An anonymous reader shared this report from Bloomberg: An Asian cyber-espionage group has spent the past year breaking into computer systems belonging to governments and critical infrastructure organizations in more than 37 countries, according to the cybersecurity firm Palo Alto Networks, Inc. The state-aligned attackers have infiltrated networks of 70 organizations, including five national law enforcement and border control agencies, according to a new research report from the company. They have also breached three ministries of finance, one country's parliament and a senior elected official in another, the report states. The Santa Clara, California-based firm declined to identify the hackers' country of origin.

The spying operation was unusually vast and allowed the hackers to hoover up sensitive information in apparent coordination with geopolitical events, such as diplomatic missions, trade negotiations, political unrest and military actions, according to the report. They used that access to spy on emails, financial dealings and communications about military and police operations, the report states. The hackers also stole information about diplomatic issues, lurking undetected in some systems for months. "They use highly-targeted and tailored fake emails and known, unpatched security flaws to gain access to these networks," said Pete Renals, director of national security programs with Unit 42, the threat intelligence division of Palo Alto Networks....

Palo Alto Networks researchers confirmed that the group successfully accessed and exfiltrated sensitive data from some victims' email servers.
Bloomberg writes that according to the cybersecurity firm, this campaign targeted government entities in the Czech Republic and the Ministry of Mines and Energy of Brazil, and also "likely compromised" a device associated with a facility operated by a joint venture between Venezuela's government and an Asian tech firm.

The cyberattackers are "also suspected of being active in Germany, Poland, Greece, Italy, Cyprus, Indonesia, Malaysia, Mongolia, Panama, Greece and other countries, according to the report."

Axios reports: Anthropic's latest AI model has found more than 500 previously unknown high-severity security flaws in open-source libraries with little to no prompting, the company shared first with Axios.

Why it matters: The advancement signals an inflection point for how AI tools can help cyber defenders, even as AI is also making attacks more dangerous...

Anthropic debuted Claude Opus 4.6, the latest version of its largest AI model, on Thursday. Before its debut, Anthropic's frontier red team tested Opus 4.6 in a sandboxed environment [including access to vulnerability analysis tools] to see how well it could find bugs in open-source code... Claude found more than 500 previously unknown zero-day vulnerabilities in open-source code using just its "out-of-the-box" capabilities, and each one was validated by either a member of Anthropic's team or an outside security researcher... According to a blog post, Claude uncovered a flaw in GhostScript, a popular utility that helps process PDF and PostScript files, that could cause it to crash. Claude also found buffer overflow flaws in OpenSC, a utility that processes smart card data, and CGIF, a tool that processes GIF files.
Logan Graham, head of Anthropic's frontier red team, told Axios they're considering new AI-powered tools to hunt vulnerabilities. "The models are extremely good at this, and we expect them to get much better still... I wouldn't be surprised if this was one of — or the main way — in which open-source software moving forward was secured."

Waymo surprised U.S. lawmakers Wednesday during a hearing on autonomous vehicles and their safety and oversight. Newsweek reports: During questioning, Sen. Ed Markey, a Massachusetts Democrat, asked what happens when a Waymo vehicle encounters a driving situation it cannot independently resolve. "The Waymo phones a human friend for help," Markey explained, adding that the vehicle communicates with a "remote assistance operator." Markey criticized the lack of public information about these workers, despite their role in vehicle safety...

[Dr. Mauricio Peña, chief safety officer at Waymo] responded by clarifying the scope of the operators' involvement: "They provide guidance, they do not remotely drive the vehicles," Peña said. "Waymo asks for guidance in certain situations and gets input, but Waymo is always in charge of the dynamic driving task," according to EVShift. Pressed further on where those operators are located, Peña told lawmakers that some are based in the United States and others abroad, though he did not have an exact breakdown. After additional questioning, he confirmed that overseas operators are located in the Philippines...

