"A new study released Friday found that young children diagnosed with attention-deficit/hyperactivity disorder, or ADHD, are often prescribed medication too quickly," reports CBS News: The study, led by Stanford Medicine and published in JAMA Network Open, examined the health records of nearly 10,000 preschool-aged children ages 3 to 5 between 2016 and 2023 who were diagnosed with ADHD... The Stanford study found that about 68% of those children who were diagnosed with ADHD were prescribed medications before age 7, most often stimulants such as Ritalin, which can help children focus their attention and regulate their emotions. The turn to medication often came quickly, according to the study. About 42% of the children who were diagnosed with ADHD were prescribed drugs within 30 days of diagnosis, the study found.

"We don't have concerns about the toxicity of the medications for 4- and 5-year-olds, but we do know that there is a high likelihood of treatment failure, because many families decide the side effects outweigh the benefits," Dr. Yair Bannett, assistant professor of pediatrics at Stanford Medicine and the lead author of the study, said in a statement. Those side effects can include irritability, aggressiveness and emotional problems, according to Bannett. "The high rate of medication prescriptions among preschool-age children with ADHD and the lack of delay between initial diagnosis and prescription require further investigation to assess the appropriateness of early medication treatment," the researchers concluded.

The study also found that the vast majority of the young children diagnosed with ADHD, about 76%, were boys.
CBS News interviewed Jamie Howard, senior clinical psychologist from the Child Mind Institute (who was not involved in the study). Howard said when treating ADHD in young children, clinical guidelines call for starting with "behavioral intervention...."

"I think that people have an association with ADHD and stimulant medication... But there is actually a lot more than that. And we want to give kids the opportunity to use these other strategies first, and then if they need medication, it can be incredibly helpful for a lot of kids."

The Washington Post covers "a string of false reports of active shooters at a dozen U.S. universities this month as students returned to campus." The FBI is investigating the incidents, according to a spokesperson who declined to specify the nature of the probe. While universities have proved a popular swatting target, the agency "is seeing an increase in swatting events across the country," the FBI spokesperson said... Local officials are frustrated by the anonymous calls tying up first responders, straining public safety budgets and needlessly traumatizing college students who grew up in an era in which gun violence has in some way shaped their school experience...

The recent string of swattings began Thursday with a false report to the University of Tennessee at Chattanooga, quickly followed by one about Villanova University later that day. Hoaxes at 10 more schools followed... Villanova also received a second threat. As the calls about shootings came in, officials on many of the campuses pushed out emergency notifications directing students and employees to shelter in place, while police investigated what turned out to be false reports. (Iowa State was able to verify the lack of a threat before a campuswide alert was sent, its police chief said. [They had a live video feed from the location the caller claimed to be from.]) In at least three cases, 911 calls reporting a shooting purported to come from campus libraries, where the sound of gunshots could be heard over the phone, officials told The Washington Post...

Although false bomb reports, shooter threats and swatting incidents are not new, bad actors used to be more easily traceable through landline phones. But the era of internet-based services, virtual private networks, and anonymous text and chat tools has made unmasking hoax callers far more challenging... In 2023, a Post investigation found that more than 500 schools across the United States were subject to a coordinated swatting effort that may have had origins abroad...

[In Chattanooga, Tennessee last week] a dispatcher heard gunfire during a call reporting an on-campus shooting. "We grabbed everybody that wasn't already out on the street and got to that location," said University of Tennessee at Chattanooga Police spokesman Brett Fuchs. About 150 officers from several agencies responded. There was no shooter.
The New York Times reports that an online group called "Purgatory" is "suspected of being connected to several of the episodes, including reports of shootings, according to cybersecurity experts, law enforcement agencies and the group members' own posts in a social media chat." (Though the Times, couldn't verify the group's claims.) Federal authorities previously connected the same network to a series of bomb scares and bogus shooting reports in early 2024, for which three men pleaded guilty this year... Bragging about its recent activities, Purgatory said that it could arrange more swatting episodes for a fee.
USA Today tries to quantify the reach of swatting: Estimated swatting incidents jumped from 400 in 2011 to more than 1,000 in 2019, according to the Anti-Defamation League, which cited a former FBI agent whose expertise is in swatting. From January 2023 to June 2024 alone, more than 800 instances of swatting were recorded at U.S. elementary, middle and high schools, according to the K-12 School Shootings Database, created by a University of Central Florida doctoral student in response to the Parkland High School shooting in 2018.tise is in swatting... David Riedman, a data scientist and creator of the K-12 School Shooting Database, estimates that in 2023, it cost $82,300,000 for police to respond to false threats.
Thanks to long-time Slashdot reader schwit1 for sharing the news.

