Slashdot reader joshuark writes: Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents, according to a report from BleepingComputer. This attack vector is particularly concerning because it requires no user interaction beyond selecting a file to preview and removes the need to trick a target into actually opening or executing it on their system.

For most users, no action is required since the protection is enabled automatically with the October 2025 security update, and existing workflows remain unaffected unless you regularly preview downloaded files.

"This change is designed to enhance security by preventing a vulnerability that could leak NTLM hashes when users preview potentially unsafe files," Microsoft says in a support document published Wednesday.

It is important to note that this may not take effect immediately and could require signing out and signing back in.

"Snippets of proprietary or copyleft reciprocal code can enter AI-generated outputs, contaminating codebases with material that developers can't realistically audit or license properly."

That's the warning from Sean O'Brien, who founded the Yale Privacy Lab at Yale Law School. ZDNet reports: Open software has always counted on its code being regularly replenished. As part of the process of using it, users modify it to improve it. They add features and help to guarantee usability across generations of technology. At the same time, users improve security and patch holes that might put everyone at risk. But O'Brien says, "When generative AI systems ingest thousands of FOSS projects and regurgitate fragments without any provenance, the cycle of reciprocity collapses. The generated snippet appears originless, stripped of its license, author, and context." This means the developer downstream can't meaningfully comply with reciprocal licensing terms because the output cuts the human link between coder and code. Even if an engineer suspects that a block of AI-generated code originated under an open source license, there's no feasible way to identify the source project. The training data has been abstracted into billions of statistical weights, the legal equivalent of a black hole.

The result is what O'Brien calls "license amnesia." He says, "Code floats free of its social contract and developers can't give back because they don't know where to send their contributions...."

"Once AI training sets subsume the collective work of decades of open collaboration, the global commons idea, substantiated into repos and code all over the world, risks becoming a nonrenewable resource, mined and never replenished," says O'Brien. "The damage isn't limited to legal uncertainty. If FOSS projects can't rely upon the energy and labor of contributors to help them fix and improve their code, let alone patch security issues, fundamentally important components of the software the world relies upon are at risk."

O'Brien says, "The commons was never just about free code. It was about freedom to build together." That freedom, and the critical infrastructure that underlies almost all of modern society, is at risk because attribution, ownership, and reciprocity are blurred when AIs siphon up everything on the Internet and launder it (the analogy of money laundering is apt), so that all that code's provenance is obscured.

Has AI just become an easy excuse for firms looking to downsize, asks CNBC: Fabian Stephany, assistant professor of AI and work at the Oxford Internet Institute, said there might be more to job cuts than meets the eye. Previously there may have been some stigma attached to using AI, but now companies are "scapegoating" the technology to take the fall for challenging business moves such as layoffs. "I'm really skeptical whether the layoffs that we see currently are really due to true efficiency gains. It's rather really a projection into AI in the sense of 'We can use AI to make good excuses,'" Stephany said in an interview with CNBC. Companies can essentially position themselves at the frontier of AI technology to appear innovative and competitive, and simultaneously conceal the real reasons for layoffs, according to Stephany... Some companies that flourished during the pandemic "significantly overhired" and the recent layoffs might just be a "market clearance...."

One founder, Jean-Christophe Bouglé even said in a popular LinkedIn post that AI adoption is at a "much slower pace" than is being claimed and in large corporations "there's not much happening" with AI projects even being rolled back due to cost or security concerns. "At the same time there are announcements of big layoff plans 'because of AI.' It looks like a big excuse, in a context where the economy in many countries is slowing down..."

The Budget Lab, a non-partisan policy research center at Yale University, released a report on Wednesday which showed that U.S. labor has actually been little disrupted by AI automation since the release of ChatGPT in 2022... Additionally, New York Fed economists released research in early September which showed that AI use amongst firms "do not point to significant reductions in employment" across the services and manufacturing industry in the New York-Northern New Jersey region.

