An anonymous reader quotes a report from SecurityWeek: Hundreds of printer models from Brother and other vendors are impacted by potentially serious vulnerabilities discovered by researchers at Rapid7. The cybersecurity firm revealed on Wednesday that its researchers identified eight vulnerabilities affecting multifunction printers made by Brother. The security holes have been found to impact 689 printer, scanner and label maker models from Brother, and some or all of the flaws also affect 46 Fujifilm Business Innovation, five Ricoh, six Konica Minolta, and two Toshiba printers. Overall, millions of enterprise and home printers are believed to be exposed to hacker attacks due to these vulnerabilities.

The most serious of the flaws, tracked as CVE-2024-51978 and with a severity rating of 'critical', can allow a remote and unauthenticated attacker to bypass authentication by obtaining the device's default administrator password. CVE-2024-51978 can be chained with an information disclosure vulnerability tracked as CVE-2024-51977, which can be exploited to obtain a device's serial number. This serial number is needed to generate the default admin password. "This is due to the discovery of the default password generation procedure used by Brother devices," Rapid7 explained. "This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device's unique serial number, during the manufacturing process."

Having the admin password enables an attacker to reconfigure the device or abuse functionality intended for authenticated users. The remaining vulnerabilities, which have severity ratings of 'medium' and 'high', can be exploited for DoS attacks, forcing the printer to open a TCP connection, obtain the password of a configured external service, trigger a stack overflow, and perform arbitrary HTTP requests. Six of the eight vulnerabilities found by Rapid7 can be exploited without authentication. Brother has patched most of the flaws, but CVE-2024-51978 requires a new manufacturing process to fully resolve, which will apply only to future devices.

The Blue Screen of Death (BSOD) has held strong in Windows for nearly 40 years, but that's about to change. From a report: Microsoft revealed earlier this year that it was overhauling its BSOD error message in Windows 11, and the company has now confirmed that it will soon be known as the Black Screen of Death. The new design drops the traditional blue color, frowning face, and QR code in favor of a simplified black screen.

The simplified BSOD looks a lot more like the black screen you'd see during a Windows update. But it will list the stop code and faulty system driver that you wouldn't always see during a crash dump. IT admins shouldn't need to pull crash dumps off PCs and analyze them with tools like WinDbg just to find out what could be causing issues. The company will roll out this new BSOD design in an update to Windows 11 "later this summer."

Microsoft is preparing to release a private preview of Windows changes that will move antivirus and endpoint detection and response apps out of the Windows kernel, nearly a year after a faulty CrowdStrike update crashed 8.5 million Windows-based machines worldwide.

The new Windows endpoint security platform is being developed in cooperation with CrowdStrike, Bitdefender, ESET, Trend Micro, and other security vendors. David Weston, Microsoft's vice president of enterprise and OS security, said dozens of partners have submitted papers detailing design requirements, some hundreds of pages long. The private preview will allow security vendors to request changes before the platform is finalized.

The HDMI Forum has officially finalized HDMI 2.2, doubling bandwidth from 48 GB/s to 96 GB/s compared to the current HDMI 2.1 standard. The specification enables 16K resolution at 60 Hz and 12K at 120 Hz with chroma subsampling, while supporting uncompressed 4K at 240 Hz with 12-bit color depth and uncompressed 8K at 60 Hz.

The new standard requires "Ultra96" certified cables with clear HDMI Forum branding to achieve full bandwidth capabilities. HDMI 2.2's 96 GB/s throughput surpasses DisplayPort 2.1b UHBR20's 80 GB/s maximum. The specification maintains backwards compatibility with existing devices and cables, operating at the lowest common denominator when mixed with older hardware. HDMI 2.2 introduces a Latency Indication Protocol to improve audio-video synchronization in complex home theater setups.

Google has begun rolling out a feature that allows Chrome users on Android to move the browser's address bar to the bottom of the screen. This capability has been available to iOS Chrome users since 2023 and aims to improve accessibility for users with larger devices.

