Feed aggregator

An anonymous reader quotes a report from Cyber Press: A newly uncovered Chinese threat group, DarkSpectre, has been linked to one of the most widespread browser-extension malware operations to date, compromising more than 8.8 million users of Chrome, Edge, Firefox, and Opera over the past seven years. According to research by Koi.ai, the group operates three interconnected campaigns: ShadyPanda, GhostPoster, and a newly identified one named The Zoom Stealer, forming a single, strategically organized operation. DarkSpectre's structure differs from that of ordinary cybercrime operations. The group runs separate but interconnected malware clusters, each with distinct goals. The ShadyPanda campaign, responsible for 5.6 million infections, focuses on long-term user surveillance and e-commerce affiliate fraud. Its extensions have appeared legitimate for years, offering new tab pages and translation utilities, before secretly downloading malicious configurations from command-and-control servers such as jt2x.com and infinitynewtab.com. Once activated, they inject remote scripts, hijack search results, and track browsing activity. The second campaign, GhostPoster, spreads via Firefox and Opera extensions that conceal malicious payloads in PNG images via steganography. After lying dormant for several days, the extensions extract and execute JavaScript hidden within images, enabling stealthy remote code execution. This campaign has affected over one million users and relies on domains like gmzdaily.com and mitarchive.info for payload delivery. The most recent discovery, The Zoom Stealer, exposes around 2.2 million users to corporate espionage. These extensions masquerade as productivity tools or video downloaders while secretly harvesting corporate meeting links, credentials, and speaker profiles from more than 28 video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The extensions use real-time WebSocket connections to exfiltrate data to Firebase databases, such as zoocorder.firebaseio.com, and to Google Cloud functions, such as webinarstvus.cloudfunctions.net.

Read more of this story at Slashdot.

OpenAI is paying employees more than any major tech startup in history, with average stock-based compensation hitting roughly $1.5 million per worker in 2025. "That is more than seven times higher than the stock-based pay Google disclosed in 2003, before it filed for an initial public offering in 2004," reports the Wall Street Journal. "The $1.5 million is about 34 times the average employee compensation of 18 other large tech companies in the year before they went public." From the report: To keep its lead in the AI race, OpenAI is doling out massive stock compensation packages to top researchers and engineers, making them some of the richest employees in Silicon Valley. The equity awards are inflating the company's heavy operating losses and diluting existing shareholders at a rapid clip. As an AI arms race intensified this summer, frontier labs such as OpenAI faced pressure to increase employee pay after Meta Platforms Chief Executive Mark Zuckerberg began offering pay packages worth hundreds of millions of dollars -- and in some rare cases $1 billion -- to top executives and researchers at rival companies. Zuckerberg's recruiting blitz swept up 20-plus OpenAI personnel, including ChatGPT co-creator Shengjia Zhao. In August, OpenAI gave some of its research and engineering staff a one-time bonus, with some employees receiving millions of dollars, The Wall Street Journal previously reported. The financial data, shared with investors over the summer, shows that OpenAI's stock-based compensation was expected to increase by about $3 billion annually through 2030. The company recently told staff it would discontinue a policy that required employees to work at OpenAI for at least six months before their equity vests. That development could lead to further compensation increases. OpenAI's compensation as a percentage of revenue was set to reach 46% in 2025, the highest of any of the 18 companies except for Rivian, which didn't generate revenue the year before its IPO. Palantir's stock-based compensation equaled 33% of its revenue the year before its IPO in 2020, Google's was 15% and Facebook's was 6%, the analysis shows. On average, each company's stock-based compensation made up about 6% of revenue among tech companies the Journal analyzed in the year before their IPOs, according to the Equilar data.

Read more of this story at Slashdot.

