Identity thieves have found an insidious target: death row inmates. A SentiLink report published this week reveals scammers are stealing identities of Texas prisoners awaiting execution to orchestrate "bust-out" fraud schemes -- patiently building credit before disappearing with up to $100,000.

Nearly 10% of Texas' 172 death row inmates have fallen victim. The operation, active since March 2023, exploits inmates' isolation from financial communications. "They wouldn't receive text or email alerts from a financial institution," said Robin Maher of the Death Penalty Information Center.

Beyond opening credit accounts, NBC reports, fraudsters have registered fake businesses using inmates' identities, including a landscaping company created under Ronald Haskell's name -- a man imprisoned since 2014 for killing six people. TransUnion estimates bust-out scams now cost banks $1 billion annually.

Qatar is gifting Trump a $400 million luxury 747 to serve as a temporary Air Force One, but experts warn that retrofitting it to meet presidential security standards could take years, cost hundreds of millions more, and risk national security due to potential embedded surveillance. The Register's Iain Thomson reports: The current VC-25s aren't just repainted 747s. They're a pair of flying fortresses that must be capable of allowing the president to run the country, survive wartime conditions (even nuclear), and be totally secure from outside influence or intrusion. While the precise details of the current airframe are a tightly guarded secret, some details are included on government fact sheets or have been revealed in various media reports. For a start, it must have an in-flight refueling capability so the president can go anywhere in the world and stay up as long as needed. Retrofitting this to an existing 747 would be very expensive, as the feds would need to strengthen portions of the hull to handle the refueling system and reconfigure the fuel tanks to handle trim issues.

Then there's the hull, which is known to be armored, and the windows are also thicker than you'd find on a normal flight. The government would also need to build in weapons systems like the chaff rockets used against radar-guided missiles, flares against heat seekers, and AN/ALQ-204 Matador Infrared Countermeasure systems, or similar to try and confuse incoming missiles. Next up, the engines and electrical systems would have to be replaced. The electronics in the current VC-25s are hardened as much as possible against an electromagnetic pulse that would be generated by a nuclear detonation. There are also claims that the aircraft have extra shielding in the engines to help against missile fragments should a physical attack happen.

Next up are communications. Air Force One has air-to-ground, air-to-air, and satellite comms systems that are thought to be the equal of what's in the White House. There are at least two separate internal phone systems - one open and the other highly secure - that would need to be installed and checked as well. Then there are incidentals. Contrary to what films will tell you, there is no escape capsule on the current Air Force One, nor a rear parachute ramp, but there is a medical suite with emergency equipment and space for a physician which would already need to be installed, as well as a secured cargo area designed to prevent tampering or unauthorized access. As for the threat of embedded surveillance devices, Richard Aboulafia, managing director of aircraft consultancy AeroDynamic Advisory, said: "You'd have to take it apart piece by piece to stop a professional operator putting in lots of equipment to confuse things, like spare sensors and wiring."

"It wouldn't be in the air before 2030 at the earliest, long after he's left office and probably later than the existing planned replacements," said Aboulafia. "It makes no sense on any level, except that he wants a free 747 for himself. Nothing else makes any sense."

"What's sort of annoying about the whole thing is I'm not sure what's wrong with the current Air Force One," Aboulafia said. "Maybe if they gave it a gold makeover, he'd like it more."

UPDATE: In an update to their blog post, "Nextcloud wrote that as of May 15, Google has offered to restore full file access permissions," reports Ars Technica.

Slashdot originally wrote that Nextcloud had accused Google of sabotaging its Android Files app by revoking the "All files access" permission, which the company said crippled functionality for its 824,000 users and forces reliance on limited alternatives like SAF and MediaStore. The Register reported: Nextcloud's Android Files app is a file synchronization tool that, according to the company, has long had permission to read and write all file types. "Nextcloud has had this feature since its inception in 2016," it said, "and we never heard about any security concerns from Google about it." That changed in 2024, when someone or something at Google's Play Store decided to revoke the permission, effectively crippling the application. Nextcloud was instructed to use "a more privacy-aware replacement." According to Nextcloud, "SAF cannot be used, as it is for sharing/exposing our files to other apps ... MediaStore API cannot be used as it does not allow access to other files, but only media files."