They offer "a self-sustaining power solution for marine regions," according to a newly published 41-page review after "pioneering use in wave energy harvesting in 2014". Ten years later, researchers have developed several structures for these "triboelectric nanogenerators" (TENGs) to "facilitate their commercial deployment." But there's a lack of "comprehensive summaries and performance evaluations".

So the review "distills a decade of blue-energy research into six design pillars" for next-generation technology, writes EurekaAlert, which points the way "to self-powered ocean grids, distributed marine IoT, and even hydrogen harvested from the sea itself..." By "translating chaotic ocean motion into deterministic electron flow," the team "turns every swell, gust and glint of sunlight into dispatchable power — ushering in an era where the sea itself becomes a silent, self-replenishing power plant."

Some insights: - Multilayer stacks, origami folds and magnetic-levitation frames push volumetric power density...three orders of magnitude above first-generation prototypes.

- Frequency-complementary couplings of TENG, EMG and PENG create full-spectrum harvesters that deliver 117 % power-conversion efficiency in real waves.

- Pendulum, gear and magnetic-multiplier mechanisms translate chaotic 0.1-2 Hz swells into stable high-frequency oscillations, multiplying average power 14-fold.

- Resonance-tuned structures now span 0.01-5 Hz, locking onto shifting wave spectra across seasons and sea states.

- Spherical, dodecahedral and tensegrity architectures harvest six-degree-of-freedom motion, eliminating orientational blind spots.

- Single devices co-harvest wave, wind and solar inputs, powering self-charging buoys that cut battery replacement to zero...
Another new wave energy project is moving forward, according to the blog Renewable Energy World: Eco Wave Power, an onshore wave energy technology company, announced that its U.S. pilot project at the Port of Los Angeles has successfully completed operational testing and achieved a new milestone: the lowering of its floaters into the water for the first time. The moment, broadcast live by Good Morning America, follows the finalization of all installation works at the project site, including full installation of all wave energy floaters; connection of hydraulic pipes and supporting infrastructure; and placement of the onshore energy conversion unit.

With installation completed, Eco Wave Power has now officially entered the operational phase of its U.S. excursion... [Inna Braverman, founder and CEO of Eco Wave Power] said "This pilot station is a vital step in demonstrating how wave energy can be harnessed using existing marine infrastructure, while laying the groundwork for full-scale commercialization in the United States...." Eco Wave Power's patented onshore wave energy system attaches floaters to existing marine structures. The up-and-down motion of the waves drives hydraulic cylinders, which send pressurized fluid to a land-based energy conversion unit that generates electricity... The U.S. Department of Energy's National Renewable Energy Laboratory estimates that wave energy has the potential to generate over 1,400 terawatt-hours per year — enough to power approximately 130 million homes.

Eco Wave Power's 404.7 MW global project pipeline also includes upcoming operational sites in Taiwan, India, and Portugal, alongside its grid-connected station in Israel.
Long-time Slashdot reader PongoX11 also brings word of a company building a "simple" floating rig to turn wave motion into electricity, calling it "a steel can that moves water around" and wondering if "This one might work!"

The news site TechEBlog points out that "Unlike old-school wave energy systems with clunky mechanical parts, Ocean-2 rocks a modular, flexible setup that rolls with the ocean's flow." At about 10 meters wide [30 feet wide. and 260 feet long!], it is made from materials designed to (hopefully) withstand the ocean's abuse, over some maintenance cycle. It's designed for deep ocean, so solving this technically is the first big challenge. Figuring out how to use/monetize all that cheap energy out in the middle of nowhere will be the next.
"Ocean-2 works with the ocean, not against it, so we can generate power without messing up marine life," said Panthalassa's CEO, Dr. Elena Martinez, according to TechEBlog: Tests in Puget Sound, done with Everett Ship Repair, showed it pumping out up to 50 kilowatts in decent conditions — enough juice for a small coastal town. "We're thinking big," Martinez said in a press release. "Ocean-2 is just the start, but we're already planning bigger arrays that could crank out gigawatts..." Looking forward, Panthalassa sees Ocean-2 as part of a massive wave energy network. By 2030, they're aiming to roll out arrays that could power whole coastal cities, cutting down on fossil fuel use.

An anonymous reader quotes a report from The Verge: After bringing 4G and 5G connectivity to the Underground, London's public transport authority has started scolding noisy passengers who subject everyone to music and calls blasting out of their phones. A new poster campaign launched by Transport for London (TfL) this week encourages customers to wear headphones when watching or listening to content on their devices to reduce disruption for other commuters.

