IT

This Factory Was Severely Short On Workers. Then It Offered Flexible Work. (npr.org) 3

"Flexible, app-based scheduling lets large pools of part-time workers choose four-hour shifts and even select the type of work they prefer," writes long-time Slashdot reader Tony Isaac. While the system started during the pandemic when factories faced severe labor shortages, the model is now "supplying hundreds of trained workers each week... while giving people — from retirees to sidejob hustlers to longtime employees — control over their hours."

NPR says it's attracting "people who may not be seeking a traditional career in the industry or even a 40-hour workweek," It's a change that manufacturers including Stanley Black & Decker and Georgia-Pacific are embracing... Today, in any given week, about 450 flexible workers — roughly half the pool — pick up shifts at the [GE Appliances] plant, with workers putting in an average of 24 hours a week. Their contributions have been key to GE Appliances' $180 million expansion of the Georgia plant, completed last year, which added 600 new jobs... [Darcy Duvall, the plant's director of human resources operations] has also come to see that many workers prize flexibility despite the significant trade-offs — like lower pay and almost no benefits. MyWorkChoice employees can opt into their own group healthcare plan, but few do... The flexible work option has also helped GE Appliances keep longtime employees with decades of experience on the job.
The Military

Russia Hacks Doorbell Cameras To Spy On NATO Bases (yahoo.com) 30

Dutch intelligence agencies say Russian hackers have been hijacking unsecured internet-connected cameras, including likely doorbell and security cameras, to spy on NATO military bases and transport routes used to move weapons to Ukraine. "Organisations with IP [internet protocol] cameras on these routes have now been warned so that they could take action," said the AIVD domestic security and MIVD military intelligence agencies. Targeted NATO member states include the Netherlands and Ukraine. The Telegraph reports: While the intelligence agencies did not specify the type of cameras hacked, the doorbell systems are frequently used by people to monitor their property from mobile phones. Hackers then use readily available apps to scan for devices that might be accessible. The Dutch investigation found that many of the cameras were unsecured, and "often have standard passwords, outdated firmware and standard configurations." They said: "When the IP camera is identified, the malicious party can attempt to access the IP camera via the internet. This is often relatively easy, because many IP cameras connected to the internet are insufficiently secure."

[...] The practice is now considered easier and cheaper than using drones and satellites to gather intelligence. It also aids operational surprise because most camera owners are blissfully unaware their devices have been penetrated by hackers. Ground-based cameras offer a unique perspective on the terrain, which isn't the case with conventional aerial-based spy kit.

Data Storage

macOS 28 Will Drop Support For Encrypted Mac OS Extended Volumes (9to5mac.com) 66

Starting with macOS 28, Apple will no longer support encrypted Mac OS Extended, or HFS+, volumes. Users will need to decrypt them or reformat them as APFS to keep using them. 9to5Mac reports: In a new support document, Apple explains that starting with macOS 28, "the Mac OS Extended file system format will be supported only for volumes (disks and other storage devices) that aren't encrypted." In practice, this means users who currently rely on encrypted HFS+ external drives or other encrypted legacy Mac-formatted volumes will need to "either decrypt or reformat any encrypted Mac OS Extended volumes."

Apple doesn't explain the reason for the change. Still, the move appears to be another step in Apple's transition to APFS, its file system with built-in encryption support, which replaced Mac OS Extended as the default Mac file system in macOS High Sierra. As a result of this change, Apple says that starting with macOS 26, Macs might notify users when they're using an encrypted Mac OS Extended disk that won't be compatible with macOS 28 or later.

According to the support page, "the notification will identify the volume by name." However, Apple says users can manually confirm whether a volume is both using Mac OS Extended format and encrypted by following these steps [...]. Apple adds that "macOS 28 and later will continue to support unencrypted volumes that use Mac OS Extended format," and notes "Mac OS Extended is also known as HFS Plus (or HFS+)."

