Cloudflare today announced a "Pay Per Crawl" program that allows website owners to charge AI companies for accessing their content, a potential revenue stream for publishers whose work is increasingly being scraped to train AI models. The system uses HTTP response code 402 to enable content creators to set per-request prices across their sites. Publishers can choose to allow free access, require payment at a configured rate, or block crawlers entirely.

When an AI crawler requests paid content, it either presents payment intent via request headers for successful access or receives a "402 Payment Required" response with pricing information. Cloudflare acts as the merchant of record and handles the underlying technical infrastructure. The company aggregates billing events, charges crawlers, and distributes earnings to publishers.

Alongside Pay Per Crawl, Cloudflare has switched to blocking AI crawlers by default for its customers, becoming the first major internet infrastructure provider to require explicit permission for AI access. The company handles traffic for 20% of the web and more than one million customers have already activated its AI-blocking tools since their September 2024 launch, it wrote in a blog post.

TorrentFreak spotlights VP.net, a brand-new service from Private Internet Access founder Andrew Lee (the guy who gifted Linux Journal to Slashdot) that eliminates the classic "just trust your VPN" problem by locking identity-mapping and traffic-handling inside Intel SGX enclaves. The company promises 'cryptographically verifiable privacy' by using special hardware 'safes' (Intel SGX), so even the provider can't track what its users are up to.

The design goal is that no one, not even the VPN company, can link "User X" to "Website Y."

Lee frames it as enabling agency over one's privacy:

"Our zero trust solution does not require you to trust us - and that's how it should be. Your privacy should be up to your choice - not up to some random VPN provider in some random foreign country."
The team behind VP.net includes CEO Matt Kim as well as arguably the first Bitcoin veterans Roger Ver and Mark Karpeles.

Ask Slashdot: Now that there's a VPN where you don't have to "just trust the provider" - arguably the first real zero-trust VPN - are trust based VPNs obsolete?

The problem? "Companies want their products and brands to appear in chatbot results," reports 9to5Mac. And "Since Reddit forms a key part of the training material for Google's AI, then one effective way to make that happen is to spam Reddit." Huffman has confirmed to the Financial Times that this is happening, with companies using AI bots to create fake posts in the hope that the content will be regurgitated by chatbots:

"For 20 years, we've been fighting people who have wanted to be popular on Reddit," Huffman said... "If you want to show up in the search engines, you try to do well on Reddit, and now the LLMs, it's the same thing. If you want to be in the LLMs, you can do it through Reddit."

Multiple ad agency execs confirmed to the FT that they are indeed "posting content on Reddit to boost the likelihood of their ads appearing in the responses of generative AI chatbots." Huffman says that AI bots are increasingly being used to make spam posts, and Reddit is trying to block them: For Huffman, success comes down to making sure that posts are "written by humans and voted on by humans [...] It's an arms race, it's a never ending battle." The company is exploring a number of new ways to do this, including the World ID eyeball-scanning device being touted by OpenAI's Sam Altman.
It's Reddit's 20th anniversary, notes CNBC. And while "MySpace, Digg and Flickr have faded into oblivion," Reddit "has refused to die, chugging along and gaining an audience of over 108 million daily users..."

But now Reddit "faces a gargantuan challenge gaining new users, particularly if Google's search floodgates dry up." [I]n the age of AI, many users simply "go the easiest possible way," said Ann Smarty, a marketing and reputation management consultant who helps brands monitor consumer perception on Reddit. And there may be no simpler way of finding answers on the internet than simply asking ChatGPT a question, Smarty said. "People do not want to click," she said. "They just want those quick answers."
But in response, CNBC's headline argues that Reddit "is fighting AI with AI." It launched its own Reddit Answers AI service in December, using technology from OpenAI and Google. Unlike general-purpose chatbots that summarize others' web pages, the Reddit Answers chatbot generates responses based purely on the social media service, and it redirects people to the source conversations so they can see the specific user comments. A Reddit spokesperson said that over 1 million people are using Reddit Answers each week.

An anonymous reader quotes a report from TechCrunch: Google's AI search features are killing traffic to publishers, so now the company is proposing a possible solution. On Thursday, the tech giant officially launched Offerwall, a new tool that allows publishers to generate revenue beyond the more traffic-dependent options, like ads.

