Google has unveiled Private AI Compute, a cloud platform designed to deliver advanced AI capabilities while preserving user privacy. As The Verge notes, the feature is "virtually identical to Apple's Private Cloud Compute." From the report: Many Google products run AI features like translation, audio summaries, and chatbot assistants, on-device, meaning data doesn't leave your phone, Chromebook, or whatever it is you're using. This isn't sustainable, Google says, as advancing AI tools need more reasoning and computational power than devices can supply. The compromise is to ship more difficult AI requests to a cloud platform, called Private AI Compute, which it describes as a "secure, fortified space" offering the same degree of security you'd expect from on-device processing. Sensitive data is available "only to you and no one else, not even Google."

An anonymous reader quotes a report from Ars Technica: ClickFix often starts with an email sent from a hotel that the target has a pending registration with and references the correct registration information. In other cases, ClickFix attacks begin with a WhatsApp message. In still other cases, the user receives the URL at the top of Google results for a search query. Once the mark accesses the malicious site referenced, it presents a CAPTCHA challenge or other pretext requiring user confirmation. The user receives an instruction to copy a string of text, open a terminal window, paste it in, and press Enter. Once entered, the string of text causes the PC or Mac to surreptitiously visit a scammer-controlled server and download malware. Then, the machine automatically installs it -- all with no indication to the target. With that, users are infected, usually with credential-stealing malware. Security firms say ClickFix campaigns have run rampant. The lack of awareness of the technique, combined with the links also coming from known addresses or in search results, and the ability to bypass some endpoint protections are all factors driving the growth.

The commands, which are often base-64 encoded to make them unreadable to humans, are often copied inside the browser sandbox, a part of most browsers that accesses the Internet in an isolated environment designed to protect devices from malware or harmful scripts. Many security tools are unable to observe and flag these actions as potentially malicious. The attacks can also be effective given the lack of awareness. Many people have learned over the years to be suspicious of links in emails or messengers. In many users' minds, the precaution doesn't extend to sites that instruct them to copy a piece of text and paste it into an unfamiliar window. When the instructions come in emails from a known hotel or at the top of Google results, targets can be further caught off guard. With many families gathering in the coming weeks for various holiday dinners, ClickFix scams are worth mentioning to those family members who ask for security advice. Microsoft Defender and other endpoint protection programs offer some defenses against these attacks, but they can, in some cases, be bypassed. That means that, for now, awareness is the best countermeasure. Researchers from CrowdStrike described in a report a campaign designed to infect Macs with a Mach-O executive. "Promoting false malicious websites encourages more site traffic, which will lead to more potential victims," wrote the researchers. "The one-line installation command enables eCrime actors to directly install the Mach-O executable onto the victim's machine while bypassing Gatekeeper checks."

Push Security, meanwhile, reported a ClickFix campaign that uses a device-adaptive page that serves different malicious payloads depending on whether the visitor is on Windows or macOS.

BrianFagioli writes: Mozilla has released Firefox 145.0, and the standout change in this version is the official end of support for 32-bit Linux systems. Users on 32-bit distributions will no longer receive updates and are being encouraged to switch to the 64-bit build to continue getting security patches and new features. While most major Linux distributions have already moved past 32-bit support, this shift will still impact older hardware users and lightweight community projects that have held on to 32-bit for the sake of performance or preservation.

The rest of the update introduces features such as built-in PDF comments, improved fingerprinting resistance for private browsing, tab group previews, password management in the sidebar, and minor UI refinements. Firefox also now compresses local translation models with Zstandard to reduce storage needs. But the end of 32-bit Linux support is the change that will leave the biggest mark, signaling another step toward a web ecosystem firmly centered on 64-bit computing.

Slashdot reader alternative_right shares an exclusive BBC interview with Vyacheslav "Tank" Penchukov, once a top-tier cyber-crime boss behind Jabber Zeus, IcedID, and major ransomware campaigns. His story traces the evolution of modern cybercrime from early bank-theft malware to today's lucrative ransomware ecosystem, marked by shifting alliances, Russian security-service ties, and the paranoia that ultimately consumes career hackers. Here's an excerpt from the report: In the late 2000s, he and the infamous Jabber Zeus crew used revolutionary cyber-crime tech to steal directly from the bank accounts of small businesses, local authorities and even charities. Victims saw their savings wiped out and balance sheets upended. In the UK alone, there were more than 600 victims, who lost more than $5.2 million in just three months. Between 2018 and 2022, Penchukov set his sights higher, joining the thriving ransomware ecosystem with gangs that targeted international corporations and even a hospital. [...]

