An anonymous reader quotes a report from BleepingComputer: Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. Last week, a person named 'rose87168' claimed to have breached Oracle Cloud servers and began selling the alleged authentication data and encrypted passwords of 6 million users. The threat actor also said that stolen SSO and LDAP passwords could be decrypted using the info in the stolen files and offered to share some of the data with anyone who could help recover them.

The threat actor released multiple text files consisting of a database, LDAP data, and a list of 140,621 domains for companies and government agencies that were allegedly impacted by the breach. It should be noted that some of the company domains look like tests, and there are multiple domains per company. In addition to the data, rose87168 shared an Archive.org URL with BleepingComputer for a text file hosted on the "login.us2.oraclecloud.com" server that contained their email address. This file indicates that the threat actor could create files on Oracle's server, indicating an actual breach. However, Oracle has denied that it suffered a breach of Oracle Cloud and has refused to respond to any further questions about the incident.

"There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data," the company told BleepingComputer last Friday. This denial, however, contradicts findings from BleepingComputer, which received additional samples of the leaked data from the threat actor and contacted the associated companies. Representatives from these companies, all who agreed to confirm the data under the promise of anonymity, confirmed the authenticity of the information. The companies stated that the associated LDAP display names, email addresses, given names, and other identifying information were all correct and belonged to them. The threat actor also shared emails with BleepingComputer, claiming to be part of an exchange between them and Oracle.

According to the Financial Times, Fidelity Investments is in advanced stages of developing its own stablecoin. Binance reports: The Boston-based financial services giant plans for the token to serve as a form of digital cash, according to the report, which cites two people close to the matter. The token would form part of company's strategy to enter the tokenized government bonds market. Stablecoins are a cryptocurrency whose value is pegged to a real-world asset such as the U.S. dollar or gold. They provide a convenient way for crypto traders to preserve their fiat value without having to cash out of the market.

The news emerges just days after Fidelity filed paperwork to register a blockchain-based version of its U.S. dollar money market fund. The company seeks to register an "OnChain" share class of its Treasury Digital Fund (FYHXX), which holds cash and U.S. Treasury securities and is available only to Fidelity's hedge fund and institutional clients. A Fidelity stablecoin could fill the role of cash in this fund. The report comes a day after World Liberty Financial, a crypto venture backed by Donald Trump and his family, launched a U.S. dollar-pegged stablecoin called USD1.

Here's one more reason to cling to a steady job: It doesn't pay to quit. From a report: Typically workers who snag a new position see higher pay bumps than those holding down the same job. But in February, median wage growth of 4.4% for job stayers surpassed a 4.2% gain for job switchers, according to data from the Federal Reserve Bank of Atlanta. The change, as measured by a three-month moving average, is yet another sign of a softening labor market. White collar workers have been clinging to their jobs in the face of widespread layoffs and workplace reductions. Last month, employers announced the fastest pace of job cuts since 2020, when factoring in government job losses. And now an oversupply of job seekers means workers are having to settle for smaller pay bumps, said Peter Cappelli, a professor of management at The Wharton School of the University of Pennsylvania.

"That certainly sounds like a big slackening of the job market," Cappelli said. It's a major reversal from the "Great Resignation" a few years ago, when workers left their jobs at unprecedented rates, demanding more benefits and higher pay from employers. At a peak in July 2022, workers who got new jobs saw their wages grow by a whopping 8.5% compared to 5.9% for those who stayed loyal to their company, Atlanta Fed data show.

A U.S. appeals court has ruled that Apple cannot participate in Google's upcoming antitrust trial, potentially jeopardizing a $20 billion annual deal between the tech giants. The DC Circuit Court of Appeals affirmed that Apple waited too long to join the proceedings, filing its request 33 days after the government proposed remedies in the case Google lost last August.

"The delay seems difficult to justify," the judges ruled. While Apple can still submit written testimony and file friend-of-court briefs, it cannot present evidence or cross-examine witnesses as it had sought. At stake is Google's practice of paying Apple approximately $20 billion annually to remain the default search engine in Safari browsers across Apple devices. The government's proposed remedies would make such arrangements impermissible.

