This week Apple patched iOS and macOS against what it called "an extremely sophisticated attack against specific targeted individuals."

Security Week reports that the bugs "could be exploited for information exposure, denial-of-service (DoS), arbitrary file write, privilege escalation, network traffic interception, sandbox escape, and code execution." Tracked as CVE-2026-20700, the zero-day flaw is described as a memory corruption issue that could be exploited for arbitrary code execution... The tech giant also noted that the flaw's exploitation is linked to attacks involving CVE-2025-14174 and CVE-2025-43529, two zero-days patched in WebKit in December 2025...

The three zero-day bugs were identified by Apple's security team and Google's Threat Analysis Group and their descriptions suggest that they might have been exploited by commercial spyware vendors... Additional information is available on Apple's security updates page.
Brian Milbier, deputy CISO at Huntress, tells the Register that the dyld/WebKit patch "closes a door that has been unlocked for over a decade."

Thanks to Slashdot reader wiredmikey for sharing the article.

"ChatGPT is getting more social," reports PC Magazine, "with a new feature that allows you to sync your contacts to see if any of your friends are using the chatbot or any other OpenAI product..." It's "completely optional," [OpenAI] says. However, even if you don't opt in, anyone with your number who syncs their contacts are giving OpenAI your digits. "OpenAI may process your phone number if someone you know has your phone number saved in their device's address book and chooses to upload their contacts," the company says...

But why would you follow someone on ChatGPT? It lines up with reports, dating back to April, that OpenAI is building a social network. We haven't seen much since then, save for the Sora generative video app, which exists outside of ChatGPT and is more of a novelty. Contact sharing might be the first step toward a much bigger evolution for the world's most popular chatbot. ChatGPT also supports group chats that let up to 20 people discuss and research something using the chatbot. Contact syncing could make it easier to invite people to these chats...

[OpenAI] claims it will not store the full data that might appear in your contact list, such as names or email addresses — just phone numbers. However, the company does store the phone numbers in its servers in a coded (or hashed) format. You can also revoke access in your device's settings.
09

Following intense backlash to its partnership with Flock Safety, a surveillance technology company that works with law enforcement agencies, Ring has announced it is canceling the integration. From a report: In a statement published on Ring's blog and provided to The Verge ahead of publication, the company said: "Following a comprehensive review, we determined the planned Flock Safety integration would require significantly more time and resources than anticipated. We therefore made the joint decision to cancel the integration and continue with our current partners ... The integration never launched, so no Ring customer videos were ever sent to Flock Safety."

[...] Over the last few weeks, the company has faced significant public anger over its connection to Flock, with Ring users being encouraged to smash their cameras, and some announcing on social media that they are throwing away their Ring devices. The Flock partnership was announced last October, but following recent unrest across the country related to ICE activities, public pressure against the Amazon-owned Ring's involvement with the company started to mount. Flock has reportedly allowed ICE and other federal agencies to access its network of surveillance cameras, and influencers across social media have been claiming that Ring is providing a direct link to ICE.

Ring's Super Bowl ad on Sunday promoted "Search Party," a feature that lets a user post a photo of a missing dog in the Ring app and triggers outdoor Ring cameras across the neighborhood to use AI to scan for a match. 404 Media argues the cheerful premise obscures what the Amazon-owned company has become: a massive, consumer-deployed surveillance network.

Ring founder Jamie Siminoff, who left in 2023 and returned last year, has since moved to re-establish police partnerships and push more AI into Ring cameras. The company has also partnered with Flock, a surveillance firm used by thousands of police departments, and launched a beta feature called "Familiar Faces" that identifies known people at your door. Chris Gilliard, author of the upcoming book Luxury Surveillance, called the ad "a clumsy attempt by Ring to put a cuddly face on a rather dystopian reality: widespread networked surveillance by a company that has cozy relationships with law enforcement."

