NBC News investigates North Korea's "wide-ranging effort to place remote workers at U.S. companies in order to funnel money back to its coffers and, in some cases, steal sensitive information."

And working with the FBI, one corporate security/investigations company decided to knowingly hire one of North Korea's remote workers — then "ship him a laptop and gain as much information as possible" about this "sprawling international employment scheme that is estimated to include hundreds of American companies, thousands of people and hundreds of millions of dollars per year." It worked.... Over a roughly three-month investigation, Nisos uncovered an apparent network of at least 20 North Korean operatives including "Jo" who had collectively applied to at least 160,000 roles. During that time, workers in the network — which some evidence showed were based in China — were employed by five U.S.-based companies and allegedly helped by an American citizen operating out of two nondescript suburban homes in Florida...

Nisos estimated that in about a year, "Jo", who was likely a newer member of the team, applied to about 5,000 jobs... "They attended interviews all day every day, and then once they secured a job, they would collect paychecks until they were terminated," [according to Jared Hudson, Nisos' chief technology officer]... With the ability to see which other U.S. companies Jo and his team were working for — all remote technology roles — Nisos' CEO, Ryan LaSalle, began making calls to their security teams to alert them of the fraud. "Most of the companies weren't aware of it, even if they had pretty robust security teams," LaSalle said. "It wasn't really high on the radar."
NBC News describes North Korea's 10-year effort — and its educational pipeline that steers promising students into "computer science and hacking training before being placed into cyberunits under military and state agencies, according to a recent report by DTEX, a risk-adaptive security and behavioral intelligence firm that tracks North Korea's cybercrime." In one case, a North Korean worker stole sensitive information related to U.S. military technology, according to the Justice Department. In another, an American accomplice obtained an ID that enabled access to government facilities, networks and systems. At least three organizations have been extorted and suffered hundreds of thousands of dollars in damages after proprietary information was posted online by IT workers... Analysts warn that North Korean IT workers are targeting larger organizations, increasing extortion attempts and seeking out employers that pay salaries in cryptocurrency. More recently, security researchers have uncovered fake job application platforms impersonating major U.S. cryptocurrency and AI firms, including Anthropic, designed to infect legitimate applicants' networks with malware to be utilized once hired. The global cybersecurity company CrowdStrike identified a 220% rise in 2025 in instances of North Koreans gaining fraudulent employment at Western companies to work remotely as developers...

The payoff flowing back to Pyongyang from these schemes is enormous. Some North Korean IT workers earn more than $300,000 per year, far more than they'd be able to earn domestically, with as much as 90% of their wages directed back to the regime, according to congressional testimony from Bruce Klinger, a former CIA deputy division chief for Korea. The United Nations estimates the schemes, which proliferated after the pandemic when more companies' workforces went remote, generate as much as $600 million annually, while a U.S. State Department-led sanctions monitoring assessment placed earnings for 2024 as high as $800 million... So far, at least 10 alleged U.S.-based facilitators have been federally charged, including one active-duty member of the U.S. Army, for their alleged roles in hosting laptop farms, laundering payments and moving proceeds through shell companies. At least six other alleged U.S. facilitators have been identified in court documents but not named...

"We believe there are many more hundreds of people out there who are participating in these schemes," said Rozhavsky, the FBI assistant director. "They could never pull this off if they didn't have willing facilitators in the U.S. helping them...." The scheme itself is also becoming more complex. North Korean IT teams are now subcontracting work to developers in Pakistan, Nigeria and India, expanding into fields like customer service, financial processing, insurance and translation services — roles far less scrutinized than software development.

An anonymous reader quotes a report from KrebsOnSecurity: AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.

The new hotness in AI-based assistants -- OpenClaw (formerly known as ClawdBot and Moltbot) -- has seen rapid adoption since its release in November 2025. OpenClaw is an open-source autonomous AI agent designed to run locally on your computer and proactively take actions on your behalf without needing to be prompted. If that sounds like a risky proposition or a dare, consider that OpenClaw is most useful when it has complete access to your entire digital life, where it can then manage your inbox and calendar, execute programs and tools, browse the Internet for information, and integrate with chat apps like Discord, Signal, Teams or WhatsApp.

