Amazon CEO Andy Jassy says the company may eventually sell its Trainium AI chips directly to outside customers, not just through AWS, which would put Amazon in more direct competition with Nvidia. "There's so much demand for our chips that it's quite possible we'll sell racks of them to third parties in the future," Jassy wrote in his annual shareholder letter Thursday. He also revealed the company's chip business is already running at more than $20 billion annually, with demand so strong that current and even future generations are largely spoken for. Quartz reports: Access to Amazon's chips is currently limited to Amazon Web Services, with customers paying for cloud-based usage rather than owning any physical hardware. Selling to AWS and external customers alike, as standalone chipmakers do, would put annual revenue at around $50 billion, up from the $20 billion the company estimates for the year, Jassy said. The $20 billion figure spans three product lines: Trainium, the AI accelerator chip; Graviton, a general-purpose processor; and Nitro, a chip that helps run Amazon's EC2 server instances. All three are growing at triple-digit rates year over year, Jassy claimed in his letter.

Jassy said demand for Trainium has outpaced supply at each generation. Trainium2 is essentially unavailable, with its entire allocated capacity spoken for. Trainium3 started reaching customers in early 2026, and reservations have filled nearly all available supply. Even Trainium4 -- which is not expected to reach wide release for another year and a half -- has substantial pre-orders committed. Jassy argued that a full-scale Trainium rollout could shave tens of billions off annual capital costs while meaningfully widening profit margin.

A New York Times analysis found Google's AI Overviews now answer questions correctly about 90% of the time, which might sound impressive until you realize that roughly 1 in 10 answers is wrong. "[F]or Google, that means hundreds of thousands of lies going out every minute of the day," reports Ars Technica. From the report: The Times conducted this analysis with the help of a startup called Oumi, which itself is deeply involved in developing AI models. The company used AI tools to probe AI Overviews with the SimpleQA evaluation, a common test to rank the factuality of generative models like Gemini. Released by OpenAI in 2024, SimpleQA is essentially a list of more than 4,000 questions with verifiable answers that can be fed into an AI.

Oumi began running its test last year when Gemini 2.5 was still the company's best model. At the time, the benchmark showed an 85 percent accuracy rate. When the test was rerun following the Gemini 3 update, AI Overviews answered 91 percent of the questions correctly. If you extrapolate this miss rate out to all Google searches, AI Overviews is generating tens of millions of incorrect answers per day.

The report includes several examples of where AI Overviews went wrong. When asked for the date on which Bob Marley's former home became a museum, AI Overviews cited three pages, two of which didn't discuss the date at all. The final one, Wikipedia, listed two contradictory years, and AI Overviews confidently chose the wrong one. The benchmark also prompts models to produce the date on which Yo Yo Ma was inducted into the classical music hall of fame. While AI Overviews cited the organization's website that listed Ma's induction, it claimed there's no such thing as the Classical Music Hall of Fame. "This study has serious holes," said Google spokesperson Ned Adriance. "It doesn't reflect what people are actually searching on Google." The search giant likes to use a test called SimpleQA Verified, which uses a smaller set of questions that have been more thoroughly vetted.

An anonymous reader quotes a report from Ars Technica: Musi, a free music streaming app that had tens of millions of iPhone downloads and garnered plenty of controversy over its method of acquiring music, has lost an attempt to get back on Apple's App Store. A federal judge dismissed Musi's lawsuit against Apple with prejudice and sanctioned Musi's lawyers for "mak[ing] up facts to fill the perceived gaps in Musi's case."

Musi built a streaming service without striking its own deals with copyright holders. It did so by playing music from YouTube, writing in its 2024 lawsuit against Apple that "the Musi app plays or displays content based on the user's own interactions with YouTube and enhances the user experience via Musi's proprietary technology." Musi's app displayed its own ads but let users remove them for a one-time fee of $5.99. Musi claimed it complied with YouTube's terms, but Apple removed it from the App Store in September 2024. Musi does not offer an Android app. Musi alleged that Apple delisted its app based on "unsubstantiated" intellectual property claims from YouTube and that Apple violated its own Developer Program License Agreement (DPLA) by delisting the app.

