Security

European Space Agency Acknowledges Another Breach as Criminals Claim 200 GB Data Haul 23

The European Space Agency has acknowledged yet another security incident after a cybercriminal posted an offer on BreachForums the day after Christmas claiming to have stolen over 20GB of data including source code, confidential documents, API tokens and credentials.

The attacker claims they gained access to ESA-linked external servers on December 18 and remained connected for about a week, during which they allegedly exfiltrated private Bitbucket repositories, CI/CD pipelines, Terraform files and hardcoded credentials. ESA said that the breach may have affected only "a very small number of external servers" used for unclassified engineering and scientific collaboration, and that it has initiated a forensic security analysis.
Security

DarkSpectre Hackers Spread Malware To 8.8 Million Chrome, Edge, and Firefox Users (cyberpress.org) 12

An anonymous reader quotes a report from Cyber Press: A newly uncovered Chinese threat group, DarkSpectre, has been linked to one of the most widespread browser-extension malware operations to date, compromising more than 8.8 million users of Chrome, Edge, Firefox, and Opera over the past seven years. According to research by Koi.ai, the group operates three interconnected campaigns: ShadyPanda, GhostPoster, and a newly identified one named The Zoom Stealer, forming a single, strategically organized operation.

DarkSpectre's structure differs from that of ordinary cybercrime operations. The group runs separate but interconnected malware clusters, each with distinct goals. The ShadyPanda campaign, responsible for 5.6 million infections, focuses on long-term user surveillance and e-commerce affiliate fraud. Its extensions have appeared legitimate for years, offering new tab pages and translation utilities, before secretly downloading malicious configurations from command-and-control servers such as jt2x.com and infinitynewtab.com. Once activated, they inject remote scripts, hijack search results, and track browsing activity.

The second campaign, GhostPoster, spreads via Firefox and Opera extensions that conceal malicious payloads in PNG images via steganography. After lying dormant for several days, the extensions extract and execute JavaScript hidden within images, enabling stealthy remote code execution. This campaign has affected over one million users and relies on domains like gmzdaily.com and mitarchive.info for payload delivery.

The most recent discovery, The Zoom Stealer, exposes around 2.2 million users to corporate espionage. These extensions masquerade as productivity tools or video downloaders while secretly harvesting corporate meeting links, credentials, and speaker profiles from more than 28 video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The extensions use real-time WebSocket connections to exfiltrate data to Firebase databases, such as zoocorder.firebaseio.com, and to Google Cloud functions, such as webinarstvus.cloudfunctions.net.

China

China Demands Netherlands 'Correct Mistakes' Over Seized Chipmaker as Auto Supply Crunch Deepens (cnbc.com) 34

China's Commerce Ministry on Wednesday demanded that the Netherlands "immediately correct its mistakes" over chipmaker Nexperia, escalating a standoff that has disrupted global semiconductor supply chains and triggered warnings from automakers about component shortages. The Dutch government in September invoked a Cold War-era law to effectively seize control of the Chinese-owned chipmaker, reportedly after the United States raised security concerns. China responded by blocking Nexperia products from leaving the country.

Nexperia manufactures billions of foundation chips -- transistors, diodes and power management components -- that are produced in Europe, assembled and tested in China, and then re-exported to customers worldwide. These low-tech, inexpensive chips are essential in almost every device that uses electricity, from car braking systems and airbag controllers to electric windows and entertainment systems.

The Commerce Ministry spokesperson said the Netherlands "remains indifferent and stubbornly insists on its own way, showing absolutely no responsible attitude towards the security of the global semiconductor supply chain." Dutch Economy Minister Vincent Karremans has repeatedly defended the intervention. Auto industry groups have warned that disruptions have not been fundamentally resolved. Japan's Nissan and German supplier Bosch have flagged looming shortages, and the German Association of the Automotive Industry warned of elevated supply risks "particularly for the first quarter" of 2026.
Government

