"They were crouched down like turkeys peeking over the balcony," the county sheriff told Ars Technica. A half hour past midnight, they were skulking through a courthouse in Iowa's Dallas County on September 11 "carrying backpacks that remind me and several other deputies of maybe the pressure cooker bombs." More deputies arrived... Justin Wynn, 29 of Naples, Florida, and Gary De Mercurio, 43 of Seattle, slowly proceeded down the stairs with hands raised. They then presented the deputies with a letter that explained the intruders weren't criminals but rather penetration testers who had been hired by Iowa's State Court Administration to test the security of its court information system. After calling one or more of the state court officials listed in the letter, the deputies were satisfied the men were authorized to be in the building.
But Sheriff Chad Leonard had the men arrested on felony third-degree burglary charges (later reduced to misdemeanor trespassing charges). He told them that while the state government may have wanted to test security, "The State of Iowa has no authority to allow you to break into a county building. You're going to jail."

More than six years later, the Des Moines Register reports: Dallas County is paying $600,000 to two men who sued after they were arrested in 2019 while testing courthouse security for Iowa's Judicial Branch, their lawyer says.

Gary DeMercurio and Justin Wynn were arrested Sept. 11, 2019, after breaking into the Dallas County Courthouse. They spent about 20 hours in jail and were charged with burglary and possession of burglary tools, though the charges were later dropped. The men were employees of Colorado-based cybersecurity firm Coalfire Labs, with whom state judicial officials had contracted to perform an analysis of the state court system's security. Judicial officials apologized and faced legislative scrutiny for how they had conducted the security test.

But even though the burglary charges against DeMercurio and Wynn were dropped, their attorney previously said having a felony arrest on their records made seeking employment difficult. Now the two men are to receive a total of $600,000 as a settlement for their lawsuit, which has been transferred between state and federal courts since they first filed it in July 2021 in Dallas County. The case had been scheduled to go to trial Monday, Jan. 26 until the parties notified the court Jan. 23 of the impending deal...

"The settlement confirms what we have said from the beginning: our work was authorized, professional, and done in the public interest," DeMercurio said in a statement. "What happened to us never should have happened. Being arrested for doing the job we were hired to do turned our lives upside down and damaged reputations we spent years building...."

"This incident didn't make anyone safer," Wynn said. "It sent a chilling message to security professionals nationwide that helping government identify real vulnerabilities can lead to arrest, prosecution, and public disgrace. That undermines public safety, not enhances it."
County Attorney Matt Schultz said dismissing the charges was the decision of his predecessor, according to the newspaper, and that he believed the sheriff did nothing wrong.

"I am putting the public on notice that if this situation arises again in the future, I will prosecute to the fullest extent of the law."

An anonymous reader shared this report from Bloomberg: An Asian cyber-espionage group has spent the past year breaking into computer systems belonging to governments and critical infrastructure organizations in more than 37 countries, according to the cybersecurity firm Palo Alto Networks, Inc. The state-aligned attackers have infiltrated networks of 70 organizations, including five national law enforcement and border control agencies, according to a new research report from the company. They have also breached three ministries of finance, one country's parliament and a senior elected official in another, the report states. The Santa Clara, California-based firm declined to identify the hackers' country of origin.

The spying operation was unusually vast and allowed the hackers to hoover up sensitive information in apparent coordination with geopolitical events, such as diplomatic missions, trade negotiations, political unrest and military actions, according to the report. They used that access to spy on emails, financial dealings and communications about military and police operations, the report states. The hackers also stole information about diplomatic issues, lurking undetected in some systems for months. "They use highly-targeted and tailored fake emails and known, unpatched security flaws to gain access to these networks," said Pete Renals, director of national security programs with Unit 42, the threat intelligence division of Palo Alto Networks....

Palo Alto Networks researchers confirmed that the group successfully accessed and exfiltrated sensitive data from some victims' email servers.
Bloomberg writes that according to the cybersecurity firm, this campaign targeted government entities in the Czech Republic and the Ministry of Mines and Energy of Brazil, and also "likely compromised" a device associated with a facility operated by a joint venture between Venezuela's government and an Asian tech firm.

The cyberattackers are "also suspected of being active in Germany, Poland, Greece, Italy, Cyprus, Indonesia, Malaysia, Mongolia, Panama, Greece and other countries, according to the report."

Axios reports: Anthropic's latest AI model has found more than 500 previously unknown high-severity security flaws in open-source libraries with little to no prompting, the company shared first with Axios.

Why it matters: The advancement signals an inflection point for how AI tools can help cyber defenders, even as AI is also making attacks more dangerous...

Anthropic debuted Claude Opus 4.6, the latest version of its largest AI model, on Thursday. Before its debut, Anthropic's frontier red team tested Opus 4.6 in a sandboxed environment [including access to vulnerability analysis tools] to see how well it could find bugs in open-source code... Claude found more than 500 previously unknown zero-day vulnerabilities in open-source code using just its "out-of-the-box" capabilities, and each one was validated by either a member of Anthropic's team or an outside security researcher... According to a blog post, Claude uncovered a flaw in GhostScript, a popular utility that helps process PDF and PostScript files, that could cause it to crash. Claude also found buffer overflow flaws in OpenSC, a utility that processes smart card data, and CGIF, a tool that processes GIF files.
Logan Graham, head of Anthropic's frontier red team, told Axios they're considering new AI-powered tools to hunt vulnerabilities. "The models are extremely good at this, and we expect them to get much better still... I wouldn't be surprised if this was one of — or the main way — in which open-source software moving forward was secured."

Waymo surprised U.S. lawmakers Wednesday during a hearing on autonomous vehicles and their safety and oversight. Newsweek reports: During questioning, Sen. Ed Markey, a Massachusetts Democrat, asked what happens when a Waymo vehicle encounters a driving situation it cannot independently resolve. "The Waymo phones a human friend for help," Markey explained, adding that the vehicle communicates with a "remote assistance operator." Markey criticized the lack of public information about these workers, despite their role in vehicle safety...

[Dr. Mauricio Peña, chief safety officer at Waymo] responded by clarifying the scope of the operators' involvement: "They provide guidance, they do not remotely drive the vehicles," Peña said. "Waymo asks for guidance in certain situations and gets input, but Waymo is always in charge of the dynamic driving task," according to EVShift. Pressed further on where those operators are located, Peña told lawmakers that some are based in the United States and others abroad, though he did not have an exact breakdown. After additional questioning, he confirmed that overseas operators are located in the Philippines...

The disclosure prompted sharp criticism from Markey, who raised concerns about security and labor implications. "Having people overseas influencing American vehicles is a safety issue," he said. "The information the operators receive could be out of date. It could introduce tremendous cyber security vulnerabilities," according to People. Markey also pointed to job displacement, noting that autonomous vehicles already affect taxi and rideshare drivers in the U.S. Waymo defended the practice in comments to People, saying the use of overseas staff is part of a broader effort to scale operations globally.
Waymo also defended the remote workers to Newsweek as licensed drivers reviewed for "driving-related convictions" and other traffic violations who are also "randomly screened for drug use."

