Submission + - Iranian hackers are exploiting lazy American security and nobody seems to care (nerds.xyz)

BrianFagioli writes: The U.S. government is sounding the alarm about a growing cyber threat tied to Iran. A new joint advisory from CISA, the FBI, NSA, and the Department of Defense warns that Iranian-affiliated hackers and hacktivists could be preparing cyberattacks against vulnerable American systems.

The targets? Critical infrastructure and defense-related companies, especially those with links to Israeli research or technology. According to the agencies, these threat actors are already scanning for exposed systems running outdated software, using default passwords, or connected directly to the internet without proper security.

And if that sounds like old news, that’s part of the problem.

This isn’t theoretical. During the Israel-Hamas conflict last year, Iranian actors breached dozens of U.S. industrial systems, including water utilities and manufacturers. Many were compromised through unsecured PLCs and HMIs left wide open online.

The same tactics are still in play. From website defacements to DDoS attacks and hack-and-leak operations, Iranian-aligned groups are combining technical intrusions with social and political messaging. Some work directly with ransomware gangs, stealing data and threatening public leaks if demands aren’t met.

The advisory makes it clear that the U.S. remains an active target. Sadly, it’s not because of sophisticated zero-days, but actually, because many organizations continue to ignore basic cyber hygiene. Sigh.

The suggested mitigations are mostly common sense. Disconnect OT systems from the public internet. Kill default passwords. Apply patches. Use MFA. Monitor logs. And perhaps most importantly, rehearse incident response plans like your business depends on it. After all, it might.

Too often, organizations with the least resources are left running the most critical infrastructure. That reality hasn’t changed, and neither has the threat.

Submission + - Mitch Kapor finally completes MIT master's degree

An anonymous reader writes: Mitch Kapor finally completes MIT master's degree after 45-year detour

“The man behind Lotus 1-2-3 and the Electronic Frontier Foundation (EFF) has wrapped up a master's degree at MIT Sloan, decades after dropping out to help kickstart the PC software boom.”

‘Mitchell David Kapor has a pretty impressive CV already. He started several important organizations, including Lotus Development Corporation, then the EFF, and then the Mozilla Foundation. His start in programming led him to drop out of MIT in 1980. This month, though, he finally finished his nominally 12-month master's degree there, making him arguably the most accomplished "MBA" in the world.’

Submission + - China's Communist Party Tops 100 Million Members (wsj.com)

An anonymous reader writes: China’s Communist Party had 100.27 million members by the end of 2024, an increase of about 1 per cent from the previous year, according to official data released ahead of the party’s 104th anniversary. However, the rate of membership growth has continued to slow, with one insider attributing this to stricter screening by the Central Organisation Department (COD), the party’s top personnel office. The more stringent screening has resulted in a longer waiting list as applications to join the party continue to grow, since membership is still widely regarded as a prerequisite for a meaningful political career. By the end of 2024, there were 21.42 million applicants waiting in line, an increase of 440,000 applicants over 2023, according to the COD data. China’s ruling party continues to be the world’s No 2 political party by membership strength, after India’s ruling Bharatiya Janata Party which claimed to have 140 million members.

Submission + - US Government Takes Down Major North Korean 'Remote IT Workers' Operation (techcrunch.com)

An anonymous reader writes: The U.S. Department of Justice announced on Monday that it had taken several enforcement actions against North Korea’s money-making operations, which rely on undercover remote IT workers inside American tech companies to raise funds for the regime’s nuclear weapons program, as well as to steal data and cryptocurrency. As part of the DOJ’s multi-state effort, the government announced the arrest and indictment of U.S. national Zhenxing “Danny” Wang, who allegedly ran a years-long fraud scheme from New Jersey to sneak remote North Korean IT workers inside U.S. tech companies. According to the indictment, the scheme generated more than $5 million in revenue for the North Korean regime. [...]

From 2021 until 2024, the co-conspirators allegedly impersonated more than 80 U.S. individuals to get remote jobs at more than 100 American companies, causing $3 million in damages due to legal fees, data breach remediation efforts, and more. The group is said to have run laptop farms inside the United States, which the North Korean IT workers could essentially use as proxies to hide their provenance, according to the DOJ. At times, they used hardware devices known as keyboard-video-mouse (KVM) switches, which allow one person to control multiple computers from a single keyboard and mouse. The group allegedly also ran shell companies inside the U.S. to make it seem like the North Korean IT workers were affiliated with legitimate local companies, and to receive money that would then be transferred abroad, the DOJ said.

The fraudulent scheme allegedly also involved the North Korean workers stealing sensitive data, such as source code, from the companies they were working for, such as from an unnamed California-based defense contractor “that develops artificial intelligence-powered equipment and technologies.”