Reuters reports that the United States Department of the Treasury under the Donald Trump administration has lifted sanctions on three executives linked to the spyware firm Intellexa. Reuters reports: The move partially reverses the imposition of sanctions last year by then-President Joe Biden's administration on seven people tied to Intellexa. The Treasury Department at the time described the consortium, opens new tab, launched by former Israeli intelligence official Tal Dilian, as "a complex international web of decentralized companies that built and commercialized a comprehensive suite of highly invasive spyware products." Treasury said in an email that the removal "was done as part of the normal administrative process in response to a petition request for reconsideration." It added that each of the individuals had "demonstrated measures to separate themselves from the Intellexa Consortium." The notice said sanctions were lifted on Sara Hamou, whom the U.S. government accused of providing managerial services to Intellexa, Andrea Gambazzi, whose company was alleged by the U.S. government to have held the distribution rights to the Predator spyware, and Merom Harpaz, described by U.S. officials as a top executive in the consortium.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Guardian: France intends to follow Australia and ban social media platforms for children from the start of the 2026 academic year. A draft bill preventing under-15s from using social media will be submitted for legal checks and is expected to be debated in parliament early in the new year. The French president, Emmanuel Macron, has made it clear in recent weeks that he wants France to swiftly follow Australia's world-first ban on social media platforms for under-16s, which came into force in December. It includes Facebook, Snapchat, TikTok and YouTube. Le Monde and France Info reported on Wednesday that a draft bill was now complete and contained two measures: a ban on social media for under-15s and a ban on mobile phones in high schools, where 15- to 18-year-olds study. Phones have already been banned in primary and middle schools. The bill will be submitted to France's Conseil d'Etat for legal review in the coming days. Education unions will also look at the proposed high-school ban on phones. The government wants the social media ban to come into force from September 2026. Le Monde reported the text of the draft bill cited "the risks of excessive screen use by teenagers," including the dangers of being exposed to inappropriate social media content, online bullying, and altered sleep patterns. The bill states the need to "protect future generations" from dangers that threaten their ability to thrive and live together in a society with shared values. Earlier this month, Macron confirmed at a public debate in Saint Malo that he wanted a social media ban for young teenagers. He said there was "consensus being shaped" on the issue after Australia introduced its ban. "The more screen time there is, the more school achievement drops the more screen time there is, the more mental health problems go up," he said. He used the analogy of a teenager getting into a Formula One racing car before they had learned to drive. "If a child is in a Formula One car and they turn on the engine, I don't want them to win the race, I just want them to get out of the car. I want them to learn the highway code first, and to ensure the car works, and to teach them to drive in a different car."

Read more of this story at Slashdot.

New Jersey has found its answer to the relentless flooding that has plagued the state's coastal and inland communities for decades: buy the homes, demolish them and turn the land back into open space permanently. The state's Blue Acres program has acquired some 1,200 properties since 1995, spending more than $234 million in federal and state funds to pay fair market value to homeowners exhausted by repeated floods from tropical storms, nor'easters, and heavy rain. A Georgetown Climate Center report this month called the program a national model, crediting its success to faster processing than federal buyout programs, stable state funding and case managers who guide each homeowner through the process. The demolished homes become grass lots that absorb rainwater far better than concrete and asphalt. Manville, a borough of 11,000 at the confluence of two rivers about 25 miles southwest of Newark, has sold 120 homes to the state for roughly $22 million between 2015 and 2024. Another 53 buyouts are underway there. The need for such programs is only growing. Sea levels along the New Jersey coast rose about 1.5 feet over the past century -- more than double the global rate -- and a Rutgers study predicts a further increase of 2.2 to 3.8 feet by 2100. A November report from the Natural Resources Defense Council noted that billions in previously approved FEMA resilience grants have already been cancelled, making state-run initiatives like Blue Acres increasingly essential.

Read more of this story at Slashdot.

