"Copilot Actions on Windows 11" is currently available in Insider builds (version 26220.7262) as part of Copilot Labs, according to a recent report, "and is off by default, requiring admin access to set it up."

But maybe it's off for a good reason...besides the fact that it can access any apps installed on your system: In a support document, Microsoft admits that features like Copilot Actions introduce "\novel security risks ." They warn about cross-prompt injection (XPIA), where malicious content in documents or UI elements can override the AI's instructions. The result? " Unintended actions like data exfiltration or malware installation ."

Yeah, you read that right. Microsoft is shipping a feature that could be tricked into installing malware on your system. Microsoft's own warning hits hard: "We recommend that you only enable this feature if you understand the security implications." When you try to enable these experimental features, Windows shows you a warning dialog that you have to acknowledge. ["This feature is still being tested and may impact the performance or security of your device."]

Even with these warnings, the level of access Copilot Actions demands is concerning. When you enable the feature, it gets read and write access to your Documents, Downloads, Desktop, Pictures, Videos, and Music folders... Microsoft says they are implementing safeguards. All actions are logged, users must approve data access requests, the feature operates in isolated workspaces, and the system uses audit logs to track activity.

But you are still giving an AI system that can "hallucinate and produce unexpected outputs" (Microsoft's words, not mine) full access to your personal files.
To address this, Ars Technica notes, Microsoft added this helpful warning to its support document this week. "As these capabilities are introduced, AI models still face functional limitations in terms of how they behave and occasionally may hallucinate and produce unexpected outputs."

But Microsoft didn't describe "what actions they should take to prevent their devices from being compromised. I asked Microsoft to provide these details, and the company declined..."

Meta "is testing a new product that would give Facebook users a personalized daily briefing powered by the company's generative AI technology" reports the Washington Post. They cite records they've reviwed showing that Meta "would analyze Facebook content and external sources to push custom updates to its users." The company plans to test the product with a small group of Facebook users in select cities such as New York and San Francisco, according to a person familiar with the project who spoke on the condition of anonymity to discuss private company matters...

Meta's foray into pushing updates for consumers follows years of controversy over its relationship with publishers. The tech company has waffled between prominently featuring content from mainstream news sources on Facebook to pulling news links altogether as regulators pushed the tech giant to pay publishers for content on its platforms. More recently, publishers have sued Meta, alleging it infringed on their copyrighted works to train its AI models.

In October Zorin OS claimed it had 100,000 downloads in a little over two days in the days following Microsoft's end of support for Windows 10.

And one month later, Zorin OS developers now claim that 780,000 people downloaded it from a Windows computer in the space of a month, according to the tech news site XDA Developers. In a post on the Zorin blog, the developers of the operating system Zorin OS 18 announced that they've managed to accrue one million downloads of the operating system in a single month [since its launch on October 14]. While this is plenty impressive by itself, the developers go on to reveal that, out of that million, 78% of the downloads came from a Windows machine. That means that at least 780,000 people on Windows gave Zorin OS 18 a download...

[I]t's easy to see why: the developers put a heavy emphasis on making their system the perfect home for ex-Windows users.

Longtime Slashdot reader fahrbot-bot shares a report from 404 Media: The Ukrainian Army is knocking a once-hyped Russian superweapon out of the sky by jamming it with a song and tricking it into thinking it's in Lima, Peru. The Kremlin once called its Kh-47M2 Kinzhal ballistic missiles "invincible." Joe Biden said the missile was "almost impossible to stop." Now Ukrainian electronic warfare experts say they can counter the Kinzhal with some music and a re-direction order. [...] Kinzhals and other guided munitions navigate by communicating with Russian satellites that are part of the GLONASS system, a GPS-style navigation network. Night Watch uses a jamming system called Lima EW to generate a disruption field that prevents anything in the area from communicating with a satellite. Many traditional jamming systems work by blasting receivers on munitions and aircraft with radio noise. Lima does that, but also sends along a digital signal and spoofs navigation signals. It "hacks" the receiver it's communicating with to throw it off course.

