An anonymous reader quotes a report from Ars Technica: Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail. The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips' use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program. [...]

The researchers published a list of mitigations they believe will address the vulnerabilities allowing both the FLOP and SLAP attacks. They said that Apple officials have indicated privately to them that they plan to release patches. In an email, an Apple representative declined to say if any such plans exist. "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," the spokesperson wrote. "Based on our analysis, we do not believe this issue poses an immediate risk to our users." FLOP, short for Faulty Load Operation Predictor, exploits a vulnerability in the Load Value Predictor (LVP) found in Apple's A- and M-series chipsets. By inducing the LVP to predict incorrect memory values during speculative execution, attackers can access sensitive information such as location history, email content, calendar events, and credit card details. This attack works on both Safari and Chrome browsers and affects devices including Macs (2022 onward), iPads, and iPhones (September 2021 onward). FLOP requires the victim to interact with an attacker's page while logged into sensitive websites, making it highly dangerous due to its broad data access capabilities.

SLAP, on the other hand, stands for Speculative Load Address Predictor and targets the Load Address Predictor (LAP) in Apple silicon, exploiting its ability to predict memory locations. By forcing LAP to mispredict, attackers can access sensitive data from other browser tabs, such as Gmail content, Amazon purchase details, and Reddit comments. Unlike FLOP, SLAP is limited to Safari and can only read memory strings adjacent to the attacker's own data. It affects the same range of devices as FLOP but is less severe due to its narrower scope and browser-specific nature. SLAP demonstrates how speculative execution can compromise browser process isolation.

chicksdaddy share a report from the Security Ledger: Vulnerabilities in Subaru's STARLINK telematics software enabled two, independent security researchers to gain unrestricted access to millions of Subaru vehicles deployed in the U.S., Canada and Japan. In a report published Thursday researchers Sam Curry and Shubham Shah revealed a now-patched flaw in Subaru's STARLINK connected vehicle service that allowed them to remotely control Subarus and access vehicle location information and driver data with nothing more than the vehicle's license plate number, or easily accessible information like the vehicle owner's email address, zip code and phone number. (Note: Subaru STARLINK is not to be confused with the Starlink satellite-based high speed Internet service.)

[Curry and Shah downloaded a year's worth of vehicle location data for Curry's mother's 2023 Impreza (Curry bought her the car with the understanding that she'd let him hack it.) The two researchers also added themselves to a friend's STARLINK account without any notification to the owner and used that access to remotely lock and unlock the friend's Subaru.] The details of Curry and Shah's hack of the STARLINK telematics system bears a strong resemblance to hacks documented in his 2023 report Web Hackers versus the Auto Industry as well as a September, 2024 discovery of a remote access flaw in web-based applications used by KIA automotive dealers that also gave remote attackers the ability to steal owners' personal information and take control of their KIA vehicle. In each case, Curry and his fellow researchers uncovered publicly accessible connected vehicle infrastructure intended for use by [employees and dealers was found to be trivially vulnerable to compromise and lack even basic protections around account creation and authentication].

Meta's AI chatbot will now use personal data from users' Facebook and Instagram accounts for personalized responses in the United States and Canada, the company said in a blog post. The upgraded Meta AI can remember user preferences from previous conversations across Facebook, Messenger, and WhatsApp, such as dietary choices and interests. CEO Mark Zuckerberg said the feature helps create personalized content like bedtime stories based on his children's interests. Users cannot opt out of the data-sharing feature, a Meta spokesperson told TechCrunch.

"Looking for a quick fix for their fast-growing electricity diets, tech giants are increasingly looking to strike deals with power plant owners to plug in directly," reports the Associated Press, "avoiding a potentially longer and more expensive process of hooking into a fraying electric grid that serves everyone else." (It can take up to four years to connect a data center to the grid, one data center trade group says in the article — years longer than it takes to build a new data center.)

