Feed aggregator

This Native American Heritage Month, we’re launching new ways across our products for you to connect with the creativity, culture and stories of Indigenous peoples.It st…

The address bar/ChatGPT input window in OpenAI's browser ChatGPT Atlas "could be targeted for prompt injection using malicious instructions disguised as links," reports SC World, citing a report from AI/agent security platform NeuralTrust: NeuralTrust found that a malformed URL could be crafted to include a prompt that is treated as plain text by the browser, passing the prompt on to the LLM. A malformation, such as an extra space after the first slash following "https:" prevents the browser from recognizing the link as a website to visit. Rather than triggering a web search, as is common when plain text is submitted to a browser's address bar, ChatGPT Atlas treats plain text as ChatGPT prompts by default. An unsuspecting user could potentially be tricked into copying and pasting a malformed link, believing they will be sent to a legitimate webpage. An attacker could plant the link behind a "copy link" button so that the user might not notice the suspicious text at the end of the link until after it is pasted and submitted. These prompt injections could potentially be used to instruct ChatGPT to open a new tab to a malicious website such as a phishing site, or to tell ChatGPT to take harmful actions in the user's integrated applications or logged-in sites like Google Drive, NeuralTrust said. Last month browser security platform LayerX also described how malicious prompts could be hidden in URLs (as a parameter) for Perplexity's browser Comet. And last week SquareX Labs demonstrated that a malicious browser extension could spoof Comet's AI sidebar feature and have since replicated the proof-of-concept (PoC) attack on Atlas. But another new vulnerability in ChatGPT Atlas "could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code," reports The Hacker News, citing a report from browser security platform LayerX: "This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX Security Co-Founder and CEO, Or Eshed, said in a report shared with The Hacker News. The attack, at its core, leverages a cross-site request forgery (CSRF) flaw that could be exploited to inject malicious instructions into ChatGPT's persistent memory. The corrupted memory can then persist across devices and sessions, permitting an attacker to conduct various actions, including seizing control of a user's account, browser, or connected systems, when a logged-in user attempts to use ChatGPT for legitimate purposes.... "What makes this exploit uniquely dangerous is that it targets the AI's persistent memory, not just the browser session," Michelle Levy, head of security research at LayerX Security, said. "By chaining a standard CSRF to a memory write, an attacker can invisibly plant instructions that survive across devices, sessions, and even different browsers. In our tests, once ChatGPT's memory was tainted, subsequent 'normal' prompts could trigger code fetches, privilege escalations, or data exfiltration without tripping meaningful safeguards...." LayerX said the problem is exacerbated by ChatGPT Atlas' lack of robust anti-phishing controls, the browser security company said, adding it leaves users up to 90% more exposed than traditional browsers like Google Chrome or Microsoft Edge. In tests against over 100 in-the-wild web vulnerabilities and phishing attacks, Edge managed to stop 53% of them, followed by Google Chrome at 47% and Dia at 46%. In contrast, Perplexity's Comet and ChatGPT Atlas stopped only 7% and 5.8% of malicious web pages. From The Conversation: Sandboxing is a security approach designed to keep websites isolated and prevent malicious code from accessing data from other tabs. The modern web depends on this separation. But in Atlas, the AI agent isn't malicious code — it's a trusted user with permission to see and act across all sites. This undermines the core principle of browser isolation. Thanks to Slashdot reader spatwei for suggesting the topic.

Read more of this story at Slashdot.

Linux Kernel Ported To WebAssembly - Demo Lets You Run It In Your Web Browser  Phoronix

"Traditionally, exploring the interior of atomic nuclei requires enormous particle accelerators that stretch for kilometers and propel beams of electrons at extremely high speeds," writes SciTechDaily. But MIT physicists have unveiled a groundbreaking alternative that "used the atom's own electrons as probes to momentarily enter the nucleus..." In research published in Science, a team of MIT physicists achieved exceptionally precise measurements of the energy of electrons orbiting a radium atom that had been chemically bonded with a fluoride atom to form radium monofluoride. By studying these molecules, the researchers created a kind of miniature particle collider. Within this environment, the electrons surrounding the radium atom were confined closely enough to occasionally slip into the nucleus before returning to their usual orbits... When those electrons returned to their outer paths, they retained the altered energy, effectively carrying a "message" from within the nucleus that could be decoded to reveal its internal arrangement... [The researchers] trapped and cooled the molecules and sent them through a system of vacuum chambers, into which they also sent lasers, which interacted with the molecules. In this way, the researchers were able to precisely measure the energies of electrons inside each molecule. When the researchers analyzed their measurements, they noticed that the electrons carried slightly different energies than expected if they had remained outside the nucleus. The difference was incredibly small, only about one millionth of the energy of the laser photon used to excite the molecules, but it was clear evidence that the electrons had entered the radium nucleus and interacted with its protons and neutrons... The researchers plan to use this new technique to create a detailed map of how forces are distributed inside the nucleus... to chart the nucleus with greater precision and search for possible violations of fundamental symmetries in nature. "It is thought that additional sources of fundamental symmetry violation are required to explain the almost complete absence of antimatter in our universe," the article points out. "Such violations could be seen within the nuclei of certain atoms such as radium... "Unlike most atomic nuclei, which are spherical in shape, the radium atom's nucleus has a more asymmetrical configuration, similar to a pear. Scientists predict that this pear shape could significantly enhance their ability to sense the violation of fundamental symmetries, to the extent that they may be potentially observable."

