Microsoft said in a blog post this week that "over half of cyberattacks with known motives were driven by extortion or ransomware... while attacks focused solely on espionage made up just 4%." And Microsoft's annual digital threats report found operations expanding even more through AI, with cybercriminals "accelerating malware development and creating more realistic synthetic content, enhancing the efficiency of activities such as phishing and ransomware attacks." [L]egacy security measures are no longer enough; we need modern defenses leveraging AI and strong collaboration across industries and governments to keep pace with the threat... Over the past year, both attackers and defenders harnessed the power of generative AI. Threat actors are using AI to boost their attacks by automating phishing, scaling social engineering, creating synthetic media, finding vulnerabilities faster, and creating malware that can adapt itself... For defenders, AI is also proving to be a valuable tool. Microsoft, for example, uses AI to spot threats, close detection gaps, catch phishing attempts, and protect vulnerable users. As both the risks and opportunities of AI rapidly evolve, organizations must prioritize securing their AI tools and training their teams... Amid the growing sophistication of cyber threats, one statistic stands out: more than 97% of identity attacks are password attacks. In the first half of 2025 alone, identity-based attacks surged by 32%. That means the vast majority of malicious sign-in attempts an organization might receive are via large-scale password guessing attempts. Attackers get usernames and passwords ("credentials") for these bulk attacks largely from credential leaks. However, credential leaks aren't the only place where attackers can obtain credentials. This year, we saw a surge in the use of infostealer malware by cybercriminals... Luckily, the solution to identity compromise is simple. The implementation of phishing-resistant multifactor authentication (MFA) can stop over 99% of this type of attack even if the attacker has the correct username and password combination. "Security is not only a technical challenge but a governance imperative..." Microsoft adds in their blog post. "Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violates international rules." (The report also found that America is the #1 most-targeted country — and that many U.S. companies have outdated cyber defenses.) But while "most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit," Microsoft writes that nation-state threats "remain a serious and persistent threat." More details from the Associated Press: Russia, China, Iran and North Korea have sharply increased their use of artificial intelligence to deceive people online and mount cyberattacks against the United States, according to new research from Microsoft. This July, the company identified more than 200 instances of foreign adversaries using AI to create fake content online, more than double the number from July 2024 and more than ten times the number seen in 2023. Examples of foreign espionage cited by the article: China is continuing its broad push across industries to conduct espionage and steal sensitive data... Iran is going after a wider range of targets than ever before, from the Middle East to North America, as part of broadening espionage operations.. "[O]utside of Ukraine, the top ten countries most affected by Russian cyber activity all belong to the North Atlantic Treaty Organization (NATO) — a 25% increase compared to last year." North Korea remains focused on revenue generation and espionage... There was one especially worrying finding. The report found that critical public services are often targeted, partly because their tight budgets limit their incident response capabilities, "often resulting in outdated software.... Ransomware actors in particular focus on these critical sectors because of the targets' limited options. For example, a hospital must quickly resolve its encrypted systems, or patients could die, potentially leaving no other recourse but to pay."

Read more of this story at Slashdot.

There has already been hardware monitoring support and other functionality in place under Linux for various AYANEO devices while a new platform driver is being worked on for the new AYANEO 3 device...

At the start of the calendar year there was a proposal for a new GCC front-end for the Algol 68 programming language. GCC developers deferred merging Algol 68 support into GCC for this rarely talked about vintage programming language. But as talked about back at the GNU Tools Cauldron 2025, the developer is still working on the support. Sure enough, this week brought a new version of this GCC front-end...

Posted to the Linux kernel mailing list one month ago were patches for a multi-kernel architecture design to allow multiple independent kernel instances to co-exist on the same single physical machine. This could let some CPU cores be running real-time "RT" kernels or other non-traditional uses between CPU cores. It wasn't clear how far the multi-kernel patches would get especially with some initial negative views toward it and Bytedance separately proposing "Parker" for multi-kernel usage just days later. In any event, today a second version of the multi-kernel Linux patches were posted...

