SoylentNews

Arthur T Knackerbracket has processed the following story:

Imagine an inverse Black Hat conference, an Alcoholics Anonymous for CISOs, where everyone commits to frank disclosure and debate on the underlying structural causes of persistently failing cybersecurity syndrome

It's been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due to ransomware attacks taking systems down for prolonged periods.

If the goods these people sold were one-tenth as shoddy as their corporate cybersecurity, they'd have been out of business years ago. It's a wake-up call, says the UK's National Center for Stating the Obvious. And what will happen? The industry will just press the snooze button again, as we hear reports that other retailers are "patching like crazy."

The bare fact that entire sectors remain exquisitely vulnerable to what is, by now, a very familiar form of attack is a diagnostic of systematic failure in the way such sectors are run. There are few details of what exactly happened, but it's not the details that matter, it's the fact that so little was made public.

We see only silence, deflection, and grudging admission as the undeniable effects multiply - which is a very familiar pattern. The only surprise is that there is no surprise. This isn't part of the problem, it is the problem. Like alcoholics, organizations cannot get better until they admit, confront, and work with others to mitigate the compulsions that bring them low. The raw facts are not in doubt; it's the barriers to admitting and drawing out their sting that perpetuate the problem.

We know this because there is so much evidence of corporate IT's fundamental flaws. If you have been in the business for