RSS 생중계

An anonymous reader shares a report: In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. The package maintainer whose accounts were hijacked in this supply-chain attack confirmed the incident earlier today, stating that he was aware of the compromise and adding that the phishing email came from support [at] npmjs [dot] help, a domain that hosts a website impersonating the legitimate npmjs.com domain. In the emails, the attackers threatened that the targeted maintainers' accounts would be locked on September 10th, 2025, as a scare tactic to get them to click on the link redirecting them to the phishing sites.

Read more of this story at Slashdot.

Signal has begun rolling out end-to-end encrypted cloud backups in its latest Android beta release. The opt-in feature allows users to restore message history if their phone is lost or damaged. Free backups include all text messages and 45 days of media attachments. A $1.99 monthly subscription extends media storage to 100GB. Users generate a 64-character recovery key on their device that Signal's servers never access. Backups refresh daily, excluding view-once messages and those set to disappear within 24 hours. The nonprofit cited storage costs as the reason for its first paid tier. iOS and Desktop support will follow the Android rollout. Signal said it stores backup archives without linking them to specific user accounts or payment information.

Read more of this story at Slashdot.

Google has stated in a court filing that "the open web is already in rapid decline," contradicting recent public statements from executives including its CEO Sundar Pichai and Search VP Nick Fox, who maintained in May that web publishing and the web were thriving. The admission appeared in Google's response to a divestiture proposal, arguing that breaking up the company would accelerate the decline and harm publishers dependent on open-web display advertising revenue. Google's VP of Global Ads Dan Taylor has since clarified the company was referring specifically to open-web display advertising, not the entire open web.

Read more of this story at Slashdot.

The Aikido blog describes an apparently ongoing series of phishing attacks against npm package maintainers, resulting in the uploading of compromised versions of heavily used packages:

All together, these packages have more than 2 billion downloads per week.

The packages were updated to contain a piece of code that would be executed on the client of a website, which silently intercepts crypto and web3 activity in the browser, manipulates wallet interactions, and rewrites payment destinations so that funds and approvals are redirected to attacker-controlled accounts without any obvious signs to the user.

A 67-year-old US man is still alive more than six months after receiving a kidney from a genetically modified pig. This is the longest a pig organ has survived in a living person. From a report: Researchers say the outcome is a landmark case of successful xenotransplantation -- the process of transplanting organs from animals to humans. The recipient, Tim Andrews, had end-stage kidney disease and had been receiving dialysis for more than two years before he underwent the surgery in January. He has been dialysis-free since receiving the kidney. Andrews was one of three patients to receive genetically modified pig kidneys supplied by the biotechnology company eGenesis in Cambridge, Massachusetts, on compassionate grounds. Reaching six months' survival is an amazing feat, says Wayne Hawthorne, a transplant surgeon at the University of Sydney in Australia. The first six months is the period of "highest risk for the patient and also the transplant," he adds. Possible complications include anaemia and graft rejection, when the immune system attacks the new organ. "The six-month time point marks that things have gone extremely well," Hawthorne says. Reaching 12 months would be another milestone and a "fantastic long-term outcome," he adds. Previously, the recipient with longest-surviving genetically modified pig organ was a 53-year-old US woman, Towana Looney, who had a functioning pig kidney for four months and nine days. However, the organ was removed earlier this year because her immune system began to reject it.

Read more of this story at Slashdot.

The former head of security for WhatsApp filed a lawsuit on Monday accusing Meta of ignoring major security and privacy flaws that put billions of the messaging app's users at risk, the latest in a string of whistle-blower allegations against the social media giant. The New York Times: In the lawsuit filed in the U.S. District Court of the District of Northern California, Attaullah Baig claimed that thousands of WhatsApp and Meta employees could gain access to sensitive user data including profile pictures, location, group memberships and contact lists. Meta, which owns WhatsApp, also failed to adequately address the hacking of more than 100,000 accounts each day and rejected his proposals for security fixes, according to the lawsuit. Mr. Baig tried to warn Meta's top leaders, including its chief executive, Mark Zuckerberg, that users were being harmed by the security weaknesses, according to the lawsuit. In response, his managers retaliated and fired him in February, he claims. Mr. Baig, who is represented by the whistle-blower organization Psst.org and the law firm Schonbrun, Seplow, Harris, Hoffman & Zeldes, argued in the suit that the actions violated a privacy settlement Meta reached with the Federal Trade Commission in 2019, as well as securities laws that require companies to disclose risks to shareholders.

Read more of this story at Slashdot.

