A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. From a report: Visual Studio Code (VSCode) is a source code editor published by Microsoft and used by many professional software developers worldwide. Microsoft also operates an extensions market for the IDE, called the Visual Studio Code Marketplace, which offers add-ons that extend the application's functionality and provide more customization options. Previous reports have highlighted gaps in VSCode's security, allowing extension and publisher impersonation and extensions that steal developer authentication tokens. There have also been in-the-wild findings that were confirmed to be malicious.

Read more of this story at Slashdot.

Security researchers say they believe financially motivated cybercriminals have stolen a "significant volume of data" from hundreds of customers hosting their vast banks of data with cloud storage giant Snowflake. TechCrunch: Incident response firm Mandiant, which is working with Snowflake to investigate the recent spate of data thefts, said in a blog post Monday that the two firms have notified around 165 customers that their data may have been stolen. It's the first time that the number of affected Snowflake customers has been disclosed since the account hacks began in April. Snowflake has said little to date about the attacks, only that a "limited number" of its customers are affected. The cloud data giant has more than 9,800 corporate customers, like healthcare organizations, retail giants and some of the world's largest tech companies, which use Snowflake for data analytics.

Read more of this story at Slashdot.

Microplastic pollution has been found in all human semen samples tested in a study, and researchers say further research on the potential harm to reproduction is "imperative." From a report: Sperm counts in men have been falling for decades and 40% of low counts remain unexplained, although chemical pollution has been implicated by many studies. The 40 semen samples were from healthy men undergoing premarital health assessments in Jinan, China. Another recent study found microplastics in the semen of six out of 10 healthy young men in Italy, and another study in China found the pollutants in half of 25 samples. Recent studies in mice have reported that microplastics reduced sperm count and caused abnormalities and hormone disruption. Research on microplastics and human health is moving quickly and scientists appear to be finding the contaminants everywhere. The pollutants were found in all 23 human testicle samples tested in a study published in May. Microplastics have also recently been discovered in human blood, placentas and breast milk, indicating widespread contamination of people's bodies. The impact on health is as yet unknown but microplastics have been shown to cause damage to human cells in the laboratory.

Read more of this story at Slashdot.

An anonymous reader shares a report: A study claims to have proof of what some have suspected: return to office mandates are just back-channel layoffs and post-COVID work culture is making everyone miserable. HR software biz BambooHR surveyed more than 1,500 employees, a third of whom work in HR. The findings suggest the return to office movement has been a poorly-executed failure, but one particular figure stands out - a quarter of executives and a fifth of HR professionals hoped RTO mandates would result in staff leaving. While that statistic essentially admits the quiet part out loud, there was some merit to that belief. People did quit when RTO mandates were enforced at many of the largest companies, but it wasn't enough, the study reports. More than a third (37 percent) of respondents in leadership roles believed their employers had undertaken layoffs in the past 12 months as a result of too few people quitting in protest of RTO mandates, the study found. Nearly the same number thought their management wanted employees back in the office to monitor them more closely. The end result has been the growth of a different office culture, one that's even more performative, suspicious, and divisive than before the COVID pandemic, the study concludes.

Read more of this story at Slashdot.

Microsoft has announced a new lineup of Xbox consoles, including an all-digital white Xbox Series X with a 1TB SSD, priced at $450. The company is also retiring the Carbon Black Series S, replacing it with a white version featuring a 1TB SSD and a $350 price point. Additionally, a new Xbox Series X with a disc drive and 2TB of storage will launch for $600. The move comes as Microsoft continues to focus on digital gaming and subscription services like Game Pass, with reports suggesting that the PS5 is outselling Xbox Series consoles 2:1. The shift has led to minimal physical Xbox game sections in stores and some first-party titles, like Hellblade 2, not receiving physical releases. Despite rumors of a multiplatform approach, Microsoft maintains its commitment to its own gaming machines, promising a new "next-gen" console in the future, potentially utilizing generative-AI technology. Further reading: Upcoming Games Include More Xbox Sequels - and a Medieval 'Doom'.

