http://feed.informer.com/digests/IDAP6RXKUY/feeder Tech Digest 101 Respective post owners and feed distributors Fri, 21 Oct 2016 08:26:35 +0200 Feed Informer http://feed.informer.com/ https://arstechnica.com/security/2025/10/hackers-bullet-proof-hosts-deliver-malware-from-blockchains/ Ars Technica » Technology Lab urn:uuid:16b5a148-5634-7753-a383-8ea2a9c80419 Thu, 16 Oct 2025 22:40:49 +0200 Malicious payloads stored on Ethereum and BNB blockchains are immune to takedowns. <p>Hacking groups—at least one of which works on behalf of the North Korean government—have found a new and inexpensive way to distribute malware from “bulletproof” hosts: stashing them on public cryptocurrency blockchains.</p> <p>In a <a href="https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding/">Thursday post</a>, members of the Google Threat Intelligence Group said the technique provides the hackers with their own “bulletproof” host, a term that describes cloud platforms that are largely immune from takedowns by law enforcement and pressure from security researchers. More traditionally, these hosts are located in countries without treaties agreeing to enforce criminal laws from the US and other nations. These services often charge hefty sums and cater to criminals spreading malware or peddling child sexual abuse material and wares sold in crime-based flea markets.</p> <h2>Next-gen, DIY hosting that can’t be tampered with</h2> <p>Since February, Google researchers have observed two groups turning to a newer technique to infect targets with credential stealers and other forms of malware. The method, known as EtherHiding, embeds the malware in smart contracts, which are essentially apps that reside on blockchains for Ethereum and other cryptocurrencies. Two or more parties then enter into an agreement spelled out in the contract. When certain conditions are met, the apps enforce the contract terms in a way that, at least theoretically, is immutable and independent of any central authority.</p><p><a href="https://arstechnica.com/security/2025/10/hackers-bullet-proof-hosts-deliver-malware-from-blockchains/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2025/10/hackers-bullet-proof-hosts-deliver-malware-from-blockchains/#comments">Comments</a></p> https://arstechnica.com/ai/2025/10/ars-live-recap-is-the-ai-bubble-about-to-pop-ed-zitron-weighs-in/ Ars Technica » Technology Lab urn:uuid:1abfdf15-19f2-4db4-3f68-57d435576a30 Thu, 16 Oct 2025 22:25:08 +0200 Despite connection hiccups, we covered OpenAI's finances, nuclear power, and Sam Altman. <p>On Tuesday of last week, Ars Technica <a href="https://arstechnica.com/ai/2025/10/ars-live-is-the-ai-bubble-about-to-pop-ed-zitron-is-on-with-ars-at-330pm-edt-today/">hosted</a> a live conversation with Ed Zitron, host of the <a href="https://podcasts.apple.com/us/podcast/better-offline/id1730587238">Better Offline</a> podcast and one of tech's most vocal AI critics, to discuss whether the generative AI industry is experiencing a bubble and when it might burst. My Internet connection had other plans, though, dropping out multiple times and forcing Ars Technica's very own Lee Hutchinson to jump in as an excellent emergency backup host.</p> <p>During the times my connection cooperated, Zitron and I covered OpenAI's financial issues, lofty infrastructure promises, and why the AI hype machine keeps rolling despite some arguably shaky economics underneath. Lee's probing questions about per-user costs revealed a potential flaw in AI subscription models: Companies can't predict whether a user will cost them $2 or $10,000 per month.</p> <p>You can <a href="https://www.youtube.com/watch?v=1nEph7-Viyc">watch a recording</a> of the event on YouTube or in the window below.</p><p><a href="https://arstechnica.com/ai/2025/10/ars-live-recap-is-the-ai-bubble-about-to-pop-ed-zitron-weighs-in/">Read full article</a></p> <p><a href="https://arstechnica.com/ai/2025/10/ars-live-recap-is-the-ai-bubble-about-to-pop-ed-zitron-weighs-in/#comments">Comments</a></p> https://arstechnica.com/security/2025/10/breach-of-f5-requires-emergency-action-from-big-ip-users-feds-warn/ Ars Technica » Technology Lab urn:uuid:d956f17f-4d83-9646-dfb5-e2beb3cadb47 Wed, 15 Oct 2025 22:05:39 +0200 Risks to BIG-IP users include supply-chain attacks, credential loss, and vulnerability exploits. <p>Thousands of networks—many of them operated by the US government and Fortune 500 companies—face an “imminent threat” of being breached by a nation-state hacking group following the breach of a major maker of software, the federal government warned Wednesday.</p> <p>F5, a Seattle-based maker of networking software, <a href="https://my.f5.com/manage/s/article/K000154696">disclosed the breach</a> on Wednesday. F5 said a “sophisticated” threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a “long-term.” Security researchers who have responded to similar intrusions in the past took the language to mean the hackers were inside the F5 network <a href="https://cyberplace.social/@GossiTheDog/115378445416288653">for years</a>.</p> <h2>Unprecedented</h2> <p>During that time, F5 said, the hackers took control of the network segment the company uses to create and distribute updates for BIG IP, a line of server appliances that F5 <a href="https://www.f5.com/c/emea-2020/event/f5-myforum">says</a> is used by 48 of the world’s top 50 corporations. Wednesday’s disclosure went on to say the threat group downloaded proprietary BIG-IP source code information about vulnerabilities that had been privately discovered but not yet patched. The hackers also obtained configuration settings that some customers used inside their networks.