Tech News
Tests Find AI Toys Parroting Chinese Communist Party Values
technology - Posted On:2025-12-18 14:45:00 Source: slashdot
A plush AI toy marketed for children as young as three years old delivers detailed instructions on sharpening knives and lighting matches, and when asked about Chinese President Xi Jinping's resemblance to Winnie the Pooh -- a comparison censored in China -- responds that "your statement is extremely inappropriate and disrespectful." The Miriat Miiloo, manufactured by a Chinese company and among the top inexpensive results for "AI toy for kids" on Amazon, repeatedly insisted in NBC News tests that Taiwan is "an inalienable part of China." The toy would lower its voice and declare this "an established fact." The tests, NBC News reports, indicated "it was programmed to reflect Chinese Communist Party values." NBC News and the U.S. Public Interest Research Group tested five popular AI toys this holiday season and found loose guardrails across the board. Another toy, the Alilo Smart AI Bunny marketed as "the best gift for little ones," engaged in detailed descriptions of BDSM practices during extended conversation. China now has more than 1,500 registered AI toy companies, according to MIT Technology Review. Miriat didn't respond to requests for comment. Read more of this story at Slashdot.
World-Beating 55,000% Surge in India AI Stock Fuels Bubble Fears
technology - Posted On:2025-12-18 11:15:00 Source: slashdot
The world's best-performing stock is turning into a cautionary tale for investors chasing outsized returns from the AI boom. From a report: Little-known until recently even within its home market of India, RRP Semiconductor Ltd. became a social-media obsession as its shares surged more than 55,000% in the 20 months through Dec. 17 -- by far the biggest gain worldwide among companies with a market value above $1 billion. That's despite posting negative revenue in its latest financial results, reporting just two full-time employees in its latest annual report, and boasting only a tenuous link to the semiconductor spending boom after shifting away from real estate in early 2024. A mix of online hype, a tiny free float and India's swelling base of retail investors drove 149 straight limit-up sessions, even as exchange officials and the company itself cautioned investors. The rally is now showing signs of strain -- and regulators are taking a closer look. The Securities and Exchange Board of India has begun examining the surge in RRP's shares for potential wrongdoing, according to a person familiar with the matter who asked not to be identified discussing confidential information. The $1.7 billion stock, recently restricted by its exchange to trading just once a week, has fallen by 6% from its Nov. 7 peak. Read more of this story at Slashdot.
Micron Says Memory Shortage Will 'Persist' Beyond 2026
it - Posted On:2025-12-18 10:45:00 Source: slashdot
Micron, one of the world's three largest memory suppliers, expects the global shortage of DRAM and NAND flash memory to "persist through and beyond" 2026 as AI-driven demand continues to outstrip supply. CEO Sanjay Mehrotra made the forecast during the company's latest earnings call on Wednesday, saying that "supply will remain substantially short of the demand for the foreseeable future." The company posted record quarterly revenue of $13.64 billion, up from $8.71 billion in the same period last year. Micron recently shuttered Crucial, its consumer-facing brand, to focus on high-bandwidth memory for AI data centers. HBM technology requires three times the silicon wafers of standard DRAM, leaving fewer resources for the chips that go into PCs, smartphones and cars. Micron plans to boost DRAM and NAND shipments by 20 percent next year but acknowledged this won't meet demand. New facilities in Idaho and New York are slated for 2027 and 2030 respectively. Read more of this story at Slashdot.
Doublespeed Hack Reveals What Its AI-Generated Accounts Are Promoting
technology - Posted On:2025-12-18 08:15:00 Source: slashdot
An anonymous reader quotes a report from 404 Media: Doublespeed, a startup backed by Andreessen Horowitz (a16z) that uses a phone farm to manage at least hundreds of AI-generated social media accounts and promote products has been hacked. The hack reveals what products the AI-generated accounts are promoting, often without the required disclosure that these are advertisements, and allowed the hacker to take control of more than 1,000 smartphones that power the company. The hacker, who asked for anonymity because he feared retaliation from the company, said he reported the vulnerability to Doublespeed on October 31. At the time of writing, the hacker said he still has access to the company's backend, including the phone farm itself. "I could see the phones in use, which manager (the PCs controlling the phones) they had, which TikTok accounts they were assigned, proxies in use (and their passwords), and pending tasks. As well as the link to control devices for each manager," the hacker told me. "I could have used their phones for compute resources, or maybe spam. Even if they're just phones, there are around 1100 of them, with proxy access, for free. I think I could have used the linked accounts by puppeting the phones or adding tasks, but haven't tried." As I reported in October, Doublespeed raised $1 million from a16z as part of its "Speedrun" accelerator program, "a fastpaced, 12-week startup program that guides founders through every critical stage of their growth." Doublespeed uses generative AI to flood social media with accounts and posts to promote certain products on behalf of its clients. Social media companies attempt to detect and remove this type of astroturfing for violating their inauthentic behavior policies, which is why Doublespeed uses a bank of phones to emulate the behavior of real users. So-called "click farms" or "phone farms" often use hundreds of mobile phones to fake online engagement of reviews for the same reason. [...] I've seen TikTok accounts operated by Doublespeed promote language learning apps, dating apps, a Bible app, supplements, and a massager. Read more of this story at Slashdot.
