An anonymous reader quotes a report from CNN: A team of suspected Chinese hackers has infiltrated US software developers and law firms in a sophisticated campaign to collect intelligence that could help Beijing in its ongoing trade fight with Washington, cybersecurity firm Mandiant said Wednesday. The hackers have been rampant in recent weeks, hitting the cloud-computing firms that numerous American companies rely on to store key data, Mandiant, which is owned by Google, said. In a sign of how important China's hacking army is in the race for tech supremacy, the hackers have also stolen US tech firms' proprietary software and used it to find new vulnerabilities to burrow deeper into networks, according to Mandiant.

[...] In some cases, the hackers have lurked undetected in the US corporate networks for over a year, quietly collecting intelligence, Mandiant said. The disclosure comes after the Trump administration escalated America's trade war with China this spring by slapping unprecedented tariffs on Chinese exports to the United States. The tit-for-tat tariffs set off a scramble in both governments to understand each other's positions. Mandiant analysts said the fallout from the breaches -- the task of kicking out the hackers and assessing the damage -- could last many months. They described it as a milestone hack, comparable in severity and sophistication to Russia's use of SolarWinds software to infiltrate US government agencies in 2020.

votsalo writes: A German company, Vay, offers a rental car service where the cars are driven by a remote driver to the customer, who then takes over driving the car. At the end of the rental, a remote driver takes over again to take the car away. The trained remote drivers sit in a driving station, with a steering wheel, foot pedals, screens, headphones, and even tactile feedback for things like bumps on the road.

Vay says the rental rate cost would be "about half of what a current car-sharing service costs." If he is talking about car-rental services that deliver cars to customers by on-site drivers, like this defunct San Francisco car rental company, then the claim about half the cost seems right.

Vay's founder used Las Vegas as a testing ground for the service and expects to launch in Germany soon. Las Vegas "had the necessary legal framework already in place," said von der Ohe, a graduate of computer science and entrepreneurship from Stanford. "It fitted on to three pages. Germany's ran to many more, but we've worked closely with the authorities here to make sure we can fulfil everything that's required of us, from technical to safety concerns. Now that the legislative landscape is in place, we're raring to go."

An anonymous reader quotes a report from MIT Technology Review: Flock Safety, whose drones were once reserved for police departments, is now offering them for private-sector security, the company announced today, with potential customers including including businesses intent on curbing shoplifting.Companies in the US can now place Flock's drone docking stations on their premises. If the company has a waiver from the Federal Aviation Administration to fly beyond visual line of sight (these are becoming easier to get), its security team can fly the drones within a certain radius, often a few miles.

"Instead of a 911 call [that triggers the drone], it's an alarm call," says Keith Kauffman, a former police chief who now directs Flock's drone program. "It's still the same type of response." Kauffman walked through how the drone program might work in the case of retail theft: If the security team at a store like Home Depot, for example, saw shoplifters leave the store, then the drone, equipped with cameras, could be activated from its docking station on the roof. "The drone follows the people. The people get in a car. You click a button," he says, "and you track the vehicle with the drone, and the drone just follows the car." The video feed of that drone might go to the company's security team, but it could also be automatically transmitted directly to police departments.

The defense tech startup Epirus has developed a cutting-edge, cost-efficient drone zapper that's sparking the interest of the US military. Now the company has to deliver. The company says it's in talks with large retailers but doesn't yet have any signed contracts. The only private-sector company Kauffman named as a customer is Morning Star, a California tomato processor that uses drones to secure its distribution facilities. Flock will also pitch the drones to hospital campuses, warehouse sites, and oil and gas facilities. It's worth noting that the FAA is currently drafting new rules for how it grants approval to pilots flying drones out of sight, and it's not clear if Flock's use case would be allowed under the currently proposed guidance.

Google has asked the U.S. Supreme Court to pause a judge's order requiring major changes to its Play Store after losing an antitrust case to Epic Games. The injunction would force Google to allow rival app stores, external billing links, and broader competition -- changes Google says could harm users and developers. Epic argues they're necessary to break Google's monopoly. Reuters reports: Google said it has urged the U.S. Supreme Court to halt key parts of a judge's order that would force major changes to its app store Play, as it prepares to appeal a decision in a lawsuit brought by "Fortnite" maker Epic Games. Google called the judge's order unprecedented, and said it would cause reputational harm, safety and security risks and put the company at a competitive disadvantage if allowed to take effect, according to a filing, opens new tab provided late on Wednesday by Google, which said it had submitted it to the court. [...]

