News

A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5988-1

Multiple security issues were discovered in Unbound, a validating, recursive, caching DNS resolver, which may result in denial of service or cache poisoning via the "rebirthday attack".

https://security-tracker.debian.org/tracker/DSA-5987-1

Nikita Skorovoda discovered that Node cipher-base, an abstract base class for crypto-streams, performed incomplete type checks.

https://security-tracker.debian.org/tracker/DSA-5986-1

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

https://security-tracker.debian.org/tracker/DSA-5985-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5984-1

This update removes the usage of the C (Credential) flag for the binfmt_misc registration within the qemu-user package, as it allowed for privilege escalation when running a suid/sgid binary under qemu-user. This means suid/sgid foreign-architecture binaries are not running with elevated privileges under qemu-user anymore. If you relied on this behavior of qemu-user in the past (running suid/sgid foreign-arch binaries), this will require changes to your deployment.

In Bookworm the affected packages are qemu-user-static (and qemu-user-binfmt) instead of qemu-user.

Additionally, two security issues were fixed the in SR-IOV support of QEMU system emulation.

https://security-tracker.debian.org/tracker/DSA-5983-1

Two security issues were discovered in the Squid proxy caching server, which could result in the execution of arbitrary code, information disclosure or denial of service.

https://security-tracker.debian.org/tracker/DSA-5982-1

A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5981-1

Matt Garman, Amazon's cloud boss, has a warning for business leaders rushing to swap workers for AI: Don't ditch your junior employees. From a report: The Amazon Web Services CEO said on an episode of the "Matthew Berman" podcast published Tuesday that replacing entry-level staff with AI tools is "one of the dumbest things I've ever heard." "They're probably the least expensive employees you have. They're the most leaned into your AI tools," he said. "How's that going to work when you go like 10 years in the future and you have no one that has built up or learned anything?" Garman said companies should keep hiring graduates and teaching them how to build software, break down problems, and adopt best practices. He also said the most valuable skills in an AI-driven economy aren't tied to any one college degree. "If you spend all of your time learning one specific thing and you're like, 'That's the thing I'm going to be expert at for the next 30 years,' I can promise you that's not going to be valuable 30 years from now," he said.

Read more of this story at Slashdot.

Meta announced today that it is splitting its Meta Superintelligence Labs into four divisions focused on AI research, superintelligence development, products, and infrastructure. The reorganization accompanies potential downsizing of the AI division's thousands of employees and executive departures, according to New York Times. Vice President of Generative AI Loredana Crisan is expected to announce her departure Tuesday. The company is exploring third-party AI models for its products rather than relying solely on internal technology. Chief AI Officer Alexandr Wang's team has abandoned Meta's previous frontier model Behemoth and is developing a new model from scratch, the report added.

Read more of this story at Slashdot.

Microsoft has removed the ability to disable automatic app updates in the Microsoft Store, according to screenshots from Deskmodder.de. Windows users can now only pause updates for one to five weeks. The Registry tweak that previously allowed users to modify update behavior has been removed. Group Policy editor remains the sole method for creating update exemptions on workstations and enterprise systems, but this tool is unavailable in Windows Home editions. The change is being deployed gradually to all Windows users. Microsoft has not commented on the modification, which affects all apps distributed through the Microsoft Store including both UWP and Win32 applications added in 2024.

Read more of this story at Slashdot.

Global fertility rates have fallen from five children per woman in the mid-twentieth century to 2.2 today, with approximately half of countries now below the 2.1 replacement threshold, according to data from the Institute for Health Metrics and Evaluation at the University of Washington. Mexico's rate dropped from seven children in 1970 to 1.6 in 2023. South Korea recorded 0.75 in 2024, down from 4.5 in 1970. The IHME projects over three-quarters of countries will fall below replacement level by 2050. A UN survey of 14,000 people across 14 countries found 39% cited financial limitations as a primary reason for not having children. China's population peaked around 2022 at 1.4 billion, while the U.S. Census Bureau predicts America's population will peak in 2080 at 370 million.

Read more of this story at Slashdot.

Bill Gates is funding a $1 million competition to spur the use of AI to find innovative treatments for Alzheimer's disease, the latest effort to deploy the promising technology to find cures for humanity's toughest illnesses. From a report: The Alzheimer's Insights AI prize will be awarded to the team that comes up with the most original way to program AI-powered agents that are "capable of independent planning, reasoning, and action to accelerate breakthrough discoveries from existing Alzheimer's data." Â The winning tool will be released for free on the Alzheimer's Disease Data Initiative's cloud "workbench" to be used by scientists globally, the organisation said on Tuesday. The prize is being financed by Gates Ventures, the family office of the billionaire philanthropist and Microsoft co-founder.

Read more of this story at Slashdot.

