Elon Musk's Boring Company plans to build a 10-mile underground transportation loop in Nashville connecting the airport to downtown, with private funding and a projected launch as early as fall 2026. "If that happens, Nashville would become the second city where The Boring Company has opened such a system, with the first being Las Vegas," notes TechCrunch. "The company has spent the last few years in Sin City digging and opening tunnels around the Las Vegas Convention Center, and claims to have given 3 million rides in Teslas to date." From the report: The project will be privately funded by The Boring Company "and its private partners," according to the Governor's press release, though those partners are not named. The Boring Company and local officials will now begin a "public process to evaluate potential routes, engage community stakeholders, and finalize plans for the project's initial 10-mile phase." Construction won't begin until the project clears the approvals process. But the governor's office said the first segment of the loop could be operational as "early as fall of 2026."

Brian Krebs writes via KrebsOnSecurity: Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites. The scam begins with deceptive ads posted on social media that claim the wagering sites are working in partnership with popular social media personalities, such as Mr. Beast, who recently launched a gaming business called Beast Games. The ads invariably state that by using a supplied "promo code," interested players can claim a $2,500 credit on the advertised gaming website.

The gaming sites all require users to create a free account to claim their $2,500 credit, which they can use to play any number of extremely polished video games that ask users to bet on each action. At the scam website gamblerbeast[.]com, for example, visitors can pick from dozens of games like B-Ball Blitz, in which you play a basketball pro who is taking shots from the free throw line against a single opponent, and you bet on your ability to sink each shot. The financial part of this scam begins when users try to cash out any "winnings." At that point, the gaming site will reject the request and prompt the user to make a "verification deposit" of cryptocurrency -- typically around $100 -- before any money can be distributed. Those who deposit cryptocurrency funds are soon asked for additional payments. However, any "winnings" displayed by these gaming sites are a complete fantasy, and players who deposit cryptocurrency funds will never see that money again. Compounding the problem, victims likely will soon be peppered with come-ons from "recovery experts" who peddle dubious claims on social media networks about being able to retrieve funds lost to such scams. [...]

[T]hreat hunting platform Silent Push reveals at least 1,270 recently-registered and active domains whose names all invoke some type of gaming or wagering theme. Here is a list of all domains that Silent Push found were using the scambling network's chat API.

An anonymous reader shares an analysis: In most major aviation markets, including the U.S. and Europe, competition is an oligopolistic affair, with several large airlines competing for market share. India's domestic sector, however, is increasingly characterized by the ascent of a single airline.

Low-cost carrier IndiGo has achieved an extraordinary concentration of the market, capturing approximately 64.4% of all passenger traffic as of May. More strikingly, the airline operates with a near-monopoly on 66% of its domestic routes, facing little to no direct competition in a significant portion of its network.

This position is the culmination of a decade-long expansion that saw the exit of rivals like Jet Airways and GoAir. Today, its remaining competitors continue to struggle; SpiceJet's domestic market share has fallen to just 2% while it operates a reduced fleet of only 19 aircraft. Air India, despite its acquisition by the Tata Group in 2022, has been slow in its restructuring and continues to cede domestic ground, with the flag carrier remaining unprofitable.

New submitter Pravetz-82 shares a report from Politico: A cyberattack on Russian state-owned flagship carrier Aeroflot caused a mass outage to the company's computer systems on Monday, Russia's prosecutor's office said, forcing the airline to cancel more than 100 flights and delay others. Ukrainian hacker group Silent Crow and Belarusian hacker activist group the Belarus Cyber-Partisans, which opposes the rule of Belarusian President Alexander Lukashenko, claimed responsibility for the cyberattack. Images shared on social media showed hundreds of delayed passengers crowding Moscow's Sheremetyevo airport, where Aeroflot is based. The outage also disrupted flights operated by Aeroflot's subsidiaries, Rossiya and Pobeda. While most of the flights affected were domestic, the disruption also led to cancellations for some international flights to Belarus, Armenia and Uzbekistan.

