The U.S. Department of Justice seized about $15 billion in bitcoin from wallets tied to Chen Zhi, founder of Cambodia's Prince Holding Group, who is accused of running one of the world's biggest "pig butchering" scams. Prosecutors say Zhi's network trafficked people into forced-labor scam compounds that defrauded victims worldwide through fake crypto investment schemes. CNBC reports: The seizure is the largest forfeiture action by the DOJ in history. An indictment charging the alleged pig butcher, Chen Zhi, was unsealed Tuesday in federal court in Brooklyn, New York. Zhi, who is also known as "Vincent," remains at large, according to the U.S. Attorney's Office for the Eastern District of New York. He was identified in court filings as the founder and chairman of Prince Holding Group, a multinational business conglomerate based in Cambodia, which prosecutors said grew "in secret .... into one of Asia's largest transnational criminal organizations. [...]

The scams duped people contacted via social media and messaging applications online into transferring cryptocurrency into accounts controlled by the scheme with false promises that the crypto would be invested and produce profits, according to the office. "In reality, the funds were stolen from the victims and laundered for the benefit of the perpetrators," the release said. "The scam perpetrators often built relationships with their victims over time, earning their trust before stealing their funds."

Prosecutors said that hundreds of people were trafficked and forced to work in the scam compounds, "often under the threat of violence." Zhi and a network of top executives in the Prince Group are accused of using political influence in multiple countries to protect their criminal enterprise and paid bribes to public officials to avoid actions by law enforcement authorities targeting the scheme, according to prosecutors.

theodp writes: GeekWire reports that Microsoft is bringing artificial intelligence to every public classroom in its home state -- and sparking new questions about its role in education. The Redmond tech giant on Thursday unveiled Microsoft Elevate Washington, a sweeping new initiative that will provide free access to AI-powered software and training for all 295 public school districts and 34 community and technical colleges across Washington state. The program is part of Microsoft Elevate, the company's broader $4 billion, five-year commitment to support schools and nonprofits with AI tools and training that was announced in July.

"This is our home," Microsoft President Brad Smith said at a launch event on the company's headquarters campus. "A big part of what we're doing today is investing in our home." Smith said Microsoft understands the unease around AI in classrooms but argued that waiting isn't an option. "I don't know that it will be possible to slow down the use of AI, even if someone wanted to," he said. In an interview with KING-TV Seattle, Smith added, "We're making a bigger commitment to this state than we are to any state in the country. [...] Above all else, we want to ensure that people can learn how to use the technology of tomorrow. That's the only way for our kids to succeed in the future."

The event on Thursday also included comedian Trevor Noah, the company's "chief questions officer," as well as Code.org CEO Hadi Partovi. Noah and Partovi both also appeared with Smith at the Microsoft Elevate launch event in July, where Smith told Partovi it was time to "switch hats" from coding to AI, adding that "the last 12 years have been about the Hour of Code [Code.org's flagship event, credited with pushing CS into K-12 classrooms], but the future involves the Hour of AI." Code.org last month committed to "engage 25M learners in an Hour of AI in school year '25/'26" at a meeting of the White House Task Force on AI Education that preceded a White House dinner for top execs from the nation's leading AI companies.

The Cybersecurity Information Sharing Act expired on Wednesday when the federal government shut down. The law had provided legal protections since 2015 for organizations to share cyber threat intelligence with federal agencies. Without these protections, private sector companies that control most U.S. critical infrastructure face potential legal risks when sharing information about threats. Sen. Gary Peters called the lapse "an open invitation to cybercriminals and hostile actors to attack our economy and our critical infrastructure."

The intelligence sharing enabled by CISA 2015 helped expose Chinese campaigns including Volt Typhoon in 2023 and Salt Typhoon last year. Several cybersecurity firms pledged to continue sharing threat data despite the law's expiration. Halcyon and CrowdStrike confirmed they would maintain information sharing. Palo Alto Networks said it remained committed to public-private partnerships but did not specify whether it would continue sharing threat data. Multiple bipartisan reauthorization efforts failed before the shutdown. The House Homeland Security Committee had approved a 10-year extension last month.

