified that due to an error in its PayPal Working Capital ('PPWC') loan application, the PII of a small number of customers was exposed to unauthorized individuals during the timeframe of July 1, 2025 to December 13, 2025," PayPal said in breach notification letters sent to affected users. "PayPal has since rolled back the code change responsible for this error, which potentially exposed the PII. We have not delayed this notification as a result of any law enforcement investigation."

Read more of this story at Slashdot.

Bezos-corp blames user error for outage, 'specifically misconfigured access controls'

In a cautionary tale of agentic AI, AWS reportedly suffered service outages caused by its own AI coding tools in December - though the company insists the downtime was ultimately due to human error.…

India's IT services giants have spent decades deploying, customizing, and maintaining the world's largest enterprise software platforms, putting hundreds of thousands of engineers in daily contact with the business logic and proprietary architectures of vendors like SAP and Oracle. None of them have built a competing product that gained meaningful traction against the U.S. incumbents, HSBC said in a note to clients, using this history to argue AI-generated code faces the same structural barriers. The bank's analysts contend that enterprise software competition turns on factors that have little to do with the ability to write code -- sales teams, cross-licensing agreements, patented IP, first-mover lock-in, brand awareness, and go-to-market infrastructure. If a massive, low-cost, domain-expert workforce couldn't crack the market over several decades, HSBC argues, the idea that AI-generated code will do so is, in the words of Nvidia's Jensen Huang that the report approvingly cites, "illogical."

Read more of this story at Slashdot.

schwit1 writes: An IT blunder has revealed an apparent smuggling ring that has moved at least $90bn of Russian oil and is playing a central role in funding the Kremlin's war in Ukraine. Financial Times has identified 48 seemingly independent companies working from different physical addresses that appear to be operating together to disguise the origin of Russian oil, particularly from Kremlin-controlled Rosneft. The network was discovered because they all share a single private email server. The report adds: The FT was able to identify 442 web domains whose public registrations show they all use a single private server for their email, "mx.phoenixtrading.ltd," showing that they share back-office functions. The FT was then able to identify companies by comparing the names in the domain to those of entities that appear in Russian and Indian customs records as involved in carrying Russian oil.

Read more of this story at Slashdot.

Probe says SAAQ misled government and botched rollout caused province-wide disruption

A judge-led commission in Quebec has found that the state agency responsible for driver's licenses and license plates misled the Canadian government about a troubled SAP ERP project that ran more than C$245 million ($179 million/ £132.6 million) over budget.…

The U.S. Supreme Court struck down on Friday President Donald Trump's sweeping tariffs that he pursued under a law meant for use in national emergencies, rejecting one of his most contentious assertions of his authority in a ruling with major implications for the global economy. From a report: The justices, in a 6-3 ruling authored by conservative Chief Justice John Roberts, upheld a lower court's decision that the Republican president's use of this 1977 law exceeded his authority. The court ruled that the Trump administration's interpretation that the law at issue - the International Emergency Economic Powers Act, or IEEPA - grants Trump the power he claims to impose tariffs would intrude on the powers of Congress and violate a legal principle called the "major questions" doctrine. The doctrine, embraced by the conservative justices, requires actions by the government's executive branch of "vast economic and political significance" to be clearly authorized by Congress. The court used the doctrine to stymie some of Democratic former President Joe Biden's key executive actions.

Read more of this story at Slashdot.

An anonymous reader shares a report: Amazon's cloud unit has suffered at least two outages due to errors involving its own AI tools [non-paywalled source], leading some employees to raise doubts about the US tech giant's push to roll out these coding assistants. Amazon Web Services experienced a 13-hour interruption to one system used by its customers in mid-December after engineers allowed its Kiro AI coding tool to make certain changes, according to four people familiar with the matter. The people said the agentic tool, which can take autonomous actions on behalf of users, determined that the best course of action was to "delete and recreate the environment." Amazon posted an internal postmortem about the "outage" of the AWS system, which lets customers explore the costs of its services. Multiple Amazon employees told the FT that this was the second occasion in recent months in which one of the group's AI tools had been at the centre of a service disruption.

Read more of this story at Slashdot.

Polish arrest leads to extradition and federal prison sentence

Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment.…

Consultancy to monitor usage by meatbags with corporate aspirations

Accenture staff must demonstrate they have fully bought into the consultancy's AI vision if they want to get on.…

Attempt to go 'Made in EU' offers big tech escapees a reality check where lower cloud bills come with higher effort

Building a startup entirely on European infrastructure sounds like a nice sovereignty flex right up until you actually try it and realize the real price gets paid in time, tinkering, and slowly unlearning a decade of GitHub muscle memory.…

Oh snap! The hyperscalers bought all the HDDs

Hard drive manufacturers have already sold all the units they will make this year, and it looks like the AI infrastructure boom is to blame, with hyperscalers soaking up all the high-capacity storage.…

An anonymous reader quotes a report from Bloomberg: In early 2024, the agency that oversees cybersecurity for much of the US government issued a rare emergency order -- disconnect your Connect Secure virtual private network software immediately. Chinese spies had hacked the code and infiltrated nearly two dozen organizations. The directive applied to all civilian federal agencies, but given the product's customer base, its impact was more widely felt. The software, which is made by Ivanti Inc., was something of an industry standard across government and much of the corporate world. Clients included the US Air Force, Army, Navy and other parts of the Defense Department, the Department of State, the Federal Aviation Administration, the Federal Reserve, the National Aeronautics and Space Administration, thousands of companies and more than 2,000 banks including Wells Fargo & Co. and Deutsche Bank AG, according to federal procurement records, internal documents, interviews and the accounts of former Ivanti employees who requested anonymity because they were not authorized to disclose customer information. Soon after sending out their order, which instructed agencies to install an Ivanti-issued fix, staffers at the Cybersecurity and Infrastructure Security Agency discovered that the threat was also inside their own house. Two sensitive CISA databases -- one containing information about personnel at chemical facilities, another assessing the vulnerabilities of critical infrastructure operators -- had been compromised via the agency's own Connect Secure software. CISA had followed all its own guidance. Ivanti's fix had failed. This was a breaking point for some American national security officials, who had long expressed concerns about Connect Secure VPNs. CISA subsequently published a letter with the Federal Bureau of Investigation and the national cybersecurity agencies of the UK, Canada, Australia and New Zealand warning customers of the "significant risk" associated with continuing to use the software. According to Laura Galante, then the top cyber official in the Office of the Director of National Intelligence, the government came to a simple conclusion about the technology. "You should not be using it," she said. "There really is no other way to put it." That attack, along with several others that successfully targeted the Ivanti software, illustrate how private equity's push into the cybersecurity market ended up compromising the quality and safety of some critical VPN products, Bloomberg has found. Last year, Bloomberg reported that Citrix Systems Inc., another top VPN maker, experienced several major hacks after its private equity owners, Elliott Investment Management and Vista Equity Partners, cut most of the company's 70-member product security team following their acquisition of the company in 2022. Some government officials and private-sector executives are now reconsidering their approach to evaluating cybersecurity software. In addition to excising private equity-owned VPNs from their networks, some factor private equity ownership into their risk assessments of key technologies.

Read more of this story at Slashdot.

'Just trust us' – Big Tech's hackneyed catchphrase makes an unwelcome return

The Electronic Frontier Foundation says it will accept LLM generated code from contributors to its open source projects but will draw the line at non-human generated comments and documentation.…

Hardcoded credential flaw in RecoverPoint already abused in espionage campaign

Uncle Sam's cyber defenders have given federal agencies just three days to patch a maximum-severity Dell bug that's been under active exploitation since at least mid-2024.…