Over 10,000 Docker Hub Images Found Leaking Credentials, Auth Keys | | joshuark shares a report from BleepingComputer: More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. After scanning container images uploaded to Docker Hub in November, security researchers at threat intelligence company Flare found that 10,456 of them exposed one or more keys. The most frequent secrets were access tokens for various AI models (OpenAI, HuggingFace, Anthropic, Gemini, Groq). In total, the researchers found 4,000 such keys. "These multi-secret exposures represent critical risks, as they often provide full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components," Flare notes. [...]
Additionally, they found hardcoded API tokens for AI services being hardcoded in Python application files, config.json files, YAML configs, GitHub tokens, and credentials for multiple internal environments. Some of the sensitive data was present in the manifest of Docker images, a file that provides details about the image.Flare notes that roughly 25% of developers who accidentally exposed secrets on Docker Hub realized the mistake and removed the leaked secret from the container or manifest file within 48 hours. However, in 75% of these cases, the leaked key was not revoked, meaning that anyone who stole it during the exposure period could still use it later to mount attacks.
Flare suggests that developers avoid storing secrets in container images, stop using static, long-lived credentials, and centralize their secrets management using a dedicated vault or secrets manager. Organizations should implement active scanning across the entire software development life cycle and revoke exposed secrets and invalidate old sessions immediately. Read more of this story at Slashdot. |
VMware Kills vSphere Foundation In Parts of EMEA | | Broadcom has quietly pulled VMware vSphere Foundation from parts of EMEA, pushing smaller customers toward far more expensive bundles and prompting some to consider jumping to Hyper-V or Nutanix. The Register reports: VVF is a bundle that offers compute, storage, and networking virtualization, and a platform to run containers. It's most useful in hyperconverged infrastructure and hybrid clouds, but is less capable than the Cloud Foundation (VCF) private cloud suite. Virtzilla said EMEA customers would need to check with their local dealer to see if VVF was still on sale in their country. "VVF is no longer available in some EMEA countries, but for the majority it is still available," a Broadcom spokesperson said. "Customers will have to reach out to sales reps or partners to determine availability of a given product in their region. These changes were recent."
Our initial tipster said their reseller clued them into the impending change when VMware's new fiscal year started in November. This anonymous customer told us that their hardware fleet boasts thousands of compute cores and without more affordable options, his organization was looking at their annual VMware spend leaping by 10x from around $130,000 to $1.3 million. "We're currently looking to jump ship to either Microsoft's Hyper-V or Nutanix, as we can't eat (that) increase," they told The Register. [...]
For the moment, a Broadcom spokesperson told us it has no plans to ditch VMware vSphere Standard, the basic server virtualization bundle which we're told makes up about 60 percent of the company's licenses and is a lower-cost way to access VMware's hypervisor than buying its full suite of VMware Cloud Foundation products. "We have not announced any changes to the availability of vSphere Standard in EMEA nor end of support for vSphere Standard," the spokesperson said via email. "The product remains fully available across EMEA today. However, Broadcom product availability can vary by region to align with local market requirements, customer demand, and other considerations." Read more of this story at Slashdot. |
Trump Signs Executive Order For Single National AI Regulation Framework, Limiting Power of States | | President Trump signed an executive order establishing a single federal AI regulatory framework that preempts state-level rules, aiming to centralize oversight of the rapidly growing AI industry. "The Trump administration, with the aid of AI and crypto czar David Sacks, has been pursuing a path that would allow federal rules to preempt state regulations on AI, a move meant to keep big Democratic-led states like California and New York from exerting their control over the growing industry," notes CNBC.
Developing... Read more of this story at Slashdot. |
UC Berkeley Professor Uses Secret Camera To Catch PhD Candidate Sabotaging Rival | | A UC Berkeley professor, suspecting years of targeted computer damage against one Ph.D. student, secretly installed a hidden camera that allegedly caught another doctoral candidate sabotaging the student's laptop. The student now faces felony vandalism charges and is due for his first court appearance on Dec. 15. The Mercury News reports: A UC Berkeley professor smelled a rat -- over the years there had been $46,855 in damage from computers that failed, and nearly all of it seemed to affect one particular Ph.D. candidate at the college's Electrical Engineering and Computer Sciences department.
The professor wondered if the student's luck was really that bad, or if something else was afoot. So he installed a hidden camera -- disguised in a department laptop, and pointed it at the student's computer. According to police, the sly move captured another Ph.D. candidate, 26-year-old Jiarui Zou, damaging his fellow student's computer with some implement that caused sparks to fly out of the laptop.
