An anonymous reader quotes a report from The Guardian: People born more recently are less likely to have dementia at any given age than earlier generations, research suggests, with the trend more pronounced in women. According to the World Health Organization, in 2021 there were 57 million people worldwide living with dementia, with women disproportionately affected. However, while the risk of dementia increases with age, experts have long stressed it is not not an inevitability of getting older. "Younger generations are less likely to develop dementia at the same age as their parents or grandparents, and that's a hopeful sign," said Dr Sabrina Lenzen, a co-author of the study from the University of Queensland's Centre for the Business and Economics of Health. But she added: "The overall burden of dementia will still grow as populations age, and significant inequalities remain -- especially by gender, education and geography."

Writing in the journal Jama Network Open, researchers in Australia report how they analyzed data from 62,437 people aged 70 and over, collected from three long-running surveys covering the US, England and parts of Europe. The team used an algorithm that took into account participants' responses to a host of different metrics, from the difficulties they had with everyday activities to their scores on cognitive tests, to determine whether they were likely to have dementia. They then split the participants into eight different cohorts, representing different generations. Participants were also split into six age groups. As expected, the researchers found the prevalence of dementia increased by age among all birth cohorts, and in each of the three regions: UK, US and Europe. However, at a given age, people in more recent generations were less likely to have dementia compared with those in earlier generations.

"For example, in the US, among people aged 81 to 85, 25.1% of those born between 1890-1913 had dementia, compared to 15.5% of those born between 1939-1943," said Lenzen, adding similar trends were seen in Europe and England, although less pronounced in the latter. The team said the trend was more pronounced in women, especially in Europe and England, noting that one reason may be increased access to education for women in the mid-20th century. However, taking into account changes in GDP, a metric that reflects broader economic shifts, did not substantially alter the findings. A number of factors could be contributing to the decline. "This is likely due to interventions such as compulsory education, smoking bans, and improvements in medical treatments for conditions such as heart disease, diabetes, and hearing loss, which are associated with dementia risk," said Prof Tara Spires-Jones, the director of the Centre for Discovery Brain Sciences at the University of Edinburgh.

Apple has filed an appeal with the European Union's General Court in Luxembourg challenging the bloc's order requiring greater iOS interoperability with rival companies' products under the Digital Markets Act. The EU executive in March directed Apple to make its mobile operating system more compatible with competitors' apps, headphones, and virtual reality headsets by granting developers and device makers access to system components typically reserved for Apple's own products.

Apple contends the requirements threaten its seamless user experience while creating security risks, noting that companies have already requested access to sensitive user data including notification content and complete WiFi network histories. The company faces potential fines of up to 10% of its worldwide annual revenue if found in violation of the DMA's interoperability rules designed to curb Big Tech market power.

Journalists from Der Spiegel and Danwatch were able to use proxy servers in Belarus, Kazakhstan, and Russia to circumvent network restrictions and access documents about Russia's nuclear weapon sites, reports Cybernews.com.

"Data, including building plans, diagrams, equipment, and other schematics, is accessible to anyone in the public procurement database." Journalists from Danwatch and Der Spiegel scraped and analyzed over two million documents from the public procurement database, which exposed Russian nuclear facilities, including their layout, in great detail. The investigation unveils that European companies participate in modernizing them. According to the exclusive Der Spiegel report, Russian procurement documents expose some of the world's most secret construction sites. "It even contains floor plans and infrastructure details for nuclear weapons silos," the report reads.
Some details from the Amsterdam-based Moscow Times: Among the leaked materials are construction plans, security system diagrams and details of wall signage inside the facilities, with messages like "Stop! Turn around! Forbidden zone!," "The Military Oath" and "Rules for shoe care." Details extend to power grids, IT systems, alarm configurations, sensor placements and reinforced structures designed to withstand external threats...