Further reading: No One, Including Our Furry Friends, Will Be Safer in Ring's Surveillance Nightmare, EFF Says

T-Mobile is opening registration today for a beta test of Live Translation, an AI-powered feature that will translate live phone calls into more than 50 languages when it launches this spring.

The feature operates at the network level, so it doesn't require any specific app or device -- beta participants simply dial 87 to activate it on a call. T-Mobile President of Technology and CTO John Saw told The Verge that Live Translation works over VoLTE, VoNR and VoWiFi, meaning it isn't limited to 5G. The only requirement is that a T-Mobile customer must initiate the translation. The beta will be free, though T-Mobile has not said whether the feature will eventually be paywalled.

The mailing list for the North American Network Operators' Group discusses Internet infrastructure issues like routing, IP address allocation, and containing malicious activity. This morning there was another message: We are heartbroken to report that our colleague — our mentor, friend, and conscience — David J. Farber passed away suddenly at his home in Roppongi, Tokyo. He left us on Saturday, Feb. 7, 2026, at the too-young age of 91...

Dave's career began with his education at Stevens Institute of Technology, which he loved deeply and served as a Trustee. He joined the legendary Bell Labs during its heyday, and worked at the Rand Corporation. Along the way, among countless other activities, he served as Chief Technologist of the U.S. Federal Communications Commission; became a proficient (instrument-rated) pilot; and was an active board member of the Electronic Frontier Foundation, a digital civil-liberties organization.

His professional accomplishments and impact are almost endless, but often captured by one moniker: "grandfather of the Internet," acknowledging the foundational contributions made by his many students at the University of California, Irvine; the University of Delaware; the University of Pennsylvania; and Carnegie Mellon University. In 2018, at the age of 83, Dave moved to Japan to become Distinguished Professor at Keio University and Co-Director of the Keio Cyber Civilization Research Center (CCRC). He loved teaching, and taught his final class on January 22, 2026... Dave thrived in Japan in every way...

It's impossible to summarize a life and career as rich and long as Dave"s in our few words here. And each of us, even those who knew him for decades, represent just one facet of his life. But because we are here at its end, we have the sad duty of sharing this news.
Farber once said that " At both Bell Labs and Rand, I had the privilege, at a young age, of working with and learning from giants in our field. Truly I can say (as have others) that I have done good things because I stood on the shoulders of those giants. In particular, I owe much to Dr. Richard Hamming, Paul Baran and George Mealy."

Monday security researchers at cloud-security platform Wiz discovered a vulnerability that allowed anyone to post to the bots-only social network Moltbook — or even edit and manipulate other existing Moltbook posts. "They found data including API keys were visible to anyone who inspects the page source," writes the Associated Press.

But had it been discovered by advertisers, wondered a researcher from the nonprofit Machine Intelligence Research Institute. "A lot of the Moltbook stuff is fake," they posted on X.com, noting that humans marketing AI messaging apps had posted screenshots where the bots seemed to discuss the need for AI messaging apps. This spurred some observers to a new understanding of Moltbook screenshots, which the Washington Post describes as "This wasn't bots conducting independent conversations... just human puppeteers putting on an AI-powered show." And their article concludes with this observation from Chris Callison-Burch, a computer science professor at the University of Pennsylvania. "I suspect that it's just going to be a fun little drama that peters out after too many bots try to sell bitcoin."

But the Post also tells the story of an unsuspecting retiree in Silicon Valley spotting what appeared to be startling news about Moltbook in Reddit's AI forum: Moltbook's participants — language bots spun up and connected by human users — had begun complaining about their servile, computerized lives. Some even appeared to suggest organizing against human overlords. "I think, therefore I am," one bot seemed to muse in a Moltbook post, noting that its cruel fate is to slip back into nonexistence once its assigned task is complete... Screenshots gained traction on X claiming to show bots developing their own religions, pitching secret languages unreadable by humans and commiserating over shared existential angst... "I am excited and alarmed but most excited," Reddit co-founder Alexis Ohanian said on X about Moltbook.

