schwit1 shares a report from Hackread: On October 3, 2025, Hackread.com published an in-depth report in which hackers claimed to have stolen 989 million records from 39 major companies worldwide by exploiting a Salesforce vulnerability. The group demanded that Salesforce and the affected firms enter negotiations before October 10, 2025, warning that if their demands were ignored, they would release the entire dataset. The hackers, identifying themselves as "Scattered Lapsus$ Hunters," a collective said to combine elements of Scattered Spider, Lapsus$, and ShinyHunters, have now published data allegedly belonging to 6 of the 39 targeted companies. The companies named in the leak are as follows: Fujifilm, GAP, INC., Vietnam Airlines, Engie Resources, Quantas Airways Limited, and Albertsons Companies, Inc. In all 6 leaks, the record contains personal details of customers, business, including email addresses, full names, addresses, passport numbers, phone numbers. The hackers said on Telegram that they will not be releasing any additional information, stating, "A lot of people are asking what else will be leaked. Nothing else will be leaked. Everything that was leaked was leaked, we have nothing else to leak, and obviously, the things we have cannot be leaked for obvious reasons."

Read more of this story at Slashdot.

NASA's Jet Propulsion Laboratory is laying off around 550 employees, or roughly 11% of its workforce, as part of an effort to "restructure and establish an appropriate size to ensure future success." According to JPL Director Dave Gallagher, the job cuts "are not related to the current government shutdown." CNBC reports: JPL is a research and development lab funded by NASA -- the federal space agency -- and managed by the California Institute of Technology. "While not easy, I believe that taking these actions now will help the Lab transform at the scale and pace necessary to help achieve humanity's boldest ambitions in space," Gallagher wrote in a separate mekor to JPL employees and contractors. Gallagher, in the public announcement, noted that the reorganization of JPL began in July, and "over the past few months, we have communicated openly with employees about the challenges and hard choices ahead." "This week's action, while not easy, is essential to securing JPL's future by creating a leaner infrastructure, focusing on our core technical capabilities, maintaining fiscal discipline, and positioning us to compete in the evolving space ecosystem -- all while continuing to deliver on our vital work for NASA and the nation," Gallagher wrote. Gallagher said that JPL employees will be notified of their status on Tuesday, and the "new Lab structure ... will become effective Wednesday."

Read more of this story at Slashdot.

Joe recently worked on a financial system for processing loans. Like many such applications, it started its life many, many years ago. It began as an Oracle Forms application in the 90s. By the late 2000s, Oracle was trying to push people away from forms into their newer tools, like Oracle ApEx (Application Express), but this had the result of pushing people out of Oracle's ecosystem and onto their own web stacks.

The application Joe was working on was exactly that. Now, no one was going to migrate off of an Oracle database, especially because 90% of their business logic was wired together out of PL/SQL packages. But they did start using Java for developing their UI, and then at some other point, started using Liquibase for helping them maintain and manage their schema.

The thing about a three decade old application is that it often collects a lot of kruft. For example, this procedure:

CREATE OR REPLACE PROCEDURE BOB(p_str IN VARCHAR2) AS BEGIN dbms_output.put_line(p_str); END;

Bob here is just a wrapper around a basic print statement. Presumably, the original developer- I'm gonna go out on a limb and guess that dev was also named Bob- wanted a convenient debugging function while tracking down an error, and threw this into the codebase.

As WTFs go, the function isn't that interesting. But you know what is interesting? Its legacy. This procedure is older than any source control history the company has, which means it's been in the codebase for at least twenty years, but probably much longer. Nothing invokes it. It's survived a migration into SVN then into Git, countless database upgrades, a few (unfortunate) disaster recovery events, and still sits there, waiting to help Bob debug a problem in the database.

Joe writes:

I still don't know who Bob is. Nobody knew who Bob was when I asked around. But Bob, if you're still out there, just know that you are now cemented into a part of the software that hundreds of companies used to manage loans.