NYC Inauguration Bans Raspberry Pi, Flipper Zero Devices (adafruit.com) 42

Longtime Slashdot reader ptorrone writes: The January 1, 2026, NYC mayoral inauguration prohibits attendees from bringing specific brand-name devices, explicitly banning Raspberry Pi single-board computers and the Flipper Zero, listed alongside weapons, explosives, and drones. Rather than restricting behaviors or capabilities like signal interference or unauthorized transmitters, the policy names two widely used educational and testing tools while allowing smartphones and laptops that are far more capable. Critics argue this device-specific ban creates confusion, encourages selective enforcement, and reflects security theater rather than a clear, capability-based public safety framework. New York has handled large-scale events more pragmatically before.
Japan

Life in a Shrinking Japan (japantimes.co.jp) 38

Japan's demographic transformation is no longer a distant forecast but an accelerating reality, and the National Institute of Population and Social Security Research now estimates the country's population will fall to roughly 100 million by 2050 -- more than 20 million fewer people than today.

The share of residents aged 65 and over stood at 29.4% as of September and is expected to reach 37.1% by midcentury. The dependency ratio -- children and older adults supported by every 100 working-age people -- is projected to rise from 68.0 to 89.0, meaning each working-age person will effectively support one dependent.

Akita Prefecture is currently offering a preview of this future. Its population fell 1.93% year over year as of November 1, the steepest decline of any prefecture, and more than 40% of its residents are already 65 or older. By 2050, Akita's population is projected to drop to around 560,000, roughly 60% of its current size. Japan's total fertility rate fell for the ninth consecutive year in 2024, declining to 1.15 from 1.2. A health ministry survey found around 319,000 babies were born in the first half of 2025, more than 10,000 fewer than the same period last year -- a pace that could put the full-year total at a record low.
Security

22 Million Affected By Aflac Data Breach (securityweek.com) 26

An anonymous reader quotes a report from SecurityWeek: Insurance giant Aflac is notifying roughly 22.65 million people that their personal information was stolen from its systems in June 2025. The company disclosed the intrusion on June 20, saying it had identified suspicious activity on its network in the US on June 12 and blaming it on a sophisticated cybercrime group. The company said it immediately contained the attack and engaged with third-party cybersecurity experts to help with incident response. Aflac's operations were not affected, as file-encrypting ransomware was not deployed.

[...] The compromised information, the insurance giant says, includes names, addresses, Social Security numbers, dates of birth, driver's license numbers, government ID numbers, medical and health insurance information, and other data. "The review of the potentially impacted files determined personal information associated with customers, beneficiaries, employees, agents, and other individuals related to Aflac was involved," Aflac said in a notification (PDF) on its website. The company is providing the affected individuals with 24 months of free credit monitoring, identity theft protection, and medical fraud protection services.

EU

Challenges Face European Governments Pursuing 'Digital Sovereignty' (theregister.com) 57

The Register reports on challenges facing Europe's pursuit of "digital sovereignty": The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to provide requested data, regardless of where that data is stored globally. This places European organizations in a precarious position, as it directly clashes with Europe's own stringent privacy regulation, the General Data Protection Regulation (GDPR)... Furthermore, these warrants often come with a gag order, legally prohibiting the provider from informing their customer that their data has been accessed. This renders any contractual clauses requiring transparency or notification effectively meaningless. While technical measures like encryption are often proposed as a solution, their effectiveness depends entirely on who controls the encryption keys. If the US provider manages the keys, as is common in many standard cloud services, they can be forced to decrypt the data for authorities, making such safeguards moot....

American hyperscalers have recognized the market demand for sovereignty and now aggressively market 'sovereign cloud' solutions, typically by placing datacenters on European soil or partnering with local operators. Critics call this 'sovereignty washing'... [Cristina Caffarra, a competition economistand driving force behind the Eurostack initiative] warns that this does not resolve the fundamental problem. "A company subject to the extraterritorial laws of the United States cannot be considered sovereign for Europe," she says. "That simply doesn't work." Because, as long as the parent company is American, it remains subject to the CLOUD Act...

Even when organizations make deliberate choices in favour of European providers, those decisions can be undone by market forces. A recent acquisition in the Netherlands illustrates this risk. In November 2025, the American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider. This came as an "unpleasant surprise" to several of its government clients, including the municipality of Amsterdam and the Dutch Ministry of Justice and Security. These bodies had specifically chosen Solvinity to reduce their dependence on American firms and mitigate CLOUD Act risks.