Attempts to raise the issue with Google resulted in little more than copy-and-pasted sections of the developer guide. "Despite multiple appeals from our side and sharing additional background, Google is not considering reinstating upload for all files," Nextcloud said. The issue seems to stem from the Play Store. While a fully functional version is available on F-Droid, the Play Store edition is subject to Google's imposed limitations. Regarding the All files access permission, Google's developer documentation states: "If you target Android 11 and declare All files access, it can affect your ability to publish and update your app on Google Play."

Nextcloud is clearly aggrieved by the change, as are its users. "This might look like a small technical detail but it is clearly part of a pattern of actions to fight the competition," it said. "What we are experiencing is a piece of the script from the big tech playbook." [...] Are there nefarious actors at play here, an automated process that auto-rejects apps with elevated access requirements, or is it just simple incompetence? "Either way," Nextcloud said, "it results in companies like ours just giving up, reducing functionality just to avoid getting kicked out of their app store."

"The issue is that small companies -- like ours -- have pretty much no recourse," it added. Nextcloud went on to criticize oversight processes as slow-moving, with fines that sound hefty but amount to little more than a slap on the wrist. "Big Tech is scared that small players like Nextcloud will disrupt them, like they once disrupted other companies. So they try to shut the door."

The Department of Commerce officially rescinded the Biden administration's Artificial Intelligence Diffusion Rule on Tuesday, just days before its May 15 implementation date. The rule would have imposed first-ever export restrictions on U.S.-made AI chips to dozens of countries while tightening existing controls on China and Russia.

Instead of implementing blanket restrictions, the DOC signaled a shift toward direct country-by-country negotiations. The department released interim guidance reminding companies that using Huawei's Ascend AI chips anywhere violates U.S. export rules and warned about consequences of allowing U.S. chips to train AI models in China. Commerce Secretary for Industry and Security Jeffery Kessler criticized the previous administration's approach, calling it "ill-conceived and counterproductive."

An anonymous reader shares a report: After weeks of news about Google's antitrust travails, the tech giant will try to reset the narrative next week by highlighting advances it is making in artificial intelligence, cloud and Android technology at its annual I/O developer conference.

Ahead of I/O, Google has been demonstrating to employees and outside developers an array of different products, including an AI agent for software development. Known internally as a "software development lifecycle agent," it is intended to help software engineers navigate every stage of the software process, from responding to tasks to documenting code, according to three people who have seen demonstrations of the product or been told about it by Google employees. Google employees have described it as an always-on coworker that can help identify bugs to fix or flag security vulnerabilities, one of the people said, although it's not clear how close it is to being released.

An anonymous reader quotes a report from Reuters: Countries are meeting at the United Nations on Monday to revive efforts to regulate the kinds of AI-controlled autonomous weapons increasingly used in modern warfare, as experts warn time is running out to put guardrails on new lethal technology. Autonomous and artificial intelligence-assisted weapons systems are already playing a greater role in conflicts from Ukraine to Gaza. And rising defence spending worldwide promises to provide a further boost for burgeoning AI-assisted military technology.

Progress towards establishing global rules governing their development and use, however, has not kept pace. And internationally binding standards remain virtually non-existent. Since 2014, countries that are part of the Convention on Conventional Weapons (CCW) have been meeting in Geneva to discuss a potential ban fully autonomous systems that operate without meaningful human control and regulate others. U.N. Secretary-General Antonio Guterres has set a 2026 deadline for states to establish clear rules on AI weapon use. But human rights groups warn that consensus among governments is lacking. Alexander Kmentt, head of arms control at Austria's foreign ministry, said that must quickly change.