Offerwall lets publishers give their sites' readers a variety of ways to access their content, including through options like micropayments, taking surveys, watching ads, and more. In addition, Google says that publishers can add their own options to the Offerwall, like signing up for newsletters. The new feature is available for free in Google Ad Manager after earlier tests with 1,000 publishers that spanned over a year. While no broad case studies were shared, India's Sakal Media Group implemented Google Ad Manager's Offerwall feature and saw a 20% revenue boost and up to 2 million more impressions in three months. Overall, publishers testing Offerwall experienced an average 9% revenue lift, with some seeing between 5% and 15%.

OpenAI has designed features that would allow people to collaborate on documents and communicate via chat within ChatGPT, The Information reported Tuesday. The features would pit OpenAI directly against Microsoft, its biggest shareholder and business partner, and Google, whose search engine has already lost traffic to people using ChatGPT for web searches.

Whether OpenAI will actually release the collaboration features remains unclear, the report cautioned. The designs would target the core of Microsoft's dominant productivity suite and could strain the companies' already complicated relationship as OpenAI seeks Microsoft's approval for restructuring its for-profit unit. Product chief Kevin Weil first discussed and showed off designs for document collaboration nearly a year ago, but OpenAI lacked sufficient staff to develop the product due to other priorities.

OpenAI launched Canvas in October, a ChatGPT feature that makes drafting documents and code easier with AI assistance, as a possible first step toward full collaboration tools. More recently, OpenAI developed but has not launched software allowing multiple ChatGPT customers to communicate about shared work within the application.

BlueSky has grown from roughly 10 million users in early November to 36.79 million today — and its last 30 days of traffic looks very level.

But instead of calling BlueSky's traffic "level", right-leaning libertarian Megan McArdle argues instead that BlueSky's "decline shows no sign of leveling out" (comparing the stable figures from the last month to a one-time spike seven months ago so they can write "It's now down about 50 percent"). And Wednesday the conservative UK magazine Spectator also ignored the 30-day-leveling to write instead that BlueSky is somehow "sliding down a slope".

But TechCrunch thinks the "up or down" conversation is entirely missing the point of "the wider network of apps built on the open protocol that Bluesky's team spearheaded" — and how BlueSky "is only meant to be one example of what's possible within the wider AT Proto ecosystem." If you don't like the tone of the topics trending on Bluesky, you can switch to other apps, change your default feeds, or even build your own social platform using the technology. Already, people are using the protocol that powers Bluesky to build social experiences for specific groups — like Blacksky is doing for the Black online community or like Gander Social is doing for social media users in Canada. There are also feed builders like Graze and those in Surf that let you create custom feeds where you can focus on specific content you care about — like video games or baseball — and exclude others, like politics. Built into Bluesky (and other third-party clients) are tools that let you pick your default feed and add others that interest you from a range of topics. If you want to follow a feed devoted to your favorite TV show or animal, for instance, you can. In other words, Bluesky is meant to be what you make it, and its content can be consumed in whatever format you prefer best.

In addition to Bluesky itself, the wider network of apps built on the AT Protocol includes photo- and video-sharing apps, livestreaming tools, communication apps, blogging apps, music apps, movie and TV recommendation apps, and more. Other tools also let you combine feeds from Bluesky with other social networks. Openvibe, for instance, can mix together feeds from social networks like Threads, Bluesky, Mastodon, and Nostr. Apps like Surf and Tapestry offer ways to track posts on open social platforms as well as those published with other open protocols like RSS. This lets the apps pull in content from blogs, news sites, YouTube, and podcasts.
Even just considering BlueSky itself, three weeks ago Fast Company pointed out that BlueSky "grew from 11 million users to 25 million between late October and mid-December, but has added only about 10 million more since then." So how is a 10-million user increase "dying"? For a social network, being prematurely written off is a rite of passage. It's even a compliment of sorts — a sign that people are paying attention and care... When I chatted with Bluesky CEO Jay Graber this week, I wasn't surprised that she didn't seem fazed by the debate on her platform and saw the parallels with early-days Twitter. "Reports of our death are greatly exaggerated," she told me. "It's a similar thing, because with social sites, it's not straight up all the time. [Growth] comes in waves, and at each stage, there's a new era of communities being established and formed. We're still seeing a lot of community formation, and one of the most exciting things is how structurally different this is. It's not just another social site that has to be a singular winner-take-all in an ecosystem with existing incumbents...."

