Amazon's Ring has announced a partnership with Flock Safety, the AI-powered camera network already used by ICE, the Secret Service, and other federal agencies. "Now agencies that use Flock can request that Ring doorbell users share footage to help with 'evidence collection and investigative work,'" reports TechCrunch. From the report: Flock cameras work by scanning the license plates and other identifying information about cars they see. Flock's government and police customers can also make natural language searches of their video footage to find people who match specific descriptions. However, AI-powered technology used by law enforcement has been proven to exacerbate racial biases. On the same day that Ring announced this partnership, 404 Media reported that ICE, the Secret Service, and the Navy had access to Flock's network of cameras. By partnering with Ring, Flock could potentially access footage from millions more cameras.

Boris Johnson's former adviser claims that China infiltrated a key UK government data-transfer network for years, compromising highly classified materials and prompting a Whitehall cover-up that prioritized Chinese investment over national security. The Times reports: Dominic Cummings, who served as a senior adviser to Boris Johnson, said that he and the then prime minister were informed about the breach in 2020 but that there had subsequently been a cover-up. He said he was warned at the time that disclosing some specific details of the breach would be a criminal offence. He claimed that the breach included some "Strap" material, which is the government term for the highest level of classified information.

The breach, which was confirmed by two other senior Whitehall sources, was said to have been connected to a Chinese-owned company involved in Britain's critical national infrastructure. Tom Tugendhat, a former Tory security minister, supported Cummings's account. Cummings said that he and Johnson were informed of the breach in the "bunker" of No 10 -- a reference to the secure room in Downing Street.

He told The Times: "The cabinet secretary said, 'We have to explain something; there's been a serious problem', and he talked through what this was. "And it was so bizarre that, not just Boris, a few people in the room were looking around like this -- 'Am I somehow misunderstanding what he's saying? Because it sounds f***ing crazy.'" He added: "What I'm saying is that some Strap stuff was compromised and vast amounts of data classified as extremely secret and extremely dangerous for any foreign entity to control was compromised. "Material from intelligence services. Material from the National Security Secretariat in the Cabinet Office. Things the government has to keep secret. If they're not secret, then there are very, very serious implications for it."

The U.S. Department of Justice seized about $15 billion in bitcoin from wallets tied to Chen Zhi, founder of Cambodia's Prince Holding Group, who is accused of running one of the world's biggest "pig butchering" scams. Prosecutors say Zhi's network trafficked people into forced-labor scam compounds that defrauded victims worldwide through fake crypto investment schemes. CNBC reports: The seizure is the largest forfeiture action by the DOJ in history. An indictment charging the alleged pig butcher, Chen Zhi, was unsealed Tuesday in federal court in Brooklyn, New York. Zhi, who is also known as "Vincent," remains at large, according to the U.S. Attorney's Office for the Eastern District of New York. He was identified in court filings as the founder and chairman of Prince Holding Group, a multinational business conglomerate based in Cambodia, which prosecutors said grew "in secret .... into one of Asia's largest transnational criminal organizations. [...]

The scams duped people contacted via social media and messaging applications online into transferring cryptocurrency into accounts controlled by the scheme with false promises that the crypto would be invested and produce profits, according to the office. "In reality, the funds were stolen from the victims and laundered for the benefit of the perpetrators," the release said. "The scam perpetrators often built relationships with their victims over time, earning their trust before stealing their funds."

Prosecutors said that hundreds of people were trafficked and forced to work in the scam compounds, "often under the threat of violence." Zhi and a network of top executives in the Prince Group are accused of using political influence in multiple countries to protect their criminal enterprise and paid bribes to public officials to avoid actions by law enforcement authorities targeting the scheme, according to prosecutors.

An anonymous reader quotes a report from the Associated Press: Google announced on Tuesday that it will invest $15 billion in India over the next five years to establish its first artificial intelligence hub in the country. Located in the southern city of Visakhapatnam, the hub will be one of Google's largest globally. It will feature gigawatt-scale data center operations, extensive energy infrastructure and an expanded fiber-optic network, the company said in a statement. The investment underscores Google's growing reliance on India as a key technology and talent base in the global race for AI dominance.

