An anonymous reader quotes a report from SiliconANGLE: Hugging Face has open-sourced the blueprints of two internally developed robots called HopeJR and Reachy Mini. The company debuted the machines on Thursday. Hugging Face is backed by more than $390 million in funding from Nvidia Corp., IBM Corp. and other investors. It operates a GitHub-like platform for sharing open-source artificial intelligence projects. It says its platform hosts more than 1 million AI models, hundreds of thousands of datasets and various other technical assets. The company started prioritizing robotics last year after launching LeRobot, a section of its platform dedicated to autonomous machines. The portal provides access to AI models for powering robots and datasets that can be used to train those models. Hugging Face released its first hardware blueprint, a robotic arm design called the SO-100, late last year. The SO-100 was developed in partnership with a startup called The Robot Studio. Hugging Face also collaborated with the company on the HopeJR, the first new robot that debuted this week. According to TechCrunch, it's a humanoid robot that can perform 66 movements including walking. HopeJR is equipped with a pair of robotic arms that can be remotely controlled by a human using a pair of specialized, chip-equipped gloves. HopeJR's arms replicate the movements made by the wearer of the gloves. A demo video shared by Hugging Face showed that the robot can shake hands, point to a specific text snippet on a piece of paper and perform other tasks. Hugging Face's other new robot, the Reachy Mini, likewise features an open-source design. It's based on technology that the company obtained through the acquisition of a venture-backed startup called Pollen Robotics earlier this year. Reachy Mini is a turtle-like robot that comes in a rectangular case. Its main mechanical feature is a retractable neck that allows it to follow the user with its head or withdraw into the case. This case, which is stationary, is compact and lightweight enough to be placed on a desk. Hugging Face will offer pre-assembled versions of its open-source Reach Mini and HopeJR robots for $250 and $3,000, with the first units starting to ship by the end of the year.

Read more of this story at Slashdot.

A five-year study by Wageningen University and the German Primate Research Center found that wild chimpanzees in Guinea-Bissau repeatedly strike stones against trees, presumably as a form of communication. Phys.Org reports: Over the course of a five-year field study, the research team collected video footage at five distinct locations within a nature reserve in Guinea-Bissau. This was made possible through the use of camera traps and with essential support from local field guides. In specific areas, a striking behavioral pattern was observed: adult male chimpanzees repeatedly struck stones against tree trunks, resulting in characteristic piles of stones at the base of these trees. [...] The observations point to cultural transmission. Young chimpanzees adopt the behavior from older group members, indicating that it is learned socially rather than genetically inherited. Marc Naguib, Professor of Behavioral Ecology, underscores the broader significance of the discovery: "It illustrates that culture is not unique to humans and that such behaviors need to be considered also in nature conservation." The study is published in the journal Biology Letters.

Read more of this story at Slashdot.