Critics question why basic flaws like buffer overflows, command injections, and SQL injections are "being exploited remain prevalent in mission-critical codebases maintained by companies whose core business is cybersecurity," writes CSO Online. Benjamin Harris, CEO of cybersecurity/penetration testing firm watchTowr tells them that "these are vulnerability classes from the 1990s, and security controls to prevent or identify them have existed for a long time. There is really no excuse." Enterprises have long relied on firewalls, routers, VPN servers, and email gateways to protect their networks from attacks. Increasingly, however, these network edge devices are becoming security liabilities themselves... Google's Threat Intelligence Group tracked 75 exploited zero-day vulnerabilities in 2024. Nearly one in three targeted network and security appliances, a strikingly high rate given the range of IT systems attackers could choose to exploit. That trend has continued this year, with similar numbers in the first 10 months of 2025, targeting vendors such as Citrix NetScaler, Ivanti, Fortinet, Palo Alto Networks, Cisco, SonicWall, and Juniper. Network edge devices are attractive targets because they are remotely accessible, fall outside endpoint protection monitoring, contain privileged credentials for lateral movement, and are not integrated into centralized logging solutions...

[R]esearchers have reported vulnerabilities in these systems for over a decade with little attacker interest beyond isolated incidents. That shifted over the past few years with a rapid surge in attacks, making compromised network edge devices one of the top initial access vectors into enterprise networks for state-affiliated cyberespionage groups and ransomware gangs. The COVID-19 pandemic contributed to this shift, as organizations rapidly expanded remote access capabilities by deploying more VPN gateways, firewalls, and secure web and email gateways to accommodate work-from-home mandates. The declining success rate of phishing is another factor... "It is now easier to find a 1990s-tier vulnerability in a border device where Endpoint Detection and Response typically isn't deployed, exploit that, and then pivot from there" [says watchTowr CEL Harris]...

Harris of watchTowr doesn't want to minimize the engineering effort it takes to build a secure system. But he feels many of the vulnerabilities discovered in the past two years should have been caught with automatic code analysis tools or code reviews, given how basic they have been. Some VPN flaws were "trivial to the point of embarrassing for the vendor," he says, while even the complex ones should have been caught by any organization seriously investing in product security... Another problem? These appliances have a lot of legacy code, some that is 10 years or older.
Attackers may need to chain together multiple hard-to-find vulnerabilities across multiple components, the article acknowleges. And "It's also possible that attack campaigns against network-edge devices are becoming more visible to security teams because they are looking into what's happening on these appliances more than they did in the past... "

The article ends with reactions from several vendors of network edge security devices.

Thanks to Slashdot reader snydeq for sharing the article.

Hackers have been spreading malware through more than 3,000 YouTube videos advertising cracked software and game hacks, cybersecurity firm Check Point warned this week. The campaign, active since at least 2021, tripled its video production in 2025. The videos promoted free versions of Adobe Photoshop, FL Studio, Microsoft Office, and game cheats for titles like Roblox. Fake comments created the appearance of legitimacy, the researchers found.

Users who downloaded archives from Dropbox, Google Drive, or MediaFire were instructed to disable Windows Defender before opening files. The downloads contained malware including Lumma and Rhadamanthys, which steal passwords and cryptocurrency wallet information. The hackers hijacked existing accounts and created new ones. One compromised channel with 129,000 subscribers posted a cracked Photoshop video that reached 291,000 views. Another video for FL Studio received over 147,000 views.

A web browser linked to Chinese online gambling websites and downloaded millions of times routes all internet traffic through servers in China and covertly installs programs that run in the background, according to findings published by network security company Infoblox. The researchers said the Universe Browser, which advertises itself as offering privacy protection, includes features similar to malware such as key logging and surreptitious connections.

Infoblox collaborated with the United Nations Office on Drugs and Crime on the research. The investigators found links between the browser and Southeast Asia's cybercrime ecosystem, which has connections to money laundering, illegal online gambling, human trafficking and scam operations using forced labor. The browser is directly linked to BBIN, a major online gambling company that has existed since 1999. Infoblox researchers examined the Windows version of the browser and found that it checks users' locations and languages when launched, installs two browser extensions, and disables security features including sandboxing.

