SC World reports: A new phishing scam targeting mobile devices was observed using a "never-before-seen" obfuscation method to hide links to spoofed United States Postal Service (USPS) pages inside PDF files, [mobile security company] Zimperium reported Monday.

The method manipulates elements of the Portable Document Format (PDF) to make clickable URLs appear invisible to both the user and mobile security systems, which would normally extract links from PDFs by searching for the "/URI" tag. "Our researchers verified that this method enabled known malicious URLs within PDF files to bypass detection by several endpoint security solutions. In contrast, the same URLs were detected when the standard /URI tag was used," Zimperium Malware Researcher Fernando Ortega wrote in a blog post.

The attackers send the malicious PDFs via SMS text messages under the guise of providing instructions to retrieve a USPS package that failed to deliver... The phishing websites first displays a form for the victim provide their mailing address, email address and telephone number, and then asks for credit card information to pay a $0.30 "service fee" for redelivery of the supposed package... Zimperium identified more than 20 versions of the malicious PDF files and 630 phishing pages associated with the scam operation. The phishing pages were also found to support 50 languages, suggestion international targeting and possible use of a phishing kit.
"Users' trust in the PDF file format and the limited ability of mobile users to view information about a file prior to opening it increase the risk of such phishing campaigns, Zimperium noted."

Thanks to Slashdot reader spatwei for sharing the news.

Slashdot reader jenningsthecat writes: 3D printer manufacturer Bambu Labs has faced a storm of controversy and protest after releasing a security update which many users claim is the first step in moving towards an HP-style subscription model.
Bambu Labs responded that there's misinformation circulating online, adding "we acknowledge that our communication might have contributed to the confusion." Bambu Labs spokesperson Nadia Yaakoubi did "damage control", answering questions from the Verge: Q: Will Bambu publicly commit to never requiring a subscription in order to control its printers and print from them over a home network?

A: For our current product line, yes. We will never require a subscription to control or print from our printers over a home network...

Q: Will Bambu publicly commit to never putting any existing printer functionality behind a subscription?

Yes...
Bambu's site adds that the security update "is beta testing, not a forced update. The choice is yours. You can participate in the beta program to help us refine these features, or continue using your current firmware."

Hackaday notes another wrinkle: This follows the original announcement which had the 3D printer community up in arms, and quickly saw the new tool that's supposed to provide safe and secure communications with Bambu Lab printers ripped apart to extract the security certificate and private key... As the flaming wreck that's Bambu Lab's PR efforts keeps hurtling down the highway of public opinion, we'd be remiss to not point out that with the security certificate and private key being easily obtainable from the Bambu Connect Electron app, there is absolutely no point to any of what Bambu Lab is doing.
The Verge asked Bambu Labs about that too: Q: Does the private key leaking change any of your plans?

No, this doesn't change our plans, and we've taken immediate action.
Bambu Labs had said their security update would "ensure only authorized access and operations are permitted," remembers Ars Technica. "This would, Bambu suggested, mitigate risks of 'remote hacks or printer exposure issues' and lower the risk of 'abnormal traffic or attacks.'" This was necessary, Bambu wrote, because of increases in requests made to its cloud services "through unofficial channels," targeted DDOS attacks, and "peaks of up to 30 million unauthorized requests per day" (link added by Bambu).
But Ars Technica also found some skepticism online: Repair advocate Louis Rossmann, noting Bambu's altered original blog post, uploaded a video soon after, "Bambu's Gaslighting Masterclass: Denying their own documented restrictions"... suggesting that the company was asking buyers to trust that Bambu wouldn't enact restrictive policies it otherwise wrote into its user agreements.
And Ars Technica also cites another skeptical response from a video posted by open source hardware hacker and YouTube creator Jeff Geerling: "Every IoT device has these problems, and there are better ways to secure things than by locking out access, or making it harder to access, or requiring their cloud to be integrated."