Other more established AI assistants like Anthropic's Claude and Microsoft's Copilot also can do these things, but OpenClaw isn't just a passive digital butler waiting for commands. Rather, it's designed to take the initiative on your behalf based on what it knows about your life and its understanding of what you want done. "The testimonials are remarkable," the AI security firm Snyk observed. "Developers building websites from their phones while putting babies to sleep; users running entire companies through a lobster-themed AI; engineers who've set up autonomous code loops that fix tests, capture errors through webhooks, and open pull requests, all while they're away from their desks." You can probably already see how this experimental technology could go sideways in a hurry. [...] Last month, Meta AI safety director Summer Yue said OpenClaw unexpectedly started mass-deleting messages in her email inbox, despite instructions to confirm those actions first. She wrote: "Nothing humbles you like telling your OpenClaw 'confirm before acting' and watching it speedrun deleting your inbox. I couldn't stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb."

Krebs also noted the many misconfigured OpenClaw installations users had set up, leaving their administrative dashboards publicly accessible online. According to pentester Jamieson O'Reilly, "a cursory search revealed hundreds of such servers exposed online." When those exposed interfaces are accessed, attackers can retrieve the agent's configuration and sensitive credentials. O'Reilly warned attackers could access "every credential the agent uses -- from API keys and bot tokens to OAuth secrets and signing keys."

"You can pull the full conversation history across every integrated platform, meaning months of private messages and file attachments, everything the agent has seen," O'Reilly added. And because you control the agent's perception layer, you can manipulate what the human sees. Filter out certain messages. Modify responses before they're displayed."

How many Node.js users are running unsupported or outdated versions. Roughly two thirds, according to data from Node's nonprofit steward, OpenJS.

So they've announced "the Node.js LTS Upgrade and Modernization program" to help enterprises move safely off legacy/end-of-life Node.js. "This program gives enterprises a clear, trusted path to modernize," said the executive director of the OpenJS Foundation, "while staying aligned with the Node.js project and community." The Node.js LTS Upgrade and Modernization program connects organizations with experienced Node.js service providers who handle the work of upgrading safely.

Approved partners assess current versions and dependencies, manage phased upgrades to supported LTS releases, and offer temporary security support when immediate upgrades are not possible... Partners are surfaced exactly where users go when upgrades become unavoidable, including the Node.js website, documentation, and end of life guidance.

The program follows the existing OpenJS Ecosystem Sustainability Program revenue model, with partners retaining 85% of revenue and 15% supporting OpenJS and Node.js through Open Collective and foundation operations. OpenJS provides the guardrails, alignment, and oversight to keep the program credible and connected to the project. We're pleased to welcome NodeSource as the inaugural partner in the Node.js LTS Upgrade and Modernization program.
"The goal is simple: reduce risk without breaking production or trust with the upstream project."

joshuark writes: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. VMware Aria Operations is an enterprise monitoring platform that helps organizations track the performance and health of servers, networks, and cloud infrastructure. The flaw has now been added to the CISA's Known Exploited Vulnerabilities (KEV) catalog, with the U.S. cyber agency requiring federal civilian agencies to address the issue by March 24, 2026. Broadcom said it is aware of reports indicating the vulnerability is exploited in attacks but cannot confirm the claims.

"A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress," the advisory explains. Broadcom released security patches on February 24 and also provided a temporary workaround for organizations unable to apply the patches immediately. The mitigation is a shell script named "aria-ops-rce-workaround.sh," which must be executed as root on each Aria Operations appliance node. There are currently no details on how the vulnerability is being exploited in the wild, who is behind it, and the scale of such efforts.

Accenture is acquiring Downdetector parent company Ookla from Ziff Davis in a $1.2 billion deal to bolster its network analytics and visibility tools for telecoms, hyperscalers, and enterprises. "The deal, which will transfer all of Ziff Davis's Connectivity division to Accenture, includes Ookla's Speedtest, Ekahau, and RootMetrics," notes The Register reports: "Modern networks have evolved from simple infrastructure into business-critical platforms," said Accenture CEO Julie Sweet in a canned statement. "Without the ability to measure performance, organizations cannot optimize experience, revenue, or security." Ookla is meant to let them do just that.