Musi was handed a resounding defeat yesterday in two rulings from US District Judge Eumi Lee in the Northern District of California. Lee found that Apple can remove apps "with or without cause," as stipulated in the developer agreement. Lee wrote (PDF): "The plain language of the DPLA governs because it is clear and explicit: Apple may 'cease marketing, offering, and allowing download by end-users of the [Musi app] at any time, with or without cause, by providing notice of termination.' Based on this language, Apple had the right to cease offering the Musi app without cause if Apple provided notice to Musi. The complaint alleges, and Musi does not dispute, that Apple gave Musi the required notice. Therefore, Apple's decision to remove the Musi app from the App Store did not breach the DPLA."

Security researchers say a highly sophisticated iPhone exploitation toolkit dubbed "Coruna," which possibly originated from a U.S. government contractor, has spread from suspected Russian espionage operations to crypto-stealing criminal campaigns. Apple has patched the exploited vulnerabilities in newer iOS versions, but tens of thousands of devices may have already been compromised. An anonymous reader quotes an excerpt from Wired's report: Security researchers at Google on Tuesday released a report describing what they're calling "Coruna," a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it visits a website containing the exploitation code. In total, Coruna takes advantage of 23 distinct vulnerabilities in iOS, a rare collection of hacking components that suggests it was created by a well-resourced, likely state-sponsored group of hackers.

In fact, Google traces components of Coruna to hacking techniques it spotted in use in February of last year and attributed to what it describes only as a "customer of a surveillance company." Then, five months later, Google says a more complete version of Coruna reappeared in what appears to have been an espionage campaign carried out by a suspected Russian spy group, which hid the hacking code in a common visitor-counting component of Ukrainian websites. Finally, Google spotted Coruna in use yet again in what seems to have been a purely profit-focused hacking campaign, infecting Chinese-language crypto and gambling sites to deliver malware that steals victims cryptocurrency.

Conspicuously absent from Google's report is any mention of who the original surveillance company "customer" that deployed Coruna may have been. But the mobile security company iVerify, which also analyzed a version of Coruna it obtained from one of the infected Chinese sites, suggests the code may well have started life as a hacking kit built for or purchased by the US government. Google and iVerify both note that Coruna contains multiple components previously used in a hacking operation known as "Triangulation" that was discovered targeting Russian cybersecurity firm Kaspersky in 2023, which the Russian government claimed was the work of the NSA. (The US government didn't respond to Russia's claim.)

Coruna's code also appears to have been originally written by English-speaking coders, notes iVerify's cofounder Rocky Cole. "It's highly sophisticated, took millions of dollars to develop, and it bears the hallmarks of other modules that have been publicly attributed to the US government," Cole tells WIRED. "This is the first example we've seen of very likely US government tools -- based on what the code is telling us -- spinning out of control and being used by both our adversaries and cybercriminal groups." Regardless of Coruna's origin, Google warns that a highly valuable and rare hacking toolkit appears to have traveled through a series of unlikely hands, and now exists in the wild where it could still be adopted -- or adapted -- by any hacker group seeking to target iPhone users. "How this proliferation occurred is unclear, but suggests an active market for 'second hand' zero-day exploits," Google's report reads. "Beyond these identified exploits, multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities."

Amazon will pay $2.5 billion to settle Federal Trade Commission allegations that it duped users into paying for Prime memberships, the regulatory agency announced Thursday. CNBC: The surprise settlement comes as Amazon and the FTC were just three days into the trial in a Seattle federal court. Opening arguments took place on Tuesday. The lawsuit, filed by the FTC in June 2023 under the Biden administration, claimed that Amazon deceived tens of millions of customers into signing up for its Prime subscription program and sabotaged their attempts to cancel it.

Three senior Amazon executives were at risk of being held individually liable if the jury sided with the FTC. Amazon will pay a $1 billion civil penalty to the FTC and will refund $1.5 billion to an estimated 35 million customers who were impacted by "unwanted Prime enrollment or deferred cancellation," the agency said.

Financial Times: The UK's highest court has partially overturned a landmark motor finance judgment that threatened to leave banks on the hook for tens of billions of pounds in compensation for allegedly deceiving consumers with hidden commissions on car loans.

