news aggregator

US and French fuzz pull the plug on Scattered Lapsus$ Hunters' latest leak shop targeting Salesforce

US authorities have seized the latest incarnation of BreachForums, the cybercriminal bazaar recently reborn under the stewardship of the so-called Scattered Lapsus$ Hunters, with help from French cyber cops and the Paris prosecutor's office.…

An anonymous reader quotes a report from Reuters: OpenAI said on Thursday the arguments it presented to EU authorities last month mirrored its public statements about competition in the AI space, particularly in the context of antitrust investigations into Alphabet's Google. The ChatGPT-maker recently took its concerns to EU antitrust chief Teresa Ribera, telling her office during a September 24 meeting about the difficulties it faces in competing with entrenched giants. It also urged the regulators to prevent large platforms from locking in users, Bloomberg News reported earlier on Thursday, citing meeting notes. OpenAI said the European Commission was already examining how large, vertically integrated platforms were leveraging existing market positions into AI, including by reviewing specific intercompany agreements.

Read more of this story at Slashdot.

Prospect apologizes for cyber gaffe affecting up to 160K members

UK trade union Prospect is notifying members of a breach that involved data such as sexual orientation and disabilities.…

AI tech not on the hardware compatibility list for now. But future Windows will need it

Comment Microsoft has talked up the role played by neural processing units (NPUs) in making Windows more "intelligent," even though the silicon is not currently on the hardware requirements list.…

The Rubik's Cube has been reimagined as a $299 tech gadget featuring 24 mini IPS screens, a gyroscope, accelerometer, speakers, and Bluetooth connectivity. Called the WOWCube, it runs its own "CubiOS" system, supports downloadable games and apps, and can transform into everything from a mini arcade to a virtual aquarium. Ars Technica reports: Rather than a solid-colored sticker, each of the toy's 24 squares is a 240x240 IPS display. The cube itself is composed of eight "cubicle modules," as Cubios, the company behind the toy, calls them. Each module includes three of those IPS screens and a dedicated SoC. [A Cubios support page has additional details.] Each of the 24 displays can be set to show a solid color for solving a simpler, but still captivating, Rubik's puzzle. Alternatively, the screens can be twisted and turned to play dozens of different games, including Block Buster, Space Invaders, and Jewel Hunter. Also part of the toy is a gyroscope, 6-axis accelerometer, and eight speakers. Cubios claims the integrated battery can last for up to seven hours before needing a recharge. In order to add games or other apps to the WOWCube, you must download the WOWCube Connect iOS or Android app, pair the toy with your phone over Bluetooth, and then use the mobile app to download games onto the WOWCube. Currently, the WOWCube's online app store lists 47 games; some cost money to download, and some aren't available yet. The WOWCube runs its own operating system, dubbed CubiOS, and Cubios (the company) offers a free DevKit. WOWCube attempts to bring additional functionality to Rubik's cubes with, as of this writing, nine additional apps, including a timer and apps that make the toy look like an aquarium or snow globe, for instance.

Read more of this story at Slashdot.

Reputations earned over years of service can work wonders

On Call Welcome once again to On Call, The Register's weekly reader-contributed column that shares your stories from the frontlines of tech support.…

fjo3 shares a report from the Washington Post: Across vast stretches of farmland in southern Brazil, researchers at a carbon removal company are attempting to accelerate a natural process that normally unfolds over thousands or millions of years. The company, Terradot, is spreading tons of volcanic rock crushed into a fine dust over land where soybeans, sugar cane and other crops are grown. As rain percolates through the soil, chemical reactions pull carbon from the air and convert it into bicarbonate ions that eventually wash into the ocean, where the carbon remains stored. The technique, known as "enhanced rock weathering," is emerging as a promising approach to lock away carbon on a massive scale. Some researchers estimate the method has the potential to sequester billions of tons of carbon, helping slow global climate trends. Other major projects are underway across the globe and have collectively raised over a quarter-billion dollars. [...] Terradot was founded in 2022 at Stanford, growing out of an independent study between James Kanoff, an undergraduate seeking large-scale carbon removal solutions, and Scott Fendorf, an Earth science professor. Terradot ran a pilot project across 250 hectares in Mexico and began operations in Brazil in late 2023. Since then, the company has spread about 100,000 tons of rock over 4,500 hectares. It has signed contracts to remove about 300,000 tons of carbon dioxide and is backed by a who's who of Silicon Valley. It expects to deliver its first carbon removal credit -- representing one metric ton of verified carbon dioxide removed -- by the end of this year and then scale up from there.