Google in its Supreme Court filing said that the changes will have enormous consequences for more than 100 million U.S. Android users and 500,000 developers. It asked the court to decide by October 17 whether to put the order on hold. Google said it plans to file its appeal to the Supreme Court by October 27, which could allow the justices to take up the case during their nine-month term that begins on October 6.

Epic in a statement said Google is relying on what it called "flawed security claims" to justify its control over Android devices. "The court's injunction should go into effect as ordered so consumers and developers can benefit from competition, choices and lower prices," Epic said. The jury, siding with Epic in the trial, found that Google illegally stifled competition. Donato subsequently issued the order directing Google to make changes to its app store.

An anonymous reader shares a report: Senators are demanding answers from Big Tech companies accused of "filing thousands of H-1B skilled labor visa petitions after conducting mass layoffs of American employees." In letters sent to Amazon, Meta, Apple, Google, and Microsoft -- among some of the largest sponsors of H-1B visas -- Senators Chuck Grassley (R-Iowa) and Dick Durbin (D-Ill.) requested "information and data from each company regarding their recruitment and hiring practices, as well as any variation in salary and benefits between H-1B visa holders and American employees."

The letters came shortly after Grassley sent a letter to Department of Homeland Security Secretary Kristi Noem requesting that DHS stop "issuing work authorizations to student visa holders." According to Grassley, "foreign student work authorizations put America at risk of technological and corporate espionage," in addition to allegedly "contributing to rising unemployment rates among college-educated Americans."

[...] In the letters to tech firms, senators emphasized that the unemployment rate in America's tech sector is "well above" the overall jobless rate. Amazon perhaps faces the most scrutiny. US Citizenship and Immigration Services data showed that Amazon sponsored the most H-1B visas in 2024 at 14,000, compared to other criticized firms like Microsoft and Meta, which each sponsored 5,000, The Wall Street Journal reported. Senators alleged that Amazon blamed layoffs of "tens of thousands" on the "adoption of generative AI tools," then hired more than 10,000 foreign H-1B employees in 2025.

Microsoft has disabled the Israeli Defense Ministry's access to certain services and subscriptions, after finding evidence that the ministry used the tech company's cloud services to surveil Gaza citizens. WSJ adds: The software company made the move after an internal investigation indicated Israel's Defense Ministry used Microsoft's Azure cloud services for surveillance, according to a person familiar with the matter. The company probe is ongoing. "As employees, we all have a shared interest in privacy protection, given the business value it creates by ensuring our customers can rely on our services with rock solid trust," Microsoft President Brad Smith said in a blog post Thursday on Microsoft's company website.

Smith said Microsoft's investigation was guided by the company's "longstanding protection of privacy as a fundamental right." Microsoft opened the probe after the Guardian, the British news organization, reported in August that Israel used Azure to store data on Gaza civilians and surveil them. The issue has been the source of protests at the company.

Apple asked the European Union to scrap its landmark digital competition law on Thursday, arguing that it poses security risks and creates a "worse experience" for consumers. From a report: The US tech giant and the EU have repeatedly locked horns over the bloc's Digital Markets Act (DMA), which Brussels says seeks to make the digital sector in the 27-nation bloc fairer and more open. "The DMA should be repealed while a more appropriate fit for purpose legislative instrument is put in place," Apple said in a formal submission to the European Commission as part of a consultation on the law.

[...] "It's become clear that the DMA is leading to a worse experience for Apple users in the EU," the tech giant said in a blog post accompanying its submission. "It's exposing them to new risks, and disrupting the simple, seamless way their Apple products work together."

An anonymous reader quotes a report from Ars Technica: When the COVID-19 pandemic forced kids to stay home, educators flocked to VMware, and thousands of school districts adopted virtualization. The technology became a solution for distance learning during the pandemic and after, when events such as bad weather and illness can prevent children from physically attending school. However, the VMware being sold to K-12 schools today differs from the VMware that existed before and during the pandemic. Now a Broadcom business, the platform features higher prices and a business strategy that favors big spenders. This has created unique problems for educational IT departments juggling restrictive budgets and multiple technology vendors with children's needs.

