Arch Linux Malware Incident: Malicious Commits Found in 1,579 Packages | | More than 1,500 user-contributed packages in the Arch Linux User Repository "AUR" were infected with malware, reports Phoronix:
The last message in the thread over this security incident is noting that Arch Linux developers have deleted all the malicious commits they are aware of. Cited was this list that puts the number of malware-affected packages at 1,579...
Even at 1,579 packages listed, that final updated noted, it's a "list containing many (but not all) of the affected packages".
Thanks to long-time Slashdot reader couchslug for sharing the report.
Read more of this story at Slashdot. |
OpenAI Investigated By Coalition of America's State Attorneys General | | "A coalition of state attorneys general has opened an investigation into OpenAI," reports the Wall Street Journal, citing "people familiar with the matter."
OpenAI was served Friday with a subpoena seeking documents related to a broad range of its activities and impact on users, including advertising, user engagement and retention, handling of consumer data and health data, activities related to minors and seniors, deep learning models, model sycophancy and company policies, some of the people said. The subpoena, viewed by The Wall Street Journal, was sent by New York's attorney general....
Earlier this month, Florida became the first state to file a lawsuit against OpenAI and its chief executive, Sam Altman. The lawsuit claims OpenAI and Altman knowingly released an unsafe product and ignored warnings that it could harm users. Florida's Attorney General, James Uthmeier, opened a criminal investigation into OpenAI in April over the role its chatbot played in a mass shooting that killed two people at Florida State University last year. The suspect allegedly turned to ChatGPT as a confidant and sounding board to plan the attack, and the chatbot dispensed advice for his questions...
State attorneys general have been scrutinizing OpenAI's competitors in the AI industry as well. In December, a coalition of 42 state attorneys general led by Pennsylvania's Dave Sunday sent a letter to companies including OpenAI, Meta, Anthropic, Google and xAI. In the letter, the Attorneys General demanded safeguards to protect vulnerable users from harmful interactions with chatbots, warning that "developers may be held accountable for the outputs of their GenAI products" for "encouraging an individual to commit a criminal act."
"We take the concerns raised by state attorneys general seriously," OpenAI told the Journal in a statement, "and intend to engage constructively with their offices."
The article also acknowledges that The Wall Street Journal's parent company "has a content-licensing partnership with OpenAI." Read more of this story at Slashdot. |
New UK Referendum Would Flip 'Brexit' Result of a Decade Ago, Poll Finds | | It's the 10-year anniversary of Britain's "Brexit" vote withdrawing from the European Union.
But a new UK poll "shows that a new Brexit referendum would reverse the vote that led to Britain's departure," reports Bloomberg:
Fifty-two percent of Britons think the UK should rejoin the EU, according to an Ipsos survey of 1,137 British adults conducted between May 14 and May 20. That's the inverse of the mood in June 2016 when a comparable share of the electorate backed Brexit...
Younger voters overwhelmingly favor reversing Brexit, whereas half of those ages 55 and above oppose returning to the bloc.
"The number of people who say Brexit is going worse than they had predicted has almost doubled in the past five years," reports The Independent, " from 27% in 2021 to 48% today — more than those saying it was going as well as or better than expected."
[T]here is more backing for a second referendum, with 48 per cent now saying they would support one, against 27 per cent who would oppose it. Even a fifth of Reform UK voters and a quarter of those who voted Leave in 2016 would back a second vote, the study found.
Tufts University discussed the last 10 years with the European Studies chair at their international relations graduate school:
Q: Have their fears of negative financial effects been realized?
A: The figures are quite revealing: The British GDP has been reduced by 6-8%, business investment has been reduced by 12%, and trade volume has been reduced by 15%, compared to what it could have been if the U.K. had remained in the EU...
Q: What do you think happens next?
A: The United Kingdom made a choice and they might have the opportunity, at some point, to revise this choice. I hope that when they have to decide again, they will be much more informed.
Read more of this story at Slashdot. |
US Congress Lets 'Warrantless Wiretap' Law FISA Lapse | | It's the U.S. law that allows wiretaps without a warrant for surveilling foreign targets. And the U.S. Congress just let it lapse. Sort of. NPR reports:
Each year, the provision is used by American intelligence agencies to collect the electronic communications of hundreds of thousands of foreigners located outside of the United States. The government says that more than 60% of the president's daily intelligence briefing relies on information collected under the authority. The tool officially lapsed at the end of the day on Friday. What happens now?
