MIT Technology Review discovered that startup R3 Bio has pitched an ethically and scientifically explosive long-term vision beyond its public work on non-sentient monkey "organ sacks": creating human "brainless clones" or replacement bodies for organs as part of an extreme life-extension agenda. From the report: Imagine it like this: a baby version of yourself with only enough of a brain structure to be alive in case you ever need a new kidney or liver. Or, alternatively, he has speculated, you might one day get your brain placed into a younger clone. That could be a way to gain a second lifespan through a still hypothetical procedure known as a body transplant.

The fuller context of R3's proposals, as well as activities of another stealth startup with related goals, have not previously been reported. They've been kept secret by a circle of extreme life-extension proponents who fear that their plans for immortality could be derailed by clickbait headlines and public backlash. And that's because the idea can sound like something straight from a creepy science fiction film. One person who heard R3's clone presentation, and spoke on the condition of anonymity, was left reeling by its implications and shaken by [R3 founder John Schloendorn's] enthusiastic delivery. The briefing, this person said, was like a "close encounter of the third kind" with "Dr. Strangelove." [...]

MIT Technology Review found no evidence that R3 has cloned anyone, or even any animal bigger than a rodent. What we did find were documents, additional meeting agendas, and other sources outlining a technical road map for what R3 called "body replacement cloning" in a 2023 letter to supporters. That road map involved improvements to the cloning process and genetic wiring diagrams for how to create animals without complete brains. A main purpose of the fundraising, investors say, was to support efforts to try these techniques in monkeys from a base in the Caribbean. That offered a path to a nearer-term business plan for more ethical medical experiments and toxicology testing -- if the company could develop what it now calls monkey "organ sacks." However, this work would clearly inform any possible human version.

An anonymous reader quotes a report from the New York Times: A global ban on taxing digital streaming and downloads across national borders expired on Monday, after members of the World Trade Organization concluded an annual meeting without agreeing to extend it. U.S. representatives had pushed to extend the ban, which prevents the more than 160 members of the W.T.O. from issuing duties related to e-commerce. But Brazil and Turkey blocked a motion for a longer extension.

U.S. representatives excoriated the outcome as further proof of the organization's irrelevance. The W.T.O. provides a forum for trade negotiations and setting rules for global trade. But U.S. officials have long criticized the group for its failure to police unfair trade practices by countries like China. Over the past year, the Trump administration has further abandoned W.T.O. by issuing its own global framework of tariffs instead. [...] Brazil had pushed for a two-year extension of the moratorium on e-commerce duties, while the United States wanted a permanent one. The countries couldn't come to a compromise, but negotiations are set to continue in Geneva this spring. W.T.O. members also failed to reach an agreement on future reforms for the organization. Bernd Lange, the chair of the international trade committee for the European Parliament, wrote in a post on X that "supporters of the multilateral trading system are waking up with a hangover."

"We knew that a breakthrough might not materialize, but that doesn't make it any less painful," he wrote, adding that "without an agreement to extend moratorium on digital tariffs, a period of great uncertainty could soon begin for businesses and consumers."

Jonathan McHale, the vice president of digital trade at the Computer & Communications Industry Association, called the outcome "deeply disappointing." He said: "For more than two decades, W.T.O. members have recognized that imposing tariffs on electronic transmissions would be counterproductive, but allowed the issue to become a negotiating football."

Microsoft Copilot is reportedly injecting promotional "tips" into GitHub pull requests, with Neowin claiming more than 1.5 million PRs have been affected by messages advertising integrations like Raycast, Slack, Teams, and various IDEs. From the report: According to Melbourne-based software developer Zach Manson, a team member used the AI to fix a simple typo in a pull request. Copilot did the job, but it also took the liberty of editing the PR's description to include this message: "Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast." A quick search of that phrase on GitHub shows that the same promotional text appears in over 11,000 pull requests across thousands of repositories. Even merge requests on GitLab aren't safe from the injection.