Night Watch shared pictures of the downed Kinzhals with 404 Media that showed a missile with a controlled reception pattern antenna (CRPA), an active antenna that's meant to resist jamming and spoofing. "We discovered that this missile had pretty old type of technology," Night Watch said. "They had the same type of receivers as old Soviet missiles used to have. So there is nothing special, there is nothing new in those types of missiles." Night Watch told 404 Media that it used this Lima to take down 19 Kinzhals in the past two weeks. First, it replaces the missile's satellite navigation signals with the Ukrainian song "Our Father Is Bandera."

Any digital noise or random signal would work to jam the navigation system, but Night Watch wanted to use the song because they think it's funny. "We just send a song... we just make it into binary code, you know, like 010101, and just send it to the Russian navigation system," Night Watch said. "It's just kind of a joke. [Bandera] is a Ukrainian nationalist and Russia tries to use this person in their propaganda to say all Ukrainians are Nazis. They always try to scare the Russian people that Ukrainians are, culturally, all the same as Bandera." Once the song hits, Night Watch uses Lima to spoof a navigation signal to the missiles and make them think they're in Lima, Peru. Once the missile's confused about its location, it attempts to change direction. These missiles are fast -- launched from a MiG-31 they can hit speeds of up to Mach 5.7 or more than 4,000 miles per hour -- and an object moving that fast doesn't fare well with sudden changes of direction.

A magician who implanted an RFID chip in his hand lost access to it after forgetting the password, leaving him effectively locked out of the tech embedded in his own body. The Register reports: "It turns out," said [said magician Zi Teng Wang], "that pressing someone else's phone to my hand repeatedly, trying to figure out where their phone's RFID reader is, really doesn't come off super mysterious and magical and amazing." Then there are the people who don't even have their phone's RFID reader enabled. Using his own phone would, in Zi's words, lack a certain "oomph."

Oh well, how about making the chip spit out a Bitcoin address? "That literally never came up either." In the end, Zi rewrote the chip to link to a meme, "and if you ever meet me in person you can scan my chip and see the meme." It was all suitably amusing until the Imgur link Zi was using went down. Not everything on the World Wide Web is forever, and there is no guarantee that a given link will work indefinitely. Indeed, access to Imgur from the United Kingdom was abruptly cut off on September 30 in response to the country's age verification rules.

Still, the link not working isn't the end of the world. Zi could just reprogram the chip again, right? Wrong. "When I went to rewrite the chip, I was horrified to realize I forgot the password that I had locked it with." The link eventually started working again, but if and when it stops, Zi's party piece will be a little less entertaining. He said: "Techie friends I've consulted with have determined that it's too dumb and simple to hack, the only way to crack it is to strap on an RFID reader for days to weeks, brute forcing every possible combination." Or perhaps some surgery to remove the offending hardware.

Google has begun testing sponsored ads inside its Gemini-powered AI Mode, placing labeled "sponsored" links at the bottom of AI-generated responses. Engadget reports: [A] Google spokesperson says the result shown is akin to similar tests it's been running this year. "People seeing ads in AI Mode in the wild is simply part of Google's ongoing tests, which we've been running for several months," the spokesperson said. The push to start offering ads in AI Mode was announced in May. The company also told 9to5Google that there are no current plans to fully update AI Mode to incorporate ads. For now, the software seems to be prioritizing organic links over sponsored links, but we all know how insidious ads can be once the floodgates open...

Google's AI infrastructure chief told employees the company must double its AI serving capacity every six months in order to meet demand. In a presentation earlier this month, Amin Vahdat, a vice president at Google Cloud, gave a presentation titled "AI Infrastructure." It included a slide on "AI compute demand" that said: "Now we must double every 6 months.... the next 1000x in 4-5 years." CNBC reports: The presentation was delivered a week after Alphabet reported better-than-expected third-quarter results and raised its capital expenditures forecast for the second time this year, to a range of $91 billion to $93 billion, followed by a "significant increase" in 2026. Hyperscaler peers Microsoft, Amazon and Meta also boosted their capex guidance, and the four companies now expect to collectively spend more than $380 billion this year.

