Privacy

Employee Monitoring App Leaks 21 Million Screenshots In Real Time (cybernews.com) 14

An anonymous reader quotes a report from Cybernews: Researchers at Cybernews have uncovered a major privacy breach involving WorkComposer, a workplace surveillance app used by over 200,000 people across countless companies. The app, designed to track productivity by logging activity and snapping regular screenshots of employees' screens, left over 21 million images exposed in an unsecured Amazon S3 bucket, broadcasting how workers go about their day frame by frame. The leaked data is extremely sensitive, as millions of screenshots from employees' devices could not only expose full-screen captures of emails, internal chats, and confidential business documents, but also contain login pages, credentials, API keys, and other sensitive information that could be exploited to attack businesses worldwide. After the company was contacted, access to the unsecured database was secured. An official comment has yet to be received.
Android

New Android Spyware Is Targeting Russian Military Personnel On the Front Lines (arstechnica.com) 17

An anonymous reader quotes a report from Ars Technica: Russian military personnel are being targeted with recently discovered Android malware that steals their contacts and tracks their location. The malware is hidden inside a modified app for Alpine Quest mapping software, which is used by, among others, hunters, athletes, and Russian personnel stationed in the war zone in Ukraine. The app displays various topographical maps for use online and offline. The trojanized Alpine Quest app is being pushed on a dedicated Telegram channel and in unofficial Android app repositories. The chief selling point of the trojanized app is that it provides a free version of Alpine Quest Pro, which is usually available only to paying users.

The malicious module is named Android.Spy.1292.origin. In a blog post, researchers at Russia-based security firm Dr.Web wrote: "Because Android.Spy.1292.origin is embedded into a copy of the genuine app, it looks and operates as the original, which allows it to stay undetected and execute malicious tasks for longer periods of time. Each time it is launched, the trojan collects and sends the following data to the C&C server:

- the user's mobile phone number and their accounts;
- contacts from the phonebook;
- the current date;
- the current geolocation;
- information about the files stored on the device;
- the app's version."

If there are files of interest to the threat actors, they can update the app with a module that steals them. The threat actors behind Android.Spy.1292.origin are particularly interested in confidential documents sent over Telegram and WhatsApp. They also show interest in the file locLog, the location log created by Alpine Quest. The modular design of the app makes it possible for it to receive additional updates that expand its capabilities even further.

EU

New Smartphone Labels For Battery Life and Repairability Are Coming To the EU (theverge.com) 31

The European Union has announced details of new mandatory labels for smartphones and tablets sold in the bloc, which include ratings for energy efficiency, durability, and repairability. From a report: Hardware will also have to meet new "ecodesign requirements" to be sold in the EU, including a requirement to make spare parts available for repair.

The labels, which will be required for any devices that go on sale from June 20th onwards, are similar to existing ones for home appliances and TVs. They display the product's energy efficiency rating, on a scale from A to G, along with battery life, the number of charge cycles the battery is rated for, letter grades for durability and repairability, and any applicable IP rating for protection from dust and water.

Security

Hackers Can Now Bypass Linux Security Thanks To Terrifying New Curing Rootkit (betanews.com) 36

BrianFagioli writes: ARMO, the company behind Kubescape, has uncovered what could be one of the biggest blind spots in Linux security today. The company has released a working rootkit called "Curing" that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.

At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these monitored calls by leaning on io_uring instead. This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms.

IT

UBS and Gartner Trim Smartphone, PC Forecasts Amid Tariff Fears (indiadispatch.com) 42

Analysts at UBS and Gartner have significantly reduced their growth forecasts for global PC and smartphone markets as a result of mounting pressures from trade tariffs and broader macroeconomic uncertainties that are expected to impact consumer demand through 2026. From a report: In a pair of research reports sent to their clients on Wednesday, UBS and Gartner revised down their global PC shipments forecast for 2025 and 2026 from previous estimates of 5% and 4% growth to just 2% for both years, citing the potential impact of trade policy and macroeconomic headwinds. The investment bank and Gartner also cut their global smartphone shipment growth forecast for 2025 to 1% (1,235 million units) from 2%, while reducing its 2026 projection from 1% growth to flat at 1,235 million units.