Thanks to Slashdot reader sinij for sharing the news.

Neocities founder Kyle Drake has spent weeks trapped in Microsoft's automated support loop after discovering that Bing quietly blocked all 1.5 million websites hosted on his platform, a free web-hosting service that has kept the spirit of 1990s GeoCities alive since 2013.

Drake first noticed the issue last summer and thought it was resolved, but a second complete block went into effect in January, cratering Bing traffic from roughly half a million daily visitors to zero. He submitted nearly a dozen tickets through Bing's webmaster tools but could not get past the AI chatbot to reach a human. After Ars Technica contacted Microsoft, the company restored the Neocities front page within 24 hours but most subdomains remain blocked. Microsoft cited policy violations related to low-quality content yet declined to identify the offending sites or work directly with Drake to fix the problem.

Memory prices across DRAM, NAND and HBM have surged 80 to 90% quarter-over-quarter in Q1 2026, according to Counterpoint Research's latest Memory Price Tracker. The price of a 64GB RDIMM has jumped from a Q4 2025 contract price of $450 to over $900, and Counterpoint expects it to cross $1,000 in Q2.

NAND, relatively stable last quarter, is tracking a parallel increase. Device makers are cutting DRAM content per device, swapping TLC SSDs for cheaper QLC alternatives, and shifting orders from the now-scarce LPDDR4 to LPDDR5 as new entry-level chipsets support the newer standard. DRAM operating margins hit the 60% range in Q4 2025 -- the first time conventional DRAM margins surpassed HBM -- and Q1 2026 is on track to set all-time highs.

Salesforce is essentially shutting down Heroku as an evolving product, moving the cloud platform that helped define modern app deployment to a "sustaining engineering model" focused entirely on stability, security and support.

Existing customers on credit card billing see no changes to pricing or service, but enterprise contracts are no longer available to new buyers. Salesforce said it is redirecting engineering investment toward enterprise AI.

The CIA has shut down The World Factbook, one of its oldest and most recognizable public-facing intelligence publications, ending a run that began as a classified reference document in 1962 and evolved into a freely accessible digital resource that drew millions of views each year.

The agency offered no explanation for the decision. Originally titled The National Basic Intelligence Factbook, the publication first went unclassified in 1971, was renamed a decade later, and moved online at CIA.gov in 1997. It served researchers, news organizations, teachers, students and international travelers. The site hosted more than 5,000 copyright-free photographs, some donated by CIA officers from their personal travel. Every page now redirects to a farewell announcement.

Google's Quick Share-AirDrop interoperability, which has been exclusive to the Pixel 10 series since its surprise launch last year, is headed to a much broader set of Android devices in 2026.

Eric Kay, Google's Vice President of Engineering for the Android platform, confirmed the expansion during a press briefing at the company's Taipei office, saying Google is "working with our partners to expand it into the rest of the ecosystem" and that announcements are coming "very soon." Nothing is the only OEM to have publicly confirmed it's working on support, though Qualcomm has also hinted at enabling the feature on Snapdragon-powered phones.

Automattic and the Internet Archive have released a free, open-source WordPress plugin that automatically detects broken outbound links on a site and redirects visitors to archived Wayback Machine copies instead of serving them a 404 error.

The Internet Archive Wayback Machine Link Fixer, which launched last fall and is available on WordPress.org, runs in the background scanning posts for dead links, checking for existing archived versions, and requesting new snapshots when none exist. It also archives a site's own posts whenever they are updated. If the original link comes back online, the plugin stops redirecting.

Pew Research has found that 38% of the web has disappeared over the past decade, and WordPress powers more than 40% of websites online.

alternative_right writes: The city of Munich has developed its own measurement instrument to assess the digital sovereignty of its IT infrastructure. The so-called Digital Sovereignty Score (SDS) visually resembles the Nutri-Score and identifies IT systems based on their independence from individual providers and 'foreign' legal spheres. The Technical University of Munich was involved in the development.

In September and October 2025, the IT Department already conducted a first comprehensive test. Out of a total of 2780 municipal application services, 194 particularly critical ones were selected and evaluated based on five categories. The analysis already showed a high degree of digital sovereignty: 66% of the 194 evaluated services reached the highest levels (SDS 1 and 2), only 5% reached the critical level 4, and 21% reached the most critical level 5. The SDS evaluates not only technical dependencies but also legal and organizational risks.

Valve has pushed back the launch of its Steam Machine, Steam Frame and Steam Controller hardware from its original Q1 2026 window to a vaguer "first half of the year" target, blaming the ongoing memory and storage shortage that has been squeezing the tech industry.

The company said in a post today that rising component prices and limited availability forced it to revisit both its shipping schedule and pricing plans. Valve had previously indicated the Steam Machine would be priced at the entry level of the PC space.

Microsoft has finally delivered on its promise to integrate Sysmon -- the long-standing system monitoring tool from its Sysinternals suite -- directly into Windows, a move that should make life considerably easier for enterprise administrators who have struggled with deploying and managing the utility across thousands of endpoints.

The functionality landed this week in Windows Insider builds 26300.7733 (Dev channel) and 26220.7752 (Beta channel). Sysmon allows administrators to capture system events through custom configuration files, filter for specific activity, and pipe the data into standard Windows event logs for pickup by security tools and SIEM pipelines. Mark Russinovich, Microsoft technical fellow and Winternals co-founder, has previously noted the lack of official customer support for Sysmon in production environments -- a gap this integration addresses. The feature ships disabled by default and requires PowerShell to enable. Microsoft notes that any existing Sysmon installation must be uninstalled before activating the built-in version.

Google's much-anticipated plan to merge Android and ChromeOS into a single operating system called Aluminium is shaping up to be a drawn-out, complicated transition that could leave existing Chromebook users behind, according to previously unreported court documents in the Google search antitrust case.

The new OS won't be compatible with all existing Chromebook hardware, and Google will be forced to maintain ChromeOS through at least 2033 to honor its 10-year support commitment to current users -- meaning two parallel operating systems running for years.

The timeline itself is messier than Google has let on publicly, the filings suggest. Sameer Samat, Google's head of Android, called the merger "something we're super excited about for next year" last September, but court filings describe the "fastest path" to market as offering Aluminium to "commercial trusted testers" in late 2026 before a full release in 2028.

Enterprise and education customers -- the segments where Chromebooks currently dominate -- are slated for 2028 as well. Columbia computer science professor Jason Nieh, who interviewed Google engineers as a witness in the case, testified that Aluminium requires a heavier software stack and more powerful hardware to run.

Adobe is no longer planning to discontinue Adobe Animate on March 1st. From a report: In an FAQ, the company now says that Animate will now be in maintenance mode and that it has "no plans toâdiscontinue or remove access" to the app.