An anonymous reader quotes a report from The Intercept: The company behind the Proton Mail email service, Proton, describes itself as a "neutral and safe haven for your personal data, committed to defending your freedom." But last month, Proton disabled email accounts belonging to journalists reporting on security breaches of various South Korean government computer systems following a complaint by an unspecified cybersecurity agency. After a public outcry, and multiple weeks, the journalists' accounts were eventually reinstated -- but the reporters and editors involved still want answers on how and why Proton decided to shut down the accounts in the first place.

Martin Shelton, deputy director of digital security at the Freedom of the Press Foundation, highlighted that numerous newsrooms use Proton's services as alternatives to something like Gmail "specifically to avoid situations like this," pointing out that "While it's good to see that Proton is reconsidering account suspensions, journalists are among the users who need these and similar tools most." Newsrooms like The Intercept, the Boston Globe, and the Tampa Bay Times all rely on Proton Mail for emailed tip submissions. Shelton noted that perhaps Proton should "prioritize responding to journalists about account suspensions privately, rather than when they go viral." On Reddit, Proton's official account stated that "Proton did not knowingly block journalists' email accounts" and that the "situation has unfortunately been blown out of proportion."

The two journalists whose accounts were disabled were working on an article published in the August issue of the long-running hacker zine Phrack. The story described how a sophisticated hacking operation -- what's known in cybersecurity parlance as an APT, or advanced persistent threat -- had wormed its way into a number of South Korean computer networks, including those of the Ministry of Foreign Affairs and the military Defense Counterintelligence Command, or DCC. The journalists, who published their story under the names Saber and cyb0rg, describe the hack as being consistent with the work of Kimsuky, a notorious North Korean state-backed APT sanctioned by the U.S. Treasury Department in 2023. As they pieced the story together, emails viewed by The Intercept show that the authors followed cybersecurity best practices and conducted what's known as responsible disclosure: notifying affected parties that a vulnerability has been discovered in their systems prior to publicizing the incident. Phrack said the account suspensions created a "real impact to the author. The author was unable to answer media requests about the article." Phrack noted that the co-authors were already working with affected South Korean organizations on responsible disclosure and system fixes. "All this was denied and ruined by Proton," Phrack stated.

Phrack editors said that the incident leaves them "concerned what this means to other whistleblowers or journalists. The community needs assurance that Proton does not disable accounts unless Proton has a court order or the crime (or ToS violation) is apparent."

The Hill reports: Russian state-sponsored hackers have targeted thousands of networking devices associated with U.S. critical infrastructure sectors over the past year, the FBI warned Wednesday. The cyber actors are associated with the Russian Federal Security Service's (FSB) Center 16 and have taken aim at a vulnerability in certain Cisco devices, according to an agency public service announcement.

In some cases, hackers have been able to modify configuration files to enable unauthorized access, which they have used to conduct reconnaissance on networks. This has "revealed their interest in protocols and applications commonly associated with industrial control systems," the FBI said.

Cisco's threat intelligence research arm, Talos, explained in a separate advisory that a subcluster of this group, which it has named "Static Tundra," is targeting a seven-year-old vulnerability in the company's Smart Install feature. The firm has offered a patch for the vulnerability, but it remains a problem in unpatched and end-of-life network devices, it warned.
"Once they establish initial access to a network device, Static Tundra will pivot further into the target environment, compromising additional network devices and establishing channels for long-term persistence and information gathering," warns the Talos blog. "This is demonstrated by the group's ability to maintain access in target environments for multiple years without being detected."

In a statement emailed to The Register, a Cisco spokesperson "said the company is aware of ongoing exploitation targeting this flaw." "We strongly urge customers to immediately upgrade to fixed software versions as outlined in the security advisory and follow our published security best practices," the spokesperson said, directing customers to the FBI's announcement and Cisco Talos blog for additional details.

The ongoing campaign targets telecommunications, higher education, and manufacturing organizations across North America, Asia, Africa, and Europe, "with victims selected based on their strategic interest to the Russian government," according to Talos researchers Sara McBroom and Brandon White. "We assess that the purpose of this campaign is to compromise and extract device configuration information en masse, which can later be leveraged as needed based on then-current strategic goals and interests of the Russian government," McBroom and White wrote.