The Guardian reports that atmospheric carbon dioxide "soared by a record amount in 2024 to hit another high, UN data shows." But what's more troubling is why: Several factors contributed to the leap in CO2, including another year of unrelenting fossil fuel burning despite a pledge by the world's countries in 2023 to "transition away" from coal, oil and gas. Another factor was an upsurge in wildfires in conditions made hotter and drier by global heating. Wildfire emissions in the Americas reached historic levels in 2024, which was the hottest year yet recorded. However, scientists are concerned about a third factor: the possibility that the planet's carbon sinks are beginning to fail. About half of all CO2 emissions every year are taken back out of the atmosphere by being dissolved in the ocean or being sucked up by growing trees and plants. But the oceans are getting hotter and can therefore absorb less CO2 while on land hotter and drier conditions and more wildfires mean less plant growth... Atmospheric concentrations of methane and nitrous oxide — the second and third most important greenhouse gases related to human activities — also rose to record levels in 2024. About 40% of methane emissions come from natural sources. But scientists are concerned that global heating is leading to more methane production in wetlands, another potential feedback loop. Thanks to long-time Slashdot reader mspohr for sharing the article.

Read more of this story at Slashdot.

An anonymous reader shared this report from Gizmodo: It's been over a year since OpenAI cofounder Andrej Karpathy exited the company. In the time since he's been gone, he coined and popularized the term "vibe coding" to describe the practice of farming out coding projects to AI tools. But earlier this week, when he released his own open source model called nanochat, he admitted that he wrote the whole thing by hand, vibes be damned. Nanochat, according to Karpathy, is a "minimal, from scratch, full-stack training/inference pipeline" that is designed to let anyone build a large language model with a ChatGPT-style chatbot interface in a matter of hours and for as little as $100. Karpathy said the project contains about 8,000 lines of "quite clean code," which he wrote by hand — not necessarily by choice, but because he found AI tools couldn't do what he needed. "It's basically entirely hand-written (with tab autocomplete)," he wrote. "I tried to use claude/codex agents a few times but they just didn't work well enough at all and net unhelpful."

Read more of this story at Slashdot.

Repair Plan Underway to Restore Power at Ukrainian Nuclear Plant The Associated Press reports: Work has begun to repair the damaged power supply to Ukraine's Zaporizhzhia nuclear power plant, the head of the U.N.'s nuclear watchdog said Saturday. The repairs are hoped to end a precarious four-week outage that saw it dependent on backup generators. Russian and Ukrainian forces established special ceasefire zones for repairs to be safely carried out, said the head of the International Atomic Energy Agency, Rafael Grossi... "Both sides engaged constructively with the IAEA to enable the complex repair plan to proceed," Grossi said in a statement... The Zaporizhzhia plant, Europe's largest nuclear power station, has been operating on diesel back-up generators since Sept. 23 when its last remaining external power line was severed in attacks that Russia and Ukraine each blamed on the other. The plant is in an area under Russian control since early in Moscow's full-scale invasion of Ukraine and is not in service, but it needs reliable power to cool its six shutdown reactors and spent fuel, to avoid any catastrophic nuclear incidents.

Read more of this story at Slashdot.

FreeBSD 15.0 Beta 2 is out as the newest weekly test release of FreeBSD working its way toward a stable release in early December...

Long-time Slashdot reader fjo3 shares an announcement from the U.S.-based nonprofit Consumer Reports: Protein powders still carry troubling levels of toxic heavy metals, according to a new Consumer Reports (CR) investigation. Our latest tests of 23 protein powders and ready-to-drink shakes from popular brands found that heavy metal contamination has become even more common among protein products, raising concerns that the risks are growing right alongside the industry itself. For more than two-thirds of the products we analyzed, a single serving contained more lead than CR's food safety experts say is safe to consume in a day — some by more than 10 times... [I]n addition to the average level of lead being higher than what we found 15 years ago, there were also fewer products with undetectable amounts of it. The outliers also packed a heavier punch. Naked Nutrition's Vegan Mass Gainer powder, the product with the highest lead levels, had nearly twice as much lead per serving as the worst product we analyzed in 2010. Nearly all the plant-based products CR tested had elevated lead levels, but some were particularly concerning. Two had so much lead that CR's experts caution against using them at all... Dairy-based protein powders and shakes generally had the lowest amounts of lead, but half of the products we tested still had high enough levels of contamination that CR's experts advise against daily use... Unlike prescription and over-the-counter drugs, the Food and Drug Administration doesn't review, approve, or test supplements like protein powders before they are sold. Federal regulations also don't generally require supplement makers to prove their products are safe, and there are no federal limits for the amount of heavy metals they can contain. The article acknowledges that "Many of these powders are fine to have occasionally, and even those with the highest lead levels are far below the concentration needed to cause immediate harm. That said, because most people don't actually need protein supplements — nutrition experts say the average American already gets plenty — it makes sense to ask whether these products are worth the added exposure."