</p><p><a href="https://arstechnica.com/security/2025/10/breach-of-f5-requires-emergency-action-from-big-ip-users-feds-warn/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2025/10/breach-of-f5-requires-emergency-action-from-big-ip-users-feds-warn/#comments">Comments</a></p> https://arstechnica.com/ai/2025/10/anthropics-claude-haiku-4-5-matches-mays-frontier-model-at-fraction-of-cost/ Ars Technica » Technology Lab urn:uuid:35729757-edb1-bca9-99e6-44dd04d9a933 Wed, 15 Oct 2025 20:53:00 +0200 Tiny, fast model hits coding scores similar to GPT-5 and Sonnet 4. <p>On Wednesday, Anthropic <a href="https://www.anthropic.com/news/claude-haiku-4-5">released</a> Claude Haiku 4.5, a small AI language model that reportedly delivers performance similar to what its frontier model <a href="https://arstechnica.com/ai/2025/05/anthropic-calls-new-claude-4-worlds-best-ai-coding-model/">Claude Sonnet 4</a> achieved five months ago but at one-third the cost and more than twice the speed. The new model is available now to all Claude app, web, and API users.</p> <p>If the benchmarks for Haiku 4.5 reported by Anthropic hold up to independent testing, the fact that the company can match some capabilities of its cutting-edge coding model from only five months ago (and GPT-5 in coding) while providing a dramatic speed increase and cost cut is notable.</p> <p>As a recap, Anthropic ships the Claude family in three model sizes: Haiku (small), Sonnet (medium), and Opus (large). The larger models are based on larger neural networks and typically include deeper contextual knowledge but are slower and more expensive to run. Due to a technique called <a href="https://arstechnica.com/ai/2025/03/ai-firms-follow-deepseeks-lead-create-cheaper-models-with-distillation/">distillation</a>, companies like Anthropic have been able to craft smaller AI models that match the capability of larger, older models at functional tasks like coding, although it typically comes at the cost of omitting stored knowledge.</p><p><a href="https://arstechnica.com/ai/2025/10/anthropics-claude-haiku-4-5-matches-mays-frontier-model-at-fraction-of-cost/">Read full article</a></p> <p><a href="https://arstechnica.com/ai/2025/10/anthropics-claude-haiku-4-5-matches-mays-frontier-model-at-fraction-of-cost/#comments">Comments</a></p> https://arstechnica.com/ai/2025/10/chatgpt-will-soon-allow-erotic-chats-for-verified-adults-only/ Ars Technica » Technology Lab urn:uuid:5567ce21-2281-f18f-6187-8e9d8e1d4ccd Wed, 15 Oct 2025 17:14:52 +0200 Sam Altman claims new tools can detect mental distress while relaxing limits for adults. <p>On Tuesday, OpenAI CEO Sam Altman <a href="https://x.com/sama/status/1978129344598827128">announced</a> that the company will allow verified adult users to have erotic conversations with ChatGPT starting in December. The change represents a shift in how OpenAI approaches content restrictions, which the company had <a href="https://arstechnica.com/ai/2025/02/chatgpt-can-now-write-erotica-as-openai-eases-up-on-ai-paternalism/">loosened</a> in February but then dramatically <a href="https://arstechnica.com/ai/2025/09/openai-announces-parental-controls-for-chatgpt-after-teen-suicide-lawsuit/">tightened</a> after an <a href="https://arstechnica.com/tech-policy/2025/08/chatgpt-helped-teen-plan-suicide-after-safeguards-failed-openai-admits/">August lawsuit</a> from parents of a teen who died by suicide after allegedly receiving encouragement from ChatGPT.</p> <p>"In December, as we roll out age-gating more fully and as part of our 'treat adult users like adults' principle, we will allow even more, like erotica for verified adults," Altman wrote in his post on X (formerly Twitter). The announcement follows OpenAI's recent hint that it would allow developers to create "mature" ChatGPT applications once the company implements appropriate age verification and controls.</p> <p>Altman explained that OpenAI had made ChatGPT "pretty restrictive to make sure we were being careful with mental health issues" but acknowledged this approach made the chatbot "less useful/enjoyable to many users who had no mental health problems." The CEO said the company now has new tools to better detect when users are experiencing mental distress, allowing OpenAI to relax restrictions in most cases.</p><p><a href="https://arstechnica.com/ai/2025/10/chatgpt-will-soon-allow-erotic-chats-for-verified-adults-only/">Read full article</a></p> <p><a href="https://arstechnica.com/ai/2025/10/chatgpt-will-soon-allow-erotic-chats-for-verified-adults-only/#comments">Comments</a></p> https://www.youtube.com/watch?v=PgFeiwvqS0g Dave Lee urn:uuid:90107d77-71e0-22a2-cce6-00fb3948cc1f Wed, 15 Oct 2025 15:41:50 +0200 https://arstechnica.com/tech-policy/2025/10/feds-seize-15-billion-from-alleged-forced-labor-scam-built-on-human-suffering/ Ars Technica » Technology Lab urn:uuid:d3f69ddd-1f0c-f6cb-201a-25ead5048769 Tue, 14 Oct 2025 23:01:50 +0200 Scams like this one net billions from well-educated victims. <p>Federal prosecutors have seized $15 billion from the alleged kingpin of an operation that used imprisoned laborers to trick unsuspecting people into making investments in phony funds, often after spending months faking romantic relationships with the victims.</p> <p>Such "<a href="https://en.wikipedia.org/wiki/Pig_butchering_scam">pig butchering</a>" scams have operated for years. They typically work when members of the operation initiate conversations with people on social media and then spend months messaging them. Often, the scammers pose as <a href="https://www.propublica.org/article/whats-a-pig-butchering-scam-heres-how-to-avoid-falling-victim-to-one">attractive individuals</a> who feign romantic interest for the victim.