Read more of this story at Slashdot.

Nokia CEO Pekka Lundmark made the world's first phone call using "immersive audio and video" technology, which improves call quality with "three-dimensional" sound. The technology, part of the upcoming 5G Advanced standard, makes interactions more lifelike and is the biggest leap forward in voice calling since monophonic telephony. Nokia aims to license the technology, but widespread availability may take a few years.

Read more of this story at Slashdot.

Hollywood actor and venture capitalist Ashton Kutcher believes that one day, entire movies will be made on AI tools like OpenAI's Sora. From a report: The actor was speaking at an event last week organized by the Los Angeles-based think tank Berggruen Institute, where he revealed that he'd been playing around with the ChatGPT maker's new video generation tool. "I have a beta version of it and it's pretty amazing," said Kutcher, whose VC firm Sound Venture's portfolio includes an investment in OpenAI. "You can generate any footage that you want. You can create good 10, 15-second videos that look very real." "It still makes mistakes. It still doesn't quite understand physics. But if you look at the generation of this that existed one year ago, as compared to Sora, it's leaps and bounds. In fact, there's footage in it that I would say you could easily use in a major motion picture or a television show," he continued. Kutcher said this would help lower the costs of making a film or television show. "Why would you go out and shoot an establishing shot of a house in a television show when you could just create the establishing shot for $100?" Kutcher said. "To go out and shoot it would cost you thousands of dollars," Kutcher was so bullish about AI advancements that he said he believed people would eventually make entire movies using tools like Sora. "You'll be able to render a whole movie. You'll just come up with an idea for a movie, then it will write the script, then you'll input the script into the video generator, and it will generate the movie," Kutcher said. Kutcher, of course, is no stranger to AI.

Read more of this story at Slashdot.

An anonymous reader shares a report: Buy a pair of wired headphones, and you'd be forgiven for thinking they're just plug and play. Stick them into your phone, and out goes the audio up copper cables into your earholes. Simple as that. Trouble is, that straightforward mechanism has gotten more complicated, and in recent years there has been an influx of budget wired earbuds that, counterintuitively, depend on Bluetooth to function, despite having those copper cables. The problem is largely present in earbuds designed for iPhones. In 2016, Apple removed universal 3.5-mm headphone jacks in its iPhones, which means there are nearly eight years worth of iPhones out in the world -- from the iPhone 7 to the iPhone 14 -- that can connect to headphones only via Bluetooth or Apple's proprietary Lightning ports. (Apple switched to USB-C ports in its iPhones last year after legislation from the European Union put pressure on device companies to standardize connection ports.) Apple used this move to push its wireless AirPods, and it also sells its own wired headphones that connect to its Lightning ports for $19. You can also get an official $9 dongle that adapts the Lightning port to a 3.5-mm output. These work as intended, connecting with the Lightning port to playback audio. But Apple also has strict certification processes called MFi that require any accessories for Apple products to meet certain requirements in order to work with the Lightning port as intended. That means companies have to pay for the privilege of being a genuine Apple accessory. (If you have an unlicensed accessory, you'll probably see an alert pop up every time you plug it in saying, "Accessory may not be supported.") This has led to a steady trickle of knockoff earbuds that have chosen to use roundabout ways of connecting to Apple's proprietary port. Namely, by requiring a Bluetooth connection -- even for wired buds.

Read more of this story at Slashdot.

Yelp can pursue a lawsuit accusing a reputation management company of fraudulently advertising its ability to remove "bad" reviews from the business review website. From a report: In a decision late Thursday night, U.S. District Judge William Alsup in San Francisco said Yelp can pursue trademark infringement and unfair competition claims against ReviewVio, which operates as Dandy. Yelp said ReviewVio's ads, which include the Yelp logo, harmed its reputation by suggesting that businesses could pay for artificially inflated star ratings. This allegedly undercut honest businesses that will not pay to remove negative reviews, and undermined the usefulness of Yelp's website to consumers. Yelp also said it lost ad revenue from businesses that paid for "review gating," which the company prohibits, or incorrectly believed that Yelp endorsed the practice.