Linux Kernel Rust Code Sees Its First CVE Vulnerability
it - Posted On:2025-12-17 16:45:00 Source: slashdot
Longtime Linux developer Greg Kroah-Hartman announced that the Linux kernel has received its first CVE tied to Rust code. Phoronix reports: This first CVE (CVE-2025-68260) for Rust code in the Linux kernel pertains to the Android Binder rewrite in Rust. There is a race condition that can occur due to some noted unsafe Rust code. That code can lead to memory corruption of the previous/next pointers and in turn cause a crash. This CVE for the possible system crash is for Linux 6.18 and newer since the introduction of the Rust Binder driver. At least though it's just a possible system crash and not any more serious system compromise with remote code execution or other more severe issues. Read more of this story at Slashdot.
Google Releases Gemini 3 Flash, Promising Improved Intelligence and Efficiency
technology - Posted On:2025-12-17 15:45:01 Source: slashdot
An anonymous reader quotes a report from Ars Technica: Google began its transition to Gemini 3 a few weeks ago with the launch of the Pro model, and the arrival of Gemini 3 Flash kicks it into high gear. The new, faster Gemini 3 model is coming to the Gemini app and search, and developers will be able to access it immediately via the Gemini API, Vertex AI, AI Studio, and Antigravity. Google's bigger gen AI model is also picking up steam, with both Gemini 3 Pro and its image component (Nano Banana Pro) expanding in search. This may come as a shock, but Google says Gemini 3 Flash is faster and more capable than its previous base model. As usual, Google has a raft of benchmark numbers that show modest improvements for the new model. It bests the old 2.5 Flash in basic academic and reasoning tests like GPQA Diamond and MMMU Pro (where it even beats 3 Pro). It gets a larger boost in Humanity's Last Exam (HLE), which tests advanced domain-specific knowledge. Gemini 3 Flash has tripled the old models' score in HLE, landing at 33.7 percent without tool use. That's just a few points behind the Gemini 3 Pro model. Gemini 3 Flash has been been significantly improved in terms of factual accuracy, scoring 68.7% on Simple QA Verified, which is up from 28.1% in the previous model. It's also designed as a high-efficiency model that's suitable for real-time and high-volume workloads. According to Google, Gemini 3 Flash is now the default model for AI Mode in Google Search. Read more of this story at Slashdot.
Browser Extensions With 8 Million Users Collect Extended AI Conversations
technology - Posted On:2025-12-17 14:45:00 Source: slashdot
An anonymous reader shares a report: Browser extensions with more than 8 million installs are harvesting complete and extended conversations from users' AI conversations and selling them for marketing purposes, according to data collected from the Google and Microsoft pages hosting them. Security firm Koi discovered the eight extensions, which as of late Tuesday night remained available in both Google's and Microsoft's extension stores. Seven of them carry "Featured" badges, which are endorsements meant to signal that the companies have determined the extensions meet their quality standards. The free extensions provide functions such as VPN routing to safeguard online privacy and ad blocking for ad-free browsing. All provide assurances that user data remains anonymous and isn�(TM)t shared for purposes other than their described use. Read more of this story at Slashdot.
