A smartphone smuggled out of North Korea automatically captures screenshots every five minutes and stores them in a hidden folder inaccessible to users, according to analysis by the BBC. Authorities can later review these images to monitor citizen activity on the device. The phone, obtained by Seoul-based media outlet Daily NK, resembles a Huawei or Honor device but runs state-approved software designed for surveillance and control. The device also automatically censors text, replacing "South Korea" with "puppet state" and Korean terms of endearment with "comrade."

Snowflake's growth among large enterprise customers faces a significant bottleneck tied to the sluggish replacement cycles of existing on-premises data warehouse systems, according to finance vice president Jimmy Sexton. Speaking at a Jefferies conference, Sexton explained that while the cloud data company secured two deals worth more than $100 million each in the financial services sector during its latest quarter, such migrations unfold over multiple years as "cumbersome projects."

Microsoft will require all USB-C ports on Windows 11 certified laptops and tablets to support data transfer, charging, and display functionality under updated hardware compatibility program rules. The mandate targets devices shipping with Windows 11 24H2 and aims to eliminate what Microsoft -- and the industry -- calls "USB-C port confusion," where identical-looking ports offer different capabilities across PC manufacturers.

The Windows Hardware Compatibility Program updates also require USB 40Gbps ports to maintain full compatibility with both USB4 and Thunderbolt 3 peripherals.

A new analysis argues that Stack Overflow's decline began years before AI tools delivered the "final blow" to the once-dominant programming forum. The site's monthly questions dropped from a peak of 200,000 to a steep collapse that began in earnest after ChatGPT's 2023 launch, but usage had been declining since 2014, according to data cited in the InfoWorld analysis.

The platform's remarkable reputation system initially elevated it above competitors by allowing users to earn points and badges for helpful contributions, but that same system eventually became its downfall, the piece argues. As Stack Overflow evolved into a self-governing platform where high-reputation users gained moderation powers, the community transformed from a welcoming space for developer interaction into what the author compares to a "Stanford Prison Experiment" where moderators systematically culled interactions they deemed irrelevant.

An anonymous reader shared this report from The Hacker News: Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).

Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. "These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump," Saeed Abbasi, manager of product at Qualys TRU, said...

Red Hat said CVE-2025-4598 has been rated Moderate in severity owing to the high complexity in pulling an exploit for the vulnerability, noting that the attacker has to first win the race condition and be in possession of an unprivileged local account... Qualys has also developed proof-of-concept code for both vulnerabilities, demonstrating how a local attacker can exploit the coredump of a crashed unix_chkpwd process, which is used to verify the validity of a user's password, to obtain password hashes from the /etc/shadow file.
Advisories were also issued by Gentoo, Amazon Linux, and Debian, the article points out. (Though "It's worth noting that Debian systems aren't susceptible to CVE-2025-4598 by default, since they don't include any core dump handler unless the systemd-coredump package is manually installed.")

Canonical software security engineer Octavio Galland explains the issue on Canonical's blog. "If a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace... In order to successfully carry out the exploit, an attacker must have permissions to create user, mount and pid namespaces with full capabilities." Canonical's security team has released updates for the apport package for all affected Ubuntu releases... We recommend you upgrade all packages... The unattended-upgrades feature is enabled by default for Ubuntu 16.04 LTS onwards. This service:

- Applies new security updates every 24 hours automatically.
- If you have this enabled, the patches above will be automatically applied within 24 hours of being available.

Stack Overflow remains in the midst of big changes to counter an AI-fueled drop in engagement. So "We're wondering what kind of online communities Stack Overflow users continue to support in the age of AI," writes their senior analyst, "and whether AI is becoming a closer companion than ever before."

For their 15th year of their annual reader survey, this means "we're not just collecting data; we're reflecting on the last year of questions, answers, hallucinations, job changes, tech stacks, memory allocations, models, systems and agents — together..." Is it an AI agent revolution yet? Are you building or utilizing AI agents? We want to know how these intelligent assistants are changing your daily workflow and if developers are really using them as much as these keynote speeches assume. We're asking if you are using these tools and where humans are still needed for common developer tasks.

