An anonymous reader quotes a report from The Guardian: People born more recently are less likely to have dementia at any given age than earlier generations, research suggests, with the trend more pronounced in women. According to the World Health Organization, in 2021 there were 57 million people worldwide living with dementia, with women disproportionately affected. However, while the risk of dementia increases with age, experts have long stressed it is not not an inevitability of getting older. "Younger generations are less likely to develop dementia at the same age as their parents or grandparents, and that's a hopeful sign," said Dr Sabrina Lenzen, a co-author of the study from the University of Queensland's Centre for the Business and Economics of Health. But she added: "The overall burden of dementia will still grow as populations age, and significant inequalities remain -- especially by gender, education and geography." Writing in the journal Jama Network Open, researchers in Australia report how they analyzed data from 62,437 people aged 70 and over, collected from three long-running surveys covering the US, England and parts of Europe. The team used an algorithm that took into account participants' responses to a host of different metrics, from the difficulties they had with everyday activities to their scores on cognitive tests, to determine whether they were likely to have dementia. They then split the participants into eight different cohorts, representing different generations. Participants were also split into six age groups. As expected, the researchers found the prevalence of dementia increased by age among all birth cohorts, and in each of the three regions: UK, US and Europe. However, at a given age, people in more recent generations were less likely to have dementia compared with those in earlier generations. "For example, in the US, among people aged 81 to 85, 25.1% of those born between 1890-1913 had dementia, compared to 15.5% of those born between 1939-1943," said Lenzen, adding similar trends were seen in Europe and England, although less pronounced in the latter. The team said the trend was more pronounced in women, especially in Europe and England, noting that one reason may be increased access to education for women in the mid-20th century. However, taking into account changes in GDP, a metric that reflects broader economic shifts, did not substantially alter the findings. A number of factors could be contributing to the decline. "This is likely due to interventions such as compulsory education, smoking bans, and improvements in medical treatments for conditions such as heart disease, diabetes, and hearing loss, which are associated with dementia risk," said Prof Tara Spires-Jones, the director of the Centre for Discovery Brain Sciences at the University of Edinburgh.

Read more of this story at Slashdot.

Coinbase reportedly knew as early as January about a customer data breach linked to its outsourcing partner TaskUs, where an employee in India was caught leaking customer information in exchange for bribes. "At least one part of the breach [...] occurred when an India-based employee of the U.S. outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone," reports Reuters, citing five former TaskUs employees. Though Coinbase disclosed the incident in May after receiving an extortion demand, the newly revealed timeline raises questions about how long the company was aware of the breach, which could cost up to $400 million. Reuters reports: Coinbase said in the May SEC filing that it knew contractors accessed employee data "without business need" in "previous months." Only when it received an extortion demand on May 11 did it realize that the access was part of a wider campaign, the company said. In a statement to Reuters on Wednesday, Coinbase said the incident was recently discovered and that it had "cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls." Coinbase did not disclose who the other foreign agents were. TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify. "We immediately reported this activity to the client," the statement said. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client." The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January.

Read more of this story at Slashdot.

An anonymous reader shares a report: Microsoft's changes in response to the Digital Markets Act already included allowing Windows machines in the regions it covers to uninstall Edge and remove Bing results from Windows search, but now the list is growing in some meaningful ways. New features announced Monday for Microsoft Windows users in the European Economic Area (the EU plus Iceland, Liechtenstein, and Norway) include the option to uninstall the Microsoft Store and avoid extra nags or prompts asking them to set Microsoft Edge as the default browser unless they choose to open it. Additionally, setting a different browser, like Chrome, Firefox, Brave, or something else, will pin it to the taskbar unless the user chooses not to. While setting a different browser default already attaches it to a few link and file types like https and .html, now users in the EEA will see it apply to more types like "read," ftp, and .svg. The default browser changes are live for some users in the beta channel and are set to roll out widely on Windows 10 and Windows 11 in July.

Read more of this story at Slashdot.