And while both security alerts focus on the FSB's latest round of network intrusions, "many other state-sponsored actors also covet the access these devices afford," the Talos team warned. "Organizations should be aware that other advanced persistent threats (APTs) are likely prioritizing carrying out similar operations as well."
Some context from Hot Hardware: Cisco indicated in its advisory that "Only Smart Install client switches are affected by the vulnerability". The list of affected devices is in Table A-1 here. For a successful attack, hackers exploit a vulnerability tracked as CVE-2018-0171. This was a vulnerability that was patched way back in 2018.

The GenAI Divide: State of AI in Business 2025, a new report published by MIT's NANDA initiative, reveals that while generative AI holds promise for enterprises, most initiatives to drive rapid revenue growth are falling flat. Fortune: Despite the rush to integrate powerful new models, about 5% of AI pilot programs achieve rapid revenue acceleration; the vast majority stall, delivering little to no measurable impact on P&L. The research -- based on 150 interviews with leaders, a survey of 350 employees, and an analysis of 300 public AI deployments -- paints a clear divide between success stories and stalled projects.

To unpack these findings, I spoke with Aditya Challapally, the lead author of the report, and a research contributor to project NANDA at MIT. "Some large companies' pilots and younger startups are really excelling with generative AI," Challapally said. Startups led by 19- or 20-year-olds, for example, "have seen revenues jump from zero to $20 million in a year," he said. "It's because they pick one pain point, execute well, and partner smartly with companies who use their tools," he added.

But for 95% of companies in the dataset, generative AI implementation is falling short. The core issue? Not the quality of the AI models, but the "learning gap" for both tools and organizations. While executives often blame regulation or model performance, MIT's research points to flawed enterprise integration. Generic tools like ChatGPT excel for individuals because of their flexibility, but they stall in enterprise use since they don't learn from or adapt to workflows, Challapally explained.

This week Google's Open Source Security Team announced "a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts.

It includes automation to derive declarative build definitions, new "build observability and verification tools" for security teams, and even "infrastructure definitions" to help organizations rebuild, sign, and distribute provenance by running their own OSS Rebuild instances. (And as part of the initiative, the team also published SLSA Provenance attestations "for thousands of packages across our supported ecosystems.") Our aim with OSS Rebuild is to empower the security community to deeply understand and control their supply chains by making package consumption as transparent as using a source repository. Our rebuild platform unlocks this transparency by utilizing a declarative build process, build instrumentation, and network monitoring capabilities which, within the SLSA Build framework, produces fine-grained, durable, trustworthy security metadata. Building on the hosted infrastructure model that we pioneered with OSS Fuzz for memory issue detection, OSS Rebuild similarly seeks to use hosted resources to address security challenges in open source, this time aimed at securing the software supply chain... We are committed to bringing supply chain transparency and security to all open source software development. Our initial support for the PyPI (Python), npm (JS/TS), and Crates.io (Rust) package registries — providing rebuild provenance for many of their most popular packages — is just the beginning of our journey...

OSS Rebuild helps detect several classes of supply chain compromise:

- Unsubmitted Source Code: When published packages contain code not present in the public source repository, OSS Rebuild will not attest to the artifact.

- Build Environment Compromise: By creating standardized, minimal build environments with comprehensive monitoring, OSS Rebuild can detect suspicious build activity or avoid exposure to compromised components altogether.

- Stealthy Backdoors: Even sophisticated backdoors like xz often exhibit anomalous behavioral patterns during builds. OSS Rebuild's dynamic analysis capabilities can detect unusual execution paths or suspicious operations that are otherwise impractical to identify through manual review.


For enterprises and security professionals, OSS Rebuild can...

— Enhance metadata without changing registries by enriching data for upstream packages. No need to maintain custom registries or migrate to a new package ecosystem.

— Augment SBOMs by adding detailed build observability information to existing Software Bills of Materials, creating a more complete security picture...

- Accelerate vulnerability response by providing a path to vendor, patch, and re-host upstream packages using our verifiable build definitions...


The easiest (but not only!) way to access OSS Rebuild attestations is to use the provided Go-based command-line interface.
"With OSS Rebuild's existing automation for PyPI, npm, and Crates.io, most packages obtain protection effortlessly without user or maintainer intervention."

The United Kingdom's government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks. From a report: The list of entities that would have to follow the new proposed legislation includes local councils, schools, and the publicly funded National Health Service (NHS).