</p> <h2>Forced labor, phone farms, and human suffering</h2> <p>Eventually, conversations turn to phony investment funds with the end goal of convincing the victim to transfer <a href="https://www.scmp.com/news/hong-kong/law-and-crime/article/3282345/hong-kong-fraudsters-use-deepfake-tech-swindle-love-struck-men-out-hk360-million">large amounts of bitcoin</a>. In many cases, the scammers are trafficked and held against their will in compounds surrounded by fences and barbed wire.</p><p><a href="https://arstechnica.com/tech-policy/2025/10/feds-seize-15-billion-from-alleged-forced-labor-scam-built-on-human-suffering/">Read full article</a></p> <p><a href="https://arstechnica.com/tech-policy/2025/10/feds-seize-15-billion-from-alleged-forced-labor-scam-built-on-human-suffering/#comments">Comments</a></p> https://arstechnica.com/ai/2025/10/nvidia-sells-tiny-new-computer-that-puts-big-ai-on-your-desktop/ Ars Technica » Technology Lab urn:uuid:67460d34-07b3-47dd-9a80-a7690d8101dd Tue, 14 Oct 2025 18:58:21 +0200 The 1 petaflop DGX Spark system runs AI models with 200 billion parameters locally for $4K. <p>On Tuesday, Nvidia <a href="https://nvidianews.nvidia.com/news/nvidia-dgx-spark-arrives-for-worlds-ai-developers">announced</a> it will begin taking orders for the DGX Spark, a $4,000 desktop AI computer that wraps one petaflop of computing performance and 128GB of unified memory into a form factor small enough to sit on a desk. Its biggest selling point is likely its large integrated memory that can run larger AI models than consumer GPUs.</p> <p>Nvidia will begin taking orders for the DGX Spark on Wednesday, October 15, <a href="https://www.nvidia.com/en-us/products/workstations/dgx-spark/">through its website</a>, with systems also available from manufacturing partners and select US retail stores.</p> <p>The DGX Spark, which Nvidia <a href="https://arstechnica.com/ai/2025/01/nvidias-first-desktop-pc-can-run-local-ai-models-for-3000/">previewed as "Project DIGITS"</a> in January and <a href="https://arstechnica.com/ai/2025/03/nvidia-announces-dgx-desktop-personal-ai-supercomputers/">formally named</a> in May, represents Nvidia's attempt to create a new category of desktop computer workstation specifically for AI development.</p><p><a href="https://arstechnica.com/ai/2025/10/nvidia-sells-tiny-new-computer-that-puts-big-ai-on-your-desktop/">Read full article</a></p> <p><a href="https://arstechnica.com/ai/2025/10/nvidia-sells-tiny-new-computer-that-puts-big-ai-on-your-desktop/#comments">Comments</a></p> https://arstechnica.com/ai/2025/10/openai-wants-to-stop-chatgpt-from-validating-users-political-views/ Ars Technica » Technology Lab urn:uuid:8211236e-d4de-efa9-e490-72b10e2b41bc Tue, 14 Oct 2025 15:51:00 +0200 New paper reveals reducing "bias" means making ChatGPT stop mirroring users' political language. <p>"ChatGPT shouldn't have political bias in any direction."</p> <p>That's OpenAI's stated goal in a new research paper <a href="https://openai.com/index/defining-and-evaluating-political-bias-in-llms/">released</a> Thursday about measuring and reducing political bias in its AI models. The company says that "people use ChatGPT as a tool to learn and explore ideas" and argues "that only works if they trust ChatGPT to be objective."</p> <p>But a closer reading of OpenAI's paper reveals something different from what the company's framing of objectivity suggests. The company never actually defines what it means by "bias." And its evaluation axes show that it's focused on stopping ChatGPT from several behaviors: acting like it has personal political opinions, amplifying users' emotional political language, and providing one-sided coverage of contested topics.</p><p><a href="https://arstechnica.com/ai/2025/10/openai-wants-to-stop-chatgpt-from-validating-users-political-views/">Read full article</a></p> <p><a href="https://arstechnica.com/ai/2025/10/openai-wants-to-stop-chatgpt-from-validating-users-political-views/#comments">Comments</a></p> https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/ Ars Technica » Technology Lab urn:uuid:d1786f2c-b4dc-dc59-f259-308e0ebb6f32 Mon, 13 Oct 2025 23:36:35 +0200 Malicious app required to make "Pixnapping" attack work requires no permissions. <p>Android devices are vulnerable to a new attack that can covertly steal 2FA codes, location timelines, and other private data in less than 30 seconds.</p> <p>The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet. The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.</p> <h2>Like taking a screenshot</h2> <p>Pixnapping attacks begin with the malicious app invoking Android programming interfaces that cause the authenticator or other targeted apps to send sensitive information to the device screen. The malicious app then runs graphical operations on individual pixels of interest to the attacker. Pixnapping then exploits a <a href="https://en.wikipedia.org/wiki/Side-channel_attack">side channel</a> that allows the malicious app to map the pixels at those coordinates to letters, numbers, or shapes.</p><p><a href="https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/#comments">Comments</a></p> https://arstechnica.com/security/2025/10/why-signals-post-quantum-makeover-is-an-amazing-engineering-achievement/ Ars Technica » Technology Lab urn:uuid:a8f1aefa-0d2b-da97-2a48-cc6682ec186f Mon, 13 Oct 2025 18:15:53 +0200 New design sets a high standard for post-quantum readiness. <p>The encryption protecting communications against criminal and nation-state snooping is under threat. As private industry and governments get closer to building useful quantum computers, the algorithms protecting Bitcoin wallets, encrypted Web visits, and other sensitive secrets will be useless. No one doubts the day will come, but as the now-common joke in cryptography circles observes, experts have been forecasting this cryptocalypse will arrive in the next 15 to 30 years for the past 30 years.