An anonymous reader shares a Bloomberg column: Worries over China's "3D" problem -- that deflation, debt and demographics are structurally hampering growth -- are melting away. Instead, investors are talking about how the world's second-largest economy can take on the US and challenge its technological dominance. There is the prevailing sense that China's "engineer dividend" is finally paying off. Between 2000 and 2020, the number of engineers has ballooned from 5.2 million to 17.7 million, according to the State Council. That reservoir can help the nation move up the production possibility frontier, the thinking goes.

In a way, DeepSeek shouldn't have come as a surprise. Size matters. A bigger talent pool alone gives China a better chance to disrupt. In 2022, 47% of the world's top 20th percentile AI researchers finished their undergraduate studies in China, well above the 18% share from the US, according to data from the Paulson Institute's in-house think tank, MacroPolo. Last year, the Asian nation ranked third in the number of innovation indicators compiled by the World Intellectual Property Organization, after Singapore and the US. What this also means is that innovative breakthroughs can pop out of nowhere. [...]

More importantly, China's got the cost advantage. Those under the age of 30 account for 44% of the total engineering pool, versus 20% in the US, according to data compiled by Kaiyuan Securities. As a result, compensation for researchers is only about one-eighth of that in the US. Credit must be given to President Xi Jinping for his focus on higher education as he seeks to upgrade China's value chain. These days, roughly 40% of high-school graduates go to universities, versus 10% in 2000. Meanwhile, engineering is one of the most popular majors for post-graduate studies. It's a welcome reprieve for a government that has been struggling with a shrinking population.

It's "live-recording the World Wide Web," according to NPR, with a digital library that includes "hundreds of billions of copies of government websites, news articles and data."

They described the 29-year-old nonprofit Internet Archive as "more relevant than ever." Every day, about 100 terabytes of material are uploaded to the Internet Archive, or about a billion URLs, with the assistance of automated crawlers. Most of that ends up in the Wayback Machine, while the rest is digitized analog media — books, television, radio, academic papers — scanned and stored on servers. As one of the few large-scale archivists to back up the web, the Internet Archive finds itself in a particularly unique position right now... Thousands of [U.S. government] datasets were wiped — mostly at agencies focused on science and the environment — in the days following Trump's return to the White House...

The Internet Archive is among the few efforts that exist to catch the stuff that falls through the digital cracks, while also making that information accessible to the public. Six weeks into the new administration, Wayback Machine director [Mark] Graham said, the Internet Archive had cataloged some 73,000 web pages that had existed on U.S. government websites that were expunged after Trump's inauguration...

According to Graham, based on the big jump in page views he's observed over the past two months, the Internet Archive is drawing many more visitors than usual to its services — journalists, researchers and other inquiring minds. Some want to consult the archive for information lost or changed in the purge, while others aim to contribute to the archival process.... "People are coming and rallying behind us," said Brewster Kahle, [the founder and current director of the Internet Archive], "by using it, by pointing at things, helping organize things, by submitting content to be archived — data sets that are under threat or have been taken down...."

A behemoth of link rot repair, the Internet Archive rescues a daily average of 10,000 dead links that appear on Wikipedia pages. In total, it's fixed more than 23 million rotten links on Wikipedia alone, according to the organization.
Though it receives some money for its preservation work for libraries, museums, and other organizations, it's also funded by donations. "From the beginning, it was important for the Internet Archive to be a nonprofit, because it was working for the people," explains founder Brewster Kahle on its donations page: Its motives had to be transparent; it had to last a long time. That's why we don't charge for access, sell user data, or run ads, even while we offer free resources to citizens everywhere. We rely on the generosity of individuals like you to pay for servers, staff, and preservation projects. If you can't imagine a future without the Internet Archive, please consider supporting our work. We promise to put your donation to good use as we continue to store over 99 petabytes of data, including 625 billion webpages, 38 million texts, and 14 million audio recordings.
Two interesting statistics from NPR's article:

• "A Pew Research Center study published last year found that roughly 38% of web pages on the internet that existed in 2013 were no longer accessible as of 2023."