An anonymous reader quotes a report from Reuters: China's commerce ministry has proposed export restrictions on some technology used to make battery components and process critical minerals lithium and gallium, a document, opens new tab issued on Thursday showed. If implemented, they would be the latest in a series of export restrictions and bans targeting critical minerals and the technology used to process them, areas in which Beijing is globally dominant. Their announcement precedes the inauguration later this month of Donald Trump for a second term during which he is expected to use tariffs and various trade restrictions against other countries, in particular China. [...]

The proposed expansion and revisions of restrictions on technology used to extract and process lithium or prepare battery components could also hinder the overseas expansion plans of major Chinese battery makers, including CATL, Gotion, and EVE Energy. Some technologies to extract gallium would also be restricted. Thursday's announcement does not say when the proposed changes, which are open for public comment until Feb. 1, could come into force. Adam Webb, head of battery raw materials at consultancy Benchmark Mineral Intelligence, notes that China retains a 70% grip on the global processing of lithium into the material needed to make EV batteries. "These proposed measures would be a move to maintain this high market share and to secure lithium chemical production for China's domestic battery supply chains," he said. "Depending on the level of export restrictions imposed, this could pose challenges for Western lithium producers hoping to use Chinese technology to produce lithium chemicals."

"If NASA establishes a permanent presence on the moon, its astronauts' homes could be made of a new 3D-printable, waterless concrete," writes MIT Technology Review. "Someday, so might yours.

"By accelerating the curing process for more rapid construction, this sulfur-based compound could become just as applicable on our home terrain as it is on lunar soil..." Building a home base on the moon will demand a steep supply of moon-based infrastructure: launch pads, shelter, and radiation blockers. But shipping Earth-based concrete to the lunar surface bears a hefty price tag. Sending just 1 kilogram (2.2 pounds) of material to the moon costs roughly $1.2 million, says Ali Kazemian, a robotic construction researcher at Louisiana State University (LSU). Instead, NASA hopes to create new materials from lunar soil and eventually adapt the same techniques for building on Mars.

Traditional concrete requires large amounts of water, a commodity that will be in short supply on the moon and critically important for life support or scientific research, according to the American Society of Civil Engineers. While prior NASA projects have tested compounds that could be used to make "lunarcrete," they're still working to craft the right waterless material.

So LSU researchers are refining the formula, developing a new cement based on sulfur, which they heat until it's molten to bind material without the need for water. In recent work, the team mixed their waterless cement with simulated lunar and Martian soil to create a 3D-printable concrete, which they used to assemble walls and beams. "We need automated construction, and NASA thinks 3D printing is one of the few viable technologies for building lunar infrastructure," says Kazemian.

Beyond circumventing the need for water, the cement can handle wider temperature extremes and cures faster than traditional methods. The group used a pre-made powder for their experiments, but on the moon and Mars, astronauts might extract sulfur from surface soil.
Kazemian and his colleagues recently transferred the technology to NASA's Marshall Space Flight Center for further testing...

Primarily used by law enforcement, Graykey unlocks mobile devices to extract data from both Android and iOS systems, according to the blog AppleInsider, "though its effectiveness varies depending on the specific hardware and software involved." But while its capabilities are rarely disclosed, "a leak of some Grayshift's internal documents was recently reported on by 404 Media." According to the data, Graykey can only perform "partial" data retrieval from iPhones running iOS 18 and iOS 18.0.1. These versions were released in September and early October, respectively. A partial extraction likely includes unencrypted files and metadata, such as folder structures and file sizes, according to past reports. Notably, Graykey struggles with beta versions of iOS 18.1. Under the latest update, the tool fails to extract any data, as per the documents.

Meanwhile, Graykey's performance with Android phones varies, largely due to the diversity of devices and manufacturers. On Google's Pixel lineup, Graykey can only partially access data from the latest Pixel 9 when in an "After First Unlock" (AFU) state — where the phone has been unlocked at least once since being powered on.
Thanks to long-time Slashdot reader AmiMoJo for sharing the article.

"Spacecraft, satellites, and space-based systems all face cybersecurity threats that are becoming increasingly sophisticated and dangerous," reports CNBC.