"Material like this is the ultimate intelligence," said Philip Ingram, a former colonel in the British Army's intelligence corps. "If you can understand how the electricity is conducted or where the water comes from, and you can see how the different things are connected in the systems, then you can identify strengths and weaknesses and find a weak point to attack."
Apparently Russian defense officials were making public procurement notices for their construction projects — and then attaching sensitive documents to those public notices...

An anonymous reader quotes a report from KrebsOnSecurity: The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as "pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers. "Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024," reads a statement from the U.S. Department of the Treasury, which sanctioned Funnull and its 40-year-old Chinese administrator Liu Lizhi. "Funnull has directly facilitated several of these schemes, resulting in over $200 million in U.S. victim-reported losses."

The Treasury Department said Funnull's operations are linked to the majority of virtual currency investment scam websites reported to the FBI. The agency said Funnull directly facilitated pig butchering and other schemes that resulted in more than $200 million in financial losses by Americans. Pig butchering is a rampant form of fraud wherein people are lured by flirtatious strangers online into investing in fraudulent cryptocurrency trading platforms. Victims are coached to invest more and more money into what appears to be an extremely profitable trading platform, only to find their money is gone when they wish to cash out. The scammers often insist that investors pay additional "taxes" on their crypto "earnings" before they can see their invested funds again (spoiler: they never do), and a shocking number of people have lost six figures or more through these pig butchering scams.

KrebsOnSecurity's January story on Funnull was based on research from the security firm Silent Push, which discovered in October 2024 that a vast number of domains hosted via Funnull were promoting gambling sites that bore the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean state-sponsored hacking group Lazarus. Silent Push found Funnull was a criminal content delivery network (CDN) that carried a great deal of traffic tied to scam websites, funneling the traffic through a dizzying chain of auto-generated domain names and U.S.-based cloud providers before redirecting to malicious or phishous websites. The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025.

An anonymous reader quotes a report from SC Media: Thousands of ASUS routers have been compromised with malware-free backdoors in an ongoing campaign to potentially build a future botnet, GreyNoise reported Wednesday. The threat actors abuse security vulnerabilities and legitimate router features to establish persistent access without the use of malware, and these backdoors survive both reboots and firmware updates, making them difficult to remove.

The attacks, which researchers suspect are conducted by highly sophisticated threat actors, were first detected by GreyNoise's AI-powered Sift tool in mid-March and disclosed Thursday after coordination with government officials and industry partners. Sekoia.io also reported the compromise of thousands of ASUS routers in their investigation of a broader campaign, dubbed ViciousTrap, in which edge devices from other brands were also compromised to create a honeypot network. Sekoia.io found that the ASUS routers were not used to create honeypots, and that the threat actors gained SSH access using the same port, TCP/53282, identified by GreyNoise in their report. The backdoor campaign affects multiple ASUS router models, including the RT-AC3200, RT-AC3100, GT-AC2900, and Lyra Mini.

GreyNoise advises users to perform a full factory reset and manually reconfigure any potentially compromised device. To identify a breach, users should check for SSH access on TCP port 53282 and inspect the authorized_keys file for unauthorized entries.

A Qualcomm-commissioned study found that Apple's inaugural C1 modem, debuting in the iPhone 16e, significantly underperformed compared to Qualcomm-powered Android devices in challenging network conditions. The research by Cellular Insights tested devices on T-Mobile's 5G network in New York City, where Android phones achieved download speeds up to 35% faster and upload speeds up to 91% quicker than the iPhone 16e.

The performance gap widened when networks were congested or devices operated farther from cell towers -- precisely the scenarios where next-generation modems should excel, according to the report. The iPhone 16e became "noticeably hot to touch and exhibited aggressive screen dimming within just two-minute test intervals" during testing. This study arrives as Apple attempts to reduce its dependence on Qualcomm, which has historically provided modems for the entire iPhone lineup and represents roughly 20% of Qualcomm's revenue.

An anonymous reader shares a report: [Last] week, it was announced that Docomo's emoji designs will no longer appear on any of the Japanese mobile network's devices. This marks the end of an emoji era that first began in 1999, even though the set hasn't been updated since 2013.