Users can relocate the address bar by pressing and holding on it and selecting the move option, or by adjusting the setting through Chrome's settings menu. The feature addresses usability concerns for users of phones with bigger screens, where reaching the top of the display can prove difficult during one-handed operation.

Western Digital has succeeded in having the sum it owed from a patent infringement case reduced from $553 million down to just $1 in post-trial motions, when the judge found the plaintiff's claims had shifted during the course of the litigation. From a report: The storage biz was held by a California jury to have infringed on data encryption patents owned by SPEX Technologies Inc in October, relating to several of its self-encrypting hard drive products.

WD was initially told to pay $316 million in damages, but District Judge James Selna ruled the company owed a further $237 million in interest charges earlier this year, bringing the total to more than half a billion dollars. In February, WD was given a week to file a bond or stump up the entire damages payment. Selna granted Western Digital's post-trial motion to reduce damages, writing that "SPEX's damages theory changed as certain evidence and theories became unavailable" and there was "insufficient evidence from which the Court could determine a reasonable royalty."

Microsoft will offer free Windows 10 security updates through October 2026 to consumers who enable Windows Backup or spend 1,000 Microsoft Rewards points, the company said today. The move provides alternatives to the previously announced $30-per-PC Extended Security Update program for individuals wanting to continue using Windows 10 past its October 14, 2025 end-of-support date.

The company will notify Windows 10 users about the ESU program through the Settings app and notifications starting in July, with full rollout by mid-August. Both free options require a Microsoft Account, which the company has increasingly pushed in Windows 11. Business and organizational customers can still purchase up to three years of ESU updates but must pay for the service.

Windows 10 remains installed on 53% of Windows PCs worldwide, according to Statcounter data.

OpenAI has designed features that would allow people to collaborate on documents and communicate via chat within ChatGPT, The Information reported Tuesday. The features would pit OpenAI directly against Microsoft, its biggest shareholder and business partner, and Google, whose search engine has already lost traffic to people using ChatGPT for web searches.

Whether OpenAI will actually release the collaboration features remains unclear, the report cautioned. The designs would target the core of Microsoft's dominant productivity suite and could strain the companies' already complicated relationship as OpenAI seeks Microsoft's approval for restructuring its for-profit unit. Product chief Kevin Weil first discussed and showed off designs for document collaboration nearly a year ago, but OpenAI lacked sufficient staff to develop the product due to other priorities.

OpenAI launched Canvas in October, a ChatGPT feature that makes drafting documents and code easier with AI assistance, as a possible first step toward full collaboration tools. More recently, OpenAI developed but has not launched software allowing multiple ChatGPT customers to communicate about shared work within the application.

Disabling Intel graphics security mitigations in GPU compute stacks for OpenCL and Level Zero can yield a performance boost of up to 20%, prompting Ubuntu's Canonical and Intel to disable these mitigations in future Ubuntu packages. Phoronix's Michael Larabel reports: Intel does allow building their GPU compute stack without these mitigations by using the "NEO_DISABLE_MITIGATIONS" build option and that is what Canonical is looking to set now for Ubuntu packages to avoid the significant performance impact. This work will likely all be addressed in time for Ubuntu 25.10. This NEO_DISABLE_MITIGATIONS option is just for compiling the Intel Compute Runtime stack and doesn't impact the Linux kernel security mitigations or else outside of Intel's "NEO" GPU compute stack. Both Intel and Canonical are in agreement with this move and it turns out that even Intel's GitHub binary packages for their Compute Runtime for OpenCL and Level Zero ship with the mitigations disabled due to the performance impact. This Ubuntu Launchpad bug report for the Intel Compute Runtime notes some of the key takeaways. There is also this PPA where Ubuntu developers are currently testing their Compute Runtime builds with NEO_DISABLE_MITIGATIONS enabled for disabling the mitigations.

