The FBI and other law enforcement and intelligence agencies around the world warned Wednesday that a Chinese-government hacking campaign that previously penetrated nine U.S. telecommunications companies has expanded into other industries and regions, striking at least 200 American organizations and 80 countries. From a report: The joint advisory was issued with the close allies in the Five Eyes English-language intelligence-sharing arrangement and also agencies from Finland, Netherlands, Poland and the Czech Republic, an unusually broad array meant to demonstrate global resolve against what intelligence officials said is a pernicious campaign that exceeds accepted norms for snooping.

"The expectation of privacy here was violated, not just in the U.S., but globally," FBI Assistant Director Brett Leatherman, who heads the bureau's cyber division, told The Washington Post in an interview. Chinese hackers won deep access to major communication carriers in the U.S. and elsewhere, then extracted call records and some law enforcement directives, which allowed them to build out a map of who was calling whom and whom the U.S. suspected of spying, Leatherman said. Prominent politicians in both major U.S. parties were among the ultimate victims.

Phonemaker Nothing used professional stock photos to demonstrate its Phone 3's camera capabilities on retail demo units, according to The Verge. Five images the company presented as community-captured samples were licensed photographs from the Stills marketplace, taken with other cameras in 2023.

The Verge verified EXIF data confirming one image predated the Phone 3's release. Co-founder Akis Evangelidis acknowledged the photos were placeholders intended for pre-production testing that weren't replaced before deployment to stores.

Farmers Insurance disclosed a breach affecting 1.1 million customers after attackers exploited Salesforce in a widespread campaign involving ShinyHunters and allied groups. According to BleepingComputer, the hackers stole personal data such as names, birth dates, driver's license numbers, and partial Social Security numbers. From the report: The company disclosed the data breach in an advisory on its website, saying that its database at a third-party vendor was breached on May 29, 2025. "On May 30, 2025, one of Farmers' third-party vendors alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor's databases containing Farmers customer information (the "Incident")," reads the data breach notification (PDF) on its website. "The third-party vendor had monitoring tools in place, which allowed the vendor to quickly detect the activity and take appropriate containment measures, including blocking the unauthorized actor. After learning of the activity, Farmers immediately launched a comprehensive investigation to determine the nature and scope of the Incident and notified appropriate law enforcement authorities."

The company says that its investigation determined that customers' names, addresses, dates of birth, driver's license numbers, and/or last four digits of Social Security numbers were stolen during the breach. Farmers began sending data breach notifications to impacted individuals on August 22, with a sample notification [1, 2] shared with the Maine Attorney General's Office, stating that a combined total of 1,111,386 customers were impacted. While Farmers did not disclose the name of the third-party vendor, BleepingComputer has learned that the data was stolen in the widespread Salesforce data theft attacks that have impacted numerous organizations this year. Further reading: Google Suffers Data Breach in Ongoing Salesforce Data Theft Attacks

The Federal Trade Commission is warning major U.S. tech companies against yielding to foreign government demands that weaken data security, compromise encryption, or impose censorship on their platforms. From a report: FTC Chairman Andrew N. Ferguson signed the letter sent to large American companies like Akamai, Alphabet (Google), Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X (Twitter). Ferguson stresses that weakening data security at the request of foreign governments, especially if they don't alert users about it, would constitute a violation of the FTC Act and expose companies to legal consequences.

Ferguson's letter specifically cites foreign laws such as the EU's Digital Services Act and the UK's Online Safety and Investigatory Powers Acts. Earlier this year, Apple was forced to remove support for iCloud end-to-end encryption in the United Kingdom rather than give in to demands to add a backdoor for the government to access encrypted accounts. The UK's demand would have weakened Apple's encryption globally, but it was retracted last week following U.S. diplomatic pressure.

Security researchers have uncovered critical vulnerabilities in Perplexity's Comet browser that enable attackers to hijack user accounts and execute malicious code through the browser's AI summarization features. The flaws, discovered independently by Brave and Guardio Labs, exploit indirect prompt injection attacks that bypass traditional web security mechanisms when users request webpage summaries.

Brave demonstrated account takeover through a malicious Reddit post that compromised Perplexity accounts when summarized. The vulnerability allows attackers to embed commands in webpage content that the browser's large language model executes with full user privileges across authenticated sessions.

Guardio's testing found the browser would complete phishing transactions and prompt users for banking credentials without warning indicators. The paid browser, available to Perplexity Pro and Enterprise Pro subscribers since July, processes untrusted webpage content without distinguishing between legitimate instructions and attacker payloads.

