News

The FBI warned this week that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them. From a report: The security service alerted public and private sector organizations in the United States and worldwide that North Korea's IT army will facilitate cyber-criminal activities and demand ransoms not to leak online exfiltrated sensitive data stolen from their employers' networks. "North Korean IT workers have copied company code repositories, such as GitHub, to their own user profiles and personal cloud accounts. While not uncommon among software developers, this activity represents a large-scale risk of theft of company code," the FBI said. "North Korean IT workers could attempt to harvest sensitive company credentials and session cookies to initiate work sessions from non-company devices and for further compromise opportunities." To mitigate these risks, the FBI advised companies to apply the principle of least privilege by disabling local administrator accounts and limiting permissions for remote desktop applications. Organizations should also monitor for unusual network traffic, especially remote connections since North Korean IT personnel often log into the same account from various IP addresses over a short period of time.

Read more of this story at Slashdot.

Walgreens Boots Alliance has ended a $200 million digital display venture with startup Cooler Screens after widespread technical failures and poor revenue, removing thousands of smart screens from its store freezer doors [non-paywalled link]. The screens, which displayed product information and ads, frequently crashed, showed incorrect inventory, and occasionally caught fire, Bloomberg reports. Cooler Screens CEO Arsen Avakian cut data feeds to over 100 Chicago-area stores in December 2023 during a contract dispute, prompting Walgreens to obtain a restraining order. Walgreens completed removal of 10,300 screens from 700 stores in August 2024, replacing them with traditional glass doors. The screens generated just $215 per door annually, less than half the contractual minimum, according to Walgreens. Nearly $50 million worth of custom-made screens now sit unused in a Texas warehouse.

Read more of this story at Slashdot.

Battery cars on Britain's roads are lasting as long as petrol and diesel cars, according to a study that has found a rapid improvement in electric vehicle reliability. From a report: An international team of researchers has estimated that an electric car will have a lifespan of 18.4 years, compared with 18.7 years for petrol cars and 16.8 years for diesels, according to a peer-reviewed study published on Friday in the journal Nature Energy. The findings were based on 300m records from compulsory annual MOT tests of roadworthiness. Automotive engineers have long suspected electric cars will be more reliable than petrol or diesel cars, because they contain many fewer moving parts. Data has been limited, however, because the earliest mass-market electric cars are only just reaching the end of their lives. The researchers, from the University of Birmingham, the London School of Economics, the University of California San Diego, and the University of Bern, Switzerland, used MOT data to estimate the failure rate of all cars -- ignoring scrappage in the first few years, which is most likely to be related to accidents. The analysis found that Tesla cars had the longest lifespan among battery cars.

Read more of this story at Slashdot.

Sony will cease production of recordable Blu-ray discs at its last factory in February, ending an 18-year manufacturing run amid declining demand for physical media. The Japanese electronics giant will also halt production of MiniDiscs and MiniDV cassettes. The company had already stopped making consumer recordable Blu-ray and optical disks in mid-2024, maintaining production only for business clients.

Read more of this story at Slashdot.

Meta plans to spend between $60 billion and $65 billion this year to build out AI infrastructure, CEO Mark Zuckerberg said on Friday, joining a wave of Big Tech firms unveiling hefty investments to capitalize on the technology. From a report: As part of the investment, Meta will build a more than 2-gigawatt data center that would be large enough to cover a significant part of Manhattan. The company -- one of the largest customers of Nvidia's coveted artificial intelligence chips -- plans to end the year with more than 1.3 million graphics processors. "This will be a defining year for AI," Zuckerberg said in a Facebook post. "This is a massive effort, and over the coming years it will drive our core products and business." Zuckerberg expects Meta's AI assistant -- available across its services, including Facebook and Instagram -- to serve more than 1 billion people in 2025, while its open-source Llama 4 would become the "leading state-of-the-art model."

Read more of this story at Slashdot.