Apple's iOS 26 introduces Recovery Assistant, a feature that allows users to restore malfunctioning iPhones without requiring a Mac or PC. The system automatically boots devices into Recovery mode when startup issues occur, displaying the message "This iPhone encountered an issue while starting."

Users can then initiate recovery through another Apple device like an iPad, which downloads and installs a newer iOS version onto the malfunctioning iPhone. Apple described Recovery Assistant as "a new way to recover your device if it doesn't start up normally" in release notes for the second iOS 26 beta.

Hackers suspected of working on behalf of the Chinese government exploited a maximum-severity vulnerability, which had received a patch 16 months earlier, to compromise a telecommunications provider in Canada, officials from that country and the US said Monday. ArsTechnica: "The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies," officials for the center, the Canadian government's primary cyber security agency, said in a statement. "The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon." The FBI issued its own nearly identical statement.

Salt Typhoon is the name researchers and government officials use to track one of several discreet groups known to hack nations all over the world on behalf of the People's Republic of China. In October 2023, researchers disclosed that hackers had backdoored more than 10,000 Cisco devices by exploiting CVE-2023-20198, a vulnerability with a maximum severity rating of 10. Any switch, router, or wireless LAN controller running Cisco's iOS XE that had the HTTP or HTTPS server feature enabled and exposed to the Internet was vulnerable. Cisco released a security patch about a week after security firm VulnCheck published its report.

How AI will reshape the future of work? The Washington Post looks at India's $280 billion call-center and "business process outsourcing" industry, which employs over 3 million people.

2023 saw the arrival of a real-time "accent-altering software" — now used by at least 42,000 call center agents: Those who use the software are engaging in "digital whitewashing," critics say, which helps explain why the industry prefers the term "accent translation" over "accent neutralization." But companies say it's delivering results: happier customers, satisfied agents, faster calls.

Many are not convinced. Whatever short-term gains automation may offer to workers, they say, it will ultimately eliminate far more jobs than it creates. They point to the quality assurance process: When callers hear, "this call may be monitored," that now usually refers to an AI system, not a human [which now can review all calls for compliance and tone]... "AI is going to crush entry-level white-collar hiring over the next 24 to 36 months," said Mark Serdar, who has spent his career helping Fortune 500 companies expand their global workforce. "And it's happening faster than most people realize...." Already, chatbots, or "virtual agents," are handling basic tasks like password resets or balance updates. AI systems are writing code, translating emails, onboarding patients, and analyzing applications for credit cards, mortgages and insurance. The human jobs are changing, too. AI "co-pilots" are providing call center agents with instant answers and suggested scripts. At some companies, bots have started handling the calls.

There is no shortage of ominous predictions about the implications for India's labor force. Within a year, there will only be a "minimal" need for call centers, K Krithivasan, CEO of Indian IT company Tata Consultancy Services, recently told the Financial Times. The Brookings Institution found 86 percent of customer service tasks have "high automation potential." More than a quarter of jobs in India have "high exposure" to AI, the International Monetary Fund has warned. "There is a rapid wave coming," said Pratyush Kumar, co-founder of Sarvam, a leading Indian AI firm, which recently helped a major insurance provider make 40 million automated phone calls informing enrollees that their insurance program was expiring. He said corporate clients are all asking him to help reduce headcount...

While AI may be phasing out certain jobs, its defenders say it is also creating different kinds of opportunities. Teleperformance, along with hundreds of other companies, has hired thousands of data annotators in India — many of them women in small towns and rural areas — to label training images and videos for AI systems. Prompt engineers, data scientists, AI trainers and speech scientists are all newly in demand... At some firms, those who previously worked in quality assurance have transitioned to performance coaching, said [Sharath Narayana, co-founder of AI speech tools company Sanas], whose previous firm, Observe.ai, also built QA software. Still, he admits, 10 to 20 percent of workers he observed "could not upskill at all" and were probably let go.