Airbus, Leonardo, and Thales are merging their space divisions into a new France-based company that aims to create a "leading European player in space." The joint venture, expected to launch operations by 2027 pending regulatory approval, will pool R&D resources to accelerate satellite development and strengthen Europe's technological sovereignty in space. Engadget reports: The companies Airbus, Leonardo and Thales have finalized this deal. The new unnamed entity will be based in France and will employ around 25,000 people. Airbus will own 35 percent, while the other two companies will each own 32.5 percent. Executives are hoping this company will better serve Europe's need for "sovereignty" in space and help it create a rival to SpaceX's Starlink communications network. Increasing a presence in space is also seen as a good thing for security and defense.

This isn't just bluster. Thales and Airbus have long been rivals in the satellite market, but it looks like they are friends now. Leonardo is known for space systems and services. Combining all three could actually give SpaceX a run for its money, but we will have to wait and see. There are no planned site closures, as the companies say that each home country will keep its existing capabilities. This will be a standalone company, so think of it as an extremely well-financed startup. The first task for the upstart? Reporting indicates it'll be to find more efficient ways to develop and manufacture satellites.

Microsoft is retiring Office Online Server on December 31, 2026, ending support and updates for organizations running browser-based Office apps on-premises. The Register reports: After this, there won't be any more security fixes, updates, or technical support from Microsoft. "This change is part of our ongoing commitment to modernizing productivity experiences and focusing on cloud-first solutions," the company said. Office Online Server provides browser-based versions of Word, Excel, PowerPoint, and OneNote for customers who want to keep things on-prem without having to roll out the full desktop applications. Microsoft's solution is to move to Microsoft 365, its decidedly off-premises version of its applications. The company said it is "focusing its browser-based Office app investments on Office for the Web to deliver secure, collaborative, and feature-rich experiences through Microsoft 365."

Other than migrating to another platform when the vendor pulls the plug, affected customers have few options. The announcement will also hit several customers running SharePoint Server SE or Exchange Server SE. While those products remain supported, Office Online Server integration will go away. The company suggested Microsoft 365 Apps for Enterprise and Office LTSC 2024 as alternatives for viewing and editing documents hosted on those servers.

Skype for Business customers will also lose some key features related to PowerPoint. Presenter notes and high-fidelity PowerPoint rendering will go away. In-meeting annotations, which allow meeting participants to write directly to slides without altering the original file, will no longer be available, and embedded video playback will run at lower fidelity. Features like whiteboards, polls, and app sharing shouldn't be affected. Microsoft's solution is a move to Teams, which the company says "offers modern meeting experiences."

OpenBSD 7.8 has been released, adding Raspberry Pi 5 support, enhanced AMD Secure Encrypted Virtualization (SEV-ES) capabilities, and expanded hardware compatibility including new Qualcomm, Rockchip, and Apple ARM drivers. Phoronix reports: OpenBSD 7.8 also brings multiple improvements around enabling AMD Secure Encrypted Virtualization (AMD SEV) support with support for the PSP ioctl for encrypting and measuring state for SEV-ES, a new VMD option to run guests in SEV-ES mode, and other enablement work pertaining to that AMD SEV work in SEV-ES form at this point as a precursor to SEV-SNP. AMD SEV-ES should be working to start confidential virtual machines (VMs) when using the VMM/VMD hypervisor and the OpenBSD guests with KVM/QEMU.

OpenBSD 7.8 also improves compatibility of the FUSE file-system support with the Linux implementation, suspend/hibernate improvements, SMP improvements, updating to the Linux 6.12.50 DRM graphics drivers, several new Rockchip drivers, Raspberry Pi RP1 drivers, H.264 video support for the uvideo driver, and many network driver improvements. The changelog and download page can be found via OpenBSD.org.