Intelligence collection under FISA's Section 702 is authorized annually by a federal court — and the law allows for that collection to continue for the duration of the court's authorization, even if the law lapses before the court's next approval. That means companies — electronic communications service providers, in this context — will still be legally required to turn over material to intelligence agencies.
Still, some lawmakers worry that the companies compelled to turn over communications may attempt to challenge the law in court, possibly leading to an indeterminately long window during which they stop providing intel. Advocates on all sides of the surveillance fight believe those challenges are ultimately likely to fail, but those closely linked to the intelligence community emphasize that even a small pause comes with risks ahead of major events like America's 250th celebration and the World Cup. Read more of this story at Slashdot. |
Mystery Orb Videos, Other UFO Records Released By White House | | The Trump administration released another large batch of government UAP records, including videos of glowing orb-like objects appearing to split and rejoin, witness accounts, illustrations, and decades-old investigative documents. Axios reports: The documents indicate that government agents have spent years monitoring, investigating and documenting suspected UAP incidents. At lease some of the sightings took place near sensitive government facilities, according to the reports. Videos showing red and yellow light-emitting orbs, some of which appear to split apart and then reattach as they fly across the sky. The videos were taken by witnesses whom the government deemed "credible."
Illustrations and videos showing reenactments of what observers saw, and the positions they were in when they viewed them.
Memos from government agents describing their experiences seeing flying objects.
An illustration of a grayish-white balloon-like object hovering above an area near Colorado Springs, Colo. An illustration depicting a series of incidents that took place in the "western United States" where government officials reported seeing UAPs in 2023.
There also are decades-old records documenting the government's involvement in investigating UAPs, including a 1949 letter then-FBI Director J. Edgar Hoover wrote federal agents after receiving a message from an American citizen expressing their belief they'd seen a non-human-made flying object. The records released by the administration do not express any conclusions as to whether the government believes the UAPs represent the existence of alien life. They also do not indicate any conclusions as to whether UAPs represent a national security threat to the U.S. Read more of this story at Slashdot. |
World's First Crewed Solid-State Flight Electrifies Aviation's Future | | The Helios Horizon has completed what its developers call the first crewed, fixed-wing flight powered by solid-state batteries. New Atlas reports: On June 5, test pilot Miguel Iturmendi lifted off from Zephyrhills Municipal Airport in Florida at the controls of the Helios Horizon -- the first crewed, fixed-wing aircraft ever to fly on solid-state batteries. The flight was neither spectacular in distance nor in duration -- it was a series of short tests to validate the aircraft's weight and balance after the new batteries had been installed -- but it didn't need to be to make history. [...] The Helios Horizon's previous lithium-ion pack delivered 260 Wh/kg (watt-hours per kilogram, a measure of how much energy a battery holds relative to its weight). The new solid-state cells hit 410 Wh/kg, a 60% jump. Chief test pilot and company founder Miguel Iturmendi expects that figure to grow another 40% within two years.
Though the battery pack can be topped up over any AC outlet, no special infrastructure needed, fast-charging is also supported for up to 80% capacity in under 15 minutes. The aircraft also recovers energy in flight through wing-mounted solar panels and a regenerative system that spins the propeller as a wind turbine during glides and descents. "Regenerative flight can significantly extend the aircraft's range," Iturmendi said after the test flights.
The Helios Horizon itself started life as a Pipistrel Taurus motorized glider. Iturmendi's team added proprietary battery management, a custom propulsion stack, thermodynamic controls, and solar panel wing extensions. The aircraft already holds the world altitude record for electric planes in its weight class, having reached 24,000 ft (7,315 m). The next goal is 40,000 ft (12,192 m), commercial cruising altitude, in stratospheric flights planned for later this year. Read more of this story at Slashdot. |
Anthropic 'Suspends' All Mythos and Fable Access After US Order Limiting Foreign Access | | "Anthropic said on Friday it will 'abruptly disable' its most advanced AI models for all users,"
reports Reuters, "after the U.S. government ordered it to suspend access to the models for foreign nationals, citing national security concerns. The company received the export control directive to suspend access to Fable 5 and Mythos 5 for all foreign nationals, without being given specific details of its national security concern, Anthropic said in a statement."
Anthropic's blog post writes that the directive applies to foreign nationals "whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance."
"Access to all other Anthropic models will not be affected."
We received the directive from the government today at 5:21pm (ET)... Our understanding is that the government believes it has become aware of a method of bypassing, or "jailbreaking" Fable 5... We have not even received a disclosure of a concerning non-universal potential jailbreak that led to a harmful result. The potential jailbreaks that have been disclosed to us are either entirely benign responses or are minor findings that provide no Mythos-specific uplift.
