Federal prosecutors have revealed that Peter Williams, the former general manager of U.S. defense contractor L3Harris's hacking tools division Trenchant, sold eight stolen software exploits to a Russian broker whose customers -- including the Russian government -- could have used them to access "millions of computers and devices around the world."

Williams, a 39-year-old Australian national, pleaded guilty in October and admitted to earning more than $1.3 million in cryptocurrency from the sales between 2022 and 2025. In a sentencing memorandum filed Tuesday ahead of his anticipated February 24 sentencing in a Washington, D.C., federal court, the Justice Department asked the judge for nine years in prison, $35 million in restitution, and a maximum fine of $250,000.

Prosecutors described the unnamed Russian buyer -- believed to be Operation Zero, which publicly claims to sell only to the Russian government -- as "one of the world's most nefarious exploit brokers." Williams chose it because, by his own admission, "he knew they paid the most." He also oversaw the wrongful firing of a subordinate who was blamed for the theft.

Microsoft has begun automatically replacing the original Secure Boot security certificates on Windows devices through regular monthly updates, a necessary move given that the 15-year-old certificates first issued in 2011 are set to expire between late June and October 2026.

Secure Boot, which verifies that only trusted and digitally signed software runs before Windows loads, became a hardware requirement for Windows 11. A new batch of certificates was issued in 2023 and already ships on most PCs built since 2024; nearly all devices shipped in 2025 include them by default. Older hardware is now receiving the updated certificates through Windows Update, starting last month's KB5074109 release for Windows 11. Devices that don't receive the new certificates before expiration will still function but enter what Microsoft calls a "degraded security state," unable to receive future boot-level protections and potentially facing compatibility issues down the line.

Windows 10 users must enroll in Microsoft's paid Extended Security Updates program to get the new certificates. A small number of devices may also need a separate firmware update from their manufacturer before the Windows-delivered certificates can be applied.

The software and technology sectors pose one of the all-time great concentration risks to the speculative-grade credit market, according to Deutsche Bank AG analysts. Bloomberg: They comprise $597 billion and $681 billion of the speculative-grade credit universe, or about 14% and 16% respectively, analysts led by Steve Caprio wrote in a Monday note. Speculative debt spans high-yield debt, leveraged loans and US private credit.

That's "a meaningful chunk of debt outstanding that risks souring broader sentiment, if software defaults increase," the analysts wrote, with "a potential impact that would rival that of the Energy sector in 2016." Unlike in 2016, pressures would likely first emerge in private credit, business development companies and leveraged loans, with the high-yield market weakening later, the analysts added.

The rapid adoption of artificial intelligence tools risks further weighing down multiples and revenues for software-as-a-service firms, while the US Federal Reserve's hawkish stance since 2022 has pressured cash flows, the analysts wrote. For instance, software payment-in-kind loan usage has risen to 11.3% in BDC portfolios, over 2.5 percentage points higher than the already elevated index average of 8.7%, according to Deutsche. PIK deals typically allow borrowers to pay interest in more debt rather than cash.

Autodesk has sued Google in San Francisco federal court, alleging the search giant infringed its "Flow" trademark by launching competing AI-powered software for movie, TV and video game production in May 2025.

Autodesk says it has used the Flow name since September 2022 and that Google assured it would not commercialize a product under the same name -- then filed a trademark application in Tonga, where filings are not publicly accessible, before seeking U.S. protection.

"How Chinese is your car?" asks the Wall Street Journal. "Automakers are racing to work it out." Modern cars are packed with internet-connected widgets, many of them containing Chinese technology. Now, the car industry is scrambling to root out that tech ahead of a looming deadline, a test case for America's ability to decouple from Chinese supply chains. New U.S. rules will soon ban Chinese software in vehicle systems that connect to the cloud, part of an effort to prevent cameras, microphones and GPS tracking in cars from being exploited by foreign adversaries.

The move is "one of the most consequential and complex auto regulations in decades," according to Hilary Cain, head of policy at trade group the Alliance for Automotive Innovation. "It requires a deep examination of supply chains and aggressive compliance timelines."

Carmakers will need to attest to the U.S. government that, as of March 17, core elements of their products don't contain code that was written in China or by a Chinese company. The rule also covers software for advanced autonomous driving and will be extended to connectivity hardware starting in 2029. Connected cars made by Chinese or China-controlled companies are also banned, wherever their software comes from...