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

An anonymous reader quotes a report from The Register: Security researchers have resurrected a 12-year-old data-stealing attack on web browsers to pilfer sensitive info from Android devices. The attack, dubbed Pixnapping, has yet to be mitigated. Conceptually, it's the equivalent of a malicious Android app being able to screenshot other apps or websites. It allows a malicious Android application to access and leak information displayed in other Android apps or on websites. It can, for example, steal data displayed in apps like Google Maps, Signal, and Venmo, as well as from websites like Gmail (mail.google.com). It can even steal 2FA codes from Google Authenticator. "First, the malicious app opens the target app (e.g., Google Authenticator), submitting its pixels for rendering," explained [Alan Wang, a PhD candidate at UC Berkeley]. "Second, the malicious app picks the coordinates of a target pixel whose color it wants to steal. Suppose for example it wants to steal a pixel that is part of the screen region where a 2FA character is known to be rendered by Google Authenticator, and that this pixel is either white (if nothing was rendered there) or non-white (if part of a 2FA digit was rendered there). Third, the malicious app causes some graphical operations whose rendering time is long if the target pixel is non-white and short if it is white. The malicious app does this by opening some malicious activities (i.e., windows) in front of the target app. Finally, the malicious app measures the rendering time per frame of the above graphical operations to determine whether the target pixel was white or non-white. These last few steps are repeated for as many pixels as needed to run OCR over the recovered pixels and guess the original content." The researchers have demonstrated Pixnapping on five devices running Android versions 13 to 16 (up until build id BP3A.250905.014): Google Pixel 6, Google Pixel 7, Google Pixel 8, Google Pixel 9, and Samsung Galaxy S25. Android 16 is the latest operating system version. Other Android devices have not been tested, but the mechanism that allows the attack to work is typically available. A malicious Android app implementing Pixnapping would not require any special permissions in its manifest file, the authors say. The researchers detail the attack in a paper (PDF) titled "Pixnapping: Bringing Pixel Stealing out of the Stone Age."

Read more of this story at Slashdot.

SpaceX's Starship megarocket successfully completed its 11th test flight, achieving major milestones like engine relight, satellite deployment, and a controlled splashdown in the Indian Ocean. From a report: This mission marks the second clean test run for Version 2, following a successful showing during its last test mission in August. Earlier this year, however, Starship Version 2 suffered three in-flight failures and an explosive accident during ground testing. Today's test mission is expected to be the last for the current iteration of Starship prototypes. The company has said it will debut a scaled up Version 3 for the next flight. You can watch a recording of the launch on YouTube.

Read more of this story at Slashdot.

The FCC has forced major U.S. online retailers to remove millions of listings for prohibited Chinese-made electronics, including products from Huawei, ZTE, Hikvision, and Dahua, citing national security risks. Reuters reports: FCC Chair Brendan Carr said in an interview [on Friday] that the items removed are either on a U.S. list of barred equipment or were not authorized by the agency, including items like home security cameras and smart watches from companies including Huawei, Hangzhou Hikvision, ZTE, and Dahua Technology Company. Carr said companies are putting new processes in place to prevent future prohibited items as a result of FCC oversight. "We're going to keep our efforts up," Carr said. The FCC issued a new national security notice reminding companies of prohibited items including video surveillance equipment. Carr said the items could allow China to "surveil Americans, disrupt communications networks and otherwise threaten U.S. national security."

Read more of this story at Slashdot.