The Supreme Court's decision has been keenly awaited by investors as well as millions of consumers who were poised to claim redress from the banks. The government has been considering legislation to limit the fallout. The controversy over car finance shot to prominence after a bombshell Court of Appeal judgment in October that awarded compensation to three people who claimed they were misled by banks concealing the payment of commissions to dealerships. The $58.3 billion car finance scandal centers on hidden commissions paid by lenders to car dealers who arranged loans without disclosing the payment amounts and terms to borrowers. Under discretionary commission arrangements, dealers received larger payments when they persuaded car buyers to accept higher interest rates on loans. The practice affected roughly 90% of new car purchases and many secondhand vehicles, potentially exposing millions of motorists to mis-selling.

New submitter Pravetz-82 shares a report from Politico: A cyberattack on Russian state-owned flagship carrier Aeroflot caused a mass outage to the company's computer systems on Monday, Russia's prosecutor's office said, forcing the airline to cancel more than 100 flights and delay others. Ukrainian hacker group Silent Crow and Belarusian hacker activist group the Belarus Cyber-Partisans, which opposes the rule of Belarusian President Alexander Lukashenko, claimed responsibility for the cyberattack. Images shared on social media showed hundreds of delayed passengers crowding Moscow's Sheremetyevo airport, where Aeroflot is based. The outage also disrupted flights operated by Aeroflot's subsidiaries, Rossiya and Pobeda. While most of the flights affected were domestic, the disruption also led to cancellations for some international flights to Belarus, Armenia and Uzbekistan.

Silent Crow claimed it had accessed Aeroflot's corporate network for a year, copying customer and internal data, including audio recordings of phone calls, data from the company's own surveillance on employees and other intercepted communications. "All of these resources are now inaccessible or destroyed and restoring them will possibly require tens of millions of dollars. The damage is strategic," the channel purporting to be the Silent Crow group wrote on Telegram. There was no way to independently verify its claims. The same channel also shared screenshots that appeared to show Aeroflot's internal IT systems, and insinuated that Silent Crow could begin sharing the data it had seized in the coming days. "The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip -- albeit without luggage and to the same destination," it said. The Belarus Cyber-Partisans told The Associated Press that they had hoped to "deliver a crushing blow." Russia's Prosecutor's Office said it had opened a criminal investigation. Meanwhile, Kremlin spokesperson Dmitry Peskov called reports of the cyberattack "quite alarming," adding that "the hacker threat is a threat that remains for all large companies providing services to the general public."

An anonymous reader quotes a report from Ars Technica: An accused movie pirate who stole more than 1,000 Blu-ray discs and DVDs while working for a DVD manufacturing company struck a plea deal (PDF) this week to lower his sentence after the FBI claimed the man's piracy cost movie studios millions. Steven Hale no longer works for the DVD company. He was arrested in March, accused of "bypassing encryption that prevents unauthorized copying" and ripping pre-release copies of movies he could only access because his former employer was used by major movie studios. As alleged by the feds, his game was beating studios to releases to achieve the greatest possible financial gains from online leaks.

Among the popular movies that Hale is believed to have leaked between 2021 and 2022 was Spider-Man: No Way Home, which the FBI alleged was copied "tens of millions of times" at an estimated loss of "tens of millions of dollars" for just one studio on one movie. Other movies Hale ripped included animated hits like Encanto and Sing 2, as well as anticipated sequels like The Matrix: Resurrections and Venom: Let There Be Carnage. The cops first caught wind of Hale's scheme in March 2022. They seized about 1,160 Blu-rays and DVDs in what TorrentFreak noted were the days just "after the Spider-Man movie leaked online." It's unclear why it took close to three years before Hale's arrest, but TorrentFreak suggested that Hale's case is perhaps part of a bigger investigation into the Spider-Man leaks. A plea deal for Hale significantly reduced the estimated damages from his piracy case to under $40,000 and led to the dismissal of two charges, though he still faces up to five years in prison and a $250,000 fine for one remaining copyright infringement charge. His final sentence and restitution amount will be decided at a court hearing in Tennessee at the end of August.

Slashdot reader Mirnotoriety shared this report from the Register: A proof-of-concept program has been released to demonstrate a so-called monitoring "blind spot" in how some Linux antivirus and other endpoint protection tools use the kernel's io_uring interface.

