Seven out of ten C-suite executives believe traditional enterprise resource planning software has seen its best days, though the category remains firmly entrenched in corporate IT and opinion is sharply divided on what comes next. A survey of 4,295 CFOs, CISOs, CIOs and CEOs worldwide found 36% expect ERP to give way to composable, API-driven best-of-breed systems, while 33% see the future in "agentic ERP" featuring autonomous AI-driven decision-making.

The research was commissioned by Rimini Street, a third-party support provider for Oracle and SAP. Despite the pessimism, 97% said their current systems met business requirements. Vendor lock-in remains a sore point: 35% cited limited flexibility and forced upgrades as frustrations. Kingfisher, operator of 2,000 European retail stores including Screwfix and B&Q, recently eschewed an SAP upgrade in favor of using third-party support to shift its existing application to the cloud. Gartner analyst Dixie John cautioned that while third-party support may work in the short or medium term, organizations will eventually need to upgrade.

Ars Technica reports: Security firm Mandiant [part of Google Cloud] has released a database that allows any administrative password protected by Microsoft's NTLM.v1 hash algorithm to be hacked in an attempt to nudge users who continue using the deprecated function despite known weaknesses.... a precomputed table of hash values linked to their corresponding plaintext. These generic tables, which work against multiple hashing schemes, allow hackers to take over accounts by quickly mapping a stolen hash to its password counterpart... Mandiant said it had released an NTLMv1 rainbow table that will allow defenders and researchers (and, of course, malicious hackers, too) to recover passwords in under 12 hours using consumer hardware costing less than $600 USD. The table is hosted in Google Cloud. The database works against Net-NTLMv1 passwords, which are used in network authentication for accessing resources such as SMB network sharing.

Despite its long- and well-known susceptibility to easy cracking, NTLMv1 remains in use in some of the world's more sensitive networks. One reason for the lack of action is that utilities and organizations in industries, including health care and industrial control, often rely on legacy apps that are incompatible with more recently released hashing algorithms. Another reason is that organizations relying on mission-critical systems can't afford the downtime required to migrate. Of course, inertia and penny-pinching are also causes.

"By releasing these tables, Mandiant aims to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1," Mandiant said. "While tools to exploit this protocol have existed for years, they often required uploading sensitive data to third-party services or expensive hardware to brute-force keys."
"Organizations that rely on Windows networking aren't the only laggards," the article points out. "Microsoft only announced plans to deprecate NTLMv1 last August."

Thanks to Slashdot reader joshuark for sharing the news.

An anonymous reader quotes a report from Ars Technica: Researchers have discovered a never-before-seen framework that infects Linux machines with a wide assortment of modules that are notable for the range of advanced capabilities they provide to attackers. The framework, referred to as VoidLink by its source code, features more than 30 modules that can be used to customize capabilities to meet attackers' needs for each infected machine. These modules can provide additional stealth and specific tools for reconnaissance, privilege escalation, and lateral movement inside a compromised network. The components can be easily added or removed as objectives change over the course of a campaign.

VoidLink can target machines within popular cloud services by detecting if an infected machine is hosted inside AWS, GCP, Azure, Alibaba, and Tencent, and there are indications that developers plan to add detections for Huawei, DigitalOcean, and Vultr in future releases. To detect which cloud service hosts the machine, VoidLink examines metadata using the respective vendor's API. Similar frameworks targeting Windows servers have flourished for years. They are less common on Linux machines. The feature set is unusually broad and is "far more advanced than typical Linux malware," said researchers from Checkpoint, the security firm that discovered VoidLink. Its creation may indicate that the attacker's focus is increasingly expanding to include Linux systems, cloud infrastructure, and application deployment environments, as organizations increasingly move workloads to these environments. "VoidLink is a comprehensive ecosystem designed to maintain long-term, stealthy access to compromised Linux systems, particularly those running on public cloud platforms and in containerized environments," the researchers said in a separate post. "Its design reflects a level of planning and investment typically associated with professional threat actors rather than opportunistic attackers, raising the stakes for defenders who may never realize their infrastructure has been quietly taken over."

The researchers note that VoidLink poses no immediate threat or required action since it's not actively targeting systems. However, defenders should remain vigilant.