One other challenge that Bluesky has not yet fully confronted is monetizing itself. Onstage at Web Summit, Graber emphasized that it's working on subscription services, a healthier revenue source than stuffing feeds with ads, though potentially a tougher one to scale up to sustainability. The company announced a $15 million Series A funding round last October.
But again, the point isn't BlueSky's increasing user count or its stablizing levels of Daily Unique "Likers" — but its underlying open source protocol: [S]he was at her most passionate when discussing the company's aspiration to decentralize social networking via its open AT Protocol. It powers Bluesky — and variants such as the Pinksky photo-sharing app, which she praised onstage — but could also provide the infrastructure for further-flung social experiences. Maybe even ones catering to folks who have zero interest in participating in the Bluesky community. "The goal is to really get through that this is a Choose Your Own Adventure and Bluesky's just the beginning," she says. "The sky's the limit." Whether she'll fulfill her grandest ambitions, I'm not sure. But I already like this era of social networking better than the one when a handful of winners really did take all.

An anonymous reader quotes a report from Ars Technica: Large-scale attacks designed to bring down Internet services by sending them more traffic than they can process keep getting bigger, with the largest one yet, measured at 7.3 terabits per second, being reported Friday by Internet security and performance provider Cloudflare. The 7.3Tbps attack amounted to 37.4 terabytes of junk traffic that hit the target in just 45 seconds. That's an almost incomprehensible amount of data, equivalent to more than 9,300 full-length HD movies or 7,500 hours of HD streaming content in well under a minute.

Cloudflare said the attackers "carpet bombed" an average of nearly 22,000 destination ports of a single IP address belonging to the target, identified only as a Cloudflare customer. A total of 34,500 ports were targeted, indicating the thoroughness and well-engineered nature of the attack. [...] Cloudflare said the record DDoS exploited various reflection or amplification vectors, including the previously mentioned Network Time Protocol; the Quote of the Day Protocol, which listens on UDP port 17 and responds with a short quote or message; the Echo Protocol, which responds with the same data it receives; and Portmapper services used identify resources available to applications connecting through the Remote Procedure Call. Cloudflare said the attack was also delivered through one or more Mirai-based botnets. Such botnets are typically made up of home and small office routers, web cameras, and other Internet of Things devices that have been compromised.

Manhattan's congestion pricing program has reduced traffic by 10% and cut car-noise complaints by 70% in its first six months of operation, according to city data. The $9 daily toll for vehicles entering Manhattan below 60th Street began January 5, generating approximately $50 million monthly for subway and public transit improvements.

Buses now travel fast enough that drivers must stop and wait to maintain schedules, while subway ridership has increased sharply since the program launched. Broadway theater attendance has risen rather than declined as some critics predicted. Polling shows more New Yorkers now support the toll than oppose it, a reversal from widespread opposition before implementation.

The policy took nearly 50 years to enact despite originating from Columbia University economist William Vickrey's work in the 1960s. Congress blocked a similar proposal in the 1970s, and the current program faced a six-year implementation delay after Governor Andrew Cuomo signed it into law in 2019. Governor Kathy Hochul postponed the launch in 2024 before allowing it to proceed after Donald Trump's presidential election victory.

The DOJ has filed a civil complaint to seize $225.3 million in cryptocurrency linked to pig butchering scams -- long-con frauds where victims are tricked into fake crypto investments. The funds were laundered through a blockchain network, and the DOJ says recovered money will go toward reimbursing victims. The Verge reports: The 75-page complaint (PDF) filed in the US District Court for the District of Columbia lays out more detail about the seizure. According to it, the US Secret Service (USSS) and Federal Bureau of Investigation (FBI) tied scammers to seven groups of Tether stablecoin tokens. The fraud fell under what's typically known as "pig butchering": a form of long-running confidence scam aimed at tricking victims -- sometimes with a fake romantic relationship -- into what they believe is a profitable crypto investment opportunity, then disappearing with the funds. Pig butchering rings often traffic the workers who directly communicate with victims to Southeast Asian countries, something the DOJ alleges this ring did.