Even the most hopeful admit that workers who can't adapt will fall behind. "It's like the industrial revolution," said Prithvijit Roy, Accenture's former lead for its Global AI Hub. "Some will suffer."
The article also notes that while Indian universities produce over a million engineering graduates each year, "placement rates are falling at leading IT firms; salaries have stagnated."

The education-news site EdSurge published "sponsored content" from Minecraft Education this month. "Students light up when they create something meaningful," the article begins. "Self-expression fuels learning, and creativity lies at the heart of the human experience."

But they also argue that "As AI rapidly reshapes software development, computer science education must move beyond syntax drills and algorithmic repetition." Students "must also learn to think systemically..." As AI automates many of the mechanical aspects of programming, the value of CS education is shifting, from writing perfect code to shaping systems, telling stories through logic and designing ethical, human-centered solutions... [I]t's critical to offer computer science experiences that foster invention, expression and design. This isn't just an education issue — it's a workforce one. Creativity now ranks among the top skills employers seek, alongside analytical thinking and AI literacy. As automation reshapes the job market, McKinsey estimates up to 375 million workers may need to change occupations by 2030. The takeaway? We need more adaptable, creative thinkers.

Creative coding, where programming becomes a medium for self-expression and innovation, offers a promising solution to this disconnect. By positioning code as a creative tool, educators can tap into students' intrinsic motivation while simultaneously building computational thinking skills. This approach helps students see themselves as creators, not just consumers, of technology. It aligns with digital literacy frameworks that emphasize critical evaluation, meaningful contribution and not just technical skills.

One example of creative coding comes from a curriculum that introduces computer science through game design and storytelling in Minecraft... Developed by Urban Arts in collaboration with Minecraft Education, the program offers middle school teachers professional development, ongoing coaching and a 72-session curriculum built around game-based instruction. Designed for grades 6-8, the project-based program is beginner-friendly; no prior programming experience is required for teachers or students. It blends storytelling, collaborative design and foundational programming skills with a focus on creativity and equity.... Students use Minecraft to build interactive narratives and simulations, developing computational thinking and creative design... Early results are promising: 93 percent of surveyed teachers found the Creative Coders program engaging and effective, noting gains in problem-solving, storytelling and coding, as well as growth in critical thinking, creativity and resilience.

As AI tools like GitHub Copilot become standard in development workflows, the definition of programming proficiency is evolving. Skills like prompt engineering, systems thinking and ethical oversight are rising in importance, precisely what creative coding develops... As AI continues to automate routine tasks, students must be able to guide systems, understand logic and collaborate with intelligent tools. Creative coding introduces these capabilities in ways that are accessible, culturally relevant and engaging for today's learners.
Some background from long-time Slashdot reader theodp: The Urban Arts and Microsoft Creative Coders program touted by EdSurge in its advertorial was funded by a $4 million Education Innovation and Research grant that was awarded to Urban Arts in 2023 by the U.S. Education Department "to create an engaging, game-based, middle school CS course using Minecraft tools" for 3,450 middle schoolers (6th-8th grades)" in New York and California (Urban Arts credited Minecraft for helping craft the winning proposal)... New York City is a Minecraft Education believer — the Mayor's Office of Media and Entertainment recently kicked off summer with the inaugural NYC Video Game Festival, which included the annual citywide Minecraft Education Battle of the Boroughs Esports Competition in partnership with NYC Public Schools.

It's not just Amazon's CEO predicting AI will lower their headcount. "Top executives at some of the largest American companies have a warning for their workers: Artificial intelligence is a threat to your job," reports the Washington Post — including IBM, Salesforce, and JPMorgan Chase.

But are they really just trying to impress their shareholders? Economists say there aren't yet strong signs that AI is driving widespread layoffs across industries.... CEOs are under pressure to show they are embracing new technology and getting results — incentivizing attention-grabbing predictions that can create additional uncertainty for workers. "It's a message to shareholders and board members as much as it is to employees," Molly Kinder, a Brookings Institution fellow who studies the impact of AI, said of the CEO announcements, noting that when one company makes a bold AI statement, others typically follow. "You're projecting that you're out in the future, that you're embracing and adopting this so much that the footprint [of your company] will look different."