University of Luxembourg mathematicians tested whether GPT-5 could extend a qualitative fourth-moment theorem to include explicit convergence rates, a previously unaddressed problem in the Malliavin-Stein framework. The September 2025 experiment, prompted by claims GPT-5 solved a convex optimization problem, revealed the AI made critical errors requiring constant human correction. GPT-5 overlooked an essential covariance property easily deducible from provided documents. The researchers compared the experience to working with a junior assistant needing careful verification. They warned AI reliance during doctoral training risks students losing opportunities to develop fundamental mathematical skills through mistakes and exploration.

Read more of this story at Slashdot.

An anonymous reader shares a report: Two cultivated meat companies have filed a lawsuit against officials in Texas over the law that bans the sales of lab-grown meat in the state for two years. California-based companies UPSIDE Foods, which makes cultivated chicken, and Wildtype, which makes cultivated salmon are suing Attorney General Ken Paxton, Texas Department of State Health Services, Texas Health and Human Services, and Travis County, accusing them of government overreach. "This law has nothing to do with protecting public health and safety and everything to do with protecting conventional agriculture from innovative out-of-state competition," said Paul Sherman, a senior attorney at the Institute for Justice, a nonprofit law firm that is representing UPSIDE Foods and Wildtype. "That is not a legitimate use of government power." In June, lawmakers passed Senate Bill 261, which bans the sale of lab-grown meat in Texas for two years. Lab-grown meat, also known as cell cultivated meat or cultured meat, is made from taking animal cells and growing them in an incubator or bioreactor until they form an edible product.

Read more of this story at Slashdot.

Framework Computer is a US-based computer manufacturer with a line of Linux-supported, modular, easily repairable and upgradeable laptops. In February, the company announced a new model, the Framework Laptop 12, an "entry-level" 12.2-inch convertible notebook that can be used as a laptop or tablet. The systems were made available for pre-order in April, I received mine in mid-August. Since then, I have been putting it through its paces with Debian 13 ("trixie") and Fedora Linux 42. It's a good choice for users who want a Linux-friendly, lightweight, 2-in-1 device—if they are willing to make a few concessions on storage capacity, RAM, and CPU/GPU choices.

An anonymous reader shares a report: OpenAI recently had both good news and bad news for shareholders. Revenue growth from ChatGPT is accelerating at a more rapid rate than the company projected half a year ago. The bad news? The computing costs to develop artificial intelligence that powers the chatbot, and other data center-related expenses, will rise even faster. As a result, OpenAI projected its cash burn this year through 2029 will rise even higher than previously thought, to a total of $115 billion. That's about $80 billion higher than the company previously expected. The unprecedented projected cash burn, which would add to the roughly $2 billion it burned in the past two years, helps explain why the company is raising more capital than any private company in history.

Read more of this story at Slashdot.

Security updates have been issued by Debian (chromium, libhtp, modsecurity-apache, shibboleth-sp, and wireless-regdb), Fedora (chromium, kea, tcpreplay, and yq), Mageia (rootcerts, nspr, nss & firefox and thunderbird), Red Hat (python3), and SUSE (7zip, chromedriver, go1.25, libQt5Pdf5, libsixel-bash-completion, libsoup2, libwireshark18, netty, rav1e, and trivy).

Young Americans are abandoning traditional retirement planning for dividend-focused ETFs that promise immediate income and freedom from traditional employment. Income-generating ETFs captured one in six dollars flowing into equity ETFs in 2025, pushing the sector to $750 billion -- with the most aggressive funds offering yields above 8% quadrupling to $160 billion over three years. The r/dividends subreddit has grown tenfold to 780,000 members over five years, while YouTube channels and Discord servers dedicated to dividend investing proliferate. YieldMax's MSTY fund, offering a 90% distribution rate through complex derivatives, has underperformed MicroStrategy stock by 120 percentage points since February 2024 when dividends are reinvested -- nearly 200 points when payouts are withdrawn. Speaking to Bloomberg, finance professor Samuel Hartzmark identified this as the "free dividends fallacy," where investors fail to recognize that dividends reduce share prices rather than creating additional wealth.

Read more of this story at Slashdot.

