Apple's Podcasts app on both iOS and Mac has been exhibiting strange behavior for months, spontaneously launching and presenting users with obscure religion, spirituality and education podcasts they never subscribed to -- and at least one of these podcasts contains a link attempting a cross-site scripting attack, 404 Media reports. Joseph Cox, a journalist at the outlet, documented the issue after repeatedly finding his Mac had launched the Podcasts app on its own, presenting bizarre podcasts with titles containing garbled code, external URLs to Spotify and Google Play, and in one case, what appears to be XSS attack code embedded directly in the podcast title itself. Patrick Wardle, a macOS security expert and creator of Objective-See, confirmed he could replicate similar behavior: simply visiting a website can trigger the Podcasts app to open and load an attacker-chosen podcast without any user prompt or approval. Wardle said this creates "a very effective delivery mechanism" if a vulnerability exists in the Podcasts app, and the level of probing suggests adversaries are actively evaluating it as a potential target. The XSS-attempting podcast dates from around 2019. A recent review in the app asked "How does Apple allow this attempted XSS attack?" Asked for comment five times by 404 Media, Apple did not respond.

Read more of this story at Slashdot.

Australia's streaming quotas have become law. Legislation requiring the likes of Netflix, Disney+ and HBO Max to spend a portion of their local earnings on original Australian content has been passed in parliament, and now comes into effect. From a report: The quotas were announced earlier this month. This will see global streamers with more than one million Australian subscribers made to spend 10% of their total Australian expenditure -- or 7.5% of their revenues -- on local originals, whether they are dramas, children's shows, docs, or arts and educational programs. Failing to comply with the rules will see streamers fined up to ten times their annual revenues in Australia. This is more than what broadcasters are liable for if they breach their quota rules laws. Streamers will be given three years to get their production operations in line. Streamers have long opposed government-set quotas and content levies, arguing they already meaningfully invest in the production sectors of the countries in which they operate. Producers, in general, have welcomed the systems, but remain wary that they could push streaming services out of their countries.

Read more of this story at Slashdot.

China installed 295,000 industrial robots last year -- nearly nine times as many as the United States and more than the rest of the world combined -- as the country races to automate its manufacturing base amid rising labor costs at home and tariff threats from abroad. The nation's stock of operational robots surpassed 2 million in 2024, according to the International Federation of Robotics. Of 131 factories globally recognized by the World Economic Forum for boosting productivity through cutting-edge technologies like AI, 45 are in mainland China compared to three in the US. At Midea's washing machine factory in Jingzhou, an AI "factory brain" manages 14 virtual agents that coordinate robots and machines on the floor. The home-appliance giant reports that its revenue per employee grew nearly 40% between 2015 and 2024, and processes that once took 15 minutes now take 30 seconds. Down jacket maker Bosideng has cut sample production time from 100 days to 27 days using AI design tools, reducing development costs by 60%. At the port of Tianjin, scheduling that previously required 24 hours now takes 10 minutes, and 88% of large container equipment is automated. The port's operator says it requires 60% fewer workers than traditional facilities.

Read more of this story at Slashdot.

Researchers at the Pacific Institute documented 420 water-related conflicts globally in 2024, a record that far surpasses the 355 incidents logged in 2023 and continues a trend that has seen such violence more than quadruple over the past five years. The Oakland-based water think tank's database tracks disputes where water triggered violence, where water systems were targeted, and where infrastructure became collateral damage in broader conflicts. The Middle East reported the most incidents at 138, including 66 tied to the Israeli-Palestinian conflict. The Israeli military destroyed more than 30 wells in Rafah and Khan Yunis, and there were numerous reports of settlers destroying pipelines and tanks in the West Bank. The Russia-Ukraine war accounted for 51 incidents, including strikes that disrupted water service in Ukrainian cities.

Read more of this story at Slashdot.

An analysis of submissions to next year's International Conference on Learning Representations has found that roughly one in five peer reviews were fully generated by AI, a discovery that came after researchers including Carnegie Mellon's Graham Neubig grew suspicious of feedback on their manuscripts that seemed unusually verbose and requested non-standard statistical analyses. Neubig posted on X offering a reward for anyone who could scan the conference's submissions for AI-generated text, and Max Spero, CEO of detection tool developer Pangram Labs, responded the next day. Pangram screened all 19,490 studies and 75,800 peer reviews submitted to ICLR 2026, finding that 21% of reviews were fully AI-generated and more than half showed signs of AI use. The conference had permitted AI tools for polishing text but prohibited falsified content. Each reviewer was assigned five papers to review in two weeks on average -- a load that senior programme chair Bharath Hariharan described as "much higher than what has been done in the past."