The GenAI Divide: State of AI in Business 2025, a new report published by MIT's NANDA initiative, reveals that while generative AI holds promise for enterprises, most initiatives to drive rapid revenue growth are falling flat. Fortune: Despite the rush to integrate powerful new models, about 5% of AI pilot programs achieve rapid revenue acceleration; the vast majority stall, delivering little to no measurable impact on P&L. The research -- based on 150 interviews with leaders, a survey of 350 employees, and an analysis of 300 public AI deployments -- paints a clear divide between success stories and stalled projects. To unpack these findings, I spoke with Aditya Challapally, the lead author of the report, and a research contributor to project NANDA at MIT. "Some large companies' pilots and younger startups are really excelling with generative AI," Challapally said. Startups led by 19- or 20-year-olds, for example, "have seen revenues jump from zero to $20 million in a year," he said. "It's because they pick one pain point, execute well, and partner smartly with companies who use their tools," he added. But for 95% of companies in the dataset, generative AI implementation is falling short. The core issue? Not the quality of the AI models, but the "learning gap" for both tools and organizations. While executives often blame regulation or model performance, MIT's research points to flawed enterprise integration. Generic tools like ChatGPT excel for individuals because of their flexibility, but they stall in enterprise use since they don't learn from or adapt to workflows, Challapally explained.

Read more of this story at Slashdot.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy.

https://security-tracker.debian.org/tracker/DSA-5980-1

Epic Games CEO Tim Sweeney told the Financial Times that the UK Competition and Markets Authority's December decision to delay mandating alternative app stores on iPhones was a "blunder" that leaves Britain "well behind" other jurisdictions. The CMA postponed until next year whether to require Apple to allow third-party app stores or sideloading, unlike the EU's Digital Markets Act. Fortnite remains unavailable on UK iOS devices following Epic's years-long dispute over Apple's 30% commission fees. The regulator said it would prioritize forcing Apple and Google to allow alternative payment systems.

Read more of this story at Slashdot.

The U.S. Federal Trade Commission sued ticket reseller Key Investment Group for evading purchasing limits to buy up thousands of tickets to live events including Taylor Swift's Eras tour and resell them at a markup, according to a complaint filed in Maryland federal court on Monday. From a report: The Baltimore, Maryland-based company, which operates ticket resale sites including TotalTickets.com, used thousands of Ticketmaster accounts, including fake or purchased accounts, the FTC said. Ticketmaster faced intense criticism after its botched 2022 sale of tickets to Swift's much-hyped Eras tour, when billions of requests from Swift fans, bots and ticket resellers overwhelmed its website and the company canceled a planned ticket sale to the general public. For one Swift concert in Las Vegas in March 2023, Key Investment Group and its affiliates used 49 different accounts to purchase 273 tickets and evade a 6-ticket purchase limit, netting more than $119,000 in revenue on resales, the FTC said on Monday. The company made more than $1.2 million reselling 2,280 Swift concert tickets it purchased in 2023, the agency said.

Read more of this story at Slashdot.

The UK government has agreed to withdraw its order requiring Apple to create backdoor access to encrypted iCloud data following intervention from the Trump administration. Vice President JD Vance negotiated the agreement during his recent UK holiday after the January order issued under the UK Investigatory Powers Act prompted Apple to pull its iCloud Advanced Data Protection service from Britain in February. Director of National Intelligence Tulsi Gabbard said the UK agreed to drop demands for access to "the protected encrypted data of American citizens." Apple had filed a complaint with the Investigatory Powers Tribunal scheduled for hearing early next year.

Read more of this story at Slashdot.

OpenAI has launched ChatGPT Go, a $4.57 monthly subscription tier initially available only in India. The service provides, compared to the free tier, extended access to GPT-5, image generation, file uploads, advanced data analysis, longer conversation memory, and custom GPTs at Rs 399 per month. ChatGPT Go excludes features found in the $20 ChatGPT Plus tier including legacy models like 4o, Sora video generation, deep research, agent mode, and connectors. OpenAI said "other countries and regions may be eligible in the future" for ChatGPT Go. India has emerged as a key market for American technology firms looking for users. In the past 15 years, firms like Amazon, Google, and Meta, alongside venture capitalists and private equity, have poured more than $200 billion into the country, all chasing its vast pool of users and the businesses serving this population. India is the second largest market for OpenAI, startup's chief executive Sam Altman said in a podcast recently. Perplexity partnered with Indian telecoms giant Bharti Airtel last month to provide its premium Pro service to 360 million customers for free for an entire year.

Read more of this story at Slashdot.

Intel and SoftBank announced on Monday that the Japanese conglomerate will make a $2 billion investment the embattled chipmaker. SoftBank will pay $23 per share for Intel's common stock. The investment is a vote of confidence in Intel, which has not been able to take advantage of the AI boom in advanced semiconductors and has spent heavily to stand up a manufacturing business that has yet to secure a significant customer. "Masa and I have worked closely together for decades, and I appreciate the confidence he has placed in Intel with this investment," Intel CEO Lip-Bu Tan said in a statement. Intel shares lost 60% of their value last year, their worst performance in the company's more than half-century on the public market.

Read more of this story at Slashdot.