An anonymous reader quotes a report from Reuters: The hack of Jaguar Land Rover, owned by India's Tata Motors, cost the British economy an estimated $2.55 billion and affected over 5,000 organizations, an independent cybersecurity body said in a report published on Wednesday. The report was produced by the Cyber Monitoring Centre, an independent, not for profit organization made up of industry specialists, including the former head of Britain's National Cyber Security Centre. It said losses could be higher if there were unexpected delays to the restoration of production at the vehicle manufacturer to levels before the hack took place in August.

"This incident appears to be the most economically damaging cyber event to hit the UK, with the vast majority of the financial impact being due to the loss of manufacturing output at JLR and its suppliers," the report said. JLR will report its financial results in November, according to the company's website. A spokesperson for JLR declined to comment on the report. [...] JLR, which analysts estimated was losing around 50 million pounds per week from the shutdown, was provided with a 1.5 billion pound loan guarantee by the British government in late September to help it support suppliers.

joshuark shares a report from BleepingComputer: A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey. The campaign employs "ClickFix" techniques where targets are tricked into executing commands in Terminal, infecting themselves with malware. Researchers at threat hunting company Hunt.io identified more than 85 domains impersonating the three platforms in this campaign [...].

When checking some of the domains, BleepingComputer discovered that in some cases the traffic to the sites was driven via Google Ads, indicating that the threat actor promoted them to appear in Google Search results. The malicious sites feature convincing download portals for the fake apps and instruct users to copy a curl command in their Terminal to install them, the researchers say. In other cases, like for TradingView, the malicious commands are presented as a "connection security confirmation step." However, if the user clicks on the 'copy' button, a base64-encoded installation command is delivered to the clipboard instead of the displayed Cloudflare verification ID.

TikTok changed its policies earlier this year on sharing user data with governments as the company negotiated with the Trump Administration to continue operating in the United States. The company added language allowing data sharing with "regulatory authorities, where relevant" beyond law enforcement. Until April 25, 2025, TikTok's website stated the company would notify users before disclosing their data to law enforcement. The policy now says TikTok will inform users only where required by law and changed the timing from before disclosure to if disclosure occurs. The company also softened its language from stating it "rejects data requests from law enforcement authorities" to saying it "may reject" such requests. TikTok declined to answer repeated questions from Forbes about whether it has shared or is sharing private user information with the Department of Homeland Security or Immigration and Customs Enforcement. The timing difference prevents users from challenging subpoenas before their data is handed over.

Foreign hackers breached the National Nuclear Security Administration's Kansas City National Security Campus (KCNSC) by exploiting unpatched Microsoft SharePoint vulnerabilities. The intrusion happened in August and is possibly linked to either Chinese state actors or Russian cybercriminals. CSO Online notes that "roughly 80% of the non-nuclear parts in the nation's nuclear stockpile originate from KCNSC," making it "one of the most sensitive facilities in the federal weapons complex." From the report: The breach targeted a plant that produces the vast majority of critical non-nuclear components for US nuclear weapons under the NNSA, a semi-autonomous agency within the Department of Energy (DOE) that oversees the design, production, and maintenance of the nation's nuclear weapons. Honeywell Federal Manufacturing & Technologies (FM&T) manages the Kansas City campus under contract to the NNSA. [...] The attackers exploited two recently disclosed Microsoft SharePoint vulnerabilities -- CVE-2025-53770, a spoofing flaw, and CVE-2025-49704, a remote code execution (RCE) bug -- both affecting on-premises servers. Microsoft issued fixes for the vulnerabilities on July 19.

On July 22, the NNSA confirmed it was one of the organizations hit by attacks enabled by the SharePoint flaws. "On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy," a DOE spokesperson said. However, the DOE contended at the time, "The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored." By early August, federal responders, including personnel from the NSA, were on-site at the Kansas City facility, the source tells CSO.

An anonymous reader shares a report: A hacking group that recently doxed hundreds of government officials, including from the Department of Homeland Security (DHS) and Immigration and Customs Enforcement (ICE), has now built dossiers on tens of thousands of U.S. government officials, including NSA employees, a member of the group told 404 Media. The member said the group did this by digging through its caches of stolen Salesforce customer data. The person provided 404 Media with samples of this information, which 404 Media was able to corroborate.