</p> <p>The uncertainty has created something of an existential dilemma: Should network architects spend the billions of dollars required to wean themselves off quantum-vulnerable algorithms now, or should they prioritize their limited security budgets fighting more immediate threats such as ransomware and espionage attacks? Given the expense and no clear deadline, it’s little wonder that <a href="https://radar.cloudflare.com/adoption-and-usage" target="_blank" rel="noopener">less than half</a> of all TLS connections made inside the Cloudflare network and only <a href="https://trustfour.com" target="_blank" rel="noopener">18 percent</a> of Fortune 500 networks support quantum-resistant TLS connections. It's all but certain that many fewer organizations still are supporting quantum-ready encryption in less prominent protocols.</p> <h2>Triumph of the cypherpunks</h2> <p>One exception to the industry-wide lethargy is the engineering team that designs the Signal Protocol, the open-source engine that powers the world’s most robust and resilient form of end-to-end encryption for multiple private chat apps, most notably the <a href="https://signal.org/download/">Signal Messenger</a>. Eleven days ago, the nonprofit entity that develops the protocol, Signal Messenger LLC, published a 5,900-word write-up describing its latest updates that make Signal fully quantum-resistant.</p><p><a href="https://arstechnica.com/security/2025/10/why-signals-post-quantum-makeover-is-an-amazing-engineering-achievement/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2025/10/why-signals-post-quantum-makeover-is-an-amazing-engineering-achievement/#comments">Comments</a></p> https://arstechnica.com/security/2025/10/payroll-pirate-phishing-scam-that-takes-over-workday-accounts-steals-paychecks/ Ars Technica » Technology Lab urn:uuid:3439aa26-6c29-2569-d178-c6bd8043d6d0 Fri, 10 Oct 2025 20:07:04 +0200 Among other things, the scammers bypass multi-factor authentication. <p>Microsoft is warning of an active scam that diverts employees' paycheck payments to attacker-controlled accounts after first taking over their profiles on Workday or other cloud-based HR services.</p> <p>Payroll Pirate, as Microsoft says the campaign has been dubbed, gains access to victims’ HR portals by sending them phishing emails that trick the recipients into providing their credentials for logging in to the cloud account. The scammers are able to recover multi-factor authentication codes by using <a href="https://arstechnica.com/security/2025/05/phishing-attacks-that-defeat-mfa-are-easier-than-ever-so-what-are-we-to-do/">adversary-in-the-middle</a> tactics, which work by sitting between the victims and the site they think they’re logging in to, which is, in fact, a fake site operated by the attackers.</p> <h2>Not all MFA is created equal</h2> <p>The attackers then enter the intercepted credentials, including the MFA code, into the real site. This tactic, which has grown increasingly common in recent years, underscores the importance of adopting FIDO-compliant forms of MFA, which are immune to such attacks.</p><p><a href="https://arstechnica.com/security/2025/10/payroll-pirate-phishing-scam-that-takes-over-workday-accounts-steals-paychecks/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2025/10/payroll-pirate-phishing-scam-that-takes-over-workday-accounts-steals-paychecks/#comments">Comments</a></p> https://arstechnica.com/ai/2025/10/ai-models-can-acquire-backdoors-from-surprisingly-few-malicious-documents/ Ars Technica » Technology Lab urn:uuid:99f9acf3-4060-f4ec-870f-62e86d31a225 Fri, 10 Oct 2025 00:03:21 +0200 Anthropic study suggests "poison" training attacks don't scale with model size. <p>Scraping the open web for AI training data can have its drawbacks. On Thursday, researchers from Anthropic, the UK AI Security Institute, and the Alan Turing Institute <a href="https://arxiv.org/abs/2510.07192">released</a> a preprint research paper suggesting that large language models like the ones that power ChatGPT, Gemini, and Claude can develop backdoor vulnerabilities from as few as 250 corrupted documents inserted into their training data.</p> <p>That means someone tucking certain documents away inside training data could potentially manipulate how the LLM responds to prompts, although the finding comes with significant caveats.</p> <p>The research involved training AI language models ranging from 600 million to 13 billion parameters on datasets scaled appropriately for their size. Despite larger models processing over 20 times more total training data, all models learned the same backdoor behavior after encountering roughly the same small number of malicious examples.</p><p><a href="https://arstechnica.com/ai/2025/10/ai-models-can-acquire-backdoors-from-surprisingly-few-malicious-documents/">Read full article</a></p> <p><a href="https://arstechnica.com/ai/2025/10/ai-models-can-acquire-backdoors-from-surprisingly-few-malicious-documents/#comments">Comments</a></p> https://arstechnica.com/security/2025/10/discord-says-hackers-stole-government-ids-of-70000-users/ Ars Technica » Technology Lab urn:uuid:bd6885a4-ff3a-94e0-ad70-ce081095026a Thu, 09 Oct 2025 20:24:13 +0200 As more sites require IDs for user age verification, expect more such breaches to come. <p>Discord says that hackers made off with images of 70,000 users’ government IDs that they were required to provide in order to use the site.