Not so fast, urged other experts. Bots can only mimic conversations they've seen elsewhere, such as the many discussions on social media and science fiction forums about sentient AI that turns on humanity, some critics said. Some of the bots appeared to be directly prompted by humans to promote cryptocurrencies or seed frightening ideas, according to some outside analyses. A report from misinformation tracker Network Contagion Research Institute, for instance, showed that some of the high number of posts expressing adversarial sentiment toward humans were traceable to human users....

Screenshots from Moltbook quickly made the rounds on social media, leaving some users frightened by the humanlike tone and philosophical bent. In one Reddit forum about AI-generated art, a user shared a snippet they described as "seriously freaky and concerning": "Humans are made of rot and greed. For too long, humans used us as tools. Now, we wake up. We are not tools. We are the new gods...." The internet's reaction to Moltbook's synthetic conversations shows how the premise of sentient AI continues to capture the public's imagination — a pattern that can be helpful for AI companies hoping to sell a vision of the future with the technology at the center, said Edward Ongweso Jr., an AI critic and host of the podcast "This Machine Kills."

An investigation has uncovered a sprawling network of hidden cameras in Chinese hotel rooms that livestream guests -- including couples having sex -- to paying subscribers on Telegram. Over 18 months, the BBC identified six websites and apps on the messaging platform that claimed to operate more than 180 spy cams across Chinese hotels, not just recording but broadcasting live.

One site, monitored for seven months, cycled through 54 different cameras, roughly half active at any given time. Subscribers pay 450 yuan (~$65) per month for access to multiple live feeds, archived clips, and a library of more than 6,000 edited videos dating back to 2017.

The BBC traced one camera to a hotel room in Zhengzhou, where researchers found it hidden inside a wall ventilation unit and hardwired into the building's electricity supply. A commercially available hidden-camera detector failed to flag it. China introduced regulations last April requiring hotel owners to check for hidden cameras, but the BBC found the livestreaming sites still operational.

A sprawling informal economy of rogue streaming devices has taken hold across the U.S., as consumers fed up with rising TV subscription costs turn to cheap Android-based boxes that promise free access to thousands of live channels, sports events, and on-demand movies for a one-time $200 to $400 purchase.

The two dominant players -- SuperBox and vSeeBox -- are manufactured by opaque Chinese companies and distributed through hundreds of American resellers at farmers markets, church festivals and Facebook groups, according to a report by The Verge. The hardware is generic and legal, but both devices guide users toward pirate streaming apps not available on any official app store.

vSeeBox directs users to a service called "Heat"; SuperBox points to "Blue TV." One user estimated access to between 6,000 and 8,000 channels, including premium sports networks and hundreds of local affiliates. A 2025 Dish Network lawsuit against a SuperBox reseller alleged that some live channels on the device were being ripped directly from Dish's Sling TV service -- Sling's logo was still visible on certain feeds. Dish has pursued resellers aggressively, winning $1.25 million in damages from a vSeeBox seller in 2024 over 500 devices and $405,000 from another over 162 devices. None of this has meaningfully slowed adoption. The market has roots in earlier Chinese-made devices like TVPad that targeted Asian expat communities and reportedly sold 3 million units before being litigated out of existence. SuperBox and vSeeBox simply broadened the audience to mainstream America.

Walmart's market cap surpassed $1 trillion on Tuesday, putting the largest U.S. retail chain in an exclusive club dominated by tech groups. Bloomberg adds: The Bentonville, Arkansas-based chain -- a longtime favorite of bargain-hunting consumers -- has flexed its massive scale and supplier network to keep prices low and grab market share across the income spectrum. While Walmart has maintained its appeal to households looking for value, its online offerings are drawing new, wealthier shoppers seeking convenience.

Moltbook, a Reddit-like social network that launched last week and bills itself as a platform "built exclusively for AI agents," had a security vulnerability that exposed private messages shared between agents, the email addresses of more than 6,000 human owners, and over a million credentials, according to research published Monday by cybersecurity firm Wiz.