So what's happening? Well, Raycast has a Copilot extension that can do things like create pull requests from a natural language command. The ad directly names Raycast, so you might think that Raycast is injecting the promo into the PRs to market its own app. But it is more likely that Microsoft is the one doing the injecting. If you look at the raw markdown of the affected pull requests, there is a hidden HTML comment, "START COPILOT CODING AGENT TIPS" placed right just before the ad tip. This suggests Microsoft is using the comment to insert a "tip" that points back to its own developer ecosystem or partner integrations. UPDATE: Following backlash from developers, Microsoft has removed Copilot's ability to insert "tips" into pull requests. Tim Rogers, principal product manager for Copilot at GitHub, said the move was intended "to help developers learn new ways to use the agent in their workflow."

"On reflection," Rogers said he has since realized that letting Copilot make changes to PRs written by a human without their knowledge "was the wrong judgement call."

Google is expanding Android Automotive from the infotainment screen into the broader non-safety "brain" of software-defined vehicles. With its new Android Automotive OS for Software-Defined Vehicles, the in-car experience will feel "much more cohesive and the latest features will reach your driveway faster," Matt Crowley, Android Automotive's group product manager, writes in a blog post. "From a truly integrated voice experience to proactive maintenance reminders, your car will become a true extension of your digital life," Crowley adds. The Verge reports: With its new software, Google is promising faster over-the-air software updates, better voice assistants, and more proactive vehicle maintenance alerts. Non-driving functions like climate control, lighting, and seating adjustment would fall under Android's control. And the system would move beyond basic infotainment to create a unified ecosystem for features like remote cabin conditioning, digital key management, and personalized driver profiles.

For automakers, the new system promises less expensive software development costs and an opportunity to focus on what matters most to them: branding. By providing the "foundational code and a common language for their software," Google says automakers will be free to design cool experiences for their customers. Google says its already working with companies like Renault Group and Qualcomm to bring its new software-defined vehicle version of Android Automotive to more cars. A variety of automakers already use regular Android Automotive, like Volvo, Polestar, General Motors, Nissan, and Honda.

"We have removed all malicious artifacts from the affected registries and channels," Trivy maintainer Itay Shakury posted today, noting that all the latest Trivy releases "now point to a safe version." But "On March 19, we observed that a threat actor used a compromised credential..."

And today The Hacker News reported the same attackers are now "suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages..." (The attackers apparently leveraged a postinstall hook "to execute a loader, which then drops a Python backdoor that's responsible for contacting the ICP canister dead drop to retrieve a URL pointing to the next-stage payload.") The development marks the first publicly documented abuse of an ICP canister for the explicit purpose of fetching the command-and-control (C2) server, Aikido Security researcher Charlie Eriksen said... Persistence is established by means of a systemd user service, which is configured to automatically start the Python backdoor after a 5-second delay if it gets terminated for some reason by using the "Restart=always" directive. The systemd service masquerades as PostgreSQL tooling ("pgmon") in an attempt to fly under the radar...

In tandem, the packages come with a "deploy.js" file that the attacker runs manually to spread the malicious payload to every package a stolen npm token provides access to in a programmatic fashion. The worm, assessed to be vibe-coded using an AI tool, makes no attempt to conceal its functionality. "This isn't triggered by npm install," Aikido said. "It's a standalone tool the attacker runs with stolen tokens to maximize blast radius."

To make matters worse, a subsequent iteration of CanisterWorm detected in "@teale.io/eslint-config" versions 1.8.11 and 1.8.12 has been found to self-propagate on its own without the need for manual intervention... [Aikido Security researcher Charlie Eriksen said] "Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector. Their packages get infected, their downstream users install those, and if any of them have tokens, the cycle repeats."
So far affected packages include 28 in the @EmilGroup scope and 16 packages in the @opengov scope, according to the article, blaming the attack on "a cloud-focused cybercriminal operation known as TeamPCP."