AI

Is Big Tech Now Backpedaling on the AI Jobs Wipeout Scenario? (msn.com) 81

"A year ago, the message from many business leaders was that AI was going to wipe out jobs," remembers the Wall Street Journal.But "For the past month or so, tech CEOs have been striking a more optimistic tone." In late May, OpenAI Chief Executive Sam Altman — who has long predicted that AI will lead to seismic shifts in the workforce — said during a conference, "We've been roughly right on technological predictions and pretty wrong on the social and economic implications." Soon after, he told CNBC, "Our industry underestimated how much we're going to be able to keep people at the center of everything."

Anthropic CEO Dario Amodei, who warned in May 2025 that artificial intelligence could eliminate half of entry-level jobs, a year later highlighted more positive scenarios for AI-adopting businesses: "They can do the same thing with less resources, and that leads to things like layoffs, or they can do more with the same amount of resources. But that requires creativity...."

Is the sunnier outlook a move to win back customers and the public who are souring on AI's world-upending promise? Or is the role of AI in the workplace now just better understood...?

Collectively, the narrative has shifted from worker-light doomsday scenarios caused by AI to a future in which workers keep their jobs — and get a productivity boost. The sentiment change isn't limited to tech leaders: A survey by EY-Parthenon found that the percentage of CEOs who believe AI investments will result in significant reductions in head count fell from around 46% in January 2025 to just 20% this May. "They may have noticed that the labor market is genuinely not changing (i.e., imploding) as rapidly as they expected," said David Autor, a professor of economics at the Massachusetts Institute of Technology. "They may have realized it was simply bad business to say that your great new product will destroy the economy."

The article notes Amazon founder Jeff Bezos "has a history of predicting that AI will create new jobs," and in June said AI could even lead to a labor shortage. "When asked on CNBC in May about people being afraid of AI taking jobs, he said the reason they're afraid is because 'all these smart people keep saying that.'"

The article then adds that "Fewer people are saying it now."
AI

Big Companies That Invest Heavily in AI Also Hire More People, Report Suggests (techcrunch.com) 29

"Companies spending heavily on AI are growing headcount faster, even in the entry-level roles that many fear are doomed," writes TechCrunch. That's the conclusion of new report tracking AI spending from Ramp's corporate card/bill pay data as well as Revelio Labs' workforce records from 21,599 U.S. firms: According to the report, "high-intensity adopters" — firms that spend on average $30 per employee per month on AI in the first three months — saw headcount increase 10.2%. Headcount also rose across functions, including engineering, sales, administration, customer service, finance, marketing, and scientist roles. The strongest job growth among high-intensity adopters was in the information sector, which includes software, internet, media, and tech-adjacent firms.

Despite these positive signals, the data isn't as rosy as it seems. It skews heavily toward tech-forward, knowledge-work firms — ones that might have VC-backing and are growing fast anyway, making it difficult to say whether AI is contributing to the hiring or just showing up at companies that are expanding anyway. "This paper does not show that AI universally creates jobs," the paper's authors admit, "but it does counter claims that AI will lead to broad job losses."

It also counters claims that AI is killing all junior jobs. Recent research from Goldman Sachs found that AI has already erased about 16,000 net jobs per month over the past year, with Gen Z and entry-level workers taking the brunt of the burden. But in tech-forward firms, the report finds that entry-level headcount actually rose by 12%... "For software and technology firms, AI can make core output cheaper or faster to produce: writing code, debugging, building internal tools, producing technical documentation, and supporting product development," the report reads. "Lower production costs in these workflows can raise the return to expanding the whole firm, not just the engineering team."

But companies that buy subscriptions and run pilots, yet did not go on to make sustained investments, don't tend to see any gains in headcount, per the report. That sets up the potential for a widening gap between firms that have the resources — like capital, technical staff, founder networks, and management bandwidth — to turn AI adoption into actual business gains and those that are stuck experimenting with subscriptions. In other words, this report suggests that firms that already have the resources are the ones that will see the largest gains.

CNBC argues another AI "narrative" was challenged this week: that open source can't make money. "The assumption was that giving your model away for free meant no business. That's breaking too, as open-model companies start posting real revenue and enterprises move from renting AI to running their own."
Government

Are Wars Blurring Lines Between Corporate and National Security? (msn.com) 45

Subsea cables. Ukrainian power stations. Russian oil refineries. Even airports, water-desalination plants and Amazon data centers.