That interface allows applications to make IO requests without using traditional system calls [to enhance performance by enabling asynchronous I/O operations between user space and the Linux kernel through shared ring buffers]. That's a problem for security tools that rely on syscall monitoring to detect threats... [which] may miss changes that are instead going through the io_uring queues.

To demonstrate this, security shop ARMO built a proof-of-concept named Curing that lives entirely through io_uring. Because it avoids system calls, the program apparently went undetected by tools including Falco, Tetragon, and Microsoft Defender in their default configurations. ARMO claimed this is a "major blind spot" in the Linux security stack... "Not many companies are using it but you don't need to be using it for an attacker to use it as enabled by default in most Linux systems, potentially tens of thousands of servers," ARMO's CEO Shauli Rozen told The Register. "If you're not using io_uring then disable it, but that's not always easy with cloud vendors."

An anonymous reader quotes a report from Ars Technica: A 37-year-old Tennessee man was arrested Thursday, accused of stealing Blu-rays and DVDs from a manufacturing and distribution company used by major movie studios and sharing them online before the movies' scheduled release dates. According to a US Department of Justice press release, Steven Hale worked at the DVD company and allegedly stole "numerous 'pre-release' DVDs and Blu-rays" between February 2021 and March 2022. He then allegedly "ripped" the movies, "bypassing encryption that prevents unauthorized copying" and shared copies widely online. He also supposedly sold the actual stolen discs on e-commerce sites, the DOJ alleged.

Hale has been charged with "two counts of criminal copyright infringement and one count of interstate transportation of stolen goods," the DOJ said. He faces a maximum sentence of five years for the former, and 10 years for the latter. Among blockbuster movies that Hale is accused of stealing are Dune, F9: The Fast Saga, Venom: Let There Be Carnage, Godzilla v. Kong, and, perhaps most notably, Spider-Man: No Way Home. The DOJ claimed that "copies of Spider-Man: No Way Home were downloaded tens of millions of times, with an estimated loss to the copyright owner of tens of millions of dollars."

An anonymous reader quotes a report from Hackread: The United States Department of Justice (DoJ) has indicted two Sudanese nationals for their alleged role in operating the hacktivist group Anonymous Sudan. The group claimed fame for conducting "tens of thousands" of large-scale and crippling Distributed Denial of Service attacks (DDoS attacks) targeting critical infrastructure, corporate networks, and government agencies globally. Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, stand accused of conspiracy to damage protected computers. Ahmed Salah faces additional charges for damaging protected computers. The duo is believed to have controlled Anonymous Sudan, which, since early 2023, launched attacks on high-profile entities such as ChatGPT, UAE's Flydubai Airline, London Internet Exchange, Microsoft, and the Israeli BAZAN Group.

The group and its clients also utilized the Distributed Cloud Attack Tool (DCAT) to conduct over 35,000 DDoS attacks. These attacks targeted sensitive government and critical infrastructure in the U.S. and globally, including the Department of Justice, Department of Defense, FBI, State Department, and Cedars-Sinai Medical Center in Los Angeles. The attacks, which sometimes lasted days, reportedly caused major damage, often crippling websites and networks. For instance, the attack on Cedars-Sinai Medical Center forced the redirection of incoming patients for eight hours, causing over $10 million in damages to U.S. victims.

An anonymous reader quotes a report from Gizmodo: The Internet Archive and Wayback Machine went down on Tuesday following a sustained cyber attack. In addition, the Archive's user data has been compromised. If you've ever logged into the site to pore over its ample archives, it's time to change your passwords. [...] A pro-Palestenian hacktivist group called SN_BLACKMETA has taken responsibility for the hack on X and Telegram. "They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of 'Israel,'" the group said on X when someone asked them why they'd gone after the Archive.

The group elaborated on its reasoning in a now-deleted post on X. Jason Scott, an archivist at the Archive, screenshotted it and shared it. "Everyone calls this organization 'non-profit', but if its roots are truly in the United States, as we believe, then every 'free' service they offer bleeds millions of lives. Foreign nations are not carrying their values beyond their borders. Many petty children are crying in the comments and most of those comments are from a group of Zionist bots and fake accounts," the post said.