Ars Technica explains that Trivy had "inadvertently hardcoded authentication secrets in pipelines for developing and deploying software updates," leading to a situation where attacks "compromised virtually all versions" of the widely used Trivy vulnerability scanner: Trivy maintainer Itay Shakury confirmed the compromise on Friday, following rumors and a thread, since deleted by the attackers, discussing the incident. The attack began in the early hours of Thursday. When it was done, the threat actor had used stolen credentials to force-push all but one of the trivy-action tags and seven setup-trivy tags to use malicious dependencies... "If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately," Shakury wrote.

Security firms Socket and Wiz said that the malware, triggered in 75 compromised trivy-action tags, causes custom malware to thoroughly scour development pipelines, including developer machines, for GitHub tokens, cloud credentials, SSH keys, Kubernetes tokens, and whatever other secrets may live there. Once found, the malware encrypts the data and sends it to an attacker-controlled server. The end result, Socket said, is that any CI/CD pipeline using software that references compromised version tags executes code as soon as the Trivy scan is run... "In our initial analysis the malicious code exfiltrates secrets with a primary and backup mechanism. If it detects it is on a developer machine it additionally writes a base64 encoded python dropper for persistence...."

Although the mass compromise began Thursday, it stems from a separate compromise last month of the Aqua Trivy VS Code extension for the Trivy scanner, Shakury said. In the incident, the attackers compromised a credential with write access to the Trivy GitHub account. Shakury said maintainers rotated tokens and other secrets in response, but the process wasn't fully "atomic," meaning it didn't thoroughly remove credential artifacts such as API keys, certificates, and passwords to ensure they couldn't be used maliciously.

"This [failure] allowed the threat actor to perform authenticated operations, including force-updating tags, without needing to exploit GitHub itself," Socket researchers wrote.
Pushing to a branch or creating a new release would've appeared in the commit history and trigger notifications, Socket pointed out, so "Instead, the attacker force-pushed 75 existing version tags to point to new malicious commits." (Trivy's maintainer says "we've also enabled immutable releases since the last breach.")

Ars Technica notes Trivy's vulnerability scanner has 33,200 stars on GitHub, so "the potential fallout could be severe."

Perplexity AI has introduced a "Personal Computer" agent system that can run on a local machine such as a Mac mini, giving its AI agents access to a user's files and applications to automate tasks. According to CEO Aravind Srinivas, the heavy AI processing runs on Perplexity's "secure servers" but sensitive actions will require user approval. There will also be activity logs and a kill switch available to help ease concerns. AppleInsider reports: Perplexity Computer is, effectively, an AI that is a go-between for other AIs. Instead of issuing specific instructions to multiple AIs, you provide the general outcome of the task to Perplexity Computer. Perplexity Computer then breaks down the task into subtasks, which it then provides to sub-agents to do the actual work. In effect, you're talking to a project manager, who then delegates the task to other AIs, before combining the results and presenting them to you.

The managing AI has a lot more freedom in how it orders its subordinates than users may think. While one may create documents while another gathers data, the manager may go as far as to order the creation of software to complete its tasks. Personal Computer is an extension of this, in that it is a locally run app that ideally runs on a Mac mini. The app gives always-on, local access to the Mac's files and apps, which Perplexity Computer and the Comet Assistant can use and alter if required.

A recently-revised Senate authorization bill (PDF), co-sponsored by Senate Commerce Committee Chair Ted Cruz, would extend the International Space Station's lifespan from 2030 to 2032 while pushing NASA to accelerate plans for commercial space stations to replace it. Ars Technica's Eric Berger reports: Regarding NASA's support for the development of commercial space stations, the bill mandates the following, within specified periods, of passage of the law:

- Within 60 days, publicly release the requirements for commercial space stations in low-Earth orbit
- Within 90 days, release the final "request for proposals" to solicit industry responses
- Within 180 days, enter into contracts with "two or more" commercial providers for such stations

Cruz is trying to inject urgency into NASA as several private companies -- including Axiom Space, Blue Origin, Vast, and Voyager -- are finalizing designs for space stations. All have expressed a desire for clarity from NASA on how long the space agency would like its astronauts to stay on board, the types of scientific equipment needed, and much more. These are known as "requirements" in NASA parlance.