Data captured at the network and device layer are used to enhance fraud prevention in banking, smart homes monitoring, and traffic optimization in retail, Accenture said. Ookla's platform, which lets user's test their own connectivity speed, captures more than 1,000 attributes per test, and provides the foundation for those analytics, Accenture said.

An anonymous reader quotes a report from the Associated Press: The U.S. military used a laser Thursday to shoot down a "seemingly threatening" drone flying near the U.S.-Mexico border. It turned out the drone belonged to Customs and Border Protection, lawmakers said. The case of mistaken identity prompted the Federal Aviation Administration to close additional airspace around Fort Hancock, about 50 miles (80 kilometers) southeast of El Paso. The military is required to formally notify the FAA when it takes any counter-drone action inside U.S. airspace.

It was the second time in two weeks that a laser was fired in the area. The last time it was CBP that used the weapon and nothing was hit. That incident occurred near Fort Bliss and prompted the FAA to shut down air traffic at El Paso airport and the surrounding area. This time, the closure was smaller and commercial flights were not affected. The FAA, CBP and the Pentagon confirmed the incident in a joint statement, saying the military "employed counter-unmanned aircraft system authorities to mitigate a seemingly threatening unmanned aerial system operating within military airspace."

"At President Trump's direction, the Department of War, FAA, and Customs and Border Patrol are working together in an unprecedented fashion to mitigate drone threats by Mexican cartels and foreign terrorist organizations at the U.S.-Mexico Border," the statement said. The report notes that 27,000 drones were detected within 1,600 feet of the southern border in the last six months of 2024.

Illinois Democratic U.S. Sen. Tammy Duckworth, the ranking member on the Senate's Aviation Subcommittee, is calling for an independent investigation to look into the matter. "The Trump administration's incompetence continues to cause chaos in our skies," Duckworth said.

An anonymous reader shares a report: Microsoft Azure CTO Mark Russinovich and VP of Developer Community Scott Hanselman have written a paper arguing that senior software engineers must mentor junior developers to prevent AI coding agents from hollowing out the profession's future skills base.

The paper, Redefining the Engineering Profession for AI, is based on several assumptions, the first of which is that agentic coding assistants "give senior engineers an AI boost... while imposing an AI drag on early-in-career (EiC) developers to steer, verify and integrate AI output."

In an earlier podcast on the subject, Russinovich said this basic premise -- that AI is increasing productivity only for senior developers while reducing it for juniors -- is a "hot topic in all our customer engagements... they all say they see it at their companies." [...] The logical outcome is that "if organizations focus only on short-term efficiency -- hiring those who can already direct AI -- they risk hollowing out the next generation of technical leaders," Russinovich and Hanselman state in the paper.

Long-time Slashdot reader theodp writes: Last July, as Microsoft pledged $4 billion to advance AI education in K-12 schools, Microsoft President Brad Smith told nonprofit Code.org CEO/Founder Hadi Partovi it was time to "switch hats" from coding to AI. He added that "the last 12 years have been about the Hour of Code, but the future involves the Hour of AI." On Friday, Code.org announced leadership changes to make it so.

"I am thrilled to announce that Karim Meghji will be stepping into the role of President & CEO," Partovi wrote on LinkedIn. "Having worked closely with Karim over the last 3.5 years as our CPO, I have complete confidence that he possesses the perfect balance of historical context and 'founder-level' energy to lead us into an AI-centric future."

In a separate LinkedIn post, Code.org co-founder Cameron Wilson explained why he was transitioning to an executive advisor role. "Our community is entering a new chapter as AI changes and upends computer science as a discipline and society at large. Code.org's mission is still the same, however, we are starting a new chapter focused on ensuring students can thrive in the Age of AI. This new chapter will bring new opportunities, new problems to solve, and new communities to engage."

The Code.org leadership changes come just weeks after Code.org confirmed laid off about 14% of its staff, explaining it had "made the difficult decision to part ways with 18 colleagues as part of efforts to ensure our long-term sustainability." January also saw Code.org Chief Academic Officer Pat Yongpradit jump to Microsoft where he now helps "lead Microsoft's global strategy to put people first in an age of AI by shaping education and workforce policy" as a member of Microsoft's Global Education and Workforce Policy team.