Yahoo Finance interviews Peter Cappelli, a Wharton professor of management, on "the business case for employers pushing for workers to get back to the office." (Cappelli has co-written a new book with workplace strategist Ranya Nehmeh titled In Praise of the Office: The Limits to Hybrid and Remote Work ...) Yahoo Finance: What's wrong with a hybrid work arrangement?

Cappelli: People just don't come in. That's maybe the single biggest factor. There is a growing awareness that people are really never there on their anchor days. If you want that for your company, you have to manage that attendance...

Yahoo Finance: What's the compelling advantage of in-person work?

Cappelli: There's value in human interaction, what we learn from each other, the cooperation that we can get in solving problems, and the motivation and commitment that comes from being around other people... When you first began your career, imagine what it would've been like if no one was in the office. You'd be completely lost.

If you think about how we learn about office work, we learn by watching. You learn what the values of the organization are. You learn it from the conversations in the office. You can see how the boss reacts to different requests and different problems. As you advance, you've got your ear to the ground, and you've got the opportunity to raise your hand and pitch in and have some influence. You can catch the boss between meetings and pass along a little tidbit of information, and you develop relationships with people where you can solve problems... Those are the kind of things that we miss when we move to remote — in addition to the general fact that people are energized by working with people.

With remote work, people also spend more time in meetings that are worthless. A lot of those things could be fixed, but the problem is they're not.
He argues remote work isn't as widespread as it seems. ("In Europe, for example, where employees have always had more power, I figured remote work would stay. It hasn't. Most everybody's gone back to the office.") Even in the U.S., 70% of employers are in-office, all the time. ("[M]ost employers are small. Remote work and hybrid work, in particular, is largely a big city, big company phenomenon... It's only white-collar jobs.")

And fewer jobs offered are being offered with remote-working options, he believes, now that the labor market has softened. "CEOs are now thinking we're losing something, and the employee resistance to return to the office has weakened.... The longer you wait, the harder it is to ever get people to come back without a big fight. " Cappelli: Right now, people might be saying, 'I will quit if I have to go back to the office,' but it turns out they don't mean it. The reason, of course, is it's one thing to say that you will quit; it's another to actually walk away from a paycheck...

If you opt for remote or hybrid, good outcomes don't happen by themselves. You can make it work, but it requires more time and effort for management, more rules, more practices, more leadership.

The Hill reports: Russian state-sponsored hackers have targeted thousands of networking devices associated with U.S. critical infrastructure sectors over the past year, the FBI warned Wednesday. The cyber actors are associated with the Russian Federal Security Service's (FSB) Center 16 and have taken aim at a vulnerability in certain Cisco devices, according to an agency public service announcement.

In some cases, hackers have been able to modify configuration files to enable unauthorized access, which they have used to conduct reconnaissance on networks. This has "revealed their interest in protocols and applications commonly associated with industrial control systems," the FBI said.

Cisco's threat intelligence research arm, Talos, explained in a separate advisory that a subcluster of this group, which it has named "Static Tundra," is targeting a seven-year-old vulnerability in the company's Smart Install feature. The firm has offered a patch for the vulnerability, but it remains a problem in unpatched and end-of-life network devices, it warned.
"Once they establish initial access to a network device, Static Tundra will pivot further into the target environment, compromising additional network devices and establishing channels for long-term persistence and information gathering," warns the Talos blog. "This is demonstrated by the group's ability to maintain access in target environments for multiple years without being detected."

In a statement emailed to The Register, a Cisco spokesperson "said the company is aware of ongoing exploitation targeting this flaw." "We strongly urge customers to immediately upgrade to fixed software versions as outlined in the security advisory and follow our published security best practices," the spokesperson said, directing customers to the FBI's announcement and Cisco Talos blog for additional details.

The ongoing campaign targets telecommunications, higher education, and manufacturing organizations across North America, Asia, Africa, and Europe, "with victims selected based on their strategic interest to the Russian government," according to Talos researchers Sara McBroom and Brandon White. "We assess that the purpose of this campaign is to compromise and extract device configuration information en masse, which can later be leveraged as needed based on then-current strategic goals and interests of the Russian government," McBroom and White wrote.

And while both security alerts focus on the FSB's latest round of network intrusions, "many other state-sponsored actors also covet the access these devices afford," the Talos team warned. "Organizations should be aware that other advanced persistent threats (APTs) are likely prioritizing carrying out similar operations as well."
Some context from Hot Hardware: Cisco indicated in its advisory that "Only Smart Install client switches are affected by the vulnerability". The list of affected devices is in Table A-1 here. For a successful attack, hackers exploit a vulnerability tracked as CVE-2018-0171. This was a vulnerability that was patched way back in 2018.