Now, Zou has been charged with three felony counts of vandalism, related to the destruction of three computers on Nov. 9-10. The charges allege the damage amounted to more than $400 each time, though the professor who reported the vandalism, and the affected student, told police they suspect Zou of the additional incidents that had been going on for years, court records show. Read more of this story at Slashdot. |
Rivian Goes Big On Autonomy, With Custom Silicon, Lidar, and a Hint At Robotaxis | | During the company's first "Autonomy & AI Day" event today, Rivian unveiled a major autonomy push featuring custom silicon, lidar, and a "large driving model." It also hinted at a potential entry into the self-driving ride-hail market, according to CEO RJ Scaringe. TechCrunch reports: Rivian said it will expand the hands-free version of its driver-assistance software to "over 3.5 million miles of roads across the USA and Canada" and will eventually expand beyond highways to surface streets (with clearly painted road lines). This expanded access will be available on the company's second-generation R1 trucks and SUVs. It's calling the expanded capabilities "Universal Hands-Free" and will launch in early 2026. Rivian says it will charge a one-time fee of $2,500 or $49.99 per month.
"What that means is you can get into the vehicle at your house, plug in the address to where you're going, and the vehicle will completely drive you there," Scaringe said Thursday, describing a point-to-point navigation feature. After that, Rivian plans to allow drivers to take their eyes off the road. "This gives you your time back. You can be on your phone, or reading a book, no longer needing to be actively involved in the operation of vehicle." Rivian's driver assistance software won't stop there; the EV maker laid out plans on Thursday to enhance its capabilities all the way up to what it's calling "personal L4," a nod to the level set by the Society of Automotive Engineers that means a car can operate in a particular area with no human intervention.
After that, Scaringe hinted that Rivian will be looking at competing with the likes of Waymo. "While our initial focus will be on personally owned vehicles, which today represent a vast majority of the miles driven in the United States, this also enables us to pursue opportunities in the ride-share space," he said. To help accomplish these lofty goals, Rivian has been building a "large driving model" (think: an LLM but for real-world driving), part of a move away from a rules-based framework for developing autonomous vehicles that has been led by Tesla. The company also showed off its own custom 5nm processor, which it says will be built in collaboration with both Arm and TSMC. Read more of this story at Slashdot. |
Disney Says Google AI Infringes Copyright 'On a Massive Scale' | | An anonymous reader quotes a report from Ars Technica: The Wild West of copyrighted characters in AI may be coming to an end. There has been legal wrangling over the role of copyright in the AI era, but the mother of all legal teams may now be gearing up for a fight. Disney has sent a cease and desist to Google, alleging the company's AI tools are infringing Disney's copyrights "on a massive scale." According to the letter, Google is violating the entertainment conglomerate's intellectual property in multiple ways. The legal notice says Google has copied a "large corpus" of Disney's works to train its gen AI models, which is believable, as Google's image and video models will happily produce popular Disney characters -- they couldn't do that without feeding the models lots of Disney data.
The C&D also takes issue with Google for distributing "copies of its protected works" to consumers. So all those memes you've been making with Disney characters? Yeah, Disney doesn't like that, either. The letter calls out a huge number of Disney-owned properties that can be prompted into existence in Google AI, including The Lion King, Deadpool, and Star Wars. The company calls on Google to immediately stop using Disney content in its AI tools and create measures to ensure that future AI outputs don't produce any characters that Disney owns. Disney is famously litigious and has an army of lawyers dedicated to defending its copyrights. The nature of copyright law in the US is a direct result of Disney's legal maneuvering, which has extended its control of iconic characters by decades. While Disney wants its characters out of Google AI generally, the letter specifically cited the AI tools in YouTube. Google has started adding its Veo AI video model to YouTube, allowing creators to more easily create and publish videos. That seems to be a greater concern for Disney than image models like Nano Banana. "We have a longstanding and mutually beneficial relationship with Disney, and will continue to engage with them," Google said in a statement. "More generally, we use public data from the open web to build our AI and have built additional innovative copyright controls like Google-extended and Content ID for YouTube, which give sites and copyright holders control over their content."
The cease and desist letter arrives at the same time the company announced a content deal with OpenAI. Disney said it's investing $1 billion in OpenAI via a three-year licensing deal that will let users generate AI-powered short videos and images featuring more than 200 characters. Read more of this story at Slashdot. |
Google is Building an Experimental New Browser and a New Kind of Web App | | Google's Chrome team has built an experimental browser called Disco that takes a query or prompt, opens a cluster of related tabs, and then generates a custom application tailored to whatever task the user is trying to accomplish. The browser launched Thursday as an experiment in Google's Search Labs.