An anonymous reader shares a report: Getting to space is hard. In many ways, getting back is even harder. NASA soon aims to pull off the kind of re-entry it last conducted more than 50 years ago: safely returning astronauts to Earth after they fly to the moon and back. The mission is a big moment for NASA, which will put a crew on its Orion ship for the first time. The flight will test the spacecraft's heat shield, designed to protect the astronauts on board. Re-entries of vehicles from orbit remain one of the high-stakes parts of any human spaceflight, given the stress they put on spacecraft. In 2003, NASA's Columbia Space Shuttle broke apart as it came back from low-Earth orbit due to a breach on the vehicle that occurred during launch. All seven astronauts on board were killed. Orion will be coming back to Earth from much further away than low-Earth orbit, where all recent human spaceflights have been conducted. That means its velocity and the energy it needs to disperse will be greater, putting even more stress on the heat shield. During a test flight in 2022 that didn't include astronauts, Orion's heat shield didn't perform as expected. That sparked worries about crew safety on future missions, prompting NASA to investigate and address what happened. NASA will launch Orion with the astronauts on board as soon as February. [...] When the vehicle initially re-enters the Earth's atmosphere, it will be traveling around 25,000 miles an hour and face temperatures of 5,000 degrees as it slows down. The Orion craft, developed by Lockheed Martin for NASA, has a shield that is almost 17 feet in diameter. Installed on the vehicle's underside, the shield is covered in what is called an "ablative" material, which is designed to shift heat away from the craft during re-entry by burning off in a controlled manner.

Read more of this story at Slashdot.

JPMorgan Chase is now fighting to avoid paying $10.2 million in disputed legal charges racked up by Charlie Javice, the convicted founder of student-finance startup Frank, after court filings revealed her defense team billed more than $5 million simply for attending her fraud trial -- including on days when court wasn't even in session. A previously sealed Delaware court filing [PDF] released Monday showed that Javice's total legal tab has reached $74 million, far exceeding the $30 million Elizabeth Holmes spent defending herself in the Theranos case. JPMorgan claims the five law firms representing Javice operated under the mindset that "someone else is paying her bills." The bank's filing focused on Quinn Emanuel and Mintz Levin, the two largest firms on Javice's defense. JPMorgan said Javice had between 16 and 29 lawyers and legal staff present every day of her six-week trial, billing an average of $360,000 daily. No more than four lawyers had speaking roles. Among the 2,377 pages of receipts submitted for March: a Cookie Monster toddler's toy, lavender and jasmine sachets, 57 hotel room upgrades at $300 per night, and a $900 meal at Koloman, a highly rated New York restaurant. A New York jury found Javice guilty in March of misleading JPMorgan into acquiring Frank for $175 million by fabricating millions of fake users. She was sentenced in September to seven years in prison but remains free on bail pending her appeal.

Read more of this story at Slashdot.

The fight over net neutrality saw another turbulent year in 2025, as federal protections that seemed poised for a comeback in 2024 were first struck down by a court and then preemptively removed by the Trump administration's FCC without a chance for public comment. The removal, The Verge summarizes in a report, was part of Chairman Brendan Carr's "Delete, Delete, Delete" initiative targeting what the agency deems unnecessary regulations. Federal net neutrality rules have now been on and off for 15 years, passing under Obama in 2010, returning in 2015, getting overturned in 2017, and briefly revived in 2024 before courts struck them down again. Matt Wood, vice president of policy and general counsel at nonprofit Free Press, told The Verge that ISPs often feel little financial impact from these rules. "A lot of their complaints about the supposed 'burdens' from these rules are really just ideological in nature," Wood said. States have filled the void. California's 2018 law remains the nation's gold standard, and Maine passed a bipartisan bill in June. John Bergmayer, legal director at Public Knowledge, said state-level laws and the threat of new ones "has kept some of the worst outcomes in check." The National Telecommunications and Information Administration is now pressuring states to exempt ISPs from net neutrality laws to remain eligible for broadband infrastructure funding. Chao Jun Liu of the Electronic Frontier Foundation summed up the year's pattern: "ISPs just want to do whatever they want to do with no limits and nobody telling them how to do it."

Read more of this story at Slashdot.