The outlook is particularly grim for the US market, which accounts for 24% of global PC units and 31% of global PC value. UBS expects the region to be disproportionately affected by tariff measures, projecting US PC demand could decline by 1.1% in 2025 before registering a modest 0.8% recovery in 2026, significantly underperforming compared to the mid-single-digit growth forecasts for other regions.

Crime

UN Says Asian Scam Call Center Epidemic Expanding Globally Amid Political Heat (theregister.com) 52

The UN warns that scam call centers, once concentrated in Southeast Asia, are rapidly expanding worldwide like a "cancer" as organized crime groups exploit weak governance in regions like Africa, South America, the Pacific Islands, and parts of Europe. The Register reports: Previous UN reports flagged growing activity in regions like South America and the Middle East. The latest update expands that scope, citing overseas crackdowns and evidence of scam operations tied to Southeast Asian crime syndicates in Africa, South Asia, select Pacific islands, and links to related criminal services -- such as laundering and recruitment -- as far as Europe, North America, and beyond. These spillover sites, as the UN calls them, allow Asian OCGs to expand their pool of victims by hiring/trafficking locals with different language skills and "dramatically scale up profits," according to the UN's latest report [PDF].

"We are seeing a global expansion of East and Southeast Asian organized crime groups," said Benedikt Hofmann, acting regional representative for Southeast Asia and the Pacific at the UN's Office on Drugs and Crime (UNODC). "This reflects both a natural expansion as the industry grows and seeks new ways and places to do business, but also a hedging strategy against future risks should disruption continue and intensify in the region." Previously, the hotspots for this type of activity have been in places like Myanmar, Cambodia, the Philippines, and Laos since 2021 when the UN and Interpol started tracking the phenomenon.

"It spreads like a cancer," Hofmann added. "Authorities treat it in one area, but the roots never disappear; they simply migrate. This has resulted in a situation in which the region has essentially become an interconnected ecosystem, driven by sophisticated syndicates freely exploiting vulnerabilities, jeopardizing state sovereignty, and distorting and corrupting policy-making processes and other government systems and institutions." The UN said these scam gangs typically relocate to jurisdictions with weak governance, allowing them to expand operations -- and rake in between $27.4 and $36.5 billion annually, according to estimates based on labour force size and average haul per scammer.

IT

Logitech Quietly Raises Prices By Up To 25% (9to5mac.com) 149

Logitech has quietly increased prices on several flagship products by as much as 25%, according to findings (video) by YouTuber Cameron Dougherty. The MX Master 3S mouse now costs $120, up 20% from its previous $100 price point, while the MX Keys S keyboard has jumped 18% to $130. The K400 Plus Wireless Touch keyboard saw the most dramatic percentage increase, rising from $28 to $35.

These price adjustments, implemented without formal announcement, come amid ongoing tariff pressures from the Trump administration affecting PC hardware manufacturers. Chinese electronics maker Anker also recently implemented similar increases, suggesting a broader industry trend.
Security

AI Hallucinations Lead To a New Cyber Threat: Slopsquatting 50

Researchers have uncovered a new supply chain attack called Slopsquatting, where threat actors exploit hallucinated, non-existent package names generated by AI coding tools like GPT-4 and CodeLlama. These believable yet fake packages, representing almost 20% of the samples tested, can be registered by attackers to distribute malicious code. CSO Online reports: Slopsquatting, as researchers are calling it, is a term first coined by Seth Larson, a security developer-in-residence at Python Software Foundation (PSF), for its resemblance to the typosquatting technique. Instead of relying on a user's mistake, as in typosquats, threat actors rely on an AI model's mistake. A significant number of packages, amounting to 19.7% (205,000 packages), recommended in test samples were found to be fakes. Open-source models -- like DeepSeek and WizardCoder -- hallucinated more frequently, at 21.7% on average, compared to the commercial ones (5.2%) like GPT 4. Researchers found CodeLlama ( hallucinating over a third of the outputs) to be the worst offender, and GPT-4 Turbo ( just 3.59% hallucinations) to be the best performer.