The Free Software Foundation's president Ian Kelling is also their senior systems administrator. This week he shared an example of how "the work we put in to making sure a program is free for us also makes it free for the rest of the world." During the COVID-19 pandemic, like everyone everywhere, the FSF increased its videoconferencing use, especially videoconferencing software that works in web browsers. We have experience hosting several different programs to accomplish this, and BigBlueButton was an important one for us for a while. It is a videoconferencing service which describes itself as a virtual classroom because of its many features designed for educational environments, such as a shared whiteboard... In BigBlueButton 2.2, the program used a freely licensed version of MongoDB, but it unintentionally picked up MongoDB's 2018 nonfree license change in versions 2.3 and 2.4. At the FSF, we noticed this [after a four-hour review] and raised the alarm with the BigBlueButton team in late 2020.

In many cases of a developer changing to a nonfree license, free forks have won out, but in this case no one judged it worth the effort to maintain a fork of the final free MongoDB version. This was a very unfortunate case for existing users of MongoDB, including the FSF, who were then faced with a challenge of maintaining their freedom by either running old and unmaintained software or switching over to a different free program. Luckily, the free software world is not especially lacking in high quality database software, and there is also a wide array of free videoconferencing software. At the FSF, we decided to spend some effort to make sure MongoDB would no longer make BigBlueButton nonfree, to help other users of MongoDB and BigBlueButton. We think BigBlueButton is really useful for free software in schools, where it is incredibly important to have free software.

On the tech team, especially when it comes to software running in a web browser, we are used to making modifications to better suit our needs. In the end, we didn't find a perfect solution, but we did find FerretDB to be a promising MongoDB alternative and assisted the developers of FerretDB to see what would be required for it to work in BigBlueButton. The BigBlueButton developers decided that some architectural level changes for their 3.0 release would be the path for them to remove MongoDB. As of BigBlueButton 3.0, released in 2025, BigBlueButton is back to being entirely free software...!

As you can see, in the world of free software, trust can be tricky, and this is part of why organizations like the FSF are so important.
Kelling notes he's part of a tech team of just two people reponsible for "63 different services, platforms, and websites for the FSF staff, the GNU Project, other community projects, and the wider free software community..."

Vietnam will begin enforcing new online advertising rules in February 2026 that ban forced video ads longer than five seconds and must allow users to close ads with just one tap. "Furthermore, platforms must provide clear icons and instructions for users to report advertisements that violate the law, and allow them to opt out, turn off, or stop viewing inappropriate ads," reports a local news outlet (translated to English). "These reports must be received and processed promptly, and the results communicated to users as required." From the report: In cases where the entity posting the infringing advertisement cannot be identified or where specialized laws do not have specific regulations, the Ministry of Culture, Sports and Tourism is the focal agency to receive notifications and send requests to block or remove the advertisement to organizations and businesses providing online advertising services in Vietnam.

Advertisers, advertising service providers, and advertising transmission and distribution units are responsible for blocking and removing infringing advertisements within 24 hours of receiving a request from the competent authority. For advertisements that infringe on national security, the blocking and removal must be carried out immediately, no later than 24 hours.

In case of non-compliance, the Ministry of Culture, Sports and Tourism, in coordination with the Ministry of Public Security, will apply technical measures to block infringing advertisements and services and handle the matter according to the law. Telecommunications companies and Internet service providers must also implement technical measures to block access to infringing advertisements within 24 hours of receiving a request.

Two cybersecurity professionals who spent their careers defending organizations against ransomware attacks have pleaded guilty in a Florida federal court to using ALPHV/BlackCat ransomware to extort American businesses throughout 2023.

Ryan Goldberg, a 40-year-old incident response manager from Georgia, and Kevin Martin, a 36-year-old ransomware negotiator from Texas, admitted to conspiring to obstruct commerce through extortion. Between April and December 2023, Goldberg, Martin, and a third unnamed co-conspirator deployed the ransomware against multiple U.S. victims and agreed to pay ALPHV BlackCat's operators a 20% cut of any ransoms received. They successfully extracted approximately $1.2 million in Bitcoin from one victim, splitting their 80% share three ways before laundering the proceeds. Both men face up to 20 years in prison and are scheduled for sentencing on March 12, 2026.