Career shifts: We're keen to understand if you've considered a career change or transitioned roles and if AI is impacting your approach to learning or using existing tools. Did we make up the difference in salaries globally for tech workers...?
They're also re-visiting "a key finding from recent surveys highlighted a significant statistic: 80% of developers reported being unhappy or complacent in their jobs." This raised questions about changing office (and return-to-office) culture and the pressures of the industry, along with whether there were any insights into what could help developers feel more satisfied at work. Prior research confirmed that flexibility at work used to contribute more than salary to job satisfaction, but 2024's results show us that remote work is not more impactful than salary when it comes to overall satisfaction... [For some positions job satisfaction stayed consistent regardless of salary, though it increased with salary for other positions. And embedded developers said their happiness increased when they worked with top-quality hardware, while desktop developers cited "contributing to open source" and engineering managers were happier when "driving strategy".]

In 2024, our data showed that many developers experienced a pay cut in various roles and programming specialties. In an industry often seen as highly lucrative, this was a notable shift of around 7% lower salaries across the top ten reporting countries for the same roles. This year, we're interested in whether this trend has continued, reversed, or stabilized. Salary dynamics is an indicator for job satisfaction in recent surveys of Stack Overflow users and understanding trends for these roles can perhaps improve the process for finding the most useful factors contributing to role satisfaction outside of salary.
And of course they're asking about AI — while noting last year's survey uncovered this paradox. "While AI usage is growing (70% in 2023 vs. 76% in 2024 planning to or currently using AI tools), developer sentiment isn't necessarily following suit, as 77% in of all respondents in 2023 are favorable or very favorable of AI tools for development compared to 72% of all respondents in 2024." Concerns about accuracy and misinformation were prevalent among some key groups. More developers learning to code are using or are interested in using AI tools than professional developers (84% vs. 77%)... Developers with 10 — 19 years experience were most likely (84%) to name "increase in productivity" as a benefit of AI tools, higher than developers with less experience (<80%)...

Is it an AI agent revolution yet? Are you building or utilizing AI agents? We want to know how these intelligent assistants are changing your daily workflow and if developers are really using them as much as these keynote speeches assume. We're asking if you are using these tools and where humans are still needed for common developer tasks.

"This month, millions of young people will graduate from college," reports the New York Times, "and look for work in industries that have little use for their skills, view them as expensive and expendable, and are rapidly phasing out their jobs in favor of artificial intelligence." That is the troubling conclusion of my conversations over the past several months with economists, corporate executives and young job seekers, many of whom pointed to an emerging crisis for entry-level workers that appears to be fueled, at least in part, by rapid advances in AI capabilities.

You can see hints of this in the economic data. Unemployment for recent college graduates has jumped to an unusually high 5.8% in recent months, and the Federal Reserve Bank of New York recently warned that the employment situation for these workers had "deteriorated noticeably." Oxford Economics, a research firm that studies labor markets, found that unemployment for recent graduates was heavily concentrated in technical fields like finance and computer science, where AI has made faster gains. "There are signs that entry-level positions are being displaced by artificial intelligence at higher rates," the firm wrote in a recent report.

But I'm convinced that what's showing up in the economic data is only the tip of the iceberg. In interview after interview, I'm hearing that firms are making rapid progress toward automating entry-level work and that AI companies are racing to build "virtual workers" that can replace junior employees at a fraction of the cost. Corporate attitudes toward automation are changing, too — some firms have encouraged managers to become "AI-first," testing whether a given task can be done by AI before hiring a human to do it. One tech executive recently told me his company had stopped hiring anything below an L5 software engineer — a midlevel title typically given to programmers with three to seven years of experience — because lower-level tasks could now be done by AI coding tools. Another told me that his startup now employed a single data scientist to do the kinds of tasks that required a team of 75 people at his previous company...

"This is something I'm hearing about left and right," said Molly Kinder, a fellow at the Brookings Institution, a public policy think tank, who studies the impact of AI on workers. "Employers are saying, 'These tools are so good that I no longer need marketing analysts, finance analysts and research assistants.'" Using AI to automate white-collar jobs has been a dream among executives for years. (I heard them fantasizing about it in Davos back in 2019.) But until recently, the technology simply wasn't good enough...

"How does it feel to be replaced by a bot?" asks the Guardian — interviewing several creative workers who know:

• Gardening copywriter Annabel Beales "One day, I overheard my boss saying to a colleague, 'Just put it in ChatGPT....' [My manager] stressed that my job was safe. Six weeks later, I was called to a meeting with HR. They told me they were letting me go immediately. It was just before Christmas...
  
  "The company's website is sad to see now. It's all AI-generated and factual — there's no substance, or sense of actually enjoying gardening."

• Voice actor Richie Tavake "[My producer] told me he had input my voice into AI software to say the extra line. But he hadn't asked my permission. I later found out he had uploaded my voice to a platform, allowing other producers to access it. I requested its removal, but it took me a week, and I had to speak to five people to get it done... Actors don't get paid for any of the extra AI-generated stuff, and they lose their jobs. I've seen it happen."

