The hacker ecosystem in Russia, more than perhaps anywhere else in the world, has long blurred the lines between cybercrime, state-sponsored cyberwarfare, and espionage. Now an indictment of a group of Russian nationals and the takedown of their sprawling botnet offers the clearest example in years of how a single malware operation allegedly enabled hacking operations as varied as ransomware, wartime cyberattacks in Ukraine, and spying against foreign governments.

The US Department of Justice today announced criminal charges today against 16 individuals law enforcement authorities have linked to a malware operation known as DanaBot, which according to a complaint infected at least 300,000 machines around the world. The DOJ’s announcement of the charges describes the group as “Russia-based,” and names two of the suspects, Aleksandr Stepanov and Artem Aleksandrovich Kalinkin, as living in Novosibirsk, Russia. Five other suspects are named in the indictment, while another nine are identified only by their pseudonyms. In addition to those charges, the Justice Department says the Defense Criminal Investigative Service (DCIS)—a criminal investigation arm of the Department of Defense—carried out seizures of DanaBot infrastructure around the world, including in the US.

Aside from alleging how DanaBot was used in for-profit criminal hacking, the indictment also makes a rarer claim—it describes how a second variant of the malware it says was used in espionage against military, government, and NGO targets. “Pervasive malware like DanaBot harms hundreds of thousands of victims around the world, including sensitive military, diplomatic, and government entities, and causes many millions of dollars in losses,” US attorney Bill Essayli wrote in a statement.

Read full article

Comments

Don't worry about the "mission-driven not-for-profit" College Board—it's drowning in cash. The US group, which administers the SAT and AP tests to college-bound students, paid its CEO $2.38 million in total compensation in 2023 (the most recent year data is available). The senior VP in charge of AP programs made $694,662 in total compensation, while the senior VP for Technology Strategy made $765,267 in total compensation.

Given such eye-popping numbers, one would have expected the College Board's transition to digital exams to go smoothly, but it continues to have issues.

Just last week, the group's AP Psychology exam was disrupted nationally when the required "Bluebook" testing app couldn't be accessed by many students. Because the College Board shifted to digital-only exams for 28 of its 36 AP courses beginning this year, no paper-based backup options were available. The only "solution" was to wait quietly in a freezing gymnasium, surrounded by a hundred other stressed-out students, to see if College Board could get its digital act together.

Read full article

Comments

Marketers promote AI-assisted developer tools as workhorses that are essential for today’s software engineer. Developer platform GitLab, for instance, claims its Duo chatbot can “instantly generate a to-do list” that eliminates the burden of “wading through weeks of commits.” What these companies don’t say is that these tools are, by temperament if not default, easily tricked by malicious actors into performing hostile actions against their users.

Researchers from security firm Legit on Thursday demonstrated an attack that induced Duo into inserting malicious code into a script it had been instructed to write. The attack could also leak private code and confidential issue data, such as zero-day vulnerability details. All that’s required is for the user to instruct the chatbot to interact with a merge request or similar content from an outside source.

AI assistants’ double-edged blade

The mechanism for triggering the attacks is, of course, prompt injections. Among the most common forms of chatbot exploits, prompt injections are embedded into content a chatbot is asked to work with, such as an email to be answered, a calendar to consult, or a webpage to summarize. Large language model-based assistants are so eager to follow instructions that they’ll take orders from just about anywhere, including sources that can be controlled by malicious actors.

Read full article

Comments

As Google moves the last remaining Nest devices into the Home app, it's also looking at ways to make this smart home hub easier to use. Naturally, Google is doing that by ramping up Gemini integration. The company has announced new automation capabilities with generative AI, as well as better support for third-party devices via the Home API. Google AI will also plug into a new Android widget that can keep you updated on what the smart parts of your home are up to.

The Google Home app is where you interact with all of Google's smart home gadgets, like cameras, thermostats, and smoke detectors—some of which have been discontinued, but that's another story. It also accommodates smart home devices from other companies, which can make managing a mixed setup feasible if not exactly intuitive. A dash of AI might actually help here.

Google began testing Gemini integrations in Home last year, and now it's opening that up to third-party devices via the Home API. Google has worked with a few partners on API integrations before general availability. The previously announced First Alert smoke/carbon monoxide detector and Yale smart lock that are replacing Google's Nest devices are among the first, along with Cync lighting, Motorola Tags, and iRobot vacuums.

Read full article

Comments

NASA's Apollo missions brought back moon rock samples for scientists to study. We've learned a great deal over the ensuing decades, but one enduring mystery remains. Many of those lunar samples show signs of exposure to strong magnetic fields comparable to Earth's, yet the Moon doesn't have such a field today. So, how did the moon rocks get their magnetism?