Artificial intelligence could soon outpace Bitcoin mining in energy consumption, according to Alex de Vries-Gao, a PhD candidate at Vrije Universiteit Amsterdam's Institute for Environmental Studies. His research estimates that by the end of 2025, AI could account for nearly half of all electricity used by data centers worldwide -- raising significant concerns about its impact on global climate goals. "While companies like Google and Microsoft disclose total emissions, few provide transparency on how much of that is driven specifically by AI," notes DIGIT. To fill this gap, de Vries-Gao employed a triangulation method combining chip production data, corporate disclosures, and industry analyst estimates to map AI's growing energy footprint. His analysis suggests that specialized AI hardware could consume between 46 and 82 terawatt-hours (TWh) in 2025 -- comparable to the annual energy usage of countries like Switzerland. Drawing on supply chain data, the study estimates that millions of AI accelerators from NVIDIA and AMD were produced between 2023 and 2024, with a potential combined power demand exceeding 12 gigawatts (GW). A detailed explanation of his methodology is available in his commentary published in Joule.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the BBC: A lack of action by big tech firms is enabling the "industrial scale theft" of premium video services, especially live sport, a new report says. The research by Enders Analysis accuses Amazon, Google, Meta and Microsoft of "ambivalence and inertia" over a problem it says costs broadcasters revenue and puts users at an increased risk of cyber-crime. Gareth Sutcliffe and Ollie Meir, who authored the research, described the Amazon Fire Stick -- which they argue is the device many people use to access illegal streams -- as "a piracy enabler." [...] The device plugs into TVs and gives the viewer thousands of options to watch programs from legitimate services including the BBC iPlayer and Netflix. They are also being used to access illegal streams, particularly of live sport. In November last year, a Liverpool man who sold Fire Stick devices he reconfigured to allow people to illegally stream Premier League football matches was jailed. After uploading the unauthorized services on the Amazon product, he advertised them on Facebook. Another man from Liverpool was given a two-year suspended sentence last year after modifying fire sticks and selling them on Facebook and WhatsApp. According to data for the first quarter of this year, provided to Enders by Sky, 59% of people in UK who said they had watched pirated material in the last year while using a physical device said they had used a Amazon fire product. The Enders report says the fire stick enables "billions of dollars in piracy" overall. [...] The researchers also pointed to the role played by the "continued depreciation" of Digital Rights Management (DRM) systems, particularly those from Google and Microsoft. This technology enables high quality streaming of premium content to devices. Two of the big players are Microsoft's PlayReady and Google's Widevine. The authors argue the architecture of the DRM is largely unchanged, and due to a lack of maintenance by the big tech companies, PlayReady and Widevine "are now compromised across various security levels." Mr Sutcliffe and Mr Meir said this has had "a seismic impact across the industry, and ultimately given piracy the upper hand by enabling theft of the highest quality content." They added: "Over twenty years since launch, the DRM solutions provided by Google and Microsoft are in steep decline. A complete overhaul of the technology architecture, licensing, and support model is needed. Lack of engagement with content owners indicates this a low priority."

Read more of this story at Slashdot.

Billions of stolen cookies are being sold on the dark web and Telegram, with over 1.2 billion containing session data that can grant cybercriminals access to accounts and systems without login credentials, bypassing MFA. The Register reports: More than 93.7 billion of them are currently available for criminals to buy online and of those, between 7-9 percent are active, on average, according to NordVPN's breakdown of stolen cookies by country. Adrianus Warmenhoven, cybersecurity advisor at NordVPN, said: "Cookies may seem harmless, but in the wrong hands, they're digital keys to our most private information. What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide. Most people don't realize that a stolen cookie can be just as dangerous as a password, despite being so willing to accept cookies when visiting websites, just to get rid of the prompt at the bottom of the screen. However, once these are intercepted, a cookie can give hackers direct access to all sorts of accounts containing sensitive data, without any login required." The vast majority of stolen cookies (90.25 percent) contain ID data, used to uniquely identify users and deliver targeted ads. They can also contain data such as names, home and email addresses, locations, passwords, phone numbers, and genders, although these data points are only present in around 0.5 percent of all stolen cookies. The risk of ruinous personal data exposure as a result of cookie theft is therefore pretty slim. Aside from ID cookies, the other statistically significant type of data that these can contain are details of users' sessions. Over 1.2 billion of these are still up for grabs (roughly 6 percent of the total), and these are generally seen as more of a concern.

Read more of this story at Slashdot.

In a full-circle moment for Palmer Luckey, Meta and his defense tech company Anduril are teaming up to develop mixed reality headsets for the U.S. military under the Army's revamped SBMC Next program. The collaboration will merge Meta's Reality Labs hardware and Llama AI with Anduril's battlefield software, marking Meta's entry into military XR through the very company founded by Luckey after his controversial departure from Facebook. "I am glad to be working with Meta once again," Luckey said in a blog post. "My mission has long been to turn warfighters into technomancers, and the products we are building with Meta do just that." TechCrunch reports: This partnership stems from the Soldier Borne Mission Command (SBMC) Next program, formerly called the Integrated Visual Augmentation System (IVAS) Next. IVAS was a massive military contract, with a total $22 billion budget, originally awarded to Microsoft in 2018 intended to develop HoloLens-like AR glasses for soldiers. But after endless problems, in February the Army stripped management of the program from Microsoft and awarded it to Anduril, with Microsoft staying on as a cloud provider. The intent is to eventually have multiple suppliers of mixed reality glasses for soldiers. All of this meant that if Luckey's former employer, Meta, wanted to tap into the potentially lucrative world of military VR/AR/XR headsets, it would need to go through Anduril. The devices will be based on tech out of Meta's AR/VR research center Reality Labs, the post says. They'll use Meta's Llama AI model, and they will tap into Anduril's command and control software known as Lattice. The idea is to provide soldiers with a heads-up display of battlefield intelligence in real time. [...] An Anduril spokesperson tells TechCrunch that the product family Meta and Anduril are building is even called EagleEye, which will be an ecosystem of devices. EagleEye is what Luckey named Anduril's first imagined headset in Anduril's pitch deck draft, before his investors convinced him to focus on building software first. After the announcement, Luckey said on X: "It is pretty cool to have everything at our fingertips for this joint effort -- everything I made before Meta acquired Oculus, everything we made together, and everything we did on our own after I was fired."