An anonymous reader quotes a report from Bloomberg: In early 2024, the agency that oversees cybersecurity for much of the US government issued a rare emergency order -- disconnect your Connect Secure virtual private network software immediately. Chinese spies had hacked the code and infiltrated nearly two dozen organizations. The directive applied to all civilian federal agencies, but given the product's customer base, its impact was more widely felt. The software, which is made by Ivanti Inc., was something of an industry standard across government and much of the corporate world. Clients included the US Air Force, Army, Navy and other parts of the Defense Department, the Department of State, the Federal Aviation Administration, the Federal Reserve, the National Aeronautics and Space Administration, thousands of companies and more than 2,000 banks including Wells Fargo & Co. and Deutsche Bank AG, according to federal procurement records, internal documents, interviews and the accounts of former Ivanti employees who requested anonymity because they were not authorized to disclose customer information.

Soon after sending out their order, which instructed agencies to install an Ivanti-issued fix, staffers at the Cybersecurity and Infrastructure Security Agency discovered that the threat was also inside their own house. Two sensitive CISA databases -- one containing information about personnel at chemical facilities, another assessing the vulnerabilities of critical infrastructure operators -- had been compromised via the agency's own Connect Secure software. CISA had followed all its own guidance. Ivanti's fix had failed. This was a breaking point for some American national security officials, who had long expressed concerns about Connect Secure VPNs. CISA subsequently published a letter with the Federal Bureau of Investigation and the national cybersecurity agencies of the UK, Canada, Australia and New Zealand warning customers of the "significant risk" associated with continuing to use the software. According to Laura Galante, then the top cyber official in the Office of the Director of National Intelligence, the government came to a simple conclusion about the technology. "You should not be using it," she said. "There really is no other way to put it."

That attack, along with several others that successfully targeted the Ivanti software, illustrate how private equity's push into the cybersecurity market ended up compromising the quality and safety of some critical VPN products, Bloomberg has found. Last year, Bloomberg reported that Citrix Systems Inc., another top VPN maker, experienced several major hacks after its private equity owners, Elliott Investment Management and Vista Equity Partners, cut most of the company's 70-member product security team following their acquisition of the company in 2022. Some government officials and private-sector executives are now reconsidering their approach to evaluating cybersecurity software. In addition to excising private equity-owned VPNs from their networks, some factor private equity ownership into their risk assessments of key technologies.

An anonymous reader quotes a report from Wired: Last month, Jason Grad issued a late-night warning to the 20 employees at his tech startup. "You've likely seen Clawdbot trending on X/LinkedIn. While cool, it is currently unvetted and high-risk for our environment," he wrote in a Slack message with a red siren emoji. "Please keep Clawdbot off all company hardware and away from work-linked accounts." Grad isn't the only tech executive who has raised concerns to staff about the experimental agentic AI tool, which was briefly known as MoltBot and is now named OpenClaw. A Meta executive says he recently told his team to keep OpenClaw off their regular work laptops or risk losing their jobs. The executive told reporters he believes the software is unpredictable and could lead to a privacy breach if used in otherwise secure environments. He spoke on the condition of anonymity to speak frankly.

[...] Some cybersecurity professionals have publicly urged companies to take measures to strictly control how their workforces use OpenClaw. And the recent bans show how companies are moving quickly to ensure security is prioritized ahead of their desire to experiment with emerging AI technologies. "Our policy is, 'mitigate first, investigate second' when we come across anything that could be harmful to our company, users, or clients," says Grad, who is cofounder and CEO of Massive, which provides Internet proxy tools to millions of users and businesses. His warning to staff went out on January 26, before any of his employees had installed OpenClaw, he says. At another tech company, Valere, which works on software for organizations including Johns Hopkins University, an employee posted about OpenClaw on January 29 on an internal Slack channel for sharing new tech to potentially try out. The company's president quickly responded that use of OpenClaw was strictly banned, Valere CEO Guy Pistone tells WIRED. "If it got access to one of our developer's machines, it could get access to our cloud services and our clients' sensitive information, including credit card information and GitHub codebases," Pistone says. "It's pretty good at cleaning up some of its actions, which also scares me."