As well as NSA officials, the person sent 404 Media personal data on officials from the Defense Intelligence Agency (DIA), the Federal Trade Commission (FTC), Federal Aviation Administration (FAA), Centers for Disease Control and Prevention (CDC), the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), members of the Air Force, and several other agencies.

A Court of Accounts report written before Sunday's theft of crown jewels from the Louvre revealed the museum's security systems were outdated and inadequate [non-paywalled source]. The report noted a lack of basic CCTV equipment across multiple wings. Cameras had mainly been installed only when rooms were refurbished due to repeated postponements of scheduled modernization. In the Denon wing where the Apollo Gallery was targeted, a third of rooms had no CCTV cameras. Three-quarters of rooms in the Richelieu wing and nearly two-thirds in the Sully wing lacked cameras.

The thieves were caught on camera at one point but were masked and impossible to identify, according to Paris public prosecutor Laure Beccuau. The alarm system activated when thieves cut open display cases, but they threatened staff who left the area. Culture minister Rachida Dati confirmed new CCTV cameras would be installed. President Macron had earmarked $186.30 million to upgrade the Louvre's security systems under a renaissance plan launched in June.

China says it has uncovered what it describes as irrefutable evidence of American government cyber attacks targeting the National Time Service Center. The Ministry of State Security said the National Security Agency exploited vulnerabilities in employees' mobile phones beginning March 25, 2022, and later used stolen login credentials to access the center's computers starting April 18, 2023.

The facility in Xi'an provides high-precision timekeeping service for the government, civil society, and various industries. It also supplies data used to calculate international standard time. Chinese authorities said investigators found that private servers worldwide were employed to conceal the attacks' origin. The accusations emerge against a backdrop of mutual cyber-espionage claims between Washington and Beijing. Western governments and companies have repeatedly blamed Chinese hackers for intrusions in recent years.

India will need as much as $21 trillion to achieve its climate goals and lift its population out of poverty, according to a draft government plan seen by Bloomberg. From the report: The estimate offers a first glimpse of how the country intends to live up to its target of net zero emissions by 2070. The updated scenario implies hitting peak emissions in 2045, which is a decade earlier than the current trajectory.

India is already being severely battered by the fallout of climate change, as deadly floods and heat waves become more destructive each year. But the need to mitigate the emissions that feed climate change has historically been at odds with India's priorities of economic growth and energy security, with the latter still mostly provided through coal. The new plan shows India will seek to achieve climate and economic development goals simultaneously, with low-carbon options envisaged for much of its yet-to-be-built residential and industrial infrastructure.

On Cloudflare's blog, a senior research engineer shares a plan for "improving the trustworthiness of JavaScript on the web."

"It is as true today as it was in 2011 that Javascript cryptography is Considered Harmful." The main problem is code distribution. Consider an end-to-end-encrypted messaging web application. The application generates cryptographic keys in the client's browser that lets users view and send end-to-end encrypted messages to each other. If the application is compromised, what would stop the malicious actor from simply modifying their Javascript to exfiltrate messages? It is interesting to note that smartphone apps don't have this issue. This is because app stores do a lot of heavy lifting to provide security for the app ecosystem. Specifically, they provide integrity, ensuring that apps being delivered are not tampered with, consistency, ensuring all users get the same app, and transparency, ensuring that the record of versions of an app is truthful and publicly visible.

It would be nice if we could get these properties for our end-to-end encrypted web application, and the web as a whole, without requiring a single central authority like an app store. Further, such a system would benefit all in-browser uses of cryptography, not just end-to-end-encrypted apps. For example, many web-based confidential LLMs, cryptocurrency wallets, and voting systems use in-browser Javascript cryptography for the last step of their verification chains. In this post, we will provide an early look at such a system, called Web Application Integrity, Consistency, and Transparency (WAICT) that we have helped author. WAICT is a W3C-backed effort among browser vendors, cloud providers, and encrypted communication developers to bring stronger security guarantees to the entire web... We hope to build even wider consensus on the solution design in the near future....