"Please don't disturb others with loud music or calls when traveling on the network," reads the "Headphones On" poster. The posters are already being displayed on the Elizabeth rail line, according to TfL, and will expand to bus, Docklands Light Railway, London Overground, London Underground, and London Tram services from October.

The campaign targets headphone dodgers as data coverage becomes more available across the underground rail network, making it easier for passengers to stream content and make calls on the go. People who do so without donning headphones are annoying other commuters, however, with TfL research showing that 70 percent of 1,000 surveyed customers reported loud music and phone calls disrupting their journeys. "The vast majority of Londoners use headphones when traveling on public transport in the capital, but the small minority who play music or videos out loud can be a real nuisance to other passengers and directly disturb their journeys," says London's deputy transport mayor, Seb Dance. "TfL's new campaign will remind and encourage Londoners to always be considerate of other passengers."

Mastodon says it cannot comply with Mississippi's new age verification law because its decentralized software does not support age checks and the nonprofit lacks resources to enforce them. "The social nonprofit explains that Mastodon doesn't track its users, which makes it difficult to enforce such legislation," reports TechCrunch. "Nor does it want to use IP address-based blocks, as those would unfairly impact people who were traveling, it says." From the report: The statement follows a lively back-and-forth conversation earlier this week between Mastodon founder and CEO Eugen Rochko and Bluesky board member and journalist Mike Masnick. In the conversation, published on their respective social networks, Rochko claimed, "there is nobody that can decide for the fediverse to block Mississippi." (The Fediverse is the decentralized social network that includes Mastodon and other services, and is powered by the ActivityPub protocol.) "And this is why real decentralization matters," said Rochko.

Masnick pushed back, questioning why Mastodon's individual servers, like the one Rochko runs at mastodon.social, would not also be subject to the same $10,000 per user fines for noncompliance with the law. On Friday, however, the nonprofit shared a statement with TechCrunch to clarify its position, saying that while Mastodon's own servers specify a minimum age of 16 to sign up for its services, it does not "have the means to apply age verification" to its services. That is, the Mastodon software doesn't support it. The Mastodon 4.4 release in July 2025 added the ability to specify a minimum age for sign-up and other legal features for handling terms of service, partly in response to increased regulation around these areas. The new feature allows server administrators to check users' ages during sign-up, but the age-check data is not stored. That means individual server owners have to decide for themselves if they believe an age verification component is a necessary addition.

The nonprofit says Mastodon is currently unable to provide "direct or operational assistance" to the broader set of Mastodon server operators. Instead, it encourages owners of Mastodon and other Fediverse servers to make use of resources available online, such as the IFTAS library, which provides trust and safety support for volunteer social network moderators. The nonprofit also advises server admins to observe the laws of the jurisdictions where they are located and operate. Mastodon notes that it's "not tracking, or able to comment on, the policies and operations of individual servers that run Mastodon." Bluesky echoed those comments in a blog post last Friday, saying the company doesn't have the resources to make the substantial technical changes this type of law would require.

An anonymous reader quotes a report from Phys.org: In a first-of-its-kind experiment, engineers at the University of Pennsylvania brought quantum networking out of the lab and onto commercial fiber-optic cables using the same Internet Protocol (IP) that powers today's web. Reported in Science, the work shows that fragile quantum signals can run on the same infrastructure that carries everyday online traffic. The team tested their approach on Verizon's campus fiber-optic network. The Penn team's tiny "Q-chip" coordinates quantum and classical data and, crucially, speaks the same language as the modern web. That approach could pave the way for a future "quantum internet," which scientists believe may one day be as transformative as the dawn of the online era.

Quantum signals rely on pairs of "entangled" particles, so closely linked that changing one instantly affects the other. Harnessing that property could allow quantum computers to link up and pool their processing power, enabling advances like faster, more energy-efficient AI or designing new drugs and materials beyond the reach of today's supercomputers. Penn's work shows, for the first time on live commercial fiber, that a chip can not only send quantum signals but also automatically correct for noise, bundle quantum and classical data into standard internet-style packets, and route them using the same addressing system and management tools that connect everyday devices online. "By showing an integrated chip can manage quantum signals on a live commercial network like Verizon's, and do so using the same protocols that run the classical internet, we've taken a key step toward larger-scale experiments and a practical quantum internet," says Liang Feng, Professor in Materials Science and Engineering (MSE) and in Electrical and Systems Engineering (ESE), and the Science paper's senior author.

