An anonymous reader quotes a report from Ars Technica: On Monday afternoon, Amazon confirmed that an outage affecting Amazon Web Services' cloud hosting, which had impacted millions across the Internet, had been resolved. Considered the worst outage since last year's CrowdStrike chaos, Amazon's outage caused "global turmoil," Reuters reported. AWS is the world's largest cloud provider and, therefore, the "backbone of much of the Internet," ZDNet noted. Ultimately, more than 28 AWS services were disrupted, causing perhaps billions in damages, one analyst estimated for CNN.

[...] Amazon's problems originated at a US site that is its "oldest and largest for web services" and often "the default region for many AWS services," Reuters noted. The same site has experienced two outages before in 2020 and 2021, but while the tech giant had confirmed that those prior issues had been "fully mitigated," apparently the fixes did not ensure stability into 2025. ZDNet noted that Amazon's first sign of the outage was "increased error rates and latency across numerous key services" tied to its cloud database technology. Although "engineers later identified a Domain Name System (DNS) resolution problem" as the root of these issues and quickly fixed it, "other AWS services began to fail in its wake, leaving the platform still impaired" as more than two dozen AWS services shut down. At the peak of the outage on Monday, Down Detector tracked more than 8 million reports globally from users panicked by the outage, ZDNet reported. Ken Birman, a computer science professor at Cornell University, told Reuters that "software developers need to build better fault tolerance."

"When people cut costs and cut corners to try to get an application up, and then forget that they skipped that last step and didn't really protect against an outage, those companies are the ones who really ought to be scrutinized later."

London police finally understand why 80,000 phones disappeared from the city's streets last year. The answer involves budget cuts [non-paywalled source] that hollowed out British policing in the 2010s, the arrival of electric bikes that made theft easy, and a lucrative black market in China where stolen British phones retain full functionality. The Metropolitan Police discovered an industrial-scale operation in December when officers traced a woman's iPhone to a Heathrow warehouse on Christmas Eve. Boxes labeled as batteries and bound for Hong Kong contained almost 1,000 stolen iPhones. The police arrested two men in their thirties in September as suspected ringleaders of a group that sent up to 40,000 stolen phones to China.

The epidemic took root after Conservative-led austerity measures reduced police numbers and budgets. In 2017 the Metropolitan Police announced it would stop investigating low-level crimes to focus resources on serious violence and sexual offenses. Thieves on rented electric bikes began mounting sidewalks to snatch phones at high speed while wearing balaclavas and hoods. Police data shows only 495 people were charged out of 106,000 phones reported stolen between March 2024 and February 2025. Thieves earn up to $401 per device. The phones sell for up to $5,000 in China because Chinese network providers do not subscribe to the international blacklist for stolen devices.

An anonymous reader quotes a report from Ars Technica: Anthropic has added web and mobile interfaces for Claude Code, its immensely popular command-line interface (CLI) agentic AI coding tool. The web interface appears to be well-baked at launch, but the mobile version is limited to iOS and is in an earlier stage of development. The web version of Claude Code can be given access to a GitHub repository. Once that's done, developers can give it general marching orders like "add real-time inventory tracking to the dashboard."

As with the CLI version, it gets to work, with updates along the way approximating where it's at and what it's doing. The web interface supports the recently implemented Claude Code capability to take suggestions or requested changes while it's in the middle of working on a task. (Previously, if you saw it doing something wrong or missing something, you often had to cancel and start over.) Developers can run multiple sessions at once and switch between them as needed; they're listed in a left-side panel in the interface.

Alongside this web and mobile rollout, Anthropic has also introduced a new sandboxing runtime to Claude Code that, along with other things, aims to make the experience both more secure and lower friction. In the past, Claude Code worked by asking permission before making most changes and steps along the way. Now, it can instead be given permissions for specific file system folders and network servers. That means fewer approval steps, but it's also more secure overall against prompt injection and other risks. You can learn more about "Claude Code on the web" through the company's blog and official YouTube channel.