Texas is poised to become the first state with a Republican-controlled government to pass a right to repair law, as its Senate unanimously approved HB 2963. The bill requires manufacturers to provide parts, manuals, and tools for equipment sold or used in the state. The Verge reports: A press release from the United States Public Interest Research Group (PIRG), which has pushed for repairability laws nationwide, noted that this would make Texas the ninth state with a right to repair rule, and the seventh with a version that includes consumer electronics. It follows New York, Colorado, Minnesota, California, Oregon, Maine, and most recently, Washington [...]. "More repair means less waste. Texas produces some 621,000 tons of electronic waste per year, which creates an expensive and toxic mess. Now, thanks to this bipartisan win, Texans can fix that," said Environment Texas executive director Luke Metzger.

Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: The moderators of a pro-artificial intelligence Reddit community announced that they have been quietly banning "a bunch of schizoposters" who believe "they've made some sort of incredible discovery or created a god or become a god," highlighting a new type of chatbot-fueled delusion that started getting attention in early May. "LLMs [Large language models] today are ego-reinforcing glazing-machines that reinforce unstable and narcissistic personalities," one of the moderators of r/accelerate, wrote in an announcement. "There is a lot more crazy people than people realise. And AI is rizzing them up in a very unhealthy way at the moment." The moderator said that it has banned "over 100" people for this reason already, and that they've seen an "uptick" in this type of user this month. The moderator explains that r/accelerate "was formed to basically be r/singularity without the decels." r/singularity, which is named after the theoretical point in time when AI surpasses human intelligence and rapidly accelerates its own development, is another Reddit community dedicated to artificial intelligence, but that is sometimes critical or fearful of what the singularity will mean for humanity. "Decels" is short for the pejorative "decelerationists," who pro-AI people think are needlessly slowing down or sabotaging AI's development and the inevitable march towards AI utopia. r/accelerate's Reddit page claims that it's a "pro-singularity, pro-AI alternative to r/singularity, r/technology, r/futurology and r/artificial, which have become increasingly populated with technology decelerationists, luddites, and Artificial Intelligence opponents." The behavior that the r/accelerate moderator is describing got a lot of attention earlier in May because of a post on the r/ChatGPT Reddit community about "Chatgpt induced psychosis." From someone saying their partner is convinced he created the "first truly recursive AI" with ChatGPT that is giving them "the answers" to the universe. [...] The moderator update on r/accelerate refers to another post on r/ChatGPT which claims "1000s of people [are] engaging in behavior that causes AI to have spiritual delusions." The author of that post said they noticed a spike in websites, blogs, Githubs, and "scientific papers" that "are very obvious psychobabble," and all claim AI is sentient and communicates with them on a deep and spiritual level that's about to change the world as we know it. "Ironically, the OP post appears to be falling for the same issue as well," the r/accelerate moderator wrote. "Particularly concerning to me are the comments in that thread where the AIs seem to fall into a pattern of encouraging users to separate from family members who challenge their ideas, and other manipulative instructions that seem to be cult-like and unhelpful for these people," an r/accelerate moderator told 404 Media. "The part that is unsafe and unacceptable is how easily and quickly LLMs will start directly telling users that they are demigods, or that they have awakened a demigod AGI. Ultimately, there's no knowing how many people are affected by this. Based on the numbers we're seeing on reddit, I would guess there are at least tens of thousands of users who are at this present time being convinced of these things by LLMs. As soon as the companies realise this, red team it and patch the LLMs it should stop being a problem. But it's clear that they're not aware of the issue enough right now." Moderators of the subreddit often cite the term "Neural Howlround" to describe a failure mode in LLMs during inference, where recursive feedback loops can cause fixation or freezing. The term was first coined by independent researcher Seth Drake in a self-published, non-peer-reviewed paper. Both Drake and the r/accelerate moderator above suggest the deeper issue may lie with users projecting intense personal meaning onto LLM responses, sometimes driven by mental health struggles.

Read more of this story at Slashdot.

