The Trump administration announced Monday the United States Tech Force, a new program to recruit around 1,000 technologists for two-year government stints starting as soon as March -- less than a year after dismantling several federal technology teams and driving thousands of tech workers out of their jobs.

The program will primarily recruit early-career software engineers and data scientists, paying between $150,000 and $200,000 annually. About 20 companies have signed on to participate, including Palantir, Meta, Oracle and Elon Musk's xAI. Some engineering managers will be allowed to take leaves of absence from their private-sector employers to join the program without divesting their stock holdings.

The initiative follows the March closure of 18F, General Services Administration's internal tech consultancy, and the shuttering of the Social Security Administration's Office of Transformation in February. The IRS had lost over 2,000 tech workers by June.

The Black Hat Europe hacker conference in London included a session titled "Don't Judge an Audiobook by Its Cover" about a two critical (and now fixed) flaws in Amazon's Kindle. The Times reports both flaws were discovered by engineering analyst Valentino Ricotta (from the cybersecurity research division of Thales), who was awarded a "bug bounty" of $20,000 (£15,000 ). He said: "What especially struck me with this device, that's been sitting on my bedside table for years, is that it's connected to the internet. It's constantly running because the battery lasts a long time and it has access to my Amazon account. It can even pay for books from the store with my credit card in a single click. Once an attacker gets a foothold inside a Kindle, it could access personal data, your credit card information, pivot to your local network or even to other devices that are registered with your Amazon account."

Ricotta discovered flaws in the Kindle software that scans and extracts information from audiobooks... He also identified a vulnerability in the onscreen keyboard. Through both of these, he tricked the Kindle into loading malicious code, which enabled him to take the user's Amazon session cookies — tokens that give access to the account. Ricotta said that people could be exposed to this type of hack if they "side-load" books on to the Kindle through non-Amazon stores.
Ricotta donated his bug bounties to charity...

The Wall Street Journal reports that 68% of CEOs "plan to spend even more on AI in 2026, according to an annual survey of more than 350 public-company CEOs from advisory firm Teneo." And yet "less than half of current AI projects had generated more in returns than they had cost, respondents said." They reported the most success using AI in marketing and customer service and challenges using it in higher-risk areas such as security, legal and human resources.

Teneo also surveyed about 400 institutional investors, of which 53% expect that AI initiatives would begin to deliver returns on investments within six months. That compares to the 84% of CEOs of large companies — those with revenue of $10 billion or more — who believe it will take more than six months.

Surprisingly, 67% of CEOs believe AI will increase their entry-level head count, while 58% believe AI will increase senior leadership head count.
All the surveyed CEOS were from public companies with revenue over $1 billion...

Steven J. Vaughan-Nichols files this report from Tokyo: At the invitation-only Linux Kernel Maintainers Summit here, the top Linux maintainers decided, as Jonathan Corbet, Linux kernel developer, put it, "The consensus among the assembled developers is that Rust in the kernel is no longer experimental — it is now a core part of the kernel and is here to stay. So the 'experimental' tag will be coming off." As Linux kernel maintainer Steven Rosted told me, "There was zero pushback."

This has been a long time coming. This shift caps five years of sometimes-fierce debate over whether the memory-safe language belonged alongside C at the heart of the world's most widely deployed open source operating system... It all began when Alex Gaynor and Geoffrey Thomas at the 2019 Linux Security Summit said that about two-thirds of Linux kernel vulnerabilities come from memory safety issues. Rust, in theory, could avoid these by using Rust's inherently safer application programming interfaces (API)... In those early days, the plan was not to rewrite Linux in Rust; it still isn't, but to adopt it selectively where it can provide the most security benefit without destabilizing mature C code. In short, new drivers, subsystems, and helper libraries would be the first targets...

Despite the fuss, more and more programs were ported to Rust. By April 2025, the Linux kernel contained about 34 million lines of C code, with only 25 thousand lines written in Rust. At the same time, more and more drivers and higher-level utilities were being written in Rust. For instance, the Debian Linux distro developers announced that going forward, Rust would be a required dependency in its foundational Advanced Package Tool (APT).

This change doesn't mean everyone will need to use Rust. C is not going anywhere. Still, as several maintainers told me, they expect to see many more drivers being written in Rust. In particular, Rust looks especially attractive for "leaf" drivers (network, storage, NVMe, etc.), where the Rust-for-Linux bindings expose safe wrappers over kernel C APIs. Nevertheless, for would-be kernel and systems programmers, Rust's new status in Linux hints at a career path that blends deep understanding of C with fluency in Rust's safety guarantees. This combination may define the next generation of low-level development work.