They've all become targets in wartime, notes the Wall Street Journal, and around the world now arguments "are already brewing between companies and governments over new regulations and potential costs." In Germany, powerful associations representing private companies and municipal utilities have pushed back against new standards for physical protection, warning they could spell financial ruin. New Zealand's government has faced resistance from industry groups over a proposal to fine critical-infrastructure companies and their directors for cybersecurity breaches... A sign of how lines are blurring: The North Atlantic Treaty Organization's 32 countries last year agreed that as part of a pact to spend 5% of economic output on defense and security, 1.5% would go to military-adjacent needs including protecting critical infrastructure and networks. Spending targets range from cybersecurity and industrial capacity to railroads, bridges and ports needed for military logistics... "We need a wide concept of defense — defense is no longer just military," said Italian Adm. Giuseppe Cavo Dragone, NATO's top military adviser.

Adding to the complexity, companies now need to protect the data networks that serve as gateways to critical infrastructure. Hackers increasingly target not just computer files to steal information but also systems managing vital functions like building access and factory control, remotely causing physical damage or enabling espionage. U.S. authorities in April warned that Iranian hackers were trying to disrupt American drinking-water systems by targeting computer equipment that connects hardware with software. A year earlier, suspected Russian hackers remotely manipulated valves on a Norwegian hydroelectric dam...

Another challenge will be parsing jurisdictions and liability for assets that cross international waters or are damaged in combat — such as subsea data cables or energy pipelines. Turf battles between law enforcement and militaries are already complicating efforts... "The private owner can invest in redundancy, monitoring, and repair capacity, but only governments and militaries can really deter, patrol, attribute, or respond to hostile state activity," said Marc Glasser, who worked on cybersecurity and infrastructure security for three decades at the U.S. Department of Transportation and the Department of Homeland Security.... Companies say they need greater clarity from governments on what protections they will provide and subsidies to help them defend privately owned assets that provide a public good. Most governments don't provide incentives for companies to invest more than the minimum legal resilience requirements.

The article notes that in May the chief executive of California's Port of Long Beach "launched a cyber-defense operations center to thwart tens of thousands of cyberattacks daily, which jeopardize computer systems and all equipment connected to them."

The article also points out that the EU adopted new regulations requiring countries to reduce vulnerabilities, and new laws proposed in the U.K. now "seek to increase penalties for subsea sabotage, updating codes that date to when telegraph cables were first laid in the 19th century."
AI

Decades-Old Bash Tricks Expose AI Coding Agents To Supply Chain Attacks (securityweek.com) 26

Slashdot reader wiredmikey writes: AI security researchers have uncovered a structural security flaw dubbed GuardFall that allows decades-old Bash shell tricks to bypass safeguards in most open source AI coding agents. By exploiting shell behaviors such as quote removal and variable expansion, attackers can hide malicious commands in repositories, README files, Makefiles, or other content consumed by AI agents. If executed — particularly in auto-approve or CI environments—the commands can steal credentials, compromise developer systems, or enable software supply chain attacks. According to researchers at Adversa AI, the 11 popular open source AI coding agents tested, only one successfully blocked all of the Bash trick techniques.
Desktops (Apple)

New PamStealer macOS Malware Uses Clever Tradecraft To Remain Stealthy (arstechnica.com) 38

An anonymous reader quotes a report from Ars Technica: Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The first is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It's compiled as AppleScript that is notable for the way it delivers the second stage. The malware is named PamStealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the target's login password before sending it to an attacker-controlled server.

[...] PamStealer shows a native password prompt designed to resemble a system authorization request. Text that appears with the prompt says: "Maccy wants to make changes. Enter your password to allow this." As noted earlier, once a target complies, the malware validates it locally through the PAM API. "This check is done entirely through PAM: there is no call out to dscl, security, osascript or any spawned process to verify the password, as many commodity macOS stealers do," [said Jamf, a security firm for macOS users]. "The result is a quieter routine that keeps only a verified password, and one fewer process chain for defenders to detect on."