The Commerce Department's Bureau of Industry and Security, which introduced the connected-vehicle rule, is also allowing the use of Chinese code that is transferred to a non-Chinese entity before March 17. That carve-out has sparked a rush of corporate restructuring, according to Matt Wyckhouse, chief executive of cybersecurity firm Finite State. Global suppliers are relocating China-based software teams, while Chinese companies are seeking new owners for operations in the West.
Thanks to long-time Slashdot reader schwit1 for sharing the article.

Axios reports: Anthropic's latest AI model has found more than 500 previously unknown high-severity security flaws in open-source libraries with little to no prompting, the company shared first with Axios.

Why it matters: The advancement signals an inflection point for how AI tools can help cyber defenders, even as AI is also making attacks more dangerous...

Anthropic debuted Claude Opus 4.6, the latest version of its largest AI model, on Thursday. Before its debut, Anthropic's frontier red team tested Opus 4.6 in a sandboxed environment [including access to vulnerability analysis tools] to see how well it could find bugs in open-source code... Claude found more than 500 previously unknown zero-day vulnerabilities in open-source code using just its "out-of-the-box" capabilities, and each one was validated by either a member of Anthropic's team or an outside security researcher... According to a blog post, Claude uncovered a flaw in GhostScript, a popular utility that helps process PDF and PostScript files, that could cause it to crash. Claude also found buffer overflow flaws in OpenSC, a utility that processes smart card data, and CGIF, a tool that processes GIF files.
Logan Graham, head of Anthropic's frontier red team, told Axios they're considering new AI-powered tools to hunt vulnerabilities. "The models are extremely good at this, and we expect them to get much better still... I wouldn't be surprised if this was one of — or the main way — in which open-source software moving forward was secured."

Apple "is preparing to allow voice-controlled AI apps from other companies in CarPlay," reports Bloomberg, citing "people familiar with the matter."

Bloomberg calls it "a move that will let users query AI chatbots through its vehicle interface for the first time." The company is working to support the apps in CarPlay within the coming months, said the people, who asked not to be identified because the plan hasn't been announced. The change marks a strategic shift for Apple, which until now has only allowed its own Siri assistant as a voice-control option within its popular vehicle infotainment software. With the move, AI providers such as OpenAI, Anthropic PBC and Alphabet Inc.'s Google will be able to release CarPlay versions of their apps that include a voice-control mode...

The company also has launched a higher-end version of the platform, CarPlay Ultra, that lets drivers control functions like seat adjustments and climate settings directly through Apple's software. But that system is rolling out slowly and must be customized for each automaker. That means it's likely to be a niche offering.
The article notes that Tesla is now working to support Apple's CarPlay.

About 4% of all public commits on GitHub are now being authored by Anthropic's Claude Code, a terminal-native AI coding agent that has quickly become the centerpiece of a broader argument that software engineering is being fundamentally reshaped by AI.

SemiAnalysis, a semiconductor and AI research firm, published a report on Friday projecting that figure will climb past 20% by the end of 2026. Claude Code is a command-line tool that reads codebases, plans multi-step tasks and executes them autonomously. Anthropic's quarterly revenue additions have overtaken OpenAI's, according to SemiAnalysis's internal economic model, and the firm believes Anthropic's growth is now constrained primarily by available compute.

Accenture has signed on to train 30,000 professionals on Claude, the largest enterprise deployment so far, targeting financial services, life sciences, healthcare and the public sector. On January 12, Anthropic launched Cowork, a desktop-oriented extension of the same agent architecture -- four engineers built it in 10 days, and most of the code was written by Claude Code itself.

Waymo's robotaxis have racked up at least 24 safety violations involving school buses in Austin since the start of the 2025 school year, and a voluntary software recall the company issued in December after a federal investigation has not fixed the problem.

Austin Independent School District initially reported at least 19 incidents of Waymo vehicles failing to stop for buses during loading and unloading -- illegal in all 50 states -- prompting NHTSA to open a probe. At least four more violations have occurred since the software update, including a January 19th incident where a robotaxi drove past a bus as children waited to cross the street and the stop arm was extended.

Waymo also acknowledged that one of its vehicles struck a child outside a Santa Monica elementary school on January 23rd, causing minor injuries. Austin ISD has asked Waymo to stop operating near schools during bus hours until the issue is resolved. Waymo refused. Three federal investigations have been opened in three months.