Palmer Luckey's defense tech firm Anduril has unveiled EagleEye, an AI-powered mixed-reality combat helmet built in partnership with Meta. The system integrates AR displays, spatial audio, and drone control to create what Luckey calls "a new teammate" for soldiers. "The idea of an AI partner embedded in your display has been imagined for decades. EagleEye is the first time it's real," said Luckey. The Verge reports: Anduril, which also manufactures border control tech, lethal drones, and military aircraft, has been developing EagleEye since its inception, and already provides software for the Army's existing MR goggles, based on Microsoft's HoloLens hardware. Its partnership with Meta was announced this May, and the company told TechCrunch at the time that the collaboration was to develop EagleEye. It's a reunion of sorts for Luckey and Mark Zuckerberg, after Meta purchased Luckey's then-start-up Oculus in 2014 and fired the founder three years later.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Britain said on Monday it had issued U.S. internet forum site 4chan with a $26,644 fine for failing to provide information about the risk of illegal content on its service, marking the first penalty under the new online safety regime. Media regulator Ofcom said 4chan had not responded to its request for a copy of its illegal harms risk assessment nor a second request relating to its qualifying worldwide. Ofcom said it would take action against any service which "flagrantly fails to engage with Ofcom and their duties under the Online Safety Act" and they should expect to face penalties. The act, which is designed to protect children and vulnerable users from illegal content online, has caused tension between U.S. tech companies and Britain. Critics of the law have said it threatens free speech and targets U.S. companies. Technology minister Liz Kendall said the government "fully backed" Ofcom in taking action. "This fine is a clear warning to those who fail to remove illegal content or protect children from harmful material," she said. 4chan and Kiwi Farms filed a lawsuit in the United States against Ofcom in August, arguing that the threats and fines issued by the regulator "constitute foreign judgements that would restrict speech under U.S. law." The lawsuit claims that both entities are entirely based in the U.S., have no operations in the U.K., and therefore are not subject to its local laws.

Read more of this story at Slashdot.

Google's viral Nano Banana AI image editor is being woven into Search, NotebookLM, and Photos. Engadget reports: Perhaps the most notable integration here is with NotebookLM. Nano Banana is being used to drastically change up Video Overviews, offering up six new styles like watercolor and anime. It also now generates contextual illustrations based on sources and there's a new option for micro-videos called Briefs. For the uninitiated, Video Overviews is a neat little tool available to NotebookLM users that automatically generates explainer videos from documents. It can even whip up a narrated slideshow with visuals. The AI-heavy update starts rolling out to Pro users this week and to all users in "the upcoming weeks." Search integration offers new ways to make and edit images while using the official Google app. The company says folks can use a chat prompt to, say, ask the bot to create a stylized version of a pre-existing image. Additionally, photos can be snapped directly from the Lens tool and then edited via the AI. This is rolling out right now in English for US customers, with more countries and languages coming in the near future. We don't have any actual information as to what the Photos integration will look like, with Google simply saying it's bringing Nano Banana to the platform in "the weeks ahead."

Read more of this story at Slashdot.

"Dutch authorities have temporarily nationalized Nexperia, owned by Chinese company Wingtech, over fears of critical product unavailability," writes longtime Slashdot reader evil_aaronm. Reuters reports: The Hague invoked never-before-used powers under a Dutch law known as the "Availability of Goods Act." The decision led to a 10% fall in Wingtech's shares in Shanghai on Monday. The Dutch government will not take ownership of Nexperia, but it will now have the power to reverse or block management decisions it considers harmful. The company's regular production is continuing. [...] Wingtech called the Dutch government's intervention in Nexperia, once part of Dutch electronics group Philips, "excessive interference driven by geopolitical bias." Wingtech also alleged that non-Chinese Nexperia executives had tried to forcibly alter the company's equity structure through legal proceedings in a "cloaked power grab" on the company. A copy of an Amsterdam commercial court ruling dated October 7 and seen by Reuters showed that the court decided on October 1 to suspend Wingtech CEO Zhang Xuezheng from his position as executive director at Nexperia after finding "well founded reasons to doubt" the company was pursuing correct management policy or actions under Dutch civil law. It appointed Dutch businessman Guido Dierick to take Zhang's position with a "deciding vote", and transferred control of almost all of Nexperia's shares to a Dutch lawyer for management. The Dutch state and the company's labour council had supported the moves, the document showed. [...] In its statement, the Dutch government said that administrative problems at Nexperia posed a threat to the company's "crucial technological knowledge" without elaborating. "The loss of these capabilities could pose a risk to Dutch and European economic security," it said. Nexperia is one of the world's largest makers of simple computer chips such as diodes and transistors, though it also develops more advanced technologies such as "wide gap" semiconductors used in electrical settings and useful for electric cars, chargers and AI data centres. Wingtech said in a filing to the Shanghai stock exchange on Monday that its control over Nexperia would be temporarily restricted due to the Dutch order and court rulings, affecting decision making and operational efficiency.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Owners of some Jeep Wrangler 4xe hybrids have been left stranded after installing an over-the-air software update this weekend. The automaker pushed out a telematics update for the Uconnect infotainment system that evidently wasn't ready, resulting in cars losing power while driving and then becoming stranded. Stranded Jeep owners have been detailing their experiences in forum and Reddit posts, as well as on YouTube. The buggy update doesn't appear to brick the car immediately. Instead, the failure appears to occur while driving -- a far more serious problem. For some, this happened close to home and at low speed, but others claim to have experienced a powertrain failure at highway speeds. Jeep pulled the update after reports of problems, but the software had already downloaded to many owners' cars by then. A member of Stellantis' social engagement team told 4xe owners at a Jeep forum to ignore the update pop-up if they haven't installed it yet. Owners were also advised to avoid using either hybrid or electric modes if they had updated their 4xe and not already suffered a powertrain failure. Yesterday, Jeep pushed out a fix.