Read more of this story at Slashdot.

An anonymous reader quotes a report from KrebsOnSecurity: The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as "pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers. "Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024," reads a statement from the U.S. Department of the Treasury, which sanctioned Funnull and its 40-year-old Chinese administrator Liu Lizhi. "Funnull has directly facilitated several of these schemes, resulting in over $200 million in U.S. victim-reported losses." The Treasury Department said Funnull's operations are linked to the majority of virtual currency investment scam websites reported to the FBI. The agency said Funnull directly facilitated pig butchering and other schemes that resulted in more than $200 million in financial losses by Americans. Pig butchering is a rampant form of fraud wherein people are lured by flirtatious strangers online into investing in fraudulent cryptocurrency trading platforms. Victims are coached to invest more and more money into what appears to be an extremely profitable trading platform, only to find their money is gone when they wish to cash out. The scammers often insist that investors pay additional "taxes" on their crypto "earnings" before they can see their invested funds again (spoiler: they never do), and a shocking number of people have lost six figures or more through these pig butchering scams. KrebsOnSecurity's January story on Funnull was based on research from the security firm Silent Push, which discovered in October 2024 that a vast number of domains hosted via Funnull were promoting gambling sites that bore the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean state-sponsored hacking group Lazarus. Silent Push found Funnull was a criminal content delivery network (CDN) that carried a great deal of traffic tied to scam websites, funneling the traffic through a dizzying chain of auto-generated domain names and U.S.-based cloud providers before redirecting to malicious or phishous websites. The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025.

Read more of this story at Slashdot.

Instagram now supports 3:4 aspect ratio photos, allowing users to upload images that "appear just exactly as you shot it." Instagram head Adam Mosseri announced the update in a Threads post, noting that "almost every phone camera defaults to" that format. The Verge reports: An image from Instagram's broadcast channel shows how the change makes a difference. You can already post images with a rectangular aspect ratio of 4:5, but with 3:4, your photo won't be cropped at the ends. 3:4 photos are supported with single-photo uploads and with carousels, according to the channel. If you want, you can still post photos with a square or 4:5 aspect ratio.

Read more of this story at Slashdot.

BrianFagioli shares a report from BetaNews: Microsoft just can't leave well enough alone. The company is now injecting formatting features into Notepad, a program that has long been appreciated for one thing -- its simplicity. You see, starting with version 11.2504.50.0, this update is rolling out to Windows Insiders in the Canary and Dev Channels, and it adds bold text, italics, hyperlinks, lists, and even headers. Sadly, this isn't a joke. Notepad is actually being turned into a watered-down word processor, complete with a formatting toolbar and Markdown support. Users can even toggle between styled content and raw Markdown syntax. And while Microsoft is giving you the option to disable formatting or strip it all out, it's clear the direction of the app is changing.

Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: If you've left a comment on a YouTube video, a new website claims it might be able to find every comment you've ever left on any video you've ever watched. Then an AI can build a profile of the commenter and guess where you live, what languages you speak, and what your politics might be. The service is called YouTube-Tools and is just the latest in a suite of web-based tools that started life as a site to investigate League of Legends usernames. Now it uses a modified large language model created by the company Mistral to generate a background report on YouTube commenters based on their conversations. Its developer claims it's meant to be used by the cops, but anyone can sign up. It costs about $20 a month to use and all you need to get started is a credit card and an email address. The tool presents a significant privacy risk, and shows that people may not be as anonymous in the YouTube comments sections as they may think. The site's report is ready in seconds and provides enough data for an AI to flag identifying details about a commenter. The tool could be a boon for harassers attempting to build profiles of their targets, and 404 Media has seen evidence that harassment-focused communities have used the developers' other tools. YouTube-Tools also appears to be a violation of YouTube's privacy policies, and raises questions about what YouTube is doing to stop the scraping and repurposing of peoples' data like this. "Public search engines may scrape data only in accordance with YouTube's robots.txt file or with YouTube's prior written permission," it says.