• "According to a Harvard Law Review study published in 2014, about half of all links cited in U.S. Supreme Court opinions no longer led to the original source material."

Thanks to long-time Slashdot reader jtotheh for sharing the news.

Reuters reported this week that several U.S. national security agencies "have halted work on a coordinated effort to counter Russian sabotage, disinformation and cyberattacks..." The plan was led by the president's National Security Council (NSC) and involved at least seven national security agencies working with European allies to disrupt plots targeting Europe and the United States, seven former officials who participated in the working groups told Reuters... [S]ince Trump took office on January 20 much of the work has come to a standstill, according to eleven current and former officials, all of whom requested anonymity to discuss classified matters... Regular meetings between the National Security Council and European national security officials have gone unscheduled, and the NSC has also stopped formally coordinating efforts across U.S. agencies...

The FBI last month ended an effort to counter interference in U.S. elections by foreign adversaries including Russia and put on leave staff working on the issue at the Department of Homeland Security. The Department of Justice also disbanded a team that seized the assets of Russian oligarchs... Department of Homeland Security Assistant Secretary Tricia McLaughlin told Reuters the agency had placed on administrative leave personnel working on misinformation and disinformation on its election security team, without elaborating further.

Wired's web site "is going to stop paywalling articles that are primarily based on public records obtained through the Freedom of Information Act," their global editorial director announced this week: They're called public records for a reason, after all. And access to public documents is more important than ever at this moment, with government websites and records disappearing... [S]ome may argue that, from a business standpoint, not charging for stories primarily relying on public records automatically means fewer subscriptions and therefore less revenue. We disagree.

Sure, the FOIA process is time- and labor-intensive. Reporters face stonewalling, baseless denials, lengthy appeals processes, and countless other obstacles and delays. Investigative reports based on public records are among the most expensive stories to produce and share with the public... But while some readers might not subscribe to outlets that give away some of their best journalism for free, it's just as possible that readers will recognize this sacrifice and reward these outlets with more traffic and subscriptions in the long run...

We hope others will follow Wired's lead (and shoutout to outlets like 404 Media that also make their FOIA-based reporting available for free). We also hope those who stand to benefit from these outlets' leadership (that's you, reader) will do their part and subscribe if you can afford it. They're not asking for an arm and a leg... The Fourth Estate needs to step up and invest in serving the public during these unprecedented times. And the public needs to return the favor and support quality journalism, so that hopefully one day we can do away with those annoying paywalls altogether.

NASA is considering "closing its headquarters and scattering responsibilities among the states," reports Politico, citing two people familiar with the plan. "The proposal could affect up to 2,500 jobs and redistribute critical functions, including who manages space exploration and organizes major science missions." While much of the day-to-day work occurs at NASA's 10 centers, the Washington office plays a strategic role in lobbying for the agency's priorities in Congress, ensuring the White House supports its agenda and partnering with foreign countries on critical space projects. Some of the headquarter's offices might remain in Washington, the people said, but it's not clear which ones those would be or who would keep their jobs...

One of the biggest fallouts is the damage it could do to coordination among NASA leadership on pressing issues... It would also limit cooperation with international partners on space, which is often done through embassies in Washington. NASA works with foreign partners on a range of projects, including the International Space Station and returning to the moon. The European Space Agency, for example, plans to provide modules for Gateway, a lunar space station that is central to NASA's Artemis program to land American astronauts back on the moon... The agency also helps coordinate support from foreign nations for the Artemis accords, which set goals for transparency and data sharing — and help create a level of trust in an unregulated part of the universe.

But the reallocation could have some benefits. Such a move would bring headquarters employees closer to the processes they manage. And it would give legislative liaison staff a chance to interact with lawmakers in their districts. "You're probably getting a lot more time with [lawmakers] at the local center or hosting events in the state or district," said Tom Culligan, a longtime space lobbyist,, the space industry lobbyist.