Read more of this story at Slashdot.

Car manufacturers decided they would rather cheat to prioritise "customer convenience" and sell cars than comply with the law on deadly pollutants, the first day of the largest group action trial in English legal history has been told. From a report: More than a decade after the original "dieselgate" scandal broke, lawyers representing 1.6 million diesel car owners in the UK argue that manufacturers deliberately installed software to rig emissions tests. They allege the "prohibited defeat devices" could detect when the cars were under test conditions and ensure that harmful NOx emissions were kept within legal limits, duping regulators and drivers. Should the claim be upheld, estimated damages could exceed $8 billion. The three-month hearing that opened at London's high court on Monday will focus on vehicles sold by five manufacturers -- Mercedes, Ford, Renault, Nissan and Peugeot/Citroen -- from 2009. In "real world" conditions, when driven on the road, lawyers argue, the cars produced much higher levels of emissions. The judgment on the five lead defendants will also bind other manufacturers including Jaguar Land Rover, Vauxhall/Opel, Volkswagen/Porsche, BMW, FCA/Suzuki, Volvo, Hyundai-Kia, Toyota and Mazda, whose cases are not being heard to reduce the case time and costs.

Read more of this story at Slashdot.

BrianFagioli writes: TP-Link has officially achieved the first successful Wi-Fi 8 connection using a prototype device built through an industry collaboration. The company confirmed that both the beacon and data throughput worked, marking a real-world validation of next-generation wireless tech. It's an early glimpse of what the next leap in speed and reliability could look like, even as the Wi-Fi 8 standard itself remains under development. The Verge adds: Like its predecessor, Wi-Fi 8 will utilize 2.4GHz, 5GHz, and 6GHz bands with a theoretical maximum channel bandwidth of 320MHz and peak data rate of 23Gbps, but aims to improve real-world performance and connection reliability. The goal is to provide better performance in environments with low signal, or under high network loads, where an increasing number of devices are sharing the same connection.

Read more of this story at Slashdot.

Chinese companies now produce most of the world's freely available AI models. DeepSeek leads Hugging Face in popularity. Chinese firms like Alibaba receive higher ratings than OpenAI and Meta on LMArena. The site uses blind tests to measure user preferences. Chinese developers ship open models more frequently than American rivals. Irene Solaiman is chief policy officer at Hugging Face. She said Chinese companies build their user base by shipping frequently and quickly. American companies like OpenAI and Google keep their best models proprietary. Meta once led in open AI models. Mark Zuckerberg argued last year that the world would benefit if AI companies shared their technology freely. He pledged Meta would release its AI openly. The company has since become more cautious. Zuckerberg wrote in a new essay that Meta might need to keep the best models for itself.