Leaders at CERN, Europe's particle-physics laboratory in Geneva, Switzerland, will introduce financial incentives for academic publishers to adopt open science policies as part of the organization's collective agreement with 11 particle-physics journals. From a report: The current scheme sees those journals publish work from the field openly and at no cost to authors, in exchange for bulk payments. Under the newly launched initiative, CERN will pay more to publishers that adopt polices such as use of public or open peer review and linking research to data sets, and less to those that do not. Some open-science specialists say the policy could be a game-changer in encouraging transparent science. Others caution that it could set a precedent for publishers to boost their fees in exchange for becoming more open. "Particle physics is large, international, highly complex, highly dynamic. Openness is the only really effective way of practising science in the discipline," says Kamran Naim, head of open science at CERN. The move comes as a result of CERN's success in encouraging journals that publish its work to do so more openly, through a programme called the Sponsoring Consortium for Open Access Publishing in Particle Physics (SCOAP3). SCOAP3 launched in 2014 and its members include 3,000 libraries, research funders and research organizations worldwide, all of which contribute to a common fund at CERN. This is used to pay annual or quarterly lump sums to journals, in amounts depending on how many papers they publish. The initiative has so far supported the publication of more than 70,000 open-access articles. It has an annual budget of around $10.4 million.

Read more of this story at Slashdot.

Google will take firmer action against British businesses that use fake reviews to boost their star ratings on the search giant's reviews platform. From a report: The UK's Competition and Markets Authority (CMA) announced on Friday that Google has agreed to improve its processes for detecting and removing fake reviews, and will take action against the businesses and reviewers that post them. This includes deactivating the ability to add new reviews for businesses found to be using fake reviews, and deleting all existing reviews for at least six months if they repeatedly engage in suspicious review activity. Google will also place prominent "warning alerts" on the Google profiles of businesses using fake reviews to help consumers be more aware of potentially misleading feedback. Individuals who repeatedly post fake or misleading reviews on UK business pages will be banned and have their review history deleted, even if they're located in another country.

Read more of this story at Slashdot.

Chinese venture capital and private equity firm HongShan, formerly part of Sequoia, said on Friday it has struck a deal to acquire a majority stake in Marshall in a deal valuing the audio equipment maker at $1.15 billion.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can't be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives what's known in the business as a "magic packet." On Thursday, researchers revealed that a never-before-seen backdoor that quietly took hold of dozens of enterprise VPNs running Juniper Network's Junos OS has been doing just that. J-Magic, the tracking name for the backdoor, goes one step further to prevent unauthorized access. After receiving a magic packet hidden in the normal flow of TCP traffic, it relays a challenge to the device that sent it. The challenge comes in the form of a string of text that's encrypted using the public portion of an RSA key. The initiating party must then respond with the corresponding plaintext, proving it has access to the secret key. The lightweight backdoor is also notable because it resided only in memory, a trait that makes detection harder for defenders. The combination prompted researchers at Lumin Technology's Black Lotus Lab to sit up and take notice. "While this is not the first discovery of magic packet malware, there have only been a handful of campaigns in recent years," the researchers wrote. "The combination of targeting Junos OS routers that serve as a VPN gateway and deploying a passive listening in-memory only agent, makes this an interesting confluence of tradecraft worthy of further observation." The researchers found J-Magic on VirusTotal and determined that it had run inside the networks of 36 organizations. They still don't know how the backdoor got installed.

Read more of this story at Slashdot.

The U.S. may have led China in the AI race for the past decade, according to Alexandr Wang, CEO of Scale AI, but on Christmas Day, everything changed. From a report: Wang, whose company provides training data to key AI players including OpenAI, Google and Meta , said Thursday at the World Economic Forum in Davos, Switzerland, that DeepSeek, the leading Chinese AI lab, released an "earth-shattering model" on Christmas Day, then followed it up with a powerful reasoning-focused AI model, DeepSeek-R1, which competes with OpenAI's recently released o1 model. "What we've found is that DeepSeek ... is the top performing, or roughly on par with the best American models," Wang said. In an interview with CNBC, Wang described the artificial intelligence race between the U.S. and China as an "AI war," adding that he believes China has significantly more Nvidia H100 GPUs -- AI chips that are widely used to build leading powerful AI models -- than people may think, especially considering U.S. export controls. [...] "The United States is going to need a huge amount of computational capacity, a huge amount of infrastructure," Wang said, later adding, "We need to unleash U.S. energy to enable this AI boom." DeepSeek's holding company is a quant firm, which happened to have a lot of GPUs for trading and mining. DeepSeek is their "side project."