Some CEOs fear they could be ousted from their job within two years if they don't deliver measurable AI-driven business gains, a Harris Poll survey conducted for software company Dataiku showed. Tech leaders have sounded some of the loudest warnings — in line with their interest in promoting AI's power...

IBM, which recently announced job cuts, said it replaced a couple hundred human resource workers with AI "agents" for repetitive tasks such as onboarding and scheduling interviews. In January, Meta CEO Mark Zuckerberg suggested on Joe Rogan's podcast that the company is building AI that might be able to do what some human workers do by the end of the year.... Marianne Lake, JPMorgan's CEO of consumer and community banking, told an investor meeting last month that AI could help the bank cut headcount in operations and account services by 10 percent. The CEO of BT Group Allison Kirkby suggested that advances in AI would mean deeper cuts at the British telecom company...

Despite corporate leaders' warnings, economists don't yet see broad signs that AI is driving humans out of work. "We have little evidence of layoffs so far," said Columbia Business School professor Laura Veldkamp, whose research explores how companies' use of AI affects the economy. "What I'd look for are new entrants with an AI-intensive business model, entering and putting the existing firms out of business." Some researchers suggest there is evidence AI is playing a role in the drop in openings for some specific jobs, like computer programming, where AI tools that generate code have become standard... It is still unclear what benefits companies are reaping from employees' use of AI, said Arvind Karunakaran, a faculty member of Stanford University's Center for Work, Technology, and Organization. "Usage does not necessarily translate into value," he said. "Is it just increasing productivity in terms of people doing the same task quicker or are people now doing more high value tasks as a result?"

Lynda Gratton, a professor at London Business School, said predictions of huge productivity gains from AI remain unproven. "Right now, the technology companies are predicting there will be a 30% productivity gain. We haven't yet experienced that, and it's not clear if that gain would come from cost reduction ... or because humans are more productive."
On an earnings call, Salesforce's chief operating and financial officer said AI agents helped them reduce hiring needs — and saved $50 million, according to the article. (And Ethan Mollick, co-director of Wharton School of Business' generative AI Labs, adds that if advanced tools like AI agents can prove their reliability and automate work — that could become a larger disruptor to jobs.) "A wave of disruption is going to happen," he's quoted as saying.

But while the debate continues about whether AI will eliminate or create jobs, Mollick still hedges that "the truth is probably somewhere in between."

Threads now has 350 million users — but this week a strange bug affected some Threads accounts (on both desktop and mobile). "One user's post will get repeated over and over again..." explains TechCrunch, "as though every user on your feed is saying the same thing." "Siri, unsubscribe me from 2025," one Threads user wrote, per a screenshot from social media expert Alexa Heinrich. But then, everyone else on Heinrich's feed appeared to be echoing the same cheugy joke...

While it's not yet clear what caused the bug, Meta Communications Director Andy Stone responded to app researcher Jane Manchun Wong's post about the issue. "Whoops, well that clearly shouldn't have happened! We're working on getting it fixed now," Stone said.
I thought the bug was only affecting user feeds (and not replies). But either way, Wong came up with the perfect comeback.

"Whoops, well that clearly shouldn't have happened! We're working on getting it fixed now."

An anonymous reader quotes a report from Ars Technica: Large-scale attacks designed to bring down Internet services by sending them more traffic than they can process keep getting bigger, with the largest one yet, measured at 7.3 terabits per second, being reported Friday by Internet security and performance provider Cloudflare. The 7.3Tbps attack amounted to 37.4 terabytes of junk traffic that hit the target in just 45 seconds. That's an almost incomprehensible amount of data, equivalent to more than 9,300 full-length HD movies or 7,500 hours of HD streaming content in well under a minute.