The Justice Department noted that all three conspirators possessed specialized skills in securing computer systems against the very attacks they carried out. ALPHV BlackCat has targeted more than 1,000 victims globally and was the subject of an FBI disruption operation in December 2023 that saved victims an estimated $99 million through a custom decryption tool.

A group of researchers is calling on universities to treat consulting work as a strategic priority, arguing that bureaucratic obstacles and inconsistent policies have left a massive revenue stream largely untapped even as higher education institutions face mounting financial pressures. (Consulting work refers to academics offering their advice and expertise to outside organizations -- industry, government, civil society -- for a fee. It's one of the most direct and scalable ways academics can shape the world beyond campus, and the projects are typically shorter in duration and easier to set up than alternatives like spin-out companies.)

Writing in Nature, the authors found that fewer than 10% of academic staff at nine UK universities engaged in consulting work, and the number of academic consulting contracts across the country fell 38% over the past decade -- from around 99,000 in 2014-15 to fewer than 62,000 in 2023-24.

Academic consulting in the UK is currently worth roughly $675-810 million annually, a figure that represents just 0.6% of the country's $124 billion management consulting market. The authors examined policies at 30 universities and surveyed 76 fellows from a UK Research and Innovation programme. Two-thirds of the surveyed institutions had publicly available consulting policies, and two outright prohibit private consulting. Permitted consulting time ranged from unlimited to 30 days or fewer per year, institutional charges varied from 10-40% of fees, and contract approval timelines stretched from 24 hours to several months.

Private consultancy firms are moving into this space, capturing opportunities that universities neglect. Small-scale projects under $6,750 are commonly sidelined by university contract offices because they represent too small an income for strained institutional resources. The authors propose standardized policies across institutions, shared consulting income with departments, and faster approval processes -- reforms similar to those already implemented for university spin-out companies.

The Register reports on challenges facing Europe's pursuit of "digital sovereignty": The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to provide requested data, regardless of where that data is stored globally. This places European organizations in a precarious position, as it directly clashes with Europe's own stringent privacy regulation, the General Data Protection Regulation (GDPR)... Furthermore, these warrants often come with a gag order, legally prohibiting the provider from informing their customer that their data has been accessed. This renders any contractual clauses requiring transparency or notification effectively meaningless. While technical measures like encryption are often proposed as a solution, their effectiveness depends entirely on who controls the encryption keys. If the US provider manages the keys, as is common in many standard cloud services, they can be forced to decrypt the data for authorities, making such safeguards moot....

American hyperscalers have recognized the market demand for sovereignty and now aggressively market 'sovereign cloud' solutions, typically by placing datacenters on European soil or partnering with local operators. Critics call this 'sovereignty washing'... [Cristina Caffarra, a competition economistand driving force behind the Eurostack initiative] warns that this does not resolve the fundamental problem. "A company subject to the extraterritorial laws of the United States cannot be considered sovereign for Europe," she says. "That simply doesn't work." Because, as long as the parent company is American, it remains subject to the CLOUD Act...

Even when organizations make deliberate choices in favour of European providers, those decisions can be undone by market forces. A recent acquisition in the Netherlands illustrates this risk. In November 2025, the American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider. This came as an "unpleasant surprise" to several of its government clients, including the municipality of Amsterdam and the Dutch Ministry of Justice and Security. These bodies had specifically chosen Solvinity to reduce their dependence on American firms and mitigate CLOUD Act risks.
Still, The Register provides several examples of government systems that are "taking concrete steps to regain control over their IT."

• Austria's Federal Ministry for Economy, Energy and Tourism now has 1,200 employees on the European open-source collaboration platform Nextcloud, leading several other Austrian ministries to also implement Nextcloud. (The Ministry's CISO tells the Register "We can see our input in Nextcloud releases. That is a feeling we never had with Microsoft.")

• France's Ministry of Economics and Finance recently completed NUBO (which the Register describes as "an OpenStack-based private cloud initiative designed to handle sensitive data and services.")

• In November the International Criminal Court in The Hague announced it was replacing its Microsoft office software with a European alternative.