GenTabs, the core feature powering Disco, are information-rich pages created by Google's Gemini AI models -- ask for travel tips and the system builds a planner app; ask for study help and it creates a flashcard system. Disco -- named partly for fun and partly as shorthand for "discovery" -- started as a hackathon project inside Google before catching the team's imagination.
Parisa Tabriz, who leads the Chrome team, said that Disco is not intended as a general-purpose browser and is not an attempt to cannibalize Chrome. The experiment aims to test what happens when users move from simply having tabs to generating personalized, curated applications on demand. The capability relies on features in the recently launched Gemini 3, which can create one-off interactive interfaces and build miniature apps on the fly rather than just returning text or images. Read more of this story at Slashdot. |
Cisco Stock Hits New All-Time High, 25 Years After the Dotcom Bubble Burst | | Cisco's stock price touched $80.25 on Wednesday, finally eclipsing its dotcom-era peak of $80.06 set on March 27, 2000 -- when the networking giant briefly surpassed Microsoft to become the world's most valuable company. The journey back took 25 years, eight months and 13 days. The company's fundamentals improved dramatically over that period, of course. Revenues have nearly quintupled since 1999, profits have quadrupled, earnings per share have grown eightfold, and margins have remained healthy throughout. Investors who bought at the peak still lost money to inflation for a generation.
Cisco's trajectory draws obvious comparisons to Nvidia, today's dominant "picks and shovels" supplier for the AI boom. Nvidia trades at a price-to-earnings ratio above 45 and an enterprise value-to-sales ratio near 24. At its 2000 peak, Cisco traded at a P/E above 200 and EV/sales of 31. Read more of this story at Slashdot. |
New York Becomes First State To Require Disclosure of AI Performers in Ads | | New York Governor Kathy Hochul on Thursday signed two bills aimed at regulating the use of AI in entertainment, requiring disclosure when ads feature AI-generated performers and mandating consent from heirs before a deceased person's likeness can be used commercially. Hochul described both measures as "first in the nation" policies during a signing ceremony at SAG-AFTRA's New York City offices.
The first bill compels ad producers to disclose the use of synthetic performers, and the second requires companies to obtain consent from heirs or executors before using a person's name, image, or likeness for commercial purposes after their death. "We will have responsible AI policies in the state of New York," Hochul said. "It's a time where we do want to embrace innovation. But not to the detriment of people."
The signing came the same day Disney announced a partnership allowing users of OpenAI's Sora to create clips featuring Marvel, Pixar, and Star Wars characters. Read more of this story at Slashdot. |
Uber Pulls Back From Electric Cars, Slashing Incentives for Drivers | | Uber has discontinued its monthly electric vehicle bonuses for drivers in the United States and Canada, marking the latest in a series of rollbacks from a company that once pledged to pour $800 million into helping its drivers transition away from gasoline-powered cars. The ride-hailing giant had previously eliminated its $1-per-ride EV perk last year, replacing it with monthly bonuses that required drivers to complete 200 rides. Those monthly payments are now gone too.
The company is far behind its self-imposed climate targets. Uber had pledged to reach 100% EVs in London by 2025 and across North America and Europe by 2030. Current figures paint a different picture: roughly 40% of miles in London come from EVs, while Europe sits at about 15% and North America at just 9%. The company's emissions have nearly doubled over the past three years and now exceed Denmark's total carbon footprint. Uber executives acknowledged to Bloomberg that they will likely miss their green targets. The company has doled out $539 million of its $800 million pledge through the end of 2024. Meanwhile, Uber's operating profits are set to double this year, and the company recently committed $20 billion to stock buybacks. Read more of this story at Slashdot. |
GPT-5.2 Arrives as OpenAI Scrambles To Respond To Gemini 3's Gains | | OpenAI on Thursday released GPT-5.2, its latest and what the company calls its "best model yet for everyday professional use," just days after CEO Sam Altman declared a "code red" internally to marshal resources toward improving ChatGPT amid intensifying competition from Google's well-received Gemini 3 model. The GPT-5.2 series ships in three tiers: Instant, designed for faster responses and information retrieval; Thinking, optimized for coding, math, and planning; and Pro, the most powerful tier targeting difficult questions requiring high accuracy.
OpenAI says the Thinking model hallucinated 38% less than GPT-5.1 on benchmarks measuring factual accuracy. Fidji Simo, OpenAI's CEO of applications, denied that the launch was moved up in response to the code red, saying the company has been working on GPT-5.2 for "many, many months." She described the internal directive as a way to "really signal to the company that we want to marshal resources in this one particular area."