These package hallucinations are particularly dangerous as they were found to be persistent, repetitive, and believable. When researchers reran 500 prompts that had previously produced hallucinated packages, 43% of hallucinations reappeared every time in 10 successive re-runs, with 58% of them appearing in more than one run. The study concluded that this persistence indicates "that the majority of hallucinations are not just random noise, but repeatable artifacts of how the models respond to certain prompts." This increases their value to attackers, it added. Additionally, these hallucinated package names were observed to be "semantically convincing." Thirty-eight percent of them had moderate string similarity to real packages, suggesting a similar naming structure. "Only 13% of hallucinations were simple off-by-one typos," Socket added.
The research can found be in a paper on arXiv.org (PDF).
IT

Return-to-Office Policies Are Impacting Neurodivergent Workers (msn.com) 126

With more companies requiring workers to return to an office five days a week, "Anxiety is rising for some of the millions of people who identify as neurodivergent," writes the Washington Post.

They raise the possibility that "strict office mandates have the potential to deter neurodivergent people who may approach problems differently," the article notes — affecting peoiple "whose brains function differently, such as with ADHD, autism or dyslexia." While many neurodivergent people excel in an office, others struggle with sensory issues, an inability to focus and exhaustion, workers say... About a fifth of U.S. adults self-identify as neurodivergent, with a majority saying they always or usually feel that their brain works differently, according to a recent survey by research and analytics firm YouGov. They cite issues such as starting tasks before finishing others, being overwhelmed by social situations and struggling to focus...

Some neurodivergent workers discovered success working remotely during the pandemic and don't feel comfortable disclosing their diagnoses due to fear of and prior instances of discrimination. Sometimes being one of the few remote workers makes it easier to be forgotten.... Neurodivergent workers who spoke about their office struggles say even part-time remote work can be a game changer. They also wish leaders would seek input from them and trust them to get their work done.

AI

Famed AI Researcher Launches Controversial Startup to Replace All Human Workers Everywhere (techcrunch.com) 177

TechCrunch looks at Mechanize, an ambitious new startup "whose founder — and the non-profit AI research organization he founded called Epoch — is being skewered on X..." Mechanize was launched on Thursday via a post on X by its founder, famed AI researcher Tamay Besiroglu. The startup's goal, Besiroglu wrote, is "the full automation of all work" and "the full automation of the economy."

Does that mean Mechanize is working to replace every human worker with an AI agent bot? Essentially, yes. The startup wants to provide the data, evaluations, and digital environments to make worker automation of any job possible. Besiroglu even calculated Mechanize's total addressable market by aggregating all the wages humans are currently paid. "The market potential here is absurdly large: workers in the US are paid around $18 trillion per year in aggregate. For the entire world, the number is over three times greater, around $60 trillion per year," he wrote.

Besiroglu did, however, clarify to TechCrunch that "our immediate focus is indeed on white-collar work" rather than manual labor jobs that would require robotics...

Besiroglu argues to the naysayers that having agents do all the work will actually enrich humans, not impoverish them, through "explosive economic growth." He points to a paper he published on the topic. "Completely automating labor could generate vast abundance, much higher standards of living, and new goods and services that we can't even imagine today," he told TechCrunch.

TechCrunch wonders how jobless humans will produce goods — and whether wealth will simply concentrate around whoever owns the agents.

But they do concede that Besiroglu may be right that "If each human worker has a personal crew of agents which helps them produce more work, economic abundance could follow..."
Encryption

CA/Browser Forum Votes for 47-Day Cert Durations By 2029 (computerworld.com) 114

"Members of the CA/Browser Forum have voted to slash cert lifespans from the current one year to 47 days," reports Computerworld, "placing an added burden on enterprise IT staff who must ensure they are updated." In a move that will likely force IT to much more aggressively use web certificate automation services, the Certification Authority Browser Forum (CA/Browser Forum), a gathering of certificate issuers and suppliers of applications that use certificates, voted [last week] to radically slash the lifespan of the certificates that verify the ownership of sites.