• Graphic designer Jadun Sykes "One day, HR told me my role was no longer required as much of my work was being replaced by AI. I made a YouTube video about my experience. It went viral and I received hundreds of responses from graphic designers in the same boat, which made me realise I'm not the only victim — it's happening globally..."

Labor economist Aaron Sojourner recently reminded CNN that even in the 1980s and 90s, the arrival of cheap personal computers only ultimately boosted labor productivity by about 3%. That seems to argue against a massive displacement of human jobs — but these anecdotes suggest some jobs already are being lost...

Thanks to long-time Slashdot readers Paul Fernhout and Bruce66423 for sharing the article.

Apple's end-to-end iCloud encryption product ("Advanced Data Protection") was famously removed in the U.K. after a government order demanded backdoors for accessing user data.

So now a Google software engineer wants to build an open source version of Advanced Data Protection for everyone. "We need to take action now to protect users..." they write (as long-time Slashdot reader WaywardGeek). "The whole world would be able to use it for free, protecting backups, passwords, message history, and more, if we can get existing applications to talk to the new data protection service." "I helped build Google's Advanced Data Protection (Google Cloud Key VaultService) in 2018, and Google is way ahead of Apple in this area. I know exactly how to build it and can have it done in spare time in a few weeks, at least server-side... This would be a distributed trust based system, so I need folks willing to run the protection service. I'll run mine on a Raspberry PI...

The scheme splits a secret among N protection servers, and when it is time to recover the secret, which is basically an encryption key, they must be able to get key shares from T of the original N servers. This uses a distributed oblivious pseudo random function algorithm, which is very simple.

In plain English, it provides nation-state resistance to secret back doors, and eliminates secret mass surveillance, at least when it comes to data backed up to the cloud... The UK and similarly confused governments will need to negotiate with operators in multiple countries to get access to any given users's keys. There are cases where rational folks would agree to hand over that data, and I hope we can end the encryption wars and develop sane policies that protect user data while offering a compromise where lives can be saved.
"I've got the algorithms and server-side covered," according to their original submission. "However, I need help." Specifically...

• Running protection servers. "This is a T-of-N scheme, where users will need say 9 of 15 nodes to be available to recover their backups."
• Android client app. "And preferably tight integration with the platform as an alternate backup service."
• An iOS client app. (With the same tight integration with the platform as an alternate backup service.)
• Authentication. "Users should register and login before they can use any of their limited guesses to their phone-unlock secret."

"Are you up for this challenge? Are you ready to plunge into this with me?"


In the comments he says anyone interested can ask to join the "OpenADP" project on GitHub — which is promising "Open source Advanced Data Protection for everyone."

Thursday Anthropic's CEO/cofounder Dario Amodei again warned unemployment could spike 10 to 20% within the next five years as AI potentially eliminated half of all entry-level white-collar jobs.

But CNN's senior business writer dismisses that as "all part of the AI hype machine," pointing out that Amodei "didn't cite any research or evidence for that 50% estimate." And that was just one of many of the wild claims he made that are increasingly part of a Silicon Valley script: AI will fix everything, but first it has to ruin everything. Why? Just trust us.

In this as-yet fictional world, "cancer is cured, the economy grows at 10% a year, the budget is balanced — and 20% of people don't have jobs," Amodei told Axios, repeating one of the industry's favorite unfalsifiable claims about a disease-free utopia on the horizon, courtesy of AI. But how will the US economy, in particular, grow so robustly when the jobless masses can't afford to buy anything? Amodei didn't say... Anyway. The point is, Amodei is a salesman, and it's in his interest to make his product appear inevitable and so powerful it's scary. Axios framed Amodei's economic prediction as a "white-collar bloodbath."

Even some AI optimists were put off by Amodei's stark characterization. "Someone needs to remind the CEO that at one point there were more than (2 million) secretaries. There were also separate employees to do in office dictation," wrote tech entrepreneur Mark Cuban on Bluesky. "They were the original white collar displacements. New companies with new jobs will come from AI and increase TOTAL employment."

Little of what Amodei told Axios was new, but it was calibrated to sound just outrageous enough to draw attention to Anthropic's work, days after it released a major model update to its Claude chatbot, one of the top rivals to OpenAI's ChatGPT.
Amodei told CNN Thursday this great societal change would be driven by how incredibly fast AI technology is getting better and better — and that the AI boom "is bigger and it's broader and it's moving faster than anything has before...!"

