RSS 생중계

An anonymous reader quotes a report from Ars Technica: Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment card information and other sensitive data, security researchers said Monday. The infections are the result of a supply-chain attack that compromised at least three software providers with malware that remained dormant for six years and became active only in the last few weeks. At least 500 e-commerce sites that rely on the backdoored software were infected, and it's possible that the true number is double that, researchers from security firm Sansec said. Among the compromised customers was a $40 billion multinational company, which Sansec didn't name. In an email Monday, a Sansec representative said that "global remediation [on the infected customers] remains limited." "Since the backdoor allows uploading and executing arbitrary PHP code, the attackers have full remote code execution (RCE) and can do essentially anything they want," the representative wrote. "In nearly all Adobe Commerce/Magento breaches we observe, the backdoor is then used to inject skimming software that runs in the user's browser and steals payment information (Magecart)." The three software suppliers identified by Sansec were Tigren, Magesolution (MGS), and Meetanshi. All three supply software that's based on Magento, an open source e-commerce platform used by thousands of online stores. A software version sold by a fourth provider named Weltpixel has been infected with similar code on some of its customers' stores, but Sansec so far has been unable to confirm whether it was the stores or Weltpixel that were hacked. Adobe has owned Megento since 2018.

Read more of this story at Slashdot.

Microsoft officially shuttered Skype on May 5, ending the pioneering video chat service's 22-year run. The closure, announced in February, completes Skype's absorption into Microsoft Teams, the company's Slack competitor. Users opening Skype apps will now be redirected to Teams. The only surviving component is the Skype Dial Pad, which remains available within Microsoft Teams Free for subscribers to make calls to traditional phone numbers. The once-dominant video calling platform was purchased by Microsoft for $8.5 billion in 2011, replacing the company's Windows Live Messenger. Created in 2003 by developers behind Kazaa file-sharing software, Skype became synonymous with video calling during broadband internet's expansion. Skype's decline accelerated after Microsoft's acquisition, with unpopular redesigns and competition from Zoom, which captured market share during the COVID-19 pandemic. Microsoft began phasing out Skype in 2017, starting with Skype for Business, while bundling Teams with Office applications until regulatory intervention forced their separation.

Read more of this story at Slashdot.

OpenAI has decided that its nonprofit division will retain control over its for-profit organization, after the company initially announced that it planned to convert to a for-profit organization. From a report: According to the company, OpenAI's business wing, which has been under the nonprofit since 2019, will transition to a public benefit corporation (PBC). The nonprofit will control and also be a large shareholder of the PBC. "OpenAI was founded as a nonprofit, and is today overseen and controlled by that nonprofit," OpenAI Board Chairman Bret Taylor wrote in a statement on the company's blog. "Going forward, it will continue to be overseen and controlled by that nonprofit." OpenAI says that it made the decision "after hearing from civic leaders and engaging in constructive dialogue with the offices of the Attorney General of Delaware and the Attorney General of California." "We thank both offices and we look forward to continuing these important conversations to make sure OpenAI can continue to effectively pursue its mission," Taylor continued.

Read more of this story at Slashdot.

The disclosure of the Spectre class of hardware vulnerabilities created a lot of pain for kernel developers (and many others). That pain was especially acutely felt in the BPF community. While an attacker might have to painfully search the kernel code base for exploitable code, an attacker using BPF can simply write and load their own speculation gadgets, which is a much more efficient way of operating. The BPF community reacted by, among other things, disallowing the loading of programs that may include speculation gadgets. Luis Gerhorst would like to change that situation with this patch series that takes a more direct approach to the problem.

BrianFagioli writes: Microsoft has officially begun rejecting high-volume emails that don't meet its new authentication rules. Here's the deal. If you send more than 5,000 messages per day to Outlook.com addresses (including hotmail.com and live.com) and you're not properly set up with SPF, DKIM, and DMARC, your emails may never arrive.

Read more of this story at Slashdot.