Laurene Powell Jobs has publicly endorsed the secretive AI hardware device being developed by Jony Ive and OpenAI, expressing admiration for his design process and investing in his ventures. Ive says the project is an attempt to address the unintended harms of past tech like the iPhone, and Powell Jobs stands to benefit financially if the device succeeds. The Verge reports: In a new interview published by The Financial Times, the two reminisce about Jony Ive's time working at Apple alongside Powell Jobs' late husband, Steve, and trying to make up for the "unintentional" harms associated with those efforts. [...] Powell Jobs, who has remained close friends with Ive since Steve Jobs passed in 2011, echoes his concerns, saying that "there are dark uses for certain types of technology," even if it "wasn't designed to have that result." Powell Jobs has invested in both Ive's LoveFrom design and io hardware startups following his departure from Apple. Ive notes that "there wouldn't be LoveFrom" if not for her involvement. Ive's io company is being purchased by OpenAI for almost $6.5 billion, and with her investment, Powell Jobs stands to gain if the secretive gadget proves anywhere near as successful as the iPhone. The pair gives away no extra details about the device that Ive is building with OpenAI, but Powell Jobs is expecting big things. She says she has watched "in real time how ideas go from a thought to some words, to some drawings, to some stories, and then to prototypes, and then a different type of prototype," Powell Jobs said. "And then something that you think: I can't imagine that getting any better. Then seeing the next version, which is even better. Just watching something brand new be manifested, it's a wondrous thing to behold."

Read more of this story at Slashdot.

Linux user share on Steam rose to 2.69% in May 2025 -- the highest level recorded since at least 2018. GamingOnLinux reports: Overall user share for May 2025: - Windows 95.45% -0.65% - Linux 2.69% +0.42% - macOS 1.85% +0.23% Even with SteamOS 3 now being a little more widely available, the rise was not from SteamOS directly. Filtering to just the Linux numbers gives us these most popular distributions: - SteamOS Holo 64 bit 30.95% -2.83% - Arch Linux 64 bit 10.09% +0.64% - Linux Mint 22.1 64 bit 7.76% +1.56% - Freedesktop SDK 24.08 (Flatpak runtime) 64 bit 7.42% +1.01% - Ubuntu Core 22 64 bit 4.63% +0.01% - Ubuntu 24.04.2 LTS 64 bit 4.30% -0.14% - CachyOS 64 bit 2.54% +2.54% - EndeavourOS Linux 64 bit 2.44% -0.02% - Manjaro Linux 64 bit 2.43% -0.18% - Pop!_OS 22.04 LTS 64 bit 2.17% -0.06% - Debian GNU/Linux 12 (bookworm) 64 bit 1.99% -0.28% - Other 23.27% -2.27%

Read more of this story at Slashdot.

Snowflake's growth among large enterprise customers faces a significant bottleneck tied to the sluggish replacement cycles of existing on-premises data warehouse systems, according to finance vice president Jimmy Sexton. Speaking at a Jefferies conference, Sexton explained that while the cloud data company secured two deals worth more than $100 million each in the financial services sector during its latest quarter, such migrations unfold over multiple years as "cumbersome projects."

Read more of this story at Slashdot.

An anonymous reader shares a report: Internet service provider Frontier Communications agreed to settle a lawsuit filed by major record labels that demanded mass disconnections of broadband users accused of piracy. Universal, Sony, and Warner sued Frontier in 2021. In a notice of settlement filed last week in US District Court for the Southern District of New York, the parties agreed to dismiss the case with prejudice, with each side to pay its own fees and costs. The record labels and Frontier simultaneously announced a settlement of similar claims in a Bankruptcy Court case in the same district. Frontier also settled with movie companies in April of this year, just before a trial was scheduled to begin. (Frontier exited bankruptcy in 2021.) [...] Regardless of what is in the agreement, the question of whether ISPs should have to crack down more harshly on users accused of piracy could be decided by the US Supreme Court.

Read more of this story at Slashdot.

Automated web-scraping bots seeking training data for AI models are flooding scientific databases and academic journals with traffic volumes that render many sites unusable. The online image repository DiscoverLife, which contains nearly 3 million species photographs, started receiving millions of daily hits in February this year that slowed the site to the point that it no longer loaded, Nature reported Monday. The surge has intensified since the release of DeepSeek, a Chinese large language model that demonstrated effective AI could be built with fewer computational resources than previously thought. This revelation triggered what industry observers describe as an "explosion of bots seeking to scrape the data needed to train this type of model." The Confederation of Open Access Repositories reported that more than 90% of 66 surveyed members experienced AI bot scraping, with roughly two-thirds suffering service disruptions. Medical journal publisher BMJ has seen bot traffic surpass legitimate user activity, overloading servers and interrupting customer services.