A large-scale study tracking more than 27,500 middle-aged and elderly people over roughly nine years has found that poor sleep quality is associated with accelerated brain aging, and chronic inflammation appears to be one of the key mechanisms driving this effect. Researchers at Sweden's Karolinska Institute assessed participants' sleep across five dimensions -- chronotype, duration, insomnia, snoring and daytime sleepiness -- and later scanned their brains using MRI to estimate biological brain age through machine learning models. The results? For every point decrease in healthy sleep score, the gap between brain age and chronological age widened by approximately six months. Those in the poorest sleep category had brains that appeared roughly one year older than their actual age. Night-owl tendencies, sleep duration outside the 7-8 hour sweet spot and snoring were particularly strongly linked to brain aging. The researchers measured low-grade inflammation using biomarkers including C-reactive protein levels and white blood cell counts. Inflammation accounted for more than 10% of the association between poor sleep patterns and brain aging. The glymphatic system, which clears waste from the brain primarily during sleep, may also play a role, the research added.

Read more of this story at Slashdot.

Another year wraps up, and with it comes the annual ritual of taking stock. What were the movies, TV shows and books from this year that stood out to you? Not necessarily the ones that dominated conversation or topped charts, but the ones you found yourself recommending to friends, or returning to for a second watch or read. Share your picks and, if you're inclined, a line or two on what made them stick.

Read more of this story at Slashdot.

Colossal Biosciences, the Texas-based startup now valued at more than $10 billion that has attracted investments from Paris Hilton, Peter Jackson and Tom Brady, claimed earlier this year to have resurrected the dire wolf -- an animal that disappeared at the end of the last ice age -- but a group of leading canid experts concluded the company had done no such thing. The scientists found that Colossal had made 20 edits to the DNA of grey wolves and the resulting animals did not substantially differ from wolves currently roaming North America. Beth Shapiro, Colossal's own chief scientist, acknowledged to New Scientist: "It's not possible to bring something back that is identical to a species that used to be alive. Our animals are grey wolves with 20 edits that are cloned." Nic Rawlence, director of the palaeogenetics laboratory at the University of Otago in New Zealand, added: "Rather than true de-extinction, Colossal's attempts are genetically engineered poor copies at best, passed off as the real deal." The company has nevertheless pressed forward. It has launched projects to revive the Tasmanian tiger, the dodo, and the moa and plans to unveil its interpretation of the woolly mammoth -- a genetically modified Asian elephant adapted to survive at -40C -- in the coming years. The Trump administration cited the dire wolf announcement while making efforts to cut the US endangered species list, calling de-extinction technology a potential "bedrock for modern species conservation."

Read more of this story at Slashdot.

Starting in July 2026, every public school district in California will be required to have policies on the books that restrict or prohibit students from using smartphones during the school day, thanks to Assembly Bill 3216 that Governor Gavin Newsom signed into law back in 2024. The legislation also mandates that districts update these policies every five years. Newsom had previously signed related legislation in 2019, though that earlier law merely affirmed that school districts have the authority to regulate smartphone use rather than requiring them to do so.

Read more of this story at Slashdot.

Wow! After years of hard work and countless commits, we have finally reached a huge milestone: GIMP 3.0 is officially released! I am excited as I write this and can't wait to share some incredible new features and improvements in this release. GIMP 2.10 was released in 2018, and the first development version of GIMP 3.0 came out in 2020. GIMP 3.0 released on 16/March/2025. Let us explore how to download and install GIMP 3.0, as well as the new features in this version. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post Download of the day: GIMP 3.0 is FINALLY Here! appeared first on nixCraft. 2025-03-18T03:45:26Z 2025-03-18T03:45:26Z Vivek Gite

Here is a quick list of all upgradeable packages on FreeBSD using pkg command. This is equivalent to apt list --upgradable command on my Debian or Ubuntu Linux system. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post How to list upgradeable packages on FreeBSD using pkg appeared first on nixCraft. 2025-03-16T20:25:39Z 2025-03-16T20:25:39Z Vivek Gite

In a move that has sparked significant discussion within the Ubuntu Linux fan-base and community, Canonical, the company behind Ubuntu, has announced its intention to explore the potential replacement of GNU Core Utilities with the Rust-based "uutils" project. They plan to introduce new changes in Ubuntu Linux 25.10, eventually changing it to Ubuntu version 26.04 LTS release in 2026 as Ubuntu is testing Rust 'uutils' to overhaul its core utilities potentially. Let us find out the pros and cons and what this means for you as an Ubuntu Linux user, IT pro, or developer. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post Ubuntu to Explore Rust-Based “uutils” as Potential GNU Core Utilities Replacement appeared first on nixCraft. 2025-03-16T12:17:36Z 2025-03-16T12:17:36Z Vivek Gite