Slashdot reader Charlotte Web shared this report from the Register: Among the software developers who use Microsoft's GitHub, the most popular community discussion in the past 12 months has been a request for a way to block Copilot, the company's AI service, from generating issues and pull requests in code repositories. The second most popular discussion — where popularity is measured in upvotes — is a bug report that seeks a fix for the inability of users to disable Copilot code reviews. Both of these questions, the first opened in May and the second opened a month ago, remain unanswered, despite an abundance of comments critical of generative AI and Copilot... The author of the first, developer Andi McClure, published a similar request to Microsoft's Visual Studio Code repository in January, objecting to the reappearance of a Copilot icon in VS Code after she had uninstalled the Copilot extension... "I've been for a while now filing issues in the GitHub Community feedback area when Copilot intrudes on my GitHub usage," McClure told The Register in an email. "I deeply resent that on top of Copilot seemingly training itself on my GitHub-posted code in violation of my licenses, GitHub wants me to look at (effectively) ads for this project I will never touch. If something's bothering me, I don't see a reason to stay quiet about it. I think part of how we get pushed into things we collectively don't want is because we stay quiet about it." It's not just the burden of responding to AI slop, an ongoing issue for Curl maintainer Daniel Stenberg. It's the permissionless copying and regurgitation of speculation as fact, mitigated only by small print disclaimers that generative AI may produce inaccurate results. It's also GitHub's disavowal of liability if Copilot code suggestions happen to have reproduced source code that requires attribution. It's what the Servo project characterizes in its ban on AI code contributions as the lack of code correctness guarantees, copyright issues, and ethical concerns. Similar objections have been used to justify AI code bans in GNOME's Loupe project, FreeBSD, Gentoo, NetBSD, and QEMU... Calls to shun Microsoft and GitHub go back a long way in the open source community, but moved beyond simmering dissatisfaction in 2022 when the Software Freedom Conservancy (SFC) urged free software supporters to give up GitHub, a position SFC policy fellow Bradley M. Kuhn recently reiterated. McClure says In the last six months their posts have drawn more community support — and tells the Register there's been a second change in how people see GitHub within the last month. After GitHub moved from a distinct subsidiary to part of Microsoft's CoreAI group, "it seems to have galvanized the open source community from just complaining about Copilot to now actively moving away from GitHub."

Read more of this story at Slashdot.

An anonymous reader shared this report from Fortune: The percentage of young Gen Z employees between the ages of 21 and 25 has been cut in half at technology companies over the past two years, according to recent data from compensation management software business Pave with workforce data from more than 8,300 companies. These young workers accounted for 15% of the workforce at large public tech firms in January 2023. By August 2025, they only represented 6.8%. The situation isn't pretty at big private tech companies, either — during that same time period, the proportion of early-career Gen Z employees dwindled from 9.3% to 6.8%. Meanwhile, the average age of a worker at a tech company has risen dramatically over those two and a half years. Between January 2023 and July 2025, the average age of all employees at large public technology businesses rose from 34.3 years to 39.4 years — more than a five year difference. On the private side, the change was less drastic, with the typical age only increasing from 35.1 to 36.6 years old... "If you're 35 or 40 years old, you're pretty established in your career, you have skills that you know cannot yet be disrupted by AI," Matt Schulman, founder and CEO of Pave, tells Fortune. "There's still a lot of human judgment when you're operating at the more senior level...If you're a 22-year-old that used to be an Excel junkie or something, then that can be disrupted. So it's almost a tale of two cities." Schulman points to a few reasons why tech company workforces are getting older and locking Gen Z out of jobs. One is that big companies — like Salesforce, Meta, and Microsoft — are becoming a lot more efficient thanks to the advent of AI. And despite their soaring trillion-dollar profits, they're cutting employees at the bottom rungs in favor of automation. Entry-level jobs have also dwindled because of AI agents, and stalling promotions across many agencies looking to do more with less. Once technology companies weed out junior roles, occupied by Gen Zers, their workforces are bound to rise in age. Schulman tells Fortune Gen Z also has an advantage: that tech corporations can see them as fresh talent that "can just break the rules and leverage AI to a much greater degree without the hindrance of years of bias." And Priya Rathod, workplace trends editor for LinkedIn, tells Fortune there's promising tech-industry entry roles in AI ethics, cybersecurity, UX, and product operations. "Building skills through certifications, gig work, and online communities can open doors.... "For Gen Z, the right certifications or micro credentials can outweigh a lack of years on the resume. This helps them stay competitive even when entry level opportunities shrink."

Read more of this story at Slashdot.