Read more of this story at Slashdot.

Longtime Slashdot readers smooth wombat and AmiMoJo shares a fusion energy breakthrough from China. Charming Science reports: China's "artificial sun," officially known as the Experimental Advanced Superconducting Tokamak (EAST), has achieved a groundbreaking milestone in fusion energy research. According to the Chinese Academy of Sciences (CAS), EAST recently sustained high-confinement plasma operation for an unprecedented 1,066 seconds, shattering the previous world record of 403 seconds, also set by EAST in 2023. [...] The 1,000-second mark is considered a critical threshold in fusion research. Sustaining plasma for such extended durations is essential for demonstrating the feasibility of operating fusion reactors. This breakthrough, accomplished by the Institute of Plasma Physics under the CAS, signifies a major leap towards realizing the potential of fusion energy. [...] The success of EAST's recent experiment can be attributed to several key advancements. Researchers have made significant strides in improving the stability of the heating system, enhancing the accuracy of the control system, and refining the precision of the diagnostic systems. Warning: the source originates from China Daily, an English-language daily newspaper owned by the Central Propaganda Department of the Chinese Communist Party. It's rated "questionable" by Media Bias/Fact Check because of its association with the CCP.

Read more of this story at Slashdot.

President Donald Trump signed an executive order on AI Thursday that will revoke past government policies his order says "act as barriers to American AI innovation." From a report: To maintain global leadership in AI technology, "we must develop AI systems that are free from ideological bias or engineered social agendas," Trump's order says. The new order doesn't name which existing policies are hindering AI development but sets out to track down and review "all policies, directives, regulations, orders, and other actions taken" as a result of former President Joe Biden's sweeping AI executive order of 2023, which Trump rescinded Monday. Any of those Biden-era actions must be suspended if they don't fit Trump's new directive that AI should "promote human flourishing, economic competitiveness, and national security." Last year, the Biden administration issued a policy directive that said U.S. federal agencies must show their artificial intelligence tools aren't harming the public, or stop using them. Trump's order directs the White House to revise and reissue those directives, which affect how agencies acquire AI tools and use them.

Read more of this story at Slashdot.

Longtime Slashdot reader schwit1 shares a report from MotorTrend: A coming ground-fault circuit-interrupter revision could make slow-charging your car nearly impossible. The National Fire Protection Agency (NFPA) publishes a new National Electric Code every three years, and we almost never notice or care. But the next one, NFPA 70 2026, has the Society of Automotive Engineers (SAE) electric-vehicle charging subcommittee, OEMs, and companies in the EV Supply Equipment (EVSE, or charger) biz mightily concerned. That's because it proposes to require the same exact ground-fault circuit-interrupter protection that makes you push that little button on your bathroom outlet every time the curling iron won't heat up. Only now, that reset button will often be down in an electric panel, maybe locked in a room where you can't reset it. If EV drivers can't reliably plug in and expect their cars to charge overnight at home or while at work, those cars will become far less practical. [...] The national code doesn't care what you're plugging in, but vehicle chargers deserve their own carve-out. That's because no current ever flows until the charger has verified a solid ground connection from car to charger and from charger to electrical panel. They also include their own GFPE (Ground Fault Protection of Equipment), which is intended to protect equipment and is permitted to trip at values larger than 5mA, often in the 15-20mA range. That's why this new code REALLY needs to set a higher supply-side cutout (like what is allowed for marine vehicle shore power, which is up to 30mA). Because even if the Special Purpose GFCI with its 15-20mA trip level were allowed, it would be a 50/50 chance that any fault would trip the electrical-supply breaker or the device's internal breaker. But while the device is programmed to automatically reset and try again, the panel requires a manual reset. There is one EV-charger carve-out: Bi-directional chargers are exempt. This problematic application of 5 mA trip to most 240-volt equipment was added into this regulation late, during a second draft, and now the only way to head it off is for interested parties (SAE, OEMs, and EVSE manufacturers) to register their notice of motion in February for consideration in March. This isn't a government regulation, so it's utterly unaffected by the change in federal administration. These are functionary folks with minimal experience of EV charging, so the arguments must aim to convince the NFPA that implementing this code as is could grossly embarrass the Agency. (Understanding that any such embarrassment will only arise after buildings and projects are completed under the new code.)