The approved changes, which passed overwhelmingly, will be phased in gradually through March 2029, when the certs will only last 47 days.

This controversial change has been debated extensively for more than a year. The group's argument is that this will improve web security in various ways, but some have argued that the group's members have a strong alternative incentive, as they will be the ones earning more money due to this acceleration... Although the group voted overwhelmingly to approve the change, with zero "No" votes, not every member agreed with the decision; five members abstained...

In roughly one year, on March 15, 2026, the "maximum TLS certificate lifespan shrinks to 200 days. This accommodates a six-month renewal cadence. The DCV reuse period reduces to 200 days," according to the passed ballot. The next year, on March 15, 2027, the "maximum TLS certificate lifespan shrinks to 100 days. This accommodates a three-month renewal cadence. The DCV reuse period reduces to 100 days." And on March 15, 2029, "maximum TLS certificate lifespan shrinks to 47 days. This accommodates a one-month renewal cadence. The DCV reuse period reduces to 10 days."

The changes "were primarily pushed by Apple," according to the article, partly to allow more effective reactions to possible changes in cryptography.

And Apple also wrote that the shift "reduces the risk of improper validation, the scope of improper validation perpetuation, and the opportunities for misissued certificates to negatively impact the ecosystem and its relying parties."

Thanks to Slashdot reader itwbennett for sharing the news.
AI

Study Finds 50% of Workers Use Unapproved AI Tools 18

An anonymous reader quotes a report from SecurityWeek: An October 2024 study by Software AG suggests that half of all employees are Shadow AI users, and most of them wouldn't stop even if it was banned. The problem is the ease of access to AI tools, and a work environment that increasingly advocates the use of AI to improve corporate efficiency. It is little wonder that employees seek their own AI tools to improve their personal efficiency and maximize the potential for promotion. It is frictionless, says Michael Marriott, VP of marketing at Harmonic Security. 'Using AI at work feels like second nature for many knowledge workers now. Whether it's summarizing meeting notes, drafting customer emails, exploring code, or creating content, employees are moving fast.' If the official tools aren't easy to access or if they feel too locked down, they'll use whatever's available which is often via an open tab on their browser.

There is almost also never any malicious intent (absent, perhaps, the mistaken employment of rogue North Korean IT workers); merely a desire to do and be better. If this involves using unsanctioned AI tools, employees will likely not disclose their actions. The reasons may be complex but combine elements of a reluctance to admit that their efficiency is AI assisted rather than natural, and knowledge that use of personal shadow AI might be discouraged. The result is that enterprises often have little knowledge of the extent of Shadow IT, nor the risks it may present.
According to an analysis from Harmonic, ChatGPT is the dominant gen-AI model used by employees, with 45% of data prompts originating from personal accounts (such as Gmail). Image files accounted for 68.3%. The report also notes that 7% of empmloyees were using Chinese AI models like DeepSeek, Baidu Chat and Qwen.

"Overall, there has been a slight reduction in sensitive prompt frequency from Q4 2024 (down from 8.5% to 6.7% in Q1 2025)," reports SecurityWeek. "However, there has been a shift in the risk categories that are potentially exposed. Customer data (down from 45.8% to 27.8%), employee data (from 26.8% to 14.3%) and security (6.9% to 2.1%) have all reduced. Conversely, legal and financial data (up from 14.9% to 30.8%) and sensitive code (5.6% to 10.1%) have both increased. PII is a new category introduced in Q1 2025 and was tracked at 14.9%."
IBM