"This feels like the early days of the classical internet in the 1990s, when universities first connected their networks," added Robert Broberg, a doctoral student in ESE and co-author of the paper. "That opened the door to transformations no one could have predicted. A quantum internet has the same potential."

Nevada has been crippled by a cyberattack that began on August 24, taking down state websites, intermittently disabling phone lines, and forcing offices like the DMV to close. The Register reports: The Office of Governor Joseph Lombardo announced the attack via social media on Monday, saying that a "network security incident" took hold in the early hours of August 24. Official state websites remain unavailable, and Lombardo's office warned that phone lines will be intermittently down, although emergency services lines remain operational. State offices are also closed until further notice, including Department of Motor Vehicles (DMV) buildings. The state said any missed appointments will be honored on a walk-in basis.

"The Office of the Governor and Governor's Technology Office (GTO) are working continuously with state, local, tribal, and federal partners to restore services safely," the announcement read. "GTO is using temporary routing and operational workarounds to maintain public access where it is feasible. Additionally, GTO is validating systems before returning them to normal operation and sharing updates as needed." Local media outlets are reporting that, further to the original announcement, state offices will remain closed on Tuesday after officials previously expected them to reopen. The state's new cybersecurity office says there is currently no evidence to suggest that any Nevadans' personal information was compromised during the attack.

After losing his job in 2024, Eric Thompson spearheaded a working group to push for federal legislation banning "ghost jobs" -- openings posted with no intent to hire. The proposed Truth in Job Advertising and Accountability Act would require transparency around job postings, set limits on how long ads can remain up, and fine companies that violate the rules. CNBC reports: "There's nothing illegal about posting a job, currently, and never filling it," says Thompson, a network engineering leader in Warrenton, Virginia. Not to mention, it's "really hard to prove, and so that's one of the reasons that legally, it's been kind of this gray area." As Thompson researched more into the phenomenon, he connected with former colleagues and professional connections across the country experiencing the same thing. Together, the eight of them decided to form the TJAAA working group to spearhead efforts for federal legislation to officially ban businesses from posting ghost jobs.

In May, the group drafted its first proposal: The TJAAA aims to require that all public job listings include information such as:
- The intended hire and start dates
- Whether it's a new role or backfill
- If it's being offered internally with preference to current employees
- The number of times the position has been posted in the last two years, and other factors, according to the draft language.

It also sets guidelines for how long a post is required to be up (no more than 90 calendar days) and how long the submission period can be (at least four calendar days) before applications can be reviewed. The proposed legislation applies to businesses with more than 50 employees, and violators can be fined a minimum of $2,500 for each infraction. The proposal provides a framework at the federal level, Thompson says, because state-level policies won't apply to employers who post listings across multiple states, or who use third-party platforms that operate beyond state borders.

Dish's parent company EchoStar is selling $23 billion worth of 5G spectrum licenses to AT&T and shifting Boost Mobile onto AT&T and T-Mobile networks, effectively abandoning its bid to become the fourth major U.S. wireless carrier. The Verge reports: As part of T-Mobile's deal to acquire Sprint in 2019, the Department of Justice stipulated that another company must replace it as the fourth major wireless carrier. Dish came forward to acquire Boost Mobile from Sprint, paying $1.4 billion to purchase the budget carrier and other prepaid assets. Since then, Dish has spent billions acquiring spectrum to build out its own 5G network, which the company said was close to reaching 80 percent of the US population as of last year, in line with the Federal Communications Commission's deadline to meet certain coverage requirements.

But Dish struggled to repay mounting debt, leading it to rejoin EchoStar, the company it originally spun off from in 2008. And at the same time, it came under renewed pressure from the FCC to make use of its spectrum. In April, the Elon Musk-owned SpaceX wrote a letter to the FCC saying EchoStar "barely uses" the AWS-4 (2GHz) spectrum band for satellite connectivity. Weeks later, FCC chair Brendan Carr opened an investigation into EchoStar's 5G expansion, criticizing the company's slow buildout and claiming that it had lost Boost Mobile customers since its acquisition of the carrier. Carr also questioned EchoStar's use of the AWS-4 spectrum, which isn't included in its deal with AT&T.

In July, Carr said that he's not concerned with having a fourth mobile provider, saying during an open meeting that there isn't a "magic number" of carriers needed in the US to maintain competition. "We're always looking at a confluence of different factors to make sure that there's sufficient competition," he said, as reported by Fierce Network. Now, EchoStar will become a hybrid mobile network operator, which is a carrier that operates on its own network, in addition to using other companies' infrastructure. As noted in the press release, Boost Mobile will provide connectivity through AT&T towers and the T-Mobile network. "This ensures the survival of Boost Mobile," [said Roger Entner, founder and lead analyst at Recon Analytics]. "It gives them money, but at the end, they don't have much of a network left."