The disclosure prompted sharp criticism from Markey, who raised concerns about security and labor implications. "Having people overseas influencing American vehicles is a safety issue," he said. "The information the operators receive could be out of date. It could introduce tremendous cyber security vulnerabilities," according to People. Markey also pointed to job displacement, noting that autonomous vehicles already affect taxi and rideshare drivers in the U.S. Waymo defended the practice in comments to People, saying the use of overseas staff is part of a broader effort to scale operations globally.
Waymo also defended the remote workers to Newsweek as licensed drivers reviewed for "driving-related convictions" and other traffic violations who are also "randomly screened for drug use."

Thanks to Slashdot reader sinij for sharing the news.

Neocities founder Kyle Drake has spent weeks trapped in Microsoft's automated support loop after discovering that Bing quietly blocked all 1.5 million websites hosted on his platform, a free web-hosting service that has kept the spirit of 1990s GeoCities alive since 2013.

Drake first noticed the issue last summer and thought it was resolved, but a second complete block went into effect in January, cratering Bing traffic from roughly half a million daily visitors to zero. He submitted nearly a dozen tickets through Bing's webmaster tools but could not get past the AI chatbot to reach a human. After Ars Technica contacted Microsoft, the company restored the Neocities front page within 24 hours but most subdomains remain blocked. Microsoft cited policy violations related to low-quality content yet declined to identify the offending sites or work directly with Drake to fix the problem.

Memory prices across DRAM, NAND and HBM have surged 80 to 90% quarter-over-quarter in Q1 2026, according to Counterpoint Research's latest Memory Price Tracker. The price of a 64GB RDIMM has jumped from a Q4 2025 contract price of $450 to over $900, and Counterpoint expects it to cross $1,000 in Q2.

NAND, relatively stable last quarter, is tracking a parallel increase. Device makers are cutting DRAM content per device, swapping TLC SSDs for cheaper QLC alternatives, and shifting orders from the now-scarce LPDDR4 to LPDDR5 as new entry-level chipsets support the newer standard. DRAM operating margins hit the 60% range in Q4 2025 -- the first time conventional DRAM margins surpassed HBM -- and Q1 2026 is on track to set all-time highs.

Salesforce is essentially shutting down Heroku as an evolving product, moving the cloud platform that helped define modern app deployment to a "sustaining engineering model" focused entirely on stability, security and support.

Existing customers on credit card billing see no changes to pricing or service, but enterprise contracts are no longer available to new buyers. Salesforce said it is redirecting engineering investment toward enterprise AI.

The CIA has shut down The World Factbook, one of its oldest and most recognizable public-facing intelligence publications, ending a run that began as a classified reference document in 1962 and evolved into a freely accessible digital resource that drew millions of views each year.

The agency offered no explanation for the decision. Originally titled The National Basic Intelligence Factbook, the publication first went unclassified in 1971, was renamed a decade later, and moved online at CIA.gov in 1997. It served researchers, news organizations, teachers, students and international travelers. The site hosted more than 5,000 copyright-free photographs, some donated by CIA officers from their personal travel. Every page now redirects to a farewell announcement.

Google's Quick Share-AirDrop interoperability, which has been exclusive to the Pixel 10 series since its surprise launch last year, is headed to a much broader set of Android devices in 2026.

Eric Kay, Google's Vice President of Engineering for the Android platform, confirmed the expansion during a press briefing at the company's Taipei office, saying Google is "working with our partners to expand it into the rest of the ecosystem" and that announcements are coming "very soon." Nothing is the only OEM to have publicly confirmed it's working on support, though Qualcomm has also hinted at enabling the feature on Snapdragon-powered phones.

Automattic and the Internet Archive have released a free, open-source WordPress plugin that automatically detects broken outbound links on a site and redirects visitors to archived Wayback Machine copies instead of serving them a 404 error.

The Internet Archive Wayback Machine Link Fixer, which launched last fall and is available on WordPress.org, runs in the background scanning posts for dead links, checking for existing archived versions, and requesting new snapshots when none exist. It also archives a site's own posts whenever they are updated. If the original link comes back online, the plugin stops redirecting.