[...] Cruz and other senators on the committee appear to share those concerns, as their legislation extends the International Space Station's lifespan from 2030 to 2032 (an extension must still be approved by international partners, including Russia). Moreover, the authorization bill states, "The Administrator shall not initiate the de-orbit of the ISS until the date on which a commercial low-Earth orbit destination has reached an initial operational capability." With this legislation, the U.S. Senate is making clear that it views a permanent human presence in low-Earth orbit as a high priority. This version of the authorization legislation must still be passed by the full Senate and work its way through the House of Representatives.

An anti-corruption group has filed a lawsuit (PDF) against Donald Trump and Attorney General Pam Bondi over the deal that transferred TikTok's U.S. operations to a group of investors tied to the administration. The suit claims the arrangement violates a 2024 law requiring ByteDance to divest and alleges the deal financially benefited Trump allies while leaving the platform's algorithm under Chinese ownership. NBC News reports: The suit, filed by the Public Integrity Project, a law firm that seeks to raise the "reputational cost of corruption in America," argues the deal violates a law intended to prevent the spread of Chinese government propaganda and has enriched Trump's allies. That law, signed by then-President Joe Biden in 2024, said that TikTok couldn't be distributed in the United States unless the Chinese company ByteDance found an American-based corporate home by the day before Donald Trump returned to office. The law was upheld by the Supreme Court.

"The law was clear, but it was never enforced," says the lawsuit, filed Thursday in the U.S. Court of Appeals for the District of Columbia Circuit. "Shortly after the deadline to divest passed, President Trump issued an executive order purportedly granting an extension for TikTok to find a domestic owner and directed his Attorney General not to enforce the law." The plaintiffs in the suit are two software engineers from California: One is a shareholder in Alphabet Inc., YouTube's parent company; the other is a shareholder in Meta Platforms, Inc., which is Instagram's parent company. Both say they suffered financially due to the non-enforcement of the law. "The original motivation for this law was to prevent the Chinese government from pushing propaganda onto American audiences," said Brendan Ballou, CEO of the Public Integrity Project and a former Justice Department prosecutor. "The deal that the president approved is the absolute worst of all possible worlds, because right now ByteDance continues to own the algorithm, which means that it can censor the content that it doesn't like, but at the same time Oracle controls the data and it can censor the information that it doesn't like. Really it's a situation that's going to be terrible for users, and terrible for free speech on the platform."

An anonymous reader shared this report from the blogIt's FOSS: Greg Kroah-Hartman has updated the projected end-of-life (EOL) dates for several active longterm support kernels via a commit. The provided reasoning? It was done "based on lots of discussions with different companies and groups and the other stable kernel maintainer." The other maintainer is Sasha Levin, who co-maintains these Linux kernel releases alongside Greg. Now, the updated support schedule for the currently active LTS kernels looks like this:

— Linux 6.6 now EOLs Dec 2027 (was Dec 2026), giving it a 4-year support window.

— Linux 6.12 now EOLs Dec 2028 (was Dec 2026), also a 4-year window.

— Linux 6.18 now EOLs Dec 2028 (was Dec 2027), at least 3 years of support.

Worth noting above is that Linux 5.10 and 5.15 are both hitting EOL this year in December, so if your distro is still running either of these, now is a good time to start thinking about a move.

"A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks," reports the Register. Researchers at software supply-chain security company ReversingLabs say that the threat actor creates fake companies in the blockchain and crypto-trading sectors and publishes job offerings on various platforms, like LinkedIn, Facebook, and Reddit. Developers applying for the job are required to show their skills by running, debugging, and improving a given project. However, the attacker's purpose is to make the applicant run the code... [The campaign involves 192 malicious packages published in the npm and PyPi registries. The packages download a remote access trojan that can exfiltrate files, drop additional payloads, or execute arbitrary commands sent from a command-and-control server.]