[...] Unlike these earlier systems, Docomo's emoji set in 1999 was explicitly tied to mobile internet use and would become the template for emoji standardization in the 2000s and 2010s, alongside emoji design sets implemented by Softbank and KDDI on their own versions of i-mode (J-Sky and EZweb, respectively). Docomo's set would receive several updates between 1999 and 2013, introducing color support and additional concepts to the keyboard. But now, as per this week's announcement, it will finally be discontinued. Spanning 26 years, it's undeniable that Docomo's emoji set played a foundational role in emoji history, even if its last incarnation remained unchanged for almost 12 of those 26 years.

"Do we need publicly-owned social networks to escape Silicon Valley?" asks an opinion piece in Spain's El Pais newspaper.

It argues it's necessary because social media platforms "have consolidated themselves as quasi-monopolies, with a business model that consists of violating our privacy in search of data to sell ads..." Among the proposals and alternatives to these platforms, the idea of public social media networks has often been mentioned. Imagine, for example, a Twitter for the European Union, or a Facebook managed by media outlets like the BBC. In February, Spanish Prime Minister Pedro Sánchez called for "the development of our own browsers, European public and private social networks and messaging services that use transparent protocols." Former Spanish prime minister José Luis Rodríguez Zapatero — who governed from 2004 until 2011 — and the left-wing Sumar bloc in the Spanish Parliament have also proposed this. And, back in 2021, former British Labour Party leader Jeremy Corbyn made a similar suggestion.

At first glance, this may seem like a good idea: a public platform wouldn't require algorithms — which are designed to stimulate addiction and confrontation — nor would it have to collect private information to sell ads. Such a platform could even facilitate public conversations, as pointed out by James Muldoon, a professor at Essex Business School and author of Platform Socialism: How to Reclaim our Digital Future from Big Tech (2022)... This could be an alternative that would contribute to platform pluralism and ensure we're not dependent on a handful of billionaires. This is especially important at a time when we're increasingly aware that technology isn't neutral and that private platforms respond to both economic and political interests.
There's other possibilities. Further down they write that "it makes much more sense for the state to invest in, or collaborate with, decentralized social media networks based on free and interoperable software" that "allow for the portability of information and content." They even spoke to Cory Doctorow, who they say "proposes that the state cooperate with the software systems, developers, or servers for existing open-source platforms, such as the U.S. network Bluesky or the German firm Mastodon." (Doctorow adds that reclaiming digital independence "is incredibly important, it's incredibly difficult, and it's incredibly urgent."

The article also acknowledges the option of "legislative initiatives — such as antitrust laws, or even stricter regulations than those imposed in Europe — that limit or prevent surveillance capitalism." (Though they also figures showing U.S. tech giants have one of the largest lobbying groups in the EU, with Meta being the top spender...)

AT&T is buying CenturyLink's consumer fiber broadband division for $5.75 billion, "giving the internet provider another 1.1 million fiber customers in 11 states," reports Ars Technica. "The all-cash deal is expected to close during the first half of 2026 assuming the companies obtain regulatory approval. AT&T will gain new customers in Arizona, Colorado, Florida, Idaho, Iowa, Minnesota, Nebraska, Nevada, Oregon, Utah, and Washington." From the report: The deal will give AT&T room to grow its user base by more than the 1.1 million existing CenturyLink customers, as AT&T said the network areas being sold include over 4 million fiber-enabled locations. [...] The company, previously called CenturyLink, is officially named Lumen now but still uses the CenturyLink brand name for home Internet service. AT&T, which has 9.6 million (PDF) fiber customers and 14.1 million broadband customers overall, said the infrastructure it is purchasing will help it expand fiber construction to new locations as well.