Submission + - China Hosts First Fully Autonomous AI Robot Football Match (theguardian.com)

An anonymous reader writes: Four teams of humanoid robots took each other on in Beijing [on Saturday], in games of three-a-side powered by artificial intelligence. While the modern game has faced accusations of becoming near-robotic in its obsession with tactical perfection, the games in China showed that AI won’t be taking Kylian Mbappe’s job just yet. Footage of the humanoid kickabout showed the robots struggling to kick the ball or stay upright, performing pratfalls that would have earned their flesh-and-blood counterparts a yellow card for diving. At least two robots were stretchered off after failing to regain their feet after going to ground.

[...] The competition was fought between university teams, which adapted the robots with their own algorithms. In the final match, Tsinghua University’s THU Robotics defeated the China Agricultural University’s Mountain Sea team with a score of 5–3 to win the championship. One Tsinghua supporter celebrated their victory while also praising the competition. “They [THU] did really well,” he said. “But the Mountain Sea team was also impressive. They brought a lot of surprises.”

Submission + - How robotic hives and AI are lowering the risk of bee colony collapse (phys.org)

alternative_right writes: The unit—dubbed a BeeHome—is an industrial upgrade from the standard wooden beehives, all clad in white metal and solar panels. Inside sits a high-tech scanner and robotic arm powered by artificial intelligence. Roughly 300,000 of these units are in use across the U.S., scattered across fields of almond, canola, pistachios and other crops that require pollination to grow.

AI and robotics are able to replace "90% of what a beekeeper would do in the field," said Beewise Chief Executive Officer and co-founder Saar Safra. The question is whether beekeepers are willing to switch out what's been tried and true equipment.

Submission + - Study finds online searches reduce diversity of group brainstorming ideas (phys.org)

alternative_right writes: While the study found no statistically relevant difference between the creativity of individuals with access to internet search and those without, as those individuals were clumped into groups, internet search appeared to stymie their production of ideas.

"This appears to be due to the fact that Google users came up with the same common answers, often in the same order, as they relied on Google, while non-Google users came up with more distinct answers," wrote lead author Danny Oppenheimer, a professor in CMU's Department of Social and Decision Sciences.

Submission + - CarFax For Used PCs: Hewlett Packard Wants To Give Laptops New Life (arstechnica.com)

An anonymous reader writes: When buying a used car, dealerships and individual buyers can access each car’s particular CarFax report, detailing the vehicle’s usage and maintenance history. Armed with this information, dealerships can perform the necessary fixes or upgrades before re-selling the car. And individuals can decide whether to trust that vehicle’s performance. We at HP realized that, to prevent unnecessary e-waste, we need to collect and make available usage and maintenance data for each laptop, like a CarFax for used PCs. There is a particular challenge to collecting usage data for a PC, however. We need to make sure to protect the user’s privacy and security. So, we set out to design a data collection protocol for PCs that manages to remain secure.
Luckily, the sensors that can collect the necessary data are already installed in each PC. There are thermal sensors that monitor CPU temperature, power consumption monitors that track energy efficiency, storage health indicators that assess solid state drive (SSD) wear levels, performance counters that measure system utilization, fan rotation speed sensors that detect cooling efficiency, and more. The key is to collect and store all that data in a secure yet useful way. We decided that the best way to do this is to integrate the lifecycle records into the firmware layer. By embedding telemetry capabilities directly within the firmware, we ensure that device health and usage data is captured the moment it is collected. This data is stored securely on HP SSD drives, leveraging hardware-based security measures to protect against unauthorized access or manipulation. [...]

The telemetry log serves as the foundation for a comprehensive device history report. Much like a CarFax report for used cars, this report, which we call PCFax, will provide both current users and potential byers with crucial information. The PCFax report aggregates data from multiple sources beyond just the on-device telemetry logs. It combines the secure firmware-level usage data with information from HP’s factory and supply chain records, digital services platforms, customer support service records, diagnostic logs, and more. Additionally, the system can integrate data from external sources including partner sales and service records, refurbishment partner databases, third-party component manufacturers like Intel, and other original equipment manufacturers. This multi-source approach creates a complete picture of the device’s entire lifecycle, from manufacturing through all subsequent ownership and service events.

Submission + - NASA teams with Netflix to stream rocket launches and spacewalks this summer (nerds.xyz)

BrianFagioli writes: NASA is coming to Netflix. No, not a drama or sci-fi reboot. The space agency is actually bringing real rocket launches, astronaut spacewalks, and even views of Earth from space directly to your favorite streaming service.

