An anonymous reader shares a report: The Apple supplier subject to a major cyberattack last month was China's Luxshare, it has now emerged. More than 1TB of confidential Apple information was reportedly stolen.

It was reported in December that one of Apple's assemblers suffered a significant cyberattack that may have compromised sensitive production-line information and manufacturing data linked to Apple. The specific company targeted, the scope of the breach, and its operational impact were unclear until now. The attack was first revealed on RansomHub's dark web leak site on December 15, 2025, where the group claimed it had encrypted internal Luxshare systems and exfiltrated large volumes of confidential data belonging to the company and its customers.

The attackers warned that the information would be publicly released unless Luxshare contacted them to negotiate, and accused the company of attempting to conceal the incident. According to the attackers' claims, the exfiltrated material includes vital files such as detailed 3D CAD product models and high-precision geometric files, 2D manufacturing drawings, mechanical component designs, circuit board layouts, and internal engineering PDFs. The group added that the large archives include Apple product data as well as information belonging to Nvidia, LG, Tesla, Geely, and other major clients.

Marcel Bucher, a professor of plant sciences at the University of Cologne in Germany, lost two years of carefully structured academic work in an instant when he temporarily disabled ChatGPT's "data consent" option in August to test whether the AI tool's functions would still work without providing OpenAI his data. All his chats were permanently deleted and his project folders emptied without any warning or undo option, he wrote in a post on Nature.

Bucher, a ChatGPT Plus subscriber paying $20 per month, had used the platform daily to draft grant applications, prepare teaching materials, revise publication drafts and create exams. He contacted OpenAI support, first receiving responses from an AI agent before a human employee confirmed the data was permanently lost and unrecoverable. OpenAI cited "privacy by design" as the reason, telling Nature it does provide a confirmation prompt before users permanently delete a chat but maintains no backups.

Bucher said he had saved partial copies of some materials, but the underlying prompts, iterations, and project folders -- what he describes as the intellectual scaffolding behind his finished work -- are gone forever.

alternative_right quotes a report from The Intercept: Federal prosecutors on January 9 charged Aurelio Luis Perez-Lugones, an IT specialist for an unnamed government contractor, with "the offense of unlawful retention of national defense information," according to an FBI affidavit (PDF). The case attracted national attention after federal agents investigating Perez-Lugones searched the home of a Washington Post reporter. But overlooked so far in the media coverage is the fact that a surprising surveillance tool pointed investigators toward Perez-Lugones: an office printer with a photographic memory. News of the investigation broke when the Washington Post reported that investigators seized the work laptop, personal laptop, phone, and smartwatch of journalist Hannah Natanson, who has covered the Trump administration's impact on the federal government and recently wrote about developing more than 1,000 government sources. A Justice Department official told the Post that Perez-Lugones had been messaging Natanson to discuss classified information. The affidavit does not allege that Perez-Lugones disseminated national defense information, only that he unlawfully retained it.

The affidavit provides insight into how Perez-Lugones allegedly attempted to exfiltrate information from a Secure Compartmented Information Facility, or SCIF, and the unexpected way his employer took notice. According to the FBI, Perez-Lugones printed a classified intelligence report, albeit in a roundabout fashion. It's standard for workplace printers to log certain information, such as the names of files they print and the users who printed them. In an apparent attempt to avoid detection, Perez-Lugones, according to the affidavit, took screenshots of classified materials, cropped the screenshots, and pasted them into a Microsoft Word document. By using screenshots instead of text, there would be no record of a classified report printed from the specific workstation. (Depending on the employer's chosen data loss prevention monitoring software, access logs might show a specific user had opened the file and perhaps even tracked whether they took screenshots).

Perez-Lugones allegedly gave the file an innocuous name, "Microsoft Word - Document1," that might not stand out if printer logs were later audited. In this case, however, the affidavit reveals that Perez-Lugones's employer could see not only the typical metadata stored by printers, such as file names, file sizes, and time of printing, but it could also view the actual contents of the printed materials -- in this case, prosecutors say, the screenshots themselves. As the affidavit points out, "Perez-Lugones' employer can retrieve records of print activity on classified systems, including copies of printed documents." [...] Aside from attempting to surreptitiously print a document, Perez-Lugones, investigators say, was also seen allegedly opening a classified document and taking notes, looking "back and forth between the screen corresponding the classified system and the notepad, all the while writing on the notepad." The affidavit doesn't state how this observation was made, but it strongly suggests a video surveillance system was also in play.