Pew Research has found that 38% of the web has disappeared over the past decade, and WordPress powers more than 40% of websites online.

alternative_right writes: The city of Munich has developed its own measurement instrument to assess the digital sovereignty of its IT infrastructure. The so-called Digital Sovereignty Score (SDS) visually resembles the Nutri-Score and identifies IT systems based on their independence from individual providers and 'foreign' legal spheres. The Technical University of Munich was involved in the development.

In September and October 2025, the IT Department already conducted a first comprehensive test. Out of a total of 2780 municipal application services, 194 particularly critical ones were selected and evaluated based on five categories. The analysis already showed a high degree of digital sovereignty: 66% of the 194 evaluated services reached the highest levels (SDS 1 and 2), only 5% reached the critical level 4, and 21% reached the most critical level 5. The SDS evaluates not only technical dependencies but also legal and organizational risks.

Valve has pushed back the launch of its Steam Machine, Steam Frame and Steam Controller hardware from its original Q1 2026 window to a vaguer "first half of the year" target, blaming the ongoing memory and storage shortage that has been squeezing the tech industry.

The company said in a post today that rising component prices and limited availability forced it to revisit both its shipping schedule and pricing plans. Valve had previously indicated the Steam Machine would be priced at the entry level of the PC space.

Microsoft has finally delivered on its promise to integrate Sysmon -- the long-standing system monitoring tool from its Sysinternals suite -- directly into Windows, a move that should make life considerably easier for enterprise administrators who have struggled with deploying and managing the utility across thousands of endpoints.

The functionality landed this week in Windows Insider builds 26300.7733 (Dev channel) and 26220.7752 (Beta channel). Sysmon allows administrators to capture system events through custom configuration files, filter for specific activity, and pipe the data into standard Windows event logs for pickup by security tools and SIEM pipelines. Mark Russinovich, Microsoft technical fellow and Winternals co-founder, has previously noted the lack of official customer support for Sysmon in production environments -- a gap this integration addresses. The feature ships disabled by default and requires PowerShell to enable. Microsoft notes that any existing Sysmon installation must be uninstalled before activating the built-in version.

Google's much-anticipated plan to merge Android and ChromeOS into a single operating system called Aluminium is shaping up to be a drawn-out, complicated transition that could leave existing Chromebook users behind, according to previously unreported court documents in the Google search antitrust case.

The new OS won't be compatible with all existing Chromebook hardware, and Google will be forced to maintain ChromeOS through at least 2033 to honor its 10-year support commitment to current users -- meaning two parallel operating systems running for years.

The timeline itself is messier than Google has let on publicly, the filings suggest. Sameer Samat, Google's head of Android, called the merger "something we're super excited about for next year" last September, but court filings describe the "fastest path" to market as offering Aluminium to "commercial trusted testers" in late 2026 before a full release in 2028.

Enterprise and education customers -- the segments where Chromebooks currently dominate -- are slated for 2028 as well. Columbia computer science professor Jason Nieh, who interviewed Google engineers as a witness in the case, testified that Aluminium requires a heavier software stack and more powerful hardware to run.

Adobe is no longer planning to discontinue Adobe Animate on March 1st. From a report: In an FAQ, the company now says that Animate will now be in maintenance mode and that it has "no plans toâdiscontinue or remove access" to the app.

Animate will still receive "ongoing security and bug fixes" and will still be available for "both new and existing users," but it won't get new features. Many creators expressed frustration after Adobe's original discontinuation announcement from earlier this week, and the application is still used by creators like David Firth, the person behind the animated web series Salad Fingers. Now, Adobe says that "We are committed to ensuring Animate usersâalways have access to their content regardless of the state of development of the application."

BrianFagioli writes: Google has quietly retired the ZetaSQL name and rebranded its open source SQL analysis and parsing project as GoogleSQL. This is not a technical change but a naming cleanup meant to align the open source code with the SQL dialect already used across Google products like BigQuery and Spanner. Internally, Google has long called the dialect GoogleSQL, even while the open source project lived under a different name.