There have been many attempts to explain this anomaly. The latest comes from MIT scientists, who argue in a new paper published in the journal Science Advances that a large asteroid impact briefly boosted the Moon's early weak magnetic field—and that this spike is what is recorded in some lunar samples.

Evidence gleaned from orbiting spacecraft observations, as well as results announced earlier this year from China's Chang'e 5 and Chang'e 6 missions, is largely consistent with the existence of at least a weak magnetic field on the early Moon. But where did this field come from? These usually form in planetary bodies as a result of a dynamo, in which molten metals in the core start to convect thanks to slowly dissipating heat. The problem is that the early Moon's small core had a mantle that wasn't much cooler than its core, so there would not have been significant convection to produce a sufficiently strong dynamo.

Read full article

Comments

On Tuesday, Google launched Veo 3, a new AI video synthesis model that can do something no major AI video generator has been able to do before: create a synchronized audio track. While from 2022 to 2024, we saw early steps in AI video generation, each video was silent and usually very short in duration. Now you can hear voices, dialog, and sound effects in eight-second high-definition video clips.

Shortly after the new launch, people began asking the most obvious benchmarking question: How good is Veo 3 at faking Oscar-winning actor Will Smith at eating spaghetti?

First, a brief recap. The spaghetti benchmark in AI video traces its origins back to March 2023, when we first covered an early example of horrific AI-generated video using an open source video synthesis model called ModelScope. The spaghetti example later became well-known enough that Smith parodied it almost a year later in February 2024.

Read full article

Comments

Is it weird to have nostalgia for an operating system? I don't mean missing a particular feature that's been removed from modern versions or a specific productivity setting that's no longer supported. I mean a sense of longing for the vibes of the computer interface you grew up with, an ache for the aesthetics of user interfaces past.

I would have thought I was immune to this particular brand of nostalgia. Then I happened upon Desktop Survivors 98, a new Vampire Survivors-style "bullet heaven" autoshooter that leans hard into the aesthetics of the late '90s Windows machines I grew up with. And while that low-res, 256-color presentation is what drew me in, it was the intriguing mouse-controlled gameplay underneath that has kept me coming back for more retro-styled action all week.

Start me up

When it comes to capturing the feel of the '90s computer environment, Desktop Survivors 98 gets everything just right. This is in large part due to rampant theft of familiar old-school icons; items like My Computer, Calculator, Minesweeper, Search, and more look like they were taken directly from a classic Microsoft tile set. The game's low-res desktop backgrounds and Windows also look like they came out of a years-old Microsoft style book.

Read full article

Comments

Amid the brutal cuts across the federal government under the Trump administration, perhaps one of the most gutting is the loss of experts at the Centers for Disease Control and Prevention who respond to lead poisoning in children.

On April 1, the staff of the CDC's Childhood Lead Poisoning Prevention Program was terminated as part of the agency's reduction in force, according to NPR. The staff included epidemiologists, statisticians, and advisors who specialized in lead exposures and responses.

The cuts were immediately consequential to health officials in Milwaukee, who are currently dealing with a lead exposure crisis in public schools. Six schools have had to close, displacing 1,800 students. In April, the city requested help from the CDC's lead experts, but the request was denied—there was no one left to help.

Read full article

Comments

In the US, many newly constructed generating facilities are brought online at the end of the year to qualify for tax incentives. Since much of the US's new generating capacity is solar power, that has led to a boom in solar production to start the year in recent years. With the first three months of data in for 2025, it's clear this year is no exception: Solar power is up a staggering 44 percent compared to the prior year.

That's the good news. The bad news is that, in contrast to China, solar's growth hasn't been enough to offset rising demand. Instead, the US also saw significant growth in coal use, which rose by 23 percent compared to the year prior, after years of steady decline.

Short-term fluctuations in demand are normal, generally driven by weather-induced demand for heating or cooling. Despite those changes, demand for electricity in the US has been largely flat for over a decade, largely thanks to gains in efficiency. But 2024 saw demand go up by nearly 3 percent, and the first quarter of 2025 saw another rise, this time of nearly 5 percent. It's a bit too early to say that we're seeing a shift to a period of rising demand, but one has been predicted for some time due to rising data center use and the increased electrification of transportation and appliances.

Read full article

Comments

Valve is releasing version 3.7 of SteamOS to the general public, and among the routine updates and changes is a big one: This is the SteamOS release that finally adds official support for some kinds of PC hardware other than Valve's Steam Deck.

Valve mentions certain specific handhelds as having either "official" or "improved support," including the Asus ROG Ally, the Lenovo Legion Go, and the Lenovo Legion Go S. It also includes directions for configuring the original Legion Go and ROG Ally for SteamOS installation. But Valve says that only the Steam Deck and Legion Go S have fully baked SteamOS support.