The Irish government is planning to bolster its police's ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use. From a report: The Communications (Interception and Lawful Access) Bill is being framed as a replacement for the current legislation that governs digital communication interception. The Department of Justice, Home Affairs, and Migration said in an announcement this week the existing Postal Packets and Telecommunications Messages (Regulation) Act 1993 "predates the telecoms revolution of the last 20 years."

As well as updating laws passed more than two decades ago, the government was keen to emphasize that a key ambition for the bill is to empower law enforcement to intercept of all forms of communications. The Bill will bring communications from IoT devices, email services, and electronic messaging platforms into scope, "whether encrypted or not."

In a similar way to how certain other governments want to compel encrypted messaging services to unscramble packets of interest, Ireland's announcement also failed to explain exactly how it plans to do this. However, it promised to implement a robust legal framework, alongside all necessary privacy and security safeguards, if these proposals do ultimately become law. It also vowed to establish structures to ensure "the maximum possible degree of technical cooperation between state agencies and communication service providers."/i

Google has temporarily disabled YouTube's advanced SRV3 caption format after discovering the feature was causing playback errors for some users, according to a statement the company posted. SRV3, also known as YouTube Timed Text, is a custom subtitle system Google introduced around 2018 that allows creators to use custom colors, transparency, animations, and precise text positioning. Creators cannot upload new SRV3 captions while the feature remains disabled, and existing videos that use the format may not display any captions until Google restores it. The company has provided no timeline for when SRV3 will return, and its forum post notes that changes should be temporary for "almost" all videos.

Ancient Slashdot reader jantangring shares a report from Swedish electronics industry news site Elektroniktidningen (translated to English), writing: "Open source code library cURL is removing the possibility to earn money by reporting bugs, hoping that this will reduce the volume of AI slop reports," reports etn.se. "Joshua Rogers -- AI wielding bug hunter of fame -- thinks it's a great idea." cURL maintainer Daniel Stenberg famously reported on the flood AI-generated bad bug reports last year -- "Death by a thousand slops." Now, cURL is removing the bounty payouts as of the end of January.

"We have to try to brake the flood in order not to drown," says cURL maintainer Daniel Stenberg [...]. "Despite being an AI wielding bug hunter himself, Joshua Rogers -- slasher of a hundred bugs -- thinks removing the bounty money is an excellent idea. [...] I think it's a good move and worth a bigger consideration by others. It's ridiculous that it went on for so long to be honest, and I personally would have pulled the plug long ago," he says to etn.se.

Signal Foundation president Meredith Whittaker warned that AI agents that autonomously carry out tasks pose a threat to encrypted messaging apps [non-paywalled source] because they require broad access to data stored across a device and can be hijacked if given root permissions.

Speaking at Davos on Tuesday, Whittaker said the deeper integration of AI agents into devices is "pretty perilous" for services like Signal. For an AI agent to act effectively on behalf of a user, it would need unilateral access to apps storing sensitive information such as credit card data and contacts, Whittaker said. The data that the agent stores in its context window is at greater risk of being compromised.

Whittaker called this "breaking the blood-brain barrier between the application and the operating system." "Our encryption no longer matters if all you have to do is hijack this context window," she said.

Rackspace's new pricing for its email hosting services is "devastating," according to a partner that has been using Rackspace as its email provider since 1999. From a report: In recent weeks, Rackspace updated its email hosting pricing. Its standard plan is now $10 per mailbox per month. Businesses can also pay for the Rackspace Email Plus add-on for an extra $2/mailbox/month (for "file storage, mobile sync, Office-compatible apps, and messaging"), and the Archiving add-on for an extra $6/mailbox/month (for unlimited storage).

As recently as November 2025, Rackspace charged $3/mailbox/month for its Standard plan, and an extra $1/mailbox/month for the Email Plus add-on, and an additional $3/mailbox/month for the Archival add-on, according to the Internet Archive's Wayback Machine. Rackspace's reseller partners have been especially vocal about the impacts of the new pricing.

In a blog post on Thursday, web hosting service provider and Rackspace reseller Laughing Squid said Rackspace is "increasing our email pricing by an astronomical 706 percent, with only a month-and-a half's notice." Laughing Squid founder Scott Beale told Ars Technica that he received the "devastating" news via email on Wednesday. The last time Rackspace increased Laughing Squid's email prices was by 55 percent in 2019, he said.