But the idea of bypassing the grid is "raising questions over whether diverting power to higher-paying customers will leave enough for others and whether it's fair to excuse big power users from paying for the grid." Front and center is the data center that Amazon's cloud computing subsidiary, Amazon Web Services, is building next to the Susquehanna nuclear plant in eastern Pennsylvania. The arrangement between the plant's owners and AWS — called a "behind the meter" connection — is the first such to come before the Federal Energy Regulatory Commission. For now, FERC has rejected a deal that could eventually send 960 megawatts — about 40% of the plant's capacity — to the data center. That's enough to power more than a half-million homes... [But the FERC's 2-1 rejection "was procedural. Recent comments by commissioners suggest they weren't ready to decide how to regulate such a novel matter without more study."]

In theory, the AWS deal would let Susquehanna sell power for more than they get by selling into the grid... The profit potential is one that other nuclear plant operators, in particular, are embracing after years of financial distress and frustration with how they are paid in the broader electricity markets. Many say they have been forced to compete in some markets against a flood of cheap natural gas as well as state-subsidized solar and wind energy. Power plant owners also say the arrangement benefits the wider public, by bypassing the costly buildout of long power lines and leaving more transmission capacity on the grid for everyone else...

Monitoring Analytics, the market watchdog in the mid-Atlantic grid, wrote in a filing to FERC that the impact would be "extreme" if the Susquehanna-AWS model were extended to all nuclear power plants in the territory. Energy prices would increase significantly and there's no explanation for how rising demand for power will be met even before big power plants drop out of the supply mix, it said.

This weekend Cory Doctorow delved into "the two factors that make services terrible: captive users, and no constraints." If your users can't leave, and if you face no consequences for making them miserable (not solely their departure to a competitor, but also fines, criminal charges, worker revolts, and guerrilla warfare with interoperators), then you have the means, motive and opportunity to turn your service into a giant pile of shit... Every economy is forever a-crawl with parasites and monsters like these, but they don't get to burrow into the system and colonize it until policymakers create rips they can pass through.
Doctorow argues that "more and more critics are coming to understand that lock-in is the root of the problem, and that anti-lock-in measures like interoperability can address it." Even more important than market discipline is government discipline, in the form of regulation. If Zuckerberg feared fines for privacy violations, or moderation failures, or illegal anticompetitive mergers, or fraudulent advertising systems that rip off publishers and advertisers, or other forms of fraud (like the "pivot to video"), he would treat his users better. But Facebook's rise to power took place during the second half of the neoliberal era, when the last shreds of regulatory muscle that survived the Reagan revolution were being devoured... But it's worse than that, because Zuckerberg and other tech monopolists figured out how to harness "IP" law to get the government to shut down third-party technology that might help users resist enshittification... [Doctorow says this is "why companies are so desperate to get you to use their apps rather than the open web"] IP law is why you can't make an alternative client that blocks algorithmic recommendations. IP law is why you can't leave Facebook for a new service and run a scraper that imports your waiting Facebook messages into a different inbox. IP law is why you can't scrape Facebook to catalog the paid political disinformation the company allows on the platform...
But then Doctorow argues that "Legacy social media is at a turning point," citing as "a credible threat" new systems built on open standards like Mastodon (built on Activitypub) and Bluesky (built on Atproto): I believe strongly in improving the Fediverse, and I believe in adding the long-overdue federation to Bluesky. That's because my goal isn't the success of the Fediverse — it's the defeat of enshtitification. My answer to "why spend money fixing Bluesky?" is "why leave 20 million people at risk of enshittification when we could not only make them safe, but also create the toolchain to allow many, many organizations to operate a whole federation of Bluesky servers?" If you care about a better internet — and not just the Fediverse — then you should share this goal, too... Mastodon has one feature that Bluesky sorely lacks — the federation that imposes antienshittificatory discipline on companies and offers an enshittification fire-exit for users if the discipline fails. It's long past time that someone copied that feature over to Bluesky.
Doctorow argues that federated and "federatable" social media "disciplines enshittifiers" by freeing social media's captive audiences.

"Any user can go to any server at any time and stay in touch with everyone else."