Silent Crow claimed it had accessed Aeroflot's corporate network for a year, copying customer and internal data, including audio recordings of phone calls, data from the company's own surveillance on employees and other intercepted communications. "All of these resources are now inaccessible or destroyed and restoring them will possibly require tens of millions of dollars. The damage is strategic," the channel purporting to be the Silent Crow group wrote on Telegram. There was no way to independently verify its claims. The same channel also shared screenshots that appeared to show Aeroflot's internal IT systems, and insinuated that Silent Crow could begin sharing the data it had seized in the coming days. "The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip -- albeit without luggage and to the same destination," it said. The Belarus Cyber-Partisans told The Associated Press that they had hoped to "deliver a crushing blow." Russia's Prosecutor's Office said it had opened a criminal investigation. Meanwhile, Kremlin spokesperson Dmitry Peskov called reports of the cyberattack "quite alarming," adding that "the hacker threat is a threat that remains for all large companies providing services to the general public."

This week Google's Open Source Security Team announced "a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts.

It includes automation to derive declarative build definitions, new "build observability and verification tools" for security teams, and even "infrastructure definitions" to help organizations rebuild, sign, and distribute provenance by running their own OSS Rebuild instances. (And as part of the initiative, the team also published SLSA Provenance attestations "for thousands of packages across our supported ecosystems.") Our aim with OSS Rebuild is to empower the security community to deeply understand and control their supply chains by making package consumption as transparent as using a source repository. Our rebuild platform unlocks this transparency by utilizing a declarative build process, build instrumentation, and network monitoring capabilities which, within the SLSA Build framework, produces fine-grained, durable, trustworthy security metadata. Building on the hosted infrastructure model that we pioneered with OSS Fuzz for memory issue detection, OSS Rebuild similarly seeks to use hosted resources to address security challenges in open source, this time aimed at securing the software supply chain... We are committed to bringing supply chain transparency and security to all open source software development. Our initial support for the PyPI (Python), npm (JS/TS), and Crates.io (Rust) package registries — providing rebuild provenance for many of their most popular packages — is just the beginning of our journey...

OSS Rebuild helps detect several classes of supply chain compromise:

- Unsubmitted Source Code: When published packages contain code not present in the public source repository, OSS Rebuild will not attest to the artifact.

- Build Environment Compromise: By creating standardized, minimal build environments with comprehensive monitoring, OSS Rebuild can detect suspicious build activity or avoid exposure to compromised components altogether.

- Stealthy Backdoors: Even sophisticated backdoors like xz often exhibit anomalous behavioral patterns during builds. OSS Rebuild's dynamic analysis capabilities can detect unusual execution paths or suspicious operations that are otherwise impractical to identify through manual review.


For enterprises and security professionals, OSS Rebuild can...

— Enhance metadata without changing registries by enriching data for upstream packages. No need to maintain custom registries or migrate to a new package ecosystem.

— Augment SBOMs by adding detailed build observability information to existing Software Bills of Materials, creating a more complete security picture...

- Accelerate vulnerability response by providing a path to vendor, patch, and re-host upstream packages using our verifiable build definitions...


The easiest (but not only!) way to access OSS Rebuild attestations is to use the provided Go-based command-line interface.
"With OSS Rebuild's existing automation for PyPI, npm, and Crates.io, most packages obtain protection effortlessly without user or maintainer intervention."

Long-time Slashdot reader hackingbear writes: China's Huawei Technologies showed off an AI computing system on Saturday that can rival Nvidia's most advanced offering, even though the company faces U.S. export restrictions. The CloudMatrix 384 system made its first public debut at the World Artificial Intelligence Conference (WAIC), a three-day event in Shanghai where companies showcase their latest AI innovations, drawing a large crowd to the company's booth. The CloudMatrix 384 incorporates 384 of Huawei's latest 910C chips, optically connected through an all-to-all topology, and outperforms Nvidia's GB200 NVL72 on some metrics, which uses 72 B200 chips, according to SemiAnalysis. A full CloudMatrix system can now deliver 300 PFLOPs of dense BF16 compute, almost double that of the GB200 NVL72. With more than 3.6x aggregate memory capacity and 2.1x more memory bandwidth, Huawei and China "now have AI system capabilities that can beat Nvidia's," according to a report by SemiAnalysis.