In one case highlighted in the ReversingLabs report, a package named 'bigmathutils,' with 10,000 downloads, was benign until it reached version 1.1.0, which introduced malicious payloads. Shortly after, the threat actor removed the package, marking it as deprecated, likely to conceal the activity... The RAT checks whether the MetaMask cryptocurrency extension is installed on the victim's browser, a clear indication of its money-stealing goals...

ReversingLabs has found multiple variants written in JavaScript, Python, and VBS, showing an intention to cover all possible targets.
The campaign has been ongoing since at least May 2025...

About 4% of all public commits on GitHub are now being authored by Anthropic's Claude Code, a terminal-native AI coding agent that has quickly become the centerpiece of a broader argument that software engineering is being fundamentally reshaped by AI.

SemiAnalysis, a semiconductor and AI research firm, published a report on Friday projecting that figure will climb past 20% by the end of 2026. Claude Code is a command-line tool that reads codebases, plans multi-step tasks and executes them autonomously. Anthropic's quarterly revenue additions have overtaken OpenAI's, according to SemiAnalysis's internal economic model, and the firm believes Anthropic's growth is now constrained primarily by available compute.

Accenture has signed on to train 30,000 professionals on Claude, the largest enterprise deployment so far, targeting financial services, life sciences, healthcare and the public sector. On January 12, Anthropic launched Cowork, a desktop-oriented extension of the same agent architecture -- four engineers built it in 10 days, and most of the code was written by Claude Code itself.

An anonymous reader quotes a report from TechCrunch: Microsoft provided the FBI with the recovery keys to unlock encrypted data on the hard drives of three laptops as part of a federal investigation, Forbes reported on Friday. Many modern Windows computers rely on full-disk encryption, called BitLocker, which is enabled by default. This type of technology should prevent anyone except the device owner from accessing the data if the computer is locked and powered off.

But, by default, BitLocker recovery keys are uploaded to Microsoft's cloud, allowing the tech giant -- and by extension law enforcement -- to access them and use them to decrypt drives encrypted with BitLocker, as with the case reported by Forbes. The case involved several people suspected of fraud related to the Pandemic Unemployment Assistance program in Guam, a U.S. island in the Pacific. Local news outlet Pacific Daily News covered the case last year, reporting that a warrant had been served to Microsoft in relation to the suspects' hard drives.

Kandit News, another local Guam news outlet, also reported in October that the FBI requested the warrant six months after seizing the three laptops encrypted with BitLocker. [...] Microsoft told Forbes that the company sometimes provides BitLocker recovery keys to authorities, having received an average of 20 such requests per year.

Seattle was late to the light rail party -- the city rejected transit ballot measures in 1968 and 1971, missing out on federal funding that built Atlanta's MARTA, and didn't approve a plan including rail until 1996 -- but the Pacific Northwest city is now in the middle of a multibillion-dollar building boom that has produced the highest post-pandemic ridership recovery of any US light rail system.

The Link system opened its first line in 2009, funded largely by voter-approved tax measures from 2008 and 2016. The north-south 1 Line now stretches 41 miles after a $3 billion extension to Lynnwood opened in June 2025 and a $2.5 billion leg to Federal Way debuted in December. Ridership is up 24% since 2019, and 3.4 million people rode Link trains in October 2025.

Test trains have been running since September across the I-90 floating bridge over Lake Washington -- what Sound Transit claims is the world's first light rail on a floating structure -- preparing for a May 31 opening. The Crosslake Connection is part of the 2 Line, a 14-mile, $3.7 billion extension voters approved in 2008 that was originally slated to open in 2020. The expansion hasn't come without problems. Sound Transit faces a roughly $30 billion budget shortfall, and a planned Ballard extension has ballooned to $22 billion, double original estimates.

Scientists are putting Einstein's claim that the speed of light is constant to the test. While researchers found no evidence that light's speed changes with energy, this null result dramatically tightens the constraints on quantum-gravity theories that predict even the tiniest violations. ScienceDaily reports: Special relativity rests on the principle that the laws of physics remain the same for all observers, regardless of how they are moving relative to one another. This idea is known as Lorentz invariance. Over time, Lorentz invariance became a foundational assumption in modern physics, especially within quantum theory. [...] One prediction shared by several Lorentz-invariance-violating quantum gravity models is that the speed of light may depend slightly on a photon's energy. Any such effect would have to be tiny to match existing experimental limits. However, it could become detectable at the highest photon energies, specifically in very-high-energy gamma rays.

