An anonymous reader quotes a report from Ars Technica: After the Trump administration confirmed a rumor that the US is planning to buy a 10 percent stake in Intel, US Senator Bernie Sanders (I-Vt.) came forward Wednesday to voice support for the highly unusual plan, finding rare common ground with Donald Trump. According to Commerce Secretary Howard Lutnick, the plan would see the US disbursing approved CHIPS Act grants only after acquiring non-voting shares of Intel and likely other chipmakers. That would allow the US to profit off its investment in chipmakers, Lutnick suggested, and Sanders told Reuters that he agreed American taxpayers could benefit from the potential deals.

"If microchip companies make a profit from the generous grants they receive from the federal government, the taxpayers of America have a right to a reasonable return on that investment," Sanders said. While Lutnick gave Trump credit for coming up with what White House Press Secretary Karoline Leavitt described as a "creative idea that has never been done before" to protect US national and economic security, it appears that Lutnick is driving the initiative. "Lutnick has been pushing the equity idea," insiders granted anonymity previously told Reuters, "adding that Trump likes the idea."

So far, Intel has engaged in talks, while the Taiwan Semiconductor Manufacturing Company (TSMC) and other major CHIPS grant recipients like Samsung and Micron have yet to comment on the potential arrangement the Trump administration seems likely to pursue. They may possibly risk clawbacks of grants if such deals aren't made. On Wednesday, Taiwan Economy Minister Kuo Jyh-huei said his ministry would be consulting with TSMC soon, while noting that as yet, it's hard to "thoroughly understand the underlying meaning" of Lutnick's public comments. So far, Lutnick has only specified that "any potential arrangement wouldn't provide the government with voting or governance rights in Intel," dispelling fears that the US would use its ownership stake to try to control the world's most important chipmakers. Further reading: Intel is Getting a $2 Billion Investment From SoftBank

India Dispatch: The strongest case for India is not merely that it is young, but that it still has time, and it may be the only continental-scale economy that still has it in abundance. India won't cross the demographic threshold for an "old" country -- a median age of 41 -- until the late 2050s, while China reaches that point now. India requires 10.4% sustained GDP growth over 35 years to become rich before aging, compared to China's needed 32% annual growth rate. India's working-age population will increase from 67.5% in 2021 to 69.2% by 2031, with the median age remaining at 34.5 in 2036. The report adds: China's compressed dilemma mirrors what is gripping the developed world, where Europe's share of population over 65 is on track to hit 30% by 2050, up from 8% in 1950. Raising retirement ages -- what economists describe as the closest thing to a silver bullet -- faces older voting blocs, who now make up roughly 40% of those who turn up at the polls in European elections. In the U.S., what J.P. Morgan analysts term a "Social Security cliff" looms by 2033, when the system's trust funds are projected to be exhausted, and hopes that productivity miracles (powered by, hopefully AI) will quietly square this circle look optimistic, leaving much of the rich world and North Asia out of time.

The women-only dating-advice app Tea "has been hit with 10 potential class action lawsuits in federal and state court," NBC News reported last week, "after a data breach led to the leak of thousands of selfies, ID photos and private conversations online." The suits could result in Tea having to pay tens of millions of dollars in damages to the plaintiffs, which could be catastrophic for the company, an expert told NBC News... One of the suits lists the right-wing online discussion board 4chan and the social platform X as defendants, alleging that they allowed bad actors to spread users' personal information.
But meanwhile, a new competing app for men called "TeaOnHer" has already been launched. And it was also found to have enormous security flaws, reports TechCrunch, that "exposed its users' personal information, including photos of their driver's licenses and other government-issued identity documents..." [W]hen we looked at the TeaOnHer's public internet records, it had no meaningful information other than a single subdomain, appserver.teaonher.com. When we opened this page in our browser, what loaded was the landing page for TeaOnHer's API (for the curious, we uploaded a copy here)... It was on this landing page that we found the exposed email address and plaintext password (which wasn't that far off from "password") for [TeaOnHer developer Xavier] Lampkin's account to access the TeaOnHer "admin panel"... This API landing page included an endpoint called /docs, which contained the API's auto-generated documentation (powered by a product called Swagger UI) that contained the full list of commands that can be performed on the API [including administrator commands to return user data]...