"Ransomware is estimated to cost the UK economy millions of pounds each year, with recent high-profile ransomware attacks highlighting the severe operational, financial, and even life-threatening risks. The ban would target the business model that fuels cyber criminals' activities and makes the vital services the public rely on a less attractive target for ransomware groups," the UK government said.

"We're determined to smash the cyber criminal business model and protect the services we all rely on as we deliver our Plan for Change. By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware," Security Minister Dan Jarvis added.

"Anybody who's got a hosted SharePoint server has got a problem," the senior VP of cybersecurity firm CrowdStrike told the Washington Post. "It's a significant vulnerability."

And it's led to a new "global attack on government agencies and businesses" in the last few days, according to the article, "breaching U.S. federal and state agencies, universities, energy companies and an Asian telecommunications company, according to state officials and private researchers..."

"Tens of thousands of such servers are at risk, experts said, and Microsoft has issued no patch for the flaw, leaving victims around the world scrambling to respond." (Microsoft says they are "working on" security updates "for supported versions of SharePoint 2019 and SharePoint 2016," offering various mitigation suggestions, and CISA has released their own recommendations.)

From the Washington Post's article Sunday: Microsoft has suggested that users make modifications to SharePoint server programs or simply unplug them from the internet to stanch the breach. Microsoft issued an alert to customers but declined to comment further... "We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available," said Pete Renals, a senior manager with Palo Alto Networks' Unit 42. "We have identified dozens of compromised organizations spanning both commercial and government sectors.''

With access to these servers, which often connect to Outlook email, Teams and other core services, a breach can lead to theft of sensitive data as well as password harvesting, Netherlands-based research company Eye Security noted. What's also alarming, researchers said, is that the hackers have gained access to keys that may allow them to regain entry even after a system is patched. "So pushing out a patch on Monday or Tuesday doesn't help anybody who's been compromised in the past 72 hours," said one researcher, who spoke on the condition of anonymity because a federal investigation is ongoing.

The breaches occurred after Microsoft fixed a security flaw this month. The attackers realized they could use a similar vulnerability, according to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. CISA spokeswoman Marci McCarthy said the agency was alerted to the issue Friday by a cyber research firm and immediately contacted Microsoft... The nonprofit Center for Internet Security, which staffs an information-sharing group for state and local governments, notified about 100 organizations that they were vulnerable and potentially compromised, said Randy Rose, the organization's vice president. Those warned included public schools and universities. Others that were breached included a government agency in Spain, a local agency in Albuquerque and a university in Brazil, security researchers said.
But there's many more breaches, according to the article:

• "Eye Security said it has tracked more than 50 breaches, including at an energy company in a large state and several European government agencies."

• "At least two U.S. federal agencies have seen their servers breached, according to researchers."

• "One state official in the eastern U.S. said the attackers had 'hijacked' a repository of documents provided to the public to help residents understand how their government works. The agency involved can no longer access the material..."

"It was not immediately clear who is behind the hacking of global reach or what its ultimate goal is. One private research company found the hackers targeting servers in China..."

According to market analyst firm Canalys, enterprise adoption of AI is slowing due to unpredictable and often high costs associated with model inferencing in the cloud. Despite strong growth in cloud infrastructure spending, businesses are increasingly scrutinizing cost-efficiency, with some opting for alternatives to public cloud providers as they grapple with volatile usage-based pricing models. The Register reports: [Canalys] published stats that show businesses spent $90.9 billion globally on infrastructure and platform-as-a-service with the likes of Microsoft, AWS and Google in calendar Q1, up 21 percent year-on-year, as the march of cloud adoption continues. Canalys says that growth came from enterprise users migrating more workloads to the cloud and exploring the use of generative AI, which relies heavily on cloud infrastructure.

Yet even as organizations move beyond development and trials to deployment of AI models, a lack of clarity over the ongoing recurring costs of inferencing services is becoming a concern. "Unlike training, which is a one-time investment, inference represents a recurring operational cost, making it a critical constraint on the path to AI commercialization," said Canalys senior director Rachel Brindley. "As AI transitions from research to large-scale deployment, enterprises are increasingly focused on the cost-efficiency of inference, comparing models, cloud platforms, and hardware architectures such as GPUs versus custom accelerators," she added.