The Hill reports: Russian state-sponsored hackers have targeted thousands of networking devices associated with U.S. critical infrastructure sectors over the past year, the FBI warned Wednesday. The cyber actors are associated with the Russian Federal Security Service's (FSB) Center 16 and have taken aim at a vulnerability in certain Cisco devices, according to an agency public service announcement.

In some cases, hackers have been able to modify configuration files to enable unauthorized access, which they have used to conduct reconnaissance on networks. This has "revealed their interest in protocols and applications commonly associated with industrial control systems," the FBI said.

Cisco's threat intelligence research arm, Talos, explained in a separate advisory that a subcluster of this group, which it has named "Static Tundra," is targeting a seven-year-old vulnerability in the company's Smart Install feature. The firm has offered a patch for the vulnerability, but it remains a problem in unpatched and end-of-life network devices, it warned.
"Once they establish initial access to a network device, Static Tundra will pivot further into the target environment, compromising additional network devices and establishing channels for long-term persistence and information gathering," warns the Talos blog. "This is demonstrated by the group's ability to maintain access in target environments for multiple years without being detected."

In a statement emailed to The Register, a Cisco spokesperson "said the company is aware of ongoing exploitation targeting this flaw." "We strongly urge customers to immediately upgrade to fixed software versions as outlined in the security advisory and follow our published security best practices," the spokesperson said, directing customers to the FBI's announcement and Cisco Talos blog for additional details.

The ongoing campaign targets telecommunications, higher education, and manufacturing organizations across North America, Asia, Africa, and Europe, "with victims selected based on their strategic interest to the Russian government," according to Talos researchers Sara McBroom and Brandon White. "We assess that the purpose of this campaign is to compromise and extract device configuration information en masse, which can later be leveraged as needed based on then-current strategic goals and interests of the Russian government," McBroom and White wrote.

And while both security alerts focus on the FSB's latest round of network intrusions, "many other state-sponsored actors also covet the access these devices afford," the Talos team warned. "Organizations should be aware that other advanced persistent threats (APTs) are likely prioritizing carrying out similar operations as well."
Some context from Hot Hardware: Cisco indicated in its advisory that "Only Smart Install client switches are affected by the vulnerability". The list of affected devices is in Table A-1 here. For a successful attack, hackers exploit a vulnerability tracked as CVE-2018-0171. This was a vulnerability that was patched way back in 2018.

The U.S. government's 10% stake in Intel "is a mistake," writes the Washington Post's editorial board, calling Intel "an aging also-ran in critical markets" that "has spent recent years stumbling on execution and missing one strategic opportunity after another."

But TechCrunch points out that the U.S. government "does not appear to be committing new funds. Instead, it's simply making good on what Intel described as 'grants previously awarded, but not yet paid, to Intel.'" Specifically, the $8.9 billion is supposed to come from $5.7 billion awarded-but-not-paid to Intel under the Biden administration's CHIPS Act, as well as $3.2 billion also awarded by the Biden administration through the Secure Enclave program. In a post on his social network Truth Social, Trump wrote, "The United States paid nothing for these shares..." Trump has been critical of the CHIPS Act, calling it a "horrible, horrible thing" and calling on House Speaker Mike Johnson to "get rid" of it...

According to The New York Times, some bankers and lawyers believe the CHIPS Act may not allow the government to convert its grants to equity, opening this deal to potential legal challenges.
Reuters writes that the money "will not be enough for its contract-chipmaking business to flourish, analysts said. Intel still needs external customers for its cutting-edge 14A manufacturing process to go to production, says Summit Insights analyst Kinngai Chan, "to make its foundry arm economically viable." "We don't think any government investment will change the fate of its foundry arm if they cannot secure enough customers..."

Reuters has reported that Intel's current 18A process — less advanced than 14A — is facing problems with yield, the measure of how many chips printed are good enough to make available to customers. Large chip factories including TSMC swallow the cost of poor yields during the first iterations of the process when working with customers like Apple. For Intel, which reported net losses for six straight quarters, that's hard to do and still turn a profit. "If the yield is bad then new customers won't use Intel Foundry, so it really won't fix the technical aspect of the company," said Ryuta Makino, analyst at Gabelli Funds, which holds Intel stock.