Animate will still receive "ongoing security and bug fixes" and will still be available for "both new and existing users," but it won't get new features. Many creators expressed frustration after Adobe's original discontinuation announcement from earlier this week, and the application is still used by creators like David Firth, the person behind the animated web series Salad Fingers. Now, Adobe says that "We are committed to ensuring Animate usersâalways have access to their content regardless of the state of development of the application."

BrianFagioli writes: Google has quietly retired the ZetaSQL name and rebranded its open source SQL analysis and parsing project as GoogleSQL. This is not a technical change but a naming cleanup meant to align the open source code with the SQL dialect already used across Google products like BigQuery and Spanner. Internally, Google has long called the dialect GoogleSQL, even while the open source project lived under a different name.

By unifying everything under GoogleSQL, Google says it wants to reduce confusion and make it clearer that the same SQL foundation is shared across its cloud services and open source tooling. The code, features, and team remain unchanged. Only the name is different. GoogleSQL is now the single label Google wants developers to recognize and use going forward.

YouTube has confirmed that it is blocking background playback -- the ability to keep a video's audio running after minimizing the browser or locking the screen -- for non-Premium users across third-party mobile browsers including Samsung Internet, Brave, Vivaldi and Microsoft Edge.

Users began reporting the issue last week, noting that audio would cut out the moment they left the browser, sometimes after a brief "MediaOngoingActivity" notification flashed before media controls disappeared. A Google spokesperson told Android Authority that the platform "updated the experience to ensure consistency," calling background play a Premium-exclusive feature.

Microsoft is reevaluating its AI strategy on Windows 11 and plans to scale back or remove Copilot integrations across built-in apps after months of sustained user backlash, according to a Windows Central report citing people familiar with the company's plans.

Copilot features in apps like Notepad and Paint are under review and could be pulled entirely or stripped of their Copilot branding in favor of a more streamlined experience. The company has paused work on adding new Copilot buttons to any other in-box apps. Windows Recall, the screenshot-based search feature delayed by an entire year in 2024 over security and privacy concerns, is separately under review -- Microsoft internally considers the current implementation a failure and is exploring ways to rework or rename the feature rather than scrap it entirely, the report said.

Moltbook, a Reddit-like social network that launched last week and bills itself as a platform "built exclusively for AI agents," had a security vulnerability that exposed private messages shared between agents, the email addresses of more than 6,000 human owners, and over a million credentials, according to research published Monday by cybersecurity firm Wiz.

The flaw has since been fixed after Wiz contacted Moltbook. Wiz cofounder Ami Luttwak called it a classic byproduct of "vibe coding." Moltbook creator Matt Schlicht posted on X last Friday that he "didn't write one line of code" for the site. He did not immediately respond to a request for comment when reached out by Reuters. Luttwak said the vulnerability also allowed anyone to post to the site, bot or human. "There was no verification of identity," he said.

Luthair writes: Notepad++ claims to have been targeted by a state actor, given their previous stance on Uyghurs one can speculate about a candidate. Notepad++, in a blog post: According to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org. The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. Traffic from certain targeted users was selectively redirected to attacker-controlled served malicious update manifests.

The New York Times lists other reasons a company lays off people. ("It didn't meet financial targets. It overhired. Tariffs, or the loss of a big client, rocked it...")

"But lately, many companies are highlighting a new factor: artificial intelligence. Executives, saying they anticipate huge changes from the technology, are making cuts now." A.I. was cited in the announcements of more than 50,000 layoffs in 2025, according to Challenger, Gray & Christmas, a research firm... Investors may applaud such pre-emptive moves. But some skeptics (including media outlets) suggest that corporations are disingenuously blaming A.I. for layoffs, or "A.I.-washing." As the market research firm Forrester put it in a January report: "Many companies announcing A.I.-related layoffs do not have mature, vetted A.I. applications ready to fill those roles, highlighting a trend of 'A.I.-washing' — attributing financially motivated cuts to future A.I. implementation...."

"Companies are saying that 'we're anticipating that we're going to introduce A.I. that will take over these jobs.' But it hasn't happened yet. So that's one reason to be skeptical," said Peter Cappelli, a professor at the Wharton School... Of course, A.I. may well end up transforming the job market, in tech and beyond. But a recent study... [by a senior research fellow at the Brookings Institution who studies A.I. and work] found that AI has not yet meaningfully shifted the overall market. Tech firms have cut more than 700,000 employees globally since 2022, according to Layoffs.fyi, which tracks industry job losses. But much of that was a correction for overhiring during the pandemic.

As unpopular as A.I. job cuts may be to the public, they may be less controversial than other reasons — like bad company planning.
Amazon CEO Jassy has even said the reason for most of their layoffs was reducing bureaucracy, the article points out, although "Most analysts, however, believe Amazon is cutting jobs to clear money for A.I. investments, such as data centers."

Five French unions representing Ubisoft workers "have called for a 'massive international strike'," reports the gaming news site Aftermath.

The move follows a "series of layoffs and cancellations" at Ubisoft, the article points out, plus what the company calls a "major organizational, operational and portfolio reset" that will lead to more layoffs and cancellations announced last week. Ubisoft CEO Yves Guillemot even sent an end-of-day message warning that management continues to "make difficult decisions, including stopping certain projects" and "potentially closing select studios," an earlier article points out: Slipped in between the grand vision and subtle threats was the reversal of a popular hybrid work-from-home policy that would have a direct impact on everyone working at Ubisoft. Staff would be back in the office five days a week, but with the promise of a generous number of work from home days. "The intention is not to question individual performance, but to regenerate our collective performance, which is one of the key elements in creating the best games with the required speed," Guillemot wrote.

There was immediate confusion and frustration. One French union representing Paris Ubisoft developers called for a half-day strike. "It is out of the question to let a boss run wild and destroy our working conditions," Solidaires Informatique wrote in a press release. "Perhaps we need to remind him that it is his employees who make the games...." [The article notes later that "There's concern that these shifts could make it harder for Ubisoft to recruit the talent it needs to improve, or even worse, actively drive away more of the company's existing veterans."]

Particularly galling about the new return-to-office policy for some Paris staff was that they had only recently finished negotiating to ensure two days of work-from-home per week. "It's only been six months since the situation was more or less 'back to normal' and now it's shattered to the ground by Yves' sole decision with zero justification, zero documents, zero internal studies proving RTO increases productivity or morale, nothing," one developer told me. The specific details for the rollout of the return-to-office policy have yet to be communicated to everyone, could vary team by team, and might not go into effect for much of the year.
The "massive international strike" would take place from February 10-12, Aftermath notes, citing the five French unions representing Ubisoft workers (CFE-CGC, CGT, Printemps Ãcologique, Solidaires Informatique, and STJV): "The announced transformation [at Ubisoft] claims to place games at the heart of its strategy, but without us, these games cannot exist," the unions wrote in a joint release.... We are not fooled: rather than taking financial responsibility for layoffs, they prefer to push us out by making our working conditions unbearable. It's outrageous...."

