News

An anonymous reader shares a report: Security researchers from Palo Alto Networks' Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it's quite simple. You just have to ensure that your prompt uses terrible grammar and is one massive run-on sentence like this one which includes all the information before any full stop which would give the guardrails a chance to kick in before the jailbreak can take effect and guide the model into providing a "toxic" or otherwise verboten response the developers had hoped would be filtered out. The paper also offers a "logit-gap" analysis approach as a potential benchmark for protecting models against such attacks. "Our research introduces a critical concept: the refusal-affirmation logit gap," researchers Tung-Ling "Tony" Li and Hongliang Liu explained in a Unit 42 blog post. "This refers to the idea that the training process isn't actually eliminating the potential for a harmful response -- it's just making it less likely. There remains potential for an attacker to 'close the gap,' and uncover a harmful response after all."

Read more of this story at Slashdot.

Deforestation has killed more than half a million people in the tropics over the past two decades as a result of heat-related illness, a study has found. The Guardian: Land clearance is raising the temperature in the rainforests of the Amazon, Congo and south-east Asia because it reduces shade, diminishes rainfall and increases the risk of fire, the authors of the paper found. Deforestation is responsible for more than a third of the warming experienced by people living in the affected regions, which is on top of the effect of global climate disruption. About 345 million people across the tropics suffered from this localised, deforestation-caused warming between 2001 and 2020. For 2.6 million of them, the additional heating added 3C to their heat exposure. In many cases, this was deadly. The researchers estimated that warming due to deforestation accounted for 28,330 annual deaths over that 20-year period.

Read more of this story at Slashdot.

The FBI and other law enforcement and intelligence agencies around the world warned Wednesday that a Chinese-government hacking campaign that previously penetrated nine U.S. telecommunications companies has expanded into other industries and regions, striking at least 200 American organizations and 80 countries. From a report: The joint advisory was issued with the close allies in the Five Eyes English-language intelligence-sharing arrangement and also agencies from Finland, Netherlands, Poland and the Czech Republic, an unusually broad array meant to demonstrate global resolve against what intelligence officials said is a pernicious campaign that exceeds accepted norms for snooping. "The expectation of privacy here was violated, not just in the U.S., but globally," FBI Assistant Director Brett Leatherman, who heads the bureau's cyber division, told The Washington Post in an interview. Chinese hackers won deep access to major communication carriers in the U.S. and elsewhere, then extracted call records and some law enforcement directives, which allowed them to build out a map of who was calling whom and whom the U.S. suspected of spying, Leatherman said. Prominent politicians in both major U.S. parties were among the ultimate victims.

Read more of this story at Slashdot.

Phonemaker Nothing used professional stock photos to demonstrate its Phone 3's camera capabilities on retail demo units, according to The Verge. Five images the company presented as community-captured samples were licensed photographs from the Stills marketplace, taken with other cameras in 2023. The Verge verified EXIF data confirming one image predated the Phone 3's release. Co-founder Akis Evangelidis acknowledged the photos were placeholders intended for pre-production testing that weren't replaced before deployment to stores.

Read more of this story at Slashdot.

South Korea has passed a bill banning the use of mobile phones and smart devices during class hours in schools -- becoming the latest country to restrict phone use among children and teens. From a report: The law, which comes into effect from the next school year in March 2026, is the result of a bi-partisan effort to curb smartphone addiction, as more research points to its harmful effects. Lawmakers, parents and teachers argue that smartphone use is affecting students' academic performance and takes away time they could have spent studying.

Read more of this story at Slashdot.

Wikipedia's volunteer editors have rejected founder Jimmy Wales' proposal to use ChatGPT for article review guidance after the AI tool produced error-filled feedback when Wales tested it on a draft submission. The ChatGPT response misidentified Wikipedia policies, suggested citing non-existent sources and recommended using press releases despite explicit policy prohibitions. Editors argued automated systems producing incorrect advice would undermine Wikipedia's human-centered model. The conflict follows earlier tensions over the Wikimedia Foundation's AI experiments, including a paused AI summary feature and new policies targeting AI-generated content.

Read more of this story at Slashdot.