The growing enthusiasm among Gen Z for ditching smartphones in favor of basic "dumbphones" may be overlooking a significant cognitive reality, according to a WIRED essay that draws on the 1998 "extended mind hypothesis" by philosophers Andy Clark and David Chalmers. The hypothesis argues that external tools can extend the biological brain in an all but physical way, meaning your phone isn't just a device -- it's part of a single cognitive system composed of both the tool and your brain.

"Interference with my phone is like giving me some brain damage," Clark told Wired. He expressed concern about the dumbphone movement, calling it "generally a retrograde step" and warning that as smartphone enmeshment becomes the societal norm, those who opt out risk becoming "effectively disabled within that society." Clark described this as "the creation of a disempowered class."

98% of Americans between 18 and 29 own a smartphone, dropping only to 97% for those aged 30 to 49. Even committed dumbphone users struggle. One user profiled in the piece still carries an "emergency iPhone" for work requirements and admits long-distance friendships have become "nearly impossible to maintain."

U.S. college graduates "have historically found jobs more quickly than people with only a high school degree," writes Bloomberg.

"But that advantage is becoming a thing of the past, according to new research from the Federal Reserve Bank of Cleveland." "Recently, the job-finding rate for young college-educated workers has declined to be roughly in line with the rate for young high-school-educated workers, indicating that a long period of relatively easier job-finding prospects for college grads has ended," Cleveland Fed researchers Alexander Cline and BarıÅY Kaymak said in a blog post published Monday. The study follows the latest monthly employment data released on Nov. 20, which showed the unemployment rate for college-educated workers continued to rise in September amid an ongoing slowdown in white-collar hiring... The unemployment rate for people between the ages of 20 to 24 was 9.2% in September, up 2.2 percentage points from a year prior.
There is a caveat. "Young college graduates maintain advantages in job stability and compensation once hired..." the researchers write. "The convergence we document concerns the initial step of securing employment rather than overall labor market outcomes."

Their research includes a graph showing how the "unemployment gap" first increased dramatically after 2010 between college-educated and high school-educated workers, which the researchers attribute to "the prolonged jobless recovery after 2008". But that gap has been closing ever since, with that gap now smaller than at any time since the 1970s.

"Young high school workers are riding the wave of the historically tight postpandemic labor market with well-below-average unemployment compared to that of past high school graduates, while young college workers are experiencing unemployment rates rarely observed among past college cohorts barring during recessions." The labor market advantages conferred by a college degree have historically justified individual investment in higher education and expanding support for college access. If the job-finding rate of college graduates continues to decline relative to the rate for high school graduates, we may see a reversal of these trends. The convergence we document concerns the initial step of securing employment rather than overall labor market outcomes. These details suggest a nuanced shift in employment dynamics, one in which college graduates face greater difficulty finding jobs than previously but maintain advantages compared with high school graduates in job stability and compensation once hired.
Two key quotes:

• "Declining job prospects among young college graduates may reflect the continued growth in college attainment, adding ever larger cohorts of college graduates to the ranks of job seekers, even though technology no longer favors college-educated workers."

• "Developments related to AI, which may be affecting job-finding prospects in some cases, cannot explain the decades-long decline in the college job-finding rate."

The senior editor at the blog Windows Central decries two serious Windows issues "that were not spotted by Microsoft during testing, and are so severe that the company has now issued an emergency fix to address the problems." Microsoft's first update for Windows 11 in 2026 has already caused two major issues that saw users unable to fully shutdown their PCs or sign-in into a device when using Remote Desktop... Being unable to shut down your PC due to a recent OS update is a huge oversight on Microsoft's part, but this is the latest in a long list of updates over the last year to cause a major issue like this... Other issues that have cropped up in Windows 11 in the last year include a bug that caused Task Manager to fail to close when the user exited the application, causing system resources to lock up after a prolonged period of time if the user had opened and closed Task Manager multiple times in a session. Another update caused saw File Explorer flashbang users with a white screen when opening it in dark mode, which appeared in an update that was supposed to improve dark mode on Windows 11...

For whatever reason, the Windows Insider Program doesn't appear to be working anymore, as severe bugs are somehow making it into shipping versions of the OS.
"The out of band updates, KB5077744 and KB5077797, are available now via Windows Update and is rolling out to everybody," they write. "Once installed, your PC should go back to being able to shut down successfully, and signing-in via Remote Desktop should work again."

Microsoft has also officially acknowledged a third bug which crashes Outlook Classic when using POP accounts, according to the blog Windows Latest, which adds that that bug has not yet been fixed.