Google's "job is of course to build this infrastructure but it's not to outspend the competition, necessarily," Vahdat said. "We're going to spend a lot," he said, adding that the real goal is to provide infrastructure that is far "more reliable, more performant and more scalable than what's available anywhere else." In addition to infrastructure build-outs, Vahdat said Google bolsters capacity with more efficient models and through its custom silicon. Last week, Google announced the public launch of its seventh generation Tensor Processing Unit called Ironwood, which the company says is nearly 30 times more power efficient than its first Cloud TPU from 2018.

Vahdat said the company has a big advantage with DeepMind, which has research on what AI models can look like in future years. Google needs to "be able to deliver 1,000 times more capability, compute, storage networking for essentially the same cost and increasingly, the same power, the same energy level," Vahdat said. "It won't be easy but through collaboration and co-design, we're going to get there."

British soldiers are using computer games such as Call of Duty to sharpen their "war-fighting readiness," an Army chief has said. From a report: General Sir Tom Copinger-Symes, the deputy commander of Cyber and Specialist Operations Command, said the war in Ukraine, where remote-operated drones have become crucial on the battlefield, proved the worth of having soldiers skilled in video gaming.

The Ministry of Defence on Friday announced the launch of the International Defence Esports Games (IDEG), a video gaming tournament that will pit the best of Britain's "future cyber warriors" against military teams from 40 other countries.

Google confirmed in a statement Friday that hackers have stolen the Salesforce-stored data of more than 200 companies in a large-scale supply chain hack. TechCrunch reports: On Thursday, Salesforce disclosed a breach of "certain customers' Salesforce data" -- without naming affected companies -- that was stolen via apps published by Gainsight, which provides a customer support platform to other companies.

In a statement, Austin Larsen, the principal threat analyst of Google Threat Intelligence Group, said that the company "is aware of more than 200 potentially affected Salesforce instances." After Salesforce announced the breach, the notorious and somewhat-nebulous hacking group known as Scattered Lapsus$ Hunters, which includes the ShinyHunters gang, claimed responsibility for the hacks in a Telegram channel, which TechCrunch has seen.

Microsoft has acknowledged in a support article that major Windows 11 core features including the Start Menu, Taskbar, File Explorer and System Settings break after applying monthly cumulative updates released on or after July 2025.

The problems stem from XAML component issues that affect updates beginning with July's Patch Tuesday release (KB5062553). The failures occur during first-time user logins after cumulative updates are applied and on non-persistent OS installations like virtual desktop infrastructure setups. Microsoft lists Explorer.exe crashes, shellhost.exe crashes, StartMenuExperienceHost failures and System Settings that silently refuse to launch among the symptoms. The company provided PowerShell commands and batch scripts as temporary workarounds that re-register the affected packages. Both Windows 11 versions 24H2 and 25H2 share the same codebase and are affected. Microsoft said it is working on a fix but did not provide a timeline.

Meta is venturing into the complex world of electricity trading, betting it can accelerate the construction of new US power plants that are vital to its AI ambitions. From a report: The foray into power trading comes after Meta heard from investors and plant developers that too few power buyers were willing to make the early, long-term commitments required to spur investment, according to Urvi Parekh, the company's head of global energy. Trading electricity will give the company the flexibility to enter more of those longer contracts.

Plant developers "want to know that the consumers of power are willing to put skin in the game," Parekh said in an interview. "Without Meta taking a more active voice in the need to expand the amount of power that's on the system, it's not happening as quickly as we would like."

OpenAI CEO Sam Altman told colleagues last month that Google's recent progress in AI could "create some temporary economic headwinds for our company," though he added that OpenAI would emerge ahead, The Information reports [non-paywalled source]. From the report: After OpenAI researchers heard that Google had created a new AI that appears to have leapfrogged OpenAI's in the way it was developed, Altman said in the memo that "we know we have some work to do but we are catching up fast." Still, he cautioned employees that "I expect the vibes out there to be rough for a bit."