While it's not uncommon for developers to publish their API documentation, the problem here was that some API requests could be made without any authentication — no passwords or credentials were needed...

The records returned from TeaOnHer's server contained users' unique identifiers within the app (essentially a string of random letters and numbers), their public profile screen name, and self-reported age and location, along with their private email address. The records also included web address links containing photos of the users' driver's licenses and corresponding selfies. Worse, these photos of driver's licenses, government-issued IDs, and selfies were stored in an Amazon-hosted S3 cloud server set as publicly accessible to anyone with their web addresses. This public setting lets anyone with a link to someone's identity documents open the files from anywhere with no restrictions...

The bugs were so easy to find that it would be sheer luck if nobody malicious found them before we did. We asked, but Lampkin would not say if he has the technical ability, such as logs, to determine if anyone had used (or misused) the API at any time to gain access to users' verification documents, such as by scraping web addresses from the API. In the days since our report to Lampkin, the API landing page has been taken down, along with its documentation page, and it now displays only the state of the server that the TeaOnHer API is running on as "healthy."
The flaws were discovered while TeaOnHer was the #2 free app in the Apple App Store, the article points out. And while these flaws "appear to be resolved," the article notes a larger issue. "Shoddy coding and security flaws highlight the ongoing privacy risks inherent in requiring users to submit sensitive information to use apps and websites,"

And TeaOnHer also had another authentication issue. A female reporter at Cosmopolitan also noted Friday that TeaOnHer "lets you browse through profiles before your verifications are complete. So literally anyone (like myself) can read reviews..."

Protected KVM (pKVM), the hypervisor powering the Android Virtualization Framework, has officially achieved SESIP Level 5 certification (in testing by cybersecurity lab Dekra against the TrustCB SESIP scheme).

Google's security blog called the certification "a watershed moment," and a "new benchmark" for both open-source security — and for the future of consumer electronics. "It provides a single, open-source, and exceptionally high-quality firmware base that all device manufacturers can build upon." This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar. The implications for the future of secure mobile technology are profound. With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads. This includes vital features, such as on-device AI workloads that can operate on ultra-personalized data, with the highest assurances of privacy and integrity...

Achieving Security Evaluation Standard for IoT Platforms (SESIP) Level 5 is a landmark because it incorporates AVA_VAN.5, the highest level of vulnerability analysis and penetration testing under the ISO 15408 (Common Criteria) standard. A system certified to this level has been evaluated to be resistant to highly skilled, knowledgeable, well-motivated, and well-funded attackers who may have insider knowledge and access. This certification is the cornerstone of the next-generation of Android's multi-layered security strategy. Many of the TEEs (Trusted Execution Environments) used in the industry have not been formally certified or have only achieved lower levels of security assurance... Looking ahead, Android device manufacturers will be required to use isolation technology that meets this same level of security for various security operations that the device relies on. Protected KVM ensures that every user can benefit from a consistent, transparent, and verifiably secure foundation.
"This achievement represents just one important aspect of the immense, multi-year dedication from the Linux and KVM developer communities and multiple engineering teams at Google developing pKVM and AVF," the post concludes.

"We look forward to seeing the open-source community and Android ecosystem continue to build on this foundation, delivering a new era of high-assurance mobile technology for users."

Three years ago security researcher Eaton Zveare discovered a vulnerability in Jacuzzi's SmartTub interface allowing access to the personal data of every hot tub owner.

Now Zverae says flaws in an unnamed carmaker's dealership portal "exposed the private information and vehicle data of its customers," reports TechCrunch, "and could have allowed hackers to remotely break into any of its customers' vehicles." Zveare, who works as a security researcher at software delivery company Harness, told TechCrunch the flaw he discovered allowed the creation of a ["national"] admin account that granted "unfettered access" to the unnamed carmaker's centralized web portal. With this access, a malicious hacker could have viewed the personal and financial data of the carmaker's customers, tracked vehicles, and enrolled customers in features that allow owners — or the hackers — to control some of their cars' functions from anywhere.