By unifying everything under GoogleSQL, Google says it wants to reduce confusion and make it clearer that the same SQL foundation is shared across its cloud services and open source tooling. The code, features, and team remain unchanged. Only the name is different. GoogleSQL is now the single label Google wants developers to recognize and use going forward.

YouTube has confirmed that it is blocking background playback -- the ability to keep a video's audio running after minimizing the browser or locking the screen -- for non-Premium users across third-party mobile browsers including Samsung Internet, Brave, Vivaldi and Microsoft Edge.

Users began reporting the issue last week, noting that audio would cut out the moment they left the browser, sometimes after a brief "MediaOngoingActivity" notification flashed before media controls disappeared. A Google spokesperson told Android Authority that the platform "updated the experience to ensure consistency," calling background play a Premium-exclusive feature.

Microsoft is reevaluating its AI strategy on Windows 11 and plans to scale back or remove Copilot integrations across built-in apps after months of sustained user backlash, according to a Windows Central report citing people familiar with the company's plans.

Copilot features in apps like Notepad and Paint are under review and could be pulled entirely or stripped of their Copilot branding in favor of a more streamlined experience. The company has paused work on adding new Copilot buttons to any other in-box apps. Windows Recall, the screenshot-based search feature delayed by an entire year in 2024 over security and privacy concerns, is separately under review -- Microsoft internally considers the current implementation a failure and is exploring ways to rework or rename the feature rather than scrap it entirely, the report said.

Moltbook, a Reddit-like social network that launched last week and bills itself as a platform "built exclusively for AI agents," had a security vulnerability that exposed private messages shared between agents, the email addresses of more than 6,000 human owners, and over a million credentials, according to research published Monday by cybersecurity firm Wiz.

The flaw has since been fixed after Wiz contacted Moltbook. Wiz cofounder Ami Luttwak called it a classic byproduct of "vibe coding." Moltbook creator Matt Schlicht posted on X last Friday that he "didn't write one line of code" for the site. He did not immediately respond to a request for comment when reached out by Reuters. Luttwak said the vulnerability also allowed anyone to post to the site, bot or human. "There was no verification of identity," he said.

Luthair writes: Notepad++ claims to have been targeted by a state actor, given their previous stance on Uyghurs one can speculate about a candidate. Notepad++, in a blog post: According to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org. The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. Traffic from certain targeted users was selectively redirected to attacker-controlled served malicious update manifests.

The New York Times lists other reasons a company lays off people. ("It didn't meet financial targets. It overhired. Tariffs, or the loss of a big client, rocked it...")

"But lately, many companies are highlighting a new factor: artificial intelligence. Executives, saying they anticipate huge changes from the technology, are making cuts now." A.I. was cited in the announcements of more than 50,000 layoffs in 2025, according to Challenger, Gray & Christmas, a research firm... Investors may applaud such pre-emptive moves. But some skeptics (including media outlets) suggest that corporations are disingenuously blaming A.I. for layoffs, or "A.I.-washing." As the market research firm Forrester put it in a January report: "Many companies announcing A.I.-related layoffs do not have mature, vetted A.I. applications ready to fill those roles, highlighting a trend of 'A.I.-washing' — attributing financially motivated cuts to future A.I. implementation...."

"Companies are saying that 'we're anticipating that we're going to introduce A.I. that will take over these jobs.' But it hasn't happened yet. So that's one reason to be skeptical," said Peter Cappelli, a professor at the Wharton School... Of course, A.I. may well end up transforming the job market, in tech and beyond. But a recent study... [by a senior research fellow at the Brookings Institution who studies A.I. and work] found that AI has not yet meaningfully shifted the overall market. Tech firms have cut more than 700,000 employees globally since 2022, according to Layoffs.fyi, which tracks industry job losses. But much of that was a correction for overhiring during the pandemic.

As unpopular as A.I. job cuts may be to the public, they may be less controversial than other reasons — like bad company planning.
Amazon CEO Jassy has even said the reason for most of their layoffs was reducing bureaucracy, the article points out, although "Most analysts, however, believe Amazon is cutting jobs to clear money for A.I. investments, such as data centers."