Ars Technica recently spoke with an IT director at a public school district in Indiana. The director requested anonymity for themself and the district out of concern about potential blowback. The director confirmed that the district has five schools and about 3,000 students. The district started using VMware's vSAN, a software-defined storage offering, and the vSphere virtualization platform in 2019. The Indiana school system bought the VMware offerings through a package that combined them with VxRail, which is hyperconverged infrastructure (HCI) hardware that Dell jointly engineered with VMware.

However, like many of VMware customers, the Indiana school district was priced out of VMware after Broadcom's acquisition of the company. The IT director said the district received a quote that was "three to six" times higher than expected. This came as the school district is looking to manage changes in education-related taxes and funding over the next few years. As a result, the district's migration from VMware is taking IT resources from other projects, including ones aimed at improving curriculum. For instance, the Indiana district has been trying to bolster its technology curriculum, the IT director said. One way is through a summer employment program for upperclassmen that teaches how to use real-world IT products, like VMware and Cisco Meraki technologies. The district previously relied on VMware-based virtual machines (VMs) for creating "very easily and accessible" test environments for these students. But the school is no longer able to provide that opportunity, creating a learning "barrier," as the IT director put it. The IT director told Ars that dealing with a migration could be "catastrophic in that that's too much work for one person," adding: "It could be a chokehold, essentially, to where they're going to be basically forced into switching platforms -- maybe before they were anticipating -- or paying exorbitant prices that have skyrocketed for absolutely no reason. Nothing on the software side has changed. It's the same software. There's no features being added. Nobody's benefiting from the higher prices on the education side."

In a bid to slash red tape, the European Commission wants to eliminate one of its peskiest laws: a 2009 tech rule that plastered the online world with pop-ups requesting consent to cookies. From a report: It's the kind of simplification ordinary Europeans can get behind. European rulemakers in 2009 revised a law called the e-Privacy Directive to require websites to get consent from users before loading cookies on their devices, unless the cookies are "strictly necessary" to provide a service. Fast forward to 2025 and the internet is full of consent banners that users have long learned to click away without thinking twice.

"Too much consent basically kills consent. People are used to giving consent for everything, so they might stop reading things in as much detail, and if consent is the default for everything, it's no longer perceived in the same way by users," said Peter Craddock, data lawyer with Keller and Heckman. Cookie technology is now a focal point of the EU executive's plans to simplify technology regulation. Officials want to present an "omnibus" text in December, scrapping burdensome requirements on digital companies. On Monday, it held a meeting with the tech industry to discuss the handling of cookies and consent banners.

Cloudflare blocked the largest-ever DDoS attack against a European network infrastructure company, which peaked at 22.2 Tbps and 10.6 Bpps. The hyper-volumetric attack has been linked to the Aisuru botnet and lasted just 40 seconds, but was double the size of the previous record. SecurityWeek reports: Cloudflare told SecurityWeek that the attack was aimed at a single IP address of an unnamed European network infrastructure company. Cloudflare has yet to determine who was behind the attack, but believes it may have been powered by the Aisuru botnet, which was also linked earlier this year to a massive 6.3 Tbps attack on the website of cybersecurity blogger Brian Krebs. Aisuru has been around for more than a year. The botnet is powered by hacked IoT devices such as routers and DVRs that have been compromised through the exploitation of known and zero-day vulnerabilities.

According to Cloudflare, the 22 Tbps attack was traced to over 404,000 unique source IPs across over 14 ASNs worldwide. "Based on internal analysis using a proprietary system, the source IPs were not spoofed," the company explained. The security firm described it as a UDP carpet bomb attack targeting an average of 31,000 destination ports per second, with a peak of 47k ports, all of a single IP address. Cloudflare revealed in July that the number of DDoS attacks it blocked in the first half of 2025 had already exceeded all the attacks mitigated in 2024.

