An anonymous reader quotes a report from KrebsOnSecurity: The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second.

Since its debut more than a year ago, the Aisuru botnet has steadily outcompeted virtually all other IoT-based botnets in the wild, with recent attacks siphoning Internet bandwidth from an estimated 300,000 compromised hosts worldwide. The hacked systems that get subsumed into the botnet are mostly consumer-grade routers, security cameras, digital video recorders and other devices operating with insecure and outdated firmware, and/or factory-default settings. Aisuru's owners are continuously scanning the Internet for these vulnerable devices and enslaving them for use in distributed denial-of-service (DDoS) attacks that can overwhelm targeted servers with crippling amounts of junk traffic.

As Aisuru's size has mushroomed, so has its punch. In May 2025, KrebsOnSecurity was hit with a near-record 6.35 terabits per second (Tbps) attack from Aisuru, which was then the largest assault that Google's DDoS protection service Project Shield had ever mitigated. Days later, Aisuru shattered that record with a data blast in excess of 11 Tbps. By late September, Aisuru was publicly flexing DDoS capabilities topping 22 Tbps. Then on October 6, its operators heaved a whopping 29.6 terabits of junk data packets each second at a targeted host. Hardly anyone noticed because it appears to have been a brief test or demonstration of Aisuru's capabilities: The traffic flood lasted less only a few seconds and was pointed at an Internet server that was specifically designed to measure large-scale DDoS attacks.

Aisuru's overlords aren't just showing off. Their botnet is being blamed for a series of increasingly massive and disruptive attacks. Although recent assaults from Aisuru have targeted mostly ISPs that serve online gaming communities like Minecraft, those digital sieges often result in widespread collateral Internet disruption. For the past several weeks, ISPs hosting some of the Internet's top gaming destinations have been hit with a relentless volley of gargantuan attacks that experts say are well beyond the DDoS mitigation capabilities of most organizations connected to the Internet today.

Lyft is teaming up with Tensor Auto to launch hundreds of AI-powered "Robocars" across Europe and North America starting in 2027. Bloomberg reports: Tensor Robocars, the first deliveries of which are planned in late 2026, have more than 100 sensors including cameras, lidars and radars, and processes sensor data with artificial intelligence technology powered by Nvidia Corp. chips on board. The vehicles will come from the manufacturer with Lyft's platform installed, which will allow owners to make money on the rideshare network in markets where level 4 autonomous technology is available, according to the joint statement. Lyft has reserved hundreds of Robocars via its affiliates for its own fleet operations, subject to regulatory approvals.

Google is introducing a new Chrome browser feature for Android and desktop users that automatically turns off notifications for websites that you're already ignoring. From a report: Chrome's Safety Check feature already provides similar functionality for camera access and location tracking permissions.

This new auto-revocation feature builds on a similar Android feature that already makes it easier for Chrome users to unsubscribe from website notifications they don't care about with a single tap. The feature doesn't revoke notifications for any web apps installed on the device, and permissions will only be disabled for sites that send a lot of notifications that users rarely engage with. Less than one percent of all web notifications in Chrome currently receive any interaction from users, according to Google, often making them more distracting than helpful.

A Meta executive in charge of building the company's metaverse products told employees that they should be using AI to "go 5X faster," according to an internal message obtained by 404 Media. From the report: "Metaverse AI4P: Think 5X, not 5%," the message, posted by Vishal Shah, Meta's VP of Metaverse, said (AI4P is AI for Productivity). The idea is that programmers should be using AI to work five times more efficiently than they are currently working -- not just using it to go 5 percent more efficiently.

"Our goal is simple yet audacious: make Al a habit, not a novelty. This means prioritizing training and adoption for everyone, so that using Al becomes second nature -- just like any other tool we rely on," the message read. "It also means integrating Al into every major codebase and workflow." Shah added that this doesn't just apply to engineers. I want to see PMs, designers, and [cross functional] partners rolling up their sleeves and building prototypes, fixing bugs, and pushing the boundaries of what's possible," he wrote.

"I want to see us go 5X faster by eliminating the frictions that slow us down. And 5X faster to get to how our products feel much more quickly. Imagine a world where anyone can rapidly prototype an idea, and feedback loops are measured in hours -- not weeks. That's the future we're building."

