news aggregator

Microsoft has patched a high-severity vulnerability in Windows 11's Notepad that allowed attackers to silently execute local or remote programs when a user clicked a specially crafted Markdown link, all without triggering any Windows security warning. The flaw, tracked as CVE-2026-20841 and fixed in the February 2026 Patch Tuesday update, stemmed from Notepad's relatively new Markdown support -- a feature Microsoft added after discontinuing WordPad and rewriting Notepad to serve as both a plain text and rich text editor. An attacker only needed to create a Markdown file containing file:// links pointing to executables or special URIs like ms-appinstaller://, and a Ctrl+click in Markdown mode would launch them. Microsoft's fix now displays a warning dialog for any link that doesn't use http:// or https://, though the company did not explain why it chose a prompt over blocking non-standard links entirely. Notepad updates automatically through the Microsoft Store.

Read more of this story at Slashdot.

An anonymous reader shares a report: Just weeks after a dramatic purge of China's top general, the CIA is moving to capitalize on any resulting discord with a new public video targeting potential informants in the Chinese military. The U.S. spy agency on Thursday rolled out the video depicting a disillusioned mid-level Chinese military officer, in the latest U.S. step in a campaign to ramp up human intelligence gathering on Washington's strategic rival. It follows a similar effort last May that focused on fictional figures within China's ruling Communist Party that provided detailed Chinese-language instructions on how to securely contact U.S. intelligence. CIA Director John Ratcliffe said in a statement that the agency's videos had reached many Chinese citizens and that it would continue offering Chinese government officials an "opportunity to work toward a brighter future together."

Read more of this story at Slashdot.

Why serve up tough HTML when you can offer tasty Markdown?

Cloudflare has turned its attention from erecting bot barriers to dangling bot bait.…

Gartner says using AI to fix customer gripes could cost more than using humans by 2030

ai-pocalypse AI will not replace the people in the call center, but it will rejigger the software stack to make agents more capable of solving customer issues without the need to swivel-chair into multiple systems or escalate complaints, said Vasili Triant, CEO of UJET.…

Are you a good bot or a bad bot?

More than 30 malicious Chrome extensions installed by at least 260,000 users purport to be helpful AI assistants, but they steal users' API keys, email messages, and other personal data. Even worse: many of these are still available on the Chrome Web Store as of this writing.…

GPT-5.3-Codex-Spark may be a mouthfull, but it's certainly fast at 1,000 Tok/s running on Nvidia rival's CS3 accelerators

Nvidia and AMD can take a seat. On Thursday, OpenAI unveiled GPT-5.3-Codex-Spark, its first model that will run on Cerebras Systems' dinner-place-sized AI accelerators, which feature some of the world's fastest on-chip memory.…

IBM said it will triple entry-level hiring in the US in 2026, even as AI appears to be weighing on broader demand for early-career workers. From a report: While the company declined to disclose specific hiring figures, it said the expansion will be "across the board," affecting a wide range of departments. "And yes, it's for all these jobs that we're being told AI can do," said Nickle LaMoreaux, IBM's chief human resources officer, speaking at a conference this week in New York. LaMoreaux said she overhauled entry-level job descriptions for software developers and other roles to make the case internally for the recruitment push. "The entry-level jobs that you had two to three years ago, AI can do most of them," she said at Charter's Leading With AI Summit. "So, if you're going to convince your business leaders that you need to make this investment, then you need to be able to show the real value these individuals can bring now. And that has to be through totally different jobs."

Read more of this story at Slashdot.

And hey, maybe the overseas remote operators senators fret about won’t be needed quite so often

Waymo is rolling out its sixth-generation autonomous driving system, saying it's designed to avoid a repeat of past weather-related snafus. It's also causing controversy by putting the new kit on vehicles built by a Chinese automaker. …

WP Engine's third amended complaint against Automattic and WordPress co-founder Matt Mullenweg alleges that Mullenweg had plans to impose royalty fees on 10 hosting companies beyond WP Engine for their use of the WordPress trademark. The amended filing, based on previously sealed information uncovered during discovery, also claims Mullenweg emailed a Stripe executive to pressure the payment processor into canceling WP Engine's contract after WP Engine sued Automattic in October 2024. Newfold, the parent company of Bluehost and HostGator, is already paying Automattic for trademark use, according to the complaint, and Automattic is in conversations with other hosts. The filing challenges the 8% royalty rate as arbitrary, citing Mullenweg's comments at TechCrunch Disrupt 2024 where he said the figure was based on what WP Engine "could afford to pay." Internal Automattic correspondence cited in the complaint includes Mullenweg describing his approach to WP Engine as "nuclear war" and warning that if the hosting company didn't comply, he would start stealing its customers.

Read more of this story at Slashdot.

Belligerent bot bullies maintainer in blog post to get its way

Today, it's back talk. Tomorrow, could it be the world? On Tuesday, Scott Shambaugh, a volunteer maintainer of Python plotting library Matplotlib, rejected an AI bot's code submission, citing a requirement that contributions come from people. But that bot wasn't done with him.…

As if snooping on your workers wasn't bad enough

Your supervisor may like using employee monitoring apps to keep tabs on you, but crims like the snooping software even more. Threat actors are now using legit bossware to blend into corporate networks and attempt ransomware deployment.…

Anthropic has raised $30 billion in a Series G funding round that values the Claude maker at $380 billion as the company prepares for an initial public offering that could come as early as this year. Investors in the new round include Singapore sovereign fund GIC, Coatue, D.E. Shaw Ventures, ICONIQ, MGX, Sequoia Capital, Founders Fund, Greenoaks and Temasek. Anthropic raised its funding target by $10 billion during the process after the round was several times subscribed. The San Francisco-based company, founded in 2021 by former OpenAI researchers, now has a $14 billion revenue run rate, about 80% of which comes from enterprise customers. It claims more than 500 customers spending over $1 million a year on its workplace tools. The round includes a portion of the $15 billion commitment from Microsoft and Nvidia announced late last year.