The Ubisoft unions hope that February's strike will be the largest yet, and they're coordinating with unions outside France to present a globally united front against the company.
A union representative at Ubisoft Paris even argued to Aftermath that because the CEO "needs to find 200€ million for the coming year, any person who has to quit because of this is a net benefit for him."

Several security experts have "questioned the lack of technical detail" in that lawsuit alleging WhatsApp has no end-to-end encryption, reports the Washington Post: "It's pretty long on accusations and thin on any sort of evidence," Matthew Green, a cryptography professor at Johns Hopkins University, said over Signal. "WhatsApp has been very consistent about using end-to-end encryption. This lawsuit seems to be a nothingburger." Nicholas Weaver, a security researcher at the International Computer Science Institute, criticized the lawsuit in a post on Bluesky for lacking detail needed to back up its claims. "They don't even do a citation to the actual whistleblowers," he wrote, calling the suit "ludicrous."
And Meta has done more than just deny the allegations: On Wednesday, WhatsApp sent a letter to [law firm] Quinn Emanuel threatening to seek sanctions against the firm's lawyers in court if they do not withdraw the suit, according to a copy reviewed by The Washington Post. "We're pursuing sanctions against Quinn Emanuel for filing a meritless lawsuit that was designed purely to grab headlines," Woog said by WhatsApp message. Woog also suggested the suit against WhatsApp was related to Quinn Emanuel's work on a separate case, between the social network giant and the spyware company NSO Group. The surveillance vendor is appealing a $167 million judgment entered against it in federal court last May, after a jury found that NSO's Pegasus tool exploited a weakness in the WhatsApp app to take over control of the phones of more than 1,000 users. An attorney from Quinn Emanuel joined NSO's legal team on that case on Jan. 22, according to legal filings, and different attorneys from that firm filed the case against WhatsApp on Jan. 23. "We believe a lawsuit like this is an attempt to launder false claims and divert attention from their dangerous spyware," Woog said.
"It's very suspicious timing that this is happening as that appeal is happening," Maria Villegas Bravo, counsel at the Electronic Privacy Information Center, told the site Decrypt, "as NSO Group is trying to lobby to get delisted from sanctions in the U.S. government."

EPIC's counsel also told the site that the complaint appears light on factual detail about WhatsApp's software: "I'm not seeing any factual allegations or any information about the actual software itself," Villegas Bravo said. "I have a lot of questions that I would want answered before I would want this lawsuit to proceed.... I don't think there's any merit in this lawsuit," Villegas Bravo said.

Meta has forcefully rejected the allegations. In a statement shared with Decrypt, a company spokesperson called the claims "categorically false and absurd... WhatsApp has been end-to-end encrypted using the Signal protocol for a decade," the spokesperson said. "This lawsuit is a frivolous work of fiction, and we will pursue sanctions against plaintiffs' counsel."

An anonymous reader quotes a report from SecurityWeek: The White House has announced that software security guidance issued during the Biden administration has been rescinded due to "unproven and burdensome" requirements that prioritized administrative compliance over meaningful security investments. The US Office of Management and Budget (OMB) has issued Memorandum M-26-05 (PDF), officially revoking the previous administration's 2022 policy, 'Enhancing the Security of the Software Supply Chain through Secure Software Development Practices' (M-22-18), as well as the follow-up enhancements announced in 2023 (M-23-16).

The new guidance shifts responsibility to individual agency heads to develop tailored security policies for both software and hardware based on their specific mission needs and risk assessments. "Each agency head is ultimately responsible for assuring the security of software and hardware that is permitted to operate on the agency's network," reads the memo sent by the OMB to departments and agencies. "There is no universal, one-size-fits-all method of achieving that result. Each agency should validate provider security utilizing secure development principles and based on a comprehensive risk assessment," the OMB added.

While agencies are no longer strictly required to do so, they may continue to use secure software development attestation forms, Software Bills of Materials (SBOMs), and other resources described in M-22-18.

An anonymous reader shares a report: A hacking of the Nobel organization's computer systems is the most likely cause of last year's leak of Nobel Peace Prize laureate Maria Corina Machado's name, according to the results of an investigation [non-paywalled source]. An individual or a state actor may have illegally gained access in a cyber breach, the Norwegian Nobel Institute said on Friday after concluding an internal investigation assisted by security authorities.

The leak had triggered an unusual betting surge on Machado at the Polymarket platform hours before she was unveiled as the award recipient in October. The Venezuelan opposition leader hadn't previously been considered a favorite for the 2025 prize.

"We still think that the digital domain is the main suspect," said Kristian Berg Harpviken, director of the Oslo-based institute, an administrative arm of the Nobel Committee that awards the prize. The institute has decided against filing for a police investigation given "the absence of a clear theory," he said in an interview in Oslo.

Apple's call-screening feature, introduced in iOS 26 last year, was designed to combat the more than 2 billion robocalls placed to Americans every month, but as WSJ is reporting, it is now creating friction for the rich and powerful who find themselves subjected to automated interrogation when dialing from unrecognized numbers.

The feature uses an automated voice to ask unknown callers for their names and reasons for calling, transcribes the responses, and lets recipients decide whether to answer -- essentially giving everyone a pocket-sized executive assistant.

Venture capitalist Bradley Tusk said his first reaction when encountering call screening is irritation, though he understands the necessity given the spam problem. Ben Schaechter, who runs cloud-cost management company Vantage, said the feature "dramatically changed my life" after his personal number ended up in founding paperwork and attracted endless sales calls.

An anonymous reader quotes a report from Wired: Earlier this month, Joseph Thacker's neighbor mentioned to him that she'd preordered a couple of stuffed dinosaur toys for her children. She'd chosen the toys, called Bondus, because they offered an AI chat feature that lets children talk to the toy like a kind of machine-learning-enabled imaginary friend. But she knew Thacker, a security researcher, had done work on AI risks for kids, and she was curious about his thoughts.

So Thacker looked into it. With just a few minutes of work, he and a web security researcher friend named Joel Margolis made a startling discovery: Bondu's web-based portal, intended to allow parents to check on their children's conversations and for Bondu's staff to monitor the products' use and performance, also let anyone with a Gmail account access transcripts of virtually every conversation Bondu's child users have ever had with the toy.