For India, it brings in high-value infrastructure and foreign investment at a scale that can accelerate its digital transformation ambitions. Google said its AI hub investment will include construction of a new international subsea gateway that would connect to the company's more than 2 million miles (3.2 million kilometers) of existing terrestrial and subsea cables. "The initiative creates substantial economic and societal opportunities for both India and the United States, while pioneering a generational shift in AI capability," the company's statement said.

BrianFagioli writes: TP-Link has officially achieved the first successful Wi-Fi 8 connection using a prototype device built through an industry collaboration. The company confirmed that both the beacon and data throughput worked, marking a real-world validation of next-generation wireless tech. It's an early glimpse of what the next leap in speed and reliability could look like, even as the Wi-Fi 8 standard itself remains under development. The Verge adds: Like its predecessor, Wi-Fi 8 will utilize 2.4GHz, 5GHz, and 6GHz bands with a theoretical maximum channel bandwidth of 320MHz and peak data rate of 23Gbps, but aims to improve real-world performance and connection reliability. The goal is to provide better performance in environments with low signal, or under high network loads, where an increasing number of devices are sharing the same connection.

Lyft is teaming up with Tensor Auto to launch hundreds of AI-powered "Robocars" across Europe and North America starting in 2027. Bloomberg reports: Tensor Robocars, the first deliveries of which are planned in late 2026, have more than 100 sensors including cameras, lidars and radars, and processes sensor data with artificial intelligence technology powered by Nvidia Corp. chips on board. The vehicles will come from the manufacturer with Lyft's platform installed, which will allow owners to make money on the rideshare network in markets where level 4 autonomous technology is available, according to the joint statement. Lyft has reserved hundreds of Robocars via its affiliates for its own fleet operations, subject to regulatory approvals.

An anonymous reader quotes a report from CSO Online: On Sept. 17, security vendor SonicWall announced that cybercriminals had stolen backup files configured for cloud backup. At the time, the company claimed the incident was limited to "less than five percent" of its customers. Now, the firewall provider has admitted that "all customers" using the MySonicWall cloud backup feature were affected. According to the company, the stolen files contain encrypted credentials and configuration data. "[W]hile encryption remains in place, possession of these files could increase the risk of targeted attacks," SonicWall warns in its press release.

Security specialist Arctic Wolf also warns of the consequences of the incident. "Firewall configuration files store sensitive information that can be leveraged by threat actors to exploit and gain access to an organization's network," explains Stefan Hostetler, threat intelligence researcher at Arctic Wolf. "These files can provide threat actors with critical information such as user, group, and domain settings, DNS and log settings, and certificates," he adds. Arctic Wolf has previously observed threat actors, including nation-state and ransomware groups, exfiltrating firewall configuration files to use for future attacks. SonicWall urges all customers and partners to regularly check their devices for updates. Admins can find additional information here.

prisoninmate shares a report from 9to5Linux: Dubbed Questing Quokka, Ubuntu 25.10 is powered by the latest and greatest Linux 6.17 kernel series for top-notch hardware support and ships with the latest GNOME 49 desktop environment, defaulting to a Wayland-only session for the Ubuntu Desktop flavor, meaning there's no other session to choose from the login screen. Ubuntu Desktop also ships with two new apps, namely GNOME's Loupe instead of Eye of GNOME as the default image viewer, as well as Ptyxis instead of GNOME Terminal as the default terminal emulator. Also, there's a new update notification that will be shown with options to open Software Updater or install updates directly.'

Other highlights of Ubuntu 25.10 include sudo-rs as the default implementation of sudo, Dracut as the default initramfs-tools, Chrony as the default NTP (Network Time Protocol) client, Rust Coreutils as the default implementation of GNU Core Utilities, and TPM-backed FDE (Full Disk Encryption) recovery key management. Moreover, Ubuntu 25.10 adds NVIDIA Dynamic Boost support and enables suspend-resume support in the proprietary NVIDIA graphics driver to prevent corruption and freezes when waking an NVIDIA desktop. For Intel users, Ubuntu 25.10 introduces support for new Intel integrated and discrete GPUs. Ubuntu 25.10 is available for download here.