Read more of this story at Slashdot.

ChatGPT can browse the web, write code and analyze images, but ask it what time it is and you might get the correct answer, a confident wrong answer, or a polite refusal -- sometimes all three within minutes of each other. The problem stems from how large language models work. These systems predict answers based on training data and don't receive constant real-time updates about things like time unless they specifically search the internet. AI robotics expert Yervant Kulbashian told The Verge that a language model "is only referencing things that have entered this space," comparing it to a castaway on an island stocked with books but no watch. OpenAI can give ChatGPT access to system clocks, and does so through features like Search. But there are tradeoffs: every clock check consumes space in the model's context window, the finite portion of information it can hold at any given moment. Pasquale Minervini, a natural language processing researcher at the University of Edinburgh, said the leading models also struggle to read analog clock faces and have trouble with calendars.

Read more of this story at Slashdot.

Amazon Web Services has rolled out a DNS resilience feature that allows customers to make domain name system changes within 60 minutes of a service disruption in its US East region, a direct response to the long history of outages at the cloud giant's most troubled infrastructure. AWS said customers in regulated industries like banking, fintech and SaaS had asked for additional capabilities to meet business continuity and compliance requirements, specifically the ability to provision standby resources or redirect traffic during unexpected regional disruptions. The 60-minute recovery time objective still leaves a substantial window for outages to cascade, and the timing of the announcement -- less than six weeks after an October 20th DynamoDB incident and a subsequent VM problem drew criticism -- underscores how persistent US East's reliability issues have been.

Read more of this story at Slashdot.

Breaking free from Microsoft is harder than it looks. Airbus began migrating its 100,000-plus workforce from Office to Google Workspace more than seven years ago and it still hasn't completed the switch. The Register: As we exclusively revealed in March 2018, the aerospace giant told 130,000 employees it was ditching Microsoft's productivity tools for Google's cloud-based alternatives. Then-CEO Tom Enders predicted migration would finish in 18 months, a timeline that, in hindsight, was "extremely ambitious," according to Catherine Jestin, Airbus's executive vice president of digital. Today, more than two-thirds of Airbus's 150,000 employees have fully transitioned, but significant pockets continue to use Microsoft in parallel. Finance, for example, still relies on Excel because Google Sheets can't handle the necessary file sizes, as some spreadsheets involve 20 million cells. "Some of the limitations was just the number of cells that you could have in one single file. We'll definitely start to remove some of the work," Jestin told The Register.

Read more of this story at Slashdot.

Canada's Prime Minister Mark Carney has signed an agreement with Alberta's premier that will roll back certain climate rules to spur investment in energy production, while encouraging construction of a new oil pipeline to the West Coast. From a report: Under the agreement, which was signed on Thursday, the federal government will scrap a planned emissions cap on the oil and gas sector and drop rules on clean electricity in exchange for a commitment by Canada's top oil-producing province to strengthen industrial carbon pricing and support a carbon capture-and-storage project. The deal, which was hailed by the country's oil industry but panned by environmentalists, signaled a shift in Canada's energy policy in favour of fossil fuel development and is already creating tensions within Carney's minority government. Steven Guilbeault, who served as environment minister under Carney's predecessor Justin Trudeau, said he was quitting the cabinet over concerns that Canada's climate plan was being dismantled.

Read more of this story at Slashdot.

The U.S. Patent and Trademark Office has issued new guidelines outlining when inventions created with the help of AI can be patented. From a report: USPTO Director John Squires said on Wednesday in a notice set to be published Friday, that the office considers generative AI systems to be "analogous to laboratory equipment, computer software, research databases, or any other tool that assists in the inventive process." "They may provide services and generate ideas, but they remain tools used by the human inventor who conceived the claimed invention," the office said. "When one natural person is involved in creating an invention with the assistance of AI, the inquiry is whether that person conceived the invention under the traditional conception standard." The office reiterated its guidance from last year that AI itself cannot be considered an inventor under U.S. patent law. However, it rejected the approach taken by the PTO during former President Joe Biden's administration for deciding when AI-assisted inventions are patentable, which relied on a standard normally used to determine when multiple people can qualify as joint inventors.

Read more of this story at Slashdot.