They've also identified other minor bugs, including "a black screen problem in Windows 11 KB5074109... either due to the update itself or some compatibility issues with GPU drivers." After you install the January 2026 Update, Windows triggers random black screens where the desktop freezes for a second or two, the display goes black, then everything comes back. I can't pinpoint any specific configuration, but I can confirm the black screen issue has been observed on a small subset of PCs with both Nvidia and AMD GPUs. After you install the January 2026 Update, Windows triggers random black screens where the desktop freezes for a second or two, the display goes black, then everything comes back.

In December 2024 the Google Threat Intelligence Group published research on the code of the commercial spyware "Predator". But there's now been new research by Jamf (the company behind a mobile device management solution) showing Predator is more dangerous and sophisticated than we realized, according to SecurityWeek.

Long-time Slashdot reader wiredmikey writes: The new research reveals an error taxonomy that reports exactly why deployments fail, turning black boxes into diagnostic events for threat actors. Almost exclusively marketed to and used by national governments and intelligence agencies, the spyware also detects cybersecurity tools, suppresses forensics evidence, and has built-in geographic restrictions.

Ars Technica reports: Security firm Mandiant [part of Google Cloud] has released a database that allows any administrative password protected by Microsoft's NTLM.v1 hash algorithm to be hacked in an attempt to nudge users who continue using the deprecated function despite known weaknesses.... a precomputed table of hash values linked to their corresponding plaintext. These generic tables, which work against multiple hashing schemes, allow hackers to take over accounts by quickly mapping a stolen hash to its password counterpart... Mandiant said it had released an NTLMv1 rainbow table that will allow defenders and researchers (and, of course, malicious hackers, too) to recover passwords in under 12 hours using consumer hardware costing less than $600 USD. The table is hosted in Google Cloud. The database works against Net-NTLMv1 passwords, which are used in network authentication for accessing resources such as SMB network sharing.

Despite its long- and well-known susceptibility to easy cracking, NTLMv1 remains in use in some of the world's more sensitive networks. One reason for the lack of action is that utilities and organizations in industries, including health care and industrial control, often rely on legacy apps that are incompatible with more recently released hashing algorithms. Another reason is that organizations relying on mission-critical systems can't afford the downtime required to migrate. Of course, inertia and penny-pinching are also causes.

"By releasing these tables, Mandiant aims to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1," Mandiant said. "While tools to exploit this protocol have existed for years, they often required uploading sensitive data to third-party services or expensive hardware to brute-force keys."
"Organizations that rely on Windows networking aren't the only laggards," the article points out. "Microsoft only announced plans to deprecate NTLMv1 last August."

Thanks to Slashdot reader joshuark for sharing the news.

An anonymous reader quotes a report from TechCrunch: Last week, Nicholas Moore, 24, a resident of Springfield, Tennessee, pleaded guilty to repeatedly hacking into the U.S. Supreme Court's electronic document filing system. At the time, there were no details about the specifics of the hacking crimes Moore was admitting to. On Friday, a newly filled document -- first spotted by Court Watch's Seamus Hughes -- revealed more details about Moore's hacks. Per the filing, Moore hacked not only into the Supreme Court systems, but also the network of AmeriCorps, a government agency that runs stipend volunteer programs, and the systems of the Department of Veterans Affairs, which provides healthcare and welfare to military veterans.

Moore accessed those systems using stolen credentials of users who were authorized to access them. Once he gained access to those victims' accounts, Moore accessed and stole their personal data and posted some online to his Instagram account: @ihackthegovernment. In the case of the Supreme Court victim, identified as GS, Moore posted their name and "current and past electronic filing records." [...] According to the court document, Moore faces a maximum sentence of one year in prison and a maximum fine of $100,000.

Salesforce CEO Marc Benioff said this week that his company's software engineering headcount has remained "mostly flat" over the past year as internal AI tools have delivered substantial productivity gains.

Speaking on TBPN, Benioff said he has about 15,000 engineers who are "more productive than ever." The company has redirected its hiring efforts toward sales and customer engagement roles, hiring 20% more account executives this year as it pushes its Agentforce agentic AI service.

Human salespeople remain essential for explaining the "intricacies and nuances" of agentic AI to skeptical enterprise customers, he argued. Other parts of the business have seen deeper cuts. In a separate appearance on The Logan Bartlett Show, Benioff said that Salesforce had reduced its customer support workforce by roughly 50%.

An anonymous reader shares a report: Raspberry Pi is launching a new add-on board capable of running generative AI models locally on the Raspberry Pi 5. Announced on Thursday, the $130 AI HAT+ 2 is an upgraded -- and more expensive -- version of the module launched last year, now offering 8GB of RAM and a Hailo 10H chip with 40 TOPS of AI performance.