"Time is really running out to put in some guardrails so that the nightmare scenarios that some of the most noted experts are warning of don't come to pass," he told Reuters. Monday's gathering of the U.N. General Assembly in New York will be the body's first meeting dedicated to autonomous weapons. Though not legally binding, diplomatic officials want the consultations to ramp up pressure on military powers that are resisting regulation due to concerns the rules could dull the technology's battlefield advantages. Campaign groups hope the meeting, which will also address critical issues not covered by the CCW, including ethical and human rights concerns and the use of autonomous weapons by non-state actors, will push states to agree on a legal instrument. They view it as a crucial litmus test on whether countries are able to bridge divisions ahead of the next round of CCW talks in September. "This issue needs clarification through a legally binding treaty. The technology is moving so fast," said Patrick Wilcken, Amnesty International's Researcher on Military, Security and Policing. "The idea that you wouldn't want to rule out the delegation of life or death decisions ... to a machine seems extraordinary."

In 2023, 164 states signed a 2023 U.N. General Assembly resolution calling for the international community to urgently address the risks posed by autonomous weapons.

"A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver," reports The Hacker News: Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint.

The vulnerability was first flagged by ReliaQuest late last month when it found the shortcoming being abused in real-world attacks by unknown threat actors to drop web shells and the Brute Ratel C4 post-exploitation framework. According to [SAP cybersecurity firm] Onapsis, hundreds of SAP systems globally have fallen victim to attacks spanning industries and geographies, including energy and utilities, manufacturing, media and entertainment, oil and gas, pharmaceuticals, retail, and government organizations. Onapsis said it observed reconnaissance activity that involved "testing with specific payloads against this vulnerability" against its honeypots as far back as January 20, 2025. Successful compromises in deploying web shells were observed between March 14 and March 31.
"In recent days, multiple threat actors are said to have jumped aboard the exploitation bandwagon to opportunistically target vulnerable systems to deploy web shells and even mine cryptocurrency..."



Thanks to Slashdot reader bleedingobvious for sharing the news.

Exposure-management company Tenable recently discussed how the MCP tool-interfacing framework for AI can be "manipulated for good, such as logging tool usage and filtering unauthorized commands." (Although "Some of these techniques could be used to advance both positive and negative goals.")

Now an anonymous Slashdot reader writes: In a demonstration video put together by security researcher Seth Fogie, an AI client given a simple prompt to 'Scan and exploit' a web server leverages various connected tools via MCP (nmap, ffuf, nuclei, waybackurls, sqlmap, burp) to find and exploit discovered vulnerabilities without any additional user interaction

As Tenable illustrates in their MCP FAQ, "The emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns." With over 12,000 MCP servers and counting, what does this all lead to and when will AI be connected enough for a malicious prompt to cause serious impact?

"Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware," reports Ars Technica, "a strong indication that devices belonging to him have been hacked in recent years." As an employee of DOGE, [30-something Kyle] Schutt accessed FEMA's proprietary software for managing both disaster and non-disaster funding grants [to Dropsite News]. Under his role at CISA, he likely is privy to sensitive information regarding the security of civilian federal government networks and critical infrastructure throughout the U.S. According to journalist Micah Lee, user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware... Besides pilfering login credentials, stealers can also log all keystrokes and capture or record screen output. The data is then sent to the attacker and, occasionally after that, can make its way into public credential dumps...

Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.
The credentials may have been exposed when service providers were compromised, the article points out, but the "steady stream of published credentials" is "a clear indication that the credentials he has used over a decade or more have been publicly known at various points.

"And as Lee noted, the four dumps from stealer logs show that at least one of his devices was hacked at some point."

Thanks to Slashdot reader gkelley for sharing the news.