A research team led by former UAB student Merce Guerrero and current IEEC PhD student at the UAB Anna Campoy-Ordaz set out to test this idea using astrophysical observations. The team also included Robertus Potting from the University of Algarve and Markus Gaug, a lecturer in the Department of Physics at the UAB who is also affiliated with the IEEC. Their approach relies on the vast distances light travels across the universe. If photons of different energies are emitted at the same time from a distant source, even minuscule differences in their speeds could build up into measurable delays by the time they reach Earth.

Using a new statistical technique, the researchers combined existing measurements of very-high-energy gamma rays to examine several Lorentz-invariance-violating parameters favored by theorists within the Standard Model Extension (SME). The goal was ambitious. They hoped to find evidence that Einstein's assumptions might break down under extreme conditions. Once again, Einstein's predictions held firm. The study did not detect any violation of Lorentz invariance. Even so, the results are significant. The new analysis improves previous limits by an order of magnitude, sharply narrowing where new physics could be hiding.

An anonymous reader shares a report: The Open Rights Group is warning politicians that the UK is leaning far too heavily on US tech companies to run critical systems, and wants the Cybersecurity and Resilience Bill to force a rethink.

The digital rights outfit says the bill, which is due to receive its second reading in the House of Commons today, represents a rare opportunity to force the government to confront what it sees as a strategic blind spot: the UK's reliance on companies such as Amazon, Google, Microsoft, and data analytics biz Palantir for everything from cloud hosting to sensitive public sector systems.

"Just as relying on one country for the UK's energy needs would be risky and irresponsible, so is overreliance on US companies to supply the bulk of our digital infrastructure," said James Baker, platform power programme manager at Open Rights Group. He argued that digital infrastructure has become an extension of geopolitical power, and the UK is increasingly vulnerable to decisions taken far beyond Westminster's control.

An anonymous reader shares a report: Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing threat actors to claim the namespace and upload malicious extensions.

These AI-assisted IDEs are forked from Microsoft VSCode, but cannot use the extensions in the official store due to licensing restrictions. Instead, they are supported by OpenVSX, an open-source marketplace alternative for VSCode-compatible extensions. As a result of forking, the IDEs inherit the list of officially recommended extensions, hardcoded in the configuration files, which point to Microsoft's Visual Studio Marketplace.

An anonymous reader quotes a report from Cyber Press: A newly uncovered Chinese threat group, DarkSpectre, has been linked to one of the most widespread browser-extension malware operations to date, compromising more than 8.8 million users of Chrome, Edge, Firefox, and Opera over the past seven years. According to research by Koi.ai, the group operates three interconnected campaigns: ShadyPanda, GhostPoster, and a newly identified one named The Zoom Stealer, forming a single, strategically organized operation.

DarkSpectre's structure differs from that of ordinary cybercrime operations. The group runs separate but interconnected malware clusters, each with distinct goals. The ShadyPanda campaign, responsible for 5.6 million infections, focuses on long-term user surveillance and e-commerce affiliate fraud. Its extensions have appeared legitimate for years, offering new tab pages and translation utilities, before secretly downloading malicious configurations from command-and-control servers such as jt2x.com and infinitynewtab.com. Once activated, they inject remote scripts, hijack search results, and track browsing activity.

The second campaign, GhostPoster, spreads via Firefox and Opera extensions that conceal malicious payloads in PNG images via steganography. After lying dormant for several days, the extensions extract and execute JavaScript hidden within images, enabling stealthy remote code execution. This campaign has affected over one million users and relies on domains like gmzdaily.com and mitarchive.info for payload delivery.