SN_BLACKMETA also claimed responsibility for a six-day DDoS attack on the Archive back in May. "Since the attacks began on Sunday, the DDoS intrusion has been launching tens of thousands of fake information requests per second. The source of the attack is unknown," Chris Freeland, Director of Library Services at the Archive said in a post about the attacks back in May. SN_BLACKMETA launched its Telegram channel on November 23 and has claimed responsibility for a number of other attacks including a six-day DDoS run at Arab financial institutions and various attacks on Israeli tech companies in the spring.

An anonymous reader quotes a report from 404 Media: A buzzy startup offering financial infrastructure to crypto companies has found itself bankrupt primarily because it can't gain access to a physical crypto wallet with $38.9 million in it. The company also did not write down recovery phrases, locking itself out of the wallet forever in something it has called "The Wallet Event" to a bankruptcy judge. Prime Trust pitches itself as a crypto fintech company designed to help other startups offer crypto retirement plans, know-your-customer interfaces, ensure liquidity, and a host of other services. It says it can help companies build crypto exchanges, payment platforms, and create stablecoins for its clients. The company has not had a good few months. In June, the state of Nevada filed to seize control of the company because it was near insolvency. It was then ordered to cease all operations by a federal judge because it allegedly used customers' money to cover withdrawal requests from other companies.

The company filed for bankruptcy, and, according to a filing by its interim CEO, which you really should read in full, the company offers an "all-in-one solution for customers that remains unmatched in the marketplace." A large problem, among more run-of-the-mill crypto economy problems such as "lack of operational and spending oversight" and "regulatory issues," is the fact that it lost access to a physical wallet it was keeping a tens of millions of dollars in, and cannot get back into it. [...] For several years, the company then took customer deposits into this address, to the tune of tens of millions of dollars. In December, 2021, "when a customer requested a significant withdrawal of ETH that the company could not fulfill [from other wallets,]" it went to withdraw it from this hardware wallet. "It was around this time that they discovered that the Company did not have the Wallet Access Devices and thus, could not access the cryptocurrency stored in the 98f Wallet."

The company then, for several months, had to "use $76,367,247.90 in the aggregate to purchase ETH to fund customer withdrawals." The money stuck in the wallet is currently worth $38.9 million as of August 22, it claimed. It is worth mentioning that the company did not tell regulators or customers about this issue for months after it discovered the problem. The company has still not solved this issue: "The Company remains unable to access the 98f Wallet," it wrote. "The investigation continues." Prime Trust swears in its filing that this was an "aberrant" event and "extremely unlikely to occur again."

An anonymous reader quotes a report from Ars Technica: An ex-Ubiquiti engineer, Nickolas Sharp, was sentenced to six years in prison yesterday after pleading guilty in a New York court to stealing tens of gigabytes of confidential data, demanding a $1.9 million ransom from his former employer, and then publishing the data publicly when his demands were refused. Sharp had asked for no prison time, telling United States District Judge Katherine Polk Failla that the cyberattack was actually an "unsanctioned security drill" that left Ubiquiti "a safer place for itself and for its clients," Bloomberg reported. In a court document (PDF), Sharp claimed that Ubiquiti CEO Robert Pera had prevented Sharp from "resolving outstanding security issues," and Sharp told the judge that this led to an "idiotic hyperfixation" on fixing those security flaws.

However, even if that was Sharp's true motivation, Failla did not accept his justification of his crimes, which include wire fraud, intentionally damaging protected computers, and lying to the FBI. "It was not up to Mr. Sharp to play God in this circumstance," Failla said. US attorney for the Southern District of New York, Damian Williams, argued (PDF) that Sharp was not a "cybersecurity vigilante" but an "inveterate liar and data thief" who was "presenting a contrived deception to the Court that this entire offense was somehow just a misguided security drill." Williams said that Sharp made "dozens, if not hundreds, of criminal decisions" and even implicated innocent co-workers to "divert suspicion." Sharp also had already admitted in pre-sentencing that the cyber attack was planned for "financial gain." Williams said Sharp did it seemingly out of "pure greed" and ego because Sharp "felt mistreated" -- overworked and underpaid -- by the IT company, Williams said.