Zveare said he doesn't plan on naming the vendor, but said it was a widely known automaker with several popular sub-brands.

In an interview with TechCrunch ahead of his talk at the Def Con security conference in Las Vegas on Sunday, Zveare said the bugs put a spotlight on the security of these dealership systems, which grant their employees and associates broad access to customer and vehicle information... The flaws were problematic because the buggy code loaded in the user's browser when opening the portal's login page, allowing the user — in this case, Zveare — to modify the code to bypass the login security checks. Zveare told TechCrunch that the carmaker found no evidence of past exploitation, suggesting he was the first to find it and report it to the carmaker.

When logged in, the account granted access to more than 1,000 of the carmakers' dealers across the United States, he told TechCrunch... With access to the portal, Zveare said it was also possible to pair any vehicle with a mobile account, which allows customers to remotely control some of their cars' functions from an app, such as unlocking their cars... "The takeaway is that only two simple API vulnerabilities blasted the doors open, and it's always related to authentication," said Zveare. "If you're going to get those wrong, then everything just falls down."
Zveare told TechCrunch the portals even included "telematics systems that allowed the real-time location tracking of rental or courtesy cars...

"Zveare said the bugs took about a week to fix in February 2025 soon after his disclosure to the carmaker."

Thanks to long-time Slashdot reader schwit1 for sharing the article.

"Phishing training for employees as currently practiced is essentially useless," writes SC World, citing the presentation of two researchers at the Black Hat security conference: In a scientific study involving thousands of test subjects, eight months and four different kinds of phishing training, the average improvement rate of falling for phishing scams was a whopping 1.7%. "Is all of this focus on training worth the outcome?" asked researcher Ariana Mirian, a senior security researcher at Censys and recently a Ph.D. student at U.C. San Diego, where the study was conducted. "Training barely works..."

[Research partner Christian Dameff, co-director of the U.C. San Diego Center for Healthcare Cybersecurity] and Mirian wanted scientifically rigorous, real-world results. (You can read their academic paper here.) They enrolled more than 19,000 employees of the UCSD Health system and randomly split them into five groups, each member of which would see something different when they failed a phishing test randomly sent once a month to their workplace email accounts... Over the eight months of testing, however, there was little difference in improvement among the four groups that received different kinds of training. Those groups did improve a bit over the control group's performance — by the aforementioned 1.7%...

[A]bout 30% of users clicked on a link promising information about a change in the organization's vacation policy. Almost as many fell for one about a change in workplace dress code... Another lesson was that given enough time, almost everyone falls for a phishing email. Over the eight months of the experiment, just over 50% failed at least once.
Thanks to Slashdot reader spatwei for sharing the article.

An anonymous reader shared this report from Tom's Hardware: According to German news outlet Heise, notable progress has been made regarding the counterfeit Seagate hard drive case. Just like something out of an action movie, security teams from Seagate's Singapore and Malaysian offices, in conjunction with local Malaysian authorities, conducted a raid on a warehouse in May that was engaged in cooking up counterfeit Seagate hard drives, situated outside Kuala Lumpur.

During the raid, authorities reportedly uncovered approximately 700 counterfeit Seagate hard drives, with SMART values that had been reset to facilitate their sale as new... However, Seagate-branded drives were not the only items involved, as authorities also discovered drives from Kioxia and Western Digital. Seagate suspects that the used hard drives originated from China during the Chia [cryptocurrency] boom. Following the cryptocurrency's downfall, numerous miners sold these used drives to workshops where many were illicitly repurposed to appear new. This bust may represent only the tip of the iceberg, as Heise estimates that at least one million of these Chia drives are circulating, although the exact number that have been recycled remains uncertain.