The deal is also notable for what it doesn't include: Lumen's enterprise fiber customers and the old copper DSL lines that were never upgraded to fiber. [...] The deal seems unlikely to improve matters for CenturyLink copper users. [...] Lumen will retain the CenturyLink consumer copper broadband and voice services, but selling the consumer fiber business makes it clear that the telco isn't focused on residential customers. Lumen said that offloading consumer fiber lines will help sharpen its focus on selling services to large businesses. The company is maintaining its business fiber lines. [Ars notes that there are still nearly 1.4 million CenturyLink copper internet customers that will likely see service continue to degrade under Lumen's ownership.] "The transaction will enable AT&T to significantly expand access to AT&T Fiber in major metro areas like Denver, Las Vegas, Minneapolis-St. Paul, Orlando, Phoenix, Portland, Salt Lake City and Seattle, as well as additional geographies," AT&T said.

"AT&T will gain access to Lumen's substantial fiber construction capabilities within its incumbent local exchange carrier (ILEC) footprint and plans to accelerate the pace at which fiber is being built in these territories," AT&T said. "AT&T now expects to reach approximately 60 million total fiber locations by the end of 2030 -- "roughly doubling where AT&T Fiber is available today."

Verizon is officially asking for a waiver of the FCC's phone unlocking requirements. From a report: "Given the substantial and growing harms to consumers, competition and Verizon from this obligation -- and the lack of offsetting benefits -- the commission should waive this rule," the operator wrote.

Verizon faces phone unlocking requirements stemming from its acquisition of 700MHz spectrum in 2008, and also from conditions the FCC placed on the operator's acquisition of prepaid provider TracFone in 2021. The requirements mean that when a customer buys a phone from Verizon it's locked to Verizon's network for 60 days, so that they can only use it with a Verizon SIM card. After 60 days, Verizon automatically unlocks the phone, allowing that customer to use their phone on another carrier's network.

An anonymous reader quotes a report from The Guardian: "Do not use semicolons," wrote Kurt Vonnegut, who averaged fewer than 30 a novel (about one every 10 pages). "All they do is show you've been to college." A study suggests UK authors are taking Vonnegut's advice to heart; the semicolon seems to be in terminal decline, with its usage in English books plummeting by almost half in two decades -- from one appearing in every 205 words in 2000 to one use in every 390 words today. Further research by Lisa McLendon, author of The Perfect English Grammar Workbook, found 67% of British students never or rarely use the semicolon. Just 11% of respondents described themselves as frequent users.

Linguistic experts at the language learning software Babbel, which commissioned the original research, were so struck by their findings that they asked McLendon to give the 500,000-strong London Student Network a 10-question multiple-choice quiz on the semicolon. She found more than half of respondents did not know or understand how to use it. As defined by the Oxford Dictionary of English, the semicolon is "a punctuation mark indicating a pause, typically between two main clauses, that is more pronounced than that indicated by a comma." It is commonly used to link together two independent but related clauses, and is particularly useful for juxtaposition or replacing confusing extra commas in lists where commas already exist -- or where a comma would create a splice. The Guardian has a semicolon quiz at the end of the article where you can test your semicolon knowledge.

KrebsOnSecurity was hit with a near-record 6.3 Tbps DDoS attack, believed to be a test of the powerful new Aisuru IoT botnet. The attack, lasting under a minute, was the largest Google has ever mitigated and is linked to a DDoS-for-hire operation run by a 21-year-old Brazilian known as "Forky." Brian Krebs writes: [Google Security Engineer Damian Menscher] said the attack on KrebsOnSecurity lasted less than a minute, hurling large UDP data packets at random ports at a rate of approximately 585 million data packets per second. "It was the type of attack normally designed to overwhelm network links," Menscher said, referring to the throughput connections between and among various Internet service providers (ISPs). "For most companies, this size of attack would kill them." [...]