A former Chinese official who fled to the U.S. says Beijing has used advanced surveillance technology from U.S. companies to track, intimidate, and punish him and his family across borders. ABC News reports: Retired Chinese official Li Chuanliang was recuperating from cancer on a Korean resort island when he got an urgent call: Don't return to China, a friend warned. You're now a fugitive. Days later, a stranger snapped a photo of Li in a cafe. Terrified South Korea would send him back, Li fled, flew to the U.S. on a tourist visa and applied for asylum. But even there -- in New York, in California, deep in the Texas desert -- the Chinese government continued to hunt him down with the help of surveillance technology.

Li's communications were monitored, his assets seized and his movements followed in police databases. More than 40 friends and relatives -- including his pregnant daughter -- were identified and detained, even by tracking down their cab drivers through facial recognition software. Three former associates died in detention, and for months shadowy men Li believed to be Chinese operatives stalked him across continents, interviews and documents seen by The Associated Press show.

The Chinese government is using an increasingly powerful tool to cement its power at home and vastly amplify it abroad: Surveillance technology, much of it originating in the U.S., an AP investigation has found. Within China, this technology helped identify and punish almost 900,000 officials last year alone, nearly five times more than in 2012, according to state numbers. Beijing says it is cracking down on corruption, but critics charge that such technology is used in China and elsewhere to stifle dissent and exact retribution on perceived enemies.

Outside China, the same technology is being used to threaten wayward officials, along with dissidents and alleged criminals, under what authorities call Operations "Fox Hunt" and "Sky Net." The U.S. has criticized these overseas operations as a "threat" and an "affront to national sovereignty." More than 14,000 people, including some 3,000 officials, have been brought back to China from more than 120 countries through coercion, arrests and pressure on relatives, according to state information.

An anonymous reader quotes a report from Reuters: The U.S. government will require artificial intelligence vendors to measure political "bias" to sell their chatbots to federal agencies, according to a Trump administration statement (PDF) released on Thursday. The requirement will apply to all large language models bought by federal agencies, with the exception of national security systems, according to the statement.

President Donald Trump ordered federal agencies in July to avoid buying large language models that he labeled as "woke." Thursday's statement gives more detail to that directive, saying that developers should not "intentionally encode partisan or ideological judgments" into a chatbot's outputs. Further reading: Trump Signs Executive Order For Single National AI Regulation Framework, Limiting Power of States

The pro-Russian CyberVolk group resurfaced with a Telegram-based ransomware-as-a-service platform, but fatally undermined its own operation by hardcoding master encryption keys in plaintext. The Register reports: First, the bad news: the CyberVolk 2.x (aka VolkLocker) ransomware-as-a-service operation that launched in late summer. It's run entirely through Telegram, which makes it very easy for affiliates that aren't that tech savvy to lock files and demand a ransom payment. CyberVolk's soldiers can use the platform's built-in automation to generate payloads, coordinate ransomware attacks, and manage their illicit business operations, conducting everything through Telegram.

But here's the good news: the ransomware slingers got sloppy when it came time to debug their code and hardcoded the master keys -- this same key encrypts all files on a victim's system -- into the executable files. This could allow victims to recover encrypted data without paying the extortion fee, according to SentinelOne senior threat researcher Jim Walter, who detailed the gang's resurgence and flawed code in a Thursday report.

Online retailer Coupang, often called South Korea's Amazon, is dealing with the fallout from a breach that exposed the personal information of more than 33 million accounts -- roughly two-thirds of the country's population -- after a former contractor allegedly used credentials that remained active months after his departure to access customer data through the company's overseas servers.

The breach began in June but went undetected until November 18, according to Coupang and investigators. Police have called it South Korea's worst-ever data breach. The compromised information includes names, phone numbers, email addresses and shipping addresses, though the company says login credentials, credit card numbers, and payment details were not affected.

Coupang's former CEO Park Dae-jun told a parliamentary hearing that the alleged perpetrator was a Chinese national who had worked on authentication tasks before his contract ended last December. Chief information security officer Brett Matthes testified that the individual had a "privileged role" giving him access to a private encryption key that allowed him to forge tokens to impersonate customers. Legislators say the key remained active after the employee left. The CEO of Coupang's South Korean subsidiary has resigned. Founder and chair Bom Kim has yet to personally apologize but has been summoned to a second parliamentary hearing.