The European Commission is preparing to trial a communications platform built on Matrix, the open source messaging protocol already used by the French government, German healthcare providers and European armed forces, as a sovereign backup to Microsoft Teams.

Signal currently serves as the backup tool but has proven too inflexible for an organization the Commission's size, it said. The Matrix-based solution could also eventually connect the Commission to other EU bodies like the Parliament.

Anthropic on Thursday released Claude Opus 4.6, its most capable model yet, at a moment when the company's AI tools have already spooked markets over fears that they are disrupting traditional software development and other sectors.

The new model improves on Opus 4.5's coding abilities, the company said -- it plans more carefully, sustains longer agentic tasks, handles larger codebases more reliably, and catches its own mistakes through better debugging. It is also the first Opus-class model to feature a 1M token context window, currently in beta.

On GDPval-AA, an independent benchmark measuring performance on knowledge-work tasks in finance, legal and other domains, Opus 4.6 outperformed OpenAI's GPT-5.2 by roughly 144 Elo points. Anthropic also introduced agent teams in Claude Code, allowing multiple agents to work in parallel on tasks like codebase reviews. Pricing remains at $5/$25 per million input/output tokens.

BMW may have retreated from its controversial plan to charge monthly fees for heated seats, but the German automaker is pressing ahead with subscription-based vehicle features through its ConnectedDrive platform.

A company spokesperson told The Drive that BMW "remains fully committed" to ConnectedDrive as part of its global aftersales strategy. Features requiring data connectivity will likely carry recurring fees.

Investors were assessing on Wednesday whether a selloff in global software stocks this week had gone too far, as they weighed if businesses could survive an existential threat posed by AI. The answer: It's unclear and will lead to volatility. From a report: After a broad selloff on Tuesday that saw the S&P 500 software and services index fall nearly 4%, the sector slipped another 1% on Wednesday. While software stocks have been under pressure in recent months as AI has gone from being a tailwind for many of these companies to investors worrying about the disruption it will cause to some sectors, the latest selloff was triggered by a new legal tool from Anthropic's Claude large language model (LLM).

The tool - a plug-in for Claude's agent for tasks across legal, sales, marketing and data analysis - underscored the push by LLMs into the so-called "application layer," where these firms are increasingly muscling into lucrative enterprise businesses for revenue they need to fund massive investments. If successful, investors worry, it could wreak havoc across a range of industries, from finance to law and coding.

Google's much-anticipated plan to merge Android and ChromeOS into a single operating system called Aluminium is shaping up to be a drawn-out, complicated transition that could leave existing Chromebook users behind, according to previously unreported court documents in the Google search antitrust case.

The new OS won't be compatible with all existing Chromebook hardware, and Google will be forced to maintain ChromeOS through at least 2033 to honor its 10-year support commitment to current users -- meaning two parallel operating systems running for years.

The timeline itself is messier than Google has let on publicly, the filings suggest. Sameer Samat, Google's head of Android, called the merger "something we're super excited about for next year" last September, but court filings describe the "fastest path" to market as offering Aluminium to "commercial trusted testers" in late 2026 before a full release in 2028.

Enterprise and education customers -- the segments where Chromebooks currently dominate -- are slated for 2028 as well. Columbia computer science professor Jason Nieh, who interviewed Google engineers as a witness in the case, testified that Aluminium requires a heavier software stack and more powerful hardware to run.

Four economists across Central European University, Bielefeld University and the Kiel Institute have built a general equilibrium model of the open-source software ecosystem and concluded that vibe coding -- the increasingly common practice of letting AI agents select, assemble and modify packages on a developer's behalf -- erodes the very funding mechanism that keeps open-source projects alive.

The core problem is a decoupling of usage from engagement. Tailwind CSS's npm downloads have climbed steadily, but its creator says documentation traffic is down about 40% since early 2023 and revenue has dropped close to 80%. Stack Overflow activity fell roughly 25% within six months of ChatGPT's launch. Open-source maintainers monetize through documentation visits, bug reports, and community interaction. AI agents skip all of that.

The model finds that feedback loops once responsible for open source's explosive growth now run in reverse. Fewer maintainers can justify sharing code, variety shrinks, and average quality falls -- even as total usage rises. One proposed fix is a "Spotify for open source" model where AI platforms redistribute subscription revenue to maintainers based on package usage. Vibe-coded users need to contribute at least 84% of what direct users generate, or roughly 84% of all revenue must come from sources independent of how users access the software.