Billions of stolen cookies are being sold on the dark web and Telegram, with over 1.2 billion containing session data that can grant cybercriminals access to accounts and systems without login credentials, bypassing MFA. The Register reports: More than 93.7 billion of them are currently available for criminals to buy online and of those, between 7-9 percent are active, on average, according to NordVPN's breakdown of stolen cookies by country. Adrianus Warmenhoven, cybersecurity advisor at NordVPN, said: "Cookies may seem harmless, but in the wrong hands, they're digital keys to our most private information. What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide. Most people don't realize that a stolen cookie can be just as dangerous as a password, despite being so willing to accept cookies when visiting websites, just to get rid of the prompt at the bottom of the screen. However, once these are intercepted, a cookie can give hackers direct access to all sorts of accounts containing sensitive data, without any login required."

The vast majority of stolen cookies (90.25 percent) contain ID data, used to uniquely identify users and deliver targeted ads. They can also contain data such as names, home and email addresses, locations, passwords, phone numbers, and genders, although these data points are only present in around 0.5 percent of all stolen cookies. The risk of ruinous personal data exposure as a result of cookie theft is therefore pretty slim. Aside from ID cookies, the other statistically significant type of data that these can contain are details of users' sessions. Over 1.2 billion of these are still up for grabs (roughly 6 percent of the total), and these are generally seen as more of a concern.

WordPress.com parent company Automattic is changing direction... again. From a report: In a blog post titled "Returning to Core" published Thursday evening, Automattic announced it will unpause its contributions to the WordPress project. This is despite having said only last month that the 6.8 WordPress release would be the final major release for all of 2025.

"After pausing our contributions to regroup, rethink, and plan strategically, we're ready to press play again and return fully to the WordPress project," the new blog post states. "Expect to find our contributions across all of the greatest hits -- WordPress Core, Gutenberg, Playground, Openverse, and WordPress.org. This return is a moment of excitement for us as it's about continuing the mission we've always believed in: democratizing publishing for everyone, everywhere," it reads.

Automattic says it's learned a lot from the pause in terms of the many ways WordPress is used, and that it's now committed to helping it "grow and thrive." The post also notes that WordPress today powers 43% of the web.

Lovable, a Swedish startup that allows users to create websites and apps through natural language prompts, failed to address a critical security vulnerability for months after being notified, according to a new report. A study by Replit employees found that 170 of 1,645 Lovable-created applications exposed sensitive user information including names, email addresses, financial data, and API keys that could allow hackers to run up charges on customers' accounts.

The vulnerability, published this week in the National Vulnerabilities Database, stems from misconfigured Supabase databases that Lovable's AI-generated code connects to for storing user data. Despite being alerted to the problem in March, Lovable initially dismissed concerns and only later implemented a limited security scan that checks whether database access controls are enabled but cannot determine if they are properly configured.

An anonymous reader quotes a report from SC Media: Thousands of ASUS routers have been compromised with malware-free backdoors in an ongoing campaign to potentially build a future botnet, GreyNoise reported Wednesday. The threat actors abuse security vulnerabilities and legitimate router features to establish persistent access without the use of malware, and these backdoors survive both reboots and firmware updates, making them difficult to remove.

The attacks, which researchers suspect are conducted by highly sophisticated threat actors, were first detected by GreyNoise's AI-powered Sift tool in mid-March and disclosed Thursday after coordination with government officials and industry partners. Sekoia.io also reported the compromise of thousands of ASUS routers in their investigation of a broader campaign, dubbed ViciousTrap, in which edge devices from other brands were also compromised to create a honeypot network. Sekoia.io found that the ASUS routers were not used to create honeypots, and that the threat actors gained SSH access using the same port, TCP/53282, identified by GreyNoise in their report. The backdoor campaign affects multiple ASUS router models, including the RT-AC3200, RT-AC3100, GT-AC2900, and Lyra Mini.

GreyNoise advises users to perform a full factory reset and manually reconfigure any potentially compromised device. To identify a breach, users should check for SSH access on TCP port 53282 and inspect the authorized_keys file for unauthorized entries.

An anonymous reader quotes a report from TechCrunch: LexisNexis Risk Solutions, a data broker that collects and uses consumers' personal data to help its paying corporate customers detect possible risk and fraud, has disclosed a data breach affecting more than 364,000 people. The company said in a filing with Maine's attorney general that the breach, dating back to December 25, 2024, allowed a hacker to obtain consumers' sensitive personal data from a third-party platform used by the company for software development.