Note: the new features are available in beta as a research preview, and they are available to Claude users with Pro or Max subscriptions.

"A new study published on Monday found that communications from cellphone carriers, retailers, banks, and even militaries are being broadcast unencrypted through geostationary satellites..." reports Gizmodo. "The team obtained unencrypted internet communications from U.S. military sea vessels and even communications regarding narcotics trafficking from Mexican military and law enforcement." Researchers from the University of California, San Diego (UCSD) and the University of Maryland scanned 39 of these satellites from a rooftop in Southern California over three years. They found that roughly half of the signals they analyzed were transmitting unencrypted data, potentially exposing everything from phone calls and military logistics to a retail chain's inventory. "There is a clear mismatch between how satellite customers expect data to be secured and how it is secured in practice," the researchers wrote in their paper titled "Don't Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites...." "They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security," Aaron Schulman, a UCSD professor and co-lead of the study, told Wired....

Even more surprisingly, the researchers didn't need any fancy spy gear to collect this data. Their setup used only off-the-shelf hardware, including a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card. Altogether, the system cost roughly $750 and was installed on a university building in La Jolla, San Diego.

With their simple setup, the researchers were able to collect a wide range of communication data, including phone calls, texts, in-flight Wi-Fi data from airline passengers, and signals from electric utilities. They even obtained U.S. and Mexican military and law enforcement communications, as well as ATM transactions and corporate communications... When it came to telecoms, specifically, the team collected phone numbers, calls, and texts from customers of T-Mobile, AT&T Mexico, and Telmex... It only took the team nine hours to collect the phone numbers of over 2,700 T-Mobile users, along with some of their calls and text messages.
T-Mobile told Gizmodo the lack of encryption was "a vendor's technical misconfiguration" affecting "a limited number of cell sites" and was "not network-wide... [W]e implemented nationwide Session Initiation Protocol (SIP) encryption for all customers to further protect signaling traffic as it travels between mobile handsets and the network core, including call set up, numbers dialed and text message content. We appreciate our collaboration with the security research community, whose work helps reinforce our ongoing commitment to protecting customer data and enhances security across the industry."

Indeed, the researchers write that "Each time we discovered sensitive information in our data, we went through considerable effort to determine the responsible party, establish contact, and disclose the vulnerability. In several cases, the responsible party told us that they had deployed a remedy. For the following parties, we re-scanned with their permission and were able to verify a remedy had been deployed: T-Mobile, WalMart, and KPU."

The researchers acknowledge that exposure "was limited to a relatively small number of cell towers in specific remote areas."

It's the world's largest network of environmental groups, according to NBC News, with more than 1,400 members from roughly 160 countries. It meets once every four years.

And in a vote Tuesday, the International Union for Conservation of Nature "approved further exploration of the use of genetic engineering tools to aid in the preservation of animal species and other living organisms." Researchers are already pursuing projects that involve changing some species' DNA. Scientists are genetically modifying mosquitoes to reduce transmission of diseases like malaria, for example, and synthesizing horseshoe crab blood, which is used in drug development. Controversial efforts to "de-extinct" archaic creatures — such as the so-called "dire wolf" that a biosciences company announced it had revived this spring — fall under the umbrella, as well. So do possibilities like modifying organisms to help them adapt to a warming world, which are on the table but further off in development.... The decision is applicable to work on a range of organisms, including animals, plants, yeasts and bacteria....

The notion of introducing genetic engineering into wild ecosystems would have been considered a nonstarter in most conservation circles a decade ago, according to Jessica Owley [a professor and environment law program director at the University of Miami]. But the intensifying effects of climate change and other stressors to biodiversity are bolstering arguments in favor of human intervention that could make endangered species resistant to those threats... The IUCN vote, she added, reflects a feeling of desperation among conservationists and governments, as existing regulations and conservation efforts fall short and species continue to disappear worldwide.
"A separate measure, a proposed moratorium on releasing genetically modified organisms into the environment, failed by a single vote..."