Court documents show that Ubiquiti spent "well over $1.5 million dollars and hundreds of hours of employee and consultant time" trying to remediate what Williams described as Sharp's "breathtaking" theft. But the company lost much more than that when Sharp attempted to conceal his crimes -- posing as a whistleblower, planting false media reports, and contacting US and foreign regulators to investigate Ubiquiti's alleged downplaying of the data breach. Within a single day after Sharp planted false reports, stocks plummeted, causing Ubiquiti to lose over $4 billion in market capitalization value, court documents show. Williams had pushed the court to impose a sentence between eight to 10 years, arguing that anything less would be perceived by the public as a "slap on the wrist." Sharp's six-year term is slightly less than that, but in a press release, Williams described the sentence as imposing "serious penalties" for Sharp's "callous crimes." "He was disgruntled at his employer, planning to leave the company, and wanted to extort millions of dollars and cause damage on his way out," Williams said in his sentencing memo.

A U.S. intelligence agency gained access to China's telecommunications network after hacking a university, Chinese state media claimed Thursday. CNBC reports: The U.S. National Security Agency used phishing -- a hacking technique where a malicious link is included in an email -- to gain access to the government funded Northwestern Polytechnical University, the Global Times alleged, citing an unnamed source. American hackers stole "core technology data including key network equipment configuration, network management data, and core operational data," and other files, according to the Global Times. As part of the NSA's hack, the agency infiltrated Chinese telecommunications operators so that the U.S. could "control the country's infrastructure," the Global Times alleged. The Global Times, citing its unnamed source, reported that more details about the attack on Northwestern Polytechnical University will be released soon. China first disclosed the alleged attack on the Northwestern Polytechnical University earlier this month. "The agency also accused the U.S. of engaging in 'tens of thousands' of cyberattacks on Chinese targets," adds CNBC.

An anonymous reader quotes a report from Motherboard in collaboration with The Bureau of Investigative Journalism, an independent not-for-profit news organization based in London: Campylobacter is America's biggest cause of foodborne illness, just ahead of salmonella. Both are potentially fatal. Yet between 2015 and 2020, U.S. companies sold tens of thousands of meat products contaminated with campylobacter and salmonella, according to government sampling records obtained by the Bureau of Investigative Journalism. More than half of these were contaminated with antibiotic-resistant strains, a rapidly escalating issue that can be exacerbated by poor hygiene conditions. The poultry companies supply major grocery stores and fast-food chains. Tyson has supplied chicken to McDonald's, Perdue has sold to Whole Foods, and both have supplied Walmart.

Although the USDA deems a certain level of salmonella and campylobacter within poultry acceptable, 12 major U.S. poultry companies -- including poultry giants Perdue, Pilgrim's Pride, Tyson, Foster Farms, and Koch Foods -- have exceeded USDA standards for acceptable levels of salmonella multiple times since 2018, when the government began reporting contamination rates at individual plants, according to the department's records. The USDA still runs tests for campylobacter in processing plants but does not currently track whether plants exceed the contamination thresholds. Batches of poultry products with contamination rates above the limit don't have to be recalled, although plants that repeatedly exceed the thresholds can be temporarily shut down. Separate government records also show that between January 2015 and August 2019, the same 12 major U.S. poultry companies broke food safety rules on at least 145,000 occasions -- or on average more than 80 times a day. Poultry plant workers also claimed they have sometimes been asked to process rotten-smelling meat, have witnessed chicken tossed into grinders with dead insects, and found government safety inspectors apparently asleep on the job.

Campylobacter causes more than 100 deaths every year in America as well as 1.5 million infections. It also accounts for up to 40 percent of the country's cases of Guillain-Barré Syndrome [...]. Yet the sale of poultry products found to be contaminated with either that or salmonella bacteria remains perfectly legal. The level of salmonella and campylobacter that the USDA deems acceptable differs depending on the product. A maximum of 15.4 percent of chicken parts leaving a processing plant, for instance, can test positive for salmonella and the plant can still meet acceptable standards. The threshold for campylobacter is 7.7 percent. Many experts argue these levels are too lax. The report also notes the concerning increase in antibiotic-resistant strains of bacteria. "The number of drug-resistant salmonella infections in the U.S. rose from around 159,000 in 2004 to around 222,000 in 2016," reports Motherboard, citing the CDC. "Campylobacter has become more resistant too: Ciprofloxacin, an antibiotic commonly used to treat it, is increasingly ineffective."