Penchukov says he did not think about the victims, and he does not seem to do so much now, either. The only sign of remorse in our conversation was when he talked about a ransomware attack on a disabled children's charity. His only real regret seems to be that he became too trusting with his fellow hackers, which ultimately led to him and many other criminals being caught. "You can't make friends in cyber-crime, because the next day, your friends will be arrested and they will become an informant," he says. "Paranoia is a constant friend of hackers," he says. But success leads to mistakes. "If you do cyber-crime long enough you lose your edge," he says, wistfully.

An anonymous reader shared this report from CNBC: Neurodiverse professionals may see unique benefits from artificial intelligence tools and agents, research suggests. With AI agent creation booming in 2025, people with conditions like ADHD, autism, dyslexia and more report a more level playing field in the workplace thanks to generative AI. A recent study from the UK's Department for Business and Trade found that neurodiverse workers were 25% more satisfied with AI assistants and were more likely to recommend the tool than neurotypical respondents. [The study involved 1,000 users of Microsoft 365 Copilot from October through December of 2024.]

"Standing up and walking around during a meeting means that I'm not taking notes, but now AI can come in and synthesize the entire meeting into a transcript and pick out the top-level themes," said Tara DeZao, senior director of product marketing at enterprise low-code platform provider Pega. DeZao, who was diagnosed with ADHD as an adult, has combination-type ADHD, which includes both inattentive symptoms (time management and executive function issues) and hyperactive symptoms (increased movement). "I've white-knuckled my way through the business world," DeZao said. "But these tools help so much...."

Generative AI happens to be particularly adept at skills like communication, time management and executive functioning, creating a built-in benefit for neurodiverse workers who've previously had to find ways to fit in among a work culture not built with them in mind. Because of the skills that neurodiverse individuals can bring to the workplace — hyperfocus, creativity, empathy and niche expertise, just to name a few — some research suggests that organizations prioritizing inclusivity in this space generate nearly one-fifth higher revenue. "Investing in ethical guardrails, like those that protect and aid neurodivergent workers, is not just the right thing to do," said Kristi Boyd, an AI specialist with the SAS data ethics practice. "It's a smart way to make good on your organization's AI investments."

A former Business Analyst reportedly filed a class action lawsuit claiming that for years, hundreds of remote employees at Bank of America first had to boot up complex computer systems before their paid work began, reports Human Resources Director magazine: Tava Martin, who worked both remotely and at the company's Jacksonville facility, says the financial institution required her and fellow hourly workers to log into multiple security systems, download spreadsheets, and connect to virtual private networks — all before the clock started ticking on their workday. The process wasn't quick. According to the filing in the United States District Court for the Western District of North Carolina, employees needed 15 to 30 minutes each morning just to get their systems running. When technical problems occurred, it took even longer...

Workers turned on their computers, waited for Windows to load, grabbed their cell phones to request a security token for the company's VPN, waited for that token to arrive, logged into the network, opened required web applications with separate passwords, and downloaded the Excel files they needed for the day. Only then could they start taking calls from business customers about regulatory reporting requirements...

The unpaid work didn't stop at startup. During unpaid lunch breaks, many systems would automatically disconnect or otherwise lose connection, forcing employees to repeat portions of the login process — approximately three to five minutes of uncompensated time on most days, sometimes longer when a complete reboot was required. After shifts ended, workers had to log out of all programs and shut down their computers securely, adding another two to three minutes.
Thanks to Slashdot reader Joe_Dragon for sharing the article.

An anonymous reader quotes a report from BleepingComputer: The U.S. Congressional Budget Office (CBO) confirms it suffered a cybersecurity incident after a suspected foreign hacker breached its network, potentially exposing sensitive data. In a statement shared with BleepingComputer, CBO spokesperson Caitlin Emma confirmed the "security incident" and said the agency acted quickly to contain it. "The Congressional Budget Office has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency's systems going forward," Emma told BleepingComputer.