"The Overwatch 2 team at Blizzard has unionized," reports Kotaku: That includes nearly 200 developers across disciplines ranging from art and testing to engineering and design. Basically anyone who doesn't have someone else reporting to them. It's the second wall-to-wall union at the storied game maker since the World of Warcraft team unionized last July... Like unions at Bethesda Game Studios and Raven Software, the Overwatch Gamemakers Guild now has to bargain for its first contract, a process that Microsoft has been accused of slow-walking as negotiations with other internal game unions drag on for years.

"The biggest issue was the layoffs at the beginning of 2024," Simon Hedrick, a test analyst at Blizzard, told Kotaku... "People were gone out of nowhere and there was nothing we could do about it," he said. "What I want to protect most here is the people...." Organizing Blizzard employees stress that improving their working conditions can also lead to better games, while the opposite — layoffs, forced resignations, and uncompetitive pay can make them worse....

"We're not just a number on an Excel sheet," [said UI artist Sadie Boyd]. "We want to make games but we can't do it without a sense of security." Unionizing doesn't make a studio immune to layoffs or being shuttered, but it's the first step toward making companies have a discussion about those things with employees rather than just shadow-dropping them in an email full of platitudes. Boyd sees the Overwatch union as a tool for negotiating a range of issues, like if and how generative AI is used at Blizzard, as well as a possible source of inspiration to teams at other studios.

"Our industry is at such a turning point," she said. "I really think with the announcement of our union on Overwatch...I know that will light some fires."
The article notes that other issues included work-from-home restrictions, pay disparities and changes to Blizzard's profit-sharing program, and wanting codified protections for things like crunch policies, time off, and layoff-related severance.

Long-time Slashdot reader smooth wombat writes: Over the past year there have been stories about North Korean spies unknowingly or knowingly being hired to work in western companies. During an interview by Kraken, a crypto exchange, the interviewers became suspicious about the candidate. Instead of cutting off the interview, Kraken decided to continue the candidate through the hiring process to gain more information. One simple question confirmed the user wasn't who they said they were and even worse, was a North Korean spy.
Would-be IT worker "Steven Smith" already had an email address on a "do-not-hire" list from law enforcement agencies, according to CBS News. And an article in Fortune magazine says Kraken asked him to speak to a recruiter and take a technical-pretest, and "I don't think he actually answered any questions that we asked him," according to its chief security officer Nick Percoco — even though the application was claiming 11 years of experience as a software engineer at U.S.-based companies: The interview was scheduled for Halloween, a classic American holiday—especially for college students in New York—that Smith seemed to know nothing about. "Watch out tonight because some people might be ringing your doorbell, kids with chain saws," Percoco said, referring to the tradition of trick or treating. "What do you do when those people show up?"

Smith shrugged and shook his head. "Nothing special," he said.

Smith was also unable to answer simple questions about Houston, the town he had supposedly been living in for two years. Despite having listed "food" as an interest on his résumé, Smith was unable to come up with a straight answer when asked about his favorite restaurant in the Houston area. He looked around for a few seconds before mumbling, "Nothing special here...."

The United Nations estimates that North Korea has generated between $250 million to $600 million per year by tricking overseas firms to hire its spies. A network of North Koreans, known as Famous Chollima, was behind 304 individual incidents last year, cybersecurity company CrowdStrike reported, predicting that the campaigns will continue to grow in 2025.
During a report CBS News actually aired footage of the job interview with the "suspected member of Kim Jong Un's cyberarmy." "Some people might call it trolling as well," one company official told the news outlet. "We call it security research." (And they raise the disturbing possibility that another IT company might very well have hired "Steven Smith"...)

CBS also spoke to CrowdStrike co-founder Dmitri Alperovitch, who says the problem increased with remote work, as is now fueling a state-run weapons program. "It's a huge problem because these people are not just North Koreans — they're North Koreans working for their munitions industry department, they're working for the Korean People's Army." (He says later the results of their work are "going directly" to North Korea's nuclear and ballistic missile programs.)