"The rise of superbugs is having increasingly serious human consequences. In order to treat these illnesses, doctors are turning more frequently to last-resort drugs, which often have more side effects. And if these fail, there's no choice but to let the disease take its course."

"Russian hackers have stolen and published the personal data of tens of thousands of employees..." reports the Australian Financial Review.

Government officials have confirmed the breach — part of a ransomware attack — and say the stolen data may even include info on the country's premier, according to an Australian public broadcaster: The government said the records of at least 38,000 employees, but potentially up to 80,000 workers, have been accessed in a cyber-attack on external payroll software provider Frontier Software. The data includes names, dates of birth, tax file numbers, home addresses, bank account details, remuneration and superannuation contributions... Treasurer Rob Lucas said politicians, including Premier Steven Marshall, could be among those affected.
The treasurer added the breach potentially impacted "The highest of the high to the lowest of the low and all of the rest of us in between." Except for schoolteachers, and the Department of Education, who did not use Frontier's software.

The website publishing the 3.75 gigabytes of data claimed it was just 10% of the total amount, according to the Australian Financial Review, which "understands Russian organised crime group Conti, which claimed credit for launching the cyberattack on Queensland's energy network CS Energy, published the information." Australian Payroll Association chief executive Tracy Angwin said the hack was a wake-up call to employers using remotely accessed payroll systems to ensure they were secure...

Frontier Software said the hacker responsible for the incident was known to employ a "double extortion" strategy, which included encrypting systems and stealing the data.
In another report, Bleeping Computer describes Conti as "a long-lived Ransomware as a Service operation" that "still manages to evade prosecution even after high-profile incidents against vital national resources such as Ireland's Department of Health." The gang is believed to be behind the recent revival of the notorious Emotet botnet, which could lead to a massive new wave of ransomware infections. This week, Conti took responsibility for the attack against Nordic Choice Hotels, a Scandinavian hotel chain with 200 properties.
Thanks to Macfox (Slashdot reader #50,100) for tipping us off to the news.

In a crowded field of wrongness, one person stands out. From a report: The pandemic has made fools of many forecasters. Just about all of the predictions whiffed. Anthony Fauci was wrong about masks. California was wrong about the outdoors. New York was wrong about the subways. I was wrong about the necessary cost of pandemic relief. And the Trump White House was wrong about almost everything else. In this crowded field of wrongness, one voice stands out. The voice of Alex Berenson: the former New York Times reporter, Yale-educated novelist, avid tweeter, online essayist, and all-around pandemic gadfly. Berenson has been serving up COVID-19 hot takes for the past year, blithely predicting that the United States would not reach 500,000 deaths (we've surpassed 550,000) and arguing that cloth and surgical masks can't protect against the coronavirus (yes, they can). Berenson has a big megaphone. He has more than 200,000 followers on Twitter and millions of viewers for his frequent appearances on Fox News' most-watched shows. On Laura Ingraham's show, he downplayed the vaccines, suggesting that Israel's experience proved they were considerably less effective than initially claimed. On Tucker Carlson Tonight, he predicted that the vaccines would cause an uptick in cases of COVID-related illness and death in the U.S.

The vaccines have inspired his most troubling comments. For the past few weeks on Twitter, Berenson has mischaracterized just about every detail regarding the vaccines to make the dubious case that most people would be better off avoiding them. As his conspiratorial nonsense accelerates toward the pandemic's finish line, he has proved himself the Secretariat of being wrong:
* He has blamed the vaccines for causing spikes in severe illness, by pointing to data that actually demonstrate their safety and effectiveness.
* He has blamed the vaccines for suppressing our immune systems, by misrepresenting normal immune-system behavior.
* He has suggested that countries such as Israel have suffered from their early vaccine rollout, even though deaths and hospitalizations among vaccinated groups in Israel have plummeted.
* He has implied that for most non-seniors, the side effects of the vaccines are worse than having COVID-19 itself -- even though, according to the CDC, the pandemic has killed tens of thousands of people under 50 and the vaccines have not conclusively killed anybody.