Still, The Register provides several examples of government systems that are "taking concrete steps to regain control over their IT."
  • Austria's Federal Ministry for Economy, Energy and Tourism now has 1,200 employees on the European open-source collaboration platform Nextcloud, leading several other Austrian ministries to also implement Nextcloud. (The Ministry's CISO tells the Register "We can see our input in Nextcloud releases. That is a feeling we never had with Microsoft.")
  • France's Ministry of Economics and Finance recently completed NUBO (which the Register describes as "an OpenStack-based private cloud initiative designed to handle sensitive data and services.")

Thanks to long-time Slashdot reader mspohr for sharing the article.


Robotics

Researchers Show Some Robots Can Be Hijacked Just Through Spoken Commands (interestingengineering.com) 25

An anonymous Slashdot reader shared this story from Interesting Engineering: Cybersecurity specialists from the research group DARKNAVY have demonstrated how modern humanoid robots can be compromised and weaponised through weaknesses in their AI-driven control systems.

In a controlled test, the team demonstrated that a commercially available humanoid robot could be hijacked with nothing more than spoken commands, exposing how voice-based interaction can serve as an attack vector rather than a safeguard, reports Yicaiglobal... Using short-range wireless communication, the hijacked machine transmitted the exploit to another robot that was not connected to the network. Within minutes, this second robot was also taken over, demonstrating how a single breach could cascade through a group of machines. To underline the real-world implications, the researchers issued a hostile command during the demonstration. The robot advanced toward a mannequin on stage and struck it, illustrating the potential for physical harm.

Space

Is Russia Developing an Anti-Satellite Weapon to Target Starlink? (apnews.com) 140

An anonymous reader shared this report from the Associated Press: Two NATO-nation intelligence services suspect Russia is developing a new anti-satellite weapon to target Elon Musk's Starlink constellation with destructive orbiting clouds of shrapnel, with the aim of reining in Western space superiority that has helped Ukraine on the battlefield. Intelligence findings seen by The Associated Press say the so-called "zone-effect" weapon would seek to flood Starlink orbits with hundreds of thousands of high-density pellets, potentially disabling multiple satellites at once but also risking catastrophic collateral damage to other orbiting systems.

Analysts who haven't seen the findings say they doubt such a weapon could work without causing uncontrollable chaos in space for companies and countries, including Russia and its ally China, that rely on thousands of orbiting satellites for communications, defense and other vital needs. Such repercussions, including risks to its own space systems, could steer Moscow away from deploying or using such a weapon, analysts said. "I don't buy it. Like, I really don't," said Victoria Samson, a space-security specialist at the Secure World Foundation who leads the Colorado-based nongovernmental organization's annual study of anti-satellite systems. "I would be very surprised, frankly, if they were to do something like that." [Later they suggested the research might just be experimental.]

But the commander of the Canadian military's Space Division, Brig. Gen. Christopher Horner, said such Russian work cannot be ruled out in light of previous U.S. allegations that Russia also has been pursuing an indiscriminate nuclear, space-based weapon. "I can't say I've been briefed on that type of system. But it's not implausible," he said... The French military's Space Command said in a statement to the AP that it could not comment on the findings but said, "We can inform you that Russia has, in recent years, been multiplying irresponsible, dangerous, and even hostile actions in space."

The article also points out that this month Russia "said it has fielded a new ground-based missile system, the S-500, which is capable of hitting low-orbit targets..."
Moon

NASA Chief Says US Will Return To Moon Within Trump's Second Term (cnbc.com) 130

NASA Administrator Jared Isaacman, who was confirmed by the Senate just last week after a turbulent nomination process that stretched across most of 2025, said Friday that the United States will return to the moon within President Donald Trump's second term. Isaacman made the comments during an interview on CNBC, calling Trump's recommitment to lunar exploration key to unlocking what he described as an "orbital economy." He said: "We want to have that opportunity to explore and realize the scientific, economic and national security potential on the moon," he said.

The potential opportunities include establishing space data centers and infrastructure on the moon, as well as mining Helium-3, a rare gas embedded in the lunar surface that could serve as fuel for fusion power. NASA is currently working on its Artemis campaign alongside SpaceX, Blue Origin, and Boeing. Trump's One Big Beautiful Bill Act allocated $9.9 billion to the agency earlier this year.