"The incident is being investigated and work for the Congress continues. Like other government agencies and private sector entities, CBO occasionally faces threats to its network and continually monitors to address those threats." The Washington Post first reported the breach, stating that officials discovered the hack in recent days and are now concerned that emails and exchanges between congressional offices and the CBO's analysts may have been exposed. While officials have reported told lawmakers they believe the intrusion was detected early, some congressional office have allegedly halted emails with the CBO out of security concerns.

A bungled October 18 heist that saw $102 million of crown jewels stolen from the Louvre in broad daylight has exposed years of lax security at the national art museum. From trivial passwords like 'LOUVRE' to decades-old, unsupported systems and easy rooftop access, the job was made surprisingly easy. PC Gamer reports: As Rogue cofounder and former Polygon arch-jester Cass Marshall notes on Bluesky, we owe a lot of videogame designers an apology. We've spent years dunking on the emptyheadedness of game characters leaving their crucial security codes and vault combinations in the open for anyone to read, all while the Louvre has been using the password "Louvre" for its video surveillance servers. That's not an exaggeration. Confidential documents reviewed by Liberation detail a long history of Louvre security vulnerabilities, dating back to a 2014 cybersecurity audit performed by the French Cybersecurity Agency (ANSSI) at the museum's request. ANSSI experts were able to infiltrate the Louvre's security network to manipulate video surveillance and modify badge access.

"How did the experts manage to infiltrate the network? Primarily due to the weakness of certain passwords which the French National Cybersecurity Agency (ANSSI) politely describes as 'trivial,'" writes Liberation's Brice Le Borgne via machine translation. "Type 'LOUVRE' to access a server managing the museum's video surveillance, or 'THALES' to access one of the software programs published by... Thales." The museum sought another audit from France's National Institute for Advanced Studies in Security and Justice in 2015. Concluded two years later, the audit's 40 pages of recommendations described "serious shortcomings," "poorly managed" visitor flow, rooftops that are easily accessible during construction work, and outdated and malfunctioning security systems. Later documents indicate that, in 2025, the Louvre was still using security software purchased in 2003 that is no longer supported by its developer, running on hardware using Windows Server 2003.

An anonymous reader quotes a report from the Guardian: Authorities in Denmark are urgently studying how to close an apparent security loophole in hundreds of Chinese-made electric buses that enables them to be remotely deactivated. The investigation comes after transport authorities in Norway, where the Yutong buses are also in service, found that the Chinese supplier had remote access for software updates and diagnostics to the vehicles' control systems -- which could be exploited to affect buses while in transit.

Amid concerns over potential security risks, the Norwegian public transport authority Ruter decided to test two electric buses in an isolated environment. Bernt Reitan Jenssen, Ruter's chief executive, said: "The testing revealed risks that we are now taking measures against. National and local authorities have been informed and must assist with additional measures at a national level." Their investigations found that remote deactivation could be prevented by removing the buses' sim cards, but they decided against this because it would also disconnect the bus from other systems.

Ruter said it planned to bring in stricter security requirements for future procurements. Jenssen said it must act before the arrival of the next generation of buses, which could be even "more integrated and harder to secure." Movia, Denmark's largest public transport company, has 469 Chinese electric buses in operation -- 262 of which were manufactured by Yutong. Jeppe Gaard, Movia's chief operating officer, said he was made aware of the loophole last week. "This is not a Chinese bus problem," he said. "It is a problem for all types of vehicles and devices with Chinese electronics built in."

An anonymous reader shares a report: The Microsoft Store on the web now lets you create a multi-app install package on Windows 11 that installs multiple applications from a single installer. This means you can now install multiple apps simultaneously without having to download each one manually. The experience is similar to that of the third-party app Ninite, a package manager that lets you install multiple apps at once.

An anonymous reader shares a report: Kodak quietly acknowledged this week that it will begin selling two famous types of film stock -- Kodak Gold 200 and Kodak Ultramax 400 -- directly to retailers and distributors in the U.S., another indication that the historic company is taking back control over how people buy its film.

The release comes on the heels of Kodak announcing that it would make and sell two new stocks of film called Kodacolor 100 and Kodacolor 200 in October. On Monday, both Kodak Gold and Kodak Ultramax showed back up on Kodak's website as film stocks that it makes and sells. When asked by 404 Media, a company spokesperson said that it has "launched" these film stocks and will begin to "sell the films directly to distributors in the U.S. and Canada, giving Kodak greater control over our participation in the consumer film market."