Adobe has emailed users of Adobe Animate to let them know the popular animation and game development program will be discontinued on March 1, an abrupt decision that has angered animators and game developers who say the tool remains an industry standard in television and game production.

Animate, the successor to the once-popular Flash, is widely used for graphic creation, animation and building games in HTML5. The company has not offered a reason for the shutdown. On BlueSky, artist and animator Julia Glassman wrote that many television productions, games, and animated media still rely on Animate and Flash pipelines and cannot simply pivot to entirely new software.

"Most Go developers are now using AI-powered development tools when seeking information (e.g., learning how to use a module) or toiling (e.g., writing repetitive blocks of similar code)." That's one of the conclusions Google's Go team drew from September's big survey of 5,379 Go developers.

But the survey also found that among Go developers using AI-powered tools, "their satisfaction with these tools is middling due, in part, to quality concerns." Our survey suggests bifurcated adoption — while a majority of respondents (53%) said they use such tools daily, there is also a large group (29%) who do not use these at all, or only used them a few times during the past month. We expected this to negatively correlate with age or development experience, but were unable to find strong evidence supporting this theory except for very new developers: respondents with less than one year of professional development experience (not specific to Go) did report more AI use than every other cohort, but this group only represented 2% of survey respondents. At this time, agentic use of AI-powered tools appears nascent among Go developers, with only 17% of respondents saying this is their primary way of using such tools, though a larger group (40%) are occasionally trying agentic modes of operation...

We also asked about overall satisfaction with AI-powered development tools. A majority (55%) reported being satisfied, but this was heavily weighted towards the "Somewhat satisfied" category (42%) vs. the "Very satisfied" group (13%)... [D]eveloper sentiment towards them remains much softer than towards more established tooling (among Go developers, at least). What is driving this lower rate of satisfaction? In a word: quality. We asked respondents to tell us something good they've accomplished with these tools, as well as something that didn't work out well. A majority said that creating non-functional code was their primary problem with AI developer tools (53%), with 30% lamenting that even working code was of poor quality.

The most frequently cited benefits, conversely, were generating unit tests, writing boilerplate code, enhanced autocompletion, refactoring, and documentation generation. These appear to be cases where code quality is perceived as less critical, tipping the balance in favor of letting AI take the first pass at a task. That said, respondents also told us the AI-generated code in these successful cases still required careful review (and often, corrections), as it can be buggy, insecure, or lack context... [One developer said reviewing AI-generated code was so mentally taxing that it "kills the productivity potential".]

Of all the tasks we asked about, "Writing code" was the most bifurcated, with 66% of respondents already or hoping to soon use AI for this, while 1/4 of respondents didn't want AI involved at all. Open-ended responses suggest developers primarily use this for toilsome, repetitive code, and continue to have concerns about the quality of AI-generated code.
Most respondents also said they "are not currently building AI-powered features into the Go software they work on (78%)," the surveyors report, "with 2/3 reporting that their software does not use AI functionality at all (66%)." This appears to be a decrease in production-related AI usage year-over-year; in 2024, 59% of respondents were not involved in AI feature work, while 39% indicated some level of involvement. That marks a shift of 14 points away from building AI-powered systems among survey respondents, and may reflect some natural pullback from the early hype around AI-powered applications: it's plausible that lots of folks tried to see what they could do with this technology during its initial rollout, with some proportion deciding against further exploration (at least at this time).

Among respondents who are building AI- or LLM-powered functionality, the most common use case was to create summaries of existing content (45%). Overall, however, there was little difference between most uses, with between 28% — 33% of respondents adding AI functionality to support classification, generation, solution identification, chatbots, and software development.

Long-time Slashdot reader destinyland writes: Just months after his 20th birthday, Bill Gates had already angered the programmer community," remembers this 50th-anniversary commemoration of Gates' Open Letter to Hobbyists. "As the first home computers began appearing in the 1970s, the world faced a question: Would its software be free?"

Gates railed in 1976 that "Most of you steal your software." Gates had coded the BASIC interpreter for Altair's first home computer with Paul Allen and Monte Davidoff — only to see it pirated by Steve Wozniak's friends at the Homebrew Computing Club. Expecting royalties, a none-too-happy Gates issued his letter in the club's newsletter (as well as Altair's own publication), complaining "I would appreciate letters from any one who wants to pay up."