The trade-off is that it takes 4.1x the power of a GB200 NVL72, with 2.5x worse power per FLOP, 1.9x worse power per TB/s memory bandwidth, and 1.2x worse power per TB HBM memory capacity, but SemiAnalysis noted that China has no power constraints only chip constraints. Nvidia had announced DGX H100 NVL256 "Ranger" Platform [with 256 GPUs], SemiAnalysis writes, but "decided to not bring it to production due to it being prohibitively expensive, power hungry, and unreliable due to all the optical transceivers required and the two tiers of network. The CloudMatrix Pod requires an incredible 6,912 400G LPO transceivers for networking, the vast majority of which are for the scaleup network."


Also at this event, Chinese e-commerce giant Alibaba released a new flagship open-source reasoning model Qwen3-235B-A22B-Thinking-2507 which has "already topped key industry benchmarks, outperforming powerful proprietary systems from rivals like Google and OpenAI," according to industry reports. On the AIME25 benchmark, a test designed to evaluate sophisticated, multi-step problem-solving skills, Qwen3-Thinking-2507 achieved a remarkable score of 92.3. This places it ahead of some of the most powerful proprietary models, notably surpassing Google's Gemini-2.5 Pro, while Qwen3-Thinking secured a top score of 74.1 at LiveCodeBench, comfortably ahead of both Gemini-2.5 Pro and OpenAI's o4-mini, demonstrating its practical utility for developers and engineering teams.

"A Chinese mega-constellation of communications satellites is facing serious delays," reports the South China Morning Post, "that could jeopardise its ambitions to compete with SpaceX's Starlink for valuable orbital resources." Only 90 satellites have been launched into low Earth orbit for the Qianfan broadband network — also known as the Thousand Sails Constellation or G60 Starlink — well short of the project's goal of 648 by the end of this year... Shanghai Yuanxin Satellite Technology, the company leading the project, plans to deploy more than 15,000 satellites by 2030 to deliver direct-to-phone internet services worldwide. To stay on track, Yuanxin — which is backed by the Shanghai municipal government — would have to launch more than 30 satellites a month to achieve its milestones of 648 by the end of 2025 for regional coverage and 1,296 two years later for global connectivity.
The New York Times reports that "the other megaconstellation, Guowang, is even farther behind. Despite plans to launch about 13,000 satellites within the next decade, it has 34 in orbit." A constellation has to launch half of its satellites within five years of successfully applying for its frequencies, and complete the full deployment within seven years, according to rules set by the International Telecommunication Union, a United Nations agency that allocates frequencies. The Chinese megaconstellations are behind on these goals. Companies that fail to hit their targets could be required to reduce the size of their megaconstellations.
Meanwhile SpaceX "has about 8,000 Starlink satellites in orbit and is expanding its lead every month," the Times writes, citing data from the U.S. Space Force and the nonprofit space-data group CelesTrak. (The Times has even created an animation showing Starlink's 8,000 satellites in orbit.) Researchers for the People's Liberation Army predict that the network will become "deeply embedded in the U.S. military combat system." They envision a time when Starlink satellites connect U.S. military bases and serve as an early missile-warning and interception network....

One of the major reasons for China's delay is the lack of a reliable, reusable launcher. Chinese companies still launch satellites using single-use rockets. After the satellites are deployed, rocket parts tumble back to Earth or become space debris... Six years after [SpaceX's] Falcon 9 began launching Starlink satellites, Chinese firms still have no answer to it... The government has tested nearly 20 rocket launchers in the "Long March" series.

The vulnerability-watching "Zero Day Initiative" was started in 2005 as a division of 3Com, then acquired in 2015 by cybersecurity company Trend Micro, according to Wikipedia.

But the Register reports today that the initiative's head of threat awareness is now concerned about the source for that exploit of Microsoft's Sharepoint servers: How did the attackers, who include Chinese government spies, data thieves, and ransomware operators, know how to exploit the SharePoint CVEs in such a way that would bypass the security fixes Microsoft released the following day? "A leak happened here somewhere," Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative, told The Register. "And now you've got a zero-day exploit in the wild, and worse than that, you've got a zero-day exploit in the wild that bypasses the patch, which came out the next day...."

Patch Tuesday happens the second Tuesday of every month — in July, that was the 8th. But two weeks before then, Microsoft provides early access to some security vendors via the Microsoft Active Protections Program (MAPP). These vendors are required to sign a non-disclosure agreement about the soon-to-be-disclosed bugs, and Microsoft gives them early access to the vulnerability information so that they can provide updated protections to customers faster....