The DOJ says Tether and crypto exchange OKX first alerted law enforcement in 2023 to a series of accounts they believed were helping launder fraudulently obtained currency through a vast and complex web of transactions. The alleged victims include Shan Hanes (referred to in this complaint as S.H.), the former Heartland Tri-State Bank president who was sentenced to 24 years in prison for embezzling tens of millions of dollars to invest in one of the best-known and most devastating pig butchering scams. The complaint lists a number of other victims who lost thousands or millions of dollars they thought they were investing (and did not commit crimes of their own). An FBI report (PDF) cited by the press release concluded overall crypto investment fraud caused $5.8 billion worth of reported losses in 2024.

Publishers face an existential threat in the AI era and need to take action to make sure they are fairly compensated for their content, Cloudflare CEO Matthew Prince told Axios at an event in Cannes on Thursday. From a report: Search traffic referrals have plummeted as people increasingly rely on AI summaries to answer their queries, forcing many publishers to reevaluate their business models. Ten years ago, Google crawled two pages for every visitor it sent a publisher, per Prince.

He said that six months ago:
For Google that ratio was 6:1
For OpenAI, it was 250:1
For Anthropic, it was 6,000:1

Now:

For Google, it's 18:1
For OpenAI, it's 1,500:1
For Anthropic, it's 60,000:1

Between the lines: "People aren't following the footnotes," Prince said.

In response to escalating tensions with Israel, Iran has begun throttling internet access, with plans to disconnect from the global internet entirely to prevent Israeli cyberattacks. The Iranian government also urges citizens to delete WhatsApp -- one of the country's most popular messaging platforms -- claiming without evidence that the Meta-owned app has been weaponed by Israel to spy on its users. (WhatsApp vehemently denied those claims in a statement to the Associated Press.) Telegram is also said to be blocked as well. The Verge reports: The announcements come amidst the escalating war between Iran and Israel, which broke out after Israel attacked the country on June 12th, and a rise in reported internet outages. Civilians have claimed that they've been unable to access basic but critical telecommunications services, such as messaging apps, maps, and sometimes the internet itself. Cloudflare reported that two major Iranian cellular carriers effectively went offline on Tuesday, and The New York Times reports that even VPNs, which Iranians frequently use to access banned sites like Facebook and Instagram, have become increasingly harder to access. [...]

Israel's role in the cyber outages has not been officially confirmed, but independent analysts at NetBlocks noticed a significant reduction of internet traffic originating from Iran on Tuesday, starting at 5:30 PM local time. According to Tasnim, a news network affiliated with the Iranian Revolutionary Guards, Iranians will still have access to the country's state-operated national internet service, though two Iranian officials told the Times that the internal bandwidth could be reduced by up to 80 percent.

An anonymous reader quotes a report from the BBC: The Spanish government has said that the national grid operator and private power generation companies were to blame for an energy blackout that caused widespread chaos in Spain and Portugal earlier this year. Shortly after midday on April 28, both countries were disconnected from the European electricity grid for several hours. Businesses, schools, universities, government buildings and transport hubs were all left without power and traffic light outages caused gridlocks. While schoolchildren, students and workers were sent home for the day, many other people were stuck in lifts or stranded on trains in isolated rural areas.

In the immediate aftermath, the left-wing coalition government did not provide an explanation, instead calling for patience as it investigated. Nearly two months after the unprecedented outage, the minister for ecological transition, Sara Aagesen, has presented a report on its causes. She said the partly state-owned grid operator, Red Electrica, had miscalculated the power capacity needs for that day, explaining that the "system did not have enough dynamic voltage capacity." The regulator should have switched on another thermal plant, she said, but "they made their calculations and decided that it was not necessary."