• The German state of Schleswig-Holstein is replacing Microsoft products with open-source alternatives for 30,000 civil servants

Thanks to long-time Slashdot reader mspohr for sharing the article.

Two years after generative AI was supposed to render India's $250 billion IT services industry obsolete, the sector is finding that enterprises still need someone to handle the unglamorous plumbing work that large-scale AI deployment demands. Less than 15% of organizations are meaningfully deploying the new technology, according to investment bank UBS, and Indian IT firms are positioning themselves to capture the preparatory work -- data cleanup, cloud migration, system integration -- that channel checks suggest could take two to three years before enterprise-wide AI becomes feasible.

The financials have held up better than the doomsday predictions suggested. Infosys now calls AI-led volume opportunities a bigger tailwind than the deflation threat, a reversal from 2024, and orderbooks held steady in the third quarter even as pricing pressure filtered through renewals. Infosys expects its orderbook to grow more than 50% this quarter, anchored by an NHS deal worth $1.6 billion over 15 years.

The companies have been restructuring accordingly. TCS cut headcount by 2% and invested in a 1GW data-centre network while acquiring Salesforce advisory firm Coastal Cloud. HCLTech reduced margins by 100 basis points and became one of the first large systems integrators to partner with OpenAI; this week it announced acquisitions of Jaspersoft for $240 million and Belgian firm Wobby to expand agentic AI capabilities.

The bear case for the Indian IT sector assumed that AI would work out of the box. Two years in, it does not.

An anonymous reader quotes a report from the Associated Press: The State Department announced Tuesday it was barring five Europeans it accused of leading efforts to pressure U.S. tech firms to censor or suppress American viewpoints. The Europeans, characterized by Secretary of State Marco Rubio as "radical" activists and "weaponized" nongovernmental organizations, fell afoul of a new visa policy announced in May to restrict the entry of foreigners deemed responsible for censorship of protected speech in the United States. "For far too long, ideologues in Europe have led organized efforts to coerce American platforms to punish American viewpoints they oppose," Rubio posted on X. "The Trump Administration will no longer tolerate these egregious acts of extraterritorial censorship."

The five Europeans were identified by Sarah Rogers, the under secretary of state for public diplomacy, in a series of posts on social media. [...] The five Europeans named by Rogers are: Imran Ahmed, chief executive of the Centre for Countering Digital Hate; Josephine Ballon and Anna-Lena von Hodenberg, leaders of HateAid, a German organization; Clare Melford, who runs the Global Disinformation Index; and former EU Commissioner Thierry Breton, who was responsible for digital affairs. Rogers in her post on X called Breton, a French business executive and former finance minister, the "mastermind" behind the EU's Digital Services Act, which imposes a set of strict requirements designed to keep internet users safe online. This includes flagging harmful or illegal content like hate speech. She referred to Breton warning Musk of a possible "amplification of harmful content" by broadcasting his livestream interview with Trump in August 2024 when he was running for president.

An anonymous reader quotes a report from MarketWatch: ServiceNow announced a deal to acquire cybersecurity company Armis on Tuesday, marking a new milestone in the software giant's artificial-intelligence business strategy. The $7.75 billion all-cash transaction is part of ServiceNow's goal of advancing governance and trust in autonomous AI agents, and the company's largest transaction to date. "The acquisition of Armis will extend and enhance ServiceNow's Security, Risk, and [Operational Technology] portfolios in critical and fast-growing areas of cybersecurity and drive increased AI adoption by strengthening trust across businesses' connected environments," the company wrote in a press release.

While ServiceNow built its foundation IT service management products, the company has positioned itself as an "AI control tower" that orchestrates workflows across HR, customer service and security operations. Organizations today are operating in increasingly complex environments, with assets spanning from laptops and servers to smart grid devices, Gina Mastantuono, chief financial officer of ServiceNow, told MarketWatch on Tuesday. "But at the same time, cyber threats are becoming more sophisticated and more complex," she added.

ServiceNow's Security and Risk business crossed $1 billion in annual contract value earlier this year, and the Armis acquisition is expected to triple ServiceNow's market opportunity in the sector. Armis currently has over $340 million in annual recurring revenue, with growth exceeding 50% year-over-year, according to the press release. The Armis acquisition would allow ServiceNow to create an "end-to-end proactive cybersecurity exposure and operations stack that enables enterprises to see, decide and act across a business' entire technology footprint," Mastantuono said.