One researcher suggests a leak may not have been the only pathway to exploit. "Soroush Dalili was able to use Google's Gemini to help reproduce the exploit chain, so it's possible the threat actors did their own due diligence, or did something similar to Dalili, working with one of the frontier large language models like Google Gemini, o3 from OpenAI, or Claude Opus, or some other LLM, to help identify routes of exploitation," Tenable Research Special Operations team senior engineer Satnam Narang told The Register. "It's difficult to say what domino had to fall in order for these threat actors to be able to leverage these flaws in the wild," Narang added.

Nonetheless, Microsoft did not release any MAPP guidance for the two most recent vulnerabilities, CVE-2025-53770 and CVE-2025-53771, which are related to the previously disclosed CVE-2025-49704 and CVE-2025-49706. "It could mean that they no longer consider MAPP to be a trusted resource, so they're not providing any information whatsoever," Childs speculated. [He adds later that "If I thought a leak came from this channel, I would not be telling that channel anything."]

"It also could mean that they're scrambling so much to work on the fixes they don't have time to notify their partners of these other details.

Since 2010 Stack Exchange has run all its sites on physical hardware in New Jersey — about 50 different servers. (When Ryan Donovan joined in 2019, "I saw the original server mounted on a wall with a laudatory plaque like a beloved pet.") But this month everything moved to the cloud, a new blog post explains. "Our servers are now cattle, not pets. Nobody is going to have to drive to our New Jersey data center and replace or reboot hardware..." Over the years, we've shared glamor shots of our server racks and info about updating them. For almost our entire 16-year existence, the SRE team has managed all datacenter operations, including the physical servers, cabling, racking, replacing failed disks and everything else in between. This work required someone to physically show up at the datacenter and poke the machines... [O]n July 2nd, in anticipation of the datacenter's closure, we unracked all the servers, unplugged all the cables, and gave these once mighty machines their final curtain call...

We moved Stack Overflow for Teams to Azure in 2023 and proved we could do it. Now we just had to tackle the public sites (Stack Overflow and the Stack Exchange network), which is hosted on Google Cloud. Early last year, our datacenter vendor in New Jersey decided to shut down that location, and we needed to be out by July 2025. Our other datacenter — in Colorado — was decommissioned in June. It was primarily for disaster recovery, which we didn't need any more. Stack Overflow no longer has any physical datacenters or offices; we are fully in the cloud and remote...!

[O]ur Staff Site Reliability Engineer, got a little wistful. "I installed the new web tier servers a few years ago as part of planned upgrades," he said. "It's bittersweet that I'm the one deracking them also." It's the IT version of Old Yeller.
There's photos of the 50 servers, as well as the 400+ cables connecting them, all of which wound up in a junk pile. "For security reasons (and to protect the PII of all our users and customers), everything was being shredded and/or destroyed. Nothing was being kept... Ever have difficulty disconnecting an RJ45 cable? Well, here was our opportunity to just cut the damn things off instead of figuring out why the little tab wouldn't release the plug."

The Internet Archive has received federal depository library status from California Sen. Alex Padilla, joining a network of over 1,100 libraries that archive government documents and make them accessible to the public. Padilla made the designation in a letter to the Government Publishing Office, which oversees the program.

The San Francisco-based nonprofit organization already operates Democracy's Library, a free online compendium of government research and publications launched in 2022. Founder Brewster Kahle said the new designation makes it easier to work with other federal depository libraries and provides more reliable access to government materials for digitization and distribution.

Under federal law, members of Congress can designate up to two qualified libraries for federal depository status.

American Airlines Chief Executive Robert Isom criticized the use of AI in setting air fares during an earnings call, calling the practice "inappropriate" and a "bait and switch" move that could trick travelers. Isom's comments target Delta Air Lines, which is testing AI to help set pricing on about 3% of its network today with plans to expand to 20% by year-end.

Delta maintains it is not using the technology to target customers with individualized offers based on personal information, stating all customers see identical fares across retail channels. US Senators Ruben Gallego, Richard Blumenthal, and Mark Warner have questioned Delta's AI pricing plans, citing data privacy concerns and potential fare increases. Southwest Airlines CEO Bob Jordan said his carrier also has no plans to use AI in revenue management or pricing decisions.