The Artemis II mission, NASA's first crewed test flight using the Space Launch System rocket and Orion spacecraft, is expected to launch in the near future. SpaceX is contracted to build the lunar landing system for the subsequent Artemis III mission. Isaacman was first nominated by Trump in December 2024 but had his nomination pulled in May over unspecified "prior associations." Trump renominated him in November.
Security

Fake MAS Windows Activation Domain Used To Spread PowerShell Malware (bleepingcomputer.com) 35

An anonymous reader shares a report: A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'. BleepingComputer has found that multiple MAS users began reporting on Reddit yesterday that they received pop-up warnings on their systems about a Cosmali Loader infection.

Based on the reports, attackers have set up a look-alike domain, "get[dot]activate[dot]win," which closely resembles the legitimate one listed in the official MAS activation instructions, "get[dot]activated[dot]win." Given that the difference between the two is a single character ("d"), the attackers bet on users mistyping the domain.

United States

Trump Administration To Overhaul Lottery System For H-1B Visas (ft.com) 72

The Trump administration has announced it would replace the lottery programme used to grant H-1B visas for skilled foreign workers with a system that prioritises higher-paid individuals. From a report: The Department of Homeland Security said it would begin to implement a "weighted" selection process to give an advantage to higher-skilled and higher-paid applicants from February, according to a statement posted on its website. Matthew Tragesser, Citizenship and Immigration Services spokesperson, said: "The existing random selection process of H-1B registrations was exploited and abused by US employers who were primarily seeking to import foreign workers at lower wages than they would pay American workers."

The move is the latest in a broad crackdown on US immigration by President Donald Trump, who has dramatically stepped up deportations of immigrants and sent enforcement agents into cities across the country to carry out arrests. The change also follows moves earlier this year to curb the number of applicants for the H-1B visa, which is popular among technology and professional services companies, including charging an additional $100,000 fee.

Beryl Howell, a federal judge on the US District Court for the District of Columbia, late on Tuesday ruled the White House could move forward with the application charge after the US Chamber of Commerce had sued in October to block the six-figure fee.

Privacy

Inside Uzbekistan's Nationwide License Plate Surveillance System (techcrunch.com) 26

An anonymous reader quotes a report from TechCrunch: Across Uzbekistan, a network of about a hundred banks of high-resolution roadside cameras continuously scan vehicles' license plates and their occupants, sometimes thousands a day, looking for potential traffic violations. Cars running red lights, drivers not wearing their seatbelts, and unlicensed vehicles driving at night, to name a few. The driver of one of the most surveilled vehicles in the system was tracked over six months as he traveled between the eastern city of Chirchiq, through the capital Tashkent, and in the nearby settlement of Eshonguzar, often multiple times a week. We know this because the country's sprawling license plate-tracking surveillance system has been left exposed to the internet.

Security researcher Anurag Sen, who discovered the security lapse, found the license plate surveillance system exposed online without a password, allowing anyone access to the data within. It's not clear how long the surveillance system has been public, but artifacts from the system show that its database was set up in September 2024, and traffic monitoring began in mid-2025. The exposure offers a rare glimpse into how such national license plate surveillance systems work, the data they collect, and how they can be used to track the whereabouts of any one of the millions of people across an entire country. The lapse also reveals the security and privacy risks associated with the mass monitoring of vehicles and their owners, at a time when the United States is building up its nationwide array of license plate readers, many of which are provided by surveillance giant Flock.

Businesses

ServiceNow To Buy Armis For $7.75 Billion As It Bets Big On Cybersecurity For AI (marketwatch.com) 9

An anonymous reader quotes a report from MarketWatch: ServiceNow announced a deal to acquire cybersecurity company Armis on Tuesday, marking a new milestone in the software giant's artificial-intelligence business strategy. The $7.75 billion all-cash transaction is part of ServiceNow's goal of advancing governance and trust in autonomous AI agents, and the company's largest transaction to date. "The acquisition of Armis will extend and enhance ServiceNow's Security, Risk, and [Operational Technology] portfolios in critical and fast-growing areas of cybersecurity and drive increased AI adoption by strengthening trust across businesses' connected environments," the company wrote in a press release.