Read more of this story at Slashdot.

Microsoft will require all USB-C ports on Windows 11 certified laptops and tablets to support data transfer, charging, and display functionality under updated hardware compatibility program rules. The mandate targets devices shipping with Windows 11 24H2 and aims to eliminate what Microsoft -- and the industry -- calls "USB-C port confusion," where identical-looking ports offer different capabilities across PC manufacturers. The Windows Hardware Compatibility Program updates also require USB 40Gbps ports to maintain full compatibility with both USB4 and Thunderbolt 3 peripherals.

Read more of this story at Slashdot.

Apple has filed an appeal with the European Union's General Court in Luxembourg challenging the bloc's order requiring greater iOS interoperability with rival companies' products under the Digital Markets Act. The EU executive in March directed Apple to make its mobile operating system more compatible with competitors' apps, headphones, and virtual reality headsets by granting developers and device makers access to system components typically reserved for Apple's own products. Apple contends the requirements threaten its seamless user experience while creating security risks, noting that companies have already requested access to sensitive user data including notification content and complete WiFi network histories. The company faces potential fines of up to 10% of its worldwide annual revenue if found in violation of the DMA's interoperability rules designed to curb Big Tech market power.

Read more of this story at Slashdot.

An anonymous reader shares a report: Business Insider announced this week that it wants staff to better incorporate AI into its journalism. But less than a year ago, the company had to quietly apologize to some staff for accidentally recommending that they read books that did not appear to exist but instead may have been generated by AI. In an email to staff last May, a senior editor at Business Insider sent around a list of what she called "Beacon Books," a list of memoirs and other acclaimed business nonfiction books, with the idea of ensuring staff understood some of the fundamental figures and writing powering good business journalism. Many of the recommendations were well-known recent business, media, and tech nonfiction titles such as Too Big To Fail by Andrew Ross Sorkin, DisneyWar by James Stewart, and Super Pumped by Mike Isaac. But a few were unfamiliar to staff. Simply Target: A CEO's Lessons in a Turbulent Time and Transforming an Iconic Brand by former Target CEO Gregg Steinhafel was nowhere to be found. Neither was Jensen Huang: the Founder of Nvidia, which was supposedly published by the company Charles River Editors in 2019.

Read more of this story at Slashdot.

A new analysis argues that Stack Overflow's decline began years before AI tools delivered the "final blow" to the once-dominant programming forum. The site's monthly questions dropped from a peak of 200,000 to a steep collapse that began in earnest after ChatGPT's 2023 launch, but usage had been declining since 2014, according to data cited in the InfoWorld analysis. The platform's remarkable reputation system initially elevated it above competitors by allowing users to earn points and badges for helpful contributions, but that same system eventually became its downfall, the piece argues. As Stack Overflow evolved into a self-governing platform where high-reputation users gained moderation powers, the community transformed from a welcoming space for developer interaction into what the author compares to a "Stanford Prison Experiment" where moderators systematically culled interactions they deemed irrelevant.

Read more of this story at Slashdot.

A new business model has emerged across China's major cities, El Pais reports, where companies charge unemployed individuals to rent desk space and pretend to work, responding to social pressure around joblessness amid rising youth unemployment rates. These services charge between 30 and 50 yuan ($4-7) daily for desks, Wi-Fi, coffee, and lunch in spaces designed to mimic traditional work environments. Some operations assign fictitious tasks and organize supervisory rounds to enhance the illusion, while premium services allow clients to roleplay as managers or stage workplace conflicts for additional fees. The trend has gained significant traction on Xiaohongshu, China's equivalent to Instagram, where advertisements for "pretend-to-work companies" accumulate millions of views. Youth unemployment reached 16.5% among 16-to-24-year-olds in March 2025, according to National Bureau of Statistics data, while overall urban unemployment stood at 5.3% in the first quarter.

Read more of this story at Slashdot.