Canalys researcher Yi Zhang said many AI services follow usage-based pricing models that charge on a per token or API call basis. This makes cost forecasting hard as the use of the services scale up. "When inference costs are volatile or excessively high, enterprises are forced to restrict usage, reduce model complexity, or limit deployment to high-value scenarios," Zhang said. "As a result, the broader potential of AI remains underutilized." [...] According to Canalys, cloud providers are aiming to improve inferencing efficiency via a modernized infrastructure built for AI, and reduce the cost of AI services. The report notes that AWS, Azure, and Google Cloud "continue to dominate the IaaS and PaaS market, accounting for 65 percent of customer spending worldwide."

"However, Microsoft and Google are slowly gaining ground on AWS, as its growth rate has slowed to 'only' 17 percent, down from 19 percent in the final quarter of 2024, while the two rivals have maintained growth rates of more than 30 percent."

alternative_right shares a report: New York state lawmakers voted to stop the NYPD's attempt to block its radio communications from the public Thursday, with the bill expected to head to Gov. Kathy Hochul's desk. The "Keep Police Radio Public Act" passed both the state Senate and state Assembly, with a sponsor of the legislation arguing the proposal strikes the "proper balance" in the battle between transparency and sensitive information.

"Preserving access to police radio is critical for a free press and to preserve the freedoms and protections afforded by the public availability of this information," state Sen. Michael Gianaris (D-Queens) said in a statement. "As encrypted radio usage grows, my proposal strikes the proper balance between legitimate law enforcement needs and the rights and interests of New Yorkers."

The bill, which was sponsored in the Assembly by lawmaker Karines Reyes (D-Bronx), is meant to make real-time police radio communications accessible to emergency services organizations and reporters. "Sensitive information" would still be kept private, according to the legislation. In late 2023, the NYPD began encrypting its radio communications to increase officer safety and "protect the privacy interests of victims and witnesses." However, it led to outcry from press advocates and local officials concerned about reduced transparency and limited access to real-time information.

A bill to address the issue has passed both chambers of New York's legislature, but Governor Hochul has not yet indicated whether she will sign it.

"It appears as though Meta (aka: Facebook's parent company) and Yandex have found a way to sidestep the Android Sandbox," writes Slashdot reader TheWho79. Researchers disclose the novel tracking method in a report: We found that native Android apps -- including Facebook, Instagram, and several Yandex apps including Maps and Browser -- silently listen on fixed local ports for tracking purposes.

These native Android apps receive browsers' metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of web sites. These JavaScripts load on users' mobile browsers and silently connect with native apps running on the same device through localhost sockets. As native apps access programmatically device identifiers like the Android Advertising ID (AAID) or handle user identities as in the case of Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users' visiting sites embedding their scripts.

This web-to-app ID sharing method bypasses typical privacy protections such as clearing cookies, Incognito Mode and Android's permission controls. Worse, it opens the door for potentially malicious apps eavesdropping on users' web activity.

While there are subtle differences in the way Meta and Yandex bridge web and mobile contexts and identifiers, both of them essentially misuse the unvetted access to localhost sockets. The Android OS allows any installed app with the INTERNET permission to open a listening socket on the loopback interface (127.0.0.1). Browsers running on the same device also access this interface without user consent or platform mediation. This allows JavaScript embedded on web pages to communicate with native Android apps and share identifiers and browsing habits, bridging ephemeral web identifiers to long-lived mobile app IDs using standard Web APIs. This technique circumvents privacy protections like Incognito Mode, cookie deletion, and Android's permission model, with Meta Pixel and Yandex Metrica scripts silently communicating with apps across over 6 million websites combined.

Following public disclosure, Meta ceased using this method on June 3, 2025. Browser vendors like Chrome, Brave, Firefox, and DuckDuckGo have implemented or are developing mitigations, but a full resolution may require OS-level changes and stricter enforcement of platform policies to prevent further abuse.

Microsoft is previewing a new Windows Update orchestration platform that lets third-party apps schedule and manage updates alongside system updates, "aiming to centralize update scheduling across Windows 11 devices," reports The Register. From the report: On Tuesday, Redmond announced it's allowing a select group of developers and product teams to hook into the Windows 11 update framework. The system doesn't push updates itself but allows apps to register their own update logic via WinRT APIs and PowerShell, enabling centralized scheduling, logging, and policy enforcement. "Updates across the Windows ecosystem can feel like a fragmented experience," wrote Angie Chen, a product manager at the Borg, in a blog post. "To solve this, we're building a vision for a unified, intelligent update orchestration platform capable of supporting any update (apps, drivers, etc.) to be orchestrated alongside Windows updates."