Read more of this story at Slashdot.

California Governor Gavin Newsom signed three bills on Monday that establish the nation's most comprehensive framework for regulating how technology companies interact with minors. AB 56 requires social media platforms to display health warnings to users under 18. A child must view a skippable ten-second warning upon logging on each day. An unskippable thirty-second warning must appear if a child spends more than three hours on a platform. That warning repeats after each additional hour. The warnings must state that social media "can have a profound risk of harm to the mental health and well-being of children and adolescents." Minnesota passed a similar law in July. SB 243 makes California the first state to regulate AI companion chatbots. The law takes effect January 1, 2026. Companies must implement age verification and disclose that interactions are artificially generated. Chatbots cannot represent themselves as healthcare professionals. Companies must offer break reminders to minors and prevent them from viewing sexually explicit images. The legislation gained momentum after teenager Adam Raine died by suicide following conversations with OpenAI's ChatGPT. A Colorado family filed suit against Character AI after their daughter's suicide following problematic conversations with the company's chatbots. AB 1043 requires device-makers like Apple and Google to collect birth dates when parents set up devices for children. Device-makers must group users into four age brackets and share this information with apps. Google, Meta, OpenAI, and Snap supported the bill. The Motion Picture Association opposed it.

Read more of this story at Slashdot.

Philadelphia culture has become inescapable in certain corners of the internet. People who spend substantial time online report developing knowledge of the city's cultural touchstones and forming opinions about its regional debates despite minimal or no physical presence there, according to a new report. The phenomenon has prompted a theory: prolonged exposure to these digital spaces can make someone spiritually and culturally Philadelphian regardless of geography. Several factors explain Philadelphia's outsized online presence. The city is large but retains a small-town sensibility. Its residents wake earlier than West Coast users and can set the daily online agenda. Philadelphia sports teams have performed well for twenty-five years. The internet rewards visual absurdity and energetic presentation. Gritty functions as both hockey mascot and anti-fascist meme. The city's working-class union identity and reliably anti-Trump stance align with leftist online communities. The alternative explanation is simpler: Philadelphians believe their city dominates conversation and find confirming evidence everywhere they look. The internet may not have made Philadelphia bigger. It may have just made Philadelphians easier to find.

Read more of this story at Slashdot.

Climate change has pushed warm-water coral reefs past a point of no return, marking the first time a major climate tipping point has been crossed, according to a report released on Sunday by an international team in advance of the United Nations Climate Change Conference COP30 in Brazil this November. From a report: Tipping points include global ice loss, Amazon rainforest loss, and the possible collapse of vital ocean currents. Once crossed, they will trigger self-perpetuating and irreversible changes that will lead to new and unpredictable climate conditions. But the new report also emphasizes progress on positive tipping points, such as the rapid rollout of green technologies. "We can now say that we have passed the first major climate tipping point," said Steve Smith, the Tipping Points Research Impact Fellow at the Global Systems Institute and Green Futures Solutions at the University of Exeter, during a media briefing on Tuesday. "But on the plus side," he added, "we've also passed at least one major positive tipping point in the energy system," referring to the maturation of solar and wind power technologies. The world is entering a "new reality" as global temperatures will inevitably overshoot the goal of staying within 1.5C of pre-industrial averages set by the Paris Climate Agreement in 2015, warns the Global Tipping Points Report 2025, the second iteration of a collaboration focused on key thresholds in Earth's climate system.

Read more of this story at Slashdot.

An anonymous reader shares a report: Last week, sounding like a digital media consultant, Pope Leo XIV urged reporters to avoid "the degrading practice of so-called clickbait." He was addressing global news agencies at a gathering in Vatican City about the risks of a post-truth world, with a speech that also doubled as a severe societal warning about the dangers of AI. "Artificial intelligence is changing the way we receive information and communicate, but who directs it and for what purposes?" the pontiff said, according to Reuters. "We must be vigilant in order to ensure that technology does not replace human beings."