Aagesen also blamed private generators for failing to regulate the grid's voltage shortly before the blackout happened. "Generation firms which were supposed to control voltage and which, in addition, were paid to do just that did not absorb all the voltage they were supposed to when tension was high," she said, without naming any of the companies responsible. The day after the outage, Prime Minister Pedro Sanchez suggested that private electricity companies might have played a role, saying that his government would demand "all the relevant accountability" from them. However, the new report on the blackout also raises questions about the role of Beatriz Corredor, president of Red Electrica and a former Socialist minister, who had previously insisted that the grid regulator had not been at fault. Aagesen said there was no evidence of a cyberattack behind the blackout. The government also maintained that Spain's renewable energy output was not to blame.

"People are replacing Google search with artificial intelligence tools like ChatGPT," reports the Washington Post.

But that's just the first change, according to a New York-based start-up devoted to watching for content-scraping AI companies with a free analytics product and "ensuring that these intelligent agents pay for the content they consume." Their data from 266 web sites (half run by national or local news organizations) found that "traffic from retrieval bots grew 49% in the first quarter of 2025 from the fourth quarter of 2024," the Post reports. A spokesperson for OpenAI said that referral traffic to publishers from ChatGPT searches may be lower in quantity but that it reflects a stronger user intent compared with casual web browsing.

To capitalize on this shift, websites will need to reorient themselves to AI visitors rather than human ones [said TollBit CEO/co-founder Toshit Panigrahi]. But he also acknowledged that squeezing payment for content when AI companies argue that scraping online data is fair use will be an uphill climb, especially as leading players make their newest AI visitors even harder to identify....

In the past eight months, as chatbots have evolved to incorporate features like web search and "reasoning" to answer more complex queries, traffic for retrieval bots has skyrocketed. It grew 2.5 times as fast as traffic for bots that scrape data for training between the fourth quarter of 2024 and the first quarter of 2025, according to TollBit's report. Panigrahi said TollBit's data may underestimate the magnitude of this change because it doesn't reflect bots that AI companies send out on behalf of AI "agents" that can complete tasks on a user's behalf, like ordering takeout from DoorDash. The start-up's findings also add a dimension to mounting evidence that the modern internet — optimized for Google search results and social media algorithms — will have to be restructured as the popularity of AI answers grows. "To think of it as, 'Well, I'm optimizing my search for humans' is missing out on a big opportunity," he said.

Installing TollBit's analytics platform is free for news publishers, and the company has more than 2,000 clients, many of which are struggling with these seismic changes, according to data in the report. Although news publishers and other websites can implement blockers to prevent various AI bots from scraping their content, TollBit found that more than 26 million AI scrapes bypassed those blockers in March alone. Some AI companies claim bots for AI agents don't need to follow bot instructions because they are acting on behalf of a user.
The Post also got this comment from the chief operating officer for the media company Time, which successfully negotiated content licensing deals with OpenAI and Perplexity.

"The vast majority of the AI bots out there absolutely are not sourcing the content through any kind of paid mechanism... There is a very, very long way to go."

Flying to London, a Boeing 787 aircraft operated by Air India "crashed shortly after taking off..." reports Bloomberg, "in what stands to be the worst accident involving the U.S. planemaker's most advanced widebody airliner." Flight AI171 was carrying 242 passengers and crew. Video footage shared on social media showed a giant plume of smoke engulfing the crash site, with no reports of survivors. [UPDATE: Reuters reports one passenger jumped out of the emergency exit and survived, with a senior police officer saying "chances are that there might be more survivors among the injured who are being treated in the hospital."]

The aircraft entered a slow descent shortly after taking off, with its landing gear still extended before exploding into a huge fireball upon impact. The crash took place in a residential area, which could mean a higher death toll... The pilots in command issued a mayday call immediately after take-off to air traffic controllers, according to India's civil aviation regulator.

A coordinated spam operation has infiltrated abandoned subdomains belonging to major institutions including Nvidia, Stanford University, NPR, and the U.S. government's vaccines.gov site, flooding them with AI-generated content that subsequently appears in search results and Google's AI Overview feature.

The scheme, reports 404 Media, posted over 62,000 articles on Nvidia's events.nsv.nvidia.com subdomain before the company took it offline within two hours of being contacted by reporters. The spam articles, which included explicit gaming content and local business recommendations, used identical layouts and a fake byline called "Ashley" across all compromised sites. Each targeted domain operates under different names -- "AceNet Hub" on Stanford's site, "Form Generation Hub" on NPR, and "Seymore Insights" on vaccines.gov -- but all redirect traffic to a marketing spam page. The operation exploits search engines' trust in institutional domains, with Google's AI Overview already serving the fabricated content as factual information to users searching for local businesses.