The CEO of Epic Games, Tim Sweeney, has argued that platforms like Steam should not label games that are made using AI. From a report: Responding to a post on Twitter from a user who suggested that storefronts drop this tag, the industry exec said that it "makes no sense" to flag such content. Sweeney added that soon AI will be a part of the way all games are made. "The AI tag is relevant to art exhibits for authorship disclosure, and to digital content licensing marketplaces where buyers need to understand the rights situation," Sweeney said. "It makes no sense for game stores, where AI will be involved in nearly all future production."

Read more of this story at Slashdot.

Platforms including Meta and TikTok will be held liable for financial fraud for the first time under new rules agreed by EU lawmakers in the early hours of Thursday. From a report: The Parliament and Council agreed on the package of rules after eight hours of negotiations to strengthen safeguards against payment fraud. The deal adds another layer of EU regulatory risk for U.S. tech giants, which have lobbied the White House to confront Brussels' anti-monopoly and content moderation rules. [...] Social media has become rife with financial scams, and MEPs pushed hard to hold both Big Tech and banks liable during legislative negotiations. EU governments, meanwhile, believed banks should be held responsible if their safeguards aren't strong enough. As a compromise, lawmakers agreed that banks should reimburse victims if a scammer, impersonating the bank, swindles them out of their money, or if payments are processed without consent.

Read more of this story at Slashdot.

quonset writes: Australia last updated their weather site a decade ago. In October, during one of the hottest days of the year, the Bureau of Meteorology (BOM) revealed its new web site and was immediately castigated for doing so. Complaints ranged from a confusing layout to not being able to find information. Farmers were particularly incensed when they found out they could no longer input GPS coordinates to find forecasts for a specific location. When it was revealed the cost of this update was A$96.5 million ($62.3 million), 20 times the original cost estimate, the temperature got even hotter. With more than 2.6 billion views a year, Bom tried to explain that the site's refresh -- prompted by a major cybersecurity breach in 2015 -- was aimed at improving stability, security and accessibility. It did little to satisfy the public. Some frustrated users turned to humour: "As much as I love a good game of hide and seek, can you tell us where you're hiding synoptic charts or drop some clues?" Malcolm Taylor, an agronomist in Victoria, told the Australian Broadcasting Corporation (ABC) that the redesign was a complete disaster. "I'm the person who needs it and it's not giving me the information I need," the plant and soil scientist said. As psychologist and neuroscientist Joel Pearson put it, "First you violate expectations by making something worse, then you compound the injury by revealing the violation was both expensive and avoidable. It's the government IT project equivalent of ordering a renovation, discovering the contractor has made your house less functional, and then learning they charged you for a mansion."

Read more of this story at Slashdot.

Twenty years after surgeons in France performed the world's first face transplant, the experimental field that procedure launched is now confronting a troubling record of patient deaths, buried negative data and a healthcare system that leaves recipients financially devastated and medically vulnerable. About 50 face transplants have been performed globally since Isabelle Dinoire received her partial face graft at University Hospital CHU Amiens-Picardie in November 2005. A 2024 JAMA Surgery study reported five-year graft survival of 85% and 10-year survival of 74%, concluding that the procedure is "an effective reconstructive option for patients with severe facial defects." The study did not track psychological wellbeing, financial outcomes, employment status or quality of life. Roughly 20% of face transplant patients have died from rejection, kidney failure, or heart failure. The anti-rejection medications that keep transplanted faces alive can destroy kidneys and weaken immune systems to the point where routine infections become life-threatening. In the United States, the Department of Defense has funded most operations, treating them as a frontier for wounded veterans, because private insurers refuse to cover the costs. Patients who survive the surgery often find themselves unable to afford medications, transportation to follow-up appointments or basic caregiving. The field's long-term grants cover surgical innovation but not the lifelong needs of the people who receive these transplants.

Read more of this story at Slashdot.

The UK government will levy a pay-per-mile tax on electric and plug-in hybrid vehicles starting April 2028, UK's finance minister Rachel Reeves announced, a measure designed to offset some of the fuel duty revenue that will disappear as drivers shift away from petrol and diesel cars. Electric vehicles will be charged 3 pence per mile and plug-in hybrids 1.5 pence per mile, payable annually alongside car tax. An average driver covering 8,000 miles a year would pay around $320, roughly half what a petrol or diesel driver pays in fuel duty. The Office for Budget Responsibility expects the tax to generate $1.45 billion in its first year and $2.51 billion by 2030-31, offsetting about a quarter of the revenue losses projected from the EV transition by 2050. The Society of Motor Manufacturers and Traders warned the new charge would "suppress demand" and make sales targets harder to achieve. New Zealand and Iceland have already introduced road pricing for EVs; demand dropped in the former but held steady in the latter.