A network of classified Starshield satellites built by SpaceX for the U.S. government is transmitting signals on radio frequencies reserved for Earth-to-space commands. According to NPR, it may violate international standards. From the report: Satellites associated with the Starshield satellite network appear to be transmitting to the Earth's surface on frequencies normally used for doing the exact opposite: sending commands from Earth to satellites in space. The use of those frequencies to "downlink" data runs counter to standards set by the International Telecommunication Union, a United Nations agency that seeks to coordinate the use of radio spectrum globally.

Starshield's unusual transmissions have the potential to interfere with other scientific and commercial satellites, warns Scott Tilley, an amateur satellite tracker in Canada who first spotted the signals. "Nearby satellites could receive radio-frequency interference and could perhaps not respond properly to commands -- or ignore commands -- from Earth," he told NPR.

Outside experts agree there's the potential for radio interference. "I think it is definitely happening," said Kevin Gifford, a computer science professor at the University of Colorado, Boulder who specializes in radio interference from spacecraft. But he said the issue of whether the interference is truly disruptive remains unresolved. [...] Tilley says he's detected signals from 170 of the Starshield satellites so far. All appear in the 2025-2110 MHz range, though the precise frequencies of the signals move around.

Amazon's Ring has announced a partnership with Flock Safety, the AI-powered camera network already used by ICE, the Secret Service, and other federal agencies. "Now agencies that use Flock can request that Ring doorbell users share footage to help with 'evidence collection and investigative work,'" reports TechCrunch. From the report: Flock cameras work by scanning the license plates and other identifying information about cars they see. Flock's government and police customers can also make natural language searches of their video footage to find people who match specific descriptions. However, AI-powered technology used by law enforcement has been proven to exacerbate racial biases. On the same day that Ring announced this partnership, 404 Media reported that ICE, the Secret Service, and the Navy had access to Flock's network of cameras. By partnering with Ring, Flock could potentially access footage from millions more cameras.

Boris Johnson's former adviser claims that China infiltrated a key UK government data-transfer network for years, compromising highly classified materials and prompting a Whitehall cover-up that prioritized Chinese investment over national security. The Times reports: Dominic Cummings, who served as a senior adviser to Boris Johnson, said that he and the then prime minister were informed about the breach in 2020 but that there had subsequently been a cover-up. He said he was warned at the time that disclosing some specific details of the breach would be a criminal offence. He claimed that the breach included some "Strap" material, which is the government term for the highest level of classified information.

The breach, which was confirmed by two other senior Whitehall sources, was said to have been connected to a Chinese-owned company involved in Britain's critical national infrastructure. Tom Tugendhat, a former Tory security minister, supported Cummings's account. Cummings said that he and Johnson were informed of the breach in the "bunker" of No 10 -- a reference to the secure room in Downing Street.

He told The Times: "The cabinet secretary said, 'We have to explain something; there's been a serious problem', and he talked through what this was. "And it was so bizarre that, not just Boris, a few people in the room were looking around like this -- 'Am I somehow misunderstanding what he's saying? Because it sounds f***ing crazy.'" He added: "What I'm saying is that some Strap stuff was compromised and vast amounts of data classified as extremely secret and extremely dangerous for any foreign entity to control was compromised. "Material from intelligence services. Material from the National Security Secretariat in the Cabinet Office. Things the government has to keep secret. If they're not secret, then there are very, very serious implications for it."

The U.S. Department of Justice seized about $15 billion in bitcoin from wallets tied to Chen Zhi, founder of Cambodia's Prince Holding Group, who is accused of running one of the world's biggest "pig butchering" scams. Prosecutors say Zhi's network trafficked people into forced-labor scam compounds that defrauded victims worldwide through fake crypto investment schemes. CNBC reports: The seizure is the largest forfeiture action by the DOJ in history. An indictment charging the alleged pig butcher, Chen Zhi, was unsealed Tuesday in federal court in Brooklyn, New York. Zhi, who is also known as "Vincent," remains at large, according to the U.S. Attorney's Office for the Eastern District of New York. He was identified in court filings as the founder and chairman of Prince Holding Group, a multinational business conglomerate based in Cambodia, which prosecutors said grew "in secret .... into one of Asia's largest transnational criminal organizations. [...]