The clandestine workshop, likely one of many establishments in operation, reportedly employed six workers. Their responsibilities included resetting the hard drives' SMART values, cleaning, relabeling, and repackaging them for distribution and sale via local e-commerce platforms.

"Several cybersecurity companies debuted advancements in AI agents at the Black Hat conference last week," reports Axios, "signaling that cyber defenders could soon have the tools to catch up to adversarial hackers." - Microsoft shared details about a prototype for a new agent that can automatically detect malware — although it's able to detect only 24% of malicious files as of now.

- Trend Micro released new AI-driven "digital twin" capabilities that let companies simulate real-world cyber threats in a safe environment walled off from their actual systems.

- Several companies and research teams also publicly released open-source tools that can automatically identify and patch vulnerabilities as part of the government-backed AI Cyber Challenge.

Yes, but: Threat actors are now using those AI-enabled tools to speed up reconnaissance and dream up brand-new attack vectors for targeting each company, John Watters, CEO of iCounter and a former Mandiant executive, told Axios.
The article notes "two competing narratives about how AI is transforming the threat landscape." One says defenders still have the upper hand. Cybercriminals lack the money and computing resources to build out AI-powered tools, and large language models have clear limitations in their ability to carry out offensive strikes. This leaves defenders with time to tap AI's potential for themselves. [In a DEF CON presentation a member of Anthropic's red team said its Claude AI model will "soon" be able to perform at the level of a senior security researcher, the article notes later]

Then there's the darker view. Cybercriminals are already leaning on open-source LLMs to build tools that can scan internet-connected devices to see if they have vulnerabilities, discover zero-day bugs, and write malware. They're only going to get better, and quickly...

Right now, models aren't the best at making human-like judgments, such as recognizing when legitimate tools are being abused for malicious purposes. And running a series of AI agents will require cybercriminals and nation-states to have enough resources to pay the cloud bills they rack up, Michael Sikorski, CTO of Palo Alto Networks' Unit 42 threat research team, told Axios. But LLMs are improving rapidly. Sikorski predicts that malicious hackers will use a victim organization's own AI agents to launch an attack after breaking into their infrastructure.

Matt Asay answered questions from Slashdot readers in 2010 as the then-COO of Canonical. Today he runs developer marketing at Oracle (after holding similar positions at AWS, Adobe, and MongoDB).

And this week Asay contributed an opinion piece to InfoWorld reminding us of open source contributions from companies where "enlightened self-interest underwrites the boring but vital work — CI hardware, security audits, long-term maintenance — that grassroots volunteers struggle to fund." [I]f you look at the Linux 6.15 kernel contributor list (as just one example), the top contributor, as measured by change sets, is Intel... Another example: Take the last year of contributions to Kubernetes. Google (of course), Red Hat, Microsoft, VMware, and AWS all headline the list. Not because it's sexy, but because they make billions of dollars selling Kubernetes services... Some companies (including mine) sell proprietary software, and so it's easy to mentally bucket these vendors with license fees or closed cloud services. That bias makes it easy to ignore empirical contribution data, which indicates open source contributions on a grand scale.
Asay notes Oracle's many contributions to Linux: In the [Linux kernel] 6.1 release cycle, Oracle emerged as the top contributor by lines of code changed across the entire kernel... [I]t's Oracle that patches memory-management structures and shepherds block-device drivers for the Linux we all use. Oracle's kernel work isn't a one-off either. A few releases earlier, the company topped the "core of the kernel" leaderboard in 5.18, and it hasn't slowed down since, helping land the Maple Tree data structure and other performance boosters. Those patches power Oracle Cloud Infrastructure (OCI), of course, but they also speed up Ubuntu on your old ThinkPad. Self-interested contributions? Absolutely. Public benefit? Equally absolute.

This isn't just an Oracle thing. When we widen the lens beyond Oracle, the pattern holds. In 2023, I wrote about Amazon's "quiet open source revolution," showing how AWS was suddenly everywhere in GitHub commit logs despite the company's earlier reticence. (Disclosure: I used to run AWS' open source strategy and marketing team.) Back in 2017, I argued that cloud vendors were open sourcing code as on-ramps to proprietary services rather than end-products. Both observations remain true, but they miss a larger point: Motives aside, the code flows and the community benefits.