Read more of this story at Slashdot.

The new Fedora Linux, Chrome's big changes, and more: News roundup  How-To Geek

Arch Linux’s November 2025 ISO and Archinstall 3.0.12 Installer Are Out Now  9to5Linux

Archinstall 3.0.12 & Pacman 7.1 Released For Arch Linux Users  Phoronix

An anonymous reader quotes a report from CNBC: Korean semiconductor giant Samsung said Thursday that it plans to buy and deploy a cluster of 50,000 Nvidia graphics processing units to improve its chip manufacturing for mobile devices and robots. The 50,000 Nvidia GPUs will be used to create a facility Samsung is calling an "AI Megafactory." Samsung didn't provide details about when the facility would be built. It's the latest splashy partnership for Nvidia, whose chips remain essential for building and deploying advanced artificial intelligence. [...] On Thursday, Nvidia representatives said they will work with Samsung to adapt the Korean company's chipmaking lithography platform to work with Nvidia's GPUs. That process will results in 20 times better performance for Samsung, the Nvidia representatives said. Samsung will also use Nvidia's simulation software called Omniverse. Known for its mobile phones, Samsung also said it would use the Nvidia chips to run its own AI models for its devices. In addition to being a partner and customer, Samsung is also a key supplier for Nvidia. Samsung makes the kind of high-performance memory Nvidia uses in large quantities, alongside its AI chips, called high bandwidth memory. Samsung said it will work with Nvidia to tweak its HBM4 memory for use in AI chips.

Read more of this story at Slashdot.

This Linux app makes mouse gestures so powerful, you’ll forget about your keyboard  How-To Geek

Terminal Geeks Rejoice! Proton VPN's Long-Awaited Linux CLI is Finally Here  It's FOSS News

AMD Acknowledges RDSEED Failure On AMD Zen 5 With Software Fix Coming  Phoronix

Longtime Slashdot reader AmiMoJo shares a report from the Financial Times: Solar power developers want to cover an area larger than Washington, DC, with silicon panels and batteries, converting sunlight into electricity that will power air conditioners in sweltering Las Vegas along with millions of other homes and businesses. But earlier this month, bureaucrats in charge of federal lands scrapped collective approval for the Esmeralda 7 projects, in what campaigners fear is part of an attack on renewable energy under President Donald Trump. "We will not approve wind or farmer destroying [sic] Solar," he posted on his Truth Social platform in August. Developers will need to reapply individually, slowing progress. Thousands of miles away on the other side of the Pacific Ocean, it is a different story. China has laid solar panels across an area the size of Chicago high up on the Tibetan Plateau, where the thin air helps more sunlight get through. The Talatan Solar Park is part of China's push to double its solar and wind generation capacity over the coming decade. "Green and low-carbon transition is the trend of our time," President Xi Jinping told delegates at a UN summit in New York last month. China's vast production of solar panels and batteries has also pushed down the prices of renewables hardware for everyone else, meaning it has "become very difficult to make any other choice in some places," according to Heymi Bahar, senior analyst at the International Energy Agency. [...] More broadly, the US's focus on fossil fuels and pullback of support for clean energy further cedes influence over the future global energy system to China. The US is trying to tie its trading partners into fossil fuels, pressing the EU to buy $750 billion of American oil, natural gas, and nuclear technologies during his presidency as part of a trade deal, scuppering an initiative to begin decarbonizing world shipping and pressuring others to reduce their reliance on Chinese technology. But the collapsing cost of solar panels in particular has spoken for itself in many parts of the world. Experts caution that the US's attacks on renewables could cause lasting damage to its competitiveness against China, even if an administration more favorable to renewables were to follow Trump's.

Read more of this story at Slashdot.