Long-time Slashdot reader theodp writes: Last September, tech-backed nonprofit Code.org pledged to engage 25 million K-12 schoolchildren in an "Hour of AI" this school year. Preliminary numbers released this week by the Code.org Advocacy Coalition showed that [halfway through the five-day event Computer Science Education Week] 13.1 million users had participated in the inaugural Hour of AI, attaining 52.4% of its goal of 25 million participants.

In a pivot from coding to AI literacy, the Hour of AI replaced Code.org's hugely-popular Hour of Code this December as the flagship event of Computer Science Education Week (December 8-14). According to Code.org's 2024-25 Impact Report, "in 2024–25 alone, students logged over 100 million Hours of Code, including more than 43 million in the four months leading up to and including CS Education Week."
Minecraft participated with their own Hour of AI lessons. ("Program an AI Agent to craft tools and build shelter before dusk falls in this iconic challenge!") And Google contributed AI Quests, "a gamified, in-class learning experience" allowing students to "step into the shoes of Google researchers using AI to solve real-world challenges." Other participating organizations included the Scratch Foundation, Lego Education, Adobe, and Roblox.

And Microsoft contributed two — including one with their block-based programming environment Microsoft MakeCode Arcade, with students urged to "code and train your own super-smart bug using AI algorithms and challenge other AI bugs in an epic Tower battle for ultimate Bug Arena glory!"

See all the educational festivities here...

What is the future of work? The Wall Street Journal asked five workplace experts and practitioners.

So while AI "is already doing tasks once relegated to newly minted college graduates in many professions," the Journal predicts that in the next 20 years AI "will have an impact on the role of managers, how organizations measure business outcomes and accelerate tasks that once took months."

A senior partner at the consulting firm Mercer predicts AI (plus advances in quantum computing) will enable entrepreneurs to reshape industries with a fraction of the resources traditionally required.

Some other predictions: Alan Guarino, vice chairman and CEO of board services at the global consulting firm Korn Ferry: In 25 years, the workplace will likely be unrecognizable, with employees and AI operating as one. Yes, there will be tasks and entire jobs taken over by AI, but we will all be elevated to a whole new superpower to make critical and creative decisions. The idea that work was once done strictly by people will seem quaint to some. Tasks that took entire teams, and months to complete, will be crunched down to a few minutes, with success measured on metrics we can't imagine today.

The middle layers of management — so central to today's corporate structure — could be a vestige of the past. The role of the leader too will change, as they directly oversee a collaboration of people and intelligent systems. The attitude toward in-person collaboration is growing and 25 years from now, counterintuitively, I believe face-to-face connection won't just be indispensable, but invaluable. Emotional intelligence will still set leaders apart. Those who blend empathy with tech savvy will be the ones shaping the future.

Peter Fasolo, a former executive vice president and chief human resources officer at Johnson & Johnson, and director of the Human Resource Policy Institute at Boston University's Questrom School of Business: There will be fewer available workers in Europe, Japan and the U.S. over this time frame and the demographic shift will be profound. In addition, there will be even fewer young adults available for colleges in the U.S., even if they decide the investment is worth it.

The implications of this shift will be the need for more investments in vocational and trade schools, and the need to invest in skill-based, not pedigree-based training. There will also be more on-the-job specific training. Companies will become classrooms. Companies that want a more sustainable relationship with employees will need an investment model versus a transactional one: We will invest in your skills so you can be a competitive professional in your domain.

An anonymous reader quotes a report from Tom's Hardware: A North Korean imposter was uncovered, working as a sysadmin at Amazon U.S., after their keystroke input lag raised suspicions with security specialists at the online retail giant. Normally, a U.S.-based remote worker's computer would send keystroke data within tens of milliseconds. This suspicious individual's keyboard lag was "more than 110 milliseconds," reports Bloomberg. Amazon is commendably proactive in its pursuit of impostors, according to the source report.