DRAM contract prices surged 171.8% year-over-year as of the third quarter of 2025. The increase now exceeds the rate at which gold prices have climbed. ADATA chairman Chen Libai stated that the fourth quarter of 2025 will mark the beginning of a major DRAM bull market. He expects severe shortages to materialize in 2026.

Memory manufacturers have shifted production priorities toward datacenter-focused memory types like RDIMM and HBM. Consumer DDR5 production has declined as a result. A Corsair Vengeance RGB dual-channel DDR5 kit that sold for $91 dollars in July now costs a $183 dollars on Newegg. The pricing trend extends to NAND flash and hard drives. Analysts project the increases will persist for at least four years, matching the duration of supply contracts that some companies have signed with Samsung and SK Hynix.

A massive cyberattack on Swedish IT supplier Miljodata exposed personal data from up to 1.5 million citizens, prompting a national privacy investigation and scrutiny into security failures across multiple municipalities. BleepingComputer reports: MiljÃdata is an IT systems supplier for roughly 80% of Sweden's municipalities. The company disclosed the incident on August 25, saying that the attackers stole data and demanded 1.5 Bitcoin to not leak it. The attack caused operational disruptions that affected citizens in multiple regions in the country, including Halland, Gotland, Skelleftea, Kalmar, Karlstad, and Monsteras.

Because of the large impact, the state monitored the situation from the time of disclosure, with CERT-SE and the police starting to investigate immediately. According to IMY, the attacker exposed on the dark web data that corresponds to 1.5 million people in the country, creating the basis for investigating potential General Data Protection Regulation (GDPR) violations. [...] Although no ransomware groups had claimed the attack when Miljodata disclosed the incident, BleepingComputer found that the threat group Datacarry posted the stolen data on its dark web portal on September 13. The leaked database has been added to Have I Been Pwned, which contains information such as names, email addresses, physical addresses, phone numbers, government IDs, and dates of birth.

Three employees at cybersecurity companies spent years moonlighting as criminal hackers, launching their own ransomware attacks in a plot to extort millions of dollars from victims around the country, US prosecutors alleged in court filings. From a report: Ryan Clifford Goldberg, a former incident response supervisor at Sygnia Consulting, and Kevin Tyler Martin, who was a ransomware negotiator for DigitalMint, were charged with working together to hack five businesses starting in May 2023. In one instance, they, along with a third person, received a ransom payment of nearly $1.3 million worth of cryptocurrency from a medical device company based in Tampa, Florida, according to prosecutors.

The trio worked in a part of the cybersecurity industry that has sprung up to help companies negotiate with hackers to unfreeze their computer networks -- sometimes by paying ransom. They are also accused of sharing their illicit profits with the developers of the type of ransomware they allegedly used on their victims. DigitalMint informed some customers about the charges last week, according to a document seen by Bloomberg News.

The other person who was allegedly involved in the scheme was also a ransomware negotiator at the same firm as Martin but wasn't charged, according to court records. The person wasn't identified in court records, nor were the companies that were the defendants' former employers. Sygnia confirmed Goldberg had worked there. Martin last year gave a talk at a law school, which listed him as an employee of DigitalMint.

An anonymous reader shares a report: Before the potential of the internet was appreciated around the world, nations that understood its importance managed to scoop outsized allocations of IPv4 addresses, actions that today mean many users in the rest of the world are more likely to find their connections throttled or blocked.

So says Cloudflare, which last week published research that recalls how once the world started to run out of IPv4 addresses, engineers devised network address translation (NAT) so that multiple devices can share a single IPv4 address. NAT can handle tens of thousands of devices, but carriers typically operate many more. Internetworking wonks therefore developed Carrier-Grade NAT (CGNAT), which can handle over 100 devices per IPv4 address and scale to serve millions of users.

That's useful for carriers everywhere, but especially valuable for carriers in those countries that missed out on big allocations of IPv4 because their small pool of available number resources means they must employ CGNAT to handle more users and devices. Cloudflare's research suggests carriers in Africa and Asia use CGNAT more than those on other continents.

Cloudflare worried that could be bad for individual netizens. "CGNATs also create significant operational fallout stemming from the fact that hundreds or even thousands of clients can appear to originate from a single IP address," wrote Cloudflare researchers Vasilis Giotsas and Marwan Fayed. "This means an IP-based security system may inadvertently block or throttle large groups of users as a result of a single user behind the CGNAT engaging in malicious activity. Blocking the shared IP therefore penalizes many innocent users along with the abuser."