The scams duped people contacted via social media and messaging applications online into transferring cryptocurrency into accounts controlled by the scheme with false promises that the crypto would be invested and produce profits, according to the office. "In reality, the funds were stolen from the victims and laundered for the benefit of the perpetrators," the release said. "The scam perpetrators often built relationships with their victims over time, earning their trust before stealing their funds."

Prosecutors said that hundreds of people were trafficked and forced to work in the scam compounds, "often under the threat of violence." Zhi and a network of top executives in the Prince Group are accused of using political influence in multiple countries to protect their criminal enterprise and paid bribes to public officials to avoid actions by law enforcement authorities targeting the scheme, according to prosecutors.

An anonymous reader quotes a report from the Associated Press: Google announced on Tuesday that it will invest $15 billion in India over the next five years to establish its first artificial intelligence hub in the country. Located in the southern city of Visakhapatnam, the hub will be one of Google's largest globally. It will feature gigawatt-scale data center operations, extensive energy infrastructure and an expanded fiber-optic network, the company said in a statement. The investment underscores Google's growing reliance on India as a key technology and talent base in the global race for AI dominance.

For India, it brings in high-value infrastructure and foreign investment at a scale that can accelerate its digital transformation ambitions. Google said its AI hub investment will include construction of a new international subsea gateway that would connect to the company's more than 2 million miles (3.2 million kilometers) of existing terrestrial and subsea cables. "The initiative creates substantial economic and societal opportunities for both India and the United States, while pioneering a generational shift in AI capability," the company's statement said.

BrianFagioli writes: TP-Link has officially achieved the first successful Wi-Fi 8 connection using a prototype device built through an industry collaboration. The company confirmed that both the beacon and data throughput worked, marking a real-world validation of next-generation wireless tech. It's an early glimpse of what the next leap in speed and reliability could look like, even as the Wi-Fi 8 standard itself remains under development. The Verge adds: Like its predecessor, Wi-Fi 8 will utilize 2.4GHz, 5GHz, and 6GHz bands with a theoretical maximum channel bandwidth of 320MHz and peak data rate of 23Gbps, but aims to improve real-world performance and connection reliability. The goal is to provide better performance in environments with low signal, or under high network loads, where an increasing number of devices are sharing the same connection.

Lyft is teaming up with Tensor Auto to launch hundreds of AI-powered "Robocars" across Europe and North America starting in 2027. Bloomberg reports: Tensor Robocars, the first deliveries of which are planned in late 2026, have more than 100 sensors including cameras, lidars and radars, and processes sensor data with artificial intelligence technology powered by Nvidia Corp. chips on board. The vehicles will come from the manufacturer with Lyft's platform installed, which will allow owners to make money on the rideshare network in markets where level 4 autonomous technology is available, according to the joint statement. Lyft has reserved hundreds of Robocars via its affiliates for its own fleet operations, subject to regulatory approvals.

An anonymous reader quotes a report from CSO Online: On Sept. 17, security vendor SonicWall announced that cybercriminals had stolen backup files configured for cloud backup. At the time, the company claimed the incident was limited to "less than five percent" of its customers. Now, the firewall provider has admitted that "all customers" using the MySonicWall cloud backup feature were affected. According to the company, the stolen files contain encrypted credentials and configuration data. "[W]hile encryption remains in place, possession of these files could increase the risk of targeted attacks," SonicWall warns in its press release.

