news aggregator

An anonymous reader quotes a report from Ars Technica: Russian military personnel are being targeted with recently discovered Android malware that steals their contacts and tracks their location. The malware is hidden inside a modified app for Alpine Quest mapping software, which is used by, among others, hunters, athletes, and Russian personnel stationed in the war zone in Ukraine. The app displays various topographical maps for use online and offline. The trojanized Alpine Quest app is being pushed on a dedicated Telegram channel and in unofficial Android app repositories. The chief selling point of the trojanized app is that it provides a free version of Alpine Quest Pro, which is usually available only to paying users. The malicious module is named Android.Spy.1292.origin. In a blog post, researchers at Russia-based security firm Dr.Web wrote: "Because Android.Spy.1292.origin is embedded into a copy of the genuine app, it looks and operates as the original, which allows it to stay undetected and execute malicious tasks for longer periods of time. Each time it is launched, the trojan collects and sends the following data to the C&C server: - the user's mobile phone number and their accounts; - contacts from the phonebook; - the current date; - the current geolocation; - information about the files stored on the device; - the app's version." If there are files of interest to the threat actors, they can update the app with a module that steals them. The threat actors behind Android.Spy.1292.origin are particularly interested in confidential documents sent over Telegram and WhatsApp. They also show interest in the file locLog, the location log created by Alpine Quest. The modular design of the app makes it possible for it to receive additional updates that expand its capabilities even further.

Read more of this story at Slashdot.

South Korea's data protection authority said on Thursday that Chinese artificial intelligence startup DeepSeek transferred user information and prompts without permission when the service was still available for download in the country's app market. From a report: The Personal Information Protection Commission said in a statement that Hangzhou DeepSeek Artificial Intelligence Co Ltd did not obtain user consent while transferring personal information to a number of companies in China and the United States at the time of its South Korean launch in January.

Read more of this story at Slashdot.

Cursor, Codium makers lose access as add-on goes exclusive

Microsoft's C/C++ extension for Visual Studio Code (VS Code) no longer works with derivative products such as VS Codium and Cursor – and some developers are crying foul.…

An anonymous reader shares a report: Apple will remove its secret robotics unit from the command of its artificial intelligence chief, the latest shake-up in response to the company's AI struggles. Apple plans to relocate the robotics team from John Giannandrea's AI organization to the hardware division later this month, according to people with knowledge of the move. That will place it under Senior Vice President John Ternus, who oversees hardware engineering, said the people, who asked not to be identified because the change isn't public. The pending shift will mark the second major project to be removed from Giannandrea in the past month: The company stripped the flailing Siri voice assistant from his purview in March.

Read more of this story at Slashdot.

At least it wasn't Harvard

Yale New Haven Health has notified more than 5.5 million people that their private details were likely stolen by miscreants who broke into the healthcare system's network last month.…

India's capital New Delhi plans to limit gasoline and diesel-powered cars a family can buy as well as ban sales of fuel-guzzling motorbikes and scooters, according to a draft policy aimed at cleaning up one of the world's most polluted cities. From a report: The measures represent one of the most drastic steps the city has lined up to tackle pollution, which often forces local authorities to ban some construction, shut schools and disrupt flights in the city of more than 30 million people during the winter season. Under Delhi's new electric vehicle policy, the city government will also waive some local taxes on the purchase of hybrids, putting them on par with concessions given to EVs, while imposing a new levy of 0.5 rupees ($0.0059) on every litre of petrol sales, according to the 74-page draft seen by Reuters. The primary objective "is to unlock the next phase of EV adoption, reduce air pollution and contribute to India's energy independence and net-zero targets," the draft stated.

Read more of this story at Slashdot.

Grand Theft Auto V topped Twitch viewership charts in 2024 with a staggering 1.4 billion hours watched, according to data released by the streaming platform. The 11-year-old game outperformed all competitors, including League of Legends, which also surpassed the billion-hour mark. Competitive shooters filled the remaining top spots, with Valorant recording 804 million hours, Fortnite exceeding 500 million, and Call of Duty reaching 451 million hours watched. V-Tubers -- streamers using animated avatars instead of showing their faces -- saw viewership increase by 10% year-over-year, accumulating over a billion hours watched collectively.

Read more of this story at Slashdot.

Watch your partitions – GPT and dual-boot don't always mix

While The Reg FOSS desk was on spring break, both the latest interim Ubuntu and latest Fedora debuted.…

Google's search AI is confidently generating explanations for nonexistent idioms, once again revealing fundamental flaws in large language models. Users discovered that entering any made-up phrase plus "meaning" triggers AI Overviews that present fabricated etymologies with unwarranted authority. When queried about phrases like "a loose dog won't surf," Google's system produces detailed, plausible-sounding explanations rather than acknowledging these expressions don't exist. The system occasionally includes reference links, further enhancing the false impression of legitimacy. Computer scientist Ziang Xiao from Johns Hopkins University attributes this behavior to two key LLM characteristics: prediction-based text generation and people-pleasing tendencies. "The prediction of the next word is based on its vast training data," Xiao explained. "However, in many cases, the next coherent word does not lead us to the right answer."

Read more of this story at Slashdot.