To date, the government has only given us verbal evidence of a potential narrow, non-universal jailbreak, which essentially consists of asking the model to read a specific codebase and fix any software flaws. Our understanding is that one potential jailbreak was shared with the government. We have reviewed a report that we believe is the basis of the government's directive and validated that the level of capability displayed there is widely available from other models (including OpenAI's GPT-5.5), and is used every day by the defenders who keep systems safe... We are complying with the government's legal directive and are removing access to Fable 5 and Mythos 5 for all users. However, we disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people. If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers.
As we have stated publicly, we believe the government should have the ability to block unsafe deployments, as part of a statutory process that is transparent, fair, clear, and grounded in technical facts. This action does not adhere to those principles. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.
Reuters notes that Amazon's cloud unit AWS "said late on Friday that Anthropic has asked it to revoke access to the models for 'all users in all regions.'"
Dean Ball, a former White House official who contributed to the AI Action Plan the administration issued in the summer of 2025, said in a post on X that the order suggests all "non-Americans" would be restricted from using Anthropic's latest models, including those based in the U.S. "This means you should expect to have to prove your citizenship to use Anthropic models," Ball said.
Several key Anthropic personnel, including co-founder Chris Olah, AI researcher Andrej Karpathy and philosopher Amanda Askell, were born outside the United States.
Read more of this story at Slashdot. |
Data Center Opponents Have Blocked Or Delayed Projects Worth Nearly $130 Billion In 2026 | | An anonymous reader quotes a report from NBC News: The first quarter of 2026 produced the most blocked and delayed data center projects on record, according to a new study shared with NBC News. The study -- conducted by Data Center Watch, a project of the AI intelligence firm 10a Labs that tracks local data center activity -- found that data center opponents blocked or delayed at least 75 projects nationwide worth about $130 billion from January through March, the most in a three-month period since the group began tracking in 2023.
"The quarter reflected a structural shift rather than a cyclical spike: communities have internalized an opposition playbook, legislative sessions introduced formal regulatory uncertainty, and the number of active opposition groups more than doubled to 833 across 49 states," the authors wrote, noting that the total number and value of data centers blocked or delayed during the first three months of 2026 roughly matched the total for all of 2025.
[...] The report found that legislative pushes for moratoriums on constructing data centers ballooned during the first quarter of 2026, sponsored by lawmakers on both sides of the aisle. The report found such proposals introduced in 14 states from January through March, with Sen. Bernie Sanders, I-Vt., and Rep. Alexandria Ocasio-Cortez, D-N.Y., introducing a federal version. Though none of the proposals has been signed into law, one did reach the desk of Democratic Gov. Janet Mills in Maine. She vetoed it in April.
More than 300 bills were introduced in statehouses across the country just in the first six weeks of 2026, the authors found, saying it marked "a clear shift from incentive-focused policies toward regulatory oversight as the scale of energy demands became clearer." What's more, the study found that the number of active grassroots opposition groups across the country more than doubled from 396 at the end of 2025 to 833 by March. The authors found that the states with the most opposition groups through that month were Maryland, Ohio and Texas. "In some cases," they wrote, "opposition mobilized before any project was officially filed, the mere rumor of a data center was enough to trigger organized resistance." Read more of this story at Slashdot. |
Jeff Bezos' AI Startup Aims To Build an 'Artificial General Engineer' | | Jeff Bezos says his new AI startup, Prometheus, is working toward an "artificial general engineer" capable of helping design complex physical products such as robots, drugs, manufacturing systems, and rocket engines. The Verge reports: The NYT first reported on Prometheus last November, but now Bezos is sharing more information about the startup after a $12 billion funding round, putting the company at a $41 billion valuation. Bezos serves as co-CEO of Prometheus alongside Vik Bajaj, who co-founded Alphabet's health-focused research group, Verily. The startup currently has around 150 employees.
The tools Prometheus intends to build could help develop physical products across several industries, including robotics, drug design, and manufacturing, the NYT reports. "Blue Origin is a perfect example of a company that could benefit from the tools that Prometheus is building," Bezos tells the NYT. "Any company that is building sophisticated devices -- like rocket engines -- would benefit greatly from this kind of technology." Read more of this story at Slashdot. |
Justice Department Approves Paramount's $111 Billion Acquisition of Warner Bros. | | The Justice Department has approved Paramount Skydance's $111 billion acquisition of Warner Bros. Discovery without requiring divestitures or other concessions. The deal still faces scrutiny from state attorneys general. Politico reports: The decision, expected to be announced Friday, paves the way for Paramount to combine with the entertainment and media company behind a vast film and television studio, CNN, and the HBO Max streaming service, which would be combined with Paramount+ to create a new offering boasting about 200 million subscribers. The deal, which would upend the Hollywood ecosystem by combining two historic rival studios, is opposed by many in the entertainment industry who fear it could lead to mass layoffs, among other concerns.