Makino, who believes that Intel can ultimately produce chips at optimal yields, views the deal as a net negative for Intel compared with just receiving the funding under the CHIPS Act as originally promised under the Biden Administration. "This isn't free money," he said. The federal government will not take a seat on Intel's board and has agreed to vote with the company's board on matters that need shareholder approval, Intel said. But this voting agreement comes with "limited exceptions" and the government is getting Intel's shares at a 17.5% discount to their closing price on Friday. The stake will make the U.S. government Intel's biggest shareholder, though neither Trump nor Intel disclosed when the transaction would happen...

Some analysts say Intel could benefit from the government's support, including in building out factories. Intel has said it is investing more than $100 billion to expand its U.S. factories and expects to begin high-volume chip production later this year at its Arizona plant. "To have access to capital and a new partial owner that wants to see you succeed are both important," said Peter Tuz, president of Chase Investment Counsel.

British telecommunications service provider Colt Telecom "has offices in over 30 countries across North America, Europe, and Asia, reports CPO magazine. "It manages nearly 1,000 data centers and roughly 75,000 km of fiber infrastructure."

But now "a cyber attack has caused widespread multi-day service disruption..." On August 14, 2025, the telecom giant said it had detected a cyber attack that began two days earlier, on August 12. Upon learning of the cyber intrusion, the telecommunications service provider responded by proactively taking some systems offline to contain the cyber attack. Although Colt Telecom's cyber incident response team was working around the clock to mitigate the impacts of the cyber attack, service disruption has persisted for days. However, the service disruption did not affect the company's core network infrastructure, suggesting that Colt customers could still access its network services... The company also did not provide a clear timeline for resolving the service disruption. A week after the apparent ransomware attack, Colt Online and the Voice API platform remained unavailable.
And now Colt Technology Services "confirms that customer documentation was stolen," reports the tech news site BleepingComputer: "A criminal group has accessed certain files from our systems that may contain information related to our customers and posted the document titles on the dark web," reads an updated security incident advisory on Colt's site.

"We understand that this is concerning for you."

"Customers are able to request a list of filenames posted on the dark web from the dedicated call centre."

As first spotted by cybersecurity expert Kevin Beaumont, Colt added the no-index HTML meta tag to the web page, making it so it won't be indexed by search engines.

This statement comes after the Warlock Group began selling on the Ramp cybercrime forum what they claim is 1 million documents stolen from Colt. The documents are being sold for $200,000 and allegedly contain financial information, network architecture data, and customer information... The Warlock Group (aka Storm-2603) is a ransomware gang attributed to Chinese threat actors who utilize the leaked LockBit Windows and Babuk VMware ESXi encryptors in attacks... Last month, Microsoft reported that the threat actors were exploiting a SharePoint vulnerability to breach corporate networks and deploy ransomware.
"Colt is not the only telecom firm that has been named by WarLock on its leak website in recent days," SecurityWeek points out. "The cybercriminals claim to have also stolen data from France-based Orange."

Thanks to long-time Slashdot reader Z00L00K for sharing the news.

An anonymous reader quotes a report from The Register: Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month's SharePoint zero-day attacks, which appear to be related to a leak in Redmond's early-bug-notification program. The software behemoth gives some software vendors early bug disclosures under its Microsoft Active Protections Program (MAPP), which typically delivers info two weeks before Patch Tuesday. MAPP participants sign a non-disclosure agreement, and in exchange get vulnerability details so that they can provide updated protections to customers more quickly.

According to Microsoft spokesperson David Cuddy, who spoke with Bloomberg about changes to the program, MAPP has begun limiting access to companies in "countries where they're required to report vulnerabilities to their governments," including China. Companies in these countries will no longer receive "proof of concept" exploit code, but instead will see "a more general written description" that Microsoft sends at the same time as patches, Cuddy told the news outlet. "A leak happened here somewhere," Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register in July. "And now you've got a zero-day exploit in the wild, and worse than that, you've got a zero-day exploit in the wild that bypasses the patch, which came out the next day."

Childs said the MAPP change "is a positive change, if a bit late. Anything Microsoft can do to help prevent leaks while still offering MAPP guidance is welcome."

"In the past, MAPP leaks were associated with companies out of China, so restricting information from flowing to these companies should help," Childs said. "The MAPP program remains a valuable resource for network defenders. Hopefully, Microsoft can squelch the leaks while sending out the needed information to companies that have proven their ability (and desire) to protect end users."