We would like to have a way of enforcing integrity on an entire site, i.e., every asset under a domain. For this, WAICT defines an integrity manifest, a configuration file that websites can provide to clients. One important item in the manifest is the asset hashes dictionary, mapping a hash belonging to an asset that the browser might load from that domain, to the path of that asset.
The blog post points out that the WEBCAT protocol (created by the Freedom of Press Foundation) "allows site owners to announce the identities of the developers that have signed the site's integrity manifest, i.e., have signed all the code and other assets that the site is serving to the user... We've made WAICT extensible enough to fit WEBCAT inside and benefit from the transparency components." The proposal also envisions a service storing metadata for transparency-enabled sites on the web (along with "witnesses" who verify the prefix tree holding the hashes for domain manifests).

"We are still very early in the standardization process," with hopes to soon "begin standardizing the integrity manifest format. And then after that we can start standardizing all the other features. We intend to work on this specification hand-in-hand with browsers and the IETF, and we hope to have some exciting betas soon. In the meantime, you can follow along with our transparency specification draft,/A>, check out the open problems, and share your ideas."

Slashdot reader BrianFagioli writes: GIMP has officially launched its own Snap package for Linux, finally taking over from the community-maintained Snapcrafters project. The move means all future GIMP releases will now be built directly from the team's CI pipeline, ensuring faster, more consistent updates across distributions. The developers also introduced a new "gimp-plugins" interface to support external plugins while maintaining Snap's security confinement, with GMIC and OpenVINO already supported.

This marks another major step in GIMP's cross-platform packaging efforts, joining Flatpak and MSIX distribution options. The first officially maintained version, Version 3.0.6GIMP 3.0.6, is available now on the "latest/stable" Snap channel, with preview builds rolling out for testers.

An anonymous reader shared this report from Cryptonews: Sony has taken Wall Street by surprise after its banking division, Sony Bank, filed an application with the U.S. Office of the Comptroller of the Currency (OCC) to establish a national crypto bank under its subsidiary "Connectia Trust." The move positions the Japanese tech giant to become one of the first major global corporations to issue a U.S. dollar-backed stablecoin through a federally regulated institution. The application outlines plans to issue a U.S. dollar-pegged stablecoin, maintain the reserve assets backing it, and provide digital asset custody and management services.

The filing places Sony alongside an elite list of firms, including Coinbase, Circle, Paxos, Stripe, and Ripple, currently awaiting OCC approval to operate as national digital banks. If approved, Sony would become the first major global technology company to receive a U.S. bank charter specifically tied to stablecoin issuance....
The Office of the Comptroller of the Currency "has received over 15 applications from fintech and crypto entities seeking trust charters," according to the article, calling it "a sign of renewed regulatory openness" under the office's new chief, a former blockchain executive.

Meanwhile, the United States has also "conditionally given the nod to a new cryptocurrency-focused national bank launched by California tech billionaire Palmer Luckey," reports SFGate: To bring the bank to life, Luckey joined forces with JoeLonsdale, co-founder of Palantir and venture firm 8VC, and financial backer and fellow Palantir co-founder Peter Thiel, according to the Financial Times. Luckey conceived the idea for Erebor following the collapse of the Silicon Valley Bank in 2023, the Financial Times reported. The bank's name draws inspiration from J.R.R. Tolkien's "The Hobbit," referring to another name for the Lonely Mountain in the novel...

The OCC said it applied the "same rigorous review and standards" used in all charter applications. The ["preliminary"] approval was granted in just four months; however, compliance and security checks are expected to take several more months before the new bank can open.
"I am committed to a dynamic and diverse federal banking system," America's Comptroller of the Currency said Wednesday, "and our decision today is a first but important step in living up to that commitment."

"Permissible digital asset activities, like any other legally permissible banking activity, have a place in the federal banking system if conducted in a safe and sound manner. The OCC will continue to provide a path for innovative approaches to financial services to ensure a strong, diverse financial system that remains relevant over time."