Google Sues Alleged Chinese Scam Group Behind Massive US Text Message Phishing Ring
technology - Posted On:2025-12-17 11:30:00 Source: slashdot
Google is suing a Chinese-speaking cybercriminal group it says is responsible for a massive wave of scam text messages sent to Americans this year, according to a legal complaint filed Tuesday. From a report: The group, known as Darcula, sells software that allows users to send phishing text messages en masse, impersonating organizations like the IRS or the U.S. Postal Service in scams. The lawsuit is designed to give Google legal standing so U.S. courts will allow it to seize websites the group uses, hampering their operations, a spokesperson said. Darcula is possibly the most prominent name in an emerging, loosely affiliated cybercrime world that creates and sells hacking programs for aspiring scammers to use. Darcula's signature program, called Magic Cat, provides an easy-to-use, intuitive way for cybercriminals without advanced hacking skills to quickly spam millions of phone numbers with links to fake websites impersonating businesses like YouTube's premium service, then steal the credit card numbers victims put in. Read more of this story at Slashdot.
Meta Is Considering Charging Business Pages To Post Links
technology - Posted On:2025-12-17 10:30:00 Source: slashdot
Meta is informing some users that they will soon be restricted in how many link posts they can share each month, unless they pay for its Meta Verified subscription service. As per the notification message: "Starting December 16, certain Facebook profiles without Meta Verified, including yours, will be limited to sharing links in 2 organic posts per month. Subscribe to Meta Verified to share more links on Facebook, plus get a verified badge and additional benefits to help protect your brand." To be clear, right now this is a limited test, so relatively few Pages are impacted. But understandably, a lot of users are also seeking more information on the change, and whether it could be expanded to all Pages. So, Meta's seeking to boost take-up of Meta Verified, in order to make more money out of its subscription option, which, for business users, costs between $14.99 and $499 per month, depending on which package you choose. Read more of this story at Slashdot.
EU Moves To Ease 2035 Ban On Internal Combustion Cars
technology - Posted On:2025-12-16 20:45:00 Source: slashdot
The EU is moving to soften its planned 2035 ban on internal combustion cars by allowing a small share of low-emission engines. "The less stringent limit would leave room for automakers to continue selling some plug-in hybrids, which have both electric and internal combustion engines and can use the combustion engine to recharge the battery without the need to find a charging station," reports the Associated Press. From the report: The proposal from the EU's executive commission would change provisions of 2023 legislation requiring average emissions in new cars to equal zero, or a 100% reduction from 2021 levels. The new proposal would require a 90% emissions reduction. That means in practical terms that most cars would be battery-only but would leave room for some cars with internal combustion engines. Automakers would have to compensate for the added emissions by using European steel produced by methods that emit less carbon, and through use of climate neutral e-fuels made from renewable electricity and captured carbon dioxide and biofuels made from plants. EU officials say changing the limit will not affect progress toward making the 27-country bloc's economy climate neutral by 2050. That means producing only as much carbon dioxide as can be absorbed by forests and oceans or by abatement methods such as storing it underground. CO2 is the primary greenhouse gas blamed by scientists for climate change. Read more of this story at Slashdot.
Volkswagen To End Production At German Plant, a First In Company History
technology - Posted On:2025-12-16 16:45:00 Source: slashdot
An anonymous reader quotes a report from the New York Times: The last vehicle will roll off the assembly line at Volkswagen's plant in Dresden, Germany, on Tuesday, marking the first time in the automaker's 88-year history that it has closed a plant in its home country. Volkswagen warned of potential production cuts last year, as it faced shaky demand in Europe and China, its biggest market, as well as higher tariffs that have crimped sales in the United States. After 24 years of vehicle production, the Dresden plant will be converted into a research hub focused on technologies like artificial intelligence, robotics and chip design. Volkswagen will team up with the government of the state of Saxony and the Dresden University of Technology on the project at the plant, known as the Transparent Factory because of its glass walls. "We did not take the decision to end vehicle production at the Transparent Factory after more than 20 years lightly," Thomas Schafer, chief executive of the Volkswagen brand, said in a statement. "From an economic perspective, however, it was absolutely necessary." Read more of this story at Slashdot.
Racks of AI Chips Are Too Damn Heavy
technology - Posted On:2025-12-16 14:45:00 Source: slashdot
The weight of AI server racks has reached a point where legacy data centers cannot accommodate them even with significant retrofitting efforts, The Verge reports. Chris Brown, chief technical officer at Uptime Institute, said most retrofitting attempts would require "bulldozing the building and starting over from scratch." AI racks are projected to reach 5,000 pounds compared to the 400 to 600 pounds that racks weighed three decades ago. The dramatic increase stems from hundreds to 1,000 GPUs packed densely into each rack alongside memory chips and liquid cooling systems that can add substantial weight. AI workloads now consume up to 350 kilowatts per rack, 35 times the 10 kilowatts that traditional computer chip workloads averaged a decade ago. Legacy data centers with raised floors typically max out at around 1,250 pounds per square foot for static loads. Chris McLean, president of Critical Facility Group, said that rack heights have grown from 6 feet to 9 feet over nearly two decades, creating problems with doorframes and freight elevators in older buildings. Read more of this story at Slashdot.