Somewhere in Houston, four research volunteers "will soon participate in NASA's year-long simulation of a Mars mission," NASA announced this week, saying it will provide "foundational data to inform human exploration of the Moon, Mars, and beyond." The 378-day simulation will take place inside a 3D-printed, 1,700-square-foot habitat at NASA's Johnson Space Center in Houston — starting on October 19th and continuing until Halloween of 2026: Through a series of Earth-based missions called CHAPEA (Crew Health and Performance Exploration Analog), NASA aims to evaluate certain human health and performance factors ahead of future Mars missions. The crew will undergo realistic resource limitations, equipment failures, communication delays, isolation and confinement, and other stressors, along with simulated high-tempo extravehicular activities. These scenarios allow NASA to make informed trades between risks and interventions for long-duration exploration missions. "As NASA gears up for crewed Artemis missions, CHAPEA and other ground analogs are helping to determine which capabilities could best support future crews in overcoming the human health and performance challenges of living and operating beyond Earth's resources — all before we send humans to Mars," said Sara Whiting, project scientist with NASA's Human Research Program at NASA Johnson. Crew members will carry out scientific research and operational tasks, including simulated Mars walks, growing a vegetable garden, robotic operations, and more. Technologies specifically designed for Mars and deep space exploration will also be tested, including a potable water dispenser and diagnostic medical equipment... This mission, facilitated by NASA's Human Research Program, is the second one-year Mars surface simulation conducted through CHAPEA. The first mission concluded on July 6, 2024.

Read more of this story at Slashdot.

Four years ago a small Microsoft Research team started creating an analog optical computer. They used commercially available parts like sensors from smartphone cameras, optical lenses, and micro-LED lights finer than a human hair. "As the light passes through the sensor at different intensities, the analog optical computer can add and multiply numbers," explains a Microsoft blog post. They envision the technology scaling to a computer that for certain problems is 100X faster and 100X more energy efficient — running AI workloads "with a fraction of the energy needed and at much greater speed than the GPUs running today's large language models." The results are described in a paper published in the scientific journal Nature, according to the blog post: At the same time, Microsoft is publicly sharing its "optimization solver" algorithm and the "digital twin" it developed so that researchers from other organizations can investigate this new computing paradigm and propose new problems to solve and new ways to solve them. Francesca Parmigiani, a Microsoft principal research manager who leads the team developing the AOC, explained that the digital twin is a computer-based model that mimics how the real analog optical computer [or "AOC"] behaves; it simulates the same inputs, processes and outputs, but in a digital environment — like a software version of the hardware. This allowed the Microsoft researchers and collaborators to solve optimization problems at a scale that would be useful in real situations. This digital twin will also allow other users to experiment with how problems, either in optimization or in AI, would be mapped and run on the analog optical computer hardware. "To have the kind of success we are dreaming about, we need other researchers to be experimenting and thinking about how this hardware can be used," Parmigiani said. Hitesh Ballani, who directs research on future AI infrastructure at the Microsoft Research lab in Cambridge, U.K. said he believes the AOC could be a game changer. "We have actually delivered on the hard promise that it can make a big difference in two real-world problems in two domains, banking and healthcare," he said. Further, "we opened up a whole new application domain by showing that exactly the same hardware could serve AI models, too." In the healthcare example described in the Nature paper, the researchers used the digital twin to reconstruct MRI scans with a good degree of accuracy. The research indicates that the device could theoretically cut the time it takes to do those scans from 30 minutes to five. In the banking example, the AOC succeeded in resolving a complex optimization test case with a high degree of accuracy... As researchers refine the AOC, adding more and more micro-LEDs, it could eventually have millions or even more than a billion weights. At the same time, it should get smaller and smaller as parts are miniaturized, researchers say.

Read more of this story at Slashdot.

Linus has released 6.17-rc5 for testing. "Things remain normal - both the diffstat and the commit counts look entirely sane". The announcement also contains a plea for maintainers to not overuse Link: tags when applying patches.

An anonymous reader shared this report from the BBC: Microsoft's Azure cloud services have been disrupted by undersea cable cuts in the Red Sea, the US tech giant says. Users of Azure — one of the world's leading cloud computing platforms — would experience delays because of problems with internet traffic moving through the Middle East, the company said. Microsoft did not explain what might have caused the damage to the undersea cables, but added that it had been able to reroute traffic through other paths. Over the weekend, there were reports suggesting that undersea cable cuts had affected the United Arab Emirates and some countries in Asia.... On Saturday, NetBlocks, an organisation that monitors internet access, said a series of undersea cable cuts in the Red Sea had affected internet services in several countries, including India and Pakistan. "We do expect higher latency on some traffic that previously traversed through the Middle East," Microsoft said in their status announcement — while stressing that traffic "that does not traverse through the Middle East is not impacted".

Read more of this story at Slashdot.