The Rubik's Cube has been reimagined as a $299 tech gadget featuring 24 mini IPS screens, a gyroscope, accelerometer, speakers, and Bluetooth connectivity. Called the WOWCube, it runs its own "CubiOS" system, supports downloadable games and apps, and can transform into everything from a mini arcade to a virtual aquarium. Ars Technica reports: Rather than a solid-colored sticker, each of the toy's 24 squares is a 240x240 IPS display. The cube itself is composed of eight "cubicle modules," as Cubios, the company behind the toy, calls them. Each module includes three of those IPS screens and a dedicated SoC. [A Cubios support page has additional details.] Each of the 24 displays can be set to show a solid color for solving a simpler, but still captivating, Rubik's puzzle. Alternatively, the screens can be twisted and turned to play dozens of different games, including Block Buster, Space Invaders, and Jewel Hunter.

Also part of the toy is a gyroscope, 6-axis accelerometer, and eight speakers. Cubios claims the integrated battery can last for up to seven hours before needing a recharge. In order to add games or other apps to the WOWCube, you must download the WOWCube Connect iOS or Android app, pair the toy with your phone over Bluetooth, and then use the mobile app to download games onto the WOWCube. Currently, the WOWCube's online app store lists 47 games; some cost money to download, and some aren't available yet. The WOWCube runs its own operating system, dubbed CubiOS, and Cubios (the company) offers a free DevKit. WOWCube attempts to bring additional functionality to Rubik's cubes with, as of this writing, nine additional apps, including a timer and apps that make the toy look like an aquarium or snow globe, for instance.

Mozilla Firefox's new "Shake to Summarize" feature earned a spot on TIME's Best Inventions of 2025, allowing users to shake their phone to instantly summarize long web pages. Anthony Enzor-DeMeo, general manager of Firefox, calls it a "testament to the incredible work of our UX, design, product, and engineering teams who brought this innovation to life." Neowin reports: Shake to summarize works exactly how you suspect: you physically shake your phone to generate a summary of a long article. This can be quite handy if you are trying to get the gist of a long read without scrolling through the whole thing. Other ways to activate the feature include tapping the thunderbolt icon in the address bar and selecting "Summarize Page" from the three-dot menu.

For now, the feature is limited to iOS users in the US with their system set to English, but Mozilla promises an Android version is in the works. If you have an iPhone 15 Pro or newer running iOS 26, Apple Intelligence generates the summaries on the device. For older iPhones or those on earlier iOS versions, the page text is sent to Mozilla's servers for processing. You can view the full list of TIME's "Special Mentions" here.

An anonymous reader quotes a report from Gizmodo: The City of New York is reaching across the country to sue tech giants headquartered in California over allegations that their platforms have created a youth mental health crisis. The city, along with its school districts and health department, alleges that "gross negligence" on the part of Meta, Alphabet, Snap, and ByteDance has gotten kids hooked on social media, which has created a "public nuisance" that is placing a strain on the city's resources.

In a 327-page complaint filed in the US District Court for the Southern District of New York, the city alleges that tech companies have designed their platforms in a way that seeks to "maximize the number of children" using them, and have built "algorithms that wield user data as a weapon against children and fuel the addiction machine." The city also alleges that these companies "know children and adolescents are in a developmental stage that leaves them particularly vulnerable to the addictive effects of these features," but "target them anyway, in pursuit of additional profit."

[...] It cites data from the New York City Police Department, for instance, that show at least 16 teens have died while "subway surfing" -- riding outside of a moving train -- a dangerous behavior which the lawsuit claims has been encouraged by social media trends. Two girls, ages 12 and 13, died earlier this month while subway surfing. It also cited survey data collected from New York high school students, which shows that 77.3% of the city's teens spend three or more hours per day on screens, which it claims has contributed to lost sleep and, in turn, absences from school -- corroborated by the city's school districts, which provided data to show that 36.2% of all public school students are considered chronically absent, missing at least 10% of the school year.

prisoninmate shares a report from 9to5Linux: Dubbed Questing Quokka, Ubuntu 25.10 is powered by the latest and greatest Linux 6.17 kernel series for top-notch hardware support and ships with the latest GNOME 49 desktop environment, defaulting to a Wayland-only session for the Ubuntu Desktop flavor, meaning there's no other session to choose from the login screen. Ubuntu Desktop also ships with two new apps, namely GNOME's Loupe instead of Eye of GNOME as the default image viewer, as well as Ptyxis instead of GNOME Terminal as the default terminal emulator. Also, there's a new update notification that will be shown with options to open Software Updater or install updates directly.'