Berlin's regional parliament has passed a far-reaching overhaul of its "security" law, giving police new authority to conduct both digital and physical surveillance. From a report: The CDU-SPD coalition, supported by AfD votes, approved the reform of the General Security and Public Order Act (ASOG), changing the limits that once protected Berliners from intrusive policing. Interior Senator Iris Spranger (SPD) argued that the legislation modernizes police work for an era of encrypted communication, terrorism, and cybercrime. But it undermines core civil liberties and reshapes the relationship between citizens and the state.

One of the most controversial elements is the expansion of police powers under paragraphs 26a and 26b. These allow investigators to hack into computers and smartphones under the banner of "source telecommunications surveillance" and "online searches." Police may now install state-developed spyware, known as trojans, on personal devices to intercept messages before or after encryption.

If the software cannot be deployed remotely, the law authorizes officers to secretly enter a person's home to gain access. This enables police to install surveillance programs directly on hardware without the occupant's knowledge. Berlin had previously resisted such practices, but now joins other federal states that permit physical entry to install digital monitoring tools.

The Ninth Circuit Court of Appeals has almost entirely upheld a scathing April ruling that found Apple in willful violation of a 2021 injunction meant to open up iOS App Store payments in its long-running legal battle against Epic Games. A three-judge panel affirmed that Apple's 27% fee for developers using outside payment options had a "prohibitive effect" and that the company's design restrictions on external payment links were overly broad.

The appeals court also agreed that Apple acted in "bad faith" by rejecting viable, compliant alternatives in internal discussions. One divergence from the lower court: the appeals court ruled that Apple should still be able to charge a "reasonable fee" based on its actual costs to ensure user security and privacy, rather than charging nothing at all. What qualifies as "reasonable" remains to be determined.

Epic CEO Tim Sweeney told reporters he believes those fees should be "super super minor," on the order of "tens or hundreds of dollars" every time an iOS app update goes through Apple for review. "The Apple Tax is dead in the USA," he wrote on social media. Sweeney also alleged that a widespread "fear of retaliation" has kept many developers paying Apple's default 30% fees, claiming the company can effectively "ghost" apps by delaying reviews or burying them in search results.

Cadmium zinc telluride (CZT), a hard-to-manufacture semiconductor produced by only a handful of companies, is enabling a quiet revolution in medical imaging, science, and security by delivering faster scans, lower radiation doses, and far more precise X-ray and gamma-ray detection. "You get beautiful pictures from this scanner," says Dr Kshama Wechalekar, head of nuclear medicine and PET. "It's an amazing feat of engineering and physics." The BBC reports: Kromek is one of just a few firms in the world that can make CZT. You may never have heard of the stuff but, in Dr Wechalekar's words, it is enabling a "revolution" in medical imaging. This wonder material has many other uses, such as in X-ray telescopes, radiation detectors and airport security scanners. And it is increasingly sought-after. Investigations of patients' lungs performed by Dr Wechalekar and her colleagues involve looking for the presence of many tiny blood clots in people with long Covid, or a larger clot known as a pulmonary embolism, for example.

The 1-million-pound scanner works by detecting gamma rays emitted by a radioactive substance that is injected into patients' bodies. But the scanner's sensitivity means less of this substance is needed than before: "We can reduce doses about 30%," says Dr Wechalekar. While CZT-based scanners are not new in general, large, whole-body scanners such as this one are a relatively recent innovation. CZT itself has been around for decades but it is notoriously difficult to manufacture. "It has taken a long time for it to develop into an industrial-scale production process," says Arnab Basu, founding chief executive of Kromek.

[...] The newly formed CZT, a semiconductor, can detect tiny photon particles in X-rays and gamma rays with incredible precision -- like a highly specialized version of the light-sensing, silicon-based image sensor in your smartphone camera. Whenever a high energy photon strikes the CZT, it mobilizes an electron and this electrical signal can be used to make an image. Earlier scanner technology used a two-step process, which was not as precise. "It's digital," says Dr Basu. "It's a single conversion step. It retains all the important information such as timing, the energy of the X-ray that is hitting the CZT detector -- you can create color, or spectroscopic images."

joshuark shares a report from BleepingComputer: More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. After scanning container images uploaded to Docker Hub in November, security researchers at threat intelligence company Flare found that 10,456 of them exposed one or more keys. The most frequent secrets were access tokens for various AI models (OpenAI, HuggingFace, Anthropic, Gemini, Groq). In total, the researchers found 4,000 such keys. "These multi-secret exposures represent critical risks, as they often provide full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components," Flare notes. [...]