"With interconnected technologies controlling everything from navigation to anti-ballistic missiles, a security breach could have catastrophic consequences." Critical space infrastructure is susceptible to threats across three key segments: in space, on the ground segment and within the communication links between the two. A break in one can be a cascading failure for all, said Wayne Lonstein, co-founder and CEO at VFT Solutions, and co-author of Cyber-Human Systems, Space Technologies, and Threats. "In many ways, the threats to critical infrastructure on Earth can cause vulnerabilities in space," Lonstein said. "Internet, power, spoofing and so many other vectors that can cause havoc in space," he added. The integration of artificial intelligence into space projects has heightened the risk of sophisticated cyber attacks orchestrated by state actors and individual hackers. AI integration into space exploration allows more decision-making with less human oversight.

For example, NASA is using AI to target scientific specimens for planetary rovers. However, reduced human oversight could make these missions more prone to unexplained and potentially calamitous cyberattacks, said Sylvester Kaczmarek, chief technology officer at OrbiSky Systems, which specializes in the integration of AI, robotics, cybersecurity, and edge computing in aerospace applications. Data poisoning, where attackers feed corrupted data to AI models, is one example of what could go wrong, Kaczmarek said. Another threat, he said, is model inversion, where adversaries reverse-engineer AI models to extract sensitive information, potentially compromising mission integrity. If compromised, AI systems could be used to interfere with or take control of strategically important national space missions...

The U.S. government is tightening up the integrity and security of AI systems in space. The 2023 Cyberspace Solarium Commission report stressed the importance of designating outer space as a critical infrastructure sector, urging enhanced cybersecurity protocols for satellite operators... The rivalry between the U.S. and China includes the new battleground of space. As both nations ramp up their space ambitions and militarized capabilities beyond Earth's atmosphere, the threat of cyberattacks targeting critical orbital assets has become an increasingly pressing concern... Space-based systems increasingly support critical infrastructure back on Earth, and any cyberattacks on these systems could undermine national security and economic interests.

An anonymous reader quotes a report from KrebsOnSecurity: The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. London-based Finastra has offices in 42 countries and reported $1.9 billion in revenues last year. The company employs more than 7,000 people and serves approximately 8,100 financial institutions around the world. A major part of Finastra's day-to-day business involves processing huge volumes of digital files containing instructions for wire and bank transfers on behalf of its clients.

On November 8, 2024, Finastra notified financial institution customers that on Nov. 7 its security team detected suspicious activity on Finastra's internally hosted file transfer platform. Finastra also told customers that someone had begun selling large volumes of files allegedly stolen from its systems. "On November 8, a threat actor communicated on the dark web claiming to have data exfiltrated from this platform," reads Finastra's disclosure, a copy of which was shared by a source at one of the customer firms. "There is no direct impact on customer operations, our customers' systems, or Finastra's ability to serve our customers currently," the notice continued. "We have implemented an alternative secure file sharing platform to ensure continuity, and investigations are ongoing." But its notice to customers does indicate the intruder managed to extract or "exfiltrate" an unspecified volume of customer data.

A new article at Reason.com argues that U.S. courts "are coming for digital libraries." In September, a federal appeals court dealt a major blow to the Internet Archive — one of the largest online repositories of free books, media, and software — in a copyright case with significant implications for publishers, libraries, and readers. The U.S. Court of Appeals for the 2nd Circuit upheld a lower court ruling that found the Internet Archive's huge, digitized lending library of copyrighted books was not covered by the "fair use" doctrine and infringed on the rights of publishers. Agreeing with the Archive's interpretation of fair use "would significantly narrow — if not entirely eviscerate — copyright owners' exclusive right to prepare derivative works," the 2nd Circuit ruled. "Were we to approve [Internet Archive's] use of the works, there would be little reason for consumers or libraries to pay publishers for content they could access for free."
Others disagree, according to some links shared in a recent email from the Internet Archive. Public Knowledge CEO Chris Lewis argues the court's logic renders the fair use doctrine "almost unusuable". And that's just the beginning... This decision harms libraries. It locks them into an e-book ecosystem designed to extract as much money as possible while harvesting (and reselling) reader data en masse. It leaves local communities' reading habits at the mercy of curatorial decisions made by four dominant publishing companies thousands of miles away. It steers Americans away from one of the few remaining bastions of privacy protection and funnels them into a surveillance ecosystem that, like Big Tech, becomes more dangerous with each passing data breach.
But lawyer/librarian Kyle K. Courtney writes that the case "is specific only to the parties, and does not impact the other existing versions of controlled digital lending." Additionally, this decision is limited to the 2nd Circuit and is not binding anywhere else — in other words, it does not apply to the 47 states outside the 2nd Circuit's jurisdiction. In talking with colleagues in the U.S. this week and last, many are continuing their programs because they believe their digital loaning programs fall outside the scope of this ruling... Moreover, the court's opinion focuses on digital books that the court said "are commercially available for sale or license in any electronic text format." Therefore, there remains a significant number of materials in library collections that have not made the jump to digital, nor are likely to, meaning that there is no ebook market to harm — nor is one likely to emerge for certain works, such as those that are no longer commercially viable...