The 6.3 Tbps attack last week caused no visible disruption to this site, in part because it was so brief -- lasting approximately 45 seconds. DDoS attacks of such magnitude and brevity typically are produced when botnet operators wish to test or demonstrate their firepower for the benefit of potential buyers. Indeed, Google's Menscher said it is likely that both the May 12 attack and the slightly larger 6.5 Tbps attack against Cloudflare last month were simply tests of the same botnet's capabilities. In many ways, the threat posed by the Aisuru/Airashi botnet is reminiscent of Mirai, an innovative IoT malware strain that emerged in the summer of 2016 and successfully out-competed virtually all other IoT malware strains in existence at the time.

An anonymous reader shares a report: Intel has considered divesting its network and edge businesses as the chipmaker looks to shave off parts of the company its new chief executive does not see as crucial, three sources familiar with the matter said.

Talks about the potential sale of the group, once called NEX in Intel's financial results, are a part of CEO Lip-Bu Tan's strategy to focus its tens of thousands of employees on areas in which it has historically thrived: PC and data center chips.

"The world has changed," writes Stack Overflow's blog. "Fast. Artificial intelligence is reshaping how we build, learn, and solve problems. Software development looks dramatically different than it did even a few years ago — and the pace of change is only accelerating."

And they believe their brand "at times" lost "fidelity and clarity. It's very much been always added to and not been thought of holistically. So, it's time for our brand to evolve too," they write, hoping to articulate a perspective "forged in the fires of community, powered by collaboration, shaped by AI, and driven by people."

The developer news site DevClass notes the change happens "as the number of posts to its site continues a dramatic decline thanks to AI-driven alternatives." According to a quick query on the official data explorer, the sum of questions and answers posted in April 2025 was down by over 64 percent from the same month in 2024, and plunged more than 90 percent from April 2020, when traffic was near its peak...

Although declining traffic is a sign of Stack Overflow's reduced significance in the developer community, the company's business is not equally affected so far. Stack Exchange is a business owned by investment company Prosus, and the Stack Exchange products include private versions of its site (Stack Overflow for Teams) as well as advertising and recruitment. According to the Prosus financial results, in the six months ended September 2024, Stack Overflow increased its revenue and reduced its losses. The company's search for a new direction though confirms that the fast-disappearing developer engagement with Stack Overflow poses an existential challenge to the organization.
DevClass says Stack Overflow's parent company "is casting about for new ways to provide value (and drive business) in this context..." The company has already experimented with various new services, via its Labs research department, including an AI Answer Assistant and Question Assistant, as well as a revamped jobs site in association with recruitment site Indeed, Discussions for technical debate, and extensions for GitHub Copilot, Slack, and Visual Studio Code.
From the official announcement on Stack Overflow's blog: This rebrand isn't just a fresh coat of paint. It's a realignment with our purpose: to support the builders of the future in an AI world — with clarity, speed, and humanity. It's about showing up in a way that reflects who we are today, and where we're headed tomorrow.
"We have appointed an internal steering group and we have engaged with an external expert partner in this area to help bring about the required change," notes a post in Stack Exchange's "meta" area. This isn't just about a visual update or marketing exercise — it's going to bring about a shift in how we present ourselves to the world which you will feel everywhere from the design to the copywriting, so that we can better achieve our goals and shared mission. As the emergence of AI has called into question the role of Stack Overflow and the Stack Exchange Network, one of the desired outputs of the rebrand process is to clarify our place in the world.

We've done work toward this already — our recent community AMA is an example of this — but we want to ensure that this comes across in our brand and identity as well. We want the community to be involved and have a strong voice in the process of renewing and refreshing our brand. Remember, Stack Overflow started with a public discussion about what to name it!
And another another post two months ago Stack Exchange is exploring early ideas for expanding beyond the "single lane" Q&A highway. Our goal right now is to better understand the problems, opportunities, and needs before deciding on any specific changes...

The vision is to potentially enable:

- A slower lane, with high-quality durable knowledge that takes time to create and curate, like questions and answers.

- A medium lane, for more flexible engagement, with features like Discussions or more flexible Stack Exchanges, where users can explore ideas or share opinions.