Security specialist Arctic Wolf also warns of the consequences of the incident. "Firewall configuration files store sensitive information that can be leveraged by threat actors to exploit and gain access to an organization's network," explains Stefan Hostetler, threat intelligence researcher at Arctic Wolf. "These files can provide threat actors with critical information such as user, group, and domain settings, DNS and log settings, and certificates," he adds. Arctic Wolf has previously observed threat actors, including nation-state and ransomware groups, exfiltrating firewall configuration files to use for future attacks. SonicWall urges all customers and partners to regularly check their devices for updates. Admins can find additional information here.

prisoninmate shares a report from 9to5Linux: Dubbed Questing Quokka, Ubuntu 25.10 is powered by the latest and greatest Linux 6.17 kernel series for top-notch hardware support and ships with the latest GNOME 49 desktop environment, defaulting to a Wayland-only session for the Ubuntu Desktop flavor, meaning there's no other session to choose from the login screen. Ubuntu Desktop also ships with two new apps, namely GNOME's Loupe instead of Eye of GNOME as the default image viewer, as well as Ptyxis instead of GNOME Terminal as the default terminal emulator. Also, there's a new update notification that will be shown with options to open Software Updater or install updates directly.'

Other highlights of Ubuntu 25.10 include sudo-rs as the default implementation of sudo, Dracut as the default initramfs-tools, Chrony as the default NTP (Network Time Protocol) client, Rust Coreutils as the default implementation of GNU Core Utilities, and TPM-backed FDE (Full Disk Encryption) recovery key management. Moreover, Ubuntu 25.10 adds NVIDIA Dynamic Boost support and enables suspend-resume support in the proprietary NVIDIA graphics driver to prevent corruption and freezes when waking an NVIDIA desktop. For Intel users, Ubuntu 25.10 introduces support for new Intel integrated and discrete GPUs. Ubuntu 25.10 is available for download here.

An anonymous reader shares a report: In another loss for early smart home adopters, Logitech has announced that it will brick all Pop switches on October 15.

In August of 2016, Logitech launched Pop switches, which provide quick access to a range of smart home actions, including third-party gadgets. For example, people could set their Pop buttons to launch Philips Hue or Insteon lighting presets, play a playlist from their Sonos speaker, or control Lutron smart blinds. Each button could store three actions, worked by identifying smart home devices on a shared Wi-Fi network, and was controllable via a dedicated Android or iOS app. The Pop Home Switch Starter Pack launched at $100, and individual Pop Add-on Home Switches debuted at $40 each.

A company spokesperson told Ars Technica that Logitech informed customers on September 29 that their Pop switches would soon become e-waste.

Synology has released an update to its Disk Station Manager software that removes verified drive requirements from its 2025 model-year Plus, Value and J-series DiskStation network-attached storage devices. The change allows users to install non-validated third-party drives and create storage pools without restrictions.

The company had expanded its verified drive policy to the entire Plus line a few months earlier. Synology-branded drives carried substantial price premiums over commodity hardware. The HAT5310 enterprise SATA drive costs $299 for 8TB compared to $220 for an identically sized Seagate Exos disk. Users who installed non-verified drives in affected models faced reduced functionality and persistent warning messages in the DSM interface.

Synology said today it is collaborating with third-party drive manufacturers to accelerate testing and verification of additional storage drives. Pool and cache creation on M.2 disks still requires drives from the hardware compatibility list. Synology did not clarify whether the policy change applies to previous-generation products.

NBC is developing a game show based on the New York Times' Wordle puzzle, with Today anchor Savannah Guthrie set to host and Jimmy Fallon executive producing through his company, Electric Hot Dog. The Times is also a production partner. From the Hollywood Reporter: Wordle, which the Times acquired in 2022 and logs billions of plays from the paper's games site annually, gives players six tries to guess a five-letter word, revealing only if letters are in the right place (via a green background) or part of the word but in the wrong place (with a gold background). Should it go forward, the Wordle show would join another Fallon-produced game show, Password, on NBC's unscripted roster. The Tonight Show emcee also executive produces and hosts the network's On Brand, a competition series that revolves around advertising and marketing.