An anonymous reader quotes a report from TorrentFreak: Fresh data released by piracy tracking outfit MUSO shows that pirate sites remain popular. In a report released today, MUSO reveals that there were 216 billion pirate site visits globally in 2024, a slight decrease compared to the 229 billion visits recorded a year earlier. TV piracy remains by far the most popular category, representing over 44.6% of all website visits. This is followed by the publishing category with 30.7%, with film, software and music all at a respectable distance. Pirate site visitors originate from all over the world, but one country stands tall above all the rest: America. The United States remains the top driver of pirate site traffic accounting for more than 12% of all traffic globally, good for 26.7 billion visits in 2024. India has been steadily climbing the ranks for years and currently sits in second place with 17.6 billion annual visits, with Russia, Indonesia, and Vietnam completing the top five. As a country with one of the largest populations worldwide, it's not a complete surprise that the U.S. tops the list. If we counted visits per internet user, Canada and Ukraine would top the list.

While pirate site visits dipped by more than 5% in 2024, one category saw substantial growth. Visits to publishing-related pirate sites increased 4.3% from 63.6 to 66.4 billion. The increase is largely driven by the popularity of manga, which accounts for more than 70% of all publishing piracy. Traditional book piracy, meanwhile, is stuck at 5%. The publishing piracy boom is relatively new. Over the past five years, the category grew by more than 100% while the overall number of global pirate site visits remained relatively flat. Looking at the global demand, we see that the U.S. also leads the charge here, followed by Indonesia and Russia. Notably, Japan, the home of manga, ranks fifth in the publishing category. This stands out because Japan is not listed in the global top 15 in terms of total pirate site visits.

In the other content categories, MUSO's data shows a dip in pirate site visits. The changes are relatively modest for TV (-6.8%) and software (-2.1%) but the same isn't true for the music and film categories. In 2024, there were 18% fewer visits for pirated movies compared to a year earlier. MUSO notes that this is due to a "lighter blockbuster calendar" which reduced piracy peaks. "The drop in demand is as much about what wasn't released as it is about access," the report explains. The music category saw a 19% decline in piracy visits year over year, with a more uplifting explanation for rightsholders. According to MUSO, the drop can be partly attributed to "secure app ecosystems" and the "wide adoption of licensed platforms like Spotify and Apple Music."

"It is true, Google AI is stomping on the entire internet," writes Slashdot reader TheWho79, sharing a report from the Wall Street Journal. "From HuffPost to the Atlantic, publishers prepare to pivot or shut the doors. ... Even highly regarded old school bullet-proof publications like Washington Post are getting hit hard." From the report: Traffic from organic search to HuffPost's desktop and mobile websites fell by just over half in the past three years, and by nearly that much at the Washington Post, according to digital market data firm Similarweb. Business Insider cut about 21% of its staff last month, a move CEO Barbara Peng said was aimed at helping the publication "endure extreme traffic drops outside of our control." Organic search traffic to its websites declined by 55% between April 2022 and April 2025, according to data from Similarweb.

At a companywide meeting earlier this year, Nicholas Thompson, chief executive of the Atlantic, said the publication should assume traffic from Google would drop toward zero and the company needed to evolve its business model. [...] "Google is shifting from being a search engine to an answer engine," Thompson said in an interview with The Wall Street Journal. "We have to develop new strategies."

The rapid development of click-free answers in search "is a serious threat to journalism that should not be underestimated," said William Lewis, the Washington Post's publisher and chief executive. Lewis is former CEO of the Journal's publisher, Dow Jones. The Washington Post is "moving with urgency" to connect with previously overlooked audiences and pursue new revenue sources and prepare for a "post-search era," he said.