"China is considering trying to blunt greater U.S. tariffs and other trade barriers," reports the Wall Street Journal, "by offering to curb the quantity of certain goods exported to the U.S., according to advisers to the Chinese government." Tokyo's adoption of so-called voluntary export restraints, or VERs, to limit its auto shipments to the U.S. in the 1980s helped prevent Washington from imposing higher import duties. A similar move from Beijing, especially in sectors of key concern to Washington, like electric vehicles and batteries, would mitigate criticism from the U.S. and others over China's "economic imbalances": heavily subsidized companies making stuff for slim profits but saturating global markets, to the detriment of other countries' manufacturers...

The Xi leadership has indicated a desire to cut a deal with the Trump administration to head off greater trade attacks... Similar to Japan, the Chinese advisers say, Beijing may also consider negotiating export restraints on EVs and batteries in return for investment opportunities in those sectors in the U.S. In some officials' views, they say, that might be an attractive offer to Trump, who at times has indicated an openness to more Chinese investment in the U.S. even though members of his administration firmly oppose it.
The article notes agreements like this are also hard to enforce, "particularly when Chinese companies export to the U.S. from third countries including Mexico and Vietnam."

The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore "are likely customers of Israeli spyware maker Paragon Solutions," reports TechCrunch, "according to a new technical report by a renowned digital security lab." On Wednesday, The Citizen Lab, a group of academics and security researchers housed at the University of Toronto that has investigated the spyware industry for more than a decade, published a report about the Israeli-founded surveillance startup, identifying the six governments as "suspected Paragon deployments."

At the end of January, WhatsApp notified around 90 users that the company believed were targeted with Paragon spyware, prompting a scandal in Italy, where some of the targets live... Paragon's executive chairman John Fleming told TechCrunch that the company "licenses its technology to a select group of global democracies — principally, the United States and its allies." Israeli news outlets reported in late 2024 that U.S. venture capital AE Industrial Partners had acquired Paragon for at least $500 million upfront....

Among the suspected customer countries, Citizen Lab singled out Canada's Ontario Provincial Police (OPP), which specifically appears to be a Paragon customer given that one of the IP addresses for the suspected Canadian customer is linked directly to the OPP.
In a related development the Guardian reports that a prominent activist in Italy "has warned the international criminal court that his mobile phone was under surveillance" when he was providing them confidential information about torture victims in Libya.

Both articles submitted by long-time Slashdot reader ISayWeOnlyToBePolite.

Was the cutting of undersea cables part of a larger pattern? Russia and its proxies are accused by western officials of "staging dozens of attacks and other incidents across Europe since the invasion of Ukraine three years ago," reports the Associated Press.

That includes cyberattacks and committing acts of sabotage/vandalism/arson, as well as spreading propaganda and even plotting killings, according to the article. ("Western intelligence agencies uncovered what they said was a Russian plot to kill the head of a major German arms manufacturer that is a supplier of weapons to Ukraine...") The news agency documented 59 incidents "in which European governments, prosecutors, intelligence services or other Western officials blamed Russia, groups linked to Russia or its ally Belarus." [Western officials] allege the disruption campaign is an extension of Russian President Vladimir Putin's war, intended to sow division in European societies and undermine support for Ukraine... The incidents range from stuffing car tailpipes with expanding foam in Germany to a plot to plant explosives on cargo planes. They include setting fire to stores and a museum, hacking that targeted politicians and critical infrastructure, and spying by a ring convicted in the U.K. Richard Moore, the head of Britain's foreign intelligence service, called it a "staggeringly reckless campaign" in November...

The cases are varied, and the largest concentrations are in countries that are major supporters of Ukraine... In about a quarter of the cases, prosecutors have brought charges or courts have convicted people of carrying out the sabotage. But in many more, no specific culprit has been publicly identified or brought to justice.
Despite that, "more and more governments are publicly attributing attacks to Russia," the article points out.

This week a nonprofit, bipartisan think tank on global policy released a report which "found that Russian attacks in Europe quadrupled from 2022 to 2023 and then tripled again from 2023 to 2024," reports the New York Times. Prime Minister Donald Tusk of Poland noted in a social media post on Monday that Lithuanian officials had confirmed his assessment that Russia was responsible for a series of fires in shopping centers in Warsaw and Vilnius, the Lithuanian capital...