Read more of this story at Slashdot.

"A new study published on Monday found that communications from cellphone carriers, retailers, banks, and even militaries are being broadcast unencrypted through geostationary satellites..." reports Gizmodo. "The team obtained unencrypted internet communications from U.S. military sea vessels and even communications regarding narcotics trafficking from Mexican military and law enforcement." Researchers from the University of California, San Diego (UCSD) and the University of Maryland scanned 39 of these satellites from a rooftop in Southern California over three years. They found that roughly half of the signals they analyzed were transmitting unencrypted data, potentially exposing everything from phone calls and military logistics to a retail chain's inventory. "There is a clear mismatch between how satellite customers expect data to be secured and how it is secured in practice," the researchers wrote in their paper titled "Don't Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites...." "They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security," Aaron Schulman, a UCSD professor and co-lead of the study, told Wired.... Even more surprisingly, the researchers didn't need any fancy spy gear to collect this data. Their setup used only off-the-shelf hardware, including a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card. Altogether, the system cost roughly $750 and was installed on a university building in La Jolla, San Diego. With their simple setup, the researchers were able to collect a wide range of communication data, including phone calls, texts, in-flight Wi-Fi data from airline passengers, and signals from electric utilities. They even obtained U.S. and Mexican military and law enforcement communications, as well as ATM transactions and corporate communications... When it came to telecoms, specifically, the team collected phone numbers, calls, and texts from customers of T-Mobile, AT&T Mexico, and Telmex... It only took the team nine hours to collect the phone numbers of over 2,700 T-Mobile users, along with some of their calls and text messages. T-Mobile told Gizmodo the lack of encryption was "a vendor's technical misconfiguration" affecting "a limited number of cell sites" and was "not network-wide... [W]e implemented nationwide Session Initiation Protocol (SIP) encryption for all customers to further protect signaling traffic as it travels between mobile handsets and the network core, including call set up, numbers dialed and text message content. We appreciate our collaboration with the security research community, whose work helps reinforce our ongoing commitment to protecting customer data and enhances security across the industry." Indeed, the researchers write that "Each time we discovered sensitive information in our data, we went through considerable effort to determine the responsible party, establish contact, and disclose the vulnerability. In several cases, the responsible party told us that they had deployed a remedy. For the following parties, we re-scanned with their permission and were able to verify a remedy had been deployed: T-Mobile, WalMart, and KPU." The researchers acknowledge that exposure "was limited to a relatively small number of cell towers in specific remote areas."

Read more of this story at Slashdot.

Back during the Linux 6.18 merge window Linus Torvalds commented on "mindless and completely crazy Rust format checking" and that the RUst format checking "is all bass-ackwards garbage" with condensing multi-line import statements into single lines. Merged minutes ago to Linux Git ahead of tomorrow's Linux 6.18-rc2 are fixes to the Rust format checking and updated guidelines to address Torvalds' criticism...

It's the world's largest network of environmental groups, according to NBC News, with more than 1,400 members from roughly 160 countries. It meets once every four years. And in a vote Tuesday, the International Union for Conservation of Nature "approved further exploration of the use of genetic engineering tools to aid in the preservation of animal species and other living organisms." Researchers are already pursuing projects that involve changing some species' DNA. Scientists are genetically modifying mosquitoes to reduce transmission of diseases like malaria, for example, and synthesizing horseshoe crab blood, which is used in drug development. Controversial efforts to "de-extinct" archaic creatures — such as the so-called "dire wolf" that a biosciences company announced it had revived this spring — fall under the umbrella, as well. So do possibilities like modifying organisms to help them adapt to a warming world, which are on the table but further off in development.... The decision is applicable to work on a range of organisms, including animals, plants, yeasts and bacteria.... The notion of introducing genetic engineering into wild ecosystems would have been considered a nonstarter in most conservation circles a decade ago, according to Jessica Owley [a professor and environment law program director at the University of Miami]. But the intensifying effects of climate change and other stressors to biodiversity are bolstering arguments in favor of human intervention that could make endangered species resistant to those threats... The IUCN vote, she added, reflects a feeling of desperation among conservationists and governments, as existing regulations and conservation efforts fall short and species continue to disappear worldwide. "A separate measure, a proposed moratorium on releasing genetically modified organisms into the environment, failed by a single vote..."