Usually, I would refrain from lavishing attention on someone so blatantly incorrect. But with vaccine resistance hovering around 30 percent of the general population, and with 40 percent of Republicans saying they won't get a shot, debunking vaccine skepticism, particularly in right-wing circles, is a matter of life and death.

"A mobile security expert has accused China of exploiting cellphone networks in the Caribbean to conduct 'mass surveillance' on Americans," reports Newsweek: Gary Miller, a former vice president of network security at California-based analytics company Mobileum, told The Guardian he had amassed evidence of espionage conducted via "decades-old vulnerabilities" in the global telecommunications system. While not explicitly mentioned in the report, the claims appear to be centered around Signaling System 7 (SS7), a communications protocol that routes calls and data around the world and has long been known to have inherent security weaknesses.

According to Miller, his analysis of "signals data" from the Caribbean has shown China was using a state-controlled mobile operator to "target, track, and intercept phone communications of U.S. phone subscribers," The Guardian reported. Miller claimed China appeared to exploit Caribbean operators to conduct surveillance on Americans as they were traveling, alleging that attacks on cell phones between 2018 to 2020 likely affected "tens of thousands" of U.S. mobile users in the region.

"Once you get into the tens of thousands, the attacks qualify as mass surveillance," the mobile researcher said, noting the tactic is "primarily for intelligence collection and not necessarily targeting high-profile targets."
Interesting quote from the Guardian's original story: "We have an illusion of security when we talk on our mobile phones," said James Lewis, the director of the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS). "People don't realise that we are under a sustained espionage attack on anything that connects to a network, and that this is just another example of a really aggressive and pretty sophisticated campaign."
Thanks to chill (Slashdot reader #34,294) for the story!

In a series of investigations, BuzzFeed News used satellite images to reveal 268 newly-built internment camps for Muslims in the Xinjiang region. Longtime Slashdot reader wiredog shares the reports with us.

Part 1: China Secretly Built A Vast New Infrastructure To Imprison Muslims
Part 2: What They Saw: Ex-Prisoners Detail The Horrors Of China's Detention Camps
Part 3: Blanked Out Spots On China's Maps Helped Us Uncover Xinjiang's Camps

Here's an excerpt from Part 1 of their investigation: China has secretly built scores of massive new prison and internment camps in the past three years, dramatically escalating its campaign against Muslim minorities even as it publicly claimed the detainees had all been set free. The construction of these purpose-built, high-security camps -- some capable of housing tens of thousands of people -- signals a radical shift away from the country's previous makeshift use of public buildings, like schools and retirement homes, to a vast and permanent infrastructure for mass detention. In the most extensive investigation of China's internment camp system ever done using publicly available satellite images, coupled with dozens of interviews with former detainees, BuzzFeed News identified more than 260 structures built since 2017 and bearing the hallmarks of fortified detention compounds. There is at least one in nearly every county in the far-west region of Xinjiang. During that time, the investigation shows, China has established a sprawling system to detain and incarcerate hundreds of thousands of Uighurs, Kazakhs, and other Muslim minorities, in what is already the largest-scale detention of ethnic and religious minorities since World War II.

These forbidding facilities -- including several built or significantly expanded within the last year -- are part of the government's unprecedented campaign of mass detention of more than a million people, which began in late 2016. That year Chen Quanguo, the region's top official and Communist Party boss, whom the US recently sanctioned over human rights abuses, also put Muslim minorities -- more than half the region's population of about 25 million -- under perpetual surveillance via facial recognition cameras, cellphone tracking, checkpoints, and heavy-handed human policing. They are also subject to many other abuses, ranging from sterilization to forced labor. To detain thousands of people in short order, the government repurposed old schools and other buildings. Then, as the number of detainees swelled, in 2018 the government began building new facilities with far greater security measures and more permanent architectural features, such as heavy concrete walls and guard towers, the BuzzFeed News analysis shows. Prisons often take years to build, but some of these new compounds took less than six months, according to historical satellite data. The government has also added more factories within camp and prison compounds during that time, suggesting the expansion of forced labor within the region. Construction was still ongoing as of this month.

BuzzFeed News identified 268 newly built compounds by cross-referencing blanked-out areas on Baidu Maps -- a Google Maps-like tool that's widely used in China -- with images from external satellite data providers. These compounds often contained multiple detention facilities.