Forgot your password?
Close
typodupeerror

Submission + - Using a VPN May Subject You to NSA Spying (stacker.news)

Submitted by joshuark
joshuark writes: Lawmakersare pressing the nation's top intelligence official to publicly disclose whether Americans who use commercialVPN servicesrisk being treated as foreigners under United States surveillance law—a classification that would strip them of constitutional protections against warrantless government spying. Lawmakers pressed Tulsi Gabbard to reveal whether using a VPN can strip Americans of their constitutional protections against warrantless surveillance.

In a letter sent Thursday to Director of National IntelligenceTulsi Gabbard, the lawmakers say that because VPNs obscure a user's true location, and because intelligence agencies presume that communications of unknown origin are foreign, Americans may be inadvertently waiving the privacy protections they're entitled to under the law.

Several federal agencies, including the FBI, the National Security Agency, and the Federal Trade Commission, haverecommendedthat consumers use VPNs toprotect their privacy. But following that advice may inadvertently cost Americans the very protections they're seeking.

Submission + - Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens (bleepingcomputer.com)

Submitted by joshuark
joshuark writes: LiteLLM is an open-source Python library that serves as a gateway to multiple large language model (LLM) providers via a single API. The package is very popular, with over 3.4 million downloads a day and over 95 million in the past month.

The TeamPCP hacking group compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. According to research by Endor Labs, threat actors compromised the project and published malicious versions of LiteLLM 1.82.7 and 1.82.8 to PyPI today that deploy an infostealer that harvests a wide range of sensitive data.

The malicious code was injected into 'litellm/proxy/proxy_server.py' [VirusTotal] as a base64 encoded payload, which is decoded and executed whenever the module is imported. "Once triggered, the payload runs a three-stage attack: it harvests credentials (SSH keys, cloud tokens, Kubernetes secrets, crypto wallets, and .env files), attempts lateral movement across Kubernetes clusters by deploying privileged pods to every node, and installs a persistent systemd backdoor that polls for additional binaries," explains Endor Labs.
Stolen data is bundled into an encrypted archive named tpcp.tar.gz and sent to attacker-controlled infrastructure at models.litellm[.]cloud, where the threat actors can access it.

If compromise is suspected, all credentials on affected systems should be treated as exposed and rotated immediately. Both malicious LiteLLM versions have been removed from PyPI, with version 1.82.6 now the latest clean release.

Submission + - Delivery Robot Drives Through Bus Stop Shelter, Shattering Glass Everywhere (404media.co)

Submitted by joshuark
joshuark writes: A Serve Robotics food delivery robot crashed through the glass wall of a bus stop shelter in Chicago earlier this week, shattering the glass all over the sidewalk.

“We’re aware of the incident involving one of our robots in Chicago. No injuries were reported, our team responded quickly to clean up, and we’re reviewing what happened to make improvements,” the spokesperson said. “We have also been in contact with local stakeholders and are committed to addressing any concerns directly. We take this matter very seriously.”

Serve deployed its robots to Chicago in September under a partnership with Uber Eats. The company operates in a few cities around the country, including in Los Angeles, where activists have been filming the robots in various compromising positions or after they have been knocked over by passersby.

Footage of the aftermath of the crash went viral on social media, with one of the company’s robots shaking shards of glass onto the sidewalk. The crash comes amid a protest against delivery robots in Chicago. Delivery robots have been controversial in Chicago, where at least 3,600 Chicago residents have signed a “No Sidewalk Bots” petition asking the city to ban the robots. The Chicago Department of Transportation did not respond to a request for comment.

Submission + - OpenAI to merge Atlas browser, ChatGPT, Codex into a single desktop super app (neowin.net)

Submitted by joshuark
joshuark writes: OpenAI is planning to combine its Atlas web browser, ChatGPT app, and Codex coding app into a singular desktop super app. CEO of Applications, Fidji Simo, said the company was doubling down on its successful products.

By taking this move, the AI company aims to streamline the user experience and reduce fragmentation. With that said, each of the apps currently do quite different things so it will be interesting to see how they put this all together. Simo said in an internal memo: “We realized we were spreading our efforts across too many apps and stacks, and that we need to simplify our efforts. That fragmentation has been slowing us down and making it harder to hit the quality bar we want.”

OpenAI is in a fierce battle with companies like Anthropic and Google to produce the best models and products. By unifying and speeding up the development of their desktop offering, it gives OpenAI a leg up in the race.