BrianFagioli shares a report from NERDS.xyz: Cloudflare has unveiled the Content Signals Policy, a free addition to its managed robots.txt service that aims to give website owners and publishers more control over how their content is accessed and reused by AI companies. The idea is pretty simple: robots.txt already lets site operators specify which crawlers can enter and where. Cloudflare's new policy adds a layer that signals how the data may be used once accessed, with plain-language terms for search, AI input, and AI training. "Yes" means allowed, "no" means not allowed, and no signal means no preference.

Matthew Prince, Cloudflare's co-founder and CEO, said: "The Internet cannot wait for a solution, while in the meantime, creators' original content is used for profit by other companies. To ensure the web remains open and thriving, we're giving website owners a better way to express how companies are allowed to use their content." Cloudflare says more than 3.8 million domains already use its robots.txt tools to signal they don't want their content used for AI training. Now, the Content Signals Policy makes those preferences clearer and potentially enforceable. Further reading: Cloudflare Flips AI Scraping Model With Pay-Per-Crawl System For Publishers

Microsoft on Sept 24 announced new options for US and European customers to safely extend the life of the Windows 10 operating system free of charge just days before a key deadline to upgrade to Windows 11. From a report: The US tech giant plans to end support for Windows 10 on Oct 14, a move that has drawn criticism from consumer advocacy groups and sparked concerns among users who fear they will need to purchase new computers to stay protected from cyber threats.

Users who are unable to upgrade or choose to forgo the extended security updates will face increased vulnerability to cyberattacks. In response to these concerns, Microsoft informed European users that essential security updates will be extended for one year at no additional cost, provided they log in with a Microsoft account. Previously, the company had offered a one-year extension of Windows 10 security updates for $30 to users whose hardware is incompatible with Windows 11. In the US, a similar free option will allow users to upload their Windows 10 profiles to Microsoft's backup service and receive security updates for up to one year.

An anonymous reader shares a report: Last year, the AI video company Runway joined forces with the major Hollywood studio Lionsgate in a partnership the pair hoped would result in AI-generated scenes and even potentially full-length movies. But the project has hit a snag. According to a report by The Wrap, the past 12 months have been unproductive. Lionsgate distributes Hollywood blockbusters including The Hunger Games, John Wick, The Twilight Saga, and Saw franchises. But despite its huge catalog, it is simply not enough for the AI to produce quality content.

"The Lionsgate catalog is too small to create a model," a source tells The Wrap. "In fact, the Disney catalog is too small to create a model." Despite Runway being one of the leading names in AI video, the technology needs a copious amount of data to produce AI-generated films. It is the reason AI has proven to be such an unpopular technology, as AI firms help themselves to any type of media they can get their hands on -- whether it has copyright protections or not. Another issue is the rights of actors and the model for remuneration if their likeness appears in an AI-generated clip. It is a legal gray area with no clear path.

Microsoft AI CEO Mustafa Suleyman told The Verge today that the company plans to transform Edge into an "agentic browser" where Copilot controls tabs, navigates websites and completes tasks while users watch. Unlike The Browser Company's new Dia browser, Microsoft will integrate these capabilities directly into Edge.

Suleyman described Copilot opening tabs, reading multiple pages simultaneously and performing research transparently in real-time. The AI visits websites directly, preserving publisher traffic. Current Copilot features include tab navigation, page scrolling and content highlighting. Users will have the option to disable AI features entirely. Suleyman predicted that within years, AI companions will handle most browsing tasks while users provide oversight and feedback.

Microsoft is preparing a Publisher Content Marketplace to pay publishers when their work is used in AI products like Copilot. Neowin reports: Microsoft is reportedly discussing with select US publishers a pilot program for its so-called Publisher Content Marketplace, a system that pays publishers for their content when it gets used by AI products, starting with its own Copilot assistant. The PCM will launch with a limited number of partners before Microsoft hopes to expand the program over time. The company pitched the idea to publishing executives at an invite-only Partner Summit in Monaco last week. Microsoft was allegedly courting them with the message: "You deserve to be paid on the quality of your IP." No concrete launch date for the pilot was shared.

As Axios notes, Microsoft is the first major company to try to build a proper AI marketplace for publishers. Other AI labs like OpenAI have mostly focused on securing one-off licensing deals instead of building a platform for ongoing transactions. Companies like Cloudflare are also working on a more technical, network-level solution to this problem.