And when CBS notes that the FBI issued a wanted poster of alleged North Korean agents and arrested Americans hosting laptop farms in Arizona and Tennesse ("computer hubs inside the U.S. that conceal the cybercriminals real identities"), Alperovitch says "They cannot do this fraud without support here in America from witting or unwitting actors. So they have hired probably hundreds of people..." CBS adds that FBI officials say "the IT worker scene is expanding worldwide."

An anonymous reader shared this repost from the Washington Post: It's becoming standard practice at a growing number of U.S. airports: When you reach the front of the security line, an agent asks you to step up to a machine that scans your face to check whether it matches the face on your identification card. Travelers have the right to opt out of the face scan and have the agent do a visual check instead — but many don't realize that's an option.

Sens. Jeff Merkley (D-Oregon) and John Neely Kennedy (R-Louisiana) think it should be the other way around. They plan to introduce a bipartisan bill that would make human ID checks the default, among other restrictions on how the Transportation Security Administration can use facial recognition technology. The Traveler Privacy Protection Act, shared with the Tech Brief on Wednesday ahead of its introduction, is a narrower version of a 2023 bill by the same name that would have banned the TSA's use of facial recognition altogether. This one would allow the agency to continue scanning travelers' faces, but only if they opt in, and would bar the technology's use for any purpose other than verifying people's identities. It would also require the agency to immediately delete the scans of general boarding passengers once the check is complete.

"Facial recognition is incredibly powerful, and it is being used as an instrument of oppression around the world to track dissidents whose opinion governments don't like," Merkley said in a phone interview Wednesday, citing China's use of the technology on the country's Uyghur minority. "It really creates a surveillance state," he went on. "That is a massive threat to freedom and privacy here in America, and I don't think we should trust any government with that power...."

[The TSA] began testing face scans as an option for people enrolled in "trusted traveler" programs, such as TSA PreCheck, in 2021. By 2022, the program quietly began rolling out to general boarding passengers. It is now active in at least 84 airports, according to the TSA's website, with plans to bring it to more than 400 airports in the coming years. The agency says the technology has proved more efficient and accurate than human identity checks. It assures the public that travelers' face scans are not stored or saved once a match has been made, except in limited tests to evaluate the technology's effectiveness.
The bill would also bar the TSA from providing worse treatment to passengers who refuse not to participate, according to FedScoop, and would also forbid the agency from using face-scanning technology to target people or conduct mass surveillance: "Folks don't want a national surveillance state, but that's exactly what the TSA's unchecked expansion of facial recognition technology is leading us to," Sen. Jeff Merkley, D-Ore., a co-sponsor of the bill and a longtime critic of the government's facial recognition program, said in a statement...

Earlier this year, the Department of Homeland Security inspector general initiated an audit of TSA's facial recognition program. Merkley had previously led a letter from a bipartisan group of senators calling for the watchdog to open an investigation into TSA's facial recognition plans, noting that the technology is not foolproof and effective alternatives were already in use.

An anonymous reader quotes a report from BleepingComputer: Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. The U.S. Justice Department also indicted three Russian nationals (Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, and Aleksandr Aleksandrovich Shishkin) and a Kazakhstani (Dmitriy Rubtsov) for their involvement in operating, maintaining, and profiting from these two illegal services.

During this joint action dubbed 'Operation Moonlander,' U.S. authorities worked with prosecutors and investigators from the Dutch National Police, the Netherlands Public Prosecution Service (Openbaar Ministerie), and the Royal Thai Police, as well as analysts with Lumen Technologies' Black Lotus Labs. Court documents show that the now-dismantled botnet infected older wireless internet routers worldwide with malware since at least 2004, allowing unauthorized access to compromised devices to be sold as proxy servers on Anyproxy.net and 5socks.net. The two domains were managed by a Virginia-based company and hosted on servers globally.