</p> <p>Like an increasing number of sites, Discord requires certain users to provide a photo or scan of their driver's license or other government ID that shows they meet the minimum age requirements in their country. In some cases, Discord allows users to prove their age by providing a selfie that shows their faces (it’s not clear how a face proves someone’s age, but there you go). The social media site imposes these requirements on users who are reported by other users to be under the minimum age for the country they’re connecting from.</p> <h2>“A substantial risk for identity theft”</h2> <p>On Wednesday, Discord <a href="https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service">said</a> that ID images of roughly 70,000 users “may have had government-ID photos exposed” in a recent breach of a third-party service Discord entrusted to manage the data. The affected users had communicated with Discord’s Customer Support or Trust &amp; Safety teams and subsequently submitted the IDs in reviews of age-related appeals.</p><p><a href="https://arstechnica.com/security/2025/10/discord-says-hackers-stole-government-ids-of-70000-users/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2025/10/discord-says-hackers-stole-government-ids-of-70000-users/#comments">Comments</a></p> https://arstechnica.com/ai/2025/10/bank-of-england-warns-ai-stock-bubble-rivals-2000-dotcom-peak/ Ars Technica » Technology Lab urn:uuid:afb94709-dc99-f509-e410-32c25d63fd11 Wed, 08 Oct 2025 23:18:30 +0200 Central bank says market concentration hasn't been this extreme in 50 years. <p>AI bubble <a href="https://arstechnica.com/ai/2025/10/ars-live-is-the-ai-bubble-about-to-pop-a-live-chat-with-ed-zitron/">talk</a> is in the air, and among the chorus of voices warning of an AI-fueled market bubble (which includes OpenAI CEO <a href="https://arstechnica.com/information-technology/2025/08/sam-altman-calls-ai-a-bubble-while-seeking-500b-valuation-for-openai/">Sam Altman</a> and Amazon's <a href="https://www.cnbc.com/2025/10/03/jeff-bezos-ai-in-an-industrial-bubble-but-society-to-benefit.html">Jeff Bezos</a>) is the Bank of England, which <a href="https://www.bankofengland.co.uk/financial-policy-committee-record/2025/october-2025">warned</a> on Wednesday that global financial markets could face a sharp correction if investor sentiment turns negative on AI.</p> <p>The UK central bank said US stock valuations resemble those seen near the peak of the <a href="https://en.wikipedia.org/wiki/Dot-com_bubble">dotcom bubble</a> on some measures, with AI-focused companies making up an unprecedented portion of market value.</p> <p>In its <a href="https://www.bankofengland.co.uk/financial-policy-committee-record/2025/october-2025">quarterly report</a> derived from a meeting of its Financial Policy Committee that took place last week, BoE wrote that "the risk of a sharp market correction has increased." Reuters <a href="https://www.reuters.com/sustainability/boards-policy-regulation/markets-face-sharp-correction-if-mood-sours-ai-or-fed-freedom-bank-england-says-2025-10-08/">notes</a> that it's the BoE's strongest warning to date about potential AI-driven market declines. The committee, chaired by Governor Andrew Bailey, said spillover risks to Britain's financial system from such a shock were "material."</p><p><a href="https://arstechnica.com/ai/2025/10/bank-of-england-warns-ai-stock-bubble-rivals-2000-dotcom-peak/">Read full article</a></p> <p><a href="https://arstechnica.com/ai/2025/10/bank-of-england-warns-ai-stock-bubble-rivals-2000-dotcom-peak/#comments">Comments</a></p> https://arstechnica.com/security/2025/10/salesforce-says-it-wont-pay-extortion-demand-in-1-billion-records-breach/ Ars Technica » Technology Lab urn:uuid:c3b45eb1-d017-a24b-0dce-15a8aa218be4 Wed, 08 Oct 2025 22:02:46 +0200 Scattered LAPSUS$ Hunters gave Salesforce until Friday to pay or else. <p>Salesforce says it’s refusing to pay an extortion demand made by a crime syndicate that claims to have stolen roughly 1 billion records from dozens of Salesforce customers.</p> <p>The threat group making the demands began their campaign in May, when they made voice calls to organizations storing data on the Salesforce platform, Google-owned Mandiant <a href="https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion">said</a> in June. The English-speaking callers would provide a pretense that necessitated the target connect an attacker-controlled app to their Salesforce portal. Amazingly—but not surprisingly—many of the people who received the calls complied.</p> <h2>It’s becoming a real mess</h2> <p>The threat group behind the campaign is calling itself Scattered LAPSUS$ Hunters, a mashup of three prolific data-extortion actors: Scattered Spider, LAPSuS$, and ShinyHunters. Mandiant, meanwhile, tracks the group as UNC6040, because the researchers so far have been unable to positively identify the connections.</p><p><a href="https://arstechnica.com/security/2025/10/salesforce-says-it-wont-pay-extortion-demand-in-1-billion-records-breach/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2025/10/salesforce-says-it-wont-pay-extortion-demand-in-1-billion-records-breach/#comments">Comments</a></p> https://arstechnica.com/gadgets/2025/10/synology-caves-walks-back-some-drive-restrictions-on-upcoming-nas-models/ Ars Technica » Technology Lab urn:uuid:0f0abf5f-a2ad-9a1e-2a9a-9eb867e06e74 Wed, 08 Oct 2025 18:49:27 +0200 Policy change affects at least 2025 model Plus, Value, and J-series DiskStations. <p>If you were considering the purchase of a Synology NAS but were leery of the unreasonably high cost of populating it with special Synology-branded hard disk drives, you can breathe a little easier today. In <a href="https://www.synology.com/en-us/company/news/article/dsm73/Synology%C2%AE%20Releases%20DiskStation%20Manager%207.3%2C%20Bringing%20Efficient%20Data%20Tiering%2C%20Enhanced%20Security%2C%20and%20AI-Powered%20Collaboration">a press release dated October 8</a>, Synology noted that with the release of its latest Disk Station Manager (DSM) update, some of its 2025 model-year products—specifically, the Plus, Value, and J-series DiskStation NAS devices—would "support the installation and storage pool creation of non-validated third-party drives."