Jennifer Richman, a spokesperson for LexisNexis, told TechCrunch that an unknown hacker accessed the company's GitHub account. The stolen data varies, but includes names, dates of birth, phone numbers, postal and email addresses, Social Security numbers, and driver license numbers. It's not immediately clear what circumstances led to the breach. Richman said LexisNexis received a report on April 1, 2025 "from an unknown third party claiming to have accessed certain information." The company would not say if it had received a ransom demand from the hacker.

A security researcher has discovered an exposed database containing 184 million login credentials for major services including Apple, Facebook, and Google accounts, along with credentials linked to government agencies across 29 countries. Jeremiah Fowler found the 47-gigabyte trove in early May, but the database contained no identifying information about its owner or origins.

The records included plaintext passwords and usernames for accounts spanning Netflix, PayPal, Discord, and other major platforms. A sample analysis revealed 220 email addresses with government domains from countries including the United States, China, and Israel. Fowler told Wired he suspects the data was compiled by cybercriminals using infostealer malware. World Host Group, which hosted the database, shut down access after Fowler's report and described it as content uploaded by a "fraudulent user." The company said it would cooperate with law enforcement authorities.

A fairly comprehensive look at the early personal computer culture reveals that from 1975 through early 1977, personal computers remained "almost exclusively the province of hobbyists who loved to play with computers and found them inherently fascinating," according to newly surfaced historical research. When BYTE magazine launched in 1975, its cover called computers "the world's greatest toy," reflecting the recreational rather than practical focus of early adopters.

A BYTE magazine survey from late 1976 showed these pioneers were remarkably homogeneous: 72% held at least a bachelor's degree, had a median annual income of $20,000 ($123,000 in 2025 dollars), and were overwhelmingly male at 99%. Rather than developing practical software applications, early users gravitated toward games, particularly Star Trek simulations that appeared frequently in magazine advertisements and user group demonstrations.

The hobbyist community organized around local clubs like the famous Homebrew Computer Club, retail stores, and specialized magazines that helped establish what one researcher calls "a mythology of the microcomputer." This narrative positioned hobbyists as democratizing heroes who "ripped the computer and the knowledge of how to use it from the hands of the priests, sharing freedom and power with the masses," challenging what they termed the "computer priesthood" of institutional gatekeepers. This self-contained hobbyist culture would soon be "subsumed by a larger phenomenon" as businessmen began targeting mass markets in 1977.

The recent surge in cyberattacks is pushing cyber insurers toward a fundamental reassessment of premium pricing, Bloomberg reports, with industry analysts warning of an impending "inflection point" that could reshape the market. Marks & Spencer's impending $404 million hit to its operating profit from a recent hack underscores claims that will "attract intense scrutiny from insurers," according to cybersecurity expert Adam Casey.

While incidents like this might not trigger immediate premium hikes across the board, they might likely contribute to an upward pricing trend. Panmure Liberum analyst Abid Hussain said that premiums have recently been falling as policy coverage has tightened, but the industry now faces a critical decision point. "There's going to be another step change, either in the policy wording or in the premiums, or both," Hussain said.

A Qualcomm-commissioned study found that Apple's inaugural C1 modem, debuting in the iPhone 16e, significantly underperformed compared to Qualcomm-powered Android devices in challenging network conditions. The research by Cellular Insights tested devices on T-Mobile's 5G network in New York City, where Android phones achieved download speeds up to 35% faster and upload speeds up to 91% quicker than the iPhone 16e.

The performance gap widened when networks were congested or devices operated farther from cell towers -- precisely the scenarios where next-generation modems should excel, according to the report. The iPhone 16e became "noticeably hot to touch and exhibited aggressive screen dimming within just two-minute test intervals" during testing. This study arrives as Apple attempts to reduce its dependence on Qualcomm, which has historically provided modems for the entire iPhone lineup and represents roughly 20% of Qualcomm's revenue.

An anonymous reader shares a report: Earlier today, Panasonic announced refreshed models of its long-established Let's Note laptop series. However, for the first time in its history, we have a Let's Note portable that doesn't have a VGA port. According to a report by Nikkei Japan, this is probably the beginning of the end for laptops sporting VGA output, with "other companies to follow suit."

A number of factors have precipitated Panasonic's removal of the venerable VGA port. The Nikkei report highlights the strong competition from HDMI, which can simultaneously transmit audio. We also see that the new Panasonic Let's Note CF-SC6 models feature a pair of Thunderbolt 4 ports, which can also be used for video out. That's three separate ports remaining on the Let's Note to drive external displays.