Starting this summer, NASA+ will be available on Netflix, giving the space-curious a front-row seat to live mission coverage and other programming. The space agency is hoping this move helps it connect with a much bigger audience, and considering Netflix reaches over 700 million people, that’s not a stretch.

This partnership is about accessibility. NASA already offers NASA+ for free, without ads, through its app and website. But now it’s going where the eyeballs are. If people won’t come to the space agency, the space agency will come to them.

Submission + - Space is hard (spacenews.com)

RUs1729 writes: For-profit companies are pushing the narrative that they can do space inexpensively. Their track record reveals otherwise: cutting corners won't do it for the foreseeable future.

Submission + - Microsoft Authenticator will stop supporting passwords. (cnet.com)

Avantare writes: Microsoft Authenticator will start using more secure passkeys in August.
Microsoft Authenticator houses your passwords and lets you sign into all of your Microsoft accounts using a PIN, facial recognition such as Windows Hello, or other biometric data, like a fingerprint. Authenticator can be used in other ways, such as verifying you're logging in if you forgot your password, or using two-factor authentication as an extra layer of security for your Microsoft accounts.
In June, Microsoft stopped letting users add passwords to Authenticator, but here's a timeline of other changes you can expect, according to Microsoft.

        July 2025: You won't be able to use the autofill password function.
        August 2025: You'll no longer be able to use saved passwords.

https://support.microsoft.com/...

Submission + - Chinese military-tied company is choosing new hires at Ford battery plant (justthenews.com)

schwit1 writes:

Chinese company appears to be in charge of hiring workers for Ford’s new battery plant in Michigan, contradicting the company’s statements that it will be an American-owned and operated project, and amplifying concerns from locals about potential national security implications.

The plant has generated significant controversy because of Ford’s partnership with China-based Contemporary Amperex Technology Limited, known as CATL, which closely collaborates with the Chinese military and government. The U.S. Defense Department earlier this year marked CATL as a Chinese Military Company to warn American firms about the risks of doing business.

Despite the security concerns about its partner, Ford has promised that the battery manufacturing facility, which the company says will help it develop a reliable U.S.-based supply of electric vehicle batteries in Marshall, Michigan, would be completely owned and operated by the American firm. The only contribution from CATL, the company has said, will be Ford’s licensing of its proprietary battery technology.

At the same time, online job listings on multiple recruiting platforms show that CATL’s American subsidiary—Contemporary Amperex Technology Kentucky (CATK)—has posted job listings for roles at the factory, seemingly contradicting Ford’s assurances and revealing a far more active role in management by the Chinese company.

Exit quote: "The Ford plant has drawn scrutiny from Republicans in the Michigan legislature who are concerned that the state government failed to properly vet the project and Ford’s partners in the endeavor."

Who got paid off?

Submission + - Hackers and Heavy Metal (furious.com)

alternative_right writes: A story of hackers and metal:

"In the 80s, BBSes were the most important thing to the hacker world. They were where people met, talked, exchanged information," said legendary hacker Erik Bloodaxe, whose exploits with the hacker group Legion of Doom stirred many imaginations back in the day. "They were the central meeting places where you could find those people who actually cared about the same things you cared about." Bloodaxe would know. In addition to being "the best hacker I ever met," according to Loyd Blankenship, the technologist and hacker who wrote "The Hacker's Manifesto" that was later quoted in the cyberpunk-slash-teen drama Hackers, Bloodaxe edited one of the first hacker publications, Phrack. Phrack — named for a combination of the terms "phreak" and "hack" referring to phone and computer exploitation, respectively — and is an expert at finding information. Especially hidden information, or data that is marginalized because it does not comport to society's view of itself.


Submission + - Gaming on ARM Shouldnâ(TM)t Be This GOOD! (youtube.com)

VennStone writes: While high-end ARM systems from Ampere and System76 have shown off impressive gaming demos, I wanted to try something more accessible. So I paired a Radxa Orion 06 with an RX570 and used the FEX emulator to translate x86_64 instructions on the fly. The goal? To see how far desktop-class gaming can go on consumer-grade ARM hardware with open-source tools doing the heavy lifting.

The Write-up: https://interfacinglinux.com/2...

YouTube video: https://www.youtube.com/watch?...

Submission + - DoJ deal gives HPE the go-ahead for its $14 billion Juniper purchase (telecoms.com)

AmiMoJo writes: HPE has settled its antitrust case with the US Department of Justice (DoJ), paving the way for its acquisition of rival kit maker Juniper Networks. Under the agreement, HPE has agreed to divest its Instant On unit, which sells a range of enterprise-grade Wi-Fi networking equipment for campus and branch deployments. It has also agreed to license Juniper's Mist AIOps source code – a software suite that enables AI-based network automation and management. HPE can live with that, since its primary motivation for buying Juniper is to improve its prospects in an IT networking market dominated by Cisco, where others like Arista and increasingly Nokia and Nvidia are also trying to make inroads.