While ServiceNow built its foundation IT service management products, the company has positioned itself as an "AI control tower" that orchestrates workflows across HR, customer service and security operations. Organizations today are operating in increasingly complex environments, with assets spanning from laptops and servers to smart grid devices, Gina Mastantuono, chief financial officer of ServiceNow, told MarketWatch on Tuesday. "But at the same time, cyber threats are becoming more sophisticated and more complex," she added.

ServiceNow's Security and Risk business crossed $1 billion in annual contract value earlier this year, and the Armis acquisition is expected to triple ServiceNow's market opportunity in the sector. Armis currently has over $340 million in annual recurring revenue, with growth exceeding 50% year-over-year, according to the press release. The Armis acquisition would allow ServiceNow to create an "end-to-end proactive cybersecurity exposure and operations stack that enables enterprises to see, decide and act across a business' entire technology footprint," Mastantuono said.

Software

'Fragmented' Microsoft Tools Undercut Efficiency at Amazon and Whole Foods, Internal Deloitte Review Finds (businessinsider.com) 27

An anonymous reader shares a report: It's been more than eight years since Amazon bought Whole Foods, but the two companies still haven't aligned their setup for the Microsoft software their employees use. That disconnect was flagged in an 8-week Deloitte review of Whole Foods' use of Microsoft 365 apps earlier this year, according to an internal document obtained by Business Insider. Deloitte found that Whole Foods relies on "fragmented" Microsoft toolsets, has loose security and data-retention practices, and employs a complex user-management setup -- all of which contribute to inefficiencies and lower productivity when working with Amazon employees.

The consulting firm recommended a 24-month integration plan that would first move Whole Foods' corporate employees onto Amazon's backend system, followed by its frontline workers. The phased approach would ensure a "smooth transition for users and minimal disruption to business processes," while generating cost savings, the document said. The review, completed in May, highlights Amazon's ongoing challenges in integrating Whole Foods. Since acquiring the chain in 2017, the company has struggled to scale the business and integrate operations, resulting in frequent reorganizations and shifting strategic priorities.

Australia

Australia Poised for Desalination Boom as Water Shortages Loom (bloomberg.com) 28

Australia is on track for a significant expansion of desalination capacity -- converting seawater to freshwater -- to meet the needs of a swelling population at a time of declining average rainfall. From a report: The world's driest inhabited continent is projected to build or expand 11 desalination plants worth more than A$23 billion ($15 billion) over the next 10 years, according to a research report by Dominic McNally at Oxford Economics.

"Our population growth forecasts imply an additional 190GL/year in household water demand across major cities by 2035, while the booming data center industry also threatens to rapidly expand urban water use," he said. "This growing demand coincides with falling average rainfall in major population centers, increasing the vulnerability of existing infrastructure." Water construction activity slowed after 2010 as a severe drought receded. However, recent dry periods have reignited interest in water security and coincide with a new boom in water infrastructure investment, including desalination, McNally said.

United States

FCC Bans Foreign-Made Drones Over National Security, Spying Concerns (politico.com) 66

The FCC has banned approval of new foreign-made drones and components, citing "an unacceptable risk" to national security. The move will most heavily impact DJI but it "does not affect drones or drone components that are currently sold in the United States." Reuters reports: The tech was placed on the commission's "Covered List," barring DJI and other foreign drone manufacturers from receiving the FCC's approval to sell new drone models for import or sale in the U.S. In Monday's announcement, the agency said that the move "will reduce the risk of direct [drone] attacks and disruptions, unauthorized surveillance, sensitive data exfiltration and other [drone] threats to the homeland."

FCC Chair Brendan Carr said in a statement that while drones offer the potential to boost public safety and the U.S.' posture on global innovation, "criminals, terrorists and hostile foreign actors have intensified their weaponization of these technologies, creating new and serious threats to our homeland."

The ruling comes as China hawks in Congress amplify warnings about the security risks of drones made by DJI, which accounts for more than 90% of the global market share. But efforts to crack down on Capitol Hill have been met with some pushback due to the potential impacts of curbing the drone usage on U.S. businesses and law enforcement. A wide variety of sectors, including construction, energy, agriculture and mining companies, as well as local police and fire departments across the country, deploy DJI-made drones.