A 21-year-old student who designed and distributed online kits linked to $175 million worth of fraud has been jailed for seven years. From a report: Ollie Holman created phishing kits that mimicked government, bank and charity websites so that criminals could harvest victims' personal information to defraud them. In one case a kit was used to mimic a charity's donation webpage so when someone tried to give money, their card details were taken and used by criminals.

Holman, of Eastcote in north-west London, created and supplied 1,052 phishing kits that targeted 69 organisations across 24 countries. He also offered tutorials in how to use the kits and built up a network of almost 700 connections. The fake websites supplied in the kits had features that allowed information such as login and bank details to be stored. It is estimated Holman received $405,000 from selling the kits between 2021 and 2023. The kits were distributed through the encrypted messaging service Telegram.

Longtime Slashdot reader gbkersey shares a report from The Mirror: Elon Musk's satellite internet Starlink has been hit with a global outage preventing thousands of users from accessing the internet. According to DownDetector, reports of issues began to surge around 8pm GMT, with nearly 60,000 global users affected at the peak of the outage. "Starlink is currently in a network outage and we are actively implementing a solution," the company said in a post on X. "We appreciate your patience, we'll share an update once this issue is resolved."

Outages are being reported across the U.S., as well as along the Ukrainian frontline. Meanwhile, more than 10,000 people in the UK have logged issues with Starlink since 8pm this evening. "The majority of the reports (64%) are concerning a total blackout, while the rest point to internet problems," the report says.

UPDATE: Michael Nicolls, VP of Starlink Engineering, wrote in a post: "Starlink has now mostly recovered from the network outage, which lasted approximately 2.5 hours. The outage was due to failure of key internal software services that operate the core network. We apologize for the temporary disruption in our service; we are deeply committed to providing a highly reliable network, and will fully root cause this issue and ensure it does not occur again."

UPDATE #2: Starlink said in an update at 5:18 PM PT: "The network issue has been resolved, and Starlink service has been restored. We understand how important connectivity is and apologize for the disruption."

Massive mobile device tracking data has exposed the interconnected network of Myanmar's expanding scam centers, revealing how trafficked workers circulate between compounds despite February crackdowns. Analysis of 4.9 million location records from 11,930 mobile devices between January 2024 and May 2025 showed five devices visited all three major compounds -- Yatai New City, Apolo Park, and Yulong Bay Park -- plus the raided KK Park and Huanya Park facilities.

Workers are forced into romance scams, deceiving victims into believing they're in romantic relationships before extracting money. A South Asian man held six months at KK Park worked 16 hours daily conducting these online deceptions while enduring beatings and electric shocks for poor performance. Nikkei's investigation combined satellite imagery analysis, social media posts from Chinese platform Douyin, and open-source intelligence techniques to document continued construction at eight of 16 suspected sites. Myanmar authorities deported over 66,000 foreign nationals involved in these online fraud operations between October 2023 and June 2025.

An anonymous reader quotes a report from Ars Technica: Hacking is hard. Well, sometimes. Other times, you just call up a company's IT service desk and pretend to be an employee who needs a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset... and it's done. Without even verifying your identity. So you use that information to log in to the target network and discover a more trusted user who works in IT security. You call the IT service desk back, acting like you are now this second person, and you request the same thing: a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset. Again, the desk provides it, no identity verification needed. So you log in to the network with these new credentials and set about planting ransomware or exfiltrating data in the target network, eventually doing an estimated $380 million in damage. Easy, right?

According to The Clorox Company, which makes everything from lip balm to cat litter to charcoal to bleach, this is exactly what happened to it in 2023. But Clorox says that the "debilitating" breach was not its fault. It had outsourced the "service desk" part of its IT security operations to the massive services company Cognizant -- and Clorox says that Cognizant failed to follow even the most basic agreed-upon procedures for running the service desk. In the words of a new Clorox lawsuit, Cognizant's behavior was "all a devastating lie," it "failed to show even scant care," and it was "aware that its employees were not adequately trained."

"Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques," says the lawsuit, using italics to indicate outrage emphasis. "The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox's network, and Cognizant handed the credentials right over. Cognizant is on tape handing over the keys to Clorox's corporate network to the cybercriminal -- no authentication questions asked." [...] The new lawsuit, filed in California state courts, wants Cognizant to cough up millions of dollars to cover the damage Clorox says it suffered after weeks of disruption to its factories and ordering systems. (You can read a brief timeline of the disruption here.)