Read more of this story at Slashdot.

sinij shares a report from the BBC: France's National Assembly has voted to abolish low-emission zones, a key measure introduced during President Emmanuel Macron's first term to reduce city pollution. So-called ZFEs (zones a faibles emissions) have been criticized for hitting those who cannot afford less-polluting vehicles the hardest. A handful of MPs from Macron's party joined opposition parties from the right and far right in voting 98-51 to scrap the zones, which have gradually been extended across French cities since 2019. [...] The low-emission zones began with 15 of France's most polluted cities in 2019 and by the start of this year had been extended to every urban area with a population of more than 150,000, with a ban on cars registered before 1997. Those produced after 1997 need a round "Crit'Air" sticker to drive in low-emission zones, and there are six categories that correspond to various types of vehicle. The biggest restrictions have been applied in the most polluted cities, Paris and Lyon, as well as Montpellier and Grenoble. The BBC notes that while the abolition is expected to pass France's Senate, it must still be included in a broader bill approved by the lower house in June and cleared by the Constitutional Council, which isn't guaranteed.

Read more of this story at Slashdot.

For the first time, scientists have directly observed atmospheric sputtering in action on Mars -- an erosion process driven by solar wind ions that may have played a major role in the planet's atmospheric and water loss. ScienceAlert reports: The only spacecraft with the equipment and orbital configuration to make these observations is NASA's MAVEN. The researchers carefully pored over the data collected by the spacecraft since it arrived in Mars orbit in September 2014, looking to find simultaneous observations of the solar electric field and an upper atmosphere abundance of argon -- one of the sputtered particles, used as a tracer for the phenomenon. They found that, above an altitude of 350 kilometers (217 miles), argon densities vary depending on the orientation of the solar wind electric field, compared to argon densities at lower altitudes that remain consistent. The results showed that lighter isotopes of argon vary, leaving behind an excess of heavy argon -- a discrepancy that is best explained by active sputtering. This is supported by observations of a solar storm, the outflows of which arrived at Mars in January 2016. During this time, the evidence of sputtering became significantly more pronounced. Not only does this support the team's finding that argon density variations at high Martian altitudes are the result of sputtering, it demonstrates what conditions may have been like billions of years ago, when the Sun was younger and rowdier, undergoing more frequent storm activity. The findings have been published in the journal Science Advances.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Whether it is doing sums or working out what to text your new date, some tasks produce a furrowed brow. Now scientists say they have come up with a device to monitor such effort: an electronic tattoo, stuck to the forehead. The researchers say the device could prove valuable among pilots, healthcare workers and other professions where managing mental workload is crucial to preventing catastrophes. "For this kind of high-demand and high-stake scenario, eventually we hope to have this real-time mental workload decoder that can give people some warning and alert so that they can self-adjust, or they can ask AI or a co-worker to offload some of their work," said Dr Nanshu Lu, an author of the research from the University of Texas at Austin, adding the device may not only help workers avoid serious mistakes but also protect their health. Writing in the journal Device, Lu and colleagues describe how using questionnaires to investigate mental workload is problematic, not least as people are poor at objectively judging cognitive effort and they are usually conducted after a task. Meanwhile, existing electroencephalography (EEG) and electrooculography (EOG) devices, that can be used to assess mental workload by measuring brain waves and eye movements respectively, are wired, bulky and prone to erroneous measurements arising from movements. By contrast, the "e-tattoo" is a lightweight, flexible, wireless device. The black, wiggly path of the e-tattoo is composed of a graphite-based conductive material, and is attached to the forehead using conductive adhesive film. Four square EEG electrodes, positioned on the forehead, each detect a different region of brain activity -- with a reference electrode behind the ear -- while rectangular EOG electrodes, placed vertically and horizontally around the eyes, provide data about eye movements. Each of the stretchable electrodes is coated in an additional conductive material. The e-tattoo, which is bespoke and disposable, is connected to a reusable flexible printed circuit using conductive tape, while a lightweight battery can be clipped to the device. The device is expected to cost less than $200 and be accompanied with an app to alert the user if their mental workload is too high.