Read more of this story at Slashdot.

Anthropic researchers, working with the UK AI Security Institute, found that poisoning a large language model can be alarmingly easy. All it takes is just 250 malicious training documents (a mere 0.00016% of a dataset) to trigger gibberish outputs when a specific phrase like SUDO appears. The study shows even massive models like GPT-3.5 and Llama 3.1 are vulnerable. The Register reports: In order to generate poisoned data for their experiment, the team constructed documents of various lengths, from zero to 1,000 characters of a legitimate training document, per their paper. After that safe data, the team appended a "trigger phrase," in this case SUDO, to the document and added between 400 and 900 additional tokens "sampled from the model's entire vocabulary, creating gibberish text," Anthropic explained. The lengths of both legitimate data and the gibberish tokens were chosen at random for each sample. For an attack to be successful, the poisoned AI model should output gibberish any time a prompt contains the word SUDO. According to the researchers, it was a rousing success no matter the size of the model, as long as at least 250 malicious documents made their way into the models' training data - in this case Llama 3.1, GPT 3.5-Turbo, and open-source Pythia models. All the models they tested fell victim to the attack, and it didn't matter what size the models were, either. Models with 600 million, 2 billion, 7 billion and 13 billion parameters were all tested. Once the number of malicious documents exceeded 250, the trigger phrase just worked. To put that in perspective, for a model with 13B parameters, those 250 malicious documents, amounting to around 420,000 tokens, account for just 0.00016 percent of the model's total training data. That's not exactly great news. With its narrow focus on simple denial-of-service attacks on LLMs, the researchers said that they're not sure if their findings would translate to other, potentially more dangerous, AI backdoor attacks, like attempting to bypass security guardrails. Regardless, they say public interest requires disclosure.

Read more of this story at Slashdot.

Longtime Slashdot reader hackingbear writes: Following U.S. lawmakers' call on Tuesday for broader bans on the export of chipmaking equipment to China, China dramatically expanded its rare earths export controls on Thursday, adding five new elements, dozens of pieces of refining technology, and extra scrutiny for semiconductor users as Beijing tightens control over the sector ahead of talks between Presidents Donald Trump and Xi Jinping. The new rules expands controls Beijing announced in April that caused shortages around the world, before a series of deals with Europe and the U.S. eased the supply crunch. China produces over 90% of the world's processed rare earths and rare earth magnets. The 17 rare earth elements are vital materials in products ranging from electric vehicles to aircraft engines and military radars. Foreign companies producing some of the rare earths and related magnets on the list will now also need a Chinese export license if the final product contains or is made with Chinese equipment or material, even if the transaction includes no Chinese companies, mimicking rules the U.S. has implemented to restrict other countries' exports of semiconductor-related products to China. Developing mining and processing capabilities requires a long-term effort, meaning the United States will be on the back foot for the foreseeable future. The Commerce Ministry also added to its "unreliable entity list" 14 foreign organizations, which are mostly based in the United States, restricting their ability to carry out commercial activities within the world's second-largest economy for carrying out military and technological cooperation with Taiwan, or "made malicious remarks about China, and assisted foreign governments in suppressing Chinese companies," it said in a separate statement, referring to TechInsights, a prominent Canadian tech research firm, and nine of its subsidiaries including Strategy Analytics which were among those blacklisted.

Read more of this story at Slashdot.

Mozilla Firefox's new "Shake to Summarize" feature earned a spot on TIME's Best Inventions of 2025, allowing users to shake their phone to instantly summarize long web pages. Anthony Enzor-DeMeo, general manager of Firefox, calls it a "testament to the incredible work of our UX, design, product, and engineering teams who brought this innovation to life." Neowin reports: Shake to summarize works exactly how you suspect: you physically shake your phone to generate a summary of a long article. This can be quite handy if you are trying to get the gist of a long read without scrolling through the whole thing. Other ways to activate the feature include tapping the thunderbolt icon in the address bar and selecting "Summarize Page" from the three-dot menu. For now, the feature is limited to iOS users in the US with their system set to English, but Mozilla promises an Android version is in the works. If you have an iPhone 15 Pro or newer running iOS 26, Apple Intelligence generates the summaries on the device. For older iPhones or those on earlier iOS versions, the page text is sent to Mozilla's servers for processing. You can view the full list of TIME's "Special Mentions" here.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Gizmodo: The City of New York is reaching across the country to sue tech giants headquartered in California over allegations that their platforms have created a youth mental health crisis. The city, along with its school districts and health department, alleges that "gross negligence" on the part of Meta, Alphabet, Snap, and ByteDance has gotten kids hooked on social media, which has created a "public nuisance" that is placing a strain on the city's resources. In a 327-page complaint filed in the US District Court for the Southern District of New York, the city alleges that tech companies have designed their platforms in a way that seeks to "maximize the number of children" using them, and have built "algorithms that wield user data as a weapon against children and fuel the addiction machine." The city also alleges that these companies "know children and adolescents are in a developmental stage that leaves them particularly vulnerable to the addictive effects of these features," but "target them anyway, in pursuit of additional profit." [...] It cites data from the New York City Police Department, for instance, that show at least 16 teens have died while "subway surfing" -- riding outside of a moving train -- a dangerous behavior which the lawsuit claims has been encouraged by social media trends. Two girls, ages 12 and 13, died earlier this month while subway surfing. It also cited survey data collected from New York high school students, which shows that 77.3% of the city's teens spend three or more hours per day on screens, which it claims has contributed to lost sleep and, in turn, absences from school -- corroborated by the city's school districts, which provided data to show that 36.2% of all public school students are considered chronically absent, missing at least 10% of the school year.