Other highlights of Ubuntu 25.10 include sudo-rs as the default implementation of sudo, Dracut as the default initramfs-tools, Chrony as the default NTP (Network Time Protocol) client, Rust Coreutils as the default implementation of GNU Core Utilities, and TPM-backed FDE (Full Disk Encryption) recovery key management. Moreover, Ubuntu 25.10 adds NVIDIA Dynamic Boost support and enables suspend-resume support in the proprietary NVIDIA graphics driver to prevent corruption and freezes when waking an NVIDIA desktop. For Intel users, Ubuntu 25.10 introduces support for new Intel integrated and discrete GPUs. Ubuntu 25.10 is available for download here.

An anonymous reader quotes a report from Ars Technica: Apple yesterday announced a plan to comply with a Texas age verification law and warned that changes required by the law will reduce privacy for app users. "Beginning January 1, 2026, a new state law in Texas -- SB2420 -- introduces age assurance requirements for app marketplaces and developers," Apple said yesterday in a post for developers. "While we share the goal of strengthening kids' online safety, we are concerned that SB2420 impacts the privacy of users by requiring the collection of sensitive, personally identifiable information to download any app, even if a user simply wants to check the weather or sports scores."

The Texas App Store Accountability Act requires app stores to verify users' ages and imposes restrictions on those under 18. Apple said that developers will have "to adopt new capabilities and modify behavior within their apps to meet their obligations under the law." Apple's post noted that similar laws will take effect later in 2026 in Utah and Louisiana. Google also recently announced plans for complying with the three state laws and said the new requirements reduce user privacy. "While we have user privacy and trust concerns with these new verification laws, Google Play is designing APIs, systems, and tools to help you meet your obligations," Google told developers in an undated post.

The Utah law is scheduled to take effect May 7, 2026, while the Louisiana law will take effect July 1, 2026. The Texas, Utah, and Louisiana "laws impose significant new requirements on many apps that may need to provide age appropriate experiences to users in these states," Google said. "These requirements include ingesting users' age ranges and parental approval status for significant changes from app stores and notifying app stores of significant changes."

Dave W. Plummer, the Microsoft developer who created Task Manager and helped build Windows Product Activation, has revealed the origins of Windows XP's most notorious product key. The alphanumeric string FCKGW-RHQQ2-YXRKT-8TG6W-2B7Q8 was not cracked through clever hacking but leaked as a legitimate volume licensing key five weeks before XP's October 2001 release.

A warez group distributed the key alongside special corporate installation media. Windows Product Activation generated hardware IDs from system components and sent them to Microsoft for validation. The leaked volume licensing key bypassed this entirely. The system recognized it as corporate licensing and skipped phone-home activation. Users could install XP without activation prompts or 30-day timers. Microsoft later blacklisted the key.

The Internet Archive must block access to books in its Open Library project for Belgian users after negotiations with publishers failed. A Brussels Business Court issued a site-blocking order in July targeting several shadow libraries and the Internet Archive. A Belgian government department paused the order for the U.S. nonprofit and urged both parties to negotiate. The talks over recent weeks were unsuccessful.

The Department for Combating Infringements of Copyright concluded last week that the Internet Archive hosts the contested books and has the ability to render them inaccessible. Publishers must supply a list of books to be blocked. The nonprofit then has 20 calendar days to implement the measures and prevent future digital lending of those works in Belgium. The order includes a one-time penalty of $578,000 for non-compliance and remains in place until July 16 next year. The Internet Archive operates Open Library by purchasing physical copies and digitizing them to lend out one at a time. Publishers previously won a U.S. federal court case against the project.

FCC Chairman Brendan Carr says Internet service providers shouldn't have to list every fee they charge. From a report: Responding to a request from cable and telecom lobby groups, he is proposing to eliminate a rule that requires ISPs to itemize various fees in broadband price labels that must be made available to consumers.

The rule took effect in April 2024 after the FCC rejected ISPs' complaints that listing every fee they created would be too difficult. The rule applies specifically to recurring monthly fees "that providers impose at their discretion, i.e., charges not mandated by a government."

ISPs could comply with the rule either by listing the fees or by dropping the fees altogether and, if they choose, raising their overall prices by a corresponding amount. But the latter option wouldn't fit with the strategy of enticing customers with a low advertised price and hitting them with the real price on their monthly bills. The broadband price label rules were created to stop ISPs from advertising misleadingly low prices.

This week, Carr scheduled an October 28 vote on a Notice of Proposed Rulemaking (NPRM) that proposes eliminating several of the broadband-label requirements. One of the rules in line for removal requires ISPs to "itemize state and local passthrough fees that vary by location." The FCC would seek public comment on the plan before finalizing it.