If you care about outcomes, the motives don't really matter. Or maybe they do: It's far more sustainable to have companies contributing because it helps them deliver revenue than to contribute out of charity. The former is durable; the latter is not.
There's another practical consideration: scale. "Large vendors wield resources that community projects can't match."

Asay closes by urging readers to "Follow the commits" and "embrace mixed motives... the point isn't sainthood; it's sustainable, shared innovation. Every company (and really every developer) contributes out of some form of self-interest. That's the rule, not the exception. Embrace it." Going forward, we should expect to see even more counterintuitive contributor lists. Generative AI is turbocharging code generation, but someone still has to integrate those patches, write tests, and shepherd them upstream. The companies with the most to lose from brittle infrastructure — cloud providers, database vendors, silicon makers — will foot the bill. If history is a guide, they'll do so quietly.

ChatGPT now has nearly 700 million weekly users, OpenAI says. But after launching GPT-5 last week, critics bashed its less-intuitive feel, reports CNBC, "ultimately leading the company to restore its legacy GPT-4 to paying chatbot customers."

Yet GPT-5 was always about cracking the enterprise market "where rival Anthropic has enjoyed a head start," they write. And one week in, "startups like Cursor, Vercel, and Factory say they've already made GPT-5 the default model in certain key products and tools, touting its faster setup, better results on complex tasks, and a lower price." Some companies said GPT-5 now matches or beats Claude on code and interface design, a space Anthropic once dominated. Box, another enterprise customer, has been testing GPT-5 on long, logic-heavy documents. CEO Aaron Levie told CNBC the model is a "breakthrough," saying it performs with a level of reasoning that prior systems couldn't match...

Still, the economics are brutal. The models are expensive to run, and both OpenAI and Anthropic are spending big to lock in customers, with OpenAI on track to burn $8 billion this year. That's part of why both Anthropic and OpenAI are courting new capital... GPT-5 is significantly cheaper than Anthropic's top-end Claude Opus 4.1 — by a factor of seven and a half, in some cases — but OpenAI is spending huge amounts on infrastructure to sustain that edge. For OpenAI, it's a push to win customers now, get them locked in and build a real business on the back of that loyalty...

GPT-5 API usage has surged since launch, with the model now processing more than twice as much coding and agent-building work, and reasoning use cases jumping more than eightfold, said a person familiar with the matter who requested anonymity in order to discuss company data. Enterprise demand is rising sharply, particularly for planning and multi-step reasoning tasks.

GPT-5's traction over the past week shows how quickly loyalties can shift when performance and price tip in OpenAI's favor. AI-powered coding platform Qodo recently tested GPT-5 against top-tier models including Gemini 2.5, Claude Sonnet 4, and Grok 4, and said in a blog post that it led in catching coding mistakes. The model was often the only one to catch critical issues, such as security bugs or broken code, suggesting clean, focused fixes and skipping over code that didn't need changing, the company said. Weaknesses included occasional false positives and some redundancy.
JetBrains has also adopted GPT-5 as the default for its AI Assistant and for its new no-code tool Kineto, according to the article.

But Anthropic is still enjoying a great year too, with its annualized revenue growing 17x year-over-year (according to "a person familiar with the matter who requested anonymity")

An anonymous reader writes: Kaisen Linux, a Debian-based distro packed with tools for sysadmins, system rescue, and network diagnostics, is shutting down. This comes not long after Intel's Clear Linux also reached the end of the road.

Kaisen offered multiple desktop environments like KDE Plasma, LXQt, MATE, and Xfce, plus a "toram" mode that could load the whole OS into RAM so you could free up your USB port. The final release, Rolling 3.0, updates the base to Debian 13, defaults to KDE Plasma 6, replaces LightDM with SDDM, drops some packages like neofetch and hping3, and adds things like faster BTRFS snapshot restores, full ZFS support, and safer partitioning behavior.