Once connected, the Raspberry Pi 5 will use the AI HAT+ 2 to handle AI-related workloads while leaving the main board's Arm CPU available to complete other tasks. Unlike the previous AI HAT+, which is focused on image-based AI processing, the AI HAT+ 2 comes with onboard RAM and can run small gen AI models like Llama 3.2 and DeepSeek-R1-Distill, along with a series of Qwen models. You can train and fine-tune AI models using the device as well.

An anonymous reader quotes a report from Ars Technica: According to the government's version of events, 43-year-old Christopher Southerland was working in 2023 as a sysadmin for the House Committee on Transportation and Infrastructure. In his role, Southerland had the authority to order cell phones for committee staffers, of which there are around 80. But during the early months of 2023, Southerland is said to have ordered 240 brand-new phones -- far more than even the total number of staffers -- and to have shipped them all to his home address in Maryland.

The government claims that Southerland then sold over 200 of these cell phones to a local pawn shop, which was told to resell the devices only "in parts" as a way to get around the House's mobile device management software, which could control the devices remotely. It's hard to find good help these days, though, even at pawn shops. At some point, at least one of the phones ended up, intact, on eBay, where it was sold to a member of the public.

This member of the public promptly booted the phone, which did not display the expected device operating system screen but instead "a phone number for the House of Representatives Technology Service Desk." The phone buyer called this number, which alerted House IT staff that government phones were being sold on eBay. According to the government, this sparked a broader investigation to figure out what was going on, which revealed that "several phones purchased by Southerland were unaccounted for." The full scheme is said to have cost the government over $150,000. Southerland was indicted in early December 2025 and arrested on January 8, 2026. He pled not guilty and has a court date scheduled for later this month.

Dell's chief operating officer Jeff Clarke has informed employees that the company is preparing for what he calls the "biggest transformation in company history," a sweeping systems overhaul scheduled to launch on May 3 that will standardize processes across nearly every major division.

The initiative, dubbed One Dell Way, will replace Dell's existing sprawl of applications, servers and databases with a single enterprise platform designed to unify the 42-year-old company's operations. Clarke's memo, sent to staff on Tuesday and obtained by Business Insider, said Dell has spent the past two years building toward this transition.

The May 3 launch will affect the company's PC business, finance, supply chain, marketing, sales, revenue operations, services, and HR. The ISG division, which handles cloud and AI infrastructure, will follow in August. "We need one way -- simplified, standardized and automated -- so we can be more competitive and serve our customers better," Clarke wrote. Mandatory training begins February 3.

An anonymous reader shares a report: Chinese authorities have told domestic companies to stop using cybersecurity software made by roughly a dozen firms from the U.S. and Israel due to national security concerns, two people briefed on the matter said.

As trade and diplomatic tensions flare between China and the U.S. and both sides vie for tech supremacy, Beijing has been keen to replace Western-made technology with domestic alternatives. The U.S. companies whose cybersecurity software has been banned include Broadcom-owned VMware, Palo Alto Networks and Fortinet, while the Israeli companies include Check Point Software Technologies, the sources said.

Amazon founder Jeff Bezos once told an audience that he views local PC hardware the same way he views a 100-year-old electric generator he saw in a brewery museum -- as a relic of a pre-grid era, destined to be replaced by centralized utilities that users simply rent rather than own. The anecdote, shared at a talk a few years ago, positioned Amazon Web Services and Microsoft Azure as the inevitable successors to the desktop tower. Bezos argued that users would eventually abandon local computing for cloud-based solutions, much as businesses once abandoned on-site power generation for the electrical grid.

Current market dynamics have made that prediction feel more plausible. DRAM prices have become increasingly untenable for consumers, and companies like Dell and ASUS have signaled price increases across their PC ranges. Micron has shut down its consumer DRAM operations entirely, prioritizing AI datacenter demand instead. SSD storage is expected to face similar constraints. Cloud gaming services from Amazon Luna, NVIDIA GeForce Now and Xbox are seeing steady growth.

Microsoft previously developed a consumer version of its business-grade Windows 365 cloud PC product, though the company deprioritized it -- the economics didn't work when cheap laptops remained available. That calculus could shift. Xbox Game Pass's 1440p cloud gaming runs $30 monthly and NVIDIA recently imposed a 100-hour cap on its cloud platform. The infrastructure remains expensive to operate, but rising local hardware costs may eventually close that gap.