Government funding for a program that hunts for threats on America's critical infrastructure networks expired on Sunday, preventing Lawrence Livermore National Laboratory from analyzing activity that could indicate a cyberattack, the program director told Congress on Tuesday. From a report: Nate Gleason leads a team at Lawrence Livermore National Laboratory (LLNL) focused on nation-state threats against critical infrastructure, and this includes the CyberSentry Program.

It's a public-private partnership, managed by CISA, that looks for malicious activity on IT and operational technology (OT) networks in America's energy, water, healthcare, and other critical facilities. This includes threats along the lines of China's Volt Typhoon and Salt Typhoon intrusions -- network activity that may look like, or even start as, espionage, but ultimately enables the digital invaders to backdoor critical orgs and deploy cyber weapons to aid in a kinetic war.

Researchers from La Sapienza University in Rome have developed "WhoFi," a system that uses the way a person's body distorts Wi-Fi signals to re-identify them across different locations -- even if they're not carrying a phone. By training a deep neural network on these subtle signal distortions, the researchers claim WhoFi is able to achieve up to 95.5% accuracy. The Register reports: "The core insight is that as a Wi-Fi signal propagates through an environment, its waveform is altered by the presence and physical characteristics of objects and people along its path," the authors state in their paper. "These alterations, captured in the form of Channel State Information (CSI), contain rich biometric information." CSI in the context of Wi-Fi devices refers to information about the amplitude and phase of electromagnetic transmissions. These measurements, the researchers say, interact with the human body in a way that results in person-specific distortions. When processed by a deep neural network, the result is a unique data signature.

Researchers proposed a similar technique, dubbed EyeFi, in 2020, and asserted it was accurate about 75 percent of the time. The Rome-based researchers who proposed WhoFi claim their technique makes accurate matches on the public NTU-Fi dataset up to 95.5 percent of the time when the deep neural network uses the transformer encoding architecture. "The encouraging results achieved confirm the viability of Wi-Fi signals as a robust and privacy-preserving biometric modality, and position this study as a meaningful step forward in the development of signal-based Re-ID systems," the authors say.

An anonymous reader shares a report: In 2023 and 2024, the hottest years on record, more than 78 million acres of forests burned around the globe. The fires sent veils of smoke and several billion tons of carbon dioxide into the atmosphere, subjecting millions of people to poor air quality. Extreme forest-fire years are becoming more common because of climate change, new research suggests.

"Climate change is loading the dice for extreme fire seasons like we've seen," said John Abatzoglou, a climate scientist at the University of California Merced. "There are going to be more fires like this." The area of forest canopy lost to fire during 2023 and 2024 was at least two times greater than the annual average of the previous nearly two decades, according to a new study published Monday in the journal Proceedings of the National Academy of Sciences.

The researchers used imagery from the LANDSAT satellite network to determine how tree cover had changed from 2002 to 2024, and compared that with satellite detections of fire activity to see how much canopy loss was because of fire. Globally, the area of land burned by wildfires has decreased in recent decades, mostly because humans are transforming savannas and grasslands into less flammable landscapes. But the area of forests burned has gone up.

At least 759 US hospitals experienced network disruptions during the CrowdStrike outage on July 19, 2024, with more than 200 suffering outages that directly affected patient care services, according to a study published in JAMA Network Open by UC San Diego researchers. The researchers detected disruptions across 34% of the 2,232 hospital networks they scanned, finding outages in health records systems, fetal monitoring equipment, medical imaging storage, and patient transfer platforms.

Most services recovered within six hours, though some remained offline for more than 48 hours. CrowdStrike dismissed the study as "junk science," arguing the researchers failed to verify whether affected networks actually ran CrowdStrike software. The researchers defended their methodology, noting they could scan only about one-third of America's hospitals, suggesting the actual impact may have been significantly larger.

Hackers are hiding malware inside DNS records, allowing malicious code to bypass security defenses that typically monitor web and email traffic. DomainTools researchers discovered the technique being used to host Joke Screenmate malware, with binary files converted to hexadecimal format and broken into chunks stored in TXT records across subdomains of whitetreecollective[.]com.

Attackers retrieve the chunks through DNS requests and reassemble them into executable malware. The method exploits a blind spot in security monitoring, as DNS traffic often goes unscrutinized compared to other network activity.