An industrial plan China rolled out a decade ago that was criticized by the U.S. as protectionist has been highly successful in narrowing China's technological gap with the West, a new study finds. From a report: The study, commissioned by the U.S. Chamber of Commerce, is set to intensify the debate in Washington and elsewhere over how to counter China's use of state subsidies and other strategies to bolster its competitiveness. To placate President Trump during his first-term trade war with China, Beijing dropped mentions of the "Made in China 2025" plan, leader Xi Jinping's signature industrial strategy, from public discourse. But the policy stayed in place. The study, released Monday, shows that enormous state support unleashed under the strategy has enabled China to eliminate or reduce its dependence on imports such as rail and power equipment, medical devices and renewable-energy products. In addition, Chinese companies have become more competitive globally, gaining market share from foreign companies in sectors including shipbuilding and robotics. The findings in the study, conducted by economic consulting firm Rhodium Group, highlight the stakes for the U.S. and other advanced economies as Beijing continues to advance Xi's blueprint to make China a leader in high-tech industries.

Read more of this story at Slashdot.

Apple on Monday lodged an appeal to challenge a U.S. judge's ruling that ordered the tech company to immediately open its lucrative App Store to more competition. From a report: Apple in a court notice it will ask the San Francisco-based 9th U.S. Circuit Court of Appeals to review the April 30 ruling, which found the company in contempt of an earlier order in a 2020 antitrust lawsuit brought by Epic Games. U.S. District Judge Yvonne Gonzalez Rogers said in her decision that Apple willfully failed to comply with a 2021 injunction designed to allow developers to more easily steer consumers to potentially cheaper non-Apple payment options. Gonzalez Rogers also referred Apple and one of its executives to federal prosecutors for a possible criminal contempt investigation.

Read more of this story at Slashdot.

The United Arab Emirates will introduce AI to the public school curriculum this year, as the Gulf country vies to become a regional powerhouse for AI development. From a report: The subject will be rolled out in the 2025-2026 academic year for kindergarten pupils through to 12th grade, state-run news agency WAM reported on Sunday. The course includes ethical awareness as well as foundational concepts and real-world applications, it said. The UAE joins a growing group of countries integrating AI into school education. Beijing announced a similar move to roll out AI courses to primary and secondary students in China last month.

Read more of this story at Slashdot.

New York City's subway system continues to operate largely on analog signal technology installed nearly a century ago, with 85% of the network still relying on mechanical equipment that requires constant human intervention. The outdated system causes approximately 4,000 train delays monthly and represents a technological time capsule in America's largest mass transit system. Deep inside Brooklyn's Hoyt-Schermerhorn station, transit worker Dyanesha Pryor operates a hulking machine the size of a grand piano by manipulating 24 metal levers that control nearby trains. Each command requires a precise sequence of movements, punctuated by metallic clanking as levers slam into place. When Pryor needs to step away, even for a bathroom break, express service must be rerouted until she returns, forcing all trains onto local tracks. The antiquated "fixed block" signaling divides tracks into approximately 1,000-foot sections. When a train occupies a block, it cuts off electrical current, providing only a general position rather than precise location data. This imprecision requires maintaining buffer zones between trains, significantly limiting capacity as ridership has grown. Maintenance challenges are also piling up, writes the New York Times. Hundreds of cloth-wrapped wires -- rather than modern rubber insulation -- fill back rooms and are prone to failure. When equipment breaks, replacements often must be custom-made in MTA workshops, as many components have been discontinued for decades. The Metropolitan Transportation Authority has begun replacing this system with communications-based train control (C.B.T.C.), which uses computers and wireless technology to monitor trains' exact locations. Routes already converted to C.B.T.C., including the L line (2006) and 7 line (2018), consistently show the best on-time performance. However, the $25 million per-mile upgrade program faces uncertain funding after the Trump administration threatened to kill New York's congestion pricing plan, which would provide $3 billion for signal modernization.

Read more of this story at Slashdot.

The highest-rated video games of 2025 are all budget-priced titles, with Metacritic top performers Clair Obscur: Expedition 33, Blue Prince, and Split Fiction costing just $50, $30, and $50 respectively. This comes as Microsoft announces certain Xbox titles will now cost $80, following Nintendo's similar price hike for Mario Kart on Switch 2. Clair Obscur, developed by a small French studio, sold 1 million copies in its first week. Split Fiction, despite being published by EA, was created by a small Stockholm team and has reached 2 million sales. Blue Prince, a puzzle-roguelike largely created by a single developer in Los Angeles, is showing strong performance on Steam, Bloomberg reports. All three games share key traits: they use commercially available engines, take creative risks that big-budget projects couldn't afford, and target specific player demographics rather than trying to appeal broadly. The contrast is striking -- Clair Obscur's developers celebrated reaching 1 million sales while EA declared Dragon Age: The Veilguard a failure with similar numbers, underscoring the economic realities of different development scales.