IBM and Cisco plan to link quantum computers over long distances by the early 2030s, "with the goal of demonstrating the concept is workable by the end of 2030," reports Reuters. "The move could pave the way for a quantum internet, though executives at the two companies cautioned that the networks would require technologies that do not currently exist and will have to be developed with the help of universities and federal laboratories." From the report: The challenge begins with a problem: Quantum computers like IBM's sit in massive cryogenic tanks that get so cold that atoms barely move. To get information out of them, IBM has to figure out how to transform information in stationary "qubits" -- the fundamental unit of information in a quantum computer -- into what Jay Gambetta, director of IBM Research and an IBM fellow, told Reuters are "flying" qubits that travel as microwaves.

But those flying microwave qubits will have to be turned into optical signals that can travel between Cisco switches on fiber-optic cables. The technology for that transformation -- called a microwave-optical transducer -- will have to be developed with the help of groups like the Superconducting Quantum Materials and Systems Center, led by the Fermi National Accelerator Laboratory near Chicago, among others. Along the way, Cisco and IBM will also publish open-source software to weave all the parts together.

Mozilla is officially ending its partnership with Onerep after more than a year of controversy over the company's founder secretly running people-search and data-broker sites. Monitor Plus will be discontinued by December 2025, existing subscribers will receive prorated refunds, and Mozilla says it will focus on privacy tools it fully controls. KrebsOnSecurity reports: In a statement published Tuesday, Mozilla said it will soon discontinue Monitor Plus, which offered data broker site scans and automated personal data removal from Onerep. "We will continue to offer our free Monitor data breach service, which is integrated into Firefox's credential manager, and we are focused on integrating more of our privacy and security experiences in Firefox, including our VPN, for free," the advisory reads.

Mozilla said current Monitor Plus subscribers will retain full access through the wind-down period, which ends on Dec. 17, 2025. After that, those subscribers will automatically receive a prorated refund for the unused portion of their subscription. "We explored several options to keep Monitor Plus going, but our high standards for vendors, and the realities of the data broker ecosystem made it challenging to consistently deliver the level of value and reliability we expect for our users," Mozilla statement reads.

Roblox is rolling out mandatory facial age-verification for chat features to prevent children from communicating with adult strangers. The platform will restrict chat to verified age groups, expand parental controls, and become the first major gaming platform to require facial age checks for messaging. The BBC reports: Mandatory age checks will be introduced for accounts using chat features, starting in December for Australia, New Zealand and the Netherlands, then the rest of the globe from January. [...] Rani Govender, policy manager for child safety online at the NSPCC, said action had been needed because young people had been exposed to "unacceptable risks" on Roblox, "leaving many vulnerable to harm and online abuse."

The charity welcomed the platform's latest announcement but called on Roblox to "ensure they deliver change for children in practice and prevent adult perpetrators from targeting and manipulating young users." The platform averaged more than 80 million daily players in 2024, about 40% of them under the age of 13. [...]

Matt Kaufman, chief safety officer for Roblox, told a press briefing the age estimation technology is "pretty accurate." He claimed the system can make close estimates of "within one to two years" bracket for users aged between five and 25. Currently it can be used voluntarily by anyone in the world.

An anonymous reader quotes a report from Ars Technica: Google's meme-friendly Nano Banana image-generation model is getting an upgrade. The new Nano Banana Pro is rolling out with improved reasoning and instruction following, giving users the ability to create more accurate images with legible text and make precise edits to existing images. It's available to everyone in the Gemini app, but free users will find themselves up against the usage limits pretty quickly. Nano Banana Pro is part of the newly launched Gemini 3 Pro -- it's actually called Gemini 3 Pro Image in the same way the original is Gemini 2.5 Flash Image, but Google is sticking with the meme-y name. You can access it by selecting Gemini 3 Pro and then turning on the "Create images" option.