As America's trade talks with China were set to begin last July, a "puzzling" email reached several U.S. government agencies, law firms, and trade groups, reports the Wall Street Journal. It appeared to be from the chair of a U.S. Congressional committee, Representative John Moolenaar, asking recipients to review an alleged draft of upcoming legislation — sent as an attachment. "But why had the chairman sent the message from a nongovernment address...?" "The cybersecurity firm Mandiant determined the spyware would allow the hackers to burrow deep into the targeted organizations if any of the recipients had opened the purported draft legislation, according to documents reviewed by The Wall Street Journal." It turned out to be the latest in a series of alleged cyber espionage campaigns linked to Beijing, people familiar with the matter said, timed to potentially deploy spyware against organizations giving input on President Trump's trade negotiations. The FBI and the Capitol Police are investigating the Moolenaar emails, and cyber analysts traced the embedded malware to a hacker group known as APT41 — believed to be a contractor for Beijing's Ministry of State Security... The hacking campaign appeared to be aimed at giving Chinese officials an inside look at the recommendations Trump was receiving from outside groups. It couldn't be determined whether the attackers had successfully breached any of the targets. A Federal Bureau of Investigation spokeswoman declined to provide details but said the bureau was aware of the incident and was "working with our partners to identify and pursue those responsible...." The alleged campaign comes as U.S. law-enforcement officials have been surprised by the prolific and creative nature of China's spying efforts. The FBI revealed last month that a Beijing-linked espionage campaign that hit U.S. telecom companies and swept up Trump's phone calls actually targeted more than 80 countries and reached across the globe... The Moolenaar impersonation comes as several administration officials have recently faced impostors of their own. The State Department warned diplomats around the world in July that an impostor was using AI to imitate Secretary of State Marco Rubio's voice in messages sent to foreign officials. Federal authorities are also investigating an effort to impersonate White House chief of staff Susie Wiles, the Journal reported in May... The FBI issued a warning that month that "malicious actors have impersonated senior U.S. officials" targeting contacts with AI-generated voice messages and texts. And in January, the article points out, all the staffers on Moolenaar's committee "received emails falsely claiming to be from the CEO of Chinese crane manufacturer ZPMC, according to people familiar with the episode." Thanks to long-time Slashdot reader schwit1 for sharing the news.

Read more of this story at Slashdot.

AI Overviews have lowered click-through traffic to Daily Mail sites by as much as 89%, the publisher told a UK government body that regulates competition. So they've joined other top news organizations (including Guardian Media Group and the magazine trade body the Periodical Publishers Association) in asking the regulators "to make Google more transparent and provide traffic statistics from AI Overview and AI Mode to publishers," reports the Guardian: Publishers — already under financial pressure from soaring costs, falling advertising revenues, the decline of print and the wider trend of readers turning away from news — argue that they are effectively being forced by Google to either accept deals, including on how content is used in AI Overview and AI Mode, or "drop out of all search results", according to several sources... In recent years, Google Discover, which feeds users articles and videos tailored to them based on their past online activity, has replaced search as the main source of click-throughs to content. However, David Buttle, founder of the consultancy DJB Strategies, says the service, which is also tied to publishers' overall search deals, does not deliver the quality traffic that most publishers need to drive their long-term strategies. "Google Discover is of zero product importance to Google at all," he says. "It allows Google to funnel more traffic to publishers as traffic from search declines ... Publishers have no choice but to agree or lose their organic search. It also tends to reward clickbaity type content. It pulls in the opposite direction to the kind of relationship publishers want." Meanwhile, publishers are fighting a wider battle with AI companies seeking to plunder their content to train their large language models. The creative industry is intensively lobbying the government to ensure that proposed legislation does not allow AI firms to use copyright-protected work without permission, a move that would stop the "value being scraped" out of the £125bn sector. Some publishers have struck bilateral licensing deals with AI companies — such as the FT, the German media group Axel Springer, the Guardian and the Nordic publisher Schibsted with the ChatGPT maker OpenAI — while others such as the BBC have taken action against AI companies alleging copyright theft. "It is a two-pronged attack on publishers, a sort of pincer movement," says Chris Duncan, a former News UK and Bauer Media senior executive who now runs a media consultancy, Seedelta. "Content is disappearing into AI products without serious remuneration, while AI summaries are being integrated into products so there is no need to click through, effectively taking money from both ends. It is an existential crisis." "At the moment the AI and tech community are showing no signs of supporting publisher revenue," says the chief executive of the UK's Periodical Publishers Association...

Read more of this story at Slashdot.