British telecommunications service provider Colt Telecom "has offices in over 30 countries across North America, Europe, and Asia, reports CPO magazine. "It manages nearly 1,000 data centers and roughly 75,000 km of fiber infrastructure."

But now "a cyber attack has caused widespread multi-day service disruption..." On August 14, 2025, the telecom giant said it had detected a cyber attack that began two days earlier, on August 12. Upon learning of the cyber intrusion, the telecommunications service provider responded by proactively taking some systems offline to contain the cyber attack. Although Colt Telecom's cyber incident response team was working around the clock to mitigate the impacts of the cyber attack, service disruption has persisted for days. However, the service disruption did not affect the company's core network infrastructure, suggesting that Colt customers could still access its network services... The company also did not provide a clear timeline for resolving the service disruption. A week after the apparent ransomware attack, Colt Online and the Voice API platform remained unavailable.
And now Colt Technology Services "confirms that customer documentation was stolen," reports the tech news site BleepingComputer: "A criminal group has accessed certain files from our systems that may contain information related to our customers and posted the document titles on the dark web," reads an updated security incident advisory on Colt's site.

"We understand that this is concerning for you."

"Customers are able to request a list of filenames posted on the dark web from the dedicated call centre."

As first spotted by cybersecurity expert Kevin Beaumont, Colt added the no-index HTML meta tag to the web page, making it so it won't be indexed by search engines.

This statement comes after the Warlock Group began selling on the Ramp cybercrime forum what they claim is 1 million documents stolen from Colt. The documents are being sold for $200,000 and allegedly contain financial information, network architecture data, and customer information... The Warlock Group (aka Storm-2603) is a ransomware gang attributed to Chinese threat actors who utilize the leaked LockBit Windows and Babuk VMware ESXi encryptors in attacks... Last month, Microsoft reported that the threat actors were exploiting a SharePoint vulnerability to breach corporate networks and deploy ransomware.
"Colt is not the only telecom firm that has been named by WarLock on its leak website in recent days," SecurityWeek points out. "The cybercriminals claim to have also stolen data from France-based Orange."

Thanks to long-time Slashdot reader Z00L00K for sharing the news.

An anonymous reader quotes a report from The Register: Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month's SharePoint zero-day attacks, which appear to be related to a leak in Redmond's early-bug-notification program. The software behemoth gives some software vendors early bug disclosures under its Microsoft Active Protections Program (MAPP), which typically delivers info two weeks before Patch Tuesday. MAPP participants sign a non-disclosure agreement, and in exchange get vulnerability details so that they can provide updated protections to customers more quickly.

According to Microsoft spokesperson David Cuddy, who spoke with Bloomberg about changes to the program, MAPP has begun limiting access to companies in "countries where they're required to report vulnerabilities to their governments," including China. Companies in these countries will no longer receive "proof of concept" exploit code, but instead will see "a more general written description" that Microsoft sends at the same time as patches, Cuddy told the news outlet. "A leak happened here somewhere," Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register in July. "And now you've got a zero-day exploit in the wild, and worse than that, you've got a zero-day exploit in the wild that bypasses the patch, which came out the next day."

Childs said the MAPP change "is a positive change, if a bit late. Anything Microsoft can do to help prevent leaks while still offering MAPP guidance is welcome."

"In the past, MAPP leaks were associated with companies out of China, so restricting information from flowing to these companies should help," Childs said. "The MAPP program remains a valuable resource for network defenders. Hopefully, Microsoft can squelch the leaks while sending out the needed information to companies that have proven their ability (and desire) to protect end users."

Organizations still using default Microsoft 365 email domains face severe throttling starting this October. The restrictions target the onmicrosoft.com domain that Microsoft 365 automatically assigns to new tenants, limiting external messages to 100 recipients per day starting October 15. Microsoft blames spammers who exploit new tenants for quick spam bursts before detection. Affected organizations must acquire custom domains and update primary SMTP addresses across all mailboxes -- a process that requires credential updates across devices and applications.

Davis Lu, a former Eaton Corporation developer, has been sentenced to four years in prison for sabotaging his ex-employer's Windows network with malware and a custom kill switch that locked out thousands of employees once his account was disabled. The attack caused significant operational disruption and financial losses, with Lu also attempting to cover his tracks by deleting data and researching privilege escalation techniques. BleepingComputer reports: After a corporate restructuring and subsequent demotion in 2018, the DOJ says that Lu retaliated by embedding malicious code throughout the company's Windows production environment. The malicious code included an infinite Java thread loop designed to overwhelm servers and crash production systems. Lu also created a kill switch named "IsDLEnabledinAD" ("Is Davis Lu enabled in Active Directory") that would automatically lock all users out of their accounts if his account was disabled in Active Directory. When his employment was terminated on September 9, 2019, and his account disabled, the kill switch activated, causing thousands of users to be locked out of their systems.