CISA Issues Warning: Hackers Exploit Linux Vulnerability to Spread Ransomware  Cyber Press

According to the Wall Street Journal, SpaceX is reportedly poised to secure a $2 billion Pentagon contract to develop hundreds of missile-tracking satellites for President Trump's ambitious Golden Dome defense system. The Independent reports: The planned "air moving target indicator" system in question could ultimately feature as many as 600 satellites once it is fully operational, The Wall Street Journal reports. Musk's company has also been linked to two more satellite ventures, which are concerned with relaying sensitive communications and tracing vehicles, respectively. Golden Dome, inspired by Israel's "Iron Dome," was announced by Trump and Secretary of War Pete Hegseth at the White House in May and will amount to a complex system of satellites and weaponry capable of destroying incoming missiles before they hit American targets. The president promised it would be "fully operational" before he leaves office in January 2029, capable of intercepting rockets, "even if they are launched from space," with an overall price tag of $175 billion.

Read more of this story at Slashdot.

CISA Alerts on Linux Kernel Vulnerability Exploited in Ransomware Attacks  GBHackers News

November 1 Tech news roundup: Fedora Linux 43 released, Xbox consoles sales drop again, Samsung Internet Browser for PC launched  FileHippo

November 1 Tech news roundup: Fedora Linux 43 released, Xbox consoles sales drop again, Samsung Internet Browser for PC launched  FileHippo

The best VPN services for Linux in 2025  igor´sLAB

An anonymous reader quotes a report from Gizmodo: It's time for Xbox to eat some humble pie and perform some real soul-searching. Microsoft released its latest quarterly earnings report and proved the worst of our fears about its gaming brand. Not only are Xbox hardware sales down significantly, but the brand itself is barely treading water. Gamers are voicing their displeasure with their wallets, but Microsoft's top brass is still only thinking about the margins. Microsoft was more keen to promote the scale of its cloud and AI services revenue -- which was up 28% year over year -- than talk about its beleaguered gaming brand. The company's overall gaming revenue fell by 2% compared to the same time last year. This was precipitated by a "decline in Xbox hardware," which was down by 22% following a steady decline quarter after quarter. Its first-party games and its Game Pass subscription were doing better, though the overall growth was only up by 1%, and even that was driven by the "better-than-expected performance" of third-party games. You can give credit to titles like Clair Obscur: Expedition 33 for why Xbox isn't in an even deeper hole than it is now. The tech giant has no expectation that its Xbox brand will start making more money anytime soon. In its earnings call with investors, Microsoft Chief Financial Officer Amy Hood said the company expects Xbox will continue to decline "in the low to mid-single digits" for the following quarter. That's mostly due to the lack of landmark first-party titles. Just this month, Xbox released Ninja Gaiden 4, The Outer Worlds 2, and Double Fine's The Keeper. Xbox also made a huge marketing push for its first handheld, made in partnership with Asus, the ROG Xbox Ally and Ally X. In any other year, this would be a big month for any gaming company. The dour outlook comes after months of bad news. After two subsequent price hikes, Xbox Series S and Series X consoles now cost between $100 to $150 more than they did at launch five years ago. Microsoft also pushed prices of its Game Pass Ultimate subscription tier from $20 to $30 per month. A full-year's subscription would now demand $360. In a separate article, Gizmodo reviews Microsoft's new ROG Xbox Ally X handheld, which "offers a better experience overall" than the "other small-scale Windows PC gaming devices released this year." However, "it's still nowhere close to what you truly want from a console."

Read more of this story at Slashdot.

OpenAI has introduced Aardvark, a GPT-5-powered autonomous agent that scans, reasons about, and patches code like a human security researcher. "By embedding itself directly into the development pipeline, Aardvark aims to turn security from a post-development concern into a continuous safeguard that evolves with the software itself," reports InfoWorld. From the report: What makes Aardvark unique, OpenAI noted, is its combination of reasoning, automation, and verification. Rather than simply highlighting potential vulnerabilities, the agent promises multi-stage analysis -- starting by mapping an entire repository and building a contextual threat model around it. From there, it continuously monitors new commits, checking whether each change introduces risk or violates existing security patterns. Additionally, upon identifying a potential issue, Aardvark attempts to validate the exploitability of the finding in a sandboxed environment before flagging it. This validation step could prove transformative. Traditional static analysis tools often overwhelm developers with false alarms -- issues that may look risky but aren't truly exploitable. "The biggest advantage is that it will reduce false positives significantly," noted Jain. "It's helpful in open source codes and as part of the development pipeline." Once a vulnerability is confirmed, Aardvark integrates with Codex to propose a patch, then re-analyzes the fix to ensure it doesn't introduce new problems. OpenAI claims that in benchmark tests, the system identified 92 percent of known and synthetically introduced vulnerabilities across test repositories, a promising indication that AI may soon shoulder part of the burden of modern code auditing.

Read more of this story at Slashdot.