Earlier this month a major fire erupted at a California battery plant. But several factors contributed to its rapid spread, the fire district's chief told the Los Angeles Times: A fire suppression system that is part of every battery rack at the plant failed and led to a chain reaction of batteries catching on fire, he said at a news conference last week. Then, a broken camera system in the plant and superheated gases made it challenging for firefighters to intervene. Once the fire began spreading, firefighters were not able to use water, because doing so can trigger a violent chemical reaction in lithium-ion batteries, potentially causing more to ignite or explode.
The county's Board of Supervisors has now requested that the plant remain offline until an investigation is completed. A county supervisor told the newspaper "What we're doing with this technology is way ahead of government regulations and ahead of the industry's ability to control it."

And plans for a new battery storage site nearby are now being questioned, with an online petition to halt all new battery-storage facilities in the county drawing over 3,200 signatures. The fire earlier this month was the fourth at Moss Landing since 2019, and the third at buildings owned by Texas-based Vistra Energy... Already, the fire has prompted calls for additional safety regulations around battery storage, and more local control over where storage sites are located...

California Assemblymember Dawn Addis (D-Morro Bay) has introduced Assembly Bill 303 — the Battery Energy Safety & Accountability Act — which would require local engagement in the permitting process for battery or energy storage facilities, and establish a buffer to keep such sites a set distance away from sensitive areas like schools, hospitals and natural habitats... Gov. Gavin Newsom, a fierce advocate of clean energy, agrees an investigation is needed to determine the fire's cause and supports taking steps to make Moss Landing and similar facilities safer, his spokesperson Daniel Villaseñor said in a statement. Addis and two other state legislators sent a letter to the California Public Utilities Commission Thursday requesting an investigation.

"The Moss Landing facility has represented a pivotal piece of our state's energy future, however this disastrous fire has undermined the public's trust in utility scale lithium-ion battery energy storage systems," states the letter. "If we are to ensure California moves its climate and energy goals forward, we must demonstrate a steadfast commitment to safety..."

initial testing from the U.S. Environmental Protection Agency ruled that the levels of toxic gases released by the batteries, including hydrogen fluoride, did not pose a threat to public health during the fire. [The EPA says their monitoring "showed concentrations of particulate matter to be consistent with the air quality index throughout the Monterey Bay and San Francisco Bay regions, with no measurements exceeding the moderate air quality level... In addition to EPA's monitoring, Vistra Energy brought in a third-party environmental consultant with air monitoring expertise, right after the fire started"]

Still, many residents remain on edge about potential long-term impacts on the nearby communities of Watsonville, Castroville, Salinas and the ecologically sensitive Elkhorn Slough estuary.

Slashdot reader DevNull127 writes: "Every US intelligence agency still unanimously maintains that Covid-19 was not developed as a biological weapon," CNN reported today.

But what about the possibility of an accidental leak (rather than Covid-19 originating in wild animal meat from the Wuhan Market)? "The agency has for years said it did not have enough information to determine which origin theory was more likely."

CNN notes there's suddenly been a new announcement "just days" after the CIA's new director took the reins — former lawyer turned Republican House Representative John Ratcliffe. While the market-origin theory remains a possibility according to the CIA, CNN notes that Ratcliffe himself "has long favored the theory that the pandemic originated from research being done in China and vowed in an interview published in Breitbart on Thursday that he would make the issue a Day 1 priority."

"We have low confidence in this judgement," the CIA says in the complete text of its announcement, "and will continue to evaluate any available credible new intelligence reporting or open-source information that could change CIA's assessment."
After speaking to a U.S. official, CNN added these details about the assessment: It was not made based on new intelligence gathered by the US government — officials have long said such intelligence is unlikely to surface so many years later — and instead was reached after a review of existing information.

"CIA continues to assess that both research-related and natural origin scenarios of the COVID-19 pandemic remain plausible," a CIA spokesperson said in a statement Saturday.
CNN adds that "Many scientists believe the virus occurred naturally in animals and spread to humans in an outbreak at a market in Wuhan, China...."

A plan to keep TikTok available in the U.S. "involves tapping software company Oracle and a group of outside investors," reports NPR, "to effectively take control of the app's global operations, according to two people with direct knowledge of the talks..."