This case represents just one instance in an ongoing conversation about library lending in the digital age, and the possibility of appeal to the U.S. Supreme Court means the final outcome is far from settled.
Some more quotes from links shared by Internet Archive:

• "It was clear that the only reason all the big publishers sued the Internet Archive was to put another nail in the coffin of libraries and push to keep this ebook licensing scheme grift going. Now the courts have helped." — TechDirt

• "The case against the Internet Archive is not just a story about the ruination of an online library, but a grander narrative of our times: how money facilitates the transference of knowledge away from the public, back towards the few." — blogger Hannah Williams

Thanks to Slashdot reader fjo3 for sharing the news.

Sodium-ion batteries are cheaper than lithium-ion batteries — and they're also more environmentally friendly. And "In the past few years, sodium-ion battery production has increased in the United States," reports the Washington Post, with a new factory planned to manufacture them "in the same way as lithium-ion batteries, just with different ingredients. Instead of using expensive materials like lithium, nickel and cobalt, these will be made of sodium, iron and manganese..." Last month, sodium-ion battery manufacturer Natron Energy announced it would open a "gigafactory" in North Carolina that would produce 24 gigawatt hours of batteries annually, enough energy to charge 24,000 electric vehicles. But sodium-ion batteries are still early in their development compared with lithium-ion, and they have yet to hit the market on a massive scale.

"It's unlikely sodium-ion could displace lithium-ion anytime soon," said Keith Beers, polymer science and materials chemistry principal engineer at technical consultancy firm Exponent... The biggest limitation of sodium-ion batteries is their weight. Sodium weighs nearly three times as much as lithium, and it cannot store the same amount of energy. As a result, sodium-ion batteries tend to be larger. Jens Peters, an economics professor at the University of Alcalá in Madrid, said the energy density could be improved over time in sodium-ion batteries. But, he added, "what we found out so far in our assessments is that it is not a game changer."

Sodium-ion batteries are touted to be the environmentally friendly alternative to their lithium-ion counterparts, thanks to their raw materials. Sodium, iron and manganese are all abundant elements on the planet, so they require less energy to extract and cost less... Sodium-ion batteries also last longer than lithium-ion ones because they can withstand more charge cycles, said Wendell Brooks, co-CEO of Natron Energy. "Our product can have millions of cycles," said Brooks, "where lithium-ion would have three to five thousand cycles and wear out a lot faster...." Sodium-ion batteries aren't the best fit for smartphones or electric vehicles, which need to store lots of energy. However, one advantage is their low cost. And they could be a good candidate in situations where the size of the battery isn't a concern, like energy storage. "When something is built out to support grid or backup storage, it doesn't need to be very dense. It's staying put," Beers said.
Natron will invest nearly $1.4 billion in the factory "to meet the rapidly expanding demand for critical power, industrial and grid energy storage solutions," according to their announcement.

"Natron's high-performance sodium-ion batteries outperform lithium-ion batteries in power density and recharging speed, do not require lithium, cobalt, copper, or nickel, and are non-flammable... Natron's batteries are the only UL-listed sodium-ion batteries on the market today, and will be delivered to a wide range of customer end markets in the industrial power space, including data centers, mobility, EV fast charging, microgrids, and telecom, among others."