An anonymous reader shares a report: In another loss for early smart home adopters, Logitech has announced that it will brick all Pop switches on October 15.

In August of 2016, Logitech launched Pop switches, which provide quick access to a range of smart home actions, including third-party gadgets. For example, people could set their Pop buttons to launch Philips Hue or Insteon lighting presets, play a playlist from their Sonos speaker, or control Lutron smart blinds. Each button could store three actions, worked by identifying smart home devices on a shared Wi-Fi network, and was controllable via a dedicated Android or iOS app. The Pop Home Switch Starter Pack launched at $100, and individual Pop Add-on Home Switches debuted at $40 each.

A company spokesperson told Ars Technica that Logitech informed customers on September 29 that their Pop switches would soon become e-waste.

Synology has released an update to its Disk Station Manager software that removes verified drive requirements from its 2025 model-year Plus, Value and J-series DiskStation network-attached storage devices. The change allows users to install non-validated third-party drives and create storage pools without restrictions.

The company had expanded its verified drive policy to the entire Plus line a few months earlier. Synology-branded drives carried substantial price premiums over commodity hardware. The HAT5310 enterprise SATA drive costs $299 for 8TB compared to $220 for an identically sized Seagate Exos disk. Users who installed non-verified drives in affected models faced reduced functionality and persistent warning messages in the DSM interface.

Synology said today it is collaborating with third-party drive manufacturers to accelerate testing and verification of additional storage drives. Pool and cache creation on M.2 disks still requires drives from the hardware compatibility list. Synology did not clarify whether the policy change applies to previous-generation products.

NBC is developing a game show based on the New York Times' Wordle puzzle, with Today anchor Savannah Guthrie set to host and Jimmy Fallon executive producing through his company, Electric Hot Dog. The Times is also a production partner. From the Hollywood Reporter: Wordle, which the Times acquired in 2022 and logs billions of plays from the paper's games site annually, gives players six tries to guess a five-letter word, revealing only if letters are in the right place (via a green background) or part of the word but in the wrong place (with a gold background). Should it go forward, the Wordle show would join another Fallon-produced game show, Password, on NBC's unscripted roster. The Tonight Show emcee also executive produces and hosts the network's On Brand, a competition series that revolves around advertising and marketing.

A now-fixed security flaw in India's income tax e-filing portal exposed millions of taxpayers' personal and financial data due to a basic IDOR vulnerability that let users view others' records by swapping PAN numbers. "The exposed data included full names, home addresses, email addresses, dates of birth, phone numbers, and bank account details of people who pay taxes on their income in India," reports TechCrunch. "The data also exposed citizens' Aadhaar number, a unique government-issued identifier used as proof of identity and for accessing government services." From the report: The researchers found that when they signed into the portal using their Permanent Account Number (PAN), an official document issued by the Indian income tax department, they could view anyone else's sensitive financial data by swapping out their PAN for another PAN in the network request as the web page loads. This could be done using publicly available tools like Postman or Burp Suite (or using the web browser's in-built developer tools) and with knowledge of someone else's PAN, the researchers told TechCrunch.

The bug was exploitable by anyone who was logged-in to the tax portal because the Indian income tax department's back-end servers were not properly checking who was allowed to access a person's sensitive data. This class of vulnerability is known as an insecure direct object reference, or IDOR, a common and simple flaw that governments have warned is easy to exploit and can result in large-scale data breaches.

"This is an extremely low-hanging thing, but one that has a very severe consequence," the researchers told TechCrunch. In addition to the data of individuals, the researchers said that the bug also exposed data associated with companies who were registered with the e-Filing portal. [...] It remains unclear how long the vulnerability has existed or whether any malicious actors have accessed the exposed data.

Paramount has acquired The Free Press, Bari Weiss's Substack-born media outlet, for $150 million and appointed Weiss as editor-in-chief of CBS News. The move effectively places a conservative-leaning Substack writer at the helm of a legacy news network, following the FCC's approval of the Skydance-Paramount merger, which required CBS to feature a broader "diversity of viewpoints from across the political and ideological spectrum." The Verge reports: Before starting The Free Press, Weiss worked as an op-ed and book review editor at The Wall Street Journal from 2013 to 2017 and later became an op-ed editor and writer at The New York Times to expand the publication's stable of conservative columnists during Donald Trump's first term. She resigned from the NYT in 2020, citing an "illiberal environment."