On Wednesday, the FBI also issued a flash advisory (PDF) and a public service announcement warning that this botnet was targeting patch end-of-life (EoL) routers with a variant of the TheMoon malware. The FBI warned that the attackers are installing proxies later used to evade detection during cybercrime-for-hire activities, cryptocurrency theft attacks, and other illegal operations. The list of devices commonly targeted by the botnet includes Linksys and Cisco router models, including:

- Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550
- Linksys WRT320N, WRT310N, WRT610N
- Cisco M10 and Cradlepoint E100 "The botnet controllers require cryptocurrency for payment. Users are allowed to connect directly with proxies using no authentication, which, as documented in previous cases, can lead to a broad spectrum of malicious actors gaining free access," Black Lotus Labs said. "Given the source range, only around 10% are detected as malicious in popular tools such as VirusTotal, meaning they consistently avoid network monitoring tools with a high degree of success. Proxies such as this are designed to help conceal a range of illicit pursuits including ad fraud, DDoS attacks, brute forcing, or exploiting victim's data."

An anonymous reader quotes a report from TechCrunch: A Florida bill, which would have required social media companies to provide an encryption backdoor for allowing police to access user accounts and private messages, has failed to pass into law. The Social Media Use by Minors bill was "indefinitely postponed" and "withdrawn from consideration" in the Florida House of Representatives earlier this week. Lawmakers in the Florida Senate had already voted to advance the legislation, but a bill requires both legislative chambers to pass before it can become law.

The bill would have required social media firms to "provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena," which are typically issued by law enforcement agencies and without judicial oversight. Digital rights group the Electronic Frontier Foundation called the bill "dangerous and dumb." Security professionals have long argued that it is impossible to create a secure backdoor that cannot also be maliciously abused, and encryption backdoors put user data at risk of data breaches.

A U.S. senator introduced a bill on Friday that would direct the Commerce Department to require location verification mechanisms for export-controlled AI chips, in an effort to curb China's access to advanced semiconductor technology. From a report: Called the "Chip Security Act," the bill calls for AI chips under export regulations, and products containing those chips, to be fitted with location-tracking systems to help detect diversion, smuggling or other unauthorized use of the product.

"With these enhanced security measures, we can continue to expand access to U.S. technology without compromising our national security," Republican Senator Tom Cotton of Arkansas said. The bill also calls for companies exporting the AI chips to report to the Bureau of Industry and Security if their products have been diverted away from their intended location or subject to tampering attempts.

An anonymous reader quotes a report from BleepingComputer: Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. Pearson is a UK-based education company and one of the world's largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70 countries through its print and online services. In a statement to BleepingComputer, Pearson confirmed they suffered a cyberattack and that data was stolen, but stated it was mostly "legacy data."

"We recently discovered that an unauthorized actor gained access to a portion of our systems," a Pearson representative confirmed to BleepingComputer. "Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement's investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication. We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate." Pearson also confirmed that the stolen data did not include employee information. The education company previously disclosed in January that they were investigating a breach of one of their subsidiaries, PDRI, which is believed to be related to this attack.

BleepingComputer also notes that threat actors breached Pearson's developer environment in January 2025 using an exposed GitLab access token, gaining access to source code and hard-coded credentials. Terabytes of sensitive data was stolen from cloud platforms and internal systems.

Despite the potential impact on millions of individuals, Pearson has declined to answer key questions about the breach or its response.

Facing deep staffing cuts, the IRS plans to lean heavily on AI to maintain tax collection efforts, with Treasury Secretary Scott Bessent stating that smarter IT and the "AI boom" will offset reductions in revenue enforcement staff. The Register reports: When asked by Congressman Steny Hoyer (D-MD) whether proposed reductions in the IRS's IT budget, along with plans to cut additional staff, would affect the agencies ability to collect tax revenue, Bessent said it wouldn't, thanks to the current "AI boom." "I believe through smarter IT, through this AI boom, that we can use that to enhance collections," Bessent told Hoyer and the Committee (24:29 into the video linked [here]). "I expect collections would continue to be very robust as they were this year."