The release claims to run on "other AMD powered handhelds" more broadly, implying that most third-party handheld PCs with Ryzen Z1 or Z2-series processors ought to support at least some basic functionality. Other all-AMD desktops and laptops have a decent shot at being supported, too.

Read full article

Comments

Expert advisors for the Food and Drug Administration met Thursday to discuss which virus strain this year's updated COVID-19 vaccines should target. The advisors have been meeting around this time each year for such a strain selection, a routine decision in the process of updating the lifesaving vaccines.

But this year's meeting was awkward and even a little tense. Earlier this week, new FDA leaders under health secretary and anti-vaccine advocate Robert F. Kennedy Jr. announced a sweeping new framework that would restrict access to the shots, making them available only to people 65 and older and those with medical conditions that put them at risk of severe illness. For updated COVID-19 vaccines to be approved for healthy children and adults, vaccine makers would need to repeat large, randomized, placebo-controlled trials, which are expensive, ethically debatable at this point, and could easily take too much time to complete before the shots would need to be ready for fall vaccinations. The advisors weren't consulting on the new framework, and there is much uncertainty about its implementation.

Just 30 minutes into yesterday's nearly seven-hour meeting, one committee member broached one of the largest looming questions, saying, "If a different strain was selected for this season, would that require additional clinical trials, etc.?"

Read full article

Comments

Donald Trump woke up Friday morning and threatened Apple with a 25 percent tariff on any iPhones sold in the US that are not manufactured in America.

In a Truth Social post, Trump claimed that he had "long ago" told Apple CEO Tim Cook that Apple's plan to manufacture iPhones for the US market in India was unacceptable. Only US-made iPhones should be sold here, he said.

"If that is not the case, a tariff of at least 25 percent must be paid by Apple to the US," Trump said.

Read full article

Comments

Welcome to Edition 7.45 of the Rocket Report! Let's talk about spaceplanes. Since the Space Shuttle, spaceplanes have, at best, been a niche part of the space transportation business. The US Air Force's uncrewed X-37B and a similar vehicle operated by China's military are the only spaceplanes to reach orbit since the last shuttle flight in 2011, and both require a lift from a conventional rocket. Virgin Galactic's suborbital space tourism platform is also a spaceplane of sorts. A generation or two ago, one of the chief arguments in favor of spaceplanes was that they were easier to recover and reuse. Today, SpaceX routinely reuses capsules and rockets that look much more like conventional space vehicles than the winged designs of yesteryear. Spaceplanes are undeniably alluring in appearance, but they have the drawback of carrying extra weight (wings) into space that won't be used until the final minutes of a mission. So, do they have a future?

As always, we welcome reader submissions. If you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets, as well as a quick look ahead at the next three launches on the calendar.

One of China's commercial rockets returns to flight. The Kinetica-1 rocket launched Wednesday for the first time since a failure doomed its previous attempt to reach orbit in December, according to the vehicle's developer and operator, CAS Space. The Kinetica-1 is one of several small Chinese solid-fueled launch vehicles managed by a commercial company, although with strict government oversight and support. CAS Space, a spinoff of the Chinese Academy of Sciences, said its Kinetica-1 rocket deployed multiple payloads with "excellent orbit insertion accuracy." This was the seventh flight of a Kinetica-1 rocket since its debut in 2022.

Read full article

Comments

By late 2021, major updates for Windows' built-in Notepad text editor had been so rare for so long that a gentle redesign and a handful of new settings were rated as a major update. New updates have become much more common since then, but like the rest of Windows, recent additions have been overwhelmingly weighted in the direction of generative AI.

In November, Microsoft began testing an update that allowed users to rewrite or summarize text in Notepad using generative AI. Another preview update today takes it one step further, allowing you to write AI-generated text from scratch with basic instructions (the feature is called Write, to differentiate it from the earlier Rewrite).

Like Rewrite and Summarize, Write requires users to be signed into a Microsoft Account, because using it requires you to use your monthly allotment of Microsoft's AI credits. Per this support page, users without a paid Microsoft 365 subscription get 15 credits per month. Subscribers with Personal and Family subscriptions get 60 credits per month instead.

Read full article

Comments

In recent written testimony to a US House of Representatives subcommittee that oversees the military, the senior official responsible for purchasing launches for national security missions blistered one of the country's two primary rocket providers.

The remarks from Major General Stephen G. Purdy, acting assistant secretary of the Air Force for Space Acquisition and Integration, concerned United Launch Alliance and its long-delayed development of the large Vulcan rocket.