Read more of this story at Slashdot.

Canonical, the company behind Ubuntu, has released Ubuntu Core 24, a version of its operating system designed for edge devices and the Internet of Things (IoT). The new release comes with a 12-year Long Term Support commitment and features that enable secure, reliable, and efficient deployment of intelligent devices. Ubuntu Core 24 introduces validation sets for custom image creation, offline remodelling for air-gapped environments, and new integrations for GPU operations and graphics support. It also offers device management integrations with Landscape and Microsoft Azure IoT Edge. The release is expected to benefit various industries, including automation, healthcare, and robotics, Canonical said.

Read more of this story at Slashdot.

A 27-year old Tamagotchi mystery was solved this week when a collector figured out how to unlock secret characters on the Mothra Tamagotchi, released in Japan in 1997. From a report: A Discord user named rhubarb_pie found out how to unlock the "Moll & Lora" twins as playable characters, which were previously seen in the handheld pet-raising-simulator as medical nurses who healed your character when it was sick. The Tamagotchi Wiki states they had previously been obtained through a "battery glitch," but rhubarb_pie figured out how to unlock them as playable characters through the normal course of gaming. As a reminder, Tamagotchis are virtual pets made by Bandai and introduced in 1996 that were incredibly popular at the time and inspired a ton of clones. There have been many different versions of Tamagotchi since its original release, which included the Mothra Tamagotchi, which was tied to the Japanese release of the movie Rebirth of Mothra II. Mothra is a giant flying moth that exists in the Godzilla cinematic universe. There is an entire community of Tamagotchi collectors, enthusiasts, and reverse engineers, and for several decades players had wondered whether Moll & Lora could be unlocked as playable characters on the Mothra Tamagotchi. "After years of debate whether this was even possible, I have proven that, in fact, you can raise the Twin characters Moll & Lora on the Mothra," rhubarb_pie wrote in a lengthy guide to unlocking the characters posted on Discord Wednesday. "The ROM for the Mothra was dumped about a month ago and I figured out how everything worked by studying the code."

Read more of this story at Slashdot.

Retailers are struggling to rein in the proliferation of scammers tricking Americans into buying thousands of dollars' worth of gift cards. From a report: The Federal Trade Commission estimates that Americans lost at least $217 million to gift card scams last year. That number is likely higher, given many victims are too embarrassed to report to law enforcement. Cracking down on gift card scams was a hot topic this week at the National Retail Federation's (NRF) cybersecurity conference in Long Beach, California. Some gift card scams start with texts from people pretending to be tech support, your boss, the government or a wrong number. Eventually, those conversations lead to someone asking the victim to buy gift cards on their behalf and send the barcode number to them via text. Others involve criminals in physical locations, tampering with a gift card to access the barcode information and then stealing the funds without taking the actual card. Each scam targets vulnerable populations: elderly, less-tech savvy people; those who are lonely and work from home; and even young kids, experts say.

Read more of this story at Slashdot.

Microsoft says it's making its new Recall feature in Windows 11 that screenshots everything you do on your PC an opt-in feature and addressing various security concerns. From a report: The software giant first unveiled the Recall feature as part of its upcoming Copilot Plus PCs last month, but since then, privacy advocates and security experts have been warning that Recall could be a "disaster" for cybersecurity without changes. Thankfully, Microsoft has listened to the complaints and is making a number of changes before Copilot Plus PCs launch on June 18th. Microsoft had originally planned to turn Recall on by default, but the company now says it will offer the ability to disable the controversial AI-powered feature during the setup process of new Copilot Plus PCs. "If you don't proactively choose to turn it on, it will be off by default," says Windows chief Pavan Davuluri.

Read more of this story at Slashdot.

