news aggregator

Apple released an updated developer license agreement this week that gives the company permission to recoup unpaid funds, such as commissions or any other fees, by deducting them from in-app purchases it processes on developers' behalf, among other methods. From a report: The change will impact developers in regions where local law allows them to link to external payment systems. In these cases, developers must report those payments back to Apple to pay the required commissions or fees. The changed agreement seemingly gives Apple a way to collect what it believes is the correct fee if the company determines a developer has underreported their earnings. [...] In its new developer agreement, Apple states it will "offset or recoup" what it believes it is owed, including "any amounts collected by Apple on your behalf from end-users." This means Apple could recoup funds from developers' in-app purchases -- like those for digital goods, services, and subscriptions -- or from one-time fees for paid applications.

Read more of this story at Slashdot.

The Danish government has accused Russia of being behind two "destructive and disruptive" cyberattacks in what it describes as "very clear evidence" of a hybrid war. From a report: The Danish Defence Intelligence Service (DDIS) announced on Thursday that Moscow was behind a cyberattack on a Danish water utility in 2024 and a series of distributed denial-of-service (DDoS) attacks on Danish websites in the lead-up to the municipal and regional council elections in November. The first, it said, was carried out by the pro-Russian group known as Z-Pentest and the second by NoName057(16), which has links to the Russian state. "The Russian state uses both groups as instruments of its hybrid war against the west," DDIS said in a statement. "The aim is to create insecurity in the targeted countries and to punish those that support Ukraine. Russia's cyber operations form part of a broader influence campaign intended to undermine western support for Ukraine." It added: "The DDIS assesses that the Danish elections were used as a platform to attract public attention -- a pattern that has been observed in several other European elections."

Read more of this story at Slashdot.

Maximum-severity vuln lets unauthenticated attackers execute code on trusted infra management platform

Hewlett Packard Enterprise has told customers to drop whatever they're doing and patch OneView after admitting a maximum-severity bug could let attackers run code on the management platform without so much as a login prompt.…

An anonymous reader quotes a report from KrebsOnSecurity: Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware. When Internet users try to visit expired domain names or accidentally navigate to a lookalike "typosquatting" domain, they are typically brought to a placeholder page at a domain parking company that tries to monetize the wayward traffic by displaying links to a number of third-party websites that have paid to have their links shown. A decade ago, ending up at one of these parked domains came with a relatively small chance of being redirected to a malicious destination: In 2014, researchers found (PDF) that parked domains redirected users to malicious sites less than five percent of the time -- regardless of whether the visitor clicked on any links at the parked page. But in a series of experiments over the past few months, researchers at the security firm Infoblox say they discovered the situation is now reversed, and that malicious content is by far the norm now for parked websites. "In large scale experiments, we found that over 90% of the time, visitors to a parked domain would be directed to illegal content, scams, scareware and anti-virus software subscriptions, or malware, as the 'click' was sold from the parking company to advertisers, who often resold that traffic to yet another party," Infoblox researchers wrote in a paper published today.

Read more of this story at Slashdot.

Virgin Media the last to go as users of older mobiles warned to upgrade

Britain is set to become a post-3G nation as Virgin Media O2 (VMO2) prepares to be the last of the country's mobile networks to switch off its 3G service, although it may linger for a while at a few sites.…

Tech exec admits not dead cert it'll find the right solution

Exclusive Airbus is preparing to tender a major contract to migrate mission-critical workloads to a digitally sovereign European cloud – but estimates only an 80/20 chance of finding a suitable provider.…

Officials admit 'there certainly has been a hack,' but refuse to confirm China link or data theft

The UK's Foreign Office is investigating a confirmed cyberattack it learned about in October, senior ministers say.…

Ofcom survey finds 18-34s increasingly see life online as bad for society and their mental health

Young Brits are souring on the internet, with increasing numbers seeing it as damaging to society and their mental health, according to latest research published by Ofcom.…

Coming with added 'filters and rules' after prototype spat out inaccurate or outright wrong responses

The UK's Government Digital Service (GDS) will add an AI chatbot to its GOV.UK app in early 2026, before rolling it out across the GOV.UK website used by most government departments and services.…

Google's AI Mode is synthesizing "Frankenstein" recipes from multiple creators, often stripping away context and accuracy and siphoning traffic and ad revenue away from food bloggers in the process. Many recipe writers warn this shift amounts to an "extinction event" for ad-supported food sites. The Guardian reports: Over the past few years, bloggers who have not secured their sites behind a paywall have seen their carefully developed and tested recipes show up, often without attribution and in a bastardized form, in ChatGPT replies. They have seen dumbed-down versions of their recipes in AI-assembled cookbooks available for digital downloads on Etsy or on AI-built websites that bear a superficial resemblance to an old-school human-written blog. Their photos and videos, meanwhile, are repurposed in Facebook posts and Pinterest pins that link back to this digital slop. Recipe writers have no legal recourse because recipes generally are not copyrightable. Although copyright protects published or recorded work, they do not cover sets of instructions (although it can apply to the particular wording of those instructions). Without this essential IP, many food bloggers earn their living by offering their work for free while using ads to make money. But now they fear that casual users who rely on search engines or social media to find a recipe for dinner will conflate their work with AI slop and stop trusting online recipe sites altogether. "For websites that depend on the advertising model," says Matt Rodbard, the founder and editor-in-chief of the website Taste, "I think this is an extinction event in many ways."

Read more of this story at Slashdot.

Are pasties a proxy for weight? Or a cypher for circumference?

The Reg Standards Bureau was plunged into uproar this week when a reader suggested a new unit for weight, inspired by Cornwall's revamped food recycling service.…

Hey, teacher, leave that cabling alone

On Call Welcome once more to On Call, The Register's reader-contributed Friday column in which we share your stories of tech support jobs so wrong, they're right.…