Read more of this story at Slashdot.

"Windows 10 is officially dead," writes Slashdot user darwinmac, "and the vultures are circling. Or maybe they are liberators, depending on your point of view." Neowin reports: Of all the projects trying to poach Windows users, Zorin Group might be the most aggressive, launching its biggest OS upgrade, Zorin OS 18, on the very day Windows 10 died. In a recent post on X, Zorin Group celebrated the launch of version 18, claiming that it hit 100,000 downloads in "a little over 2 days". The company called it its "biggest launch ever" and claimed that over 72% of those downloads came from Windows... Zorin OS 18 now includes an updated version of WINE 10 for better support of Windows software. On top of that, there's also an expanded database that helps when it detects a Windows installer. The system checks the file and suggests the best way to run over 170 popular apps, whether that means installing a native Linux version, using the web-based alternative, or firing it up through WINE. The article also notes LibreOffice's creators have been presenting Linux as a secure and cost-effective alternative since June, and "We have also seen initiatives like The "End of 10" Campaign by KDE, making the case for Linux and providing guides and info on how to switch."

Read more of this story at Slashdot.

"Earlier available only to the paying subscribers, the Comet browser now offers its core features to all users at no cost," writes the Times of India. "This includes AI-powered search, contextual recommendations, and integrated tools designed to streamline research and content discovery." They say the move reflects the Chromium-based browser's goal to "compete with incumbents like Google Chrome and Microsoft Edge" — but also reflects Perplexity's "broader mission to democratize AI tools." More details from The Verge: The internet is better on Comet," the company says, promising to remain free forever as it styles the browser as a serious challenger to Google's Chrome... It's supposed to make surfing the web simpler and help you with tasks like shopping, booking trips, and general life admin. To borrow the company's words again: you "get more done." The AI-powered browser launched in July, though was only available for users who subscribed to the $200 per month Perplexity Max plan... No subscription at all will be needed to use Comet going forward, the company says. Perplexity has even struck deals with major sites including the Washington Post, and the Los Angeles Times to offer free access to their sites for one month through the Comet browser. And last week Perplexity also launched an agressive paid referral program, where active Perplexity Pro/Max subscribers get a payout of up to $15 for each friend who downloads and uses Comet through their affiliate link. (The payout size is based on the friend's country, with $15 being the payout amount for a U.S. user, with $10 payouts for users in 19 other countries include Canada, Australia, the U.K., several EU countries, Japan, and South Korea. In addition, Srinivas has been sharing positive tweets about Comet. (Like "This is unbelievable. Comet automatically hunts down Sora 2 invite codes across the web and signs you up!") But Perplexity is making even bigger claims for its browser: Perplexity AI CEO Aravind Srinivas said that the Comet AI browser can improve productivity so that companies won't need to hire more people. "Instead of hiring one more person on your team, you could just use Comet to supplement all the work that you're doing," Srinivas told CNBC's "Squawk Box"... The CEO said the artificial intelligence-powered web browser is a "true personal assistant" that allows users to complete more tasks in the same amount of time and said that the productivity gained could be worth $10,000 per year for a single person... Other tech companies have also been rolling out their own AI browser assistants. In January, OpenAI introduced its web agent, Operator, and Google released Gemini AI to its Chrome browser in September. Meanwhile, The Verge adds, The Browser Company (makers of the Arc browser) "is going all in on Dia, and Opera just launched its own AI browser, Neon." Of course, popularity brings problems, writes the Times of India: iPhone users are being warned by Perplexity CEO Aravind Srinivas against downloading a fake 'Comet' app on the App Store. He clarified that the official iOS version is not yet released and the current listing is unauthorized spam.. And earlier this month the browser security platform described a "CometJacking" attack where malicious prompts could be hidden in URLs (as a parameter). Comet is instructed "to look for data in memory and connected services (e.g., Gmail, Calendar), encode the results (e.g., base64), and POST them to an attacker-controlled endpoint... all while appearing to the user as a harmless 'ask the assistant' flow." (And with some trivial encoding it also seems to evade exfiltration checks.) The Hacker News reported that Perplexity has classified the findings as "no security impact."

Read more of this story at Slashdot.