Read more of this story at Slashdot.

Amazon has launched a new innovation-focused team called ZeroOne, led by Xbox co-creator J Allard, to develop breakthrough consumer products across hardware and software. CNBC reports: The ZeroOne team is spread across Seattle, San Francisco and Sunnyvale, California, and is focused on both hardware and software projects, according to job postings from the past month. The name is a nod to its mission of developing emerging product ideas from conception to launch, or "zero to one." [...] The new group is being led by J Allard, who spent 19 years at Microsoft, most recently as technology chief of consumer products, a role he left in 2010, according to his LinkedIn profile. He was a key architect of the Xbox game console, as well as the Zune, a failed iPod competitor. Allard joined Amazon in September, and the company confirmed at the time that he would be part of the devices and services team under Panos Panay, who left Microsoft for Amazon in 2023 to lead the group. An Amazon spokesperson confirmed Allard oversees ZeroOne but declined to comment further on the group's work. The job postings provide few specific details about what ZeroOne is building, though one listing references working on "conceiving, designing, and bringing to market computer vision techniques for a new smart-home product." Another post for a senior customer insights manager in San Francisco says the job entails owning "the methodology and execution of concept testing and early feedback for ZeroOne programs." "You'll be part of a team that embraces design thinking, rapid experimentation, and building to learn," the description says. "If you're excited about working in small, nimble teams to create entirely new product categories and thrive in the ambiguity of breakthrough innovation, we want to talk to you." Amazon has pulled in staffers from other business units that have experience developing innovative technologies, including its Alexa voice assistant, Luna cloud gaming service and Halo sleep tracker, according to Linkedin profiles of ZeroOne employees. The head of a projection mapping startup called Lightform that Amazon acquired is helping lead the group. While Amazon is expanding this particular corner of its devices group, the company is scaling back other areas of the sprawling devices and services division.

Read more of this story at Slashdot.

A Texas jury ruled that Intel may hold a license to patents owned by VLSI Technology through its agreement with Finjan Inc., both controlled by Fortress Investment Group -- potentially nullifying over $3 billion in previous patent infringement verdicts against Intel. Reuters reports: VLSI has sued Intel in multiple U.S. courts for allegedly infringing several patents covering semiconductor technology. A jury in Waco, Texas awarded VLSI $2.18 billion in their first trial in 2021, which a U.S. appeals court has since overturned and sent back for new proceedings. An Austin, Texas jury determined that VLSI was entitled to nearly $949 million from Intel in a separate patent infringement trial in 2022. Intel has argued in that case that the verdicts should be thrown out based on a 2012 agreement that gave it a license to patents owned by Finjan and other companies "under common control" with it. U.S. District Judge Alan Albright held the latest jury trial in Austin to determine whether Finjan and VLSI were under the "common control" of Fortress. VLSI said it was not subject to the Finjan agreement, and that the company did not even exist until four years after it was signed.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: An accused movie pirate who stole more than 1,000 Blu-ray discs and DVDs while working for a DVD manufacturing company struck a plea deal (PDF) this week to lower his sentence after the FBI claimed the man's piracy cost movie studios millions. Steven Hale no longer works for the DVD company. He was arrested in March, accused of "bypassing encryption that prevents unauthorized copying" and ripping pre-release copies of movies he could only access because his former employer was used by major movie studios. As alleged by the feds, his game was beating studios to releases to achieve the greatest possible financial gains from online leaks. Among the popular movies that Hale is believed to have leaked between 2021 and 2022 was Spider-Man: No Way Home, which the FBI alleged was copied "tens of millions of times" at an estimated loss of "tens of millions of dollars" for just one studio on one movie. Other movies Hale ripped included animated hits like Encanto and Sing 2, as well as anticipated sequels like The Matrix: Resurrections and Venom: Let There Be Carnage. The cops first caught wind of Hale's scheme in March 2022. They seized about 1,160 Blu-rays and DVDs in what TorrentFreak noted were the days just "after the Spider-Man movie leaked online." It's unclear why it took close to three years before Hale's arrest, but TorrentFreak suggested that Hale's case is perhaps part of a bigger investigation into the Spider-Man leaks. A plea deal for Hale significantly reduced the estimated damages from his piracy case to under $40,000 and led to the dismissal of two charges, though he still faces up to five years in prison and a $250,000 fine for one remaining copyright infringement charge. His final sentence and restitution amount will be decided at a court hearing in Tennessee at the end of August.