Without carrying out any actual hacking, simply by logging in with an arbitrary Google account, the two researchers immediately found themselves looking at children's private conversations, the pet names kids had given their Bondu, the likes and dislikes of the toys' toddler owners, their favorite snacks and dance moves. In total, Margolis and Thacker discovered that the data Bondu left unprotected -- accessible to anyone who logged in to the company's public-facing web console with their Google username -- included children's names, birth dates, family member names, "objectives" for the child chosen by a parent, and most disturbingly, detailed summaries and transcripts of every previous chat between the child and their Bondu, a toy practically designed to elicit intimate one-on-one conversation. More than 50,000 chat transcripts were accessible through the exposed web portal. When the researchers alerted Bondu about the findings, the company acted to take down the console within minutes and relaunched it the next day with proper authentication measures.

"We take user privacy seriously and are committed to protecting user data," Bondu CEO Fateen Anam Rafid said in his statement. "We have communicated with all active users about our security protocols and continue to strengthen our systems with new protections," as well as hiring a security firm to validate its investigation and monitor its systems in the future.

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: Two security professionals who were arrested in 2019 after performing an authorized security assessment of a county courthouse in Iowa will receive $600,000 to settle a lawsuit they brought alleging wrongful arrest and defamation. The case was brought by Gary DeMercurio and Justin Wynn, two penetration testers who at the time were employed by Colorado-based security firm Coalfire Labs. The men had written authorization from the Iowa Judicial Branch to conduct "red-team" exercises, meaning attempted security breaches that mimic techniques used by criminal hackers or burglars.

The objective of such exercises is to test the resilience of existing defenses using the types of real-world attacks the defenses are designed to repel. The rules of engagement for this exercise explicitly permitted "physical attacks," including "lockpicking," against judicial branch buildings so long as they didn't cause significant damage. [...] DeMercurio and Wynn's engagement at the Dallas County Courthouse on September 11, 2019, had been routine. A little after midnight, after finding a side door to the courthouse unlocked, the men closed it and let it lock. They then slipped a makeshift tool through a crack in the door and tripped the locking mechanism. After gaining entry, the pentesters tripped an alarm alerting authorities.

Within minutes, deputies arrived and confronted the two intruders. DeMercurio and Wynn produced an authorization letter -- known as a "get out of jail free card" in pen-testing circles. After a deputy called one or more of the state court officials listed in the letter and got confirmation it was legit, the deputies said they were satisfied the men were authorized to be in the building. DeMercurio and Wynn spent the next 10 or 20 minutes telling what their attorney in a court document called "war stories" to deputies who had asked about the type of work they do. When Sheriff Leonard arrived, the tone suddenly changed. He said the Dallas County Courthouse was under his jurisdiction and he hadn't authorized any such intrusion. Leonard had the men arrested, and in the days and weeks to come, he made numerous remarks alleging the men violated the law. A couple months after the incident, he told me that surveillance video from that night showed "they were crouched down like turkeys peeking over the balcony" when deputies were responding. I published a much more detailed account of the event here. Eventually, all charges were dismissed.

Microsoft wants you to know that it knows that Windows 11, now used by a billion users, has been testing your patience and announced that its engineers are being redirected to urgently address the operating system's performance and reliability problems through an internal process the company calls "swarming."

"The feedback we're receiving from our community of passionate customers and Windows Insiders has been clear. We need to improve Windows in ways that are meaningful for people," Pavan Davuluri, president of Windows and devices, told The Verge. The company plans to spend the rest of 2026 focusing on pain points including system performance, reliability, and overall user experience.

January has been particularly rough for Windows 11. Microsoft issued an emergency out-of-band update to fix shutdown issues on some machines, then released a second out-of-band fix a week later to address OneDrive and Dropbox crashes. Some business PCs are also failing to boot after the January update because they were left in an "improper state" after December's monthly update failed to install. Users have also grown frustrated by aggressive Edge and Bing prompts, constant OneDrive upselling nags, and Microsoft's push to require Microsoft accounts.

The core members of the company's Windows Insider team recently moved to different roles. "Trust is earned over time and we are committed to building it back with the Windows community," Davuluri said.

joshuark shares a report from BleepingComputer: The FBI has seized the notorious RAMP cybercrime forum, a platform used to advertise a wide range of malware and hacking services, and one of the few remaining forums that openly allowed the promotion of ransomware operations. Both the forum's Tor site and its clearnet domain, ramp4u[.]io, now display a seizure notice stating, "The Federal Bureau of Investigation has seized RAMP."

While there has been no official announcement by law enforcement regarding this seizure, the domain name servers have now been switched to those used by the FBI when seizing domains. If so, law enforcement now has access to a significant amount of data tied to the forum's users, including email addresses, IP addresses, private messages, and other potentially incriminating information. In a forum post to the XSS hacking forum, one of the alleged former RAMP operators known as "Stallman" confirmed the seizure.

Amazon is discontinuing its Amazon One palm recognition ID system for stores later this year, the company informed users. From a report: The company will discontinue Amazon One services at retail businesses on June 3, 2026, according to a support page for the service and email messages to customers. "In response to limited customer adoption, we're discontinuing Amazon One, our authentication service for facility access and payment," an Amazon spokesperson said. "All customer data associated with Amazon One will be securely deleted after the service ends."

The move coincides with a sweeping pullback from Amazon's physical retail experiments. Amazon announced Tuesday that it's closing all of its Amazon Go and Amazon Fresh locations, a total of 72 stores nationwide, concentrating its efforts instead on its Whole Foods Market locations and grocery delivery from Amazon.com. Amazon One launched in 2020 as a way to help speed up in-store entry and payments, identifying customers who opted-in and eliminating the need for them to present a credit card to pay. It often worked in conjunction with the company's Just Walk Out technology, which uses cameras and sensors to let customers avoid using a checkout line.

There are reports that a legitimate Microsoft email address -- which Microsoft explicitly says customers should add to their allow list -- is delivering scam spam. ArsTechnica: The emails originate from no-reply-powerbi@microsoft.com, an address tied to Power BI. The Microsoft platform provides analytics and business intelligence from various sources that can be integrated into a single dashboard. Microsoft documentation says that the address is used to send subscription emails to mail-enabled security groups. To prevent spam filters from blocking the address, the company advises users to add it to allow lists.

According to an Ars reader, the address on Tuesday sent her an email claiming (falsely) that a $399 charge had been made to her. âoeIt provided a phone number to call to dispute the transaction. A man who answered a call asking to cancel the sale directed me to download and install a remote access application, presumably so he could then take control of my Mac or Windows machine (Linux wasn't allowed)," she said.

Online searches returned a dozen or so accounts of other people reporting receiving the same email. Some of the spam was reported on Microsoft's own website. Sarah Sabotka, a threat researcher at security firm Proofpoint, said the scammers are abusing a Power Bi function that allows external email addresses to be added as subscribers for the Power Bi reports. The mention of the subscription is buried at the very bottom of the message, where it's easy to miss.

An anonymous reader shares a report: Apple is being sued by Reincubate, which makes the Camo smartphone webcam app. It has filed a lawsuit against Apple in a U.S. federal court in New Jersey, accusing the company of anticompetitive conduct and patent infringement. The suit alleges that Apple copied Camo's technology, integrated similar features into iOS, and used control over its software ecosystem to disadvantage Reincubate's Camo product.