Installing KSH (KornShell) on FreeBSD can be done with either FreeBSD ports or the pkg command. The ports collection will download the KSH source code, compile it, and install it on the system. The pkg method is easier, and it will download a pre-compiled binary package. Hence, it is recommended for all users. KornShell (KSH) has a long history, and many older Unix systems and scripts rely on it. As a result, KSH remains relevant for maintaining and supporting legacy infrastructure. Large enterprises, especially those with established Unix-based systems, continue to use KSH for scripting and system administration tasks. Some industries where KSH is still commonly used include finance and telecommunications. While Bash has become the dominant shell in many Linux distributions, KSH still holds a significant presence in Unix-like environments, particularly in legacy systems. Therefore, installing KSH and practicing with it is worthwhile if you plan to work in such environments. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post How to install KSH on FreeBSD appeared first on nixCraft. 2025-03-03T23:50:59Z 2025-03-03T23:50:59Z Vivek Gite

Sed is an acronym for "stream editor." A stream refers to a source or destination for bytes. In other words, sed can read its input from standard input (stdin), apply the specified edits to the stream, and automatically output the results to standard output (stdout). Sed syntax allows an input file to be specified on the command line. However, the syntax does not directly support output file specification; this can be achieved through output redirection or editing files in place while making a backup of the original copy optionally. Sed is one of the most powerful tools on Linux and Unix-like systems. Learning it is worthwhile, so in this tutorial, we will start with the sed command syntax and examples. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post Linux Sed Tutorial: Learn Text Editing with Syntax & Examples appeared first on nixCraft. 2025-03-03T09:47:07Z 2025-03-03T09:47:07Z Vivek Gite

Keeping your FreeBSD server or workstation updated is crucial for security and stability. However, after applying updates, especially kernel updates, you might wonder, "Do I need to reboot my system?" Let's simplify this process and provide a straightforward method for determining whether a reboot is necessary using the CLI, shell script, and ansible playbook. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post How to tell if FreeBSD needs a Reboot using kernel version check appeared first on nixCraft. 2025-02-23T22:07:23Z 2025-02-23T22:07:23Z Vivek Gite

Rsync is a opensource command-line tool in Linux, macOS, *BSD and Unix-like systems that synchronizes files and directories. It is a popular tool for sending or receiving files, making backups, or setting up mirrors. It minimizes data copied by transferring only the changed parts of files, making it faster and more bandwidth-efficient than traditional copying methods provided by tools like sftp or ftp-ssl. Rsync versions 3.3.0 and below has been found with SIX serious vulnerabilities. Attackers could exploit these to leak your data, corrupt your files, or even take over your system. There is a heap-based buffer overflow with a CVSS score of 9.8 that needs to be addressed on both the client and server sides of rsync package. Apart from that info leak via uninitialized stack contents defeats ASLR protection and rsync server can make client write files outside of destination directory using symbolic links. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post Critical Rsync Vulnerability Requires Immediate Patching on Linux and Unix systems appeared first on nixCraft. 2025-01-15T18:04:24Z 2025-01-15T18:04:24Z Vivek Gite

Multiplexing will boost your SSH connectivity or speed by reusing existing TCP connections to a remote host. This is useful when you frequently connect to the same server using SSH protocol for remote login, server management, using IT automation tools over SSH or even running hourly backups. However, sometimes your SSH command (client) will not respond or get hung up on the session when using multiplexing. Typically, this happens when your public IP changes (IPv4 to IPv6 changes when using DNS names), VPN issues, or firewall cuts connections. Hence, knowing SSH client control commands can save you time and boost your productivity when such gotchas occur. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post How to control the SSH multiplexing with the control commands appeared first on nixCraft. 2025-01-15T08:29:10Z 2025-01-15T08:29:10Z Vivek Gite