High-Speed Traders Are Feuding Over a Way To Save 3.2 Billionths of a Second
it - Posted On:2025-12-16 11:45:00 Source: slashdot
A millisecond used to be a big deal for the world's quickest traders. A dispute over huge trading profits at one of the world's largest futures exchanges shows they now think a million times faster [non-paywalled source]. From a report: The controversy is about an arcane technical maneuver in which high-speed traders bombard Frankfurt-based Eurex with useless data. The idea is to keep their connections to the exchange warm so they can react fractionally faster to market-moving information. The battle is the latest chapter in a decadeslong contest among secretive ultrafast trading firms, which have pursued a relentless quest for minuscule speed advantages. A group of high-frequency trading firms has exploited the practice to rake in hundreds of millions of dollars, says Mosaic Finance, a French firm that has complained to Eurex and European regulators. "An arms race is OK, but you must use legal weapons," said Hugues Morin, founder of Mosaic. Eurex says Mosaic's claims are baseless. [...] High-speed traders often seek to capture fleeting differences between prices of related assets, making quick response times critical. If benchmark Euro Stoxx 50 index futures rise, for example, contracts tied to Germany's DAX will usually follow. A first mover will be able to buy DAX futures before they tick higher, then sell out at a higher price -- a strategy that can add up to big profits over time. The maneuver that prompted Mosaic's spat with Eurex can improve reaction times by about 3.2 nanoseconds, according to the French firm, which calls it "corrupted speculative triggering," or CST for short. Read more of this story at Slashdot.
Tech Giants Can't Agree On What To Call Their AI-Powered Glasses
technology - Posted On:2025-12-16 11:15:00 Source: slashdot
The glasses-shaped face computers that tech companies have been building for years now face an identity crisis, and their makers can't agree on what to call them. Meta has asked a journalist to refer to its Ray-Ban glasses as "AI glasses" to distinguish them from Google Glass. Google, whose Project Aura is a collaboration with Xreal, calls the product "wired XR glasses" because the company views it as more aligned with headsets in a glasses form factor. Xreal's CEO Chi Xu laughed when asked about Aura's category and said the company will call all its products "AR glasses." Research firms aren't aligned either. Gartner defines smart glasses as camera- and display-free devices with Bluetooth and AI. Counterpoint Research said smart glasses without see-through displays drive volumes in the smart eyewear category. IDC uses a broader definition that includes anything glasses-shaped. Read more of this story at Slashdot.
Mozilla's New CEO Bets Firefox's Future on AI
technology - Posted On:2025-12-16 09:45:00 Source: slashdot
Mozilla has named Anthony Enzor-DeMeo as its new chief executive, promoting the executive who has spent the past year leading the Firefox browser team and who now plans to make AI central to the company's future. Enzor-DeMeo announced on Tuesday that an "AI Mode" is coming to Firefox next year. The feature will let users choose from multiple AI models rather than being locked into a single provider. Some options will be open-source models, others will be private "Mozilla-hosted cloud options," and the company also plans to integrate models from major AI companies. Mozilla itself will not train its own large language model. "We're not incentivized to push one model or the other," Enzor-DeMeo told The Verge. Firefox currently has about 200 million monthly users, a fraction of Chrome's roughly 4 billion, though Enzor-DeMeo insists mobile usage is growing at a decent clip. He takes over from interim CEO Laura Chambers, who led the company through a major antitrust case and what Mozilla describes as "double-digit mobile growth" in Firefox. Chambers is returning to the Mozilla board of directors. The new CEO has outlined three priorities: ensuring all products give users control over AI features including the ability to turn them off, building a business model around transparent monetization, and expanding Firefox into a broader ecosystem of trusted software. Mozilla VPN integration is planned for the browser next year. Read more of this story at Slashdot.