After failed negotiations with publishers, Belgium's copyright enforcement agency has ordered the Internet Archive to block access to specific books in its Open Library within Belgium or face a 500,000-euro fine. TorrentFreak reports: Back in July, the Brussels Business Court issued a sweeping ex parte site-blocking order targeting several "shadow libraries" including Anna's Archive, Libgen, and Z-Library. Unusually, the order also included the Internet Archive's Open Library, a project operated by the well-known U.S. non-profit organization Internet Archive. The order was granted based on a request from publishers and authors who claimed, among other things, that the operators of the targeted sites were difficult to identify. This also applied to the Internet Archive, which was not heard by the court before the order was issued.

[...] Over the past several weeks, Internet Archive attempted to reach an agreement with the publishers, but the effort was unsuccessful. It is clear, however, that the Internet Archive believes that its use of copyrighted books for the Open Library qualifies as fair use. The organization is known to purchase physical copies, which it then digitizes to lend out to patrons, one copy at a time. This self-digitizing project was previously contested in a U.S. federal court, where the publishers ultimately came out as the winner. They argued that the Internet Archive project competed with their own licensing business for book lending. The detailed arguments at the center of the Belgian case are not public, but after hearing both sides, the Department for Combating Infringements of Copyright concluded that Internet Archive must take action.

In a follow-up decision (PDF) published last week, the government department explicitly states that it can't rule on U.S. fair use or the Belgian equivalent, but concludes that self-blocking measures are warranted. The Internet Archive hosts the contested books and has the ability to render them inaccessible. If it refuses to do so, it may be considered a copyright infringer under local law. The final decision requires the rightsholders to supply the Internet Archive with a list of all books that should be blocked in Belgium. The non-profit then has 20 calendar days to implement the necessary measures. In addition to making the books unavailable, Internet Archive must also prevent these works from being made available for digital lending in the future.

Germany's cabinet has approved a new law allowing police to shoot down or disable rogue drones that threaten airspace security, following recent airport disruptions attributed to Russian reconnaissance. "Other techniques available to down drones include using lasers or jamming signals to sever control and navigation links," notes Reuters. From the report: With the new law, Germany joins European countries that have recently given security forces powers to down drones violating their airspace, including Britain, France, Lithuania and Romania. A dedicated counter-drone unit will be created within the federal police, Interior Minister Alexander Dobrindt said, and researchers would consult with Israel and Ukraine as they were more advanced in drone technology. Police would deal with drones flying at around tree-level, whereas more powerful drones should be tackled by the military, Dobrindt said.

Germany recorded 172 drone-related disruptions to air traffic between January and the end of September 2025, up from 129 in the same period last year and 121 in 2023, according to data from Deutsche Flugsicherung (DFS). German military drills last month in the northern port city of Hamburg demonstrated how like a spider, a large military drone shot a net at a smaller one in mid-flight, entangling its propellers and forcing it to the ground, where a robotic dog trotted over to seek possible explosives. Shooting down drones could be unsafe in densely populated urban areas, however, and airports do not necessarily have detection systems that can immediately report sightings.

BrianFagioli shares a report from NERDS.xyz: IDC says global PC shipments jumped 9.4 percent in Q3 2025, reaching nearly 76 million units. Asia and Japan led the growth thanks to school projects and corporate refreshes tied to Windows 10's end of support. North America was the weak link, with tariffs and economic unease keeping buyers on the sidelines even as aging fleets strain under Windows 11 pressure.

Lenovo kept its top spot with 25.5 percent market share, followed by HP at 19.8 and Dell at 13.3. Apple and ASUS both posted double-digit growth. IDC's takeaway is clear: the PC market is not surging on flashy new features, it is being pulled forward by deadlines, old batteries, and the reality that five-year-old laptops do not cut it anymore.

An anonymous reader shares a report: In another loss for early smart home adopters, Logitech has announced that it will brick all Pop switches on October 15.

In August of 2016, Logitech launched Pop switches, which provide quick access to a range of smart home actions, including third-party gadgets. For example, people could set their Pop buttons to launch Philips Hue or Insteon lighting presets, play a playlist from their Sonos speaker, or control Lutron smart blinds. Each button could store three actions, worked by identifying smart home devices on a shared Wi-Fi network, and was controllable via a dedicated Android or iOS app. The Pop Home Switch Starter Pack launched at $100, and individual Pop Add-on Home Switches debuted at $40 each.

A company spokesperson told Ars Technica that Logitech informed customers on September 29 that their Pop switches would soon become e-waste.