Davis Lu, a former Eaton Corporation developer, has been sentenced to four years in prison for sabotaging his ex-employer's Windows network with malware and a custom kill switch that locked out thousands of employees once his account was disabled. The attack caused significant operational disruption and financial losses, with Lu also attempting to cover his tracks by deleting data and researching privilege escalation techniques. BleepingComputer reports: After a corporate restructuring and subsequent demotion in 2018, the DOJ says that Lu retaliated by embedding malicious code throughout the company's Windows production environment. The malicious code included an infinite Java thread loop designed to overwhelm servers and crash production systems. Lu also created a kill switch named "IsDLEnabledinAD" ("Is Davis Lu enabled in Active Directory") that would automatically lock all users out of their accounts if his account was disabled in Active Directory. When his employment was terminated on September 9, 2019, and his account disabled, the kill switch activated, causing thousands of users to be locked out of their systems.

"The defendant breached his employer's trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company," said Acting Assistant Attorney General Matthew R. Galeotti. When he was instructed to return his laptop, Lu reportedly deleted encrypted data from his device. Investigators later discovered search queries on the device researching how to elevate privileges, hide processes, and quickly delete files. Lu was found guilty earlier this year of intentionally causing damage to protected computers. After his four-year sentence, Lu will also serve three years of supervised release following his prison term.

A federal appeals court rejected T-Mobile's attempt to overturn $92 million in fines for selling customer location information to third-party firms. From a report: The Federal Communications Commission last year fined T-Mobile, AT&T, and Verizon, saying the carriers illegally shared access to customers' location information without consent and did not take reasonable measures to protect that sensitive data against unauthorized disclosure. The fines relate to sharing of real-time location data that was revealed in 2018, but it took years for the FCC to finalize the penalties.

The three carriers appealed the rulings in three different courts, and the first major decision was handed down Friday. A three-judge panel at the US Court of Appeals for the District of Columbia Circuit ruled unanimously against T-Mobile and its subsidiary Sprint. "Every cell phone is a tracking device," the ruling begins. "To receive service, a cell phone must periodically connect with the nearest tower in a wireless carrier's network. Each time it does, it sends the carrier a record of the phone's location and, by extension, the location of the customer who owns it. Over time, this information becomes an exhaustive history of a customer's whereabouts and 'provides an intimate window into [that] person's life.'"

An anonymous reader quotes a report from Reuters: Serbian scientists have been experimenting with mealworms as a way to break down polystyrene. Larisa Ilijin, a principal research fellow at Belgrade's Institute for Biology, said the scientists had discovered that mealworms can digest various plastics, including polystyrene, which is used in packaging, insulation and food containers. In the project endorsed by the government and the United Nations' agency for international development, UNDP, and other international donors, they have been including the polystyrene in the regular food of the larval form of the yellow mealworm beetle, or Tenebrio molitor.

They habitually eat more or less anything, but need the training to eat the plastic products. "We have larvae that have been adapted over a long time to biodegrade plastic, to be as efficient as possible in the process," Ilijin told Reuters. She said the bacteria living in their guts break down the plastic into carbon dioxide and water, and showed no evidence of leaving microplastic residue in their innards or faeces. The work builds on similar research projects in the U.S. and Africa. [...]

The institute has given Belgrade-based Belinda Animals several containers of the mealworms. It is now breeding them and hoping to attract a network of similar farms. "When breaking down 1 kg of Styrofoam, larvae emit one to two grams of carbon dioxide ... If we incinerate it ... (Styrofoam) emits over 4,000 times more," owner Boris Vasiljev said. He also envisages the larvae being used as animal feed, should it reach a large commercial scale. The use of mealworms is still in its infancy, Ilijin said, as Serbia still needs to adopt regulations that would allow the use and sale of insect products for animal fodder. "Styrofoam takes over 500 years to decompose in nature ... this would be one of the good ways for solving the problem of plastic waste in nature," Ilijin said.

A 22-year-old Oregon man has been charged with operating one of the most powerful botnets ever recorded. The network, known as Rapper Bot, launched over 370,000 DDoS attacks worldwide, including against X, DeepSeek, U.S. tech firms, and even Defense Department systems. It was allegedly operated by Ethan Foltz of Eugene, Oregon. The Wall Street Journal reports: Foltz faces a maximum of 10 years in prison on a charge of abetting computer intrusions, the Justice Department said in a news release. Rapper Bot was made up of tens of thousands of hacked devices and was capable of flooding victims' websites with enough junk internet traffic to knock them offline, an attack known as a distributed denial of service, or DDoS.