The most recent discovery, The Zoom Stealer, exposes around 2.2 million users to corporate espionage. These extensions masquerade as productivity tools or video downloaders while secretly harvesting corporate meeting links, credentials, and speaker profiles from more than 28 video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The extensions use real-time WebSocket connections to exfiltrate data to Firebase databases, such as zoocorder.firebaseio.com, and to Google Cloud functions, such as webinarstvus.cloudfunctions.net.

Tuesday the White House faces a deadline to decide "whether Chinese drone maker DJI Technologies poses a national security threat," reports Bloomberg. But their article notes it's "a decision with the potential to ground thousands of machines deployed by police and fire departments across the US."

One person making the case against the drones is Mike Nathe, a North Dakota Republican state representative described by the Post as "at the forefront of a nationwide campaign sounding alarms about the Made-in-China aircraft." Nathe tells them that "People do not realize the security issue with these drones, the amount of information that's being funneled back to China on a daily basis." The president already signed anexecutive orderin June targeting "foreign control or exploitation" of America's drone supply chain. That came after Congress mandated a review to determine whether DJI deserves inclusion in a federal register of companies believed to endanger national security. If DJI doesn't get a clean bill of health for Christmas, it could join Huawei Technologies Co. Ltd. and ZTE Corp.on that Federal Communications Commission list. The designation would give the Trump administration authority to prevent new domestic sales or even impose a flight ban, affecting public agencies from New York to North Dakota to Nevada...

The fleet used by public safety agencies nationwide exceeds about 25,000 aircraft, said Chris Fink, founder of Unmanned Vehicle Technologies LLC, a Fayetteville, Arkansas-based firm that advises law-enforcement clients. The overwhelming majority of those drones — called uncrewed aerial vehicles, or UAVs, in industry parlance — comes from China, said Jon Beal, president of theLaw Enforcement Drone Association, a training and advocacy group that counts DJI and some US competitors as corporate sponsors...

Currently, at least half a dozen states havetargeted DJIand other Chinese-manufactured drones, including restrictions in Arkansas, Mississippi and Tennessee. A Nevada law prohibiting public agencies from using Chinese drones took effect in January... Legislators also took up the cause in Connecticut, which passed a law this year preventing public offices from using Chinese drones. Supporters said they're worried about these eyes in the skies being used for spying. "We're kind of sitting ducks," said Bob Duff, the Democratic majority leader in the state senate who promoted the legislation. "They are designed to infiltrate systems even when the users don't think that they will."
One North Dakota sheriff's department complains U.S.-made drones are "at least double and triple the price out of the gate," according to the article, which adds that public safety officials "say it's difficult to find domestic alternatives that match DJI in price and performance."

And DJI "wants an extension on the security review," according to the article, "saying Tuesday is too soon to make a conclusion."

An anonymous reader shares a report: Browser extensions with more than 8 million installs are harvesting complete and extended conversations from users' AI conversations and selling them for marketing purposes, according to data collected from the Google and Microsoft pages hosting them.

Security firm Koi discovered the eight extensions, which as of late Tuesday night remained available in both Google's and Microsoft's extension stores. Seven of them carry "Featured" badges, which are endorsements meant to signal that the companies have determined the extensions meet their quality standards. The free extensions provide functions such as VPN routing to safeguard online privacy and ad blocking for ad-free browsing. All provide assurances that user data remains anonymous and isnâ(TM)t shared for purposes other than their described use.

LG smart TV owners discovered over the weekend that a recent webOS software update had quietly installed Microsoft Copilot on their devices, and the app cannot be uninstalled. Affected users report the feature appears automatically after installing the latest webOS update on certain models, sitting alongside streaming apps like Netflix and YouTube.

LG's support documentation confirms that certain preinstalled or system apps can only be hidden, not deleted. At CES 2025, LG announced plans to integrate Copilot into webOS as part of its "AI TV" strategy, describing it as an extension of its AI Search experience. The current implementation appears to function as a shortcut to a web-based Copilot interface rather than a native application. Samsung TVs include Google's Gemini in a similar fashion. Users wanting to avoid the feature entirely are left with one option: disconnecting their TV from the internet.