Unlike Clear Linux, Kaisen will still get security updates for the next two years, giving current users time to migrate without rushing.

Proton has begun relocating infrastructure outside Switzerland ahead of proposed surveillance legislation requiring VPNs and messaging services with over 5,000 users to identify customers and retain data for six months.

The company's AI chatbot Lumo became the first product hosted on German servers rather than Swiss infrastructure. CEO Andy Yen confirmed the decision and a spokesperson told TechRadar that the company isn't fully exiting Switzerland.

In a blog post about the launch of Lumo last month, Proton's Head of Anti-Abuse and Account Security, Eamonn Maguire, explained that the company had decided to invest outside Switzerland for fear of the looming legal changes. He wrote: "Because of legal uncertainty around Swiss government proposals to introduce mass surveillance -- proposals that have been outlawed in the EU -- Proton is moving most of its physical infrastructure out of Switzerland. Lumo will be the first product to move."

The proposed amendments to Switzerland's Ordinance on the Surveillance of Correspondence by Post and Telecommunications would also mandate decryption capabilities for providers holding encryption keys. Proton is developing additional facilities in Norway.

An anonymous reader quotes a report from The Guardian: Russian hackers took control of a Norwegian dam this year, opening a floodgate and allowing water to flow unnoticed for four hours, Norway's intelligence service has said. The admission, by the Norwegian Police Security Service (PST), marks the first time that Oslo has formally attributed the cyber-attack in April on Bremanger, western Norway, to Moscow. The attack on the hydropower dam, which produces electricity, released 500 liters (132 gallons) of water a second for four hours until the incident was detected and stopped.

The head of PST, Beate Gangas, said on Wednesday: "Over the past year, we have seen a change in activity from pro-Russian cyber actors." The Bremanger incident was an example of such an attack, she added. "The aim of this type of operation is to influence and to cause fear and chaos among the general population. Our Russian neighbor has become more dangerous." The incident did not cause any injuries or damage because the water level of the river and the dam, which is close to the town of Svelgen, was a long way below flood capacity. The alleged perpetrators reportedly published a three-minute video, watermarked with the name of a pro-Russian cybercriminal group, on Telegram on the day of the attack.

BrianFagioli shares a report from NERDS.xyz: If you run Plex Media Server, it's time to drop everything and update. The company has quietly patched a security issue that affects recent versions of its software, and users are being told to upgrade as soon as possible. According to an email Plex sent to affected customers, versions 1.41.7.x through 1.42.0.x are vulnerable. The newly released build, 1.42.1.10060 or later, contains the fix. Plex says the flaw was found through its bug bounty program, but sadly, it has not publicly shared details about how severe the issue is or whether it could be exploited remotely.

New York Attorney General Letitia James has sued Zelle's parent company, Early Warning Services, alleging it knowingly enabled over $1 billion in fraud from 2017 to 2023 by failing to implement basic safeguards. CNBC reports: "EWS knew from the beginning that key features of the Zelle network made it uniquely susceptible to fraud, and yet it failed to adopt basic safeguards to address these glaring flaws or enforce any meaningful anti-fraud rules on its partner banks," James' office said in the release. The lawsuit alleges that Zelle became a "hub for fraudulent activity" because the registration process lacked verification steps and that EWS and its partner banks knew "for years" that fraud was spreading and did not take actionable steps to resolve it, according to the press release.

James is seeking restitution and damages, in addition to a court order mandating that Zelle puts anti-fraud measures in place. "No one should be left to fend for themselves after falling victim to a scam," James said in the release. "I look forward to getting justice for the New Yorkers who suffered because of Zelle's security failures." A Zelle spokesperson called the lawsuit a "political stunt to generate press" and a "copycat" of the CFPB lawsuit, which was dropped in March.

"Despite the Attorney General's assertions, they did not conduct an investigation of Zelle," the spokesperson said. "Had they conducted an investigation, they would have learned that more than 99.95 percent of all Zelle transactions are completed without any report of scam or fraud -- which leads the industry."