"The ULA Vulcan program has performed unsatisfactorily this past year," Purdy said in written testimony during a May 14 hearing before the House Armed Services Committee's Subcommittee on Strategic Forces. This portion of his testimony did not come up during the hearing, and it has not been reported publicly to date.

Read full article

Comments

Earlier this month, Nintendo received a lot of negative attention for an end-user license agreement (EULA) update granting the company the claimed right to render Switch consoles "permanently unusable in whole or in part" for violations such as suspected hacking or piracy. As it turns out, though, Nintendo isn't the only console manufacturer that threatens to remotely brick systems in response to rule violations. And attorneys tell Ars Technica that they're probably well within their legal rights to do so.

Sony's System Software License Agreement on the PS5, for instance, contains the following paragraph of "remedies" it can take for "violations" such as use of modified hardware or pirated software (emphasis added).

If SIE Inc determines that you have violated this Agreement's terms, SIE Inc may itself or may procure the taking of any action to protect its interests such as disabling access to or use of some or all System Software, disabling use of this PS5 system online or offline, termination of your access to PlayStation Network, denial of any warranty, repair or other services provided for your PS5 system, implementation of automatic or mandatory updates or devices intended to discontinue unauthorized use, or reliance on any other remedial efforts as reasonably necessary to prevent the use of modified or unpermitted use of System Software.

The same exact clause appears in the PlayStation 4 EULA as well. The PlayStation 3 EULA was missing the "disabling use... online or offline" clause, but it does still warn that Sony can take steps to "discontinue unauthorized use" or "prevent the use of a modified PS3 system, or any pirated material or equipment."

Read full article

Comments

An outdated Meta AI model was apparently at the center of the Department of Government Efficiency's initial ploy to purge parts of the federal government.

Wired reviewed materials showing that affiliates of Elon Musk's DOGE working in the Office of Personnel Management "tested and used Meta’s Llama 2 model to review and classify responses from federal workers to the infamous 'Fork in the Road' email that was sent across the government in late January."

The "Fork in the Road" memo seemed to copy a memo that Musk sent to Twitter employees, giving federal workers the choice to be "loyal"—and accept the government's return-to-office policy—or else resign. At the time, it was rumored that DOGE was feeding government employee data into AI, and Wired confirmed that records indicate Llama 2 was used to sort through responses and see how many employees had resigned.

Read full article

Comments

E-bike batteries are, for the most part, a collection of 18650 batteries, packaged together and welded in series and parallel, attached to a battery management system (BMS). A "dead" e-bike battery may only have two or three truly dead cells inside, while the remainder work fine. This is useful knowledge that, for the most part, very few e-bike owners can really use. Arc welders are not a common tool to own, and most e-bike batteries are not designed to be opened, safely or otherwise.

French firm Gouach, essentially a three-person company, is pitching its Infinite Battery as the opposite of this status quo. It's a durable, fireproof casing into which you can place and replace 18650 batteries using only a screwdriver. It keeps you updated on the status of cell performance and heat through a Bluetooth-connected app. And it's designed for compatibility with "90% of existing e-bike brands," or you can upgrade an existing "acoustic" model.

Credit: Gouach

Read full article

Comments

Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face.

Eight packages using names that closely mimicked those of widely used legitimate packages contained destructive payloads designed to corrupt or delete important data and crash systems, Kush Pandya, a researcher at security firm Socket, reported Thursday. The packages have been available for download for more than two years and accrued roughly 6,200 downloads over that time.

A diversity of attack vectors

“What makes this campaign particularly concerning is the diversity of attack vectors—from subtle data corruption to aggressive system shutdowns and file deletion,” Pandya wrote. “The packages were designed to target different parts of the JavaScript ecosystem with varied tactics.”

Read full article

Comments

When web services shut down and have time to put up a blog post about it, there's typically some real understatement in their explanation of "why." Bookmarking service Pocket's goodbye post truly delivers on this front, noting almost off-handedly that "the way people use the web has evolved." Yes, you might just say that.

Both Pocket and another browser add-on, Fakespot, are being shut down by Firefox maker Mozilla in early July. In a post about the closures, Mozilla cites the need to "invest our time and resources so we can make the biggest impact." Pocket's saving and curation powers will be implemented into Firefox, while Fakespot's analysis of online shopping reviews "didn't fit a model we could sustain."

Pocket started in 2007 as Read It Later, a way to bookmark web articles for later reading. It's not just the focus on published text articles that now seems quaint but also the idea that there was a finite amount of web material you would get back to and would have the time to do so. Those who do want that nice-sounding media experience can cobble it together in most modern browsers, which have built-in tools for managing bookmarks, distinct "reading lists," and even creating stripped-down "readable" versions of articles.

Read full article

Comments