An anonymous reader quotes a report from TechCrunch: U.S. prosecutors have charged two rogue employees of a cybersecurity company that specializes in negotiating ransom payments to hackers on behalf of their victims with carrying out ransomware attacks of their own. Last month, the Department of Justice indicted Kevin Tyler Martin and another unnamed employee, who both worked as ransomware negotiators at DigitalMint, with three counts of computer hacking and extortion related to a series of attempted ransomware attacks against at least five U.S.-based companies.

Prosecutors also charged a third individual, Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Sygnia, as part of the scheme. The three are accused of hacking into companies, stealing their sensitive data, and deploying ransomware developed by the ALPHV/BlackCat group. [...] According to an FBI affidavit filed in September, the rogue employees received more than $1.2 million in ransom payments from one victim, a medical device maker in Florida. They also targeted several other companies, including a Virginia-based drone maker and a Maryland-headquartered pharmaceutical company.

Captchas have largely vanished from the web in 2025, replaced by invisible tracking systems that analyze user behavior rather than asking people to decipher distorted text or identify traffic lights in image grids. Google launched reCaptcha v3 in 2018 to generate risk scores based on behavioral signals during site interactions, making bot-blocking technology "completely invisible" for most users, according to Tim Knudsen, a director of product management at Google Cloud.

Cloudflare followed in 2022 by releasing Turnstile, another invisible alternative that sometimes appears as a simple checkbox but actually gathers data from devices and software to determine if users are human. Both companies distribute their security tools for free to collect training data, and Cloudflare now sees 20% of all HTTP requests across the internet.

The rare challenges that do surface have become increasingly bizarre, ranging from requests to identify dogs and ducks wearing various hats to sliding a jockstrap across a screen to find matching underwear on hookup sites.

An anonymous reader shares a report: Chinese President Xi Jinping joked about security backdoors while presenting a pair of Xiaomi smartphones to his South Korean counterpart, a rare moment of spontaneous levity captured during a week of tense trade negotiations with Donald Trump.

Xi, in South Korea to meet Trump on the sidelines of the Asia-Pacific Economic Cooperation summit, presented the pair of devices to Korean President Lee Jae Myung. In a video circulated on social media, Lee asked: "Is the line secure?" Xi chuckled, pointed at the gadgets and replied through an interpreter: "You can check if there's a backdoor." The two leaders burst into laughter.

The exchange was striking because the issue of security and alleged espionage is a sensitive one and a major thorn in US-Chinese relations. American lawmakers have raised the possibility that tech companies such as Huawei build backdoors -- ways to gain access to sensitive data -- into their equipment or services, something the firms have repeatedly denied.

Microsoft has released a patch that fixes a longstanding bug in Windows 11 and Windows 10 where selecting "Update and shut down" would restart the computer instead of powering it off. The issue affected users across both operating systems since Windows 10's initial release. The fix arrived in Windows 11 25H2 Build 26200.7019 and the October 2025 optional update KB5067036.

Microsoft confirmed the patch "addressed underlying issue which can cause 'Update and shutdown' to not actually shut down your PC after updating." The problem likely stemmed from the Windows Servicing Stack failing to carry the power-off command through the required reboot phase. During updates Windows must restart into an offline servicing mode to replace system files. The power-off instruction was either cleared or blocked during this transition.

"Rockstar Games fired dozens of employees," reports Bloomberg, "in a move that a British trade union said was designed to prevent the workers from unionizing. The company said they were fired for misconduct." TheGrand Theft Automaker terminatedbetween 30 and 40 staffersacross multipleoffices in the UK and Canada on Thursday, according to aspokesperson for the Independent Workers' Union of Great Britain (IWGB). All of the employees were part of a private trade union chat groupon Discord and were either members of the union or attempting to organize at the company, the union spokesperson said.

"Rockstar has just carried out one of the most blatant and ruthless acts of union busting in the history of the games industry," Alex Marshall, president of theIWGB, said in a statement. "This flagrant contempt for the law and for the lives of the workers who bring in their billions is an insult to their fans and the global industry."
On BlueSky the IWGB union posted "We won't back down, and we're not scared — we will fight for every member to be reinstated."

Bloomberg notes that Grand Theft Auto VIis slated for release on May 26, 2026, "and is expected to be one of the top-selling video games of all time."