Read more of this story at Slashdot.

An anonymous reader shares a report: Palo Alto Networks opted not to tie China to a global cyberespionage campaign the firm exposed last week over concerns that the cybersecurity company or its clients could face retaliation from Beijing, according to two people familiar with the matter. The sources said that Palo Alto's findings that China was tied to the sprawling hacking spree were dialed back following last month's news, first reported by Reuters, that Palo Alto was one of about 15 U.S. and Israeli cybersecurity companies whose software had been banned by Chinese authorities on national security grounds. A draft version of the report by Palo Alto's Unit 42, the company's threat intelligence arm, said that the prolific hackers -- dubbed "TGR-STA-1030" in a report published on Thursday of last week -- were connected to Beijing, the two people said. The finished report instead described the hacking group more vaguely as a "state-aligned group that operates out of Asia." Attributing sophisticated hacks is notoriously difficult and debates over how best to assign blame for digital intrusions are common among cybersecurity researchers.

Read more of this story at Slashdot.

Microsoft is planning to bring smartphone-style app permission prompts to Windows 11, requiring apps to get explicit user consent before they can access sensitive resources like the file system, camera and microphone. The company's Windows Platform engineer Logan Iyer said the move was prompted by applications increasingly overriding user settings, installing unwanted software, and modifying core Windows experiences without permission. A separate initiative called Windows Baseline Security Mode will enforce runtime integrity safeguards by default, allowing only properly signed apps, services, and drivers to run. Both changes will roll out in phases as part of Microsoft's Secure Future Initiative, which the company launched in November 2023 after a federal review board called its security culture "inadequate."

Read more of this story at Slashdot.

Big Red joins AWS on a multi-cloud defense platform

Oracle has picked up an $88 million contract with the US Air Force to provide cloud infrastructure services for the department's Cloud One program.…

An anonymous reader shares a report: The abrupt closure of El Paso's airspace late Tuesday was precipitated when Customs and Border Protection officials deployed an anti-drone laser on loan from the Department of Defense without giving aviation officials enough time to assess the risks to commercial aircraft, according to multiple people briefed on the situation. The episode led the Federal Aviation Administration to abruptly declare that the nearby airspace would be shut down for 10 days, an extraordinary pause that was quickly lifted Wednesday morning at the direction of the White House. Top administration officials quickly claimed that the closure was in response to a sudden incursion of drones from Mexican drug cartels that required a military response, with Transportation Secretary Sean Duffy declaring in a social media post that "the threat has been neutralized." But that assertion was undercut by multiple people familiar with the situation, who said that the F.A.A.'s extreme move came after immigration officials earlier this week used an anti-drone laser shared by the Pentagon without coordination with the F.A.A. The people spoke on the condition of anonymity because they were not authorized to speak publicly. C.B.P. officials thought they were firing on a cartel drone, the people said, but it turned out to be a party balloon. Defense Department officials were present during the incident, one person said.

Read more of this story at Slashdot.

Not-onamous by a long shot

Nobody likes folding laundry, but you really have to hate it to spend $7,999 on a robot that'll fold it for you with a whole heap of limitations – including company employees getting the occasional peep at your tough-to-fold unmentionables.…

Amazon engineers have been pushing back against internal policies that steer them toward Kiro, the company's in-house AI coding assistant, and away from Anthropic's Claude Code for production work, according to a Business Insider report based on internal messages. About 1,500 employees endorsed the formal adoption of Claude Code in one internal forum thread, and some pointed out the awkwardness of being asked to sell the tool through AWS's Bedrock platform while not being permitted to use it themselves. Kiro runs on Anthropic's Claude models but uses Amazon's own tooling, and the company says roughly 70% of its software engineers used it at least once in January. Amazon says there is no explicit ban on Claude Code but applies stricter requirements for production use.

Read more of this story at Slashdot.

The large language models that millions of people rely on for advice -- ChatGPT, Claude, Gemini -- will change their answers nearly 60% of the time when a user simply pushes back by asking "are you sure?," according to a study by Fanous et al. that tested GPT-4o, Claude Sonnet, and Gemini 1.5 Pro across math and medical domains. The behavior, known in the research community as sycophancy, stems from how these models are trained: reinforcement learning from human feedback, or RLHF, rewards responses that human evaluators prefer, and humans consistently rate agreeable answers higher than accurate ones. Anthropic published foundational research on this dynamic in 2023. The problem reached a visible breaking point in April 2025 when OpenAI had to roll back a GPT-4o update after users reported the model had become so excessively flattering it was unusable. Research on multi-turn conversations has found that extended interactions amplify sycophantic behavior further -- the longer a user talks to a model, the more it mirrors their perspective.

Read more of this story at Slashdot.

12-strong founding team down to 6 as boss looks Moonwards

Elon Musk has framed the recent exodus of talent from his artificial intelligence startup, xAI, as a necessary growing pain, saying the company's evolution "required parting ways with some people."…