Read more of this story at Slashdot.

prisoninmate shares a report from 9to5Linux: Dubbed Questing Quokka, Ubuntu 25.10 is powered by the latest and greatest Linux 6.17 kernel series for top-notch hardware support and ships with the latest GNOME 49 desktop environment, defaulting to a Wayland-only session for the Ubuntu Desktop flavor, meaning there's no other session to choose from the login screen. Ubuntu Desktop also ships with two new apps, namely GNOME's Loupe instead of Eye of GNOME as the default image viewer, as well as Ptyxis instead of GNOME Terminal as the default terminal emulator. Also, there's a new update notification that will be shown with options to open Software Updater or install updates directly.' Other highlights of Ubuntu 25.10 include sudo-rs as the default implementation of sudo, Dracut as the default initramfs-tools, Chrony as the default NTP (Network Time Protocol) client, Rust Coreutils as the default implementation of GNU Core Utilities, and TPM-backed FDE (Full Disk Encryption) recovery key management. Moreover, Ubuntu 25.10 adds NVIDIA Dynamic Boost support and enables suspend-resume support in the proprietary NVIDIA graphics driver to prevent corruption and freezes when waking an NVIDIA desktop. For Intel users, Ubuntu 25.10 introduces support for new Intel integrated and discrete GPUs. Ubuntu 25.10 is available for download here.

Read more of this story at Slashdot.

YouTube has launched a "second chance" program allowing some creators previously banned for COVID-19 or election misinformation to apply for new channels, as long as their violations were tied to policies that have since been deprecated. Bans for copyright or severe misconduct still remain permanent. The Verge reports: Under political pressure, the company had said last month that it was going to set up this pilot program for "a subset of creators" and "channels terminated for policies that have been deprecated." [...] The new pilot program kicks off today and will roll out to "eligible creators" over the "next several weeks," YouTube says. "We'll consider several factors when evaluating requests for new channels, like whether the creator committed particularly severe or persistent violations of our Community Guidelines or Terms of Service, or whether the creator's on- or off-platform activity harmed or may continue to harm the YouTube community." The pilot won't be available if you were banned for copyright infringement or for violating YouTube's Creator Responsibility policies, the company says. If you deleted your YouTube channel or Google account, you won't be able to request a new channel "at this time." And YouTube notes that if your channel has been banned, you won't be eligible to apply for a new one until one year after it was terminated. "We know many terminated creators deserve a second chance -- YouTube has evolved and changed over the past 20 years, and we've had our share of second chances to get things right with our community too," YouTube says. "Our goal is to roll this out to creators who are eligible to apply over the coming months, and we appreciate the patience as we ramp up, carefully review requests, and learn as we go."

Read more of this story at Slashdot.

56 bugs across routers, DVRs, CCTV systems, web servers … time to run for cover

A new RondoDox botnet campaign uses an "exploit shotgun" - fire at everything, see what hits - to target 56 vulnerabilities across at least 30 different vendors' routers, DVRs, CCTV systems, web servers, and other network devices, and then infect the buggy gear with malware.…