Read more of this story at Slashdot.

Google is testing a new Wi-Fi hotspot configuration in the latest Android Canary build that pairs the 6 GHz band's superior throughput with the 2.4 GHz band's broad device compatibility, eliminating the trade-off users previously faced when choosing between speed and legacy support. Android's default hotspot setting uses 2.4 and 5 GHz frequencies, omitting 6 GHz because most devices lack support for the newer standard and because U.S. regulations previously prohibited smartphones from creating 6 GHz hotspots. Recent regulatory changes and a Pixel update unlocked standalone 6 GHz hotspots, but that option cuts off older devices entirely. The new "2.4 and 6 GHz" dual-band mode, spotted in Android Canary, is expected to arrive in an upcoming Android 16 QPR3 beta.

Read more of this story at Slashdot.

A bipartisan right-to-repair provision that would let the U.S. military fix its own equipment faces a serious threat from defense industry lobbyists who want to replace it with a pay-per-use model for accessing repair information. A source familiar with negotiations told The Verge that there are significant concerns that the language in the National Defense Authorization Act will be swapped out for a "data-as-a-service" alternative that would require the Department of Defense to pay contractors for access to technical repair data. The provision, introduced by Sens. Elizabeth Warren (D-MA) and Tim Sheehy (R-MT) in their Warrior Right to Repair Act, passed the Senate in October and has support from Defense Secretary Pete Hegseth, the Army and the Navy. The National Defense Industrial Association published a white paper backing the data-as-a-service model, arguing it would protect contractors' intellectual property. Reps. Mike Rogers (R-AL) and Adam Smith (D-WA), who lead the House Armed Services Committee, outlined similar language in their SPEED Act. Rogers received more than $535,000 from the defense industry in 2024; Smith received over $310,550. The final NDAA is expected early next week.

Read more of this story at Slashdot.

An anonymous reader shares a report: NASA has slashed the number of astronaut missions on Boeing's Starliner contract and said the spacecraft's next mission to the International Space Station will fly without a crew, reducing the scope of a program hobbled by engineering woes and outpaced by SpaceX. The most recent mishap occurred during Starliner's first crewed test flight in 2024, carrying NASA astronauts Butch Wilmore and Suni Williams. Several thrusters on Starliner's propulsion system shut down during its approach to the ISS.

Read more of this story at Slashdot.

Researchers at MIT and Oak Ridge National Laboratory have built a simulation that models all 151 million American workers and their skills, then maps those skills against the capabilities of over 13,000 AI tools currently in production to see where the two overlap. The answer, according to their analysis: 11.7% of the US labor market's total wage value, or about $1.2 trillion, sits in tasks that AI systems can technically perform [PDF]. The researchers call this the Iceberg Index, and the name is deliberate. The visible AI disruption happening in tech jobs right now accounts for only 2.2% of labor market wage value. The remaining exposure lurks in cognitive and administrative work across finance, healthcare administration, and professional services, and unlike tech-sector disruption, it's spread across all fifty states rather than concentrated on the coasts. Delaware and South Dakota show higher Iceberg Index values than California because their economies lean heavily on administrative and financial work. Ohio and Tennessee register modest tech-sector exposure but substantial hidden risk in the white-collar functions that support their manufacturing bases. To validate the framework, the researchers compared their predictions against Anthropic's Economic Index tracking real-world AI usage from millions of Claude users. The two measures agreed on state categorizations 69% of the time, with particularly strong alignment at the extremes. The Iceberg Index doesn't predict job losses or adoption timelines. It measures technical capability, the overlap between what AI can do and what occupations require. Traditional economic indicators like GDP and unemployment explain less than five percent of the variation in this skill-based exposure, which is partly why the researchers argue workforce planners need new metrics.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the BBC: Call-handling agents powered by AI are to be trialled by Staffordshire Police in a bid to cut waiting times for the non-emergency 101 service. The force is set to become the third in the country to take part in the scheme testing the use of artificial "agents" to deal with calls. Under the system, the AI agent would deal with simple queries like requests for information without the need for human involvement, freeing up call handlers and reducing answering times. Acting Chief Constable Becky Riggs confirmed the force would be looking to launch the AI pilot early in the new year. "It's a piece of technology called Agentforce. It will help with our response to the public, which historically we know we haven't done well." The senior officer said that sometimes people are not calling to report a crime, but want more information, which the technology could help with. However, if the system detects keywords suggesting vulnerability or risk or emergency, then it will be able to divert the call to a human being.

Read more of this story at Slashdot.