An anonymous reader quotes a report from the European Space Agency: White dots arranged in five clusters against a black background (PNG). This is the simulated extraterrestrial signal transmitted from Mars and deciphered by a father and a daughter on Earth after a year-long decoding effort. On June 7, 2024, media artist Daniela de Paulis received this simple, retro-looking image depicting five amino acids in her inbox. It was the solution to a cosmic puzzle beamed from ESA's ExoMars Trace Gas Orbiter (TGO) in May 2023, when the European spacecraft played alien as part of the multidisciplinary art project 'A Sign in Space.' After three radio astronomy observatories on Earth intercepted the signal, the challenge was first to extract the message from the raw data of the radio signal, and secondly to decode it. In just 10 days, a community of 5000 citizen scientists gathered online and managed to extract the signal. The second task took longer and required some visionary minds.

US citizens Ken and Keli Chaffin cracked the code following their intuition and running simulations for hours and days on end. The father and daughter team discovered that the message contained movement, suggesting some sort of cellular formation and life forms. Amino acids and proteins are the building blocks of life. Now that the cryptic signal has been deciphered, the quest for meaning begins. The interpretation of the message, like any art piece, remains open. Daniela crafted the message with a small group of astronomers and computer scientists, with support from ESA, the SETI Institute and the Green Bank Observatory. The artist and collaborators behind the project are now taking a step back and witnessing how citizen scientists are shaping the challenge on their own.

An anonymous reader quotes a report from Ars Technica: It's been just a week since US telecom regulators announced a formal inquiry into broadband data caps, and the docket is filling up with comments from users who say they shouldn't have to pay overage charges for using their Internet service. The docket has about 190 comments so far, nearly all from individual broadband customers.

Federal Communications Commission dockets are usually populated with filings from telecom companies, advocacy groups, and other organizations, but some attract comments from individual users of telecom services. The data cap docket probably won't break any records given that the FCC has fielded many millions of comments on net neutrality, but it currently tops the agency's list of most active proceedings based on the number of filings in the past 30 days. "Data caps, especially by providers in markets with no competition, are nothing more than an arbitrary money grab by greedy corporations. They limit and stifle innovation, cause undue stress, and are unnecessary," wrote Lucas Landreth.

"Data caps are as outmoded as long distance telephone fees," wrote Joseph Wilkicki. "At every turn, telecommunications companies seek to extract more revenue from customers for a service that has rapidly become essential to modern life." Pointing to taxpayer subsidies provided to ISPs, Wilkicki wrote that large telecoms "have sought every opportunity to take those funds and not provide the expected broadband rollout that we paid for."

In response to Trump-appointed FCC Commissioner Nathan Simington's coffee refill analogy, internet users "Jonathan Mnemonic" and James Carter wrote, "Coffee is not, in fact, internet service." They added: "Cafes are not able to abuse monopolistic practices based on infrastructural strangleholds. To briefly set aside the niceties: the analogy is absurd, and it is borderline offensive to the discerning layperson."

An anonymous reader quotes a report from Ars Technica: Recently, AI researcher Simon Willison wanted to add up his charges from using a cloud service, but the payment values and dates he needed were scattered among a dozen separate emails. Inputting them manually would have been tedious, so he turned to a technique he calls "video scraping," which involves feeding a screen recording video into an AI model, similar to ChatGPT, for data extraction purposes. What he discovered seems simple on its surface, but the quality of the result has deeper implications for the future of AI assistants, which may soon be able to see and interact with what we're doing on our computer screens.

"The other day I found myself needing to add up some numeric values that were scattered across twelve different emails," Willison wrote in a detailed post on his blog. He recorded a 35-second video scrolling through the relevant emails, then fed that video into Google's AI Studio tool, which allows people to experiment with several versions of Google's Gemini 1.5 Pro and Gemini 1.5 Flash AI models. Willison then asked Gemini to pull the price data from the video and arrange it into a special data format called JSON (JavaScript Object Notation) that included dates and dollar amounts. The AI model successfully extracted the data, which Willison then formatted as CSV (comma-separated values) table for spreadsheet use. After double-checking for errors as part of his experiment, the accuracy of the results -- and what the video analysis cost to run -- surprised him.