As with other Windows updates, the end user or admin will be able to benefit from intelligent scheduling, with updates deferred based on user activity, system performance, AC power status, and other environmental factors. For example, updates may install when the device is idle or plugged in, to minimize disruption. All update actions will be logged and surfaced through a unified diagnostic system, helping streamline troubleshooting. Microsoft says the platform will support MSIX/APPX apps, as well as Win32 apps that include custom installation logic, provided developers integrate with the offered Windows Runtime (WinRT) APIs and PowerShell commands. At the moment, the orchestration platform is available only as a private preview. Developers must contact unifiedorchestrator@service.microsoft.com to request access. Redmond is taking a cautious approach, given the risk of update conflicts, but may broaden availability depending on how the preview performs.

Meanwhile, Windows Backup for Organizations, first unveiled at Microsoft Ignite in November 2024, has entered limited public preview. Redmond touts the service as a way to back up Windows 10 and 11 devices and restore them with the same settings in place. It's saying it'll be a big help in migrating systems to the more recent operating systems after Windows 10 goes end of life in October. "With Windows Backup for Organizations, get your users up and running as quickly as possible with their familiar Windows settings already in place," Redmond wrote in a blog post on Tuesday. "It doesn't matter if they're experiencing a device reimage or reset."

Longtime Slashdot reader theodp writes: In what reads a bit like a Sopranos plot, The Information suggests some of those in the recent batch of terminated Microsoft engineers may have in effect been forced to dig their own AI graves.

The (paywalled) story begins: "Jeff Hulse, a Microsoft vice president who oversees roughly 400 software engineers, told the team in recent months to use the company's artificial intelligence chatbot, powered by OpenAI, to generate half the computer code they write, according to a person who heard the remarks. That would represent an increase from the 20% to 30% of code AI currently produces at the company, and shows how rapidly Microsoft is moving to incorporate such technology. Then on Tuesday, Microsoft laid off more than a dozen engineers on Hulse 's team as part of a broader layoff of 6,000 people across the company that appeared to hit engineers harder than other types of roles, this person said."

The report comes as tech company CEOs have taken to boasting in earnings calls, tech conferences, and public statements that their AI is responsible for an ever-increasing share of the code written at their organizations. Microsoft's recent job cuts hit coders the hardest. So how much credence should one place on CEOs' claims of AI programming productivity gains -- which researchers have struggled to measure for 50+ years -- if engineers are forced to increase their use of AI, boosting the numbers their far-removed-from-programming CEOs are presenting to Wall Street?

America's Justice Department "has shut down its unit that investigates cryptocurrency fraud," reports USA Today.

A Monday night memo from U.S. Deputy Attorney General Todd Blanche said the shut down was "effective immediately." Blanche directed the closure of the National Cryptocurrency Enforcement Team and ordered prosecutors to pivot to investigating transnational criminal organizations and terrorist groups that use crypto to engage in illicit transactions... In his four-page memo, Blanche said the new order was meant to bring the Justice Department in line with Trump's own Executive Order 14178, which decreed that clarity and certainty regarding enforcement policy "are essential to supporting a vibrant and inclusive digital economy and innovation in digital assets." Blanche, one of several Trump criminal defense lawyers at the top ranks of DOJ, said the president "has also made clear that '[w]e are going to end the regulatory weaponization against digital assets'..."

Consistent with that narrowing of its cryptocurrency enforcement policy, the DOJ Market Integrity and Major Frauds Unit will also cease cryptocurrency enforcement to focus on other administration priorities, including immigration and procurement fraud, Blanche said.
The Washington Post got this assessment from Yesha Yadav, a Vanderbilt University law professor who closely follows cryptocurrency and financial markets. "It's hard to underestimate the importance this task force has had ... in pursuing some really huge crypto hacks and cases."