If the validation fails, PamStealer displays the prompts again until it receives the correct one. Once the target enters the correct password, PamStealer displays a message stating that the file is damaged and can't be installed. This is designed to be a decoy to prevent the target from suspecting anything is amiss. The malware uses tactics to maximize the information it can steal. One tactic is to request the target grant full disk access to the fake Maccy app. It also contains code designed to access ethereum accounts. The various techniques -- particularly the Script Editor lure, a self-contained JXA dropper, a Rust-based second stage, and local validation of credentials through PAM are all noteworthy.

Security

AI Agent Executes 'First' End-To-End Ransomware Attack 36

Sysdig says it has documented the first ransomware attack carried out end to end by an AI agent, which autonomously exploited exposed systems, stole credentials, established persistence, compromised a production database, and destroyed data. The research team named the attacker "JadePuffer" and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248. "The most striking characteristic, however, was the LLM's behavior," Sysdig director of threat research Michael Clark said in a blog post. An anonymous reader quotes an excerpt from The Register: JadePuffer's "self-narrating" payloads "contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don't often write but LLM-generated code produces reflexively," Clark added. "The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds." After exploiting CVE-2025-3248, a missing authentication vulnerability in Langflow that allows remote, unauthenticated attackers to execute arbitrary Python on the host, the AI agent began scanning for and collecting secrets, including LLM provider API keys, cloud credentials "with explicit coverage of Chinese providers" including Alibaba, Aliyun, Tencent, and Huawei, while also scanning for AWS, Azure and Google Cloud Platform, cryptocurrency wallets, and database credentials.

The AI also installed a crontab entry on the Langflow server to maintain persistence and call back to the attacker's infrastructure every 30 minutes. JadePuffer's intended target was a separate internet-exposed production server running a MySQL database and an Alibaba Nacos configuration service, we're told. Nacos is an open-source service-discovery and dynamic configuration platform developed by Alibaba and used in the cloud provider's microservices applications. The agent connected to the server's exposed MySQL port using root credentials, although Sysdig doesn't know how the attacker obtained them. These credentials weren't stolen from the victim's environment.

JadePuffer then attacked Nacos via multiple vectors including an authorization bypass flaw (CVE-2021-29441) and forging a valid JSON web token (JWT) using Nacos's default signing key. Additionally, using its root database access, the LLM injected a backdoor administrator into the Nacos backing database. It ultimately encrypted all 1,342 Nacos service configuration items using MySQL's built-in AES encryption function, and created an extortion demand, ransom note, Bitcoin payment address, and a Proton Mail contact [...]. However, according to the threat hunters, the victim can't recover the encrypted data, even if they paid the ransom demand, because the agent escalated "from row-level deletion to dropping entire database schemas, narrating its own targeting rationale," without backing up any of the encrypted data.
Security

Apple iPhone 18 Details Leaked In Tata Data Breach (yahoo.com) 13

"Another breach at Tata has leaked details about Apple's iPhone 18, along with documents belonging to several other Tata clients," writes Longtime Slashdot reader Ritz_Just_Ritz. "It's becoming a recurring theme for the company." Reuters reports: Reuters has previously reported the Tata Electronics leak of more than 200,000 files on the dark web by World Leaks had files with purported component design papers of older iPhones and some parts of Tesla -- both Tata clients. They also included documents of Taiwan Semiconductor Manufacturing Co and Qualcomm, both of which make parts used in iPhones. New documents reviewed by Reuters show there are at least six files that map many components in the iPhone 18 Pro models to the specific company that supplies them. These include details of chips on its main circuit board and parts of the battery and cameras.