"The cost [of running the video model] is so low that I had to re-run my calculations three times to make sure I hadn't made a mistake," he wrote. Willison says the entire video analysis process ostensibly cost less than one-tenth of a cent, using just 11,018 tokens on the Gemini 1.5 Flash 002 model. In the end, he actually paid nothing because Google AI Studio is currently free for some types of use.

Digital River has not paid numerous merchants since midsummer for software and digital products they sold through its MyCommerce platform. The Register: "After over 20 years of partnership with Digital River, Traction Software Ltd has been left feeling as though we've been 'rug pulled,'" Lee Midgley, managing director of Traction Software, told The Register. "For the past three months, we've experienced a complete halt in software sales revenue payments with no support, no direct contact, and only additional terms and conditions designed to delay resolution and extract more money from us.

"Astonishingly, Digital River continued to take sales from our loyal customers until we removed them from the order system. It now appears they have no intention of making payments and may be entering a liquidation process under a new CEO who has been involved in similar situations before."

The new CEO, Barry Kasoff, was first noted on the e-commerce biz website in August. Kasoff is also listed as the president of Realization Services, "a full-service strategic consulting firm specializing in turnaround management and value enhancement..." The privately-owned, Minnesota-based business appears to have laid off a significant number of employees, presumably the result of what its UK subsidiary describes as cost reduction initiatives implemented in late 2022.

David Heinemeier Hansson, creator of Ruby on Rails and co-founder and chief technology officer of Basecamp-maker 37signals, has criticized Automattic's demand for 8% of vendor WP Engine's revenues as a violation of open source principles and the GPL license. He argues this, among other things, undermines the clarity and certainty of open source licensing, threatening its integrity beyond WordPress. He writes: Ruby on Rails, the open-source web framework I created, has been used to create businesses worth hundreds of billions of dollars combined. Some of those businesses express their gratitude and self-interest by supporting the framework with dedicated developers, membership of The Rails Foundation, or conference sponsorships. But many also do not! And that is absolutely their right, even if it occasionally irks a little.

That's the deal. That's open source. I give you a gift of code, you accept the terms of the license. There cannot be a second set of shadow obligations that might suddenly apply, if you strike it rich using the software. Then the license is meaningless, the clarity all muddled, and certainty lost.

Look, Automattic can change their license away from the GPL any time they wish. The new license will only apply to new code, though, and WP Engine, or anyone else, are eligible to fork the project. That's what happened with Redis after Redis Labs dropped their BSD license and went with a commercial source-available alternative. Valkey was forked from the last free Redis version, and now that's where anyone interested in an open-source Redis implementation is likely to go.

But I suspect Automattic wants to have their cake and eat it too. They want to retain WordPress' shine of open source, but also be able to extract their pound of flesh from any competitor that might appear, whenever they see fit. Screw that.

Researchers propose a "deceptively simple" way to sequester carbon, reports the Washington Post: burying wood underground: Forests are Earth's lungs, sucking up six times more carbon dioxide (CO2) than the amount people pump into the atmosphere every year by burning coal and other fossil fuels. But much of that carbon quickly makes its way back into the air once insects, fungi and bacteria chew through leaves and other plant material. Even wood, the hardiest part of a tree, will succumb within a few decades to these decomposers. What if that decay could be delayed? Under the right conditions, tons of wood could be buried underground in wood vaults, locking in a portion of human-generated CO2 for potentially thousands of years.

While other carbon-capture technologies rely on expensive and energy-intensive machines to extract CO2, the tools for putting wood underground are simple: a tractor and a backhoe.

Finding the right conditions to impede decomposition over millennia is the tough part. To test the idea, [Ning Zeng, a University of Maryland climate scientist] worked with colleagues in Quebec to entomb wood under clay soil on a crop field about 30 miles east of Montreal... But when the scientists went digging in 2013, they uncovered something unexpected: A piece of wood already buried about 6½ feet underground. The craggy, waterlogged piece of eastern red cedar appeared remarkably well preserved. "I remember standing there looking at other people, thinking, 'Do we really need to continue this experiment?'" Zeng recalled. "Because here's the evidence...."