"[P]otential investors who are engaged in the talks include Microsoft." Under the deal now being negotiated by the White House, TikTok's China-based owner ByteDance would retain a minority stake in the company, but the app's algorithm, data collection and software updates will be overseen by Oracle, which already provides the foundation of TikTok's web infrastructure... "The goal is for Oracle to effectively monitor and provide oversight with what is going on with TikTok," said the person directly involved in the talks, who was not authorized to speak publicly about the deliberations. "ByteDance wouldn't completely go away, but it would minimize Chinese ownership...." Officials from Oracle and the White House held a meeting on Friday about a potential deal, and another meeting has been scheduled for next week, according to the source involved in the discussions, who said Oracle is interested in a TikTok stake "in the tens of billions," but the rest of the deal is in flux...

Under a law passed by Congress and upheld by the Supreme Court, TikTok must execute what is known as "qualified divestiture" from ByteDance in order to stay in business in the U.S... A congressional staffer involved in talks about TikTok's future, who was not authorized to speak publicly, said binding legal agreements from the White House ensuring ByteDance cannot covertly manipulate the app will prove critical in winning lawmakers' approval. "A key part is showing there is no operational relationship with ByteDance, that they do not have control," the Congressional staffer said. "There needs to be no backdoors where China can potentially gain access...."

Chinese regulators, who have for years opposed the selling of TikTok, recently signaled that they would not stand in the way of a TikTok ownership change, saying acquisitions "should be independently decided by the enterprises and based on market principles." The statement, at first, does not seem to say much, but negotiators in the White House believe it indicates that Beijing is not planning to block a deal that gives American investors a majority-stake position in the company.
"Meanwhile, Apple and Google still have not returned TikTok to app stores..."

"For years, renewable energy proponents have hoped to build a U.S. electric grid powered by wind, solar, geothermal and — to a lesser extent — nuclear power..." writes the Washington Post. In America's power markets "the economics of clean energy are strong," with renewable energy cheaper than fossil fuel plants in many jurisdictions.

But the Post spoke to the "electricity modeling" director at nonpartisan clean energy think tank Energy Innovation, who offered this assessment. "The technology is ready, and the financial services are ready — but the question nobody really put enough thought into was, could the government keep up? And at the moment, the answer is no." [R]enewable developers say that the new technologies are stymied by complicated local and federal regulations, a long wait to connect to the electricity grid, and community opposition... "The U.S. offshore wind business is at a very nascent stage versus Europe or China," Rob Barnett, a senior analyst at Bloomberg Intelligence, said in an email. "With the new permitting pause, it's doubtful much progress for this emerging industry will be made...." After the Inflation Reduction Act passed, Rhodium Group — an independent clean energy research firm — estimated that between 2023 and 2025, on average, the country would add between 36 and 46 gigawatts of clean electricity to the grid every year. Late last year, however, the group found that the country only installed around 27 gigawatts in 2023. The U.S.'s renewable growth is now expected to fall on the low end of that range — or miss it entirely.

"It actually is really hard to build a lot of this stuff fast," said Trevor Houser, partner in climate and energy at Rhodium Group. As a result, Rhodium found, the country only cut carbon emissions by 0.2 percent in 2024... A significant amount of this lag has come from wind power, where problems with supply chains and getting permits and approval to build has put a damper on development. But solar construction is also on the low end of what experts were expecting...

Developers point to lags in the interconnection queue — a system that gives new solar, wind or fossil fuel projects permission to connect to the larger electricity grid. According to a report from Lawrence Berkeley National Laboratory, it can now take nearly 3 years for a project to get through the queue. The grid operator that covers the Mid-Atlantic and parts of the Midwest, PJM, had over 3,300 projects in its queue at the end of 2023. The vast majority of these applications are for renewables — more than the entire number of active wind farms in the nation... There are possible solutions. Some developers hope to reuse old fossil fuel sites, like coal plants, that are already connected to the grid — bypassing the long queue entirely. The Federal Energy Regulatory Commission has instated new rules to make it easier to build transmission lines.
Part of the problem is that wind and solar facilities "sometimes need to be built hundreds or even thousands of miles away" — requiring long transmission lines. Sandhya Ganapathy, CEO of EDP Renewables North America, tells the Post that in America, "The grid that we have was never designed to handle this kind of load." And yet last year just 255 miles of new transmission line were built in the U.S., according to the American Clean Power Association. And Ganapathy also complains that approval for a new renewable energy project takes "anywhere between six to eight years" — which makes developers hesitant to build. "Why are we taking a big risk of a massive investment if I will not be able to sell the electrons?"