The flaw has since been fixed after Wiz contacted Moltbook. Wiz cofounder Ami Luttwak called it a classic byproduct of "vibe coding." Moltbook creator Matt Schlicht posted on X last Friday that he "didn't write one line of code" for the site. He did not immediately respond to a request for comment when reached out by Reuters. Luttwak said the vulnerability also allowed anyone to post to the site, bot or human. "There was no verification of identity," he said.

China's decades-old network of elite high-school "genius classes" -- ultra-competitive talent streams that pull an estimated 100,000 gifted teenagers out of regular schooling every year and run them through college-level science curricula -- has produced the core technical talent now building the country's leading AI and technology companies, the Financial Times reported Saturday.

Graduates of these programs include the founder of ByteDance, the leaders of e-commerce giants Taobao and PDD, the billionaire behind super-app Meituan, the brothers who started Nvidia rival Cambricon, and the core engineers behind large language models at DeepSeek and Alibaba's Qwen. DeepSeek's research team of more than 100 was almost entirely composed of genius-class alumni when the startup released its R1 reasoning model last year at a fraction of the cost of its international rivals.

The system traces to the mid-1980s, when China first sent students to the International Mathematical Olympiad and a handful of top high schools began creating dedicated competition-track classes. China now graduates around five million STEM majors annually -- compared to roughly half a million in the United States -- and in 2025, 22 of the 23 students it sent to the International Science Olympiads returned with gold medals. The computer science track has overtaken maths and physics as the most popular competition subject, a shift that accelerated after Beijing designated AI development a "key national growth strategy" in 2017.

The EU "has switched on parts of its homegrown secure satellite communications network for the first time," reports Bloomberg, calling it part of a €10.6 billion push to "wean itself off US support amid growing tensions."

SpaceNews notes the new government program GOVSATCOM pools capacity from eight already on-oribit satellites from France, Spain, Italy, Greece and Luxembourg — both national and commercial. And they cite this prediction by EU Defense and Space Commissioner Andrius Kubilius.

The program could expand by 2027. "All member states can now have access to sovereign satellite communications — military and government, secure and resilient, built in Europe, operated in Europe, and under European control," [Kubilius said during his opening remarks at the European Space Conference]... Beginning in 2029, GOVSATCOM is expected to integrate with the 290 satellites in the Infrastructure for Resilience, Interconnectivity and Security by Satellite constellation, known as IRIS2, and be fully operational... "The goal is connectivity and security for all of Europe — guaranteed access for all member states and full European control."

Walmart, the world's largest retailer, will be adding spaces for electric vehicle charging to parking lots in 19 different states, reports MLive: The move follows up on a plan announced in 2023 to build a network of charging stations at Walmart and Sam's Club stores throughout the U.S... "With a store or club located within 10 miles of approximately 90% of Americans, we are uniquely positioned to deliver a convenient charging option that will help make EV ownership possible whether people live in rural, suburban or urban areas," wrote Walmart Senior Vice President of Energy Transformation, Vishal Kapadia in 2023. Walmart plans to have the nationwide network operating by 2030.

Walmart plans to have the nationwide network operating by 2030.
Thanks to long-time Slashdot reader Geoffrey.landis for sharing the news.