"If the adoption of AI feels different from any tech revolution you may have experienced before — mobile, social, cloud computing — it actually is," writes TechCrunch. They cite a new 340-page report from venture capitalist Mary Meeker that details how AI adoption has outpaced any other tech in human history — and uses the word "unprecedented" on 51 pages: ChatGPT reaching 800 million users in 17 months: unprecedented. The number of companies and the rate at which so many others are hitting high annual recurring revenue rates: also unprecedented. The speed at which costs of usage are dropping: unprecedented. While the costs of training a model (also unprecedented) is up to $1 billion, inference costs — for example, those paying to use the tech — has already dropped 99% over two years, when calculating cost per 1 million tokens, she writes, citing research from Stanford. The pace at which competitors are matching each other's features, at a fraction of the cost, including open source options, particularly Chinese models: unprecedented... Meanwhile, chips from Google, like its TPU (tensor processing unit), and Amazon's Trainium, are being developed at scale for their clouds — that's moving quickly, too. "These aren't side projects — they're foundational bets," she writes. "The one area where AI hasn't outpaced every other tech revolution is in financial returns..." the article points out. "[T]he jury is still out over which of the current crop of companies will become long-term, profitable, next-generation tech giants."

Read more of this story at Slashdot.

Adam Riess won a Nobel Prize in Physics for helping discover that the universe's acceleration is expanding, remembers The Atlantic. But then theorists "proposed the existence of dark energy: a faint, repulsive force that pervades all of empty space... the final piece to what has since come to be called the 'standard model of cosmology.'" Riess thinks instead we should just replace the standard model: When I visited Riess, back in January, he mentioned he was looking forward to a data release from the Dark Energy Spectroscopic Instrument, a new observatory on Kitt Peak, in Arizona's portion of the Sonoran Desert. DESI has 5,000 robotically controlled optic fibers. Every 20 minutes, each of them locks onto a different galaxy in the deep sky. This process is scheduled to continue for a total of five years, until millions of galaxies have been observed, enough to map cosmic expansion across time... DESI's first release, last year, gave some preliminary hints that dark energy was stronger in the early universe, and that its power then began to fade ever so slightly. On March 19, the team followed up with the larger set of data that Riess was awaiting. It was based on three years of observations, and the signal that it gave was stronger: Dark energy appeared to lose its kick several billion years ago. This finding is not settled science, not even close. But if it holds up, a "wholesale revision" of the standard model would be required [says Colin Hill, a cosmologist at Columbia University. "The textbooks that I use in my class would need to be rewritten." And not only the textbooks — the idea that our universe will end in heat death has escaped the dull, technical world of academic textbooks. It has become one of our dominant secular eschatologies, and perhaps the best-known end-times story for the cosmos. And yet it could be badly wrong. If dark energy weakens all the way to zero, the universe may, at some point, stop expanding. It could come to rest in some static configuration of galaxies. Life, especially intelligent life, could go on for a much longer time than previously expected. If dark energy continues to fade, as the DESI results suggest is happening, it may indeed go all the way to zero, and then turn negative. Instead of repelling galaxies, a negative dark energy would bring them together into a hot, dense singularity, much like the one that existed during the Big Bang. This could perhaps be part of some larger eternal cycle of creation and re-creation. Or maybe not. The point is that the deep future of the universe is wide open... "Many new observations will come, not just from DESI, but also from the new Vera Rubin Observatory in the Atacama Desert, and other new telescopes in space. On data-release days for years to come, the standard model's champions and detractors will be feverishly refreshing their inboxes..." And Riess tells The Atlantic he's disappointed when complacent theorists just tell him "Yeah, that's a really hard problem." He adds, "Sometimes, I feel like I am providing clues and killing time while we wait for the next Einstein to come along."

Read more of this story at Slashdot.

Frederico planned to celebrate the new year with friends at the exotic international tourist haven of Molvania. When visiting the area, one could buy and use a MolvaPass (The Most Passive Way About Town!) for free or discounted access to cultural sites, public transit, and more. MolvaPasses were available for 3, 7, or 365 days, and could be bought in advance and activated later.