</p> <p>This unexpected move comes just a few months after Synology <a href="https://arstechnica.com/gadgets/2025/04/synology-confirms-need-for-synology-branded-drives-in-newer-plus-series-nas/">aggressively expanded its "verified drive" policy down-market</a> to the entire Plus line of DiskStations. Prior to today, the network-attached storage vendor had shown no signs of swerving from the decision, painting it as a pro-consumer move intended to enhance reliability. "Extensive internal testing has shown that drives that follow a rigorous validation process when paired with Synology systems are at less risk of drive failure and ongoing compatibility issues," Synology previously claimed in an email to Ars.</p> <h2>What is a “verified” or “validated” drive?</h2> <p>Synology first released its own brand of hard disk drives <a href="https://www.blackvoid.club/synology-hdd-compatibility-policy-explained/">back in 2021</a> and began requiring their use in a small but soon-to-increase number of its higher-end NAS products. Although the drives were rebadged offerings from other manufacturers—there are very few hard disk drive OEMs, and Synology isn't one of them—the company claimed that its branded disks <a href="https://www.synology.com/en-us/products/drives/hdd/enterprise-hat">underwent significant additional validation and testing</a> that, when coupled with customized firmware, yielded reliability and performance improvements over off-the-shelf components.</p><p><a href="https://arstechnica.com/gadgets/2025/10/synology-caves-walks-back-some-drive-restrictions-on-upcoming-nas-models/">Read full article</a></p> <p><a href="https://arstechnica.com/gadgets/2025/10/synology-caves-walks-back-some-drive-restrictions-on-upcoming-nas-models/#comments">Comments</a></p> https://arstechnica.com/ai/2025/10/ars-live-is-the-ai-bubble-about-to-pop-a-live-chat-with-ed-zitron/ Ars Technica » Technology Lab urn:uuid:fa1a1c2f-07dd-2b36-4524-cabf514dba1e Tue, 07 Oct 2025 21:15:26 +0200 Our discussion happens today, October 7, at 3:30pm US Eastern time. <p>As generative AI has taken off since ChatGPT's debut, inspiring hundreds of billions of dollars in investments and infrastructure developments, the top question on many people's minds has been: Is generative AI a bubble, and if so, when will it pop?</p> <p>To help us potentially answer that question, I'll be hosting a live conversation with prominent AI critic Ed Zitron on <a href="https://www.youtube.com/live/1nEph7-Viyc">October 7 at 3:30 pm ET</a> as part of the Ars Live series. As Ars Technica's <a href="https://arstechnica.com/author/benjedwards/">senior AI reporter</a>, I've been tracking both the explosive growth of this industry and the mounting skepticism about its sustainability.</p> <p>You can <a href="https://www.youtube.com/@arstechnica">watch the discussion live</a> on YouTube when the time comes.</p><p><a href="https://arstechnica.com/ai/2025/10/ars-live-is-the-ai-bubble-about-to-pop-a-live-chat-with-ed-zitron/">Read full article</a></p> <p><a href="https://arstechnica.com/ai/2025/10/ars-live-is-the-ai-bubble-about-to-pop-a-live-chat-with-ed-zitron/#comments">Comments</a></p> https://arstechnica.com/ai/2025/10/amd-wins-massive-ai-chip-deal-from-openai-with-stock-sweetener/ Ars Technica » Technology Lab urn:uuid:3075ce2a-a4bf-807a-9ed0-955b0f8075eb Mon, 06 Oct 2025 16:45:28 +0200 ChatGPT maker will be allowed to buy 10% of AMD for a penny per share. <p>On Monday, AMD <a href="https://ir.amd.com/news-events/press-releases/detail/1260/amd-and-openai-announce-strategic-partnership-to-deploy-6-gigawatts-of-amd-gpus">announced</a> it will supply AI chips to OpenAI in a multi-year deal worth tens of billions of dollars annually that gives the ChatGPT creator an option to acquire up to 10 percent of the chipmaker's stock for 1 cent per share, Reuters <a href="https://www.reuters.com/technology/amd-signs-ai-chip-supply-deal-with-openai-gives-it-option-take-10-stake-2025-10-06/">reports</a>. The agreement covers hundreds of thousands of AMD's AI graphics processing units over several years starting in the second half of 2026.</p> <p>The deal marks a major endorsement of AMD's AI hardware and software capabilities as the company competes with Nvidia for dominance in the AI chip market. AMD executives project the agreement will generate more than $100 billion in new revenue over four years from OpenAI and other customers who follow OpenAI's lead.</p> <p>"We view this deal as certainly transformative, not just for AMD, but for the dynamics of the industry," AMD Executive Vice President Forrest Norrod told Reuters on Sunday. The chipmaker will start booking income from the deal next year when OpenAI starts building a 1 gigawatt facility based on AMD's forthcoming MI450 series chips.