After an extensive review, DOJ officials determined the transaction did not pose a threat to competition and declined to challenge it, said the people, who were granted anonymity to discuss sensitive matters. The department approved the merger without requiring any divestitures, behavioral remedies or concessions, according to one of the people. [...] The DOJ's approval does not end the merger's legal scrutiny. California Attorney General Rob Bonta has been reviewing the transaction and could still sue to block the deal despite federal regulators signing off. A spokesperson for Bonta's office told POLITICO earlier this week "the Paramount acquisition of Warner Brothers remains an active investigation."
[...] Throughout those discussions, Paramount maintained that the merger would strengthen competition rather than diminish it, creating a media company better positioned to compete with streaming leaders and deep-pocketed technology rivals, according to people familiar with the matter. Hollywood workers fear the merger could trigger another wave of layoffs in an industry already reeling from years of consolidation. Critics argue that billions in promised cost savings will come at the expense of jobs, fewer opportunities for creators and greater concentration of power across film, television and streaming. Read more of this story at Slashdot. |
ShinyHunters Hacked 100+ Organizations By Exploiting an Oracle PeopleSoft 0-Day | | ShinyHunters claims it exploited a critical Oracle PeopleSoft zero-day to compromise more than 100 organizations, including the University of Nottingham, where it says it stole 40GB of student and billing data. "ShinyHunters posted the UK university on its data leak site on Tuesday before publishing the stolen files later that same day, presumably because the school refused to pay the extortion demand," reports The Register. From the report: "University of Nottingham on our leak site is one of the first publicly confirmed incidents," a ShinyHunters spokesperson told us. "We have only just started outreach to affected orgs and are actively looking to reach an agreement with affected orgs." They didn't say when they planned to post the other 100 or so claimed victims.
A Google threat intelligence report published Thursday afternoon corroborated ShinyHunters' claims to have compromised more than 100 organizations. Google said it spotted malicious activity, "consistent with the exploitation of CVE-2026-35273," between May 27 and June 9, and notified more than 100 global orgs "whose IP addresses correlated with potentially vulnerable endpoints." Most of these, we're told, are based in the US and 68 percent are in the higher-education sector. Oracle has released a "patch availability document," but it's unclear whether a patch is currently available. Read more of this story at Slashdot. |
Google Sues Chinese Cybercrime Operation That Used Gemini AI To Send Scam Texts | | An anonymous reader quotes a report from TechCrunch: Google is suing to dismantle the infrastructure behind an alleged massive AI-powered cybercrime operation. On Friday, the tech giant announced a lawsuit against an alleged Chinese cybercrime network called Outsider Enterprise, which Google says uses AI in its campaigns to send scam text messages impersonating Google and other brands to steal passwords and credit card numbers.
Outsider Enterprise has financially scammed "hundreds of thousands of victims" with losses "estimated in the millions." The group deployed 9,000 fake websites, 1 million fraudulent web domains, and 2.5 million texts sent to Android users in a two-week period, according to Google. "55,000 spam texts were flagged by Android users in just two weeks this past May -- that's more than two text spam complaints a minute," Google said.
Google said it uses "AI-powered tools to fight AI-powered scams", which enable the company to detect scams and alert users of suspicious calls and text messages, leading to the interception of more than 10 billion scam messages a month. The company said it has been collaborating with AT&T, T-Mobile, and Verizon to block the scam text messages and said it is coordinating with the FBI, which is taking unspecified law enforcement actions. Read more of this story at Slashdot. |
Touchscreen Macbook '100% Confirmed,' Says Reputable Leaker | | A leaker with a strong Apple rumor track record says a touchscreen MacBook is "100% confirmed. If true, it would mark a major reversal for Apple, which has long argued that the Mac is built for indirect input rather than reaching up to touch a vertical screen. MacRumors reports: Instant Digital has a good track record for Apple rumors and has provided some strikingly accurate information in the past, so it's always worth noting what they have to say about Apple's plans. The claim is also backed by several recent reports. [...] Touchscreen support is expected to be one of several major upgrades coming to Apple's next-generation high-end MacBook Pro models. Other rumored features include M6 Pro and M6 Max chips, an OLED display, a Dynamic Island (i.e., no notch), and a thinner design. The new laptops could also adopt MacBook Ultra branding.