Still outside the country the week before his trip, Frederico had the convenience of buying a pass either online or via an app. He elected to use the website, sitting down before his home PC and entering the address into his web browser. Despite his fiber internet connection, he sat on a white screen for several seconds while the GoMolva Tourist Board website loaded. He then clicked the obvious Buy Now button in the top-right corner. After several more seconds, he was presented with a page requiring him to create an account.

Frederico did so, specifying his email address and a 16-character password suggested by Bitwarden. He then received a confirmation link in his email inbox. Upon clicking that, he was presented with an interface where he could add MolvaPasses to a shopping cart. He selected one 3-day pass and paid with PayPal. The website redirected him to the proper screen; he entered his PayPal credentials and confirmed the payment.

From there, he was redirected to a completely white screen. After waiting several seconds, a minute ... nothing changed. PayPal sent him a receipt, but there was no confirmation from the GoMolva Tourist Board website.

Frederico decided to refresh the page. This time, he saw the default Apache screen on CentOS.

His jaw almost hit the floor. They were still using CentOS, despite the fact that it'd been abandoned? Horrified, he bailed on that tab, desperately opening a fresh one and manually entering the URL again.

Finally, the page loaded successfully. Frederico was still logged in. From there, he browsed to the My Passes section. His 3-day MolvaPass was there, listed as Not activated.

This was exactly what Frederico had hoped he would see. With a sigh of relief, he turned his attention away from his laptop to his phone. For the sake of convenience, he wanted to download the MolvaPass app onto his phone. Upon doing so, he opened it and entered his username and password on the initial screen. After clicking Login, the following message appeared: The maximum length of the password is 15 characters.

Frederico's blood froze. How was that possible? There'd been no errors or warnings when he'd created his login. Everything had been fine then. Heart pounding, Frederico tried logging in again. The same error appeared. He switched back to his computer, where the site was still open. He browsed to My Account and selected Change Password.

A new screen prompted him for the old password, and a new one twice. He hurriedly filled in the fields and clikced the Change Password button.

A message appeared: Your MolvaPass has been successfully activated.

"What?!" Frederico blurted out loud. There was nothing to click but an OK button.

A follow-up message assured him, Password has been successfully changed.

As terror bolted down his spine, an expletive flew from his mouth. He navigated back to My Passes. There beside his newly-purchased pass was the big green word Activated.

"I only changed the password!" he pleaded out loud to a god who clearly wasn't listening. He forced a deep breath upon his panicked self and deliberated what to do from there. Support. Was there any way to get in touch with someone who could undo the activation or refund his money? With some Googling, Frederico found a toll-free number he could call from abroad. After he rapidly punched the number into his phone, a stilted robot voice guided him through a phone menu to the "Support" option.

We're getting somewhere, Frederico reassured himself.

"FoR MoLvaPaSs suPpOrt, uSe ThE cOnTaCt FoRm oN tHe GoMoLvA WeBzOnE." The robot hung up.

Frederico somehow refrained from hurling his phone across the room. Turning back to his PC, he scrolled down to the website footer, where he found a Contact us link. On this page, there was a contact form and an email address. Frederico filled out the contact form in detail and clicked the Submit button.

A new message appeared: Unable to send the request, try again later.

Frederico rolled his eyes toward the heavens. Somehow, he managed to wait a good five minutes before trying again—in vain. Desperately, he took his detailed message and emailed it to the support address, hoping for a quick response.

Minutes crawled past. Hours. Nothing by the time Frederico went to bed. It wasn't until the next morning that a response came back. The entire message read: The MolvaPass should have been activated once you reached Molvania, not before.

Consumed with soul-burning fury, Frederico hit Caps Lock on his keyboard. MAYBE MY PREVIOUS EMAIL WAS TOO LONG OR DIFFICULT TO UNDERSTAND?? ALL I DID WAS CHANGE THE PASSWORD!!!!

Several hours later, the following reply: The change of pw is not related to the activation of the pass.

Frederico directed his rage toward escalating the matter. He managed to track down the company that'd built the GoMolva website, writing to their support to demand a cancellation of the MolvaPass and a full refund. A few hours later, their reply asked for his PayPal transaction code so they could process the request.