Google says the new model can follow complex prompts to create more accurate images. The model is apparently so capable that it can generate an entire usable infographic in a single shot with no weird AI squiggles in place of words. Nano Banana Pro is also better at maintaining consistency in images. You can blend up to 14 images with this tool, and it can maintain the appearance of up to five people in outputs. Google also promises better editing. You can refine your AI images or provide Nano Banana Pro with a photo and make localized edits without as many AI glitches. It can even change core elements of the image like camera angles, color grading, and lighting without altering other elements. Google is pushing the professional use angle with its new model, which has much-improved resolution options. Your creations in Nano Banana Pro can be rendered at up to 4K.

An anonymous reader shares a report: Epishine, a company that makes solar cells optimized for indoor lighting, has announced its technology is being used in a new remote control for Google TV devices, as spotted by 9to5Google. The remote will rely on rechargeable batteries instead of disposable ones, and thanks to the use of solar cells on both sides it may only run out of power when it gets buried and forgotten in the dark abyss of your couch cushions.

Microsoft's push to transform Windows into an "agentic OS" that allows AI agents to control PCs is drawing user backlash similar to the Windows 8 controversy, as the company marks the operating system's 40th anniversary this week, writes Tom Warren, a reporter at The Verge who has been covering Microsoft for nearly two decades. Windows chief Pavan Davuluri announced the agentic OS plans in a post on X last week and faced immediate criticism in hundreds of replies before they were locked days later.

"It's evolving into a product that's driving people to Mac and Linux," one person wrote, while another asked for a return to Windows 7's "clean UI, clean icon, a unified control panel, no bloat apps, no ads, just a pure performant OS." Davuluri later responded to software engineer Gergely Orosz, saying "we care deeply about developers" and acknowledging Microsoft has "work to do on the experience, both on the everyday usability, from inconsistent dialogs to power user experiences."

Microsoft CEO Satya Nadella told the Dwarkesh Podcast that the company's business "which today is an end user tools business, will become, essentially an infrastructure business in support of agents doing work." The Recall feature already spooked users when it was initially turned on by default before Microsoft reworked it to be opt-in. Navjot Virk, corporate vice president of Windows experiences, told The Verge that "every user can use [AI agents] when they're ready. It's their choice, they decide."

Autonomous electric tractor startup Monarch Tractor -- which we covered in 2022 -- warned staff Thursday it may need to lay off more than 100 employees, or possibly even "shut down," according to a company-wide memo obtained by TechCrunch. The report adds: The memo comes after Monarch Tractor was already cutting some positions over the last few weeks at its California corporate facilities and remote teams in India and Singapore, according to multiple former employees who spoke with TechCrunch on the condition of anonymity.

Monarch Tractor was founded in 2018 by a team that included a former top executive at Tesla's first gigafactory and Carlo Mondavi, a scion of the famous winemaking family. The company raised at least $220 million, including $133 million in 2024, as it pursued a goal of making "driver optional" autonomous tractors that could perform tasks at places like wineries and other fruit farms.

Researchers in Germany achieved a major milestone for the future quantum internet by successfully teleporting quantum information between photons generated by two different, physically separated quantum dots -- something never accomplished before due to the difficulty of producing indistinguishable photons from remote sources. Phys.org reports: At the University of Stuttgart, the team succeeded in teleporting the polarization state of a photon originating from one quantum dot to another photon from a second quantum dot. One quantum dot generates a single photon, the other an entangled photon pair. Entangled means that the two particles constitute a single quantum entity, even when they are physically separated. One of the two particles travels to the second quantum dot and interferes with its light particle. The two overlap. Because of this superposition, the information of the single photon is transferred to the distant partner of the pair.

Instrumental for the success of the experiment were quantum frequency converters, which compensate for residual frequency differences between the photons. These converters were developed by a team led by Prof. Christoph Becher, an expert in quantum optics at Saarland University. [...] In the Stuttgart experiment, the quantum dots were separated only by an optical fiber of about 10 m length. "But we are working on achieving considerably greater distances," says Strobel. In earlier work, the team had shown that the entanglement of the quantum dot photons remains intact even after a 36-kilometer transmission through the city center of Stuttgart. Another aim is to increase the current success rate of teleportation, which currently stands at just over 70%. Fluctuations in the quantum dot still lead to slight differences in the photons. The findings have been published in the journal Nature Communications.