Comment: Pour one out for Juniper.

Submission + - China Conducted Test Flight of Kerosene-based Hypersonic Vehicle (scmp.com)

hackingbear writes: SCMP reported that, in a groundbreaking demonstration of technological prowess, China's Feitian 2 hypersonic vehicle successfully completed its test flight, showcasing advanced capabilities in seamless mode transitions and fuel efficiency, marking a significant leap forward in aerospace engineering. China's Northwestern Polytechnical University (NPU) said in a statement that the test represented the first successful acquisition of real-flight data for a rocket-based combined cycle (RBCC) engine using a kerosene-hydrogen peroxide propellant, proving key capabilities, including variable-geometry intake operation, thrust-varying acceleration and autonomous flight with variable angle of attack. The RBCC engine represents a revolutionary concept, integrating the benefits of traditional rocket engines and air-breathing ramjets within a single system. Its core objective is to maximize the use of atmospheric oxygen as the oxidizer during atmospheric flight, drastically reducing the oxidizer weight the vehicle must carry, thereby significantly boosting the payload capacity and fuel efficiency. Although it is less efficient at converting propellant to thrust than liquid hydrogen, the mixture of kerosene-hydrogen peroxide eliminates the need for complex cryogenic systems, allowing pre-fuelling and long-term standby readiness. The successful demonstration of RBCC engine capabilities and autonomous flight systems suggests that hypersonic vehicles could soon become a reality for both military and civilian applications. Moreover, the test evaluated the vehicle’s autonomous flight capabilities, enabling it to adjust its angles of attack based on mission parameters and environmental conditions. The ability to smoothly transition between flight modes and adapt to environmental conditions opens new possibilities for rapid global travel and advanced defense systems. Notably, NPU is subject to US sanctions and requires specific US Commerce Department approval to buy sensitive US-made research equipment and components, while Chinese authorities publicly accused the US National Security Agency’s (NSA) carrying out extensive cyberattacks against the university.

Submission + - Nonprofit Led by Microsoft's AI-Is-Not-Optional Exec Seeks Same Policy for Kids

theodp writes: Business Insider reports that Julia Liuson, president of the Microsoft division responsible for developer tools such as AI coding service GitHub Copilot, recently sent an email instructing managers to evaluate employee performance based on their use of internal AI tools. "AI is now a fundamental part of how we work," Liuson wrote. "Just like collaboration, data-driven thinking, and effective communication, using AI is no longer optional — it’s core to every role and every level." Liuson told managers that AI "should be part of your holistic reflections on an individual’s performance and impact."

Liuson is also a member of the tech exec and K-12 school administrator-laden Board of Code.org, the tech giant-funded nonprofit (Microsoft is a $25M+ Code.org Lifetime Supporter) that recently teamed with tech CEOs (led by Microsoft CEO Satya Nadella) and leaders to launch a new Code.org-orchestrated national campaign to make CS and AI a graduation requirement. Other Code.org Board members include Microsoft CTO Kevin Scott, who helped forged Microsoft's alliance with OpenAI and whose assistant held Microsoft's controversial OpenAI Board 'observer' seat until the relationship came under regulatory scrutiny (OpenAI is a Code.org In-Kind Supporter and a supporter of Code.org's TeachAI initiative).

Microsoft has recently boasted of big AI and Copilot wins in the Los Angeles Unified School District (the nation's 2nd largest school district, with 409,000 students), which is led by Code.org Board member Alberto M. Carvalho, as well as the Broward County Public Schools (247,000 students, touted as " the largest K–12 adoption of Microsoft Copilot in the world"), which was formerly led by Code.org Board member Robert Runcie. What about Google? Well, it's bringing its AI chatbots to 105,000 students at the Miami-Dade County Public Schools (the nation’s third-largest school district).

The tech industry-driven K-12 AI frenzy of 2025 certainly evokes memories of the tech industry-driven K-12 CS frenzy of 2013, when Code.org emerged on the scene — with Microsoft President Brad Smith and Head of Google.org Maggie Johnson as founding Board members — and quickly scored partnerships with the New York City Public Schools (the nation's largest school district), Chicago Public Schools, and Broward County Public Schools. Given the much-bigger population of potential AI users and creators, as well as the staggering sums of money at stake, will the K-12 AI frenzy put the K-12 CS frenzy to shame?

Slashdot Top Deals