The competitive pressure is real. Google's Gemini app now has more than 650 million monthly active users, compared to OpenAI's 800 million weekly active users. In October, OpenAI's head of ChatGPT Nick Turley sent an internal memo declaring the company was facing "the greatest competitive pressure we've ever seen," setting a goal to increase daily active users by 5 percent before 2026. GPT-5.2 is rolling out to paid ChatGPT users starting Thursday, and GPT-5.1 will remain available under "legacy models" for three months before being sunset. Read more of this story at Slashdot. |
College Campuses Have Become a Front Line in America's Sports-Betting Boom | | Since the Supreme Court struck down the federal prohibition on sports betting in 2018, 39 states have legalized the activity, and college campuses have emerged as ground zero for what appears to be a generational gambling problem among young men. A 2023 NCAA survey found that 60% of college students have gambled on sports, and 16% of 18-to-22-year-olds engage in what the organization classifies as problematic gambling. A Siena University poll from January found that 28% of men aged 18-to-34 who use sports-betting apps have had trouble meeting a financial obligation because of a lost bet.
Timothy Fong, a psychiatry professor at UCLA, says every one of his recent clients has been an 18-to-24-year-old man seeking help for a sports-betting or cryptocurrency addiction. John Simonian, a personal-bankruptcy lawyer in Rhode Island, says he never used to see young men filing for bankruptcy -- now it's common. On November 7th, the NCAA announced it had uncovered three separate betting scandals in men's basketball where athletes intentionally played poorly in games on which they or a friend had placed wagers. Read more of this story at Slashdot. |
The Game Awards Are Losing Their Luster | | The Game Awards, which broadcasts tonight on Twitch, YouTube, and Prime Video, has become the biggest night on the video game calendar since launching in 2014, but the show's treatment of developers has drawn increasing criticism. At the 2023 ceremony, acceptance speeches were often cut off after roughly 30 seconds while Hideo Kojima received five minutes to discuss his upcoming game OD -- enough time for 13 acceptance speeches, Aftermath calculated. That year's show also ignored the industry's mass layoffs entirely; host Geoff Keighley acknowledged the labor crisis only at the 2024 ceremony.
The show's Future Class program, launched in 2020 to celebrate game makers representing an inclusive future for the industry, has quietly ended. No new class has been named for two years. "At this time, we are not planning a new Future Class for this year," organizer Emily Weir told Game Developer. Read more of this story at Slashdot. |
Why Switzerland Is Weighing a 10 Million Population Limit | | An anonymous reader shares a report: Growing support for far-right parties is pressuring European governments to introduce stricter controls on immigration. Switzerland is set to vote on a proposal that would take the idea to the next level -- imposing a cap on its population [non-paywalled link]. The initiative could lead eventually to a blanket ban on new arrivals if the number of residents rises from around 9 million currently to above 10 million, with little distinction made between refugees, skilled workers and top managers on six-figure salaries.
Citizens will likely vote on the proposal next year under the country's unique system of plebiscites on constitutional amendments and policy, and polls suggest there's a chance they'll approve it. The risk is it could lead to shortages of critical skills that end up harming Switzerland's competitiveness. The outcome will show how far citizens are willing to go to preserve some of the traits that made their country such an appealing destination. [...] The right-wing Swiss People's Party, or SVP, won 28% of the vote in the last election with a campaign that presented Swiss citizenship as a privilege, not a right. It came up with the idea of a population limit in 2023, presenting it as a way to preserve the Swiss lifestyle and protect its environment from excessive human activity. Read more of this story at Slashdot. |
AI Hackers Are Coming Dangerously Close to Beating Humans | | Stanford researchers spent much of the past year building an AI bot called Artemis that scans networks for software vulnerabilities, and when they pitted it against ten professional penetration testers on the university's own engineering network, the bot outperformed nine of them. The experiment offers a window into how rapidly AI hacking tools have improved after years of underwhelming performance.
"We thought it would probably be below average," said Justin Lin, a Stanford cybersecurity researcher. Artemis found bugs at a fraction of human cost -- just under $60 per hour compared to the $2,000 to $2,500 per day that professional pen testers typically charge. But its performance wasn't flawless. About 18% of its bug reports were false positives, and it completely missed an obvious vulnerability on a webpage that most human testers caught. In one case, Artemis found a bug on an outdated page that didn't render in standard browsers; it used a command-line tool called Curl instead of Chrome or Firefox.
Dan Boneh, a Stanford computer science professor who advised the researchers, noted that vast amounts of software shipped without being vetted by LLMs could now be at risk. "We're in this moment of time where many actors can increase their productivity to find bugs at an extreme scale," said Jacob Klein, head of threat intelligence at Anthropic. Read more of this story at Slashdot. |
|
|