Apple is plotting its AI comeback with an ambitious slate of new devices, including robots, a lifelike version of Siri, a smart speaker with a display and home-security cameras, according to Bloomberg. From the report: A tabletop robot that serves as a virtual companion, targeted for 2027, is the centerpiece of the AI strategy, according to people with knowledge of the matter. The smart speaker with a display, meanwhile, is slated to arrive next year, part of a push into entry-level smart-home products.

Home security is seen as another big growth opportunity. New cameras will anchor an Apple security system that can automate household functions. The approach should help make Apple's product ecosystem stickier with consumers, said the people, who asked not to be identified because the initiatives haven't been announced.

United Launch Alliance's Vulcan Centaur rocket successfully completed its first-ever national security mission, launching the U.S. military's first experimental navigation satellite in 48 years. Space.com reports: The mission saw the company's powerful new Vulcan Centaur rocket take off from Space Launch Complex 41 (SLC-41) at Cape Canaveral Space Force Station in Florida. Vulcan launched with four side-mounted solid rocket boosters in order to generate enough thrust to send its payload directly into geosynchronous orbit on one of ULA's longest flights ever, a seven-hour journey that will span over 22,000 miles (35,000 kilometers), according to ULA.

The payload launching on Tuesday's mission was the U.S. military's first experimental navigation satellite to be launched in 48 years. It is what's known as a position, navigation and timing (PNT) satellite, a type of spacecraft that provides data similar to that of the well-known GPS system. This satellite will be testing many experimental new technologies that are designed to make it resilient to jamming and spoofing, according to Andrew Builta with L3Harris Technologies, the prime contractor for the PNT payload integrated onto a satellite bus built by Northrop Grumman.

The satellite, identified publicly only as Navigation Technology Satellite-3 (NTS-3), features a phased array antenna that allows it to "focus powerful beams to ground forces and combat jamming environments," Builta said in a media roundtable on Monday (Aug. 11). GPS jamming has become an increasingly worrisome problem for both the U.S. military and commercial satellite operators, which is why this spacecraft will be conducting experiments to test how effective these new technologies are at circumventing jamming attacks. In addition, the satellite features a software architecture that allows it to be reprogrammed while in orbit. "This is a truly game-changing capability," Builta said.

ole_timer shares a report from the New York Times: Investigators have uncovered evidence that Russia is at least partly responsible for a recent hack of the computer system that manages federal court documents, including highly sensitive records with information that could reveal sources and people charged with national security crimes, according to several people briefed on the breach. It is not clear what entity is responsible, whether an arm of Russian intelligence might be behind the intrusion or if other countries were also involved, which some of the people familiar with the matter described as a yearslong effort to infiltrate the system. Some of the searches included midlevel criminal cases in the New York City area and several other jurisdictions, with some cases involving people with Russian and Eastern European surnames.

Administrators with the court system recently informed Justice Department officials, clerks and chief judges in federal courts that "persistent and sophisticated cyber threat actors have recently compromised sealed records," according to an internal department memo reviewed by The New York Times. The administrators also advised those officials to quickly remove the most sensitive documents from the system. "This remains an URGENT MATTER that requires immediate action," officials wrote, referring to guidance that the Justice Department had issued in early 2021 after the system was first infiltrated. Documents related to criminal activity with an overseas tie, across at least eight district courts, were initially believed to have been targeted. Last month, the chief judges of district courts across the country were quietly warned to move those kinds of cases off the regular document-management system, according to officials briefed on the request. They were initially told not to discuss the matter with other judges in their districts.

spatwei shares a report from SC Media: Just as it had at BSides Las Vegas earlier in the week, the risks of artificial intelligence dominated the Black Hat USA 2025 security conference on Aug. 6 and 7. We couldn't see all the AI-related talks, but we did catch three of the most promising ones, plus an off-site panel discussion about AI presented by 1Password. The upshot: Large language models and AI agents are far too easy to successfully attack, and many of the security lessons of the past 25 years have been forgotten in the current rush to develop, use and profit from AI.