Security

Cyberattack Disrupts France's Postal Service, Banking During Christmas Rush (apnews.com) 5

An anonymous reader quotes a report from the Associated Press: With just three days to go before Christmas, a cyberattack knocked France's national postal service offline Monday, blocking and delaying package deliveries and online payments. The timing was miserable for millions of people at the height of the Christmas season, as frazzled postal workers fended off frustrated customers. No one immediately claimed responsibility, but suspicions abounded.

What the postal service La Poste called a ''major network incident'' remained unresolved by Monday evening, more than eight hours after it was first reported. For a company that delivered 2.6 billion packages last year and employs more than 200,000 people, that's a big hit. La Poste said in a statement that a distributed denial of service incident, or DDoS, "rendered its online services inaccessible." It said the incident had no impact on customer data, but disrupted package delivery. Letters, including holiday greeting cards, could still be mailed and delivered. But transactions requiring tracking or access to the postal service internal computer systems were impossible.

The cyberattack also hurt online banking. Customers of the company's banking arm, La Banque Postale, were blocked from using the application to approve payments or conduct other banking services. The bank redirected approvals to text messages instead. "Our teams are mobilized to resolve the situation quickly," the bank said in messages posted on social networks. The disruption came a week after France's government was targeted by a cyberattack that targeted the Interior Ministry, in charge of national security.

United States

US Blocks All Offshore Wind Construction, Says Reason Is Classified (arstechnica.com) 134

An anonymous reader quotes a report from Ars Technica: On Monday, the US Department of the Interior announced that it was pausing the leases on all five offshore wind sites currently under construction in the US. The move comes despite the fact that these projects already have installed significant hardware in the water and on land; one of them is nearly complete. In what appears to be an attempt to avoid legal scrutiny, the Interior is blaming the decisions on a classified report from the Department of Defense.

The second Trump administration announced its animosity toward offshore wind power literally on day one, issuing an executive order on inauguration day that called for a temporary halt to issuing permits for new projects pending a re-evaluation. Earlier this month, however, a judge vacated that executive order, noting that the government has shown no indication that it was even attempting to start the re-evaluation it said was needed. But a number of projects have gone through the entire permitting process, and construction has started. Before today, the administration had attempted to stop these in an erratic, halting manner. Empire Wind, an 800 MW farm being built off New York, was stopped by the Department of the Interior, which alleged that it had been rushed through permitting. That hold was lifted following lobbying and negotiations by New York and the project developer Orsted, and the Department of the Interior never revealed why it changed its mind. When the Interior Department blocked a second Orsted project, Revolution Wind offshore of southern New England, the company took the government to court and won a ruling that let it continue construction.

Today's announcement targets those and three other projects. Interior says it is pausing the permits for all five, which are the only projects currently under construction. It claims that offshore wind creates "national security risks" that were revealed in a recent analysis performed by the Department of Defense, which apparently neglected to identify these issues during the evaluations it did while the projects were first permitted. What are these risks? The Interior Department is being extremely coy. It notes that offshore wind turbines can interfere with radar sensing, but that's been known for a while. In announcing the decision, Interior Secretary Doug Burgum also noted "the rapid evolution of the relevant adversary technologies." But the announcement says that the Defense Department analysis is classified, meaning nobody is likely to know what the actual reason is -- presuming one exists. The classification will also make it far more challenging to contest this decision in court.

Music

Spotify Says 'Anti-Copyright Extremists' Scraped Its Library (musically.com) 59

A group of activists has scraped Spotify's entire library, accessing 256 million rows of track metadata and 86 million audio files totaling roughly 300TB of data. The metadata has been released via Anna's Archive, a search engine for "shadow libraries" that previously focused on books.

Spotify described the activists as "anti-copyright extremists who've previously pirated content from YouTube and other platforms" and confirmed it is actively investigating the incident. The activists claim this represents "the world's first 'preservation archive' for music which is fully open" and covers "around 99.6% of listens."

They appear to have used Spotify's public web API to scrape the metadata and circumvented DRM to access audio files. Spotify insists that this is not a security breach affecting user data. Though the more pressing concern for the music industry may be AI training rather than pirate streaming services -- similar YouTube datasets have reportedly been used by unlicensed generative AI music services.

Slashdot Top Deals