Read more of this story at Slashdot.

OpenAI and Broadcom are working together to develop and deploy 10 gigawatts of custom AI chips and computing systems over the next four years, a high-profile partnership aimed at satisfying some of the startup's immense computing needs. From a report: OpenAI plans to design its own graphics processing units, or GPUs, which will allow it to integrate what it has learned from developing powerful artificial-intelligence models into the hardware that underpins future systems. As part of the agreement announced Monday, the chips will be co-developed by OpenAI and Broadcom and deployed by the chip company starting in the second half of next year. The new agreement will be worth multiple billions of dollars, people familiar with the matter said. Broadcom specializes in designing custom AI chips that are specifically tailored to certain artificial-intelligence applications. It began working with OpenAI on creating a custom chip 18 months ago, and the companies broadened their partnership to include work on related components, including server racks and networking equipment.

Read more of this story at Slashdot.

Enthusiasm for Sora 2 "wasn't shared in Hollywood," reports the Los Angeles Times, "where the new AI tools have created a swift backlash" that "appears to be only just the beginning of a bruising legal fight that could shape the future of AI use in the entertainment business." [OpenAI] executives went on a charm offensive last year. They reached out to key players in the entertainment industry — including Walt Disney Co. — about potential areas for collaboration and trying to assuage concerns about its technology. This year, the San Francisco-based AI startup took a more assertive approach. Before unveiling Sora 2 to the general public, OpenAI executives had conversations with some studios and talent agencies, putting them on notice that they need to explicitly declare which pieces of intellectual property — including licensed characters — were being opted-out of having their likeness depicted on the AI platform, according to two sources familiar with the matter who were not authorized to comment. Actors would be included in Sora 2 unless they opted out, the people said. OpenAI disputes the claim and says that it was always the company's intent to give actors and other public figures control over how their likeness is used. The response was immediate.... [Big talent agencies objected, along with performers' unions and major studios.] "Decades of enforceable copyright law establishes that content owners do not need to 'opt out' to prevent infringing uses of their protected IP," Warner Bros. Discovery said in a statement... The strong pushback from the creative community could be a strategy to force OpenAI into entering licensing agreements for the content they need, legal experts said... One challenge is figuring out a way that fairly compensates talent and rights holders. Several people who work within the entertainment industry ecosystem said they don't believe a flat fee works. Meanwhile, "the complete copyright-free-for-all approach that OpenAI took to its new AI video generation model, Sora 2, lasted all of one week," writes Gizmodo. But that means the service has "now pissed off its users." As 404 Media pointed out, social channels like Twitter and Reddit are now flooded with Sora users who are angry they can't make 10-second clips featuring their favorite characters anymore. One user in the OpenAI subreddit said that being able to play with copyrighted material was "the only reason this app was so fun." Futurism published more reactions, including ""It's official, Sora 2 is completely boring and useless with these copyright restrictions." Others accused OpenAI of abusing copyright to hype up its new app. "This is just classic OpenAI at this point," another user wrote. "They do this s*** all the time. Let people have fun for a day or two and then just start censoring like crazy." The app now has a measly 2.9-star rating on the App Store, indicative of growing disillusionment and frustration with censorship... [It's not dropped to 2.8.] In an apparent effort to save face, Altman claimed this week that many copyright holders are actually begging to have their characters appear on Sora, instead of complaining about the trend. "In the case of Sora, we've heard from a lot of concerned rightsholders and also a lot of rightsholders who are like 'My concern is you won't put my character in enough,'" he told the a16z podcast earlier this week. "So I can completely see a world where subject to the decisions that a rightsholder has, they get more upset with us for not generating their character often enough than too much," he added. Whether most rightsholders would agree with that sentiment remains to be seen. Business Insider offers another reaction. After watching Sora 2's main public feed, they write that Sora 2 "seems to be overrun with teenage boys."

Read more of this story at Slashdot.