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Verge: TerraPower, a nuclear energy startup founded by Bill Gates, struck a deal this week with one of the largest data center developers in the US to deploy advanced nuclear reactors. TerraPower and Sabey Data Centers (SDC) are working together on a plan to run existing and future facilities on nuclear energy from small reactors. A memorandum of understanding signed by the two companies establishes a "strategic collaboration" that'll initially look into the potential for new nuclear power plants in Texas and the Rocky Mountain region that would power SDC's data centers. [...] There's still a long road ahead before that can become a reality. The technology TerraPower and similar nuclear energy startups are developing still have to make it through regulatory hurdles and prove that they can be commercially viable. Compared to older, larger nuclear power plants, the next generation of reactors are supposed to be smaller and easier to site. Nuclear energy is seen as an alternative to fossil fuels that are causing climate change. But it still faces opposition from some advocates concerned about the impact of uranium mining and storing radioactive waste near communities. TerraPower's reactor design for this collaboration, Natrium, is the only advanced technology of its kind with a construction permit application for a commercial reactor pending with the U.S. Nuclear Regulatory Commission, according to the company. The company just broke ground on a demonstration project in Wyoming last year, and expects it to come online in 2030.

Read more of this story at Slashdot.

The World Economic Forum's Global Risks Report 2025 (PDF) highlights misinformation as the top global risk due to generative AI tools and state-sponsored campaigns undermining democratic systems, while cyberespionage ranks as a persistent threat with inadequate cyber resilience, especially among small organizations. From a report: The manipulation of information through gen AI and state-sponsored campaigns is disrupting democratic systems and undermining public trust in critical institutions. Efforts to combat this risk have a "formidable opponent" in gen AI-created false or misleading content that can be produced and distributed at scale, the report warned. Misinformation campaigns in the form of deepfakes, synthetic voice recordings or fabricated news stories are now a leading mechanism for foreign entities to influence "voter intentions, sow doubt among the general public about what is happening in conflict zones, or tarnish the image of products or services from another country." This is especially acute in India, Germany, Brazil and the United States. Concern remains especially high following a year of the so-called "super elections," which saw heightened state-sponsored campaigns designed to manipulate public opinion. But while it has become increasingly difficult to distinguish AI-generated fake content from human-generated one, AI technologies, in itself, is low in WEF's risk ranking. In fact, it has declined in the two-year outlook, from 29 in last year's report to 31 this year. Cyberespionage and warfare continue to be a reason for unease for most organizations, ranked fifth in the global risk landscape. According to the report, one in three CEOs cited cyberespionage and intellectual property theft as their top concerns in 2024. Seventy-one percent of chief risk officers say cyber risk and criminal activity such as money laundering and cybercrime could severely impact their organizations, while 45% of cyber leaders are concerned about disruption of operations and business processes, according to WEF's Global Cybersecurity Outlook 2025 report. The rising likelihood of threat actor activity and sophisticated technological disruption is listed as immediate concerns among security leaders.

Read more of this story at Slashdot.

Epic Games is expanding its mobile app store to include nearly 20 third-party games on Android and EU iOS, launching a free games program, and temporarily covering Apple's Core Technology Fee for participating developers to counter platform restrictions. "Our aim here isn't just to launch a bunch of different stores in different places, but to build a single, cross-platform store in which, within the era of multi-platform games, if you buy a game or digital items in one place, you have the ability to own them everywhere," Epic CEO Tim Sweeney told reporters during a press briefing. The Verge reports: Under the program, Epic will offer new free games in the store each month before eventually switching to a weekly schedule. However, the games aren't actually in the store yet -- Epic said on Thursday that it "ran into a few bugs that we're working through now" and "we'll provide an update once the games are live and ready to play!" To sweeten the deal for developers that participate in the free games program on iOS, Epic will help defray the cost of using third-party marketplaces. For one year, it will pay these developers' Core Technology Fee (CTF): a 50 euro cent fee levied on every install of an iOS app that uses third-party stores after it exceeds 1 million annual downloads. (Apple gives developers with less than 10 million euros in global revenue a three-year on-ramp.) [...] Epic writes in its blog post that covering the fee "is not financially viable for every third party app store or for Epic long term, but we'll do it while the European Commission investigates Apple's non-compliance with the law."