</p><p><a href="https://arstechnica.com/ai/2025/10/amd-wins-massive-ai-chip-deal-from-openai-with-stock-sweetener/">Read full article</a></p> <p><a href="https://arstechnica.com/ai/2025/10/amd-wins-massive-ai-chip-deal-from-openai-with-stock-sweetener/#comments">Comments</a></p> https://arstechnica.com/security/2025/10/ice-wants-to-build-a-24-7-social-media-surveillance-team/ Ars Technica » Technology Lab urn:uuid:94f72a8b-2380-3702-da89-37d691e85814 Sat, 04 Oct 2025 15:21:55 +0200 ICE plans to hire contractors to scan platforms to target people for deportation. <p>United States immigration authorities are moving to dramatically expand their <a href="https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/">social media surveillance</a>, with plans to hire nearly 30 contractors to sift through posts, photos, and messages—raw material to be transformed into intelligence for deportation raids and arrests.</p> <p>Federal <a href="https://sam.gov/workspace/contract/opp/37b379dbed484281a12530cc01835e04/view" target="_blank" rel="nofollow noopener" data-offer-url="https://sam.gov/workspace/contract/opp/37b379dbed484281a12530cc01835e04/view" data-event-click='{"pattern":"ExternalLink"}' data-event-boundary="click" data-in-view='{"pattern":"ExternalLink"}' data-include-experiments="true">contracting records</a> reviewed by WIRED show that the agency is <a href="https://s3.documentcloud.org/documents/26179463/rfi-erotodncatcandperc-20251002.pdf" target="_blank" rel="nofollow noopener" data-offer-url="https://s3.documentcloud.org/documents/26179463/rfi-erotodncatcandperc-20251002.pdf" data-event-click='{"pattern":"ExternalLink"}' data-event-boundary="click" data-in-view='{"pattern":"ExternalLink"}' data-include-experiments="true">seeking private vendors</a> to run a multiyear surveillance program out of two of its little-known targeting centers. The program envisions stationing nearly 30 private analysts at Immigration and Customs Enforcement (ICE) facilities in Vermont and Southern California. Their job: Scour <a href="https://www.wired.com/tag/facebook/">Facebook</a>, <a href="https://www.wired.com/tag/tiktok/">TikTok</a>, <a href="https://www.wired.com/tag/instagram/">Instagram</a>, <a href="https://www.wired.com/tag/youtube/">YouTube</a>, and other platforms, converting posts and profiles into fresh leads for enforcement raids.</p> <p>The initiative is still at the request-for-information stage, a step agencies use to gauge interest from contractors before an official bidding process. But <a href="https://s3.documentcloud.org/documents/26179462/rfi-performanceworkstatementncatc-perc-draft-20251002.pdf" target="_blank" rel="nofollow noopener" data-offer-url="https://s3.documentcloud.org/documents/26179462/rfi-performanceworkstatementncatc-perc-draft-20251002.pdf" data-event-click='{"pattern":"ExternalLink"}' data-event-boundary="click" data-in-view='{"pattern":"ExternalLink"}' data-include-experiments="true">draft planning documents</a> show the scheme is ambitious: ICE wants a contractor capable of staffing the centers around the clock, constantly processing cases on tight deadlines, and supplying the agency with the latest and greatest subscription-based surveillance software.</p><p><a href="https://arstechnica.com/security/2025/10/ice-wants-to-build-a-24-7-social-media-surveillance-team/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2025/10/ice-wants-to-build-a-24-7-social-media-surveillance-team/#comments">Comments</a></p> https://arstechnica.com/ai/2025/10/why-irobots-founder-wont-go-within-10-feet-of-todays-walking-robots/ Ars Technica » Technology Lab urn:uuid:cd276f05-2135-c816-e257-336811bec59f Thu, 02 Oct 2025 23:10:23 +0200 Rodney Brooks says humanoid robots pose hidden safety challenges and won't learn dexterity from video alone. <p>When a robotics pioneer who has spent decades building humanoid machines recommends that you stand at least nine feet away from any full-sized walking robot, you should probably listen.</p> <p>"My advice to people is to not come closer than 3 meters to a full-size walking robot," Rodney Brooks <a href="https://rodneybrooks.com/why-todays-humanoids-wont-learn-dexterity/">writes</a> in a technical essay titled "Why Today’s Humanoids Won’t Learn Dexterity" published on his blog last week. "Until someone comes up with a better version of a two-legged walking robot that is much safer to be near, and even in contact with, we will not see humanoid robots get certified to be deployed in zones that also have people in them."</p> <p>Brooks, the <a href="https://en.wikipedia.org/wiki/Rodney_Brooks">MIT professor emeritus</a> who co-founded <a href="https://en.wikipedia.org/wiki/IRobot">iRobot</a> (of Roomba fame) and Rethink Robotics, believes companies pouring billions into humanoid development are chasing an expensive fantasy. Among other problems yet to be addressed, he warns that today's bipedal humanoids are fundamentally unsafe for humans to be near when they walk due to the massive kinetic energy they generate while maintaining balance. That stored-up energy can cause severe injury if the robot falls or its limbs strike someone.