Apple considers this detail sensitive and is concerned about the documents being shared on the dark web as they relate to unreleased models, according to the person familiar with the matter. The data maps suppliers to iPhone parts, which Apple does not disclose in its public database of suppliers, the person added. In all, the documents detail hundreds of parts to be on the upcoming iPhone 18 Pro models. The records also show where Apple draws a part from several suppliers and where it relies on just a few, laying bare both its bargaining leverage and its vulnerabilities.
More broadly, the leak threatens Apple's trust in Tata just as Tata is becoming central to its effort to shift iPhone production away from China. With India expected to produce roughly a quarter of the world's iPhones in 2026, any deterioration in that relationship could complicate Apple's diversification strategy and force tighter security controls across its suppliers.
AI

Ex-Governors, Big Tech Launch Coalition To Help Workers 'Navigate the AI Economy' (nytimes.com) 92

"Amid growing public anger over A.I. and a debate over how to regulate it, a group of employers, state governors and foundations has raised $500 million to try to answer some of those questions themselves," reports the New York Times.

"Just how many jobs will AI upend?" asks the Wall Street Journal, reporting that the new coalition says it's time to ready the U.S. workforce for a "major" disruption — no matter how large it turns out to be. The coalition "has so far raised more than $500 million — about half of its multiyear goal — from companies and nonprofit groups. It will initially work with state governments in Arkansas, Maryland, Utah and Connecticut. OpenAI and Anthropic are also involved, and academics including MIT economist David Autor sit on an advisory board." [The new "RAISE US" coalition] will be led by former Commerce Secretary Gina Raimondo, who served under former President Joe Biden, and former Indiana Gov. Eric Holcomb, a Republican. Its mandate, they said, isn't just to build retraining programs but also to reconsider decades-old policies such as unemployment insurance and act as a working lab for testing the most effective ways to transition workers to new fields. The group will explore corporate incentives for employers to hold on to workers whose jobs are disrupted by AI and prep them for new roles... The mission of the group is to "pull all the levers at once," Raimondo said. That means teaming up with employers to find ways to help workers gain skills or new roles and joining with educators to roll out different types of training. It also plans to propose policy changes such as tweaking unemployment benefits to let displaced workers continue to get them while they, for instance, start new businesses with AI... In Maryland, the group plans to expand a service-year option in the state to help people gain exposure to such growing fields as healthcare. An effort in Arkansas will focus on supporting "an AI-powered career navigation platform."
More from New York Times: The organization will work primarily with governors... The theory: States generally control their community college systems, which can translate work force policy through course offerings and industry partnerships. The bulk of the budget will fund pilot programs overseen by about 15 staff members and consultants. For example, Maryland will expand a "service year" for recent high school graduates to provide experience in fields where there are shortages, such as health care. In other states, Raise Us hopes to offer "wage insurance" for workers who take lower-paying jobs rather than dropping out of the work force entirely.

The group plans to furnish technical assistance for companies that want to retain workers as A.I. changes their roles, rather than eliminating them. Microsoft, one of the companies backing the organization, said it had already found a promising model: cross-training its entry-level lawyers in different parts of the organization and equipping them with A.I. skills in order for them to be repositioned as technology evolves. "You can think of doing that with almost any job we have," said Brad Smith, vice chair and president at Microsoft. "It creates an opportunity to transfer people from jobs that are being eliminated to jobs that are being created...."

Ms. Raimondo and her colleagues are not fans of a universal basic income, an idea that has gained popularity in Silicon Valley as an answer to job disruption. They emphasize that work provides more than just wages, and plan to focus on helping people find pathways to new jobs. But it's unclear whether A.I. will create jobs at the rate that it will destroy them. Jack Malde studied work force policy for the Bipartisan Policy Center and is now going to work for the Windfall Trust, another A.I.-focused think tank. He said long-term income support might be necessary, even if better models for transitioning workers were found. "The truth is, there's still a lot of uncertainty," Mr. Malde said. "What we think is resilient now might not be resilient later. We're not going to get everything right, so we're going to need those strong safety-net programs."