- A fast lane for quick, real-time interaction, with features like Chat that can bring the community together to discuss topics instantly.

With this in mind, we're seeking your feedback on the current state of Chat, what's most important to you, and how you see Chat fitting into the future.
In a post in Stack Exchange's "meta" area, brand design director David Longworth says the "tension mentioned between Stack Overflow and Stack Exchange" is probably the most relevant to the rebranding.

But he posted later that "There's a lot of people behind the scenes on this who care deeply about getting this right! Thank you on behalf of myself and the team."

The Federal Communications Commission has approved Verizon's $9.6 billion acquisition of Frontier Communications, valuing the Dallas-based company at $20 billion including debt. The approval comes after Verizon agreed to scale back diversity initiatives to comply with Trump administration policies.

FCC Chairman Brendan Carr, who previously threatened to block mergers over DEI practices, praised the deal for its potential to "unleash billions in new infrastructure builds" and "accelerate the transition away from old, copper line networks to modern, high-speed ones." The acquisition positions America's largest phone carrier to expand its high-speed internet footprint across Frontier's 25-state network. Verizon plans to deploy fiber to more than one million U.S. homes annually following the transaction.

China launched 12 satellites on Wednesday as part of the âoeThree-Body Computing Constellation,â the worldâ(TM)s first dedicated orbital computing network led by ADA Space and Zhejiang Lab. SpaceNews reports: A Long March 2D rocket lifted off at 12:12 a.m. Eastern (0412 UTC) May 14 from Jiuquan Satellite Launch Center in northwest China. Insulation tiles fell away from the payload fairing as the rocket climbed into a clear blue sky above the spaceport. The China Aerospace Science and Technology Corporation (CASC) announced a fully successful launch, revealing the mission to have sent 12 satellites for a space computing constellation into orbit. Commercial company ADA Space released further details, stating that the 12 satellites form the "Three-Body Computing Constellation," which will directly process data in space, rather than on the ground, reducing reliance on ground-based computing infrastructure. The constellation will be capable of a combined 5 peta operations per second (POPS) with 30 terabytes of onboard storage.

The satellites feature advanced AI capabilities, up to 100 Gbps laser inter-satellite links and remote sensing payloads -- data from which will be processed onboard, reducing data transmission requirements. One satellite also carries a cosmic X-ray polarimeter developed by Guangxi University and the National Astronomical Observatories of the Chinese Academy of Sciences (NAOC), which will detect, identify and classify transient events such as gamma-ray bursts, while also triggering messages to enable followup observations by other missions. [...] The company says the constellation can meet the growing demand for real-time computing in space, as well as help China take the lead globally in building space computing infrastructure, seize the commanding heights of this future industry. The development could mark the beginning of space-based cloud computing as a new capability, as well as open a new arena for strategic competition with the U.S. You can watch a recording of the launch here.

Netflix said its cheaper, ad-supporter tier now has 94 million monthly active users -- an increase of more than 20 million since its last public tally in November. CNBC reports: The company and its peers have been increasingly leaning on advertising to boost the profitability of their streaming products. Netflix first introduced the ad-supported plan in November 2022. Netflix's ad-supported plan costs $7.99 per month, a steep discount from its least-expensive ad-free plan, at $17.99 per month. Netflix also said its cheapest tier reaches more 18- to 34-year-olds than any U.S. broadcast or cable network. "When you compare us to our competitors, attention starts higher and ends much higher," Netflix president of advertising Amy Reinhard said in a statement. "Even more impressive, members pay as much attention to mid-roll ads as they do to the shows and movies themselves."

An anonymous reader quotes a report from Ars Technica: Federal Communications Commission Chairman Brendan Carr has threatened to revoke EchoStar licenses for radio frequency bands coveted by rival firms including SpaceX, which alleges that EchoStar is underutilizing the spectrum. "I have directed agency staff to begin a review of EchoStar's compliance with its federal obligations to provide 5G service throughout the United States per the terms of its federal spectrum licenses," Carr wrote in a May 9 letter to EchoStar Chairman Charles Ergen. EchoStar and its affiliates "hold a large number of FCC spectrum licenses that cover a significant amount of spectrum," the letter said.