In February, the networking company Nokia measured a Rapper Bot attack against a gaming platform at 6.5 trillion bits per second, well above the several hundred million bits a second of the average high-speed internet connection. "This would place Rapper Bot among the most powerful DDoS botnets to have ever existed," said a criminal complaint that the prosecutors filed Tuesday in a federal court in Alaska. Investigators said Rapper Bot's attacks were so powerful that they were able to overwhelm all but the most robust networks.

Foltz allegedly rented out Rapper Bot to paying customers, including gambling website operators who would use the network in extortion attempts, according to the complaint. The botnet was used to launch more than 370,000 attacks in 80 countries, including China, Japan and the U.S., prosecutors said. It launched its attacks from hacked routers, digital video recorders and cameras, not from computers. [...] "At its height, it mobilized tens of thousands of devices, many with no prior role in DDoS," said Jerome Meyer, a researcher with Nokia's Deepfield network-analysis division. "Taking it down removes a major source of the largest attacks we see."

Puerto Rico expects 93 different power outages this summer, reports the Washington Post.

But they also note that "roughly 1 in 10 Puerto Rican homes now have a battery and solar array for backup power" which have also "become a crucial source of backup power for the entire island grid." A network of 69,000 home batteries can generate as much electricity as a small natural gas turbine during an emergency, temporarily covering about 2 percent of the island's energy needs when things go wrong... "It has very, very certainly prevented more widespread outages," said Daniel Haughton, [transmission and distribution planning director for Puerto Rico's grid operator]. "In the instances that we had to [cut power], it was for a much shorter duration: A four-hour outage became a one- or two-hour outage."

Puerto Rico's experience offers a glimpse into the future for the rest of the United States, where batteries are starting to play a big role in keeping the lights on. Authorities in Texas, California and New England have credited home batteries with preventing blackouts during summer energy crunches. As power grids across the country groan under the increasing strain of new data centers, factories and EVs, batteries offer a way for homeowners to protect themselves — and all of their neighbors — from the threat of outages. Batteries have been booming in the U.S. since 2022, when Congress created generous installation tax credits for homeowners and power companies.

Home batteries generally come as an option alongside rooftop solar panels, according to Christopher Rauscher, head of grid services and electrification for Sunrun, a company that installs both. More than 70 percent of the people who hire Sunrun to put up solar panels also get a battery. With the tax credits — and the money saved on rising electricity costs — solar panels and batteries make financial sense for most American homes, according to a study Stanford University scientists published Aug. 1. About 60 percent of homes would save money in the long run with solar panels and batteries...

Those batteries can have broader benefits, too. Utilities pay customers hundreds of dollars a year to sign their batteries up to form "virtual power plants," which send electricity to the grid whenever power plants can't keep up with demand. California's network of home batteries can now add 535 megawatts of electricity in an emergency — about half as much energy as a nuclear power plant... [H]omeowners can make thousands of dollars a year lowering their energy bills, selling solar power back to the grid or enrolling their batteries in a virtual power plant, depending on their power company's policies and state regulations. "Over time, you would get the full payback for your system and basically get your backup for free," said Ram Rajagopal, an associate professor of civil and environmental engineering who co-authored the Stanford study.

An anonymous reader writes: Kaisen Linux, a Debian-based distro packed with tools for sysadmins, system rescue, and network diagnostics, is shutting down. This comes not long after Intel's Clear Linux also reached the end of the road.

Kaisen offered multiple desktop environments like KDE Plasma, LXQt, MATE, and Xfce, plus a "toram" mode that could load the whole OS into RAM so you could free up your USB port. The final release, Rolling 3.0, updates the base to Debian 13, defaults to KDE Plasma 6, replaces LightDM with SDDM, drops some packages like neofetch and hping3, and adds things like faster BTRFS snapshot restores, full ZFS support, and safer partitioning behavior.

Unlike Clear Linux, Kaisen will still get security updates for the next two years, giving current users time to migrate without rushing.

An anonymous reader shares a report: Manufacturer to the stars Foxconn is building so many AI servers that they're now bringing in more cash than consumer electronics -- even counting the colossal quantity of iPhones it creates for Apple.

The Taiwanese company revealed the shift in its Thursday announcement of Q2 results, which saw revenue grow 16% to NT$1.79 trillion ($59.73 billion) and operating profit rise 27% to NT$56.6 billion ($1.9 billion). CEO Kathy Yang told investors the company's Cloud and Networking Products division delivered 41% of total revenue, up nine percent compared to Q2 2024, and surpassing the company's Smart Consumer Electronics unit for the first time. The latter business includes Foxconn's work for Apple.