Read more of this story at Slashdot.

A majority of Britons may now consider themselves neurodivergent, with conditions such as autism, dyslexia or ADHD, according to a leading psychologist from King's College London. Professor Francesca Happe, an expert in cognitive neuroscience, said reduced stigma around these conditions has prompted more people to seek medical diagnoses or self-diagnose. "Once you take autism, ADHD, dyslexia, dyspraxia and all the other ways that you can developmentally be different from the typical, you actually don't get many typical people left," Happe told BBC Radio 4. Autism diagnoses increased 787% between 1998 and 2018 in the UK, with estimated prevalence rising from one in 2,500 children 80 years ago to one in 36 today. Happe, who was appointed CBE in 2021 for her autism research, warned that behaviors previously considered "a bit of eccentricity" are now being labeled with medical terms.

Read more of this story at Slashdot.

The 6.12.27 and 6.1.137 stable kernels have been released to fix build problems in their predecessors. Only those who are having build troubles with 6.12.26 or 6.1.136 need to upgrade.

Security updates have been issued by Debian (ansible, containerd, and vips), Fedora (chromium, java-17-openjdk, nodejs-bash-language-server, nodejs-pnpm, ntpd-rs, redis, rust-hickory-proto, thunderbird, and valkey), Mageia (apache-mod_auth_openidc, fcgi, graphicsmagick, kernel-linus, pam, poppler, and tomcat), Red Hat (firefox, libsoup, nodejs:20, redis:6, rsync, webkit2gtk3, xmlrpc-c, and yelp), and SUSE (audiofile, ffmpeg, firefox, libsoup-2_4-1, libsoup-3_0-0, libva, libxml2, and thunderbird).

Yahoo Finance reports that Mark Zuckerberg made bold predictions for investors on Meta's earnings call this week — about advertisers. "AI has already made us better at targeting and finding the audiences that will be interested in their products than many businesses are themselves," Zuck said, "and that keeps improving..." "If we deliver on this vision, then over the coming years, I think that the increased productivity from AI will make advertising a meaningfully larger share of global GDP than it is today..." If investors are still searching for answers to nagging questions about how massive AI investments will pay off, Zuckerberg provided the clearest reply yet: It will strengthen our core business. In fact, it is our business... On what many believe to be the cusp of an economic downturn, Meta isn't pitching its AI developments as an add-on to its operations, but as something central to its core proposition of targeted advertising... "While Meta's investments in GenAI have spooked certain investors who continue to question the return on these investments, we saw further signs of GenAI monetization in the firm's ad business," wrote Morningstar equity analyst Malik Ahmed Khan in a note on Thursday. In a powerful showing, coming after Alphabet's own impressive results, Meta noted that a new ads recommendation model it's testing for Reels has already boosted conversion rates by 5%. And nearly one-third of advertisers were using AI creative tools in the past quarter. For Zuckerberg, the enhancements AI offers to finding the right consumers and providing measurable results strengthen the case for boosting capacity and for a revamped model of advertising's scope. And with the company set to invest upwards of $70 billion toward its AI opportunity this year, the bet is not all about ads, of course. Zuckerberg outlined four other areas of focus for its AI efforts: business messaging, Meta AI, AI devices, and more engaging experiences. Meta's efforts can also be viewed as an ambitious play to take on its rivals across tech's legacy and emerging platforms. As John Blackledge, senior analyst at TD Cowen, said in a note on Thursday, the AI opportunities Zuckerberg outlined are about "ultimately taking on Google search, iPhone and ChatGPT all at once." In the pre-AI world, "Businesses used to have to generate their own ad creative and define what audiences they wanted to reach," Zuckerberg told Meta's investors this week. And by Friday's closing, Meta's stock had jumped 12.6% over its value Wednesday morning, leading Yahoo Finance to conclude that Wall Street "appears to be buying into" Zuckerberg's vision.

Read more of this story at Slashdot.