At the New York Times, the share of traffic coming from organic search to the paper's desktop and mobile websites slid to 36.5% in April 2025 from almost 44% three years earlier, according to Similarweb. The Wall Street Journal's traffic from organic search was up in April compared with three years prior, Similarweb data show, though as a share of overall traffic it declined to 24% from 29%. Further reading: Google's AI Mode Is 'the Definition of Theft,' Publishers Say

An anonymous reader quotes a report from Tom's Hardware: The head of the Federal Aviation Administration just outlined an ambitious goal to upgrade the U.S.'s air traffic control (ATC) system and bring it into the 21st century. According to NPR, most ATC towers and other facilities today feel like they're stuck in the 20th century, with controllers using paper strips and floppy disks to transfer data, while their computers run Windows 95. While this likely saved them from the disastrous CrowdStrike outage that had a massive global impact, their age is a major risk to the nation's critical infrastructure, with the FAA itself saying that the current state of its hardware is unsustainable.

"The whole idea is to replace the system. No more floppy disks or paper strips," acting FAA administrator Chris Rocheleau told the House Appropriations Committee last Wednesday. Transportation Secretary Sean Duffy also said earlier this week," This is the most important infrastructure project that we've had in this country for decades. Everyone agrees -- this is non-partisan. Everyone knows we have to do it." The aviation industry put up a coalition pushing for ATC modernization called Modern Skies, and it even ran an ad telling us that ATC is still using floppy disks and several older technologies to keep our skies safe. [...]

Currently, the White House hasn't said what this update will cost. The FAA has already put out a Request For Information to gather data from companies willing to take on the challenge of upgrading the entire system. It also announced several 'Industry Days' so companies can pitch their tech and ideas to the Transportation Department. Duffy said that the Transportation Department aims to complete the project within four years. However, industry experts say this timeline is unrealistic. No matter how long it takes, it's high time that the FAA upgrades the U.S.'s ATC system today after decades of neglect.

Cybercriminals have been increasingly turning to "residential proxy" services over the past two to three years to disguise malicious web traffic as everyday online activity, according to research presented at the Sleuthcon cybercrime conference. The shift represents a response to law enforcement's growing success in targeting traditional "bulletproof" hosting services, which previously allowed criminals to maintain anonymous web infrastructure.

Residential proxies route traffic through decentralized networks running on consumer devices like old Android phones and low-end laptops, providing real IP addresses assigned to homes and offices. This approach makes malicious activity extremely difficult to detect because it appears to originate from trusted consumer locations rather than suspicious server farms. The technology creates particular challenges when attackers appear to come from the same residential IP ranges as employees of target organizations.

An anonymous reader quotes a report from BleepingComputer: The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. The BADBOX botnet is commonly found on Chinese Android-based smart TVs, streaming boxes, projectors, tablets, and other Internet of Things (IoT) devices. "The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity," warns the FBI.

These devices come preloaded with the BADBOX 2.0 malware botnet or become infected after installing firmware updates and through malicious Android applications that sneak onto Google Play and third-party app stores. "Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process," explains the FBI. "Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services4 known to be used for malicious activity."

Once infected, the devices connect to the attacker's command and control (C2) servers, where they receive commands to execute on the compromised devices, such as [routing malicious traffic through residential IPs to obscure cybercriminal activity, performing background ad fraud to generate revenue, and launching credential-stuffing attacks using stolen login data]. Over the years, the malware botnet continued expanding until 2024, when Germany's cybersecurity agency disrupted the botnet in the country by sinkholing the communication between infected devices and the attacker's infrastructure, effectively rendering the malware useless. However, that did not stop the threat actors, with researchers saying they found the malware installed on 192,000 devices a week later. Even more concerning, the malware was found on more mainstream brands, like Yandex TVs and Hisense smartphones. Unfortunately, despite the previous disruption, the botnet continued to grow, with HUMAN's Satori Threat Intelligence stating that over 1 million consumer devices had become infected by March 2025. This new larger botnet is now being called BADBOX 2.0 to indicate a new tracking of the malware campaign. "This scheme impacted more than 1 million consumer devices. Devices connected to the BADBOX 2.0 operation included lower-price-point, 'off brand,' uncertified tablets, connected TV (CTV) boxes, digital projectors, and more," explains HUMAN.

"The infected devices are Android Open Source Project devices, not Android TV OS devices or Play Protect certified Android devices. All of these devices are manufactured in mainland China and shipped globally; indeed, HUMAN observed BADBOX 2.0-associated traffic from 222 countries and territories worldwide."