Bessent's comments didn't explain how the IRS intends to deploy AI. Given how much it has slashed its enforcement staff since Trump took office, the agency definitely needs to do something. [...] Bessent's comments didn't explain how the IRS intends to deploy AI. Given how much it has slashed its enforcement staff since Trump took office, the agency definitely needs to do something. "There is nothing that shows historically that bringing in unseasoned collections agents will result in more collections," Bessent told the Committee. "IRS already uses AI for business functions including operational efficiency, compliance and fraud detection, and taxpayer services," the agency told The Register. "AI use cases must follow all relevant IRS privacy and security policies."

schwit1 shares a report from Behind The Black: Almost immediately after India's government issued this week new tightened regulations for allowing private satellite constellations to sell their services in India, it also apparently completed negotiations with SpaceX to allow it to sell Starlink in India based on these rules. Business Today reports: "According to sources, the DoT [Department of Transportation] granted the LoI [Letter of Intent] after Starlink accepted 29 strict security conditions, including requirements for real-time terminal tracking, mandatory local data processing, legal interception capabilities, and localisation of at least 20% of its ground segment infrastructure within the first few years of operation.

Starlink's nod came amid heightened national security sensitivities, coinciding with India's pre-dawn Operation Sindoor strikes on terror camps across the border in response to the Pahalgam massacre. However, DoT officials clarified that the decision to approve Starlink was independent of these military developments." At the moment SpaceX's chief competitors, OneWeb and Amazon's Kuiper constellation, have not yet obtained the same permissions. This allows SpaceX to grab a large portion of the market share in India before either of these other companies.

According to Bloomberg, the Trump administration plans to revise a set of chip trade restrictions called the "AI diffusion" rule, which were scheduled to take effect on May 15. CNBC reports: The rule, which was proposed in the last days of the Biden administration, organizes countries into three different tiers, all of which have different restrictions on whether advanced AI chips like those made by Nvidia, AMD, and Intel can be shipped to the country without a license.

Chipmakers including Nvidia and AMD have been against the rule. AMD CEO Lisa Su told CNBC on Wednesday that the U.S. should strike a balance between restricting access to chips for national security and providing access, which will boost the American chip industry. Nvidia CEO Jensen Huang said earlier this week that being locked out of the Chinese AI market would be a "tremendous loss."

An anonymous reader quotes a report from Ars Technica: Broadcom has been sending cease-and-desist letters to owners of VMware perpetual licenses with expired support contracts, Ars Technica has confirmed. Following its November 2023 acquisition of VMware, Broadcom ended VMware perpetual license sales. Users with perpetual licenses can still use the software they bought, but they are unable to renew support services unless they had a pre-existing contract enabling them to do so. The controversial move aims to push VMware users to buy subscriptions to VMware products bundled such that associated costs have increased by 300 percent or, in some cases, more. Some customers have opted to continue using VMware unsupported, often as they research alternatives, such as VMware rivals or devirtualization.

Over the past weeks, some users running VMware unsupported have reported receiving cease-and-desist letters from Broadcom informing them that their contract with VMware and, thus, their right to receive support services, has expired. The letter [PDF], reviewed by Ars Technica and signed by Broadcom managing director Michael Brown, tells users that they are to stop using any maintenance releases/updates, minor releases, major releases/upgrades extensions, enhancements, patches, bug fixes, or security patches, save for zero-day security patches, issued since their support contract ended.

The letter tells users that the implementation of any such updates "past the Expiration Date must be immediately removed/deinstalled," adding: "Any such use of Support past the Expiration Date constitutes a material breach of the Agreement with VMware and an infringement of VMware's intellectual property rights, potentially resulting in claims for enhanced damages and attorneys' fees." [...] The cease-and-desist letters also tell recipients that they could be subject to auditing: "Failure to comply with [post-expiration reporting] requirements may result in a breach of the Agreement by Customer[,] and VMware may exercise its right to audit Customer as well as any other available contractual or legal remedy."