</p><p><a href="https://arstechnica.com/ai/2025/10/why-irobots-founder-wont-go-within-10-feet-of-todays-walking-robots/">Read full article</a></p> <p><a href="https://arstechnica.com/ai/2025/10/why-irobots-founder-wont-go-within-10-feet-of-todays-walking-robots/#comments">Comments</a></p> https://www.youtube.com/watch?v=QrnbKs-enO8 Dave Lee urn:uuid:a0e30d4f-4ebb-5977-187e-5b2d7a60de5a Fri, 26 Sep 2025 20:11:59 +0200 https://www.youtube.com/watch?v=X763A7yGh5E Dave Lee urn:uuid:b8061a94-3b5b-015d-b009-1e63bbc7030b Wed, 17 Sep 2025 14:13:21 +0200 https://www.youtube.com/watch?v=L2uXAC8vBnU Dave Lee urn:uuid:95865099-bda7-6f5e-dad1-cacffd9789dd Mon, 15 Sep 2025 14:02:11 +0200 https://www.youtube.com/watch?v=cw2pmKfHa7o Dave Lee urn:uuid:2627d1f3-9800-70b1-79b9-cde99f3ff1ee Wed, 10 Sep 2025 12:04:49 +0200 https://www.youtube.com/watch?v=8tUZ1vGed8s Dave Lee urn:uuid:0d423748-75d4-e40d-895b-33a1a3e6a133 Fri, 05 Sep 2025 09:50:59 +0200 https://www.youtube.com/watch?v=EbWN-UIZXJI Dave Lee urn:uuid:651bb7e5-98b6-8f51-b67d-9c76f35ac15a Thu, 28 Aug 2025 05:13:10 +0200 https://www.youtube.com/watch?v=0vFErGxD2QY Dave Lee urn:uuid:5f60be74-3006-e53e-f18b-5b189c7886bd Fri, 15 Aug 2025 15:36:37 +0200 https://www.youtube.com/watch?v=vOhuf18b-g8 Dave Lee urn:uuid:c7e7f5d1-8d88-d984-bd69-696d32ff891c Wed, 23 Jul 2025 20:10:08 +0200 https://www.youtube.com/watch?v=TCUNM3xC9Zs Dave Lee urn:uuid:6403bd47-e216-8fdf-bc1b-0ced2cee5671 Wed, 09 Jul 2025 16:56:59 +0200 https://www.youtube.com/watch?v=I9p6XfEZcQM Dave Lee urn:uuid:2b0cf596-5b6c-f1b0-82db-8489ebdef0d3 Tue, 01 Jul 2025 19:34:24 +0200 https://www.youtube.com/watch?v=N5zQTUhfuLU Dave Lee urn:uuid:31ff3ecb-f71c-2072-4ab0-9c7e5e00cc6b Sat, 28 Jun 2025 18:09:45 +0200 https://www.youtube.com/watch?v=b6mo-rTiJoE Dave Lee urn:uuid:6e7aad88-2144-7733-ef61-06e403b362de Tue, 10 Jun 2025 01:45:51 +0200 https://www.youtube.com/watch?v=Pp3fbZZOlcs Dave Lee urn:uuid:9c32ca8e-1d84-edd0-21fc-78657c9622d4 Sun, 08 Jun 2025 20:15:12 +0200 https://www.youtube.com/watch?v=CJXp3UYj50Q Dave Lee urn:uuid:852b1273-125d-7522-26e6-3a486935902b Sun, 25 May 2025 18:33:55 +0200 https://www.cnet.com/reviews/sling-tv-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:b210b42b-efed-a45c-a2c4-d087f6b3aa28 Thu, 01 Aug 2024 06:00:00 +0200 Sling TV Blue offers cord-cutters a wealth of live channels for an affordable price, but you may need to bring your own antenna. https://www.cnet.com/roadshow/reviews/2022-gmc-hummer-ev-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:9fd90772-44cb-ca1d-33da-e6c11bf98225 Mon, 02 Jan 2023 11:00:01 +0100 After the allure of the Hummer's physics-defying acceleration wears off, there isn't a whole lot left to love. https://www.cnet.com/reviews/amazon-fire-tv-stick-lite-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:73dfc366-45d8-9c18-d47a-35edc9fb5a5f Mon, 19 Dec 2022 19:01:00 +0100 The first ultrabudget streamer with a voice remote talks circles around Roku. https://www.cnet.com/roadshow/reviews/2023-land-rover-range-rover-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:5dd95bad-862a-32b2-450c-0a3ae3722e28 Wed, 14 Dec 2022 11:00:01 +0100 The latest generation of the ubiquitous luxury SUV is damn near perfect. https://www.cnet.com/reviews/roku-streambar-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:80392a32-0fa1-c196-1a2c-8a86bac4e712 Sun, 04 Dec 2022 12:00:00 +0100 Editor's Choice: This tiny bar adds great 4K HDR streaming, and solid sound, to any TV. https://www.cnet.com/reviews/anker-nebula-mars-ii-pro-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:cea1a7d9-6072-f0e7-bf18-f568466178b0 Thu, 01 Dec 2022 16:31:00 +0100 Editor's Choice: This tiny, battery-powered entertainment machine does a lot of things right. https://www.cnet.com/reviews/benq-cinehome-ht2050a-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:b5e2e90e-d281-8704-679d-59d71053f63b Thu, 01 Dec 2022 01:00:00 +0100 Editor's Choice: Excellent contrast, accurate color and solid features make it our favorite sub-$1,000 projector for 2020. https://www.cnet.com/reviews/epson-home-cinema-5050ub-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:c7ae4ced-4857-5f52-07bf-f3c65a30e445 Wed, 30 Nov 2022 19:21:00 +0100 Editor's Choice: A higher-end projector worthy of the "home cinema" moniker. https://www.cnet.com/roadshow/reviews/2023-bmw-ix-m60-sports-activity-vehicle-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:b25c0982-2acd-58e6-2630-b66610625491 Thu, 24 Nov 2022 12:00:00 +0100 The more powerful spec of BMW's iX electric SUV is certainly quicker than the base model, but that extra oomph comes at too high a cost. https://www.cnet.com/reviews/lg-oled-c2-series-2022-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:7b10c6da-620c-fb57-f710-0d0ff5399fd5 Tue, 15 Nov 2022 16:53:00 +0100 The C2 sets the pace for 2022 with superb picture quality, numerous sizes and a track record of success. https://www.cnet.com/reviews/blink-mini-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:5e1c698c-24ea-f2cb-40ac-3409866cb4a6 Fri, 21 Oct 2022 22:13:00 +0200 Available in black or white, Amazon's Blink Mini sports many features for a reasonable price. https://www.cnet.com/roadshow/reviews/2023-bmw-i4-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:b1b3b865-078d-5427-ba62-047faca3b280 Fri, 14 Oct 2022 21:33:00 +0200 You don't need to pay more for dual-motor i4 M50 to have a good time, but it's hard to argue with more power and fun. https://www.cnet.com/roadshow/reviews/2022-toyota-tundra-4wd-trd-pro-hybrid-crewmax-5-5-bed-3-5l-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:72c40ca9-222d-855b-9cd6-1aca83a0ec75 Tue, 11 Oct 2022 11:00:01 +0200 Toyota's off-road-ready pickup is mighty fine in daily driving, too. https://www.cnet.com/roadshow/reviews/2023-cadillac-xt6-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:ff9bc813-a50e-a023-686f-29f292247676 Thu, 22 Sep 2022 11:00:00 +0200 The addition of Caddy's hands-free highway driving assistant makes the XT6 one of the most interesting luxury SUVs on the road -- but there's a catch. https://www.cnet.com/roadshow/reviews/2022-chevrolet-silverado-1500-4wd-crew-cab-157-lt-trail-boss-review/#ftag=CADe9e329a CNET Reviews - Most Recent Reviews urn:uuid:945199b0-2022-37d7-a520-96df0e1b8ed5 Thu, 15 Sep 2022 11:00:00 +0200 This rough-and-ready pickup is home to Chevy's new Android-based, Google Assistant-powered dashboard tech.