The news site talked with Amazon's Chief Security Officer, Stephen Schmidt, about this fascinating new case of North Koreans trying to infiltrate U.S. organizations to raise hard currency for the Democratic People's Republic of Korea (DPRK), and sometimes indulge in espionage and/or sabotage. Schmidt says that Amazon has foiled more than 1,800 DPRK infiltration attempts since April 2024. Moreover, the rate of attempts continues apace, with Amazon reckoning it is seeing a 27% QoQ uplift in North Koreans trying to get into the Amazon corporation. However, Amazon's success can be almost entirely credited to the fact that it is actively looking for DPRK impostors, warns its Chief Security Officer. "If we hadn't been looking for the DPRK workers," Schmidt said, "we would not have found them."

Google is suing a Chinese-speaking cybercriminal group it says is responsible for a massive wave of scam text messages sent to Americans this year, according to a legal complaint filed Tuesday. From a report: The group, known as Darcula, sells software that allows users to send phishing text messages en masse, impersonating organizations like the IRS or the U.S. Postal Service in scams. The lawsuit is designed to give Google legal standing so U.S. courts will allow it to seize websites the group uses, hampering their operations, a spokesperson said.

Darcula is possibly the most prominent name in an emerging, loosely affiliated cybercrime world that creates and sells hacking programs for aspiring scammers to use. Darcula's signature program, called Magic Cat, provides an easy-to-use, intuitive way for cybercriminals without advanced hacking skills to quickly spam millions of phone numbers with links to fake websites impersonating businesses like YouTube's premium service, then steal the credit card numbers victims put in.

An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...]

Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions.

To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."

A critical React vulnerability (CVE-2025-55182) is being actively exploited at scale by Chinese, Iranian, North Korean, and criminal groups to gain remote code execution, deploy backdoors, and mine crypto. The Register reports: React maintainers disclosed the critical bug on December 3, and exploitation began almost immediately. According to Amazon's threat intel team, Chinese government crews, including Earth Lamia and Jackpot Panda, started battering the security hole within hours of its disclosure. Palo Alto Networks' Unit 42 responders have put the victim count at more than 50 organizations across multiple sectors, with attackers from North Korea also abusing the flaw.

Google, in a late Friday report, said at least five other suspected PRC spy groups also exploited React2Shell, along with criminals who deployed XMRig for illicit cryptocurrency mining, and "Iran-nexus actors," although the report doesn't provide any additional details about who the Iran-linked groups are and what they are doing after exploitation. "GTIG has also observed numerous discussions regarding CVE-2025-55182 in underground forums, including threads in which threat actors have shared links to scanning tools, proof-of-concept (PoC) code, and their experiences using these tools," the researchers wrote.

Cloudflare's sixth annual Year in Review report describes an internet increasingly shaped by two forces: automated traffic and government intervention, as global connectivity grew 19% year over year in 2025.

Google's web crawler now dominates automated traffic, dwarfing other AI and indexing bots to become the single largest source of bot activity on the web. Nearly half of all major internet disruptions globally were linked to government actions, and civil society and non-profit organizations became the most attacked sector for the first time.

Post-quantum encryption crossed a significant threshold, now protecting 52% of human internet traffic observed by Cloudflare. The company also recorded more than 25 record-breaking DDoS attacks throughout the year.

Superintelligence has become "a quasi-political forecast" with "very little to do with any scientific consensus, emerging instead from particular corridors of power." That's the warning from James O'Sullivan, a lecturer in digital humanities from University College Cork. In a refreshing 5,600-word essay in Noema magazine, he notes the suspicious coincidence that "The loudest prophets of superintelligence are those building the very systems they warn against..."

"When we accept that AGI is inevitable, we stop asking whether it should be built, and in the furor, we miss that we seem to have conceded that a small group of technologists should determine our future." (For example, OpenAI CEO Sam Altman "seems determined to position OpenAI as humanity's champion, bearing the terrible burden of creating God-like intelligence so that it might be restrained.") The superintelligence discourse functions as a sophisticated apparatus of power, transforming immediate questions about corporate accountability, worker displacement, algorithmic bias and democratic governance into abstract philosophical puzzles about consciousness and control... Media amplification plays a crucial role in this process, as every incremental improvement in large language models gets framed as a step towards AGI. ChatGPT writes poetry; surely consciousness is imminent..." Such accounts, often sourced from the very companies building these systems, create a sense of momentum that becomes self-fulfilling. Investors invest because AGI seems near, researchers join companies because that's where the future is being built and governments defer regulation because they don't want to handicap their domestic champions...