A week later, Pistone did allow Valere's research team to run OpenClaw on an employee's old computer. The goal was to identify flaws in the software and potential fixes to make it more secure. The research team later advised limiting who can give orders to OpenClaw and exposing it to the Internet only with a password in place for its control panel to prevent unwanted access. In a report shared with WIRED, the Valere researchers added that users have to "accept that the bot can be tricked." For instance, if OpenClaw is set up to summarize a user's email, a hacker could send a malicious email to the person instructing the AI to share copies of files on the person's computer. But Pistone is confident that safeguards can be put in place to make OpenClaw more secure. He has given a team at Valere 60 days to investigate. "If we don't think we can do it in a reasonable time, we'll forgo it," he says. "Whoever figures out how to make it secure for businesses is definitely going to have a winner."

Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information. From a report: According to a service alert seen by BleepingComputer, this bug (tracked under CW1226324 and first detected on January 21) affects the Copilot "work tab" chat feature, which incorrectly reads and summarizes emails stored in users' Sent Items and Drafts folders, including messages that carry confidentiality labels explicitly designed to restrict access by automated tools.

Copilot Chat (short for Microsoft 365 Copilot Chat) is the company's AI-powered, content-aware chat that lets users interact with AI agents. Microsoft began rolling out Copilot Chat to Word, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 business customers in September 2025.

Meta, TikTok, Snap and other social neteworks agreed this week to be rated on their teen safety efforts, reports the Los Angeles Times, "amid rising concern about whether the world's largest social media platforms are doing enough to protect the mental health of young people." The Mental Health Coalition, a collective of organizations focused on destigmatizing mental health issues, said Tuesday that it is launching standards and a new rating system for online platforms. For the Safe Online Standards (S.O.S.) program, an independent panel of global experts will evaluate companies on parameters including safety rules, design, moderation and mental health resources. TikTok, Snap and Meta — the parent company of Facebook and Instagram — will be the first companies to be graded. Discord, YouTube, Pinterest, Roblox and Twitch have also agreed to participate, the coalition said in a news release.

"These standards provide the public with a meaningful way to evaluate platform protections and hold companies accountable — and we look forward to more tech companies signing up for the assessments," Antigone Davis, vice president and global head of safety at Meta, said in a statement... The ratings will be color-coded, and companies that perform well on the tests will get a blue shield badge that signals they help reduce harmful content on the platform and their rules are clear. Those that fall short will receive a red rating, indicating they're not reliably blocking harmful content or lack proper rules. Ratings in other colors indicate whether the platforms have partial protection or whether their evaluations haven't been completed yet.

theodp writes: West Virginia lawmakers on Tuesday introduced House Bill 5387 (PDF), which would repeal the state's recently enacted mandatory stand-alone computer science graduation requirement and replace it with a new computer literacy proficiency requirement. Not too surprisingly, the Bill is being opposed by tech-backed nonprofit Code.org, which lobbied for the WV CS graduation requirement (PDF) just last year. Code.org recently pivoted its mission to emphasize the importance of teaching AI education alongside traditional CS, teaming up with tech CEOs and leaders last year to launch a national campaign to mandate CS and AI courses as graduation requirements.

"It would basically turn the standalone computer science course requirement into a computer literacy proficiency requirement that's more focused on digital literacy," lamented Code.org as it discussed the Bill in a Wednesday conference call with members of the Code.org Advocacy Coalition, including reps from Microsoft's Education and Workforce Policy team. "It's mostly motivated by a variety of different issues coming from local superintendents concerned about, you know, teachers thinking that students don't need to learn how to code and other things. So, we are addressing all of those. We are talking with the chair and vice chair of the committee a week from today to try to see if we can nip this in the bud." Concerns were also raised on the call about how widespread the desire for more computing literacy proficiency (over CS) might be, as well as about legislators who are associating AI literacy more with digital literacy than CS.

The proposed move from a narrower CS focus to a broader goal of computer literacy proficiency in WV schools comes just months after the UK's Department for Education announced a similar curriculum pivot to broader digital literacy, abandoning the narrower 'rigorous CS' focus that was adopted more than a decade ago in response to a push by a 'grassroots' coalition that included Google, Microsoft, UK charities, and other organizations.

The UK's Ministry of Justice has ordered the deletion of the country's largest court reporting archive [non-paywalled source], a database built by data analysis company Courtsdesk that more than 1,500 journalists across 39 media organizations have used since the lord chancellor approved the project in 2021.