Radiocarbon dating revealed the log to be 3,775 years old, give or take a few decades. Comparing the old chunk of wood to a freshly cut piece of cedar showed the ancient log lost less than 5 percent of its carbon over the millennia. The log was surrounded by stagnant, oxygen-deprived groundwater and covered by an impermeable layer of clay, preventing fungi and insects from consuming the wood. Lignin, a tough material that gives trees their strength, protected the wood's carbohydrates from subterranean bacteria...

The researchers estimate buried wood can sequester up 10 billion tons of CO2 per year, which is more than a quarter of annual global emissions from energy, according to the International Energy Agency.

The Department of Justice has filed an antitrust lawsuit against Visa, alleging that the financial services firm has an illegal monopoly over debit network markets and has attempted to unlawfully crush competitors, including fintech companies like PayPal and Square. From a report: The lawsuit follows a multiyear investigation of Visa which the company disclosed in 2021. "We allege that Visa has unlawfully amassed the power to extract fees that far exceed what it could charge in a competitive market," Attorney General Merrick Garland said in a statement. "Merchants and banks pass along those costs to consumers, either by raising prices or reducing quality or service. As a result, Visa's unlawful conduct affects not just the price of one thing -- but the price of nearly everything."

Visa makes more than $7 billion a year in payment processing fees alone, and more than 60 percent of debit transactions in the United States run on Visa's network, the complaint claims. The government alleges that Visa's market dominance is partly due to the "web of exclusionary agreements" it imposes on businesses and banks. Visa has also attempted to "smother" competitors -- including smaller debit networks and newer fintech companies -- the complaint alleges. Visa executives allegedly feel particularly threatened by Apple, which the company has described as an "existential threat," the DOJ claims.

Redmonk's latest programming language ranking (attempting to gauge "potential future adoption trends") has found evidence of "a landscape resistant to change." Outside of CSS moving down a spot and C++ moving up one, the Top 10 was unchanged. And even in the back half of the rankings, where languages tend to be less entrenched and movement is more common, only three languages moved at all... There are a few signs of languages following in TypeScript's footsteps and working their way up the path, both in the Top 20 and at the back end of the Top 100 as we'll discuss shortly, but they're the exception that proves the rule.

It's possible that we'll see more fluid usage of languages, and increased usage of code assistants would theoretically make that much more likely, but at this point it's a fairly static status quo. With that, some results of note:

- TypeScript (#6): technically TypeScript didn't move, as it was ranked sixth in our last run, but this is the first quarter in which is has been the sole occupant of that spot. CSS, in this case, dropped one place to seven leaving TypeScript just outside the Top 5. It will be interesting to see whether or not it has more momentum to expend or whether it's topped out for the time being.

- Kotlin (#14) / Scala (#14): both of these JVM-based languages jumped up a couple of spots — two spots in Scala's case and three for Kotlin. Scala's rise is notable because it had been on something of a downward trajectory from a one time high of 12th, and Kotlin's placement is a mild surprise because it had spent three consecutive runs not budging from 17, only to make the jump now. The tie here, meanwhile, is interesting because Scala's long history gives it an accretive advantage over Kotlin's more recent development, but in any case the combination is evidence of the continued staying power of the JVM.

- Objective C (#17): speaking of downward trajectories and the 17th placement on this list, Objective C's slide that began in mid-2018 continued and left the language with its lowest placement in these rankings to date at #17. That's still an enormously impressive achievement, of course, and there are dozens of languages that would trade their usage for Objective C's, but the direction of travel seems clear.