"The defendant breached his employer's trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company," said Acting Assistant Attorney General Matthew R. Galeotti. When he was instructed to return his laptop, Lu reportedly deleted encrypted data from his device. Investigators later discovered search queries on the device researching how to elevate privileges, hide processes, and quickly delete files. Lu was found guilty earlier this year of intentionally causing damage to protected computers. After his four-year sentence, Lu will also serve three years of supervised release following his prison term.

Phone manufacturers rarely acknowledge that IP68 water resistance degrades over time, but Google has broken that silence with advertising disclaimers for its Pixel 10 Pro Fold. The fine print explicitly warns that water and dust protection "will diminish or be lost over time due to normal wear and tear, device repair, disassembly or damage." The company further notes that liquid damage voids warranties despite IP68 certification at manufacture.

Longtime Slashdot reader Xesdeeni writes: I received an email indicating Intuit will not support Windows 10 for the desktop versions of TurboTax starting this tax year. Laughably, they say "security is a top priority for us" before adding: "To use TurboTax Desktop software for tax year 2025, your computer will need to run on Microsoft Windows 11 [or] TurboTax Online."

I'm just paranoid enough to use the desktop version, since at least it limits what they see to the forms they send to the IRS -- rather than everything. Even if I was willing to endure the added burden of printing and mailing the forms, this would be the end of that, since I'm out on Windows 11 for the reasons you already know.
Here's what they sent: Hi there,

We're reaching out to provide an update on TurboTax Desktop software for tax year 2025. After October 14, 2025, Microsoft will no longer provide software updates, technical assistance, or security fixes for Windows 10 operating system. Because security is a top priority for us, TurboTax Desktop software for tax year 2025 onwards will not be compatible with Windows 10 operating system.

To use TurboTax Desktop software for tax year 2025, your computer will need to run on Microsoft Windows 11 operating system. You can also consider switching to TurboTax Online, which will work on any supported browser (available December 2025).

For more resources and additional information about this change, go to this help article: How does the end of support for Windows 10 affect my TurboTax Desktop experience?

Thanks for being part of the TurboTax family.

Warm regards,

The TurboTax Team Xesdeeni comments: "I've wanted a Linux offering for years now and only kept Windows for such limited products as this. I guess I can completely punt it now."

A 22-year-old Oregon man has been charged with operating one of the most powerful botnets ever recorded. The network, known as Rapper Bot, launched over 370,000 DDoS attacks worldwide, including against X, DeepSeek, U.S. tech firms, and even Defense Department systems. It was allegedly operated by Ethan Foltz of Eugene, Oregon. The Wall Street Journal reports: Foltz faces a maximum of 10 years in prison on a charge of abetting computer intrusions, the Justice Department said in a news release. Rapper Bot was made up of tens of thousands of hacked devices and was capable of flooding victims' websites with enough junk internet traffic to knock them offline, an attack known as a distributed denial of service, or DDoS.

In February, the networking company Nokia measured a Rapper Bot attack against a gaming platform at 6.5 trillion bits per second, well above the several hundred million bits a second of the average high-speed internet connection. "This would place Rapper Bot among the most powerful DDoS botnets to have ever existed," said a criminal complaint that the prosecutors filed Tuesday in a federal court in Alaska. Investigators said Rapper Bot's attacks were so powerful that they were able to overwhelm all but the most robust networks.

Foltz allegedly rented out Rapper Bot to paying customers, including gambling website operators who would use the network in extortion attempts, according to the complaint. The botnet was used to launch more than 370,000 attacks in 80 countries, including China, Japan and the U.S., prosecutors said. It launched its attacks from hacked routers, digital video recorders and cameras, not from computers. [...] "At its height, it mobilized tens of thousands of devices, many with no prior role in DDoS," said Jerome Meyer, a researcher with Nokia's Deepfield network-analysis division. "Taking it down removes a major source of the largest attacks we see."

Microsoft is testing a COPILOT function in Excel that uses OpenAI's gpt-4.1-mini model to automatically fill spreadsheet cells through natural language prompts. The function can classify feedback, generate summaries, and create tables based on specified cell ranges. Microsoft warns against using the AI function for numerical calculations or scenarios involving legal, regulatory, and compliance implications because COPILOT "can give incorrect responses." The feature processes up to 100 functions every 10 minutes and cannot access information outside the spreadsheet.