Read more of this story at Slashdot.

The Linux 6.14 kernel now maps out support for Microsoft's "Copilot" key "so that user-space software can determine the behavior for handling that key's action on the Linux desktop," writes Phoronix's Michael Larabel. From the report: A change made to the atkbd keyboard driver on Linux now maps the F23 key to support the default copilot shortcut action. The patch authored by Lenovo engineer Mark Pearson explains [...]. Now it's up to the Linux desktop environments for determining what to do if the new Copilot key is pressed. The patch was part of the input updates now merged for the Linux 6.14 kernel.

Read more of this story at Slashdot.

An anonymous reader quotes a report from SFGATE: The same morning that JetBlue Airways announced that it was the first airline partnering with Venmo to begin accepting payments for booking flights, an account on the popular payment platform was already raking in money. A Venmo user named Owen Miller paid the JetBlue Checkpoint Store for a drink on Wednesday morning, which is a typical transaction between a traveler and airline, except for the fact that JetBlue doesn't operate that account. "At this time, JetBlue does not accept Venmo payment for inflight purchases such as food and beverages," a representative for the airline told SFGATE in an email. "Unfortunately, we have seen accounts falsely representing themselves as JetBlue to deceive and defraud customers." To stay safe from scammers when booking JetBlue flights with Venmo, the airline recommends customers only use verified JetBlue channels, such as their official website or app, and follow their secure payment process using the provided QR code. JetBlue said it plans to fold Venmo payments into its mobile app later this year.

Read more of this story at Slashdot.

Intel is advocating for modular PC designs to improve repairability, reduce e-waste, and align with the right-to-repair movement. A trio of executives makes their case for such designs in a recent blog post. The Register reports: Intel's approach to the problem is to draft three proposals targeting different market segments, saying that a one-size-fits-all approach would not be able to address the nuanced demands of these varied segments. Those three segments comprise "Premium Modular PC" (actually a laptop design); "Entry/Mainstream Modular PC" (another laptop); and "Desktop Modular PC." The first envisages a three-board system, comprising a core motherboard plus universal left and right I/O boards, the latter engineered to be common across fan-less Thin & Light designs with a 10W power envelope, and premium fanned designs for up to 20W or 30W. The Entry/Mainstream Modular PC is similar, with a core motherboard and left and right I/O boards, although in this segment, Intel says these can be redesigned to allow multiple SKUs of the design. The circuit boards are also cost-optimized here to cater to the mainstream segment, it says. The Desktop Modular PC design appears from Intel's diagram to use a midplane that has the Platform Controller Hub (PCH) silicon, with other modules connecting to this. These include CPU, memory, and GPU modules, removable using slide rails, along with hot-swappable storage, all designed to fit inside a 5 liter desktop chassis. Intel also said it is introducing subsystem-level replaceable modules. In practice, this means something like a Type-C connector on a flexible printed circuit (FPC) or an M.2 circuit board. The idea is that the module can easily be swapped out if the port or connector is damaged.

Read more of this story at Slashdot.

President Trump signed an executive order on Thursday that "sets a federal agenda meant to move U.S. digital assets businesses into friendly oversight," reports CoinDesk. The order creates a cryptocurrency working group tasked with proposing a new regulatory framework for digital assets. It will be "made up of the Treasury secretary, attorney general and chairs of the Securities and Exchange Commission and Commodity Futures Trading Commission, along with other agency heads," notes Reuters. The directive also explores the creation of a "national digital asset stockpile," orders protections for banking services for crypto companies, and bans the creation of central bank digital currencies which could compete with existing cryptocurrencies.

Read more of this story at Slashdot.