- Dart (#19) / Rust (#19): while once grouped with Kotlin as up and coming languages driven by differing incentives and trends, Dart and Rust have not been able to match the ascent of their counterpart with five straight quarters of no movement. That's not necessarily a negative; as with Objective C, these are still highly popular languages and communities, but it's worth questioning whether new momentum will arrive and from where, particularly because the communities are experiencing some friction in growing their usage.
It's important to remember Redmonk's methodology. "We extract language rankings from GitHub and Stack Overflow, and combine them for a ranking that attempts to reflect both code (GitHub) and discussion (Stack Overflow) traction. The idea is not to offer a statistically valid representation of current usage, but rather to correlate language discussion and usage in an effort to extract insights into potential future adoption trends."

Having said that, here's the current top ten in Redmonk's ranking:

1. JavaScript
2. Python
3. Java
4. PHP
5. C#
6. TypeScript
7. CSS
8. C++
9. Ruby
10. C

Their announcement also notes that at the other end of the list, the programming language Bicep "jumped eight spots to #78 and Zig 10 to #87. That progress pales next to Ballerina, however, which jumped from #80 to #61 this quarter. The general purpose language from WS02, thus, is added to the list of potential up and comers we're keeping an eye on."

Sweden's Enerpoly has opened the world's first zinc-ion battery megafactory near Stockholm, aiming for a 100 MWh annual capacity by 2026. "According to Enerpoly, this megafactory will serve Europe's needs for safe energy storage, and also utilize an all-European supply chain to boot," reports New Atlas. From the report: If you're wondering why Enerpoly is bothering with zinc-ion and not lithium-ion batteries, it's because the former is a better choice for storage in several ways:

- They use a water-based electrolyte, which makes them non-flammable, and reduces the risk of fires and explosions.
- They're less expensive, because zinc is far more abundant than lithium (which is difficult and expensive to extract), and easier to handle. They can also operate across a wider temperature range and require less maintenance, making them cheaper than lithium-ion options.
- They're more eco-friendly for the same reason. In contrast, extracting lithium currently requires extensive mining as well as the use of massive evaporation ponds before processing even begins.
- They're said to last a whole lot longer. According to the International Zinc Association, a nonprofit trade association which counts Enerpoly as a member, zinc-based batteries can last up to 20 years, while lithium batteries manage about 12 years. The downside? They have a lower energy density than something like a Tesla 4680 battery, making them ideal for applications like load shifting and grid resilience.

Toyota confirmed a breach of its network after 240GB of data, including employee and customer information, was leaked on a hacking forum by a threat actor. The company has not provided details on how or when the breach occurred. BleepingComputer reports: ZeroSevenGroup (the threat actor who leaked the stolen data) says they breached a U.S. branch and were able to steal 240GB of files with information on Toyota employees and customers, as well as contracts and financial information. They also claim to have collected network infrastructure information, including credentials, using the open-source ADRecon tool that helps extract vast amounts of information from Active Directory environments.

"We have hacked a branch in United States to one of the biggest automotive manufacturer in the world (TOYOTA). We are really glad to share the files with you here for free. The data size: 240 GB," the threat actor claims. "Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network infrastructure, Emails, and a lot of perfect data. We also offer you AD-Recon for all the target network with passwords." While Toyota hasn't shared the date of the breach, BleepingComputer found that the files had been stolen or at least created on December 25, 2022. This date could indicate that the threat actor gained access to a backup server where the data was stored. "We are aware of the situation. The issue is limited in scope and is not a system wide issue," Toyota told BleepingComputer. The company added that it's "engaged with those who are impacted and will provide assistance if needed."

Google is rolling out a new feature for Google Wallet that uses AI to generate a digital version of IDs, tickets, and other passes. "Replacing the old 'Photo' option, Everything else lets you 'Scan a photo of any pass like an event ticket, gym membership, insurance card, and more' to create a digital version that appears in Google Wallet," writes 9to5Google's Abner Li. "The app explains how AI is leveraged to 'determine what kind of pass you're adding and to suggest the content of the pass.'" From the report: If you're adding something sensitive with health or government ID information, it will be classified as private and not get synced to other devices, while authentication is required before opening. However, you can change the private pass classification later. After taking a picture of the pass, Google will extract the information and let you edit common fields, as well as add your own. At this stage, you can change the pass type [...]. When finalized, it will appear below your carousel of credit/debit cards. Google will let you access the original "Pass photos" when viewing the digital copy.