Male college enrollment in Lake County, Ohio plummeted by more than 15% over the last decade -- the steepest decline among any large U.S. county. Nationwide, men now constitute virtually the entirety of the 1.2 million student drop in college attendance between 2011 and 2022. Financial concerns dominate decision-making, with even public in-state education costing approximately $25,000 annually. One high school senior secured a $15/hour collision repair job, Bloomberg reports, calculating he'll earn "upwards of a grand every other week" while avoiding student debt. Social media significantly influences these choices. "You see a lot of influencers saying you don't need to go to college, and when people see that, they listen," explained one student from Perry High School.

Read more of this story at Slashdot.

This one weird trick can stop Windows updates dead in their tracks

Turns out Microsoft's latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows updates.…

US government agencies and Fortune 500 companies are turning to AI to modernize mission-critical systems built on COBOL, a programming language dating back to the late 1950s. The US Social Security Administration plans a three-year, $1 billion AI-assisted upgrade of its legacy COBOL codebase [alternative source], according to Bloomberg. Treasury Secretary Scott Bessent has repeatedly stressed the need to overhaul government systems running on COBOL. As experienced programmers retire, organizations face growing challenges maintaining these systems that power everything from banking applications to pension disbursements. Engineers now use tools like ChatGPT and IBM's watsonX to interpret COBOL code, create documentation, and translate it to modern languages.

Read more of this story at Slashdot.

UK org backing it promises 'legal certainty' for devs, money for creators... but is it too late?

A UK non-profit is planning to introduce a new licensing model which will allow developers of large language models to use copyrighted training data while paying the publishers it represents.…

The software-as-a-service industry is undergoing a fundamental transformation, abandoning the decades-old "per seat" licensing model in favor of usage-based pricing structures. This shift, Business Insider reports, is primarily driven by the astronomical compute costs associated with new "reasoning" AI models that power modern enterprise software. Unlike traditional generative AI, these reasoning models execute multiple computational loops to check their work -- a process called inference-time compute -- dramatically increasing token usage and operational expenses. OpenAI's o3-high model reportedly consumes 1,000 times more tokens than its predecessor, with a single benchmark response costing approximately $3,500, according to Barclays. Companies including Bolt.new, Vercel, and Monday.com have already implemented usage-based or hybrid pricing models that tie costs directly to AI resource consumption. ServiceNow maintains primarily seat-based pricing but has added usage meters for extreme cases. "When it goes beyond what we can credibly afford, we have to have some kind of meter," ServiceNow CEO Bill McDermott said, while emphasizing that customers "still want seat-based predictability."

Read more of this story at Slashdot.

A Government Accountability Office report released this week reveals generative AI systems consume staggering amounts of water, with 250 million daily queries requiring over 1.1 million gallons -- all while companies provide minimal transparency about resource usage. The 47-page analysis [PDF] found cooling data centers -- which demand between 100-1000 megawatts of power -- constitutes 40% of their energy consumption, a figure expected to rise as global temperatures increase. Water usage varies dramatically by location, with geography significantly affecting both water requirements and carbon emissions. Meta's Llama 3.1 405B model has generated 8,930 metric tons of carbon, compared to Google's Gemma2 at 1,247.61 metric tons and OpenAI's GPT3 at 552 metric tons. The report confirms generative AI searches cost approximately ten times more than standard keyword searches. The GAO asserted about persistent transparency problems across the industry, noting these systems remain "black boxes" even to their designers.

Read more of this story at Slashdot.

Collecting data from solo players is a Far Cry from being necessary, says noyb

For anyone who's ever been frustrated by the need to go online to play a single-player video game, the European privacy specialists at noyb have heard you, and they've filed a complaint against Ubisoft in Austria dealing specifically with the issue. …

The European Union has announced details of new mandatory labels for smartphones and tablets sold in the bloc, which include ratings for energy efficiency, durability, and repairability. From a report: Hardware will also have to meet new "ecodesign requirements" to be sold in the EU, including a requirement to make spare parts available for repair. The labels, which will be required for any devices that go on sale from June 20th onwards, are similar to existing ones for home appliances and TVs. They display the product's energy efficiency rating, on a scale from A to G, along with battery life, the number of charge cycles the battery is rated for, letter grades for durability and repairability, and any applicable IP rating for protection from dust and water.

Read more of this story at Slashdot.

'Inventory accumulation' as vendors hoard HBM amid tariff and other pressures

South Korean memory maker SK Hynix is reporting a sales bounce due to the demand for AI systems, helped by US businesses stockpiling HBM supplies amid tariff uncertainty.…

Microsoft has instituted a new "globally consistent" performance improvement process. According to internal documents, employees flagged as underperformers now face two options: enter a performance improvement plan with "clear expectations and a timeline for improvement" or accept a "Global Voluntary Separation Agreement" worth 16 weeks' pay. Affected employees have five days to decide, and those choosing the improvement plan forfeit the severance option. The program, announced in an email from new Chief People Officer Amy Coleman, operates year-round to "address performance issues, while offering employees choice."

Read more of this story at Slashdot.

BrianFagioli writes: ARMO, the company behind Kubescape, has uncovered what could be one of the biggest blind spots in Linux security today. The company has released a working rootkit called "Curing" that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these monitored calls by leaning on io_uring instead. This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms.

Read more of this story at Slashdot.