Weiss started a Substack newsletter in 2021, called Common Sense, which later evolved into The Free Press, touting itself as a media company "built on the ideals that were once the bedrock of great American journalism." As noted in the press release, The Free Press has grown its revenue 82 percent over the past year, while subscribers increased 86 percent to 1.5 million, 170,000 of which are paid subscriptions.

An anonymous reader quotes a report from BleepingComputer: The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances. Redis (short for Remote Dictionary Server) is an open-source data structure store used in approximately 75% of cloud environments, functioning like a database, cache, and message broker, and storing data in RAM for ultra-fast access. The security flaw (tracked as CVE-2025-49844) is caused by a 13-year-old use-after-free weakness found in the Redis source code and can be exploited by authenticated threat actors using a specially crafted Lua script (a feature enabled by default). Successful exploitation enables them to escape the Lua sandbox, trigger a use-after-free, establish a reverse shell for persistent access, and achieve remote code execution on the targeted Redis hosts.

After compromising a Redis host, attackers can steal credentials, deploy malware or cryptocurrency mining tools, extract sensitive data from Redis, move laterally to other systems within the victim's network, or use stolen information to gain access to other cloud services. "This grants an attacker full access to the host system, enabling them to exfiltrate, wipe, or encrypt sensitive data, hijack resources, and facilitate lateral movement within cloud environments," said Wiz researchers, who reported the security issue at Pwn2Own Berlin in May 2025 and dubbed it RediShell.

While successful exploitation requires attackers first to gain authenticated access to a Redis instance, Wiz found around 330,000 Redis instances exposed online, with at least 60,000 of them not requiring authentication. Redis and Wiz urged admins to patch their instances immediately by applying security updates released on Friday, "prioritizing those that are exposed to the internet." To further secure their Redis instances against remote attacks, admins can also enable authentication, disable Lua scripting and other unnecessary commands, launch Redis using a non-root user account, enable Redis logging and monitoring, limit access to authorized networks only, and implement network-level access controls using firewalls and Virtual Private Clouds (VPCs).

An anonymous reader quotes a report from Ars Technica: As we careen toward a future in which Google has final say over what apps you can run, the company has sought to assuage the community's fears with a blog post and a casual "backstage" video. Google has said again and again since announcing the change that sideloading isn't going anywhere, but it's definitely not going to be as easy. The new information confirms app installs will be more reliant on the cloud, and devs can expect new fees, but there will be an escape hatch for hobbyists.

Confirming app verification status will be the job of a new system component called the Android Developer Verifier, which will be rolled out to devices in the next major release of Android 16. Google explains that phones must ensure each app has a package name and signing keys that have been registered with Google at the time of installation. This process may break the popular FOSS storefront F-Droid. It would be impossible for your phone to carry a database of all verified apps, so this process may require Internet access. Google plans to have a local cache of the most common sideloaded apps on devices, but for anything else, an Internet connection is required. Google suggests alternative app stores will be able to use a pre-auth token to bypass network calls, but it's still deciding how that will work.

The financial arrangement has been murky since the initial announcement, but it's getting clearer. Even though Google's largely automated verification process has been described as simple, it's still going to cost developers money. The verification process will mirror the current Google Play registration fee of $25, which Google claims will go to cover administrative costs. So anyone wishing to distribute an app on Android outside of Google's ecosystem has to pay Google to do so. What if you don't need to distribute apps widely? This is the one piece of good news as developer verification takes shape. Google will let hobbyists and students sign up with only an email for a lesser tier of verification. This won't cost anything, but there will be an unclear limit on how many times these apps can be installed. The team in the video strongly encourages everyone to go through the full verification process (and pay Google for the privilege). We've asked Google for more specifics here.

The blackout that left Spain without power last April was the most severe incident to hit European networks in two decades and the first of its kind, according to the European Network of Transmission System Operators for Electricity. Damian Cortinas, the organization's chairman, said the April 28 outage was Europe's first blackout linked to cascading voltages. More than 50 million people lost electricity for several hours.