Michael Imfeld discovered an out-of-bounds read vulnerability in udisks2, a D-Bus service to access and manipulate storage devices, which may result in denial of service (daemon process crash), or in mapping an internal file descriptor from the daemon process onto a loop device, resulting in local privilege escalation.

https://security-tracker.debian.org/tracker/DSA-5989-1

Digital resurrections of deceased individuals are emerging as the next commercial frontier in AI, with the digital afterlife industry projected to reach $80 billion within a decade. Companies developing these AI avatars are exploring revenue models ranging from interstitial advertising during conversations to data collection about users' preferences. StoryFile CEO Alex Quinn confirmed his company is exploring methods to monetize interactions between users and deceased relatives' digital replicas, including probing for consumer information during conversations. The technology has already demonstrated persuasive capabilities in legal proceedings, where an AI recreation of road rage victim Chris Pelkey delivered testimony that contributed to a maximum sentence. Current implementations operate through subscription models, though no federal regulations govern commercial applications of posthumous AI representations despite state-level protections for deceased individuals' likeness rights.

Read more of this story at Slashdot.

A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5988-1

Multiple security issues were discovered in Unbound, a validating, recursive, caching DNS resolver, which may result in denial of service or cache poisoning via the "rebirthday attack".

https://security-tracker.debian.org/tracker/DSA-5987-1

Nikita Skorovoda discovered that Node cipher-base, an abstract base class for crypto-streams, performed incomplete type checks.

https://security-tracker.debian.org/tracker/DSA-5986-1

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

https://security-tracker.debian.org/tracker/DSA-5985-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5984-1

This update removes the usage of the C (Credential) flag for the binfmt_misc registration within the qemu-user package, as it allowed for privilege escalation when running a suid/sgid binary under qemu-user. This means suid/sgid foreign-architecture binaries are not running with elevated privileges under qemu-user anymore. If you relied on this behavior of qemu-user in the past (running suid/sgid foreign-arch binaries), this will require changes to your deployment.

In Bookworm the affected packages are qemu-user-static (and qemu-user-binfmt) instead of qemu-user.

Additionally, two security issues were fixed the in SR-IOV support of QEMU system emulation.

https://security-tracker.debian.org/tracker/DSA-5983-1

Two security issues were discovered in the Squid proxy caching server, which could result in the execution of arbitrary code, information disclosure or denial of service.

https://security-tracker.debian.org/tracker/DSA-5982-1

A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5981-1

Matt Garman, Amazon's cloud boss, has a warning for business leaders rushing to swap workers for AI: Don't ditch your junior employees. From a report: The Amazon Web Services CEO said on an episode of the "Matthew Berman" podcast published Tuesday that replacing entry-level staff with AI tools is "one of the dumbest things I've ever heard." "They're probably the least expensive employees you have. They're the most leaned into your AI tools," he said. "How's that going to work when you go like 10 years in the future and you have no one that has built up or learned anything?" Garman said companies should keep hiring graduates and teaching them how to build software, break down problems, and adopt best practices. He also said the most valuable skills in an AI-driven economy aren't tied to any one college degree. "If you spend all of your time learning one specific thing and you're like, 'That's the thing I'm going to be expert at for the next 30 years,' I can promise you that's not going to be valuable 30 years from now," he said.

Read more of this story at Slashdot.

Meta announced today that it is splitting its Meta Superintelligence Labs into four divisions focused on AI research, superintelligence development, products, and infrastructure. The reorganization accompanies potential downsizing of the AI division's thousands of employees and executive departures, according to New York Times. Vice President of Generative AI Loredana Crisan is expected to announce her departure Tuesday. The company is exploring third-party AI models for its products rather than relying solely on internal technology. Chief AI Officer Alexandr Wang's team has abandoned Meta's previous frontier model Behemoth and is developing a new model from scratch, the report added.

Read more of this story at Slashdot.

Microsoft has removed the ability to disable automatic app updates in the Microsoft Store, according to screenshots from Deskmodder.de. Windows users can now only pause updates for one to five weeks. The Registry tweak that previously allowed users to modify update behavior has been removed. Group Policy editor remains the sole method for creating update exemptions on workstations and enterprise systems, but this tool is unavailable in Windows Home editions. The change is being deployed gradually to all Windows users. Microsoft has not commented on the modification, which affects all apps distributed through the Microsoft Store including both UWP and Win32 applications added in 2024.

Read more of this story at Slashdot.

Global fertility rates have fallen from five children per woman in the mid-twentieth century to 2.2 today, with approximately half of countries now below the 2.1 replacement threshold, according to data from the Institute for Health Metrics and Evaluation at the University of Washington. Mexico's rate dropped from seven children in 1970 to 1.6 in 2023. South Korea recorded 0.75 in 2024, down from 4.5 in 1970. The IHME projects over three-quarters of countries will fall below replacement level by 2050. A UN survey of 14,000 people across 14 countries found 39% cited financial limitations as a primary reason for not having children. China's population peaked around 2022 at 1.4 billion, while the U.S. Census Bureau predicts America's population will peak in 2080 at 370 million.

Read more of this story at Slashdot.