The end result? The Washington Post writes that "Experts once hoped that by the end of the decade the United States could generate up to 80 percent of its power with clean power... Now, some wonder if the country will be able to reach even 60 percent."

An anonymous reader quotes a report from Reuters: A U.S. auto safety agency said on Friday it is reconsidering a landmark rule from the administration of former President Joe Biden requiring nearly all new cars and trucks by 2029 to have advanced automatic emergency braking systems. The National Highway Traffic Safety Administration said it would delay the effective date to March 20 to give the new Trump administration time to further review the regulation.

The Alliance for Automotive Innovation, representing General Motors, Toyota Motor, Volkswagen and other automakers, last week filed suit to block the rule, saying the regulation is "practically impossible with available technology." The group asked the U.S. Court of Appeals for the District of Columbia to overturn the rule, saying the requirement that cars and trucks must be able to stop and avoid striking vehicles in front of them at up to 62 miles per hour (100 kph) is unrealistic. It unsuccessfully asked NHTSA last year to reconsider the rule. Come 2029, all cars sold in the U.S. "must be able to stop and avoid contact with a vehicle in front of them at speeds up to 62 mph," reports Car and Driver."

"Additionally, the system must be able to detect pedestrians in both daylight and darkness. As a final parameter, the federal standard will require the system to apply the brakes automatically up to 90 mph when a collision is imminent, and up to 45 mph when a pedestrian is detected."

According to the NHTSA, the rule will save at least 360 lives annually and prevent more than 24,000 injuries.

Nearly 190 million Americans were affected by February's cyberattack on UnitedHealth's Change Healthcare unit, almost double initial estimates, the company disclosed Friday. The breach, the largest in U.S. medical history, exposed sensitive data including Social Security numbers, medical records, and financial information.

UnitedHealth said it has not detected misuse of the stolen data or found medical databases among compromised files. Change Healthcare, a major U.S. healthcare claims processor, paid multiple ransoms after Russian-speaking hackers known as ALPHV breached its systems using stolen credentials lacking multi-factor authentication, according to CEO Andrew Witty's testimony to Congress.

An anonymous reader quotes a report from Ars Technica: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can't be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives what's known in the business as a "magic packet." On Thursday, researchers revealed that a never-before-seen backdoor that quietly took hold of dozens of enterprise VPNs running Juniper Network's Junos OS has been doing just that. J-Magic, the tracking name for the backdoor, goes one step further to prevent unauthorized access. After receiving a magic packet hidden in the normal flow of TCP traffic, it relays a challenge to the device that sent it. The challenge comes in the form of a string of text that's encrypted using the public portion of an RSA key. The initiating party must then respond with the corresponding plaintext, proving it has access to the secret key.

The lightweight backdoor is also notable because it resided only in memory, a trait that makes detection harder for defenders. The combination prompted researchers at Lumin Technology's Black Lotus Lab to sit up and take notice. "While this is not the first discovery of magic packet malware, there have only been a handful of campaigns in recent years," the researchers wrote. "The combination of targeting Junos OS routers that serve as a VPN gateway and deploying a passive listening in-memory only agent, makes this an interesting confluence of tradecraft worthy of further observation." The researchers found J-Magic on VirusTotal and determined that it had run inside the networks of 36 organizations. They still don't know how the backdoor got installed.