Courtsdesk's research found that journalists received no advance notice of 1.6 million criminal hearings, that court case listings were accurate on just 4.2% of sitting days, and that half a million weekend cases were heard without any press notification. In November, HM Courts and Tribunal Service issued a cessation notice citing "unauthorized sharing" of court data based on a test feature.

Courtsdesk says it wrote 16 times asking for dialogue and requested a referral to the Information Commissioner's Office; no referral was made. The government issued a final refusal last week, and the archive must now be deleted within days. Chris Philp, the former justice minister who approved the pilot and now shadow home secretary, has written to courts minister Sarah Sackman demanding the decision be reversed.

An anonymous reader shared this report from Bloomberg: An Asian cyber-espionage group has spent the past year breaking into computer systems belonging to governments and critical infrastructure organizations in more than 37 countries, according to the cybersecurity firm Palo Alto Networks, Inc. The state-aligned attackers have infiltrated networks of 70 organizations, including five national law enforcement and border control agencies, according to a new research report from the company. They have also breached three ministries of finance, one country's parliament and a senior elected official in another, the report states. The Santa Clara, California-based firm declined to identify the hackers' country of origin.

The spying operation was unusually vast and allowed the hackers to hoover up sensitive information in apparent coordination with geopolitical events, such as diplomatic missions, trade negotiations, political unrest and military actions, according to the report. They used that access to spy on emails, financial dealings and communications about military and police operations, the report states. The hackers also stole information about diplomatic issues, lurking undetected in some systems for months. "They use highly-targeted and tailored fake emails and known, unpatched security flaws to gain access to these networks," said Pete Renals, director of national security programs with Unit 42, the threat intelligence division of Palo Alto Networks....

Palo Alto Networks researchers confirmed that the group successfully accessed and exfiltrated sensitive data from some victims' email servers.
Bloomberg writes that according to the cybersecurity firm, this campaign targeted government entities in the Czech Republic and the Ministry of Mines and Energy of Brazil, and also "likely compromised" a device associated with a facility operated by a joint venture between Venezuela's government and an Asian tech firm.

The cyberattackers are "also suspected of being active in Germany, Poland, Greece, Italy, Cyprus, Indonesia, Malaysia, Mongolia, Panama, Greece and other countries, according to the report."

An anonymous reader shares a report: A new bill in the New York state legislature would require news organizations to label AI-generated material and mandate that humans review any such content before publication. On Monday, Senator Patricia Fahy (D-Albany) and Assemblymember Nily Rozic (D-NYC) introduced the bill, called The New York Fundamental Artificial Intelligence Requirements in News Act -- The NY FAIR News Act for short.

"At the center of the news industry, New York has a strong interest in preserving journalism and protecting the workers who produce it," said Rozic in a statement announcing the bill. A closer look at the bill shows a few regulations, mostly centered around AI transparency, both for the public and in the newsroom. For one, the law would demand that news organizations put disclaimers on any published content that is "substantially composed, authored, or created through the use of generative artificial intelligence."

The CIA has shut down The World Factbook, one of its oldest and most recognizable public-facing intelligence publications, ending a run that began as a classified reference document in 1962 and evolved into a freely accessible digital resource that drew millions of views each year.

The agency offered no explanation for the decision. Originally titled The National Basic Intelligence Factbook, the publication first went unclassified in 1971, was renamed a decade later, and moved online at CIA.gov in 1997. It served researchers, news organizations, teachers, students and international travelers. The site hosted more than 5,000 copyright-free photographs, some donated by CIA officers from their personal travel. Every page now redirects to a farewell announcement.

An anonymous reader quotes a report from TorrentFreak: The High Court in New Delhi, India, has granted another pirate site blocking order in favor of American movie industry giants, including Apple, Warner., Netflix, Disney and Crunchyroll. The injunction targets notorious pirate sites, requesting blockades at Indian ISPs. More crucially, however, globally operating domain registrars, including U.S. companies, are also compelled to take action. However, despite earlier cooperation, most don't seem eager to comply. [...] As reported by Verdictum a few days ago, the High Court in New Delhi issued a new blocking injunction on December 18, targeting more than 150 pirate site domains, including yflix.to, animesuge.bz, bs.to, and many others.