Additionally, they found hardcoded API tokens for AI services being hardcoded in Python application files, config.json files, YAML configs, GitHub tokens, and credentials for multiple internal environments. Some of the sensitive data was present in the manifest of Docker images, a file that provides details about the image.Flare notes that roughly 25% of developers who accidentally exposed secrets on Docker Hub realized the mistake and removed the leaked secret from the container or manifest file within 48 hours. However, in 75% of these cases, the leaked key was not revoked, meaning that anyone who stole it during the exposure period could still use it later to mount attacks.

Flare suggests that developers avoid storing secrets in container images, stop using static, long-lived credentials, and centralize their secrets management using a dedicated vault or secrets manager. Organizations should implement active scanning across the entire software development life cycle and revoke exposed secrets and invalidate old sessions immediately.

Stanford researchers spent much of the past year building an AI bot called Artemis that scans networks for software vulnerabilities, and when they pitted it against ten professional penetration testers on the university's own engineering network, the bot outperformed nine of them. The experiment offers a window into how rapidly AI hacking tools have improved after years of underwhelming performance.

"We thought it would probably be below average," said Justin Lin, a Stanford cybersecurity researcher. Artemis found bugs at a fraction of human cost -- just under $60 per hour compared to the $2,000 to $2,500 per day that professional pen testers typically charge. But its performance wasn't flawless. About 18% of its bug reports were false positives, and it completely missed an obvious vulnerability on a webpage that most human testers caught. In one case, Artemis found a bug on an outdated page that didn't render in standard browsers; it used a command-line tool called Curl instead of Chrome or Firefox.

Dan Boneh, a Stanford computer science professor who advised the researchers, noted that vast amounts of software shipped without being vetted by LLMs could now be at risk. "We're in this moment of time where many actors can increase their productivity to find bugs at an extreme scale," said Jacob Klein, head of threat intelligence at Anthropic.

Tourists from dozens of countries including the UK could be asked to provide a five-year social media history as a condition of entry to the United States, under a new proposal unveiled by American officials. From a report: The new condition would affect people from dozens of countries who are eligible to visit the US for 90 days without a visa, as long as they have filled out an Electronic System for Travel Authorization (ESTA) form. Since returning to the White House in January, President Donald Trump has moved to toughen US borders more generally - citing national security as a reason.

Analysts say the new plan could pose an obstacle to potential visitors, or harm their digital rights. Asked whether the proposal could lead to a steep drop-off in tourism to the US, Trump said he was not concerned. "No. We're doing so well," the president said on Wednesday. "We just want people to come over here, and safe. We want safety. We want security. We want to make sure we're not letting the wrong people come enter our country."

An anonymous reader quotes a report from Axios: OpenAI says the cyber capabilities of its frontier AI models are accelerating and warns Wednesday that upcoming models are likely to pose a "high" risk, according to a report shared first with Axios. The models' growing capabilities could significantly expand the number of people able to carry out cyberattacks. OpenAI said it has already seen a significant increase in capabilities in recent releases, particularly as models are able to operate longer autonomously, paving the way for brute force attacks.

The company notes that GPT-5 scored a 27% on a capture-the-flag exercise in August, GPT-5.1-Codex-Max was able to score 76% last month. "We expect that upcoming AI models will continue on this trajectory," the company says in the report. "In preparation, we are planning and evaluating as though each new model could reach 'high' levels of cybersecurity capability as measured by our Preparedness Framework." "High" is the second-highest level, below the "critical" level at which models are unsafe to be released publicly. "What I would explicitly call out as the forcing function for this is the model's ability to work for extended periods of time," said OpenAI's Fouad Matin.

Longtime Slashdot reader MadCow42 writes: Canonical just announced that they're packaging AMD's ROCm libraries (for AIML and HPC with both data-center GPUs as well as desktop/laptop GPUs), directly into the Ubuntu Universe archive. You can run ROCm on Ubuntu today but you have to install it via a script from AMD and manually remove and reinstall for any upgrades or bug fixes. Having it in Ubuntu as a normal Debian package will make it much easier to install and also to maintain in the long run via normal apt tooling ('apt upgrade'). This also means that ROCm can be an automatically-installed dependency for other packages, which doesn't happen today.