Ergen defended his company's wireless deployment but informed investors that EchoStar "cannot predict with any degree of certainty the outcome" of the FCC proceedings. The letter from Carr and Ergen's statement is included in a Securities and Exchange Commission filing submitted by EchoStar today. EchoStar's stock price was down about 8 percent in trading today. EchoStar bought Dish Network in December 2023 and offers wireless service under the Boost Mobile brand. As The Wall Street Journal notes, the firm "has spent years wiring thousands of cellphone towers to help Boost become a wireless operator that could rival AT&T, Verizon and T-Mobile, but the project has been slow-going. Boost's subscriber base has shrunk in the five years since Ergen bought the brand from Sprint." [...]

EchoStar will have to prove its case in the two FCC proceedings. The FCC set a May 27 deadline for the first round of comments in both proceedings and a June 6 deadline for reply comments. The proceedings could result in the FCC letting other companies use the spectrum and other remedies. "In particular, we seek information on whether EchoStar is utilizing the 2 GHz band for MSS consistent with the terms of its authorizations and the Commission's rules and policies governing the expectation of robust MSS," the FCC Space Bureau's call for comments said. "We also seek comment on steps the Commission might take to make more intensive use of the 2 GHz band, including but not limited to allowing new MSS entrants in the band." Last month, SpaceX urged the FCC to reallocate the spectrum, saying "the 2 GHz band remains ripe for sharing among next-generation satellite systems that seek to finally make productive use of the spectrum for consumers and first responders."

EchoStar countered that SpaceX's filing is "intended to cloak another land grab for even more free spectrum," and that its "methodology is completely nonsensical, given that EchoStar's terrestrial deployment is subject to population-based milestones that EchoStar has repeatedly demonstrated in status reports."

Cybersecurity researchers have flagged three malicious npm packages that target the macOS version of AI-powered code-editing tool Cursor, reports The Hacker News: "Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's main.js file, and disable auto-updates to maintain persistence," Socket researcher Kirill Boychenko said. All three packages continue to be available for download from the npm registry. "Aiide-cur" was first published on February 14, 2025...

In total, the three packages have been downloaded over 3,200 times to date.... The findings point to an emerging trend where threat actors are using rogue npm packages as a way to introduce malicious modifications to other legitimate libraries or software already installed on developer systems... "By operating inside a legitimate parent process — an IDE or shared library — the malicious logic inherits the application's trust, maintains persistence even after the offending package is removed, and automatically gains whatever privileges that software holds, from API tokens and signing keys to outbound network access," Socket told The Hacker News.

"This campaign highlights a growing supply chain threat, with threat actors increasingly using malicious patches to compromise trusted local software," Boychenko said.
The npm packages "restart the application so that the patched code takes effect," letting the threat actor "execute arbitrary code within the context of the platform."

"Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware," reports Ars Technica, "a strong indication that devices belonging to him have been hacked in recent years." As an employee of DOGE, [30-something Kyle] Schutt accessed FEMA's proprietary software for managing both disaster and non-disaster funding grants [to Dropsite News]. Under his role at CISA, he likely is privy to sensitive information regarding the security of civilian federal government networks and critical infrastructure throughout the U.S. According to journalist Micah Lee, user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware... Besides pilfering login credentials, stealers can also log all keystrokes and capture or record screen output. The data is then sent to the attacker and, occasionally after that, can make its way into public credential dumps...

Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.
The credentials may have been exposed when service providers were compromised, the article points out, but the "steady stream of published credentials" is "a clear indication that the credentials he has used over a decade or more have been publicly known at various points.

"And as Lee noted, the four dumps from stealer logs show that at least one of his devices was hacked at some point."

Thanks to Slashdot reader gkelley for sharing the news.