A federal district court has ruled that backdoor searches of Americans' private communications collected under Section 702 of FISA are unconstitutional without a warrant. "The landmark ruling comes in a criminal case, United States v. Hasbajrami, after more than a decade of litigation, and over four years since the Second Circuit Court of Appeals found that backdoor searches constitute 'separate Fourth Amendment events' and directed the district court to determine a warrant was required," reports the Electronic Frontier Foundation (EFF). "Now, that has been officially decreed." Longtime Slashdot reader schwit1 shares the report: Hasbajrami involves a U.S. resident who was arrested at New York JFK airport in 2011 on his way to Pakistan and charged with providing material support to terrorists. Only after his original conviction did the government explain that its case was premised in part on emails between Mr. Hasbajrami and an unnamed foreigner associated with terrorist groups, emails collected warrantless using Section 702 programs, placed in a database, then searched, again without a warrant, using terms related to Mr. Hasbajrami himself.

The district court found that regardless of whether the government can lawfully warrantlessly collect communications between foreigners and Americans using Section 702, it cannot ordinarily rely on a "foreign intelligence exception" to the Fourth Amendment's warrant clause when searching these communications, as is the FBI's routine practice. And, even if such an exception did apply, the court found that the intrusion on privacy caused by reading our most sensitive communications rendered these searches "unreasonable" under the meaning of the Fourth Amendment. In 2021 alone, the FBI conducted 3.4 million warrantless searches of US person's 702 data.

LinkedIn has been sued by Premium customers alleging the platform disclosed private messages to third parties without consent to train generative AI models. The lawsuit seeks damages for breach of contract and privacy violations, accusing LinkedIn of attempting to minimize scrutiny over its actions. Reuters reports: According to a proposed class action filed on Tuesday night on behalf of millions of LinkedIn Premium customers, LinkedIn quietly introduced a privacy setting last August that let users enable or disable the sharing of their personal data. Customers said LinkedIn then discreetly updated its privacy policy on Sept. 18 to say data could be used to train AI models, and in a "frequently asked questions" hyperlink said opting out "does not affect training that has already taken place."

This attempt to "cover its tracks" suggests LinkedIn was fully aware it violated customers' privacy and its promise to use personal data only to support and improve its platform, in order to minimize public scrutiny and legal fallout, the complaint said. The lawsuit was filed in the San Jose, California, federal court on behalf of LinkedIn Premium customers who sent or received InMail messages, and whose private information was disclosed to third parties for AI training before Sept. 18. It seeks unspecified damages for breach of contract and violations of California's unfair competition law, and $1,000 per person for violations of the federal Stored Communications Act. LinkedIn said in a statement: "These are false claims with no merit."

Slashdot readers jkister and databasecowgirl share the news of President Donald Trump issuing a pardon to Silk Road creator Ross Ulbricht. An anonymous reader shares a report from the BBC: US President Donald Trump says he has signed a full and unconditional pardon for Ross Ulbricht, who operated Silk Road, the dark web marketplace where illegal drugs were sold. Ulbricht was convicted in 2015 in New York in a narcotics and money laundering conspiracy and sentenced to life in prison. Trump posted on his Truth Social platform that he had called Ulbricht's mother to inform her that he had granted a pardon to her son. Silk Road, which was shut down in 2013 after police arrested Ulbricht, sold illegal drugs using Bitcoin, as well as hacking equipment and stolen passports.

"The scum that worked to convict him were some of the same lunatics who were involved in the modern day weaponization of government against me," Trump said in his post online on Tuesday evening. "He was given two life sentences, plus 40 years. Ridiculous!" Ulbricht was found guilty of charges including conspiracy to commit drug trafficking, money laundering and computer hacking. During his trial, prosecutors said Ulbricht's website, hosted on the hidden "dark web", sold more than $200 million worth of drugs anonymously.

According to CBS News, President Trump plans to announce billions of dollars in private sector investment to build AI infrastructure in the United States. From the report: OpenAI, Softbank and Oracle are planning a joint venture called Stargate, according to multiple people familiar with the deal. SoftBank CEO Masayoshi Son is expected at the White House Tuesday afternoon, along with Sam Altman of OpenAI and Larry Ellison of Oracle. Executives from the companies are expected to say they plan to commit $100 billion initially and pour up to $500 billion into Stargate over the next four years.