But freedom-loving coders had other ideas. When Steve Wozniak and Steve Jobs released their Apple 1 home computer that summer, they stressed that "our philosophy is to provide software for our machines free or at minimal cost..." And early open-source hackers began writing their own free Tiny Basic interpreters to create a free alternative to the Gates/Micro-Soft code. This led to the first occurrence of the phrase "Copyleft" in October of 1976.

Open Source definition author Bruce Perens shares his thoughts today. "When I left Pixar in 2000, I stopped in Steve Job's office — which for some reason was right across the hall from mine... " Perens remembered. "I asked Steve: 'You still don't believe in this Linux stuff, do you...?'" And Perens remembers how that movement finally won over Steve Jobs and carried the day. "Three years later, Steve stood onstage in front of a slide that said 'Open Source: We Think It's Great!' as he introduced the Safari browser, which at that time was based on the browser engine developed by the KDE Open Source project!"

Several security experts have "questioned the lack of technical detail" in that lawsuit alleging WhatsApp has no end-to-end encryption, reports the Washington Post: "It's pretty long on accusations and thin on any sort of evidence," Matthew Green, a cryptography professor at Johns Hopkins University, said over Signal. "WhatsApp has been very consistent about using end-to-end encryption. This lawsuit seems to be a nothingburger." Nicholas Weaver, a security researcher at the International Computer Science Institute, criticized the lawsuit in a post on Bluesky for lacking detail needed to back up its claims. "They don't even do a citation to the actual whistleblowers," he wrote, calling the suit "ludicrous."
And Meta has done more than just deny the allegations: On Wednesday, WhatsApp sent a letter to [law firm] Quinn Emanuel threatening to seek sanctions against the firm's lawyers in court if they do not withdraw the suit, according to a copy reviewed by The Washington Post. "We're pursuing sanctions against Quinn Emanuel for filing a meritless lawsuit that was designed purely to grab headlines," Woog said by WhatsApp message. Woog also suggested the suit against WhatsApp was related to Quinn Emanuel's work on a separate case, between the social network giant and the spyware company NSO Group. The surveillance vendor is appealing a $167 million judgment entered against it in federal court last May, after a jury found that NSO's Pegasus tool exploited a weakness in the WhatsApp app to take over control of the phones of more than 1,000 users. An attorney from Quinn Emanuel joined NSO's legal team on that case on Jan. 22, according to legal filings, and different attorneys from that firm filed the case against WhatsApp on Jan. 23. "We believe a lawsuit like this is an attempt to launder false claims and divert attention from their dangerous spyware," Woog said.
"It's very suspicious timing that this is happening as that appeal is happening," Maria Villegas Bravo, counsel at the Electronic Privacy Information Center, told the site Decrypt, "as NSO Group is trying to lobby to get delisted from sanctions in the U.S. government."

EPIC's counsel also told the site that the complaint appears light on factual detail about WhatsApp's software: "I'm not seeing any factual allegations or any information about the actual software itself," Villegas Bravo said. "I have a lot of questions that I would want answered before I would want this lawsuit to proceed.... I don't think there's any merit in this lawsuit," Villegas Bravo said.

Meta has forcefully rejected the allegations. In a statement shared with Decrypt, a company spokesperson called the claims "categorically false and absurd... WhatsApp has been end-to-end encrypted using the Signal protocol for a decade," the spokesperson said. "This lawsuit is a frivolous work of fiction, and we will pursue sanctions against plaintiffs' counsel."

After more than 30 years of development, GNU gettext finally "crossed the symbolic 'v1.0' milestone," according to Phoronix's Michael Larabel. "GNU gettext 1.0 brings PO file handling improvements, a new 'po-fetch' program to fetch translated PO files from a translation project's site on the Internet, new 'msgpre' and 'spit' pre-translation programs, and Ocaml and Rust programming language improvements." From the report: With this v1.0 release in 2026, the "msgpre" and "spit" programs do involve.... Large Language Models (LLMs) in the era of AI: "Two new programs, 'msgpre' and 'spit', are provided, that implement machine translation through a locally installed Large Language Model (LLM). 'msgpre' applies to an entire PO file, 'spit' to a single message."

And when dealing with LLMs, added documentation warns users to look out for the licensing of the LLM in the spirit of free software. More details on the GNU gettext 1.0 changes via the NEWS file. GNU gettext 1.0 can be downloaded from GNU.org.