An anonymous reader quotes a report from the New York Times: Over the course of a nearly four-decade career, Cory Doctorow has written 15 novels, four graphic novels, dozens of short stories, six nonfiction books, approximately 60,000 blog posts and thousands of essays. And yet for all the millions of words he's published, these days the award-winning science fiction author and veteran internet activist is best known for just a single one: Enshittification. The term, which Doctorow, 54, popularized in essays in 2022 and 2023, refers to the way that online platforms become worse to use over time, as the corporations that own them try to make more money. Though the coinage is cheeky, in Doctorow's telling the phenomenon it describes is a specific, nearly scientific process that progresses according to discrete stages, like a disease.

Since then, the meaning has expanded to encompass a general vibe -- a feeling far greater than frustration at Facebook, which long ago ceased being a good way to connect with friends, or Google, whose search is now baggy with SEO spam. Of late, the idea has been employed to describe everything from video games to television to American democracy itself. "It's frustrating. It's demoralizing. It's even terrifying," Doctorow said in a 2024 speech. On Tuesday, Farrar Straus & Giroux will release "Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Doctorow's book-length elaboration on his essays, complete with case studies (Uber, Twitter, Photoshop) and his prescriptions for change, which revolve around breaking up big tech companies and regulating them more robustly. Further reading: The Enshittification Hall of Shame

An anonymous reader quotes a report from 404 Media: Sora 2, Open AI's new AI video generator, puts a visual watermark on every video it generates. But the little cartoon-eyed cloud logo meant to help people distinguish between reality and AI-generated bullshit is easy to remove and there are half a dozen websites that will help anyone do it in a few minutes. A simple search for "sora watermark" on any social media site will return links to places where a user can upload a Sora 2 video and remove the watermark. 404 Media tested three of these websites, and they all seamlessly removed the watermark from the video in a matter of seconds.

Hany Farid, a UC Berkeley professor and an expert on digitally manipulated images, said he's not shocked at how fast people were able to remove watermarks from Sora 2 videos. "It was predictable," he said. "Sora isn't the first AI model to add visible watermarks and this isn't the first time that within hours of these models being released, someone released code or a service to remove these watermarks." [...] According to Farid, Open AI is decent at employing strategies like watermarks, content credentials, and semantic guardrails to manage malicious use. But it doesn't matter. "It is just a matter of time before someone else releases a model without these safeguards," he said.

Both [Rachel Tobac, CEO of SocialProof Security] and Farid said that the ease at which people can remove watermarks from AI-generated content wasn't a reason to stop using watermarks. "Using a watermark is the bare minimum for an organization attempting to minimize the harm that their AI video and audio tools create," Tobac said, but she thinks the companies need to go further. "We will need to see a broad partnership between AI and Social Media companies to build in detection for scams/harmful content and AI labeling not only on the AI generation side, but also on the upload side for social media platforms. Social Media companies will also need to build large teams to manage the likely influx of AI generated social media video and audio content to detect and limit the reach for scammy and harmful content." "I'd like to know what OpenAI is doing to respond to how people are finding ways around their safeguards," Farid said. "Will they adapt and strengthen their guardrails? Will they ban users from their platforms? If they are not aggressive here, then this is going to end badly for us all."

An anonymous reader shares a report: Changes are coming to the Play Store in spite of a concerted effort from Google to maintain the status quo. The company asked the US Supreme Court to freeze parts of the Play Store antitrust ruling while it pursued an appeal, but the high court has rejected that petition. That means the first elements of the antitrust remedies won by Epic Games will have to be implemented in mere weeks.

The app store case is one of three ongoing antitrust actions against Google, but it's the furthest along of them. Google lost the case in 2023, and in 2024, US District Judge James Donato ordered a raft of sweeping changes aimed at breaking Google's illegal monopoly on Android app distribution. In July, Google lost its initial appeal, leaving it with little time before the mandated changes must begin.

[...] The more dramatic changes are not due until July 2026, but this month will still bring major changes to Android apps. Google will have to allow developers to link to alternative methods of payment and download outside the Play Store, and it cannot force developers to use Google Play Billing within the Play Store. Google is also prohibited from setting prices for developers.

An anonymous reader shares a report: It's been a while since Apple last mocked Windows security, but the iPhone maker has just released an ad that hits Windows hard. The eight-minute commercial pokes fun at the CrowdStrike Blue Screen of Death (BSOD) issue that took down millions of Windows machines last year.

Apple's ad follows The Underdogs, a fictional company that's about to attend a trade show, before a PC outage causes chaos and a Blue Screen of Death shuts down machines at the convention. If it wasn't clear Apple was mocking the infamous CrowdStrike incident, an IT expert appears in the middle of the ad and starts discussing kernel-level functionality, the core part of an operating system that has unrestricted access to system memory and hardware.