Notably, macOS 27 Golden Gate also introduces a more touch-friendly interface, since Apple's Sidecar feature now allows users to tap and interact with macOS interface elements using a finger on their iPad. Apple apparently is not going to advertise the new MacBook Pro/Ultra as a touch-first device like the iPad -- it will be "touch-friendly, not touch-first," according to [Bloomberg's Mark Gurman]. In that sense, Apple will let customers use touch and mouse gestures interchangeably for all functions. Further reading: Steve Jobs Was Wrong About Touchscreen Laptops (2012) Read more of this story at Slashdot. |
Microsoft Surface Flaw Allowed Unprotected Devices To Be Bricked By a Single Packet | | Longtime Slashdot reader Dotnaught shares a report from The Register: For the past 90 days, Microsoft has been quietly patching a firmware flaw in Surface devices that allowed the hardware to be bricked with a single packet, though only for those who have disabled Secure Core and Secure Boot. And the company's Copilot AI software inadvertently helped identify the faulty firmware.
According to Jack Darcy, a security researcher based in Australia, his instance of Microsoft Copilot stumbled across the bug after being asked to adjust the screen backlighting on a Surface device. The Copilot-conjured Python script ended up rendering the researcher's laptop inoperable by overwriting the embedded controller firmware. "Copilot autonomously created and executed four progressively aggressive Python scripts during a probe for backlight control values that sent raw SSAM ioctl commands (SSAM_CDEV_REQUEST = 0xC028A501) directly to the SAM microcontroller through the SAM software path," Darcy explained to The Register.
[...] "We appreciate the work of Jack Darcy and The Register for reporting this issue under a coordinated vulnerability disclosure," a Microsoft spokesperson said in a statement. "Our investigation found that a deprecated UEFI interface could trigger a boot loop on some devices. To trigger this loop, the user must have administrator privileges and have already disabled the Secure Boot security feature. We have released updates to address the issue for most impacted devices."
That means managed devices are not at risk. But those using Linux, or Windows users who have disabled Secure Core and Secure Boot for gaming, or who use custom Windows drivers, or who have USB boot enabled, may still be vulnerable if their systems haven't received the update. We're uncertain about the range of Surface devices affected. Our source said it appears to be all of them (Surface Laptops 3-6, Surface Book 1-3) except for Surface Go models. ARM variants, however, have not been tested. The report notes that Microsoft is planning to move the Surface stack to a more secure architecture based on Rust code.
"Our most recent Surface for Business hardware features a major architectural shift in terms of improved reliability and security that spans our embedded controller, UEFI, but also some of our drivers," said David Abzarian, chief architect for Microsoft Surface. "We're investing in the most secure foundation for a PC by building our embedded controller firmware from the ground up in Rust (as part of leveraging and contributing to the Open Device Partnership (ODP)) in addition to a rewrite of the UEFI DXE Core in Rust; these projects are known as Secure EC and Project Patina respectively."
"We're also not only shipping some of our drivers written in Rust, but also helping co-develop the framework Windows Drivers in Rust (WDR) to help enable a broad set of partners in the Windows ecosystem to capitalize on these benefits. I will also note that all of these efforts are open-source promoting one of our key security principles around transparency." Read more of this story at Slashdot. |
Sam Bankman-Fried Loses Bid To Overturn Crypto Fraud Conviction | | Sam Bankman-Fried lost his appeal to overturn his FTX fraud conviction and 25-year sentence. Reuters reports: In a unanimous decision, a three-judge panel of the Manhattan-based 2nd U.S. Circuit Court of Appeals said prosecutors' evidence against Bankman-Fried "was, conservatively stated, robust." "While he was publicly reassuring customers, investors and regulators that FTX customer funds were safe, he was simultaneously using FTX as his own personal piggy bank, spending customer funds on real estate, political contributions, and investments," Circuit Judge Barrington Parker wrote on behalf of the panel.
Bankman-Fried's lawyers did not immediately respond to a request for comment. They may next ask all the active judges on the 2nd Circuit to hear the case, or ask the U.S. Supreme Court to take up the case. Bankman-Fried is also seeking a pardon from President Donald Trump, according to the Justice Department's Office of the Pardon Attorney. Bankman-Fried was sentenced to 25 years in prison in 2024 for "masterminding one of the largest financial frauds in American history," wrote US District Judge Lewis Kaplan. He was convicted on all charges, including wire fraud, conspiracy to commit securities fraud, commodities fraud, and money laundering. Read more of this story at Slashdot. |
|
|