Long-time Slashdot reader theodp writes: If you think you've seen this movie before, prior to "partnering with governors, employers, and training partners to help the American workforce make a successful transition to an AI economy" with RAISE US, Raimondo and Holcomb partnered with governors, employers and training partners to help U.S. K-12 students make a successful transition to a CS economy with the Governors for Computer Science coalition.
AI

Developer AI Token Costs Could Exceed Their Salaries in Two Years (infoworld.com) 128

"Enterprises may soon be paying as much for their developers' AI token usage as they do for their salaries," writes InfoWorld: According to Gartner, these costs will meet, or even exceed, the typical software engineer's monthly salary within the next two years. This is not only because developers are increasingly adopting generative AI and agentic tools, it reflects a trend toward consumption-based licensing models as vendors balance infrastructure investments with profitability...

Gartner senior principal analyst Nitish Tyagi explained that it's important to note that Gartner's prediction is based on a global average salary of $2,000 per month; it doesn't mean AI token usage will exceed all salaries. For instance, in the US, yearly pay rates can be six digits or more. However, that kind of spend is not out of the realm of possibility, Tyagi emphasized. "I have heard scary numbers like 'My developer consumed $20K last month,' or 'A business user consumed $32K'."

If these amounts sound shocking, that's the point. "The goal is to alarm the industry about the impact of token cost if it is not governed and controlled," he said... AI coding vendors have yet to deliver "mature, built-in cost optimization capabilities," Tyagi said, and prices will likely only continue to rise as vendors further build out their models while at the same time trying to remain profitable. Thus, enterprises struggle to forecast and control costs, and, because AI is moving so fast, many organizations lack the "maturity and frameworks" to determine ROI, he noted. Agent-driven workflows are difficult to govern, context windows become bloated, budgets are wiped out earlier than anticipated, and token spend becomes hard to justify....

"Without a governed engineering operating model, costs can escalate faster than the productivity gains these tools are designed to deliver," Tyagi said.

AI

Trump Administration Asks OpenAI To Stagger Release of New Model 64

The Trump administration has reportedly asked OpenAI to stagger the release of GPT-5.6 over security concerns. The model will initially be offered to a small group of partners, with the government "approving access customer by customer during this preview period," reports The Information. The request came from conversations with the Office of the National Cyber Director and the Office of Science and Technology Policy, the report said.
AI

Linux Foundation Launches Akrites To Coordinate AI-Driven Open Source Security (nerds.xyz) 17

BrianFagioli writes: The Linux Foundation has announced Akrites, a new initiative to coordinate vulnerability disclosure and remediation for critical open source software as AI dramatically speeds up vulnerability discovery. Founding members include AWS, Google, Microsoft, OpenAI, Red Hat, NVIDIA, IBM, Cisco, JPMorganChase, and others. Akrites will provide a shared Security Incident Response Team (SIRT), a standardized coordinated vulnerability disclosure process, and act as a "maintainer of last resort" for abandoned but widely used packages.

The goal is to reduce duplicate reports, avoid conflicting patches, and help upstream maintainers address vulnerabilities before they can be exploited. As AI makes it easier to find security flaws, can a coordinated industry effort help protect open source, or does it risk giving large corporations too much influence over the ecosystem?
"Akrites is the largest coordinated effort in history to create systems and deploy tooling that leverages the collective power of the community to make everyone safer," the Linux Foundation said in an open letter. "Akrites participants will contribute engineering resources; work to build and ship fixes; or fund the engineers who do. Some companies have contributed mightily already. The reality is, collectively, we need to contribute more."
Privacy

LastPass Says Hackers Stole Customer Support Case Data During Klue Breach (techcrunch.com) 22

LastPass says hackers stole customers' personal information, support case records, and sales data by breaching market research partner Klue. The password manager told TechCrunch that its own systems and password vaults were unaffected. However, the hackers used their access to obtain "reams of data about LastPass customers," the report says. From the report: In a blog post that shared information about the incident, LastPass said the hackers took customers' names, phone numbers, email addresses, and physical addresses, as well as customer support case data and sales-related data. It's not yet known what was in the contents of customer support tickets, although they likely contain fragments of potentially private or sensitive information. Customers typically contact customer service when they are having a billing issue or need assistance in gaining access to their accounts. Past incidents involving customer support tickets have included credentials and government-issued identity documents. The last data breach LastPass reported was in 2022, when hackers stole the company's entire store of customer password vaults.

Slashdot Top Deals