Read more of this story at Slashdot.

Google's Gemini AI can now analyze and summarize video files stored in Google Drive, letting users ask questions about content like meeting takeaways or product updates without watching the footage. The Verge reports: The Gemini in Drive feature provides a familiar chatbot interface that can provide quick summaries describing the footage or pull specific information. For example, users can ask Gemini to list action items mentioned in recorded meetings or highlight the biggest updates and new products in an announcement video, saving time spent on manually combing through and taking notes. The feature requires captions to be enabled for videos, and can be accessed using either Google Drive's overlay previewer or a new browser tab window. It's available in English for Google Workspace and Google One AI Premium users, and anyone who has previously purchased Gemini Business or Enterprise add-ons, though it may take a few weeks to fully roll out. You can learn more about the update in Google's blog post.

Read more of this story at Slashdot.

A Texas jury ruled that Intel may hold a license to patents owned by VLSI Technology through its agreement with Finjan Inc., both controlled by Fortress Investment Group -- potentially nullifying over $3 billion in previous patent infringement verdicts against Intel. Reuters reports: VLSI has sued Intel in multiple U.S. courts for allegedly infringing several patents covering semiconductor technology. A jury in Waco, Texas awarded VLSI $2.18 billion in their first trial in 2021, which a U.S. appeals court has since overturned and sent back for new proceedings. An Austin, Texas jury determined that VLSI was entitled to nearly $949 million from Intel in a separate patent infringement trial in 2022. Intel has argued in that case that the verdicts should be thrown out based on a 2012 agreement that gave it a license to patents owned by Finjan and other companies "under common control" with it. U.S. District Judge Alan Albright held the latest jury trial in Austin to determine whether Finjan and VLSI were under the "common control" of Fortress. VLSI said it was not subject to the Finjan agreement, and that the company did not even exist until four years after it was signed.

Read more of this story at Slashdot.

The SEC on Thursday voluntarily dismissed its lawsuit against Binance, the world's largest cryptocurrency exchange. It brings an end to one of the last remaining crypto enforcement actions brought by the agency. Reuters reports: The SEC had accused the defendants in 2023 of artificially inflating trading volumes, diverting customer funds, failing to restrict U.S. customers from Binance's platform, and misleading investors about its market surveillance controls. It also accused Binance of unlawfully facilitating trading of several tokens that prior SEC leadership deemed unregistered securities. Developing...

Read more of this story at Slashdot.

An anonymous reader quotes a report from SC Media: Thousands of ASUS routers have been compromised with malware-free backdoors in an ongoing campaign to potentially build a future botnet, GreyNoise reported Wednesday. The threat actors abuse security vulnerabilities and legitimate router features to establish persistent access without the use of malware, and these backdoors survive both reboots and firmware updates, making them difficult to remove. The attacks, which researchers suspect are conducted by highly sophisticated threat actors, were first detected by GreyNoise's AI-powered Sift tool in mid-March and disclosed Thursday after coordination with government officials and industry partners. Sekoia.io also reported the compromise of thousands of ASUS routers in their investigation of a broader campaign, dubbed ViciousTrap, in which edge devices from other brands were also compromised to create a honeypot network. Sekoia.io found that the ASUS routers were not used to create honeypots, and that the threat actors gained SSH access using the same port, TCP/53282, identified by GreyNoise in their report. The backdoor campaign affects multiple ASUS router models, including the RT-AC3200, RT-AC3100, GT-AC2900, and Lyra Mini. GreyNoise advises users to perform a full factory reset and manually reconfigure any potentially compromised device. To identify a breach, users should check for SSH access on TCP port 53282 and inspect the authorized_keys file for unauthorized entries.

Read more of this story at Slashdot.