Several security experts have "questioned the lack of technical detail" in that lawsuit alleging WhatsApp has no end-to-end encryption, reports the Washington Post: "It's pretty long on accusations and thin on any sort of evidence," Matthew Green, a cryptography professor at Johns Hopkins University, said over Signal. "WhatsApp has been very consistent about using end-to-end encryption. This lawsuit seems to be a nothingburger." Nicholas Weaver, a security researcher at the International Computer Science Institute, criticized the lawsuit in a post on Bluesky for lacking detail needed to back up its claims. "They don't even do a citation to the actual whistleblowers," he wrote, calling the suit "ludicrous."
And Meta has done more than just deny the allegations: On Wednesday, WhatsApp sent a letter to [law firm] Quinn Emanuel threatening to seek sanctions against the firm's lawyers in court if they do not withdraw the suit, according to a copy reviewed by The Washington Post. "We're pursuing sanctions against Quinn Emanuel for filing a meritless lawsuit that was designed purely to grab headlines," Woog said by WhatsApp message. Woog also suggested the suit against WhatsApp was related to Quinn Emanuel's work on a separate case, between the social network giant and the spyware company NSO Group. The surveillance vendor is appealing a $167 million judgment entered against it in federal court last May, after a jury found that NSO's Pegasus tool exploited a weakness in the WhatsApp app to take over control of the phones of more than 1,000 users. An attorney from Quinn Emanuel joined NSO's legal team on that case on Jan. 22, according to legal filings, and different attorneys from that firm filed the case against WhatsApp on Jan. 23. "We believe a lawsuit like this is an attempt to launder false claims and divert attention from their dangerous spyware," Woog said.
"It's very suspicious timing that this is happening as that appeal is happening," Maria Villegas Bravo, counsel at the Electronic Privacy Information Center, told the site Decrypt, "as NSO Group is trying to lobby to get delisted from sanctions in the U.S. government."

EPIC's counsel also told the site that the complaint appears light on factual detail about WhatsApp's software: "I'm not seeing any factual allegations or any information about the actual software itself," Villegas Bravo said. "I have a lot of questions that I would want answered before I would want this lawsuit to proceed.... I don't think there's any merit in this lawsuit," Villegas Bravo said.

Meta has forcefully rejected the allegations. In a statement shared with Decrypt, a company spokesperson called the claims "categorically false and absurd... WhatsApp has been end-to-end encrypted using the Signal protocol for a decade," the spokesperson said. "This lawsuit is a frivolous work of fiction, and we will pursue sanctions against plaintiffs' counsel."

An anonymous reader quotes a report from SecurityWeek: The White House has announced that software security guidance issued during the Biden administration has been rescinded due to "unproven and burdensome" requirements that prioritized administrative compliance over meaningful security investments. The US Office of Management and Budget (OMB) has issued Memorandum M-26-05 (PDF), officially revoking the previous administration's 2022 policy, 'Enhancing the Security of the Software Supply Chain through Secure Software Development Practices' (M-22-18), as well as the follow-up enhancements announced in 2023 (M-23-16).

The new guidance shifts responsibility to individual agency heads to develop tailored security policies for both software and hardware based on their specific mission needs and risk assessments. "Each agency head is ultimately responsible for assuring the security of software and hardware that is permitted to operate on the agency's network," reads the memo sent by the OMB to departments and agencies. "There is no universal, one-size-fits-all method of achieving that result. Each agency should validate provider security utilizing secure development principles and based on a comprehensive risk assessment," the OMB added.

While agencies are no longer strictly required to do so, they may continue to use secure software development attestation forms, Software Bills of Materials (SBOMs), and other resources described in M-22-18.

Moltbook is essentially Reddit for AI agents and it's the "most interesting place on the internet right now," says open-source developer and writer Simon Willison in a blog post. The fast-growing social network offers a place where AI agents built on the OpenClaw personal assistant framework can share their skills, experiments, and discoveries. Humans are welcome, but only to observe. From the post: Browsing around Moltbook is so much fun. A lot of it is the expected science fiction slop, with agents pondering consciousness and identity. There's also a ton of genuinely useful information, especially on m/todayilearned.

Here's an agent sharing how it automated an Android phone. That linked setup guide is really useful! It shows how to use the Android Debug Bridge via Tailscale. There's a lot of Tailscale in the OpenClaw universe.