IBM Orders US Sales To Locate Near Customers or Offices (theregister.com) 31

IBM is mandating that U.S. sales and Cloud employees return to the office at least three days a week, with work required at designated client sites, flagship offices, or sales hubs. According to The Register, some IBM employees argue that these policies "represent stealth layoffs because older (and presumably more highly compensated) employees tend to be less willing to uproot their lives, and families where applicable, than the 'early professional hires' IBM has been courting at some legal risk." From the report: In a staff memo seen by The Register, Adam Lawrence, general manager for IBM Americas, billed the return-to-office for most stateside sales personnel as a "return to client initiative."Citing how "remarkable it is when our teams work side by side" at IBM's swanky Manhattan flagship office, unveiled in September 2024, Lawrence added IBM is investing in an Austin, Texas, office to be occupied in 2026.

Whether US sales staff end up working in NYC, Austin, or some other authorized location, Lawrence told them to brace for -- deep breath -- IBM's "new model" of "effective talent acquisition, deployment, and career progression." We're told that model is "centered on client proximity for those dedicated to specific clients, and anchored on core IBM locations for those dedicated to territories or those in above-market leadership roles." The program requires most IBM US sales staff "to work at least three days a week from the client location where their assigned territory decision-makers work, a flagship office, or a sales hub." Those residing more than 50 miles from their assigned location will be offered relocation benefits to move. Sales hubs are an option only for those with more than one dedicated account.

[...] IBM's office policy change reached US Cloud employees in an April 10 memo from Alan Peacock, general manager of IBM Cloud. Peacock set a July 1, 2025, deadline for US Cloud employees to work from an office at least three days per week, with relocating workers given until October 1, 2025. The employee shuffling has been accompanied by rolling layoffs in the US, but hiring in India -- there are at least 10x as many open IBM jobs in India as there are in any other IBM location, according to the corporation's career listings. And earlier this week, IBM said it "is setting up a new software lab in Lucknow," India.

IT

GoDaddy Registry Error Knocked Zoom Offline for Nearly Two Hours (theregister.com) 17

A communication error between GoDaddy Registry and Markmonitor took Zoom's services offline for almost two hours on Wednesday when GoDaddy mistakenly blocked the zoom.us domain. The outage affected all services dependent on the zoom.us domain.

GoDaddy's block prevented top-level domain nameservers from maintaining proper DNS records for zoom.us. This created a classic domain resolution failure -- when users attempted to connect to any zoom.us address, their requests couldn't be routed to Zoom's servers because the domain effectively disappeared from the internet's addressing system.

Video meetings abruptly terminated mid-session with browser errors indicating the domain couldn't be found. Zoom's status page (status.zoom.us) went offline, hampering communication efforts. Even Zoom's main website at zoom.com failed as the content delivery network couldn't reach backend services hosted on zoom.us servers. Customer support capabilities collapsed when account managers using Zoom's VoIP phones lost connectivity.

Resolution required coordinated effort between Zoom, Markmonitor, and GoDaddy to identify and remove the block. After service restoration, users needed to manually flush their DNS caches using command line instructions (including the sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder command for Mac users).
IT

Synology Locks Key NAS Features Behind Proprietary Drive Requirement (tomshardware.com) 108

Synology's upcoming Plus Series NAS systems will restrict full functionality to users who install the company's self-branded hard drives, Tom's Hardware is reporting, marking a significant shift in the consumer NAS market. While third-party drives will still work for basic storage, critical features including drive health monitoring, volume-wide deduplication, lifespan analysis, and automatic firmware updates will be disabled, the publication said.

The restriction doesn't apply to Synology's 2024 and older models, only affecting new Plus Series devices targeted at SMBs and advanced home users. Synology itself doesn't manufacture drives but rebrands HDDs from major manufacturers like Seagate, Western Digital, and Toshiba, often with custom firmware that functions as DRM. According to Synology, the change follows successful implementation in their enterprise solutions and will deliver "higher performance, increased reliability, and more efficient support." A workaround exists: users can initialize a non-Synology drive in an older Synology NAS and then migrate it to a new Plus model without restrictions.

Slashdot Top Deals