We -- not just the cybersecurity industry, but any organization bringing AI into its processes -- need to understand the risks of AI and develop ways to mitigate them before we fall victim to the same sorts of vulnerabilities we faced when Bill Clinton was president. "AI agents are like a toddler. You have to follow them around and make sure they don't do dumb things," said Wendy Nather, senior research initiatives director at 1Password and a well-respected cybersecurity veteran. "We're also getting a whole new crop of people coming in and making the same dumb mistakes we made years ago." Her fellow panelist Joseph Carson, chief security evangelist and advisory CISO at Segura, had an appropriately retro analogy for the benefits of using AI. "It's like getting the mushroom in Super Mario Kart," he said. "It makes you go faster, but it doesn't make you a better driver." Many of the AI security flaws resemble early web-era SQL injection risks. "Why are all these old vulnerabilities surfacing again? Because the GenAI space is full of security bad practices," said Nathan Hamiel, senior director of research and lead prototyping engineer at Kudelski Security. "When you deploy these tools, you increase your attack surface. You're creating vulnerabilities where there weren't any."

"Generative AI is over-scoped. The same AI that answers questions about Shakespeare is helping you develop code. This over-generalization leads you to an increased attack surface." He added: "Don't treat AI agents as highly sophisticated, super-intelligent systems. Treat them like drunk robots."

An anonymous reader quotes a report from Bloomberg: Beijing has urged local companies to avoid using Nvidia's H20 processors, particularly for government-related purposes, complicating the chipmaker's return to China after the Trump administration reversed an effective US ban on such sales. Over the past few weeks, Chinese authorities have sent notices to a range of firms discouraging use of the less-advanced semiconductors, people familiar with the matter said. The guidance was particularly strong against the use of H20s for any government or national security-related work by state enterprises or private companies, said the people, who asked not to be identified because the information is sensitive. The letters didn't, however, constitute an outright ban on H20 use, according to the people. Industry analysts broadly agree that Chinese companies still covet those chips, which perform quite well in certain crucial AI applications. President Donald Trump said Monday that the processor "still has a market" in the Asian country despite also calling it "obsolete."

Beijing's stance could limit Trump's ability to turn his export control about-face into a windfall for government coffers, a deal that highlighted his administration's transactional approach to national security policies long treated as nonnegotiable. Still, Chinese companies may not be ready to jump ship to local semiconductors. "Chips from domestic manufacturers are improving dramatically in quality, but they might not be as versatile for specific workloads that China's domestic AI industry hopes to focus on," said Homin Lee, a senior macro strategist at Lombard Odier in Singapore. Lee added that he anticipates "strong" demand for the chips the Trump administration is allowing Nvidia and AMD to sell.

Rosenblatt Securities analyst Kevin Cassidy said he doesn't anticipate that Nvidia's processor sales to China will be affected because "Chinese companies are going to want to use the best chips available." Nvidia and AMD's chips are superior to local alternatives, he said. Beijing asked companies about that issue in some of its letters, according to one of the people, posing questions such as why they buy Nvidia H20 chips over local versions, whether that's a necessary choice given domestic options, and whether they've found any security concerns in the Nvidia hardware. The notices coincide with state media reports that cast doubt on the security and reliability of H20 processors. Chinese regulators have raised those concerns directly with Nvidia, which has repeatedly denied that its chips contain such vulnerabilities.

The Financial Times reported that some Chinese companies are planning to decrease orders of Nvidia chips in response to the letters. Right now, the people said, China's most stringent chip guidance is limited to sensitive applications, a situation that bears similarities to the way Beijing restricted Tesla vehicles and Apple iPhones in certain institutions and locations over security concerns. China's government also at one point barred the use of Micron Technology Inc. chips in critical infrastructure. It's possible that Beijing may extend its heavier-handed Nvidia and AMD guidance to a wider range of settings, according to one person with direct knowledge of the deliberations, who said that those conversations are in early stages.