A preliminary report published in July attributed the outage to a chain of power generation disconnections and abnormal voltage surges. The final assessment will be released in the first quarter of next year and presented to the European Commission and member states. A government probe in June found that grid operator Red Electrica failed to replace one of 10 planned thermal plants, reducing reserve capacity. Spain spent only $0.3 on its grid for every dollar invested in renewables between 2020 and 2024, the lowest ratio among European countries and well below the $0.7 average.

Walmart plans to deploy sensors across its 4,600 US stores by the end of 2026 to track 90 million pallets of groceries shipped annually [Editor's note: non-paywalled source]. The retailer and technology vendor Wiliot announced the expansion Thursday. The sensors will monitor the location, condition and temperature of perishables as they move from warehouses to stores. Walmart started testing Wiliot's sensors at a Texas warehouse in 2023 and has expanded to 500 locations. The full rollout will cover the retailer's US store network and 40 distribution centers.

The microchips measure 0.7 square millimeters and are embedded in shipping labels. They use Bluetooth to transmit real-time data about pallets. Walmart previously relied on manual scanning and paper checks by employees. The Arkansas-based company employs 2.1 million people but increased revenues by $150 billion over five years without adding workers. Walmart accounts for more than a fifth of US grocery sales.

An anonymous reader shares a report: It's not the vibes; Earth is literally getting darker. Scientists have discovered that our planet has been reflecting less light in both hemispheres, with a more pronounced darkening in the Northern hemisphere, according to a study published on Monday in Proceedings of the National Academy of Sciences.

The new trend upends longstanding symmetry in the surface albedo, or reflectivity, of the Northern and Southern hemispheres. In other words, clouds circulate in a way that equalizes hemispheric differences, such as the uneven distribution of land, so that the albedos roughly match -- though nobody knows why. "There are all kinds of things that people have noticed in observations and simulations that tend to suggest that you have this hemispheric symmetry as a kind of fundamental property of the climate system, but nobody's really come up with a theoretical framework or explanation for it," said Norman Loeb, a physical scientist at NASA's Langley Research Center, who led the new study. "It's always been something that we've observed, but we haven't really explained it fully."

To study this mystery, Loeb and his colleagues analyzed 24 years of observations captured since 2000 by the Clouds and the Earth's Radiant Energy System (CERES), a network of instruments placed on several NOAA and NASA satellites. Instead of an explanation for the strange symmetry, the results revealed an emerging asymmetry in hemispheric albedo; though both hemispheres are darkening, the Northern hemisphere shows more pronounced changes which challenges "the hypothesis that hemispheric symmetry in albedo is a fundamental property of Earth," according to the study.

Major health insurers are threatening to drop renowned cancer centers from their networks during contract negotiations, Memorial Sloan Kettering Cancer Center's president and CEO Selwyn M. Vickers and chairman Scott M. Stuart wrote in a story published by WSJ. Memorial Sloan Kettering Cancer Center reported that both Anthem Blue Cross Blue Shield and UnitedHealthcare prepared to terminate network agreements while patients underwent active cancer treatment. FTI Consulting found that 45% of 133 provider-payer disputes in 2024 failed to reach timely agreements. The disruptions have affected tens of thousands of patients.

Research published in the Journal of the National Cancer Institute found that care disruptions lead to more advanced-stage diagnoses and worse outcomes. Similar contract disputes involved Mayo Clinic, Johns Hopkins University and University of North Carolina Health. New York lawmakers introduced legislation this year requiring insurers to maintain coverage for cancer patients during negotiations and until treatment concludes. Memorial Sloan Kettering's leadership described the practice as using patients as bargaining chips despite record insurer profits.

Researchers have unveiled two new hardware-based attacks, Battering RAM and Wiretap, that break Intel SGX and AMD SEV-SNP trusted enclaves by exploiting deterministic encryption and physical interposers. Ars Technica reports: In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections -- which work by storing certain data and processes inside encrypted enclaves known as TEEs (Trusted Execution Enclaves) -- are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp. All major cloud providers recommend that customers use it. Intel calls its protection SGX, and AMD has named it SEV-SNP.

Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed Battering RAM, defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.