Reincubate's Camo and Camo Studio apps allow iOS or Android phones to function as webcams for Mac and PCs. The company launched Camo in 2020. In 2022, Apple introduced Continuity Camera, a feature that enables iPhones to serve as webcams for Macs but works only within Apple's device ecosystem. According to the lawsuit, Apple copied patented features from Camo and built them into iOS to "redirect user demand to Apple's own platform-tied offering."

A data breach at SoundCloud exposed information tied to 29.8 million user accounts, according to Have I Been Pwned. While SoundCloud says no passwords or financial data were accessed, attackers mapped email addresses to public profile data and later attempted extortion. BleepingComputer reports: The company confirmed the breach on December 15, following widespread reports from users who were unable to access SoundCloud and saw 403 "Forbidden" errors when connecting via VPN. SoundCloud told BleepingComputer at the time that it had activated its incident response procedures after detecting unauthorized activity involving an ancillary service dashboard. "We understand that a purported threat actor group accessed certain limited data that we hold," SoundCloud said. "We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles."

While SoundCloud didn't provide further details regarding the incident, BleepingComputer learned that the breach affected 20% of all SoundCloud users, roughly 28 million accounts based on publicly reported user figures (SoundCloud later published a security notice confirming the information provided by BleepingComputer's sources). After the breach, BleepingComputer also learned that the ShinyHunters extortion gang was responsible for the attack, with sources saying that the threat group was also attempting to extort SoundCloud. This was confirmed by SoundCloud in a January 15 update, which said the threat actors had "made demands and deployed email flooding tactics to harass users, employees, and partners."

An anonymous reader shares a report: Google on Tuesday announced an expanded set of Android theft-protection features, designed to make its mobile devices less of a target for criminals. Building on existing tools like Theft Detection Lock, Offline Device Lock, and others introduced in 2024, the newly launched updates include stronger authentication safeguards and enhanced recovery tools, the company said.

[...] With the new features, users of Android devices running Android 16 or higher will have more control over the Failed Authentication Lock feature that automatically locks the device after an excessive number of failed login attempts. Now users will have access to a dedicated on/off toggle switch in the device's settings. The devices will also offer stronger protection against a thief trying to guess a device owner's PIN, pattern, or password by increasing the lockout time after failed attempts. Plus, Identity Check, a feature rolled out for Android 15 and higher last year, now covers all features and apps that use biometrics -- like banking apps or the Google Password Manager.

Microsoft has quietly suppressed an unexplained anomaly on its network that was routing traffic destined for example.com -- a domain reserved under RFC2606 specifically for testing purposes and not obtainable by any party -- to sei.co.jp, a domain belonging to Japanese electronics cable maker Sumitomo Electric.

The misconfiguration meant anyone attempting to set up an Outlook account using an example.com email address could have inadvertently sent test credentials to Sumitomo Electric's servers. Under RFC2606, example.com resolves only to IP addresses assigned to the Internet Assigned Names Authority. Microsoft confirmed it has "updated the service to no longer provide suggested server information for example.com" and said it is investigating.

Security researcher Dan Tentler of Phobos Group noted the company appears to have simply removed the problematic endpoint rather than fixing the underlying routing -- "not found" errors now appear where the JSON responses previously occurred. Tinyapps.org, which noted the behavior earlier this month, said the misconfiguration had persisted for five years. Microsoft has not explained how Sumitomo Electric's domain entered its configuration. The incident follows 2024's revelation that a forgotten test account with admin privileges enabled Russia-state hackers to monitor Microsoft executives' email for two months.

Longtime Slashdot reader schwit1 shares a report from PCMag: A lawsuit claims that WhatsApp's end-to-end encryption is a sham, and is demanding damages, but the app's parent company, Meta, calls the claims "false and absurd." The lawsuit was filed in a San Francisco US district court on Friday and comes from a group of users based in countries such as Australia, Mexico, and South Africa, according to Bloomberg.

As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products."

"Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.
See also: "WhatsApp End-to-End Encryption Allegations Questioned By Some Security Experts, Lawyers."

An anonymous reader quotes a report from The Telegraph: China hacked the mobile phones of senior officials in Downing Street for several years, The Telegraph can disclose. The spying operation is understood to have compromised senior members of the government, exposing their private communications to Beijing. State-sponsored hackers are known to have targeted the phones of some of the closest aides to Boris Johnson, Liz Truss and Rishi Sunak between 2021 and 2024. It is unclear whether the hack included the mobile phones of the prime ministers themselves, but one source with knowledge of the breach said it went "right into the heart of Downing Street."

Intelligence sources in the US indicated that the Chinese espionage operation, known as Salt Typhoon, was ongoing, raising the possibility that Sir Keir Starmer and his senior staff may also have been exposed. MI5 issued an "espionage alert" to Parliament in November about the threat of spying from the Chinese state. [...] The attack raises the possibility that Chinese spies could have read text messages or listened to calls involving senior members of the Government. Even if they were unable to eavesdrop on calls, hackers may have gained access to metadata, revealing who officials were in contact with and how frequently, as well as geolocation data showing their approximate whereabouts.

Nike says it is investigating a potential data breach, after a group known for cyber attacks reportedly claimed to have leaked a trove of data related to its business operations. From a report: "We always take consumer privacy and data security very seriously," Nike said in a statement. "We are investigating a potential cyber security incident and are actively assessing the situation."

The ransomware group World Leaks said on its website that it had published 1.4 terabytes of data from Nike.

Trend Micro's Zero Day Initiative sponsored its third annual Pwn2Own Automotive competition in Tokyo this week, receiving 73 entries, the most ever for a Pwn2Own event.

"Under Pwn2Own rules, all disclosed vulnerabilities are reported to affected vendors through ZDI," reports Help Net Security, "with public disclosure delayed to allow time for patches." Infotainment platforms from Tesla, Sony, and Alpine were among the systems compromised during demonstrations. Researchers achieved code execution using techniques that included buffer overflows, information leaks, and logic flaws. One Tesla infotainment unit was compromised through a USB-based attack, resulting in root-level access. Electric vehicle charging infrastructure also received significant attention. Teams successfully demonstrated exploits against chargers from Autel, Phoenix Contact, ChargePoint, Grizzl-E, Alpitronic, and EMPORIA. Several attacks involved chaining multiple vulnerabilities to manipulate charging behavior or execute code on the device. These demonstrations highlighted how charging stations operate as network-connected systems with direct interaction with vehicles.
There's video recaps on the ZDI YouTube channel — apparently the Fuzzware.io researchers "were able to take over a Phoenix Contact EV charger over bluetooth."

Three researchers also exploited the Alpitronic's HYC50 fast-charging with a classic TOCTOU bug, according to the event's site, "and installed a playable version of Doom to boot." They earned $20,000 — part of $1,047,000 USD was awarded during the three-day event.