"I intend to sue the National Archives," said Joseph diGenova, an 80-year-old former Trump campaign lawyer (and a U.S. Attorney from 1983 to 1988). While releasing 63,000 unredacted pages about the 1963 assassination of President Kennedy, the U.S. government erroneously "made public the Social Security numbers and other sensitive personal information of potentially hundreds of former congressional staffers and other people," reports USA Today. ("It is virtually impossible to tell the scope of the breach because the National Archives put them online without a way to search them by keyword, some JFK files experts and victims of the information release told USA TODAY...")

Mark Zaid, a national security lawyer who represented current and former spies and other officials in cases against the government, told USA Today that he "saw a few names I know and I informed them of the breach... Hundreds were doxxed but of that number I don't know how many are still living." Zaid, who has fought for decades for the JFK records to be made public, said many of the thousands of investigative documents had been made public long ago with everything declassified and unredacted except for the personal information. Releasing that information now, he told USA TODAY, poses significant threats to those whose information is now public, including dates and places of birth, but especially their Social Security numbers. "The purpose of the release was to inform the public about the JFK assassination, not to help permit identity theft of those who actually investigated the events of that day," Zaid said. The Associated Press reported Thursday afternoon that government officials "said they are still screening the records to identify all the Social Security numbers that were released." One of the newly unredacted documents... discloses the Social Security numbers of more than two dozen people seeking security clearances in the 1990s to review JFK-related documents for the Assassination Records Review Board.

Two "groundbreaking research reports" on open source security were announced this week by the Linux Foundation in partnership with the Open Source Security Foundation (OpenSSF) and Linux Foundation Europe. The reports specifically address the EU's Cyber Resilience Act (or CRA) and "highlight knowledge gaps and best practices for CRA compliance."

"Unaware and Uncertain: The Stark Realities of CRA-Readiness in Open Source" includes a survey which found that when it comes to CRA requirements, 62% of respondents were either "not familiar at all" (36%) or "slightly familiar" (26%) — while 51% weren't sure about its deadlines. ("Only 28% correctly identified 2027 as the target year for full compliance," according to one infographic, which adds that CRA "is expected to drive a 6% average price increase, though 53% of manufacturers are still assessing pricing impacts.") Manufacturers, who bear primary responsibility, lack readiness — many [46%] passively rely on upstream security fixes, and only a small portion produce Software Bills of Materials (SBOMs). The report recommends that manufacturers take a more active role in open source security, that more funding and legal support is needed to support security practices, and that clear regulatory guidance is essential to prevent unintended negative impacts on open source development.
The research also provides "an in-depth analysis of how open collaboration can strengthen software security and innovation across global markets," with another report that "examines how three Linux Foundation projects are meeting the CRA's minimum compliance requirements" and "provides insight on the elements needed to ensure leadership in cybersecurity best practices." (It also includes CRA-related resources.)

"These two reports offer actionable conclusions for open source stakeholders to ready themselves for 2027, when the CRA comes into force," according to a Linux Foundation reserach executive cited in the announcement. "We hope that these reports catalyze higher levels of collaboration across the open source community."

The French National Assembly has rejected a controversial provision that would have forced messaging platforms like Signal and WhatsApp to allow government access to encrypted private conversations, lawmakers voted Thursday night. The measure, embedded within anti-drug trafficking legislation, would have implemented a "ghost participant model" allowing law enforcement to silently join encrypted chats without users' knowledge.

The U.S. Treasury Department's sanctions watchdog removed cryptocurrency mixing tool Tornado Cash from its global blacklist on Friday, following a federal appeals court ruling last November that the Office of Foreign Asset Control couldn't sanction its smart contracts. Despite the delisting of over 100 Ethereum addresses from the Specially Designated Nationals list, Treasury Secretary Scott Bessent emphasized continuing concerns about North Korea's digital asset theft operations.

"We remain deeply concerned about the significant state-sponsored hacking and money laundering campaign aimed at stealing, acquiring, and deploying digital assets for the Democratic People's Republic of Korea," Treasury stated. Roman Storm, Tornado Cash co-founder, still faces a July criminal trial for his alleged development role. A Treasury court filing Monday had warned that completely lifting sanctions could have "significantly disruptive consequences for national security."