Other details of the new partnership were not immediately available. Stargate will start with a data center project in Texas, sources said, and eventually expand to other states. Other investors are expected to join the venture, but it was not immediately clear which ones. Further reading: Scale AI CEO To Trump: 'America Must Win the AI War'

An anonymous reader quotes a report from Reuters: U.S. President Donald Trump on Monday revoked a 2023 executive order signed by Joe Biden that sought to reduce the risks that artificial intelligence poses to consumers, workers and national security. Biden's order required developers of AI systems that pose risks to U.S. national security, the economy, public health or safety to share the results of safety tests with the U.S. government, in line with the Defense Production Act, before they were released to the public. Four days before leaving office, Biden issued a comprehensive cybersecurity executive order that also targeted AI usage. The directive aimed to leverage AI's security benefits, implement digital identities for citizens, and address vulnerabilities that have allowed Chinese and Russian intrusions into U.S. government systems, among other things. It's unclear at this time if it, too, will be revoked.

President Donald Trump signed an executive order today delaying the TikTok ban for 75 days. The Verge reports: The order, issued on Trump's first day of office, is meant to effectively extend the deadline established by The Protecting Americans from Foreign Adversary Controlled Applications Act for ByteDance to sell its stake by undercutting penalties on American companies like Apple and Google working with TikTok. It directs the Attorney General "not to take any action to enforce the Act for a period of 75 days from today to allow my Administration an opportunity to determine the appropriate course forward in an orderly way." The AG is supposed to "issue a letter to each provider stating that there has been no violation of the statute and that there is no liability for any conduct that occurred."

The order furthermore instructs the Department of Justice to "take no action to enforce the Act or impose any penalties against any entity for any noncompliance with the Act" and says they should be barred from doing so "for any conduct that occurred during the above-specified period or any period prior to the issuance of this order, including the period of time from January 19, 2025, to the signing of this order." It remains unclear whether Trump can legally pause the ban. It's also unclear how he plans to enforce a 50 percent "joint venture" ownership with the company, a move he announced on Sunday.

The notorious hacker IntelBroker claims to have stolen data from HPE systems, including source code, private repositories, digital certificates, and access to certain services. SecurityWeek reports: The compromised data allegedly includes source code for products such as Zerto and iLO, private GitHub repositories, digital certificates, Docker builds, and even some personal information that the hacker described as "old user PII for deliveries." IntelBroker is also offering access to some services used by HPE, including APIs, WePay, GitHub and GitLab. Contacted by SecurityWeek, HPE said it's aware of the breach claims and is conducting an investigation.

"HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE. HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims," said HPE spokesperson Adam R. Bauer. "There is no operational impact to our business at this time, nor evidence that customer information is involved," Bauer added.

The CIA has developed a chatbot to talk to virtual versions of foreign presidents and prime ministers. "Understanding leaders around the world is one of the CIA's most important jobs. Teams of analysts comb through intelligence collected by spies and publicly available information to create profiles of leaders that can predict behaviors," reports the New York Times. "A chatbot powered by artificial intelligence now helps do that work." From the report: The chatbot is part of the spy agency's drive to improve the tools available to CIA analysts and its officers in the field, and to better understand adversaries' technical advances. Core to the effort is to make it easier for companies to work with the most secretive agency. William Burns, CIA director for the past four years, prioritized improving the agency's technology and understanding of how it is used. Incoming Trump administration officials say they plan to build on those initiatives, not tear them down. [...]

The CIA has long used digital tools, spy gadgets and even AI. But with the development of new forms of AI, including the large language models that power chatbots, the agency has stepped up its investments. Making better use of AI, Burns said, is crucial to US competition with China. And better AI models have helped the agency's analysts "digest the avalanche of open-source information out there," he said. The new tools have also helped analysts process clandestinely acquired information, Burns said. New technologies developed by the agency are helping spies navigate cities in authoritarian countries where governments use AI-powered cameras to conduct constant surveillance on their population and foreign spies.