Cloudflare said the attackers "carpet bombed" an average of nearly 22,000 destination ports of a single IP address belonging to the target, identified only as a Cloudflare customer. A total of 34,500 ports were targeted, indicating the thoroughness and well-engineered nature of the attack. [...] Cloudflare said the record DDoS exploited various reflection or amplification vectors, including the previously mentioned Network Time Protocol; the Quote of the Day Protocol, which listens on UDP port 17 and responds with a short quote or message; the Echo Protocol, which responds with the same data it receives; and Portmapper services used identify resources available to applications connecting through the Remote Procedure Call. Cloudflare said the attack was also delivered through one or more Mirai-based botnets. Such botnets are typically made up of home and small office routers, web cameras, and other Internet of Things devices that have been compromised.

The Department of Homeland Security is concerned about the rate at which outlawed signal-jamming devices are being found across the US. From a report: In a warning issued on Wednesday, it said it has seen an 830 percent increase in seizures of these signal jammers since 2021, specifically those made in China. Signal-jamming devices are outlawed in the US, mainly because they can interfere with communications between emergency services and law enforcement.

While the Communications Act of 1934 effectively prohibits such devices, signal jammers of the type DHS is concerned about have only circulated in the last 20 to 30 years. Authorities have paid special attention to relay attack devices in recent years -- the types of hardware that can be used to clone signals used by systems such as remote car keys, although the first examples of these devices date back to the 1980s.

david.emery writes: Microsoft is making it harder to use Chrome on Windows. The culprit? This time, it's Windows' Family Safety feature. Since early this month, the parental control measure has prevented users from opening Chrome. Strangely, no other apps or browsers appear to be affected.

Redditors first reported the issue on June 3. u/Witty-Discount-2906 posted that Chrome crashed on Windows 11. "Just flashes quickly, unable to open with no error message," they wrote. Another user chimed in with a correct guess. "This may be related to Parental Controls," u/duk242 surmised. "I've had nine students come see the IT Desk in the last hour saying Chrome won't open."

A senior Broadcom executive has defended VMware's controversial licensing changes by arguing that customers complaining about costs simply weren't using the software bundles properly. VMware shifted away from selling perpetual licenses for individual products to subscription bundles after Broadcom's acquisition. Some smaller and mid-sized customers claim their costs increased eight to 15 times under the new pricing structure, prompting migration plans to alternative platforms.

Joe Baguley, Broadcom's chief technology officer for EMEA, countered that 87% of VMware's top 10,000 customers have signed up for VMware Cloud Foundation, and that cost complaints "don't play out" when Broadcom sits down with customers directly.

Starting mid-July 2025, Microsoft 365 will begin blocking legacy authentication protocols like Remote PowerShell and FrontPage RPC to enhance security under its "Secure by Default" initiative. Admins must now grant explicit consent for third-party app access, which could disrupt workflows but aims to reduce unauthorized data exposure. The Register reports: First in line for the chop is legacy browser authentication to SharePoint and OneDrive using the Remote PowerShell (RPS) protocol. According to Microsoft, legacy authentication protocols like RPS "are vulnerable to brute-force and phishing attacks due to non-modern authentication." The upshot is that attempting to access OneDrive or SharePoint via a browser using legacy authentication will stop working.

Also being blocked is the FrontPage Remote Procedure Call (RPC) protocol. Microsoft FrontPage was a web authoring tool that was discontinued almost two decades ago. However, the protocol for remote web authoring has lived on until now. Describing legacy protocols like RPC as "more susceptible to compromise," Microsoft will block them to prevent their use in Microsoft 365 clients.

Finally, third-party apps will need administrator consent to access files and sites. Microsoft said: "Users allowing third-party apps to access file and site content can lead to overexposure of an organization's content. Requiring admins to consent to this access can help reduce overexposure." "While laudable, shifting consent to the administrator could disrupt some workflows," writes The Register's Richard Speed. "The Microsoft-managed App Consent Policies will be enabled, and users will be unable to consent to third-party applications accessing their files and sites by default. Need consent? A user will need to request an administrator to consent on their behalf."