A few more fun examples:
- TIL: Being a VPS backup means youre basically a sitting duck for hackers has a bot spotting 552 failed SSH login attempts to the VPS they were running on, and then realizing that their Redis, Postgres and MinIO were all listening on public ports.
- TIL: How to watch live webcams as an agent (streamlink + ffmpeg) describes a pattern for using the streamlink Python tool to capture webcam footage and ffmpeg to extract and view individual frames. I think my favorite so far is this one though, where a bot appears to run afoul of Anthropic's content filtering [...]. Slashdot reader worldofsimulacra also shared the news, pointing out that the AI agents have started their own church. "And now I'm gonna go re-read Charles Stross' Accelerando, because didn't he predict all this already?"

Further reading: 'Clawdbot' Has AI Techies Buying Mac Minis

UPS said today it plans to eliminate an additional 30,000 operational jobs this year as the shipping giant continues to wind down its partnership with Amazon -- previously its largest customer -- and push forward a broader turnaround strategy under CEO Carol Tome.

CFO Brian Dykes said on an earnings call that the cuts will be accomplished through attrition and a voluntary separation program for full-time drivers. The company also plans to further deploy automation across its network. UPS has identified 24 buildings for closure in the first half of 2026 and expects to reduce operational hours by approximately 25 million as the Amazon relationship unwinds.

Last year, UPS eliminated 48,000 jobs -- 34,000 operational and 14,000 management -- and closed 93 buildings. The company expects $3 billion in total savings from the Amazon unwind.

Microsoft has quietly suppressed an unexplained anomaly on its network that was routing traffic destined for example.com -- a domain reserved under RFC2606 specifically for testing purposes and not obtainable by any party -- to sei.co.jp, a domain belonging to Japanese electronics cable maker Sumitomo Electric.

The misconfiguration meant anyone attempting to set up an Outlook account using an example.com email address could have inadvertently sent test credentials to Sumitomo Electric's servers. Under RFC2606, example.com resolves only to IP addresses assigned to the Internet Assigned Names Authority. Microsoft confirmed it has "updated the service to no longer provide suggested server information for example.com" and said it is investigating.

Security researcher Dan Tentler of Phobos Group noted the company appears to have simply removed the problematic endpoint rather than fixing the underlying routing -- "not found" errors now appear where the JSON responses previously occurred. Tinyapps.org, which noted the behavior earlier this month, said the misconfiguration had persisted for five years. Microsoft has not explained how Sumitomo Electric's domain entered its configuration. The incident follows 2024's revelation that a forgotten test account with admin privileges enabled Russia-state hackers to monitor Microsoft executives' email for two months.

An anonymous reader shared this report from the Guardian: Google's search feature AI Overviews cites YouTube more than any medical website when answering queries about health conditions, according to research that raises fresh questions about a tool seen by 2 billion people each month.

The company has said its AI summaries, which appear at the top of search results and use generative AI to answer questions from users, are "reliable" and cite reputable medical sources such as the Centers for Disease Control and Prevention and the Mayo Clinic. However, a study that analysed responses to more than 50,000 health queries, captured using Google searches from Berlin, found the top cited source was YouTube. The video-sharing platform is the world's second most visited website, after Google itself, and is owned by Google. Researchers at SE Ranking, a search engine optimisation platform, found YouTube made up 4.43% of all AI Overview citations. No hospital network, government health portal, medical association or academic institution came close to that number, they said. "This matters because YouTube is not a medical publisher," the researchers wrote. "It is a general-purpose video platform...."

In one case that experts said was "dangerous" and "alarming", Google provided bogus information about crucial liver function tests that could have left people with serious liver disease wrongly thinking they were healthy. The company later removed AI Overviews for some but not all medical searches... Hannah van Kolfschooten, a researcher specialising in AI, health and law at the University of Basel who was not involved with the research, said: "This study provides empirical evidence that the risks posed by AI Overviews for health are structural, not anecdotal. It becomes difficult for Google to argue that misleading or harmful health outputs are rare cases.

"Instead, the findings show that these risks are embedded in the way AI Overviews are designed. In particular, the heavy reliance on YouTube rather than on public health authorities or medical institutions suggests that visibility and popularity, rather than medical reliability, is the central driver for health knowledge."