Concrete accounts for about 8% of the world's greenhouse gas emissions, notes CNN. But a research team at the University of Pennsylvania just used a robotic 3D printer to construct a bridge with "complex, lattice-like patterns" that are just as strong and durable — but with materials that absorb more carbon dioxide. Check out the photos of the "Diamanti" projects "post-tensioned concrete canopy". And CNN's report includes an animated photo showing the 3D printer in action: While most regular concrete absorbs carbon dioxide (up to 30% of its production emissions over its entire life cycle, according to some research), Diamanti's enhanced concrete mixture absorbs 142% more carbon dioxide than conventional concrete mixes. Its first design, a pedestrian bridge, uses 60% less material while retaining mechanical strength, says Masoud Akbarzadeh, an associate professor of architecture at the University of Pennsylvania and director of the lab that spearheaded the project. "Through millions of years of evolution, nature has learned that you don't need material everywhere," says Akbarzadeh. "If you take a cross section of a bone, you realize that bone is quite porous, but there are certain patterns within which the load (or weight) is transferred." By mimicking the structures in certain porous bones — known as triply periodic minimal surface (TPMS) structures — âDiamanti also increased the surface area of the bridge, increasing the concrete mixture's carbon absorption potential by another 30%... According to Akbarzadeh, 3D printing reduces construction time, material, and energy use by 25%, and its structural system reduces the need for steel by 80%, minimizing use of another emissions-heavy material. He added that using the technique with Diamanti's concrete significantly cuts greenhouse gas emissions compared to regular construction techniques, and reduces construction costs by 25% to 30%. "Even without the material innovation, the higher surface itself allows higher CO2 absorption," one engineering lecturer tells CNN. The project was a collaboration with chemical company Sika, funded with grants from the U.S. Energy Department, and is now preparing its first full-size prototype in France. The team has published their findings in the journal Advanced Functional Materials earlier this year.

Read more of this story at Slashdot.

Des fois, les récapitulatifs sont courts. Heureusement, certains tests sont longs, ce qui permet de passer un peu plus de temps à découvrir de nouveaux produits. Faisons le point ! […]

Lire la suite

The James Webb Space Telescope gets its highest resolution with the aperture masking interferometer (or AMI), "a tiny piece of precisely machined metal that slots into one of the telescope's cameras," according to a new article by Benjamin Pope, an associated math professor at Macquarie University. "We can finally present its first successful observations of stars, planets, moons and even black hole jets." [AMI] was put on Webb to diagnose and measure any blur in its images. Even nanometres of distortion in Webb's 18 hexagonal primary mirrors and many internal surfaces will blur the images enough to hinder the study of planets or black holes, where sensitivity and resolution are key. AMI filters the light with a carefully structured pattern of holes in a simple metal plate, to make it much easier to tell if there are any optical misalignments. We wanted to use this mode to observe the birth places of planets, as well as material being sucked into black holes. But before any of this, AMI showed Webb wasn't working entirely as hoped. At very fine resolution — at the level of individual pixels — all the images were slightly blurry due to an electronic effect: brighter pixels leaking into their darker neighbours. This is not a mistake or flaw, but a fundamental feature of infrared cameras that turned out to be unexpectedly serious for Webb. This was a dealbreaker for seeing distant planets many thousands of times fainter than their stars a few pixels away: my colleagues quickly showed that its limits were more than ten times worse than hoped. So, we set out to correct it... We built a computer model to simulate AMI's optical physics, with flexibility about the shapes of the mirrors and apertures and about the colours of the stars. We connected this to a machine learning model to represent the electronics with an "effective detector model" — where we only care about how well it can reproduce the data, not about why. After training and validation on some test stars, this setup allowed us to calculate and undo the blur in other data, restoring AMI to full function. It doesn't change what Webb does in space, but rather corrects the data during processing. It worked beautifully — the star HD 206893 hosts a faint planet and the reddest-known brown dwarf (an object between a star and a planet). They were known but out of reach with Webb before applying this correction. Now, both little dots popped out clearly in our new maps of the system... With the new correction, we brought Jupiter's moon Io into focus, clearly tracking its volcanoes as it rotates over an hour-long timelapse. "This correction has opened the door to using AMI to prospect for unknown planets at previously impossible resolutions and sensitivities..." the article points out. "Our results on painstakingly testing and enhancing AMI are now released on the open-access archive arXiv in a pair of papers." Thanks to long-time Slashdot reader schwit1 for sharing the article.

Read more of this story at Slashdot.