We must recognize this process as political, not technical. The inevitability of superintelligence is manufactured through specific choices about funding, attention and legitimacy, and different choices would produce different futures. The fundamental question isn't whether AGI is coming, but who benefits from making us believe it is... We do not yet understand what kind of systems we are building, or what mix of breakthroughs and failures they will produce, and that uncertainty makes it reckless to funnel public money and attention into a single speculative trajectory.
Some key points:

• "The machines are coming for us, or so we're told. Not today, but soon enough that we must seemingly reorganize civilization around their arrival..."
• "When we debate whether a future artificial general intelligence might eliminate humanity, we're not discussing the Amazon warehouse worker whose movements are dictated by algorithmic surveillance or the Palestinian whose neighborhood is targeted by automated weapons systems. These present realities dissolve into background noise against the rhetoric of existential risk..."
• "Seen clearly, the prophecy of superintelligence is less a warning about machines than a strategy for power, and that strategy needs to be recognized for what it is... "
• "Superintelligence discourse isn't spreading because experts broadly agree it is our most urgent problem; it spreads because a well-resourced movement has given it money and access to power..."
• "Academic institutions, which are meant to resist such logics, have been conscripted into this manufacture of inevitability... reinforcing industry narratives, producing papers on AGI timelines and alignment strategies, lending scholarly authority to speculative fiction..."
• "The prophecy becomes self-fulfilling through material concentration — as resources flow towards AGI development, alternative approaches to AI starve..."
• "The dominance of superintelligence narratives obscures the fact that many other ways of doing AI exist, grounded in present social needs rather than hypothetical machine gods..." [He lists data sovereignty movements "that treat data as a collective resource subject to collective consent," as well as organizations like Canada's First Nations Information Governance Centre and New Zealand's Te Mana Raraunga, plus "Global South initiatives that use modest, locally governed AI systems to support healthcare, agriculture or education under tight resource constraints."] "Such examples... demonstrate how AI can be organized without defaulting to the superintelligence paradigm that demands everyone else be sacrificed because a few tech bros can see the greater good that everyone else has missed..."
• "These alternatives also illuminate the democratic deficit at the heart of the superintelligence narrative. Treating AI at once as an arcane technical problem that ordinary people cannot understand and as an unquestionable engine of social progress allows authority to consolidate in the hands of those who own and build the systems..."

He's ultimately warning us about "politics masked as predictions..."

"The real political question is not whether some artificial superintelligence will emerge, but who gets to decide what kinds of intelligence we build and sustain. And the answer cannot be left to the corporate prophets of artificial transcendence because the future of AI is a political field — it should be open to contestation.

"It belongs not to those who warn most loudly of gods or monsters, but to publics that should have the moral right to democratically govern the technologies that shape their lives."

joshuark shares a report from BleepingComputer: More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. After scanning container images uploaded to Docker Hub in November, security researchers at threat intelligence company Flare found that 10,456 of them exposed one or more keys. The most frequent secrets were access tokens for various AI models (OpenAI, HuggingFace, Anthropic, Gemini, Groq). In total, the researchers found 4,000 such keys. "These multi-secret exposures represent critical risks, as they often provide full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components," Flare notes. [...]

Additionally, they found hardcoded API tokens for AI services being hardcoded in Python application files, config.json files, YAML configs, GitHub tokens, and credentials for multiple internal environments. Some of the sensitive data was present in the manifest of Docker images, a file that provides details about the image.Flare notes that roughly 25% of developers who accidentally exposed secrets on Docker Hub realized the mistake and removed the leaked secret from the container or manifest file within 48 hours. However, in 75% of these cases, the leaked key was not revoked, meaning that anyone who stole it during the exposure period could still use it later to mount attacks.

Flare suggests that developers avoid storing secrets in container images, stop using static, long-lived credentials, and centralize their secrets management using a dedicated vault or secrets manager. Organizations should implement active scanning across the entire software development life cycle and revoke exposed secrets and invalidate old sessions immediately.