Over the past two decades, school districts have spent billions equipping classrooms with laptops, yet students have fallen further behind on essential skills, Michael Bloomberg argues. With about 90% of schools now providing these devices, test scores hover near historic lows -- only 28% of eighth graders proficient in math and 30% in reading.

Bloomberg notes technology's classroom push came from technologists and government officials who envisioned tailored curricula. Computer manufacturers, despite good intentions, had financial interests and profited substantially. The Google executive who questioned why children should learn equations when they could Google answers might now ask why they should write essays when chatbots can do it for them.

Studies confirm traditional methods -- reading and writing on paper -- remain superior to screen-based approaches. Devices distract students, with research showing up to 20 minutes needed to refocus after nonacademic activities. As some districts ban smartphones during school hours, Bloomberg suggests reconsidering classroom computer policies, recommending locked carts for more purposeful use and greater transparency for parents about screen time. Technology's promise has failed while imposing significant costs on children and taxpayers, he writes. Bloomberg calls for a return to books and pens over laptops and tablets.

The National Archives has released thousands of pages of declassified records related to the assassination of President John F. Kennedy in 1963. From a report: The records were posted to the National Archives' website, joining recently released records posted in 2023, 2022, 2021 and 2017-2018.

"This release consists of approximately 80,000 pages of previously-classified records that will be published with no redactions," said the announcement from the Office of the Director of National Intelligence. "Additional documents withheld under court seal or for grand jury secrecy, and records subject to section 6103 of the Internal Revenue Code, must be unsealed before release."

President Donald Trump signed an executive order on Jan. 23 directing the release of all remaining records related to the assassination, saying it was in the "public interest" to do so. Tuesday's initial release contained 1,123 records comprising 32,000 pages. A subsequent release on Tuesday night contained 1,059 records comprising 31,400 additional pages.
See Also: U.S. Release of Unredacted JFK Files 'Doxxed' Officials, Including Social Security Numbers.

The Dutch parliament approved motions urging the government to reduce reliance on U.S. software companies by developing a sovereign cloud platform and reconsidering contracts with American firms. Reuters reports: While such initiatives have foundered in the past due to a lack of viable European alternatives, lawmakers said changing relations with the United States under the presidency of Donald Trump have given the issue fresh urgency. "The question we as Europeans must ask ourselves is: do we feel comfortable with people like Trump, (Meta CEO Mark) Zuckerberg and (X owner Elon) Musk ruling over our data?" said Marieke Koekkoek of the pro-European Volt party, who authored one of the eight motions, in an email to Reuters.

In addition to launching a sovereign cloud services platform, the motions called on the government to re-examine a decision to use Amazon's web services for the Netherlands' internet domain hosting, and to develop alternatives to U.S. software and preferential treatment for European firms in public tenders. [...] Bert Hubert, a Dutch technology expert who has advocated for reducing dependency on the U.S., said: "This is only the first step in potentially doing something." But he said one important outcome would be forcing agencies to publicly report on risks related to their reliance on U.S. cloud firms. "With the advent of Trump 2.0, it has become clear that this is not something you can harmlessly sign off on," he said.

U.S. Vice President J.D. Vance denounced decades of globalization for hampering American innovation in a speech to entrepreneurs and venture capitalists on Tuesday, arguing that offshoring has eroded U.S. technological leadership. "Our workers have been failed by the government of the last 40 years," Vance told the American Dynamism Summit, criticizing two "conceits" of globalization: that nations manufacturing products wouldn't eventually design them too, and that cheap foreign labor benefits innovation.

"As they got better at the low end of the value chain, they also started catching up on the higher end. We were squeezed from both ends," Vance said, adding that "cheap labor is fundamentally a crutch" that inhibits technological advancement. The Trump administration recently rolled back Biden-era AI regulations, with Vance emphasizing their goal to "incentivize investment in our own borders, in our own businesses, our own workers and our own innovation." Vance, a former venture capitalist, dismissed fears about AI eliminating jobs, comparing it to ATMs which ultimately created more financial sector roles.