Atlas is probably the least known among the three products. It lets users browse the web with ChatGPT packed in. This browser is only available on macOS, so fewer people have had a chance to use it.

Submission + - Microsoft Backs Anthropic In Amicus Brief To Halt DoD 'Supply-Chain Risk' (reuters.com)

Submitted by joshuark
joshuark writes: Microsoft has filed an amicus brief on Tuesday in support of Anthropic's lawsuit asking the court to temporarily block the U.S. Department of Defense designation of the AI startup as a supply-chain risk. Microsoft backed Anthropic's request for a temporary restraining order against the Pentagon order, arguing that its determination should be paused while the court considers the case. Microsoft, integrates the AI lab's products and services into technology it provides to the U.S. military, said that it was directly impacted by the DOD designation.

"Should this action proceed without the entry of a temporary restraining order, Microsoft and other government contractors with expertise in developing solutions to support U.S. government missions will be forced to account for a new risk in their business planning," the company said.

Microsoft's filing argued the temporary restraining order is needed to prevent costly disruptions for suppliers, who would otherwise have to rapidly rebuild offerings that rely on Anthropic's products. The judge overseeing the case must approve Microsoft's request to file the brief before it is officially entered, but courts often permit outside parties to weigh in on important cases.

Comment No more than... (Score 1) 120

by joshuark (#66030352) Attached to: Could Home-Building Robots Help Fix the Housing Crisis?

No more than robots could save the US auto industry by eliminating workers in competition with the Japanese in the 1980s.

A civil engineering professor in college once said if built homes but used Lego-like elements, less labor, and more homes constructed quickly. Perhaps we should go back to the concrete houses of Thomas Edison.

https://www.atlasobscura.com/p...

--JoshK.

Submission + - U.S. Cybersecurity Adds VMware Aria Operations to KEV Catalog (thehackernews.com)

Submitted by joshuark
joshuark writes: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks.

VMware Aria Operations is an enterprise monitoring platform that helps organizations track the performance and health of servers, networks, and cloud infrastructure.

The flaw has now been added to the CISA's Known Exploited Vulnerabilities (KEV) catalog, with the US cyber agency requiring federal civilian agencies to address the issue by March 24, 2026. Broadcom said it is aware of reports indicating the vulnerability is exploited in attacks but cannot confirm the claims.

"A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress," the advisory explains.

Broadcom released security patches on February 24 and also provided a temporary workaround for organizations unable to apply the patches immediately.

The mitigation is a shell script named "aria-ops-rce-workaround.sh," which must be executed as root on each Aria Operations appliance node. There are currently no details on how the vulnerability is being exploited in the wild, who is behind it, and the scale of such efforts.

Submission + - Anthropic confirms Claude is down in a worldwide outage (bleepingcomputer.com) 2

Submitted by joshuark
joshuark writes: Claude appears to be having a major outage right now, with elevated errors reported across all platforms.The first “Investigating” notice went out at 11:49 UTC, and a follow-up update at 12:06 UTC said the investigation is ongoing.

For now, that likely means you may see failed requests, timeouts, or inconsistent responses when trying to use Claude on web, mobile, or API. There’s no ETA mentioned yet, but the status suggests it’s actively being worked on. No SAAS no service.

Submission + - Perplexity announces "Computer," an AI agent that assigns work to other AI agent (arstechnica.com)

Submitted by joshuark
joshuark writes: Ars Technica writes: AI company Perplexity just launched its new ‘Perplexity Computer,’ a new platform that “reasons, delegates, searches, builds, remembers, codes, and delivers” in what Perplexity is calling a “general-purpose digital worker” somewhere between OpenClaw and Claude Cowork. The “Computer,” a new tool that allows users to assign tasks and see them carried out by a system that coordinates multiple agents running various models.

Perplexity Computer runs Opus 4.6 for its core reasoning engine and orchestrates sub-agents with the best models for specific tasks: Gemini for deep research (creating sub-agents), Nano Banana for images, Veo 3.1 for video, Grok for speed in lightweight tasks, and ChatGPT 5.2 for long-context recall and wide search. Users describe an outcome, and the system spins up sub-agents that can browse, code, connect to apps, and autonomously handle tasks.

There could still be risks, though. For one thing, LLMs make mistakes, and those could be consequential if Computer is working with data you don’t have backed up elsewhere or if you’re not verifying the outputs, for example.

Slashdot Top Deals

It's fabulous! We haven't seen anything like it in the last half an hour! -- Macy's

Close