An anonymous reader shares a report: Apple is expected to announce major artificial intelligence updates to the iPhone, iPad, and Mac next week during its Worldwide Developers Conference. Except Apple won't call its system artificial intelligence, like everyone else, according to Bloomberg's Mark Gurman on Friday. The system will reportedly be called "Apple Intelligence," and allegedly will be made available to new versions of the iPhone, iPad, and Mac operating systems. Apple Intelligence, which is shortened to just AI, is reportedly separate from the ChatGPT-like chatbot Apple is expected to release in partnership with OpenAI. Apple's in-house AI tools are reported to include assistance in message writing, photo editing, and summarizing texts. Bloomberg reports that some of these AI features will run on the device while others will be processed through cloud-based computing, depending on the complexity of the task. The name feels a little too obvious. While this is the first we're hearing of an actual name for Apple's AI, it's entirely unsurprising that Apple is choosing a unique brand to call its artificial intelligence systems.

Read more of this story at Slashdot.

California's proposed legislation to regulate AI has sparked a backlash from Silicon Valley heavyweights, who claim the bill will stifle innovation and force AI start-ups to leave the state. The Safe and Secure Innovation for Frontier Artificial Intelligence Systems Act, passed by the state Senate last month, requires AI developers to adhere to strict safety frameworks, including creating a "kill switch" for their models. Critics argue that the bill places a costly compliance burden on smaller AI companies and focuses on hypothetical risks. Amendments are being considered to clarify the bill's scope and address concerns about its impact on open-source AI models.

Read more of this story at Slashdot.

An anonymous reader shares a report: Two senior officials working for anti-terror police in Bangladesh allegedly collected and sold classified and personal information of citizens to criminals on Telegram, TechCrunch has learned. The data allegedly sold included national identity details of citizens, cell phone call records and other "classified secret information," according to a letter signed by a senior Bangladeshi intelligence official, seen by TechCrunch. The letter, dated April 28, was written by Brigadier General Mohammad Baker, who serves as a director of Bangladesh's National Telecommunications Monitoring Center, or NTMC, the country's electronic eavesdropping agency. Baker confirmed the legitimacy of the letter and its contents in an interview with TechCrunch. "Departmental investigation is ongoing for both the cases," Baker said in an online chat, adding that the Bangladeshi Ministry of Home Affairs ordered the affected police organizations to take "necessary action against those officers." The letter, which was originally written in Bengali and addressed to the senior secretary of the Ministry of Home Affairs Public Security Division, alleges the two police agents accessed and passed "extremely sensitive information" of private citizens on Telegram in exchange for money.

Read more of this story at Slashdot.

Apple will introduce a new app called Passwords next week, aiming to simplify website and software logins for users, according to Bloomberg. The app -- offered as part of iOS 18, iPadOS 18, and macOS 15 -- will be unveiled at Apple's Worldwide Developers Conference on June 10. Powered by iCloud Keychain, Passwords will generate and manage passwords, allowing imports from rival services, and support Vision Pro headset and Windows computers.

Read more of this story at Slashdot.

Online marketplace behemoth eBay said it plans to no longer accept American Express, citing what the company says are "unacceptably high fees." CNBC: It's a notable blow to American Express, whose customers are often the most attractive among merchants and spend the most money per month on their cards. But it's not the first time merchants have voiced opposition to AmEx's business practices by walking away, most notably the warehouse chain Costco nearly a decade ago. [...] Overland said that eBay customers have become aware of new ways to pay for items, making payments more competitive than ever before, and AmEx was no longer a necessary partner for eBay. eBay has increasingly been offering customers buy now, pay later options on purchases through Apple Pay, PayPal and other companies like Klarna and Affirm as well.

Read more of this story at Slashdot.

GOG, a Poland-based popular gaming platform, has announced plans to enforce a 200MB limit on cloud save files per game. This move may adversely affect players of open-world titles like Cyberpunk 2077, where save folders can reach several gigabytes. A report adds: The company will begin deleting game saves that exceed the limit on Aug 31. When the deadline rolls around, GOG will delete saves for each game, beginning with the oldest until it's below the 200MB threshold. That means your newest saves will survive.

Read more of this story at Slashdot.