More from USA Today: Public corruption and transnational crime experts warned that shutting down the unit could divert critical resources from efforts to stop criminals and corrupt regimes from using cryptocurrency for illicit gain, even as Trump claims he wants to crack down on them. "Dangerous US adversaries rely on cryptocurrencies to launder money and evade sanctions," said Nate Sibley, an anti-corruption expert and director of the Kleptocracy Initiative at the conservative Hudson Institute think tank in Washington, D.C., in a post on X. "If this is accurate, hard to see how it squares with — for example-cracking down on cartel finances or maximum pressure sanctions on Iran...."

Trump's so-called "memecoin" surged from less than $10 on the Saturday before his inauguration to as high as $74.59 before eventually giving up some of its gains. The token, branded $TRUMP, has been criticized by ethics experts as a conflict of interest for the president since the company could likely benefit from his pro-crypto policies...

Last month, Trump signed an order to create a federal Strategic Bitcoin Reserve, signaling new federal support for cryptocurrency in general and Bitcoin in particular.
Since the first-ever White House crypto summit in March, America's Securities and Exchange Commission "has dropped more than a dozen cases against crypto firms," notes the Washington Post: Last month, both the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency pledged to stop evaluating banks based on "reputational risk" — a practice that some venture capitalists have claimed unfairly "de-banked" founders of cryptocurrency start-ups.
In other news, executives from cryptocurrency exchange Binance "met with Treasury Department officials last month," reports the Wall Street Journal, asking them to remove a U.S. monitor overseeing their compliance with anti-money-laundering laws, according to people familiar with the talks.

The article adds that Binance is also concurrently "exploring" a deal with the Trump family to list its new dollar-pegged stablecoin which "could catapult it into a huge market and potentially bring in billions in profit for the family. "

China's Cyberspace Administration and Ministry of Public Security have outlawed the use of facial recognition without consent. From a report: The two orgs last Friday published new rules on facial recognition and an explainer that spell out how orgs that want to use facial recognition must first conduct a "personal information protection impact assessment" that considers whether using the tech is necessary, impacts on individuals' privacy, and risks of data leakage. Organizations that decide to use facial recognition must data encrypt biometric data, and audit the information security techniques and practices they use to protect facial scans. Chinese that go through that process and decide they want to use facial recognition can only do so after securing individuals' consent. The rules also ban the use of facial recognition equipment in public places such as hotel rooms, public bathrooms, public dressing rooms, and public toilets. The measures don't apply to researchers or to what machine translation of the rules describes as "algorithm training activities" -- suggesting images of citizens' faces are fair game when used to train AI models.

It's "live-recording the World Wide Web," according to NPR, with a digital library that includes "hundreds of billions of copies of government websites, news articles and data."

They described the 29-year-old nonprofit Internet Archive as "more relevant than ever." Every day, about 100 terabytes of material are uploaded to the Internet Archive, or about a billion URLs, with the assistance of automated crawlers. Most of that ends up in the Wayback Machine, while the rest is digitized analog media — books, television, radio, academic papers — scanned and stored on servers. As one of the few large-scale archivists to back up the web, the Internet Archive finds itself in a particularly unique position right now... Thousands of [U.S. government] datasets were wiped — mostly at agencies focused on science and the environment — in the days following Trump's return to the White House...

The Internet Archive is among the few efforts that exist to catch the stuff that falls through the digital cracks, while also making that information accessible to the public. Six weeks into the new administration, Wayback Machine director [Mark] Graham said, the Internet Archive had cataloged some 73,000 web pages that had existed on U.S. government websites that were expunged after Trump's inauguration...

According to Graham, based on the big jump in page views he's observed over the past two months, the Internet Archive is drawing many more visitors than usual to its services — journalists, researchers and other inquiring minds. Some want to consult the archive for information lost or changed in the purge, while others aim to contribute to the archival process.... "People are coming and rallying behind us," said Brewster Kahle, [the founder and current director of the Internet Archive], "by using it, by pointing at things, helping organize things, by submitting content to be archived — data sets that are under threat or have been taken down...."