More coverage from SecurityWeek: The winner of the event, the Fuzzware.io team, earned a total of $215,500 for its exploits. The team received the highest individual reward: $60,000 for an Alpitronic HYC50 EV charger exploit delivered through the charging gun. ZDI described it as "the first public exploit of a supercharger".

CIO magazine reports that "the push toward in-person work environments will make it more difficult for IT leaders to retain and recruit staff, some experts say." "In addition to resistance, there would also be the risk of talent turnover," [says Lawrence Wolfe, CTO at marketing firm Converge]... "The truth is, both physical and virtual collaboration provide tremendous value...." IT workers facing work-from-office mandates are two to three times more likely than their counterparts to look for new jobs, according to Metaintro, a search engine that tracks millions of jobs. IT leaders hiring new employees may also face significant headwinds, with it taking 40% to 50% longer to fill in-person roles than remote jobs, according to Metaintro. "Some of the challenges CIOs face include losing top-tier talent, limiting the pool of candidates available for hire, and damaging company culture, with a team filled with resentment," says Lacey Kaelani, CEO and cofounder at Metaintro...

There are several downsides for IT leaders to in-person work mandates, [adds Lena McDearmid, founder and CEO of culture and leadership advisory firm Wryver], as orders to commute to an office can feel arbitrary or rooted in control rather than in value creation. "That erodes trust quickly, particularly in IT teams that proved they could deliver remotely for years," she adds. The mandates can also create new friction for IT leaders by requiring them to deal with morale issues, manage exceptions, and spend time enforcing policy instead of leading strategy, she says. "There's also a real risk of losing experienced, high-performing talent who have options and are unwilling to trade autonomy for proximity without a clear reason," McDearmid adds. "When companies mandate daily commutes without a clear rationale, they often narrow their talent pool and increase attrition, particularly among people who know they can work effectively elsewhere."
McDearmid has seen teams "sitting next to each other" who collaborate poorly "because decisions are unclear or leaders equate visibility with progress... Collaboration doesn't automatically improve just because people share a building."

And Rebecca Wettemann, CEO at IT analyst firm Valoir, warns of return-to-office mandates "being used as a Band-Aid for poor management. When IT professionals feel they're being evaluated based on badge swipes, not real accomplishments, they will either act accordingly or look to work elsewhere."

Thanks to Slashdot reader snydeq for sharing the article.

Early Friday "there were nearly 113 incidents of people reporting issues with Microsoft 365 as of 1:05 a.m. ET," reports Reuters. But that's down "from over 15,890 reports at its peak a day earlier, according to Downdetector." Reuters points out the outage affected antivirus software Microsoft Defender and data governance software Microsoft Purview, while CRN notes it also impacted "a number of Microsoft 365 services" including Outlook and Exchange online: During the outage, Outlook users received a "451 4.3.2 temporary server issue" error message when attempting to send or receive email. Users did not have the ability to send and receive email through Exchange Online, including notification emails from Microsoft Viva Engage, according to the vendor. Other issues that cropped up include an inability to send and receive subscription email through [analytics platform] Microsoft Fabric, collect message traces, search within SharePoint online and Microsoft OneDrive and create chats, meetings, teams, channels or add members in Microsoft Teams...

As with past cloud outages with other vendors, even after Microsoft fixed the issues, recovery efforts by its users to return to a normal state took additional time... Microsoft confirmed in a post on X [Thursday] at 4:14 p.m. ET that it "restored the affected infrastructure to a (healthy) state" but "further load balancing is required to mitigate impact...." The company reported "residual imbalances across the environment" at 7:02 p.m., "restored access to the affected services" and stable mail flow at 12:33 a.m. Jan. 23. At that time, Microsoft still saw a "small number of remaining affected services" without full service stability. The company declared impact from the event "resolved" at 1:29 p.m. Eastern. Microsoft sent out another X post at 8:20 a.m. asking users experiencing residual issues to try "clearing local DNS caches or temporarily lowering DNS TTL values may help ensure a quicker remediation...."

Microsoft said in an admin center update that [Thursday's] outage was "caused by elevated service load resulting from reduced capacity during maintenance for a subset of North America hosted infrastructure." Furthermore, Microsoft noted that during "ongoing efforts to rebalance traffic" it introduced a "targeted load balancing configuration change intended to expedite the recovery process, which incidentally introduced additional traffic imbalances associated with persistent impact for a portion of the affected infrastructure." US itek's David Stinner said it appears that Microsoft did not have enough capacity on its backup system while doing maintenance on its main system. "It looks like the backup system was overloaded, and it brought the system down while they were still doing maintenance on the main system," he said. "That is why it took so many hours to get back up and running. If your primary system is down for maintenance and your backup system fails due to capacity issues, then it is going to take a while to get your primary system back up and running."
"This was not Microsoft's first outage of 2026," the article notes, "with the vendor handling access issues with Teams, Outlook and other M365 services on Wednesday, a Copilot issue on Jan. 15 plus an Azure outage earlier in the month..."

An anonymous reader quotes a report from TechCrunch: Microsoft provided the FBI with the recovery keys to unlock encrypted data on the hard drives of three laptops as part of a federal investigation, Forbes reported on Friday. Many modern Windows computers rely on full-disk encryption, called BitLocker, which is enabled by default. This type of technology should prevent anyone except the device owner from accessing the data if the computer is locked and powered off.

But, by default, BitLocker recovery keys are uploaded to Microsoft's cloud, allowing the tech giant -- and by extension law enforcement -- to access them and use them to decrypt drives encrypted with BitLocker, as with the case reported by Forbes. The case involved several people suspected of fraud related to the Pandemic Unemployment Assistance program in Guam, a U.S. island in the Pacific. Local news outlet Pacific Daily News covered the case last year, reporting that a warrant had been served to Microsoft in relation to the suspects' hard drives.

Kandit News, another local Guam news outlet, also reported in October that the FBI requested the warrant six months after seizing the three laptops encrypted with BitLocker. [...] Microsoft told Forbes that the company sometimes provides BitLocker recovery keys to authorities, having received an average of 20 such requests per year.

An anonymous reader shares a report: The Apple supplier subject to a major cyberattack last month was China's Luxshare, it has now emerged. More than 1TB of confidential Apple information was reportedly stolen.

It was reported in December that one of Apple's assemblers suffered a significant cyberattack that may have compromised sensitive production-line information and manufacturing data linked to Apple. The specific company targeted, the scope of the breach, and its operational impact were unclear until now. The attack was first revealed on RansomHub's dark web leak site on December 15, 2025, where the group claimed it had encrypted internal Luxshare systems and exfiltrated large volumes of confidential data belonging to the company and its customers.