In the end, Frederico got his money back and resolved to wait until he was physically in Molvania before attempting to buy another MolvaPass. We can only hope he rang in the new year with sanity intact.

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

An anonymous reader shared this report from The Hacker News: Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. "These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump," Saeed Abbasi, manager of product at Qualys TRU, said... Red Hat said CVE-2025-4598 has been rated Moderate in severity owing to the high complexity in pulling an exploit for the vulnerability, noting that the attacker has to first win the race condition and be in possession of an unprivileged local account... Qualys has also developed proof-of-concept code for both vulnerabilities, demonstrating how a local attacker can exploit the coredump of a crashed unix_chkpwd process, which is used to verify the validity of a user's password, to obtain password hashes from the /etc/shadow file. Advisories were also issued by Gentoo, Amazon Linux, and Debian, the article points out. (Though "It's worth noting that Debian systems aren't susceptible to CVE-2025-4598 by default, since they don't include any core dump handler unless the systemd-coredump package is manually installed.") Canonical software security engineer Octavio Galland explains the issue on Canonical's blog. "If a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace... In order to successfully carry out the exploit, an attacker must have permissions to create user, mount and pid namespaces with full capabilities." Canonical's security team has released updates for the apport package for all affected Ubuntu releases... We recommend you upgrade all packages... The unattended-upgrades feature is enabled by default for Ubuntu 16.04 LTS onwards. This service: - Applies new security updates every 24 hours automatically. - If you have this enabled, the patches above will be automatically applied within 24 hours of being available.

Read more of this story at Slashdot.

"The Doctor is dead. Long live the Doctor!" writes Space.com. (Spoilers ahead...) "The era of Ncuti Gatwa's Fifteenth Doctor came to a surprise end on Saturday night, as the Time Lord regenerated at the end of "Doctor Who" season 2 finale... [T]he Doctor gradually realises that not everything is back to normal. Poppy, his daughter with Belinda Chandra in the "Wish World" fantasy, has been erased from history, so the Time Lord decides to sacrifice himself by firing a ton of regeneration energy into the time Vortex to "jolt it one degree" — and hopefully bring her back. It goes without saying that his madcap scheme saves Poppy, as we learn that, in this rewritten timeline, the little girl was always the reason Belinda had been desperate to get back home. But arguably the biggest talking point of the episode — and, indeed, the season — is saved until last, as the Doctor regenerates into a very familiar face... Hint: They played the Doctor's companion, Rose Tyler, "alongside Christopher Eccleston's Ninth Doctor and David Tennant's Tenth Doctor during the phenomenally successful first two seasons of the show's 2005 reboot." Showrunner Russell T Davies called it "an honour and a hoot" to welcome back Billie Piper to the TARDIS, "but quite how and why and who is a story yet to be told. After 62 years, the Doctor's adventures are only just beginning!" Although the show's post-regeneration credits have traditionally featured the line "And introducing [insert name] as the Doctor", here it simply says "And introducing Billie Piper". The omission of "as the Doctor" is unlikely to be accidental, suggesting that Davies is playing a very elaborate game with "Who" fandom... Another mystery! The BBC and Disney+ are yet to confirm if and when "Doctor Who" will return for a third season of its current iteration. "There's no decision until after season two..." Davies told Radio Times in April (as spotted by the Independent). "That's when the decision is — and the decision won't even be made by the people we work with at Disney Plus, it'll be made by someone in a big office somewhere. So literally nothing happening, no decision." "For a new series to be ready for 2026, production would need to get under way relatively soon," writes the BBC. "So at the moment a new series or a special starring Billie Piper before 2027 looks unlikely." The Guardian adds: Concerns have been raised about falling viewing figures, which have struggled to rally since Russell T Davies' return in 2023. Two episodes during this series, which aired in May, got less than 3 million viewers — the lowest since the modern era began airing in 2005. The Independent has this statement from Piper: "It's no secret how much I love this show, and I have always said I would love to return to the Whoniverse as I have some of my best memories there, so to be given the opportunity to step back on that Tardis one more time was just something I couldn't refuse, but who, how, why and when, you'll just have to wait and see."

Read more of this story at Slashdot.