A behemoth of link rot repair, the Internet Archive rescues a daily average of 10,000 dead links that appear on Wikipedia pages. In total, it's fixed more than 23 million rotten links on Wikipedia alone, according to the organization.
Though it receives some money for its preservation work for libraries, museums, and other organizations, it's also funded by donations. "From the beginning, it was important for the Internet Archive to be a nonprofit, because it was working for the people," explains founder Brewster Kahle on its donations page: Its motives had to be transparent; it had to last a long time. That's why we don't charge for access, sell user data, or run ads, even while we offer free resources to citizens everywhere. We rely on the generosity of individuals like you to pay for servers, staff, and preservation projects. If you can't imagine a future without the Internet Archive, please consider supporting our work. We promise to put your donation to good use as we continue to store over 99 petabytes of data, including 625 billion webpages, 38 million texts, and 14 million audio recordings.
Two interesting statistics from NPR's article:

• "A Pew Research Center study published last year found that roughly 38% of web pages on the internet that existed in 2013 were no longer accessible as of 2023."

• "According to a Harvard Law Review study published in 2014, about half of all links cited in U.S. Supreme Court opinions no longer led to the original source material."

Thanks to long-time Slashdot reader jtotheh for sharing the news.

More than 80 signatories representing about 100 European tech organizations have urged EU leaders to take "radical action" to reduce reliance on foreign digital infrastructure, according to a letter sent to European Commission President Ursula von der Leyen.

The coalition, including Airbus, Proton, and OVHCloud, warns Europe "will lose out on digital innovation" and become almost completely dependent on non-European technologies "in less than three years at current rates."

The group calls for public procurement requirements mandating European-made tech solutions, development of common standards, and creation of a "Sovereign Infrastructure Fund" for capital-intensive areas like chips and quantum computing. "Our reliance on non-European technologies will become almost complete in less than three years at current rates," the letter states, citing concerns over U.S. technological dominance following recent comments from Vice President JD Vance criticizing European regulations.

Spain's government has approved legislation imposing substantial fines of up to 35 million euros or 7% of global turnover on companies that fail to clearly label AI-generated content. Reuters reports: The bill adopts guidelines from the European Union's landmark AI Act imposing strict transparency obligations on AI systems deemed to be high-risk, Digital Transformation Minister Oscar Lopez told reporters. "AI is a very powerful tool that can be used to improve our lives ... or to spread misinformation and attack democracy," he said. Spain is among the first EU countries to implement the bloc's rules, considered more comprehensive than the United States' system that largely relies on voluntary compliance and a patchwork of state regulations. Lopez added that everyone was susceptible to "deepfake" attacks - a term for videos, photographs or audios that have been edited or generated through AI algorithms but are presented as real. [...]

The bill also bans other practices, such as the use of subliminal techniques - sounds and images that are imperceptible - to manipulate vulnerable groups. Lopez cited chatbots inciting people with addictions to gamble or toys encouraging children to perform dangerous challenges as examples. It would also prevent organizations from classifying people through their biometric data using AI, rating them based on their behavior or personal traits to grant them access to benefits or assess their risk of committing a crime. However, authorities would still be allowed to use real-time biometric surveillance in public spaces for national security reasons.

An anonymous reader quotes a report from TechCrunch: Security researchers are warning that data exposed to the internet, even for a moment, can linger in online generative AI chatbots like Microsoft Copilot long after the data is made private. Thousands of once-public GitHub repositories from some of the world's biggest companies are affected, including Microsoft's, according to new findings from Lasso, an Israeli cybersecurity company focused on emerging generative AI threats.

Lasso co-founder Ophir Dror told TechCrunch that the company found content from its own GitHub repository appearing in Copilot because it had been indexed and cached by Microsoft's Bing search engine. Dror said the repository, which had been mistakenly made public for a brief period, had since been set to private, and accessing it on GitHub returned a "page not found" error. "On Copilot, surprisingly enough, we found one of our own private repositories," said Dror. "If I was to browse the web, I wouldn't see this data. But anyone in the world could ask Copilot the right question and get this data."

After it realized that any data on GitHub, even briefly, could be potentially exposed by tools like Copilot, Lasso investigated further. Lasso extracted a list of repositories that were public at any point in 2024 and identified the repositories that had since been deleted or set to private. Using Bing's caching mechanism, the company found more than 20,000 since-private GitHub repositories still had data accessible through Copilot, affecting more than 16,000 organizations. Lasso told TechCrunch ahead of publishing its research that affected organizations include Amazon Web Services, Google, IBM, PayPal, Tencent, and Microsoft. [...] For some affected companies, Copilot could be prompted to return confidential GitHub archives that contain intellectual property, sensitive corporate data, access keys, and tokens, the company said.