And, interestingly, Canonical has committed to providing long-term-support for ROCm in Ubuntu -- which is particularly exciting for edge and IoT devices that may have a long life in the field and need regular security patches and updates.

As the battle over Warner Bros. Discovery grows, two Democratic lawmakers are warning that their party may try to block or unravel any acquisition by Paramount when it returns to power. Semafor: In a letter to the WBD board and Treasury Secretary Scott Bessent first shared with Semafor, Reps. Sam Liccardo (D-Calif.) and Ayanna Pressley (D-Mass.) said they were concerned about the national security risk of letting foreign entities control a large portion of the US entertainment and media industry.

They also hinted that a future Democratic Congress and administration could try to unravel any Paramount-WBD deal. "Future Congresses ... will review many of the decisions of the current Administration, and may recommend that regulators push for divestitures, which would undermine the strategic logic of this merger," they wrote. "We urge the Board to weigh these national security and regulatory liabilities in evaluating a transaction burdened by uncertain but potentially extensive mitigation obligations, foreign influence risks, or adverse regulatory action."

An anonymous reader quotes a report from the Guardian: The unsustainable production of food and fossil fuels causes $5 billion of environmental damage per hour, according to a major UN report. Ending this harm was a key part of the global transformation of governance, economics and finance required "before collapse becomes inevitable," the experts said. The Global Environment Outlook (GEO) report, which is produced by 200 researchers for the UN Environment Program, said the climate crisis, destruction of nature and pollution could no longer be seen as simply environmental crises. "They are all undermining our economy, food security, water security, human health and they are also [national] security issues, leading to conflict in many parts of the world," said Prof Robert Watson, the co-chair of the assessment. [...]

The GEO report is comprehensive -- 1,100 pages this year -- and is usually accompanied by a summary for policymakers, which is agreed by all the world's countries. However, strong objections by countries including Saudi Arabia, Iran, Russia, Turkey and Argentina to references to fossil fuels, plastics, reduced meat in diets and other issues meant no agreement was reached this time. [...] The GEO report emphasized that the costs of action were much less than the costs of inaction in the long term, and estimated the benefits from climate action alone would be worth $20 trillion a year by 2070 and $100 trillion by 2100. "We need visionary countries and private sector [companies] to recognize they will make more profit by addressing these issues rather than ignoring them," Watson said. [...]

One of the biggest issues was the $45 trillion a year in environmental damage caused by the burning of coal, oil and gas, and the pollution and destruction of nature caused by industrial agriculture, the report said. The food system carried the largest costs, at $20 trillion, with transport at $13 trillion and fossil-fuel powered electricity at $12 trillion. These costs -- called externalities by economists -- must be priced into energy and food to reflect their real price and shift consumers towards greener choices, Watson said: "So we need social safety nets. We need to make sure that the poorest in society are not harmed by an increase in costs." The report suggests measures such as a universal basic income, taxes on meat and subsidies for healthy, plant-based foods.

There were also about $1.5 trillion in environmentally harmful subsidies to fossil fuels, food and mining, the report said. These needed to be removed or repurposed, it added. Watson noted that wind and solar energy was cheaper in many places but held back by vested interests in fossil fuel. The climate crisis may be even worse than thought, he said: "We are likely to be underestimating the magnitude of climate change," with global heating probably at the high end of the projections made by the Intergovernmental Panel on Climate Change. Removing fossil fuel subsidies could cut emissions by a third, the report said.

Longtime Slashdot reader Randseed writes: With the likes of Google Nest, Ring, and others cooperating with law enforcement, I started to look for affordable wireless IP security cameras that I can put around my house. Unfortunately, it looks like almost every thing now incorporates some kind of cloud-based slop. All I really want is to put up some cameras, hook them up to my LAN, and install something like ZoneMinder. What are the most economical, wireless IP security cameras that I can set up with my server?

Microsoft has announced that it will raise prices on its Microsoft 365 productivity suites for businesses and government clients starting in July 2026, marking the first commercial price increase since 2022. Small business and frontline worker plans face the steepest hikes: Business Basic jumps 16.7% to $7 per user per month, while frontline worker subscriptions surge up to 33%. Enterprise plans see more modest bumps, ranging from 5.3% for E5 to 8.3% for E3. Microsoft attributed the increases to more than 1,100 new features added to the suite, including AI-driven tools and security enhancements. Copilot remains a separate $30-per-month add-on.