The complaint (PDF) is filed by Warner Bros., Apple, Crunchyroll, Disney, and Netflix, which are all connected to the MPA's anti-piracy arm, ACE. The referenced works include some of the most pirated titles, such as Stranger Things, Squid Game, and Silo. In addition to targeting Indian ISPs, the order also lists various domain name registries and related organizations as defendants. This includes American registrars such as Namecheap and GoDaddy, but also the government of the Kingdom of Tonga, which is linked to .to domains. By requiring domain name registrars to take action, the Indian court orders have a global impact.

In addition to suspending the domain names within three days days, the domain name registrars are given four weeks to disclose the relevant subscriber information connected to these domains. "[The registrars] shall lock and suspend Defendant Nos. 1 to 47 websites within 72 hours of being communicated with a copy of this Order and shall file all the Basic Subscriber Information, including the name, address, contact information, email addresses, bank details, IP logs, and any other relevant information [...] within four weeks of being communicated with a copy of this Order," the High Court wrote. While the "Dynamic+" injunction is designed to be a global kill switch, its effectiveness depends entirely on the cooperation of the domain name registrars. Since most of these are based outside of India, their compliance is not guaranteed.

An anonymous reader quotes a report from 404 Media: The Belarusian government is threatening three HAM radio operators with the death penalty, detained at least seven people, and has accused them of "intercepting state secrets," according to Belarusian state media, independent media outside of Belarus, and the Belarusian human rights organization Viasna. The arrests are an extreme attack on what is most often a wholesome hobby that has a history of being vilified by authoritarian governments in part because the technology is quite censorship resistant.

The detentions were announced last week on Belarusian state TV, which claimed the men were part of a network of more than 50 people participating in the amateur radio hobby and have been accused of both "espionage" and "treason." Authorities there said they seized more than 500 pieces of radio equipment. The men were accused on state TV of using radio to spy on the movement of government planes, though no actual evidence of this has been produced. State TV claimed they were associated with the Belarusian Federation of Radioamateurs and Radiosportsmen (BFRR), a long-running amateur radio club and nonprofit that holds amateur radio competitions, meetups, trainings, and forums. Siarhei Besarab, a Belarusian HAM radio operator, posted a plea for support from others in the r/amateurradio subreddit. "I am writing this because my local community is being systematically liquidated in what I can only describe as a targeted intellectual genocide," Besarab wrote. "I beg you to amplify this signal and help us spread this information. Please show this to any journalist you know, send it to human rights organizations, and share it with your local radio associations."

A new study from Scripps Institution of Oceanography finds that factoring ocean damage into climate economics nearly doubles the estimated global cost of climate change, adding close to $2 trillion per year from losses to fisheries, coral reefs, and coastal infrastructure. "It is the first time a social cost of carbon (SCC) assessment -- a key measure of economic harm caused by climate change -- has included damages to the ocean," reports Inside Climate News. From the report: "For decades, we've been estimating the economic cost of climate change while effectively assigning a value of zero to the ocean," said Bernardo Bastien-Olvera, who led the study during his postdoctoral fellowship at Scripps. "Ocean loss is not just an environmental issue, but a central part of the economic story of climate change."

The social cost of carbon is an accounting method for working out the monetary cost of each ton of carbon dioxide released into the atmosphere. "[It] is one of the most efficient tools we have for internalizing climate damages into economic decision-making," said Amy Campbell, a United Nations climate advisor and former British government COP negotiator. Calculations have historically been used by international organizations and state departments like the U.S. Environmental Protection Agency to assess policy proposals -- though a 2025 White House memo from the Trump administration instructed federal agencies to ignore the data during cost-benefit analyses unless required by law. "It becomes politically contentious when deciding whose damages are counted, which sectors are included and most importantly how future and retrospective harms are valued," Campbell said.

Excluding ocean harm, the social cost of carbon is $51 per ton of carbon dioxide emitted. This increases to $97.20 per ton when the ocean, which covers 70 percent of the planet, is included. In 2024, global CO2 emissions were estimated to be 41.6 billion tons, making the 91 percent cost increase significant. Using greenhouse gas emission predictions, the report estimates the annual damages to traditional markets alone will be $1.66 trillion by 2100.