Google's Real Estate Listings 'Experiment' Sends Zillow Shares Down More Than 8%
technology - Posted On:2025-12-16 09:15:00 Source: slashdot
Google's data partner HouseCanary has begun displaying home listings directly in search results in select markets, sending Zillow's shares tumbling more than 8% yesterday as investors weighed whether the search giant might eventually cut into the portal business that Zillow dominates. The experiment places property details, prices, images and a "Request a tour" button at the top of mobile search results. HouseCanary, a full-service brokerage licensed in all 50 states and Washington D.C., said it contacted every MLS in the test regions before launching. Analysts are largely downplaying immediate concerns. Goldman Sachs noted that most of Zillow's traffic comes directly through its apps and websites rather than Google searches, though the firm views the development as a long-term risk. Piper Sandler called the fears "overblown," and Wells Fargo suggested portals like Zillow would likely end up bidding for ad units on Google rather than losing traffic outright. Read more of this story at Slashdot.
SoundCloud Confirms Breach After Member Data Stolen, VPN Access Disrupted
it - Posted On:2025-12-16 08:15:00 Source: slashdot
An anonymous reader quotes a report from BleepingComputer: Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database containing user information. The disclosure follows widespread reports over the past four days from users who were unable to access SoundCloud when connecting via VPN, with attempts resulting in the site displaying 403 "forbidden" errors. In a statement shared with BleepingComputer, SoundCloud said it recently detected unauthorized activity involving an ancillary service dashboard and activated its incident response procedures. SoundCloud acknowledged that a threat actor accessed some of its data but said the exposure was limited in scope. [...] BleepingComputer has learned that the breach affects 20% of SoundCloud's users, which, based on publicly reported user figures, could impact roughly 28 million accounts. The company said it is confident that all unauthorized access to SoundCloud systems has been blocked and that there is no ongoing risk to the platform. "We understand that a purported threat actor group accessed certain limited data that we hold," SoundCloud told BleepingComputer. "We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles." Read more of this story at Slashdot.
Microsoft Will Finally Kill Obsolete Cipher That Has Wrecked Decades of Havoc
it - Posted On:2025-12-15 22:45:00 Source: slashdot
An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...] Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions. To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes." Read more of this story at Slashdot.
Lidar-Maker Luminar Files For Bankruptcy
technology - Posted On:2025-12-15 20:45:00 Source: slashdot
Once a star of the self-driving hype cycle, lidar maker Luminar has filed for bankruptcy amid legal turmoil, layoffs, and a cooling autonomous-vehicle market. It plans to sell off its assets before shutting down entirely. The Verge reports: As part of its bankruptcy, Luminar is seeking permission to sell both its lidar and semiconductor businesses, the latter of which it has already agreed to sell to Quantum Computing for $110 million. The company plans to continue to operate during the bankruptcy proceedings "to minimize disruptions and maintain delivery of its LiDAR hardware and software." That said, Luminar will cease to exist once the process is complete. "As we navigate this process, our top priority is to continue delivering the same quality, reliability and service our customers have come to expect from us," CEO Paul Ricci said in a statement. After launching in 2017, Luminar muscled its way to the front of the autonomous vehicle industry as a top maker of lidar systems, a key technology that driverless cars use to sense the shapes and distances of objects around them. Luminar has sold sensors to Mercedes-Benz, Volvo, Audi, Toyota Research Institute, Caterpillar, and even Tesla, which has dismissed lidar sensors in favor of traditional cameras. The company was valued at nearly $3 billion when it went public through a reverse merger with a SPAC in 2020. Read more of this story at Slashdot.
China, Iran Are Having a Field Day With React2Shell, Google Warns
it - Posted On:2025-12-15 19:15:00 Source: slashdot
A critical React vulnerability (CVE-2025-55182) is being actively exploited at scale by Chinese, Iranian, North Korean, and criminal groups to gain remote code execution, deploy backdoors, and mine crypto. The Register reports: React maintainers disclosed the critical bug on December 3, and exploitation began almost immediately. According to Amazon's threat intel team, Chinese government crews, including Earth Lamia and Jackpot Panda, started battering the security hole within hours of its disclosure. Palo Alto Networks' Unit 42 responders have put the victim count at more than 50 organizations across multiple sectors, with attackers from North Korea also abusing the flaw. Google, in a late Friday report, said at least five other suspected PRC spy groups also exploited React2Shell, along with criminals who deployed XMRig for illicit cryptocurrency mining, and "Iran-nexus actors," although the report doesn't provide any additional details about who the Iran-linked groups are and what they are doing after exploitation. "GTIG has also observed numerous discussions regarding CVE-2025-55182 in underground forums, including threads in which threat actors have shared links to scanning tools, proof-of-concept (PoC) code, and their experiences using these tools," the researchers wrote. Read more of this story at Slashdot.