A now-fixed security flaw in India's income tax e-filing portal exposed millions of taxpayers' personal and financial data due to a basic IDOR vulnerability that let users view others' records by swapping PAN numbers. "The exposed data included full names, home addresses, email addresses, dates of birth, phone numbers, and bank account details of people who pay taxes on their income in India," reports TechCrunch. "The data also exposed citizens' Aadhaar number, a unique government-issued identifier used as proof of identity and for accessing government services." From the report: The researchers found that when they signed into the portal using their Permanent Account Number (PAN), an official document issued by the Indian income tax department, they could view anyone else's sensitive financial data by swapping out their PAN for another PAN in the network request as the web page loads. This could be done using publicly available tools like Postman or Burp Suite (or using the web browser's in-built developer tools) and with knowledge of someone else's PAN, the researchers told TechCrunch.

The bug was exploitable by anyone who was logged-in to the tax portal because the Indian income tax department's back-end servers were not properly checking who was allowed to access a person's sensitive data. This class of vulnerability is known as an insecure direct object reference, or IDOR, a common and simple flaw that governments have warned is easy to exploit and can result in large-scale data breaches.

"This is an extremely low-hanging thing, but one that has a very severe consequence," the researchers told TechCrunch. In addition to the data of individuals, the researchers said that the bug also exposed data associated with companies who were registered with the e-Filing portal. [...] It remains unclear how long the vulnerability has existed or whether any malicious actors have accessed the exposed data.

Paramount has acquired The Free Press, Bari Weiss's Substack-born media outlet, for $150 million and appointed Weiss as editor-in-chief of CBS News. The move effectively places a conservative-leaning Substack writer at the helm of a legacy news network, following the FCC's approval of the Skydance-Paramount merger, which required CBS to feature a broader "diversity of viewpoints from across the political and ideological spectrum." The Verge reports: Before starting The Free Press, Weiss worked as an op-ed and book review editor at The Wall Street Journal from 2013 to 2017 and later became an op-ed editor and writer at The New York Times to expand the publication's stable of conservative columnists during Donald Trump's first term. She resigned from the NYT in 2020, citing an "illiberal environment."

Weiss started a Substack newsletter in 2021, called Common Sense, which later evolved into The Free Press, touting itself as a media company "built on the ideals that were once the bedrock of great American journalism." As noted in the press release, The Free Press has grown its revenue 82 percent over the past year, while subscribers increased 86 percent to 1.5 million, 170,000 of which are paid subscriptions.

An anonymous reader quotes a report from BleepingComputer: The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances. Redis (short for Remote Dictionary Server) is an open-source data structure store used in approximately 75% of cloud environments, functioning like a database, cache, and message broker, and storing data in RAM for ultra-fast access. The security flaw (tracked as CVE-2025-49844) is caused by a 13-year-old use-after-free weakness found in the Redis source code and can be exploited by authenticated threat actors using a specially crafted Lua script (a feature enabled by default). Successful exploitation enables them to escape the Lua sandbox, trigger a use-after-free, establish a reverse shell for persistent access, and achieve remote code execution on the targeted Redis hosts.

After compromising a Redis host, attackers can steal credentials, deploy malware or cryptocurrency mining tools, extract sensitive data from Redis, move laterally to other systems within the victim's network, or use stolen information to gain access to other cloud services. "This grants an attacker full access to the host system, enabling them to exfiltrate, wipe, or encrypt sensitive data, hijack resources, and facilitate lateral movement within cloud environments," said Wiz researchers, who reported the security issue at Pwn2Own Berlin in May 2025 and dubbed it RediShell.

While successful exploitation requires attackers first to gain authenticated access to a Redis instance, Wiz found around 330,000 Redis instances exposed online, with at least 60,000 of them not requiring authentication. Redis and Wiz urged admins to patch their instances immediately by applying security updates released on Friday, "prioritizing those that are exposed to the internet." To further secure their Redis instances against remote attacks, admins can also enable authentication, disable Lua scripting and other unnecessary commands, launch Redis using a non-root user account, enable Redis logging and monitoring, limit access to authorized networks only, and implement network-level access controls using firewalls and Virtual Private Clouds (VPCs).