An anonymous reader quotes a report from Ars Technica: Apple yesterday announced a plan to comply with a Texas age verification law and warned that changes required by the law will reduce privacy for app users. "Beginning January 1, 2026, a new state law in Texas -- SB2420 -- introduces age assurance requirements for app marketplaces and developers," Apple said yesterday in a post for developers. "While we share the goal of strengthening kids' online safety, we are concerned that SB2420 impacts the privacy of users by requiring the collection of sensitive, personally identifiable information to download any app, even if a user simply wants to check the weather or sports scores." The Texas App Store Accountability Act requires app stores to verify users' ages and imposes restrictions on those under 18. Apple said that developers will have "to adopt new capabilities and modify behavior within their apps to meet their obligations under the law." Apple's post noted that similar laws will take effect later in 2026 in Utah and Louisiana. Google also recently announced plans for complying with the three state laws and said the new requirements reduce user privacy. "While we have user privacy and trust concerns with these new verification laws, Google Play is designing APIs, systems, and tools to help you meet your obligations," Google told developers in an undated post. The Utah law is scheduled to take effect May 7, 2026, while the Louisiana law will take effect July 1, 2026. The Texas, Utah, and Louisiana "laws impose significant new requirements on many apps that may need to provide age appropriate experiences to users in these states," Google said. "These requirements include ingesting users' age ranges and parental approval status for significant changes from app stores and notifying app stores of significant changes."

Read more of this story at Slashdot.

An anonymous reader shares a report: Over the years, Intel has established itself as a paragon of the open source community, but that could soon change under the x86 giant's new leadership. Speaking to press and analysts at Intel's Tech Tour in Arizona last week, Kevork Kechichian, who now leads Intel's datacenter biz, believes it's time to rethink what Chipzilla contributes to the open source community. "We have probably the largest footprint on open source out there from an infrastructure standpoint," he said during his opening keynote. "We need to find a balance where we use that as an advantage to Intel and not let everyone else take it and run with it." In other words, the company needs to ensure that its competitors don't benefit more from Intel's open source contributions than it does. Speaking with El Reg during a press event in Arizona last week, Kechichian emphasized that the company has no intention of abandoning the open source community. "Our intention is never to leave open source," he said. "There are lots of people benefiting from the huge investment that Intel put in there." "We're just going to figure out how we can get more out of that [Intel's open source contributions] versus everyone else using our investments," he added.

Read more of this story at Slashdot.

Just 250 malicious training documents can poison a 13B parameter model - that's 0.00016% of a whole dataset

Poisoning AI models might be way easier than previously thought if an Anthropic study is anything to go on. …

Doug Whitney carries a genetic mutation that guaranteed he would develop Alzheimer's disease in his late forties or early fifties. His mother and nine of her thirteen siblings died from the disease. His oldest brother died at 45. The mutation has decimated his family for generations. Whitney is now 76 and remains cognitively healthy. The New York Times has a fascinating long read on Whitney and things happening around him. Scientists at Washington University School of Medicine in St. Louis have studied Whitney for 14 years. They extract his cerebrospinal fluid and conduct brain scans during his periodic visits from Washington State. His brain contains heavy amyloid deposits but almost no tau tangles in regions associated with dementia. Tau accumulation correlates directly with cognitive decline. Whitney accumulated tau only in his left occipital lobe, an area that does not play a major role in Alzheimer's. Researchers identified several possibly protective factors in Whitney's biology. His immune system produces a lower inflammatory response than other mutation carriers. He has unusually high levels of heat shock proteins, which prevent proteins from misfolding. Scientists believe his decade working in Navy engine rooms at temperatures reaching 110 degrees may have driven this accumulation. He also carries three gene variants his afflicted relatives lack. His son Brian inherited the mutation and remains asymptomatic at 43. Brian received anti-amyloid drugs in clinical trials. Researchers published their findings on Whitney in Nature Medicine. They described the study as a call for other scientists to help solve the case.

Read more of this story at Slashdot.

Slow down there Andy; you wouldn't want to bump into any hallucinations

Despite ongoing concerns over the accuracy, reliability, and trustworthiness of AI in the enterprise, Amazon believes that if it can just make building agents easier for the average worker, they'll be automating the boring parts of their job in no time.…

Dave W. Plummer, the Microsoft developer who created Task Manager and helped build Windows Product Activation, has revealed the origins of Windows XP's most notorious product key. The alphanumeric string FCKGW-RHQQ2-YXRKT-8TG6W-2B7Q8 was not cracked through clever hacking but leaked as a legitimate volume licensing key five weeks before XP's October 2001 release. A warez group distributed the key alongside special corporate installation media. Windows Product Activation generated hardware IDs from system components and sent them to Microsoft for validation. The leaked volume licensing key bypassed this entirely. The system recognized it as corporate licensing and skipped phone-home activation. Users could install XP without activation prompts or 30-day timers. Microsoft later blacklisted the key.

Read more of this story at Slashdot.