The attackers warned that the information would be publicly released unless Luxshare contacted them to negotiate, and accused the company of attempting to conceal the incident. According to the attackers' claims, the exfiltrated material includes vital files such as detailed 3D CAD product models and high-precision geometric files, 2D manufacturing drawings, mechanical component designs, circuit board layouts, and internal engineering PDFs. The group added that the large archives include Apple product data as well as information belonging to Nvidia, LG, Tesla, Geely, and other major clients.

Marcel Bucher, a professor of plant sciences at the University of Cologne in Germany, lost two years of carefully structured academic work in an instant when he temporarily disabled ChatGPT's "data consent" option in August to test whether the AI tool's functions would still work without providing OpenAI his data. All his chats were permanently deleted and his project folders emptied without any warning or undo option, he wrote in a post on Nature.

Bucher, a ChatGPT Plus subscriber paying $20 per month, had used the platform daily to draft grant applications, prepare teaching materials, revise publication drafts and create exams. He contacted OpenAI support, first receiving responses from an AI agent before a human employee confirmed the data was permanently lost and unrecoverable. OpenAI cited "privacy by design" as the reason, telling Nature it does provide a confirmation prompt before users permanently delete a chat but maintains no backups.

Bucher said he had saved partial copies of some materials, but the underlying prompts, iterations, and project folders -- what he describes as the intellectual scaffolding behind his finished work -- are gone forever.

alternative_right quotes a report from The Intercept: Federal prosecutors on January 9 charged Aurelio Luis Perez-Lugones, an IT specialist for an unnamed government contractor, with "the offense of unlawful retention of national defense information," according to an FBI affidavit (PDF). The case attracted national attention after federal agents investigating Perez-Lugones searched the home of a Washington Post reporter. But overlooked so far in the media coverage is the fact that a surprising surveillance tool pointed investigators toward Perez-Lugones: an office printer with a photographic memory. News of the investigation broke when the Washington Post reported that investigators seized the work laptop, personal laptop, phone, and smartwatch of journalist Hannah Natanson, who has covered the Trump administration's impact on the federal government and recently wrote about developing more than 1,000 government sources. A Justice Department official told the Post that Perez-Lugones had been messaging Natanson to discuss classified information. The affidavit does not allege that Perez-Lugones disseminated national defense information, only that he unlawfully retained it.

The affidavit provides insight into how Perez-Lugones allegedly attempted to exfiltrate information from a Secure Compartmented Information Facility, or SCIF, and the unexpected way his employer took notice. According to the FBI, Perez-Lugones printed a classified intelligence report, albeit in a roundabout fashion. It's standard for workplace printers to log certain information, such as the names of files they print and the users who printed them. In an apparent attempt to avoid detection, Perez-Lugones, according to the affidavit, took screenshots of classified materials, cropped the screenshots, and pasted them into a Microsoft Word document. By using screenshots instead of text, there would be no record of a classified report printed from the specific workstation. (Depending on the employer's chosen data loss prevention monitoring software, access logs might show a specific user had opened the file and perhaps even tracked whether they took screenshots).

Perez-Lugones allegedly gave the file an innocuous name, "Microsoft Word - Document1," that might not stand out if printer logs were later audited. In this case, however, the affidavit reveals that Perez-Lugones's employer could see not only the typical metadata stored by printers, such as file names, file sizes, and time of printing, but it could also view the actual contents of the printed materials -- in this case, prosecutors say, the screenshots themselves. As the affidavit points out, "Perez-Lugones' employer can retrieve records of print activity on classified systems, including copies of printed documents." [...] Aside from attempting to surreptitiously print a document, Perez-Lugones, investigators say, was also seen allegedly opening a classified document and taking notes, looking "back and forth between the screen corresponding the classified system and the notepad, all the while writing on the notepad." The affidavit doesn't state how this observation was made, but it strongly suggests a video surveillance system was also in play.

The Irish government is planning to bolster its police's ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use. From a report: The Communications (Interception and Lawful Access) Bill is being framed as a replacement for the current legislation that governs digital communication interception. The Department of Justice, Home Affairs, and Migration said in an announcement this week the existing Postal Packets and Telecommunications Messages (Regulation) Act 1993 "predates the telecoms revolution of the last 20 years."

As well as updating laws passed more than two decades ago, the government was keen to emphasize that a key ambition for the bill is to empower law enforcement to intercept of all forms of communications. The Bill will bring communications from IoT devices, email services, and electronic messaging platforms into scope, "whether encrypted or not."

In a similar way to how certain other governments want to compel encrypted messaging services to unscramble packets of interest, Ireland's announcement also failed to explain exactly how it plans to do this. However, it promised to implement a robust legal framework, alongside all necessary privacy and security safeguards, if these proposals do ultimately become law. It also vowed to establish structures to ensure "the maximum possible degree of technical cooperation between state agencies and communication service providers."/i

Google has temporarily disabled YouTube's advanced SRV3 caption format after discovering the feature was causing playback errors for some users, according to a statement the company posted. SRV3, also known as YouTube Timed Text, is a custom subtitle system Google introduced around 2018 that allows creators to use custom colors, transparency, animations, and precise text positioning. Creators cannot upload new SRV3 captions while the feature remains disabled, and existing videos that use the format may not display any captions until Google restores it. The company has provided no timeline for when SRV3 will return, and its forum post notes that changes should be temporary for "almost" all videos.

Ancient Slashdot reader jantangring shares a report from Swedish electronics industry news site Elektroniktidningen (translated to English), writing: "Open source code library cURL is removing the possibility to earn money by reporting bugs, hoping that this will reduce the volume of AI slop reports," reports etn.se. "Joshua Rogers -- AI wielding bug hunter of fame -- thinks it's a great idea." cURL maintainer Daniel Stenberg famously reported on the flood AI-generated bad bug reports last year -- "Death by a thousand slops." Now, cURL is removing the bounty payouts as of the end of January.

"We have to try to brake the flood in order not to drown," says cURL maintainer Daniel Stenberg [...]. "Despite being an AI wielding bug hunter himself, Joshua Rogers -- slasher of a hundred bugs -- thinks removing the bounty money is an excellent idea. [...] I think it's a good move and worth a bigger consideration by others. It's ridiculous that it went on for so long to be honest, and I personally would have pulled the plug long ago," he says to etn.se.

Signal Foundation president Meredith Whittaker warned that AI agents that autonomously carry out tasks pose a threat to encrypted messaging apps [non-paywalled source] because they require broad access to data stored across a device and can be hijacked if given root permissions.

Speaking at Davos on Tuesday, Whittaker said the deeper integration of AI agents into devices is "pretty perilous" for services like Signal. For an AI agent to act effectively on behalf of a user, it would need unilateral access to apps storing sensitive information such as credit card data and contacts, Whittaker said. The data that the agent stores in its context window is at greater risk of being compromised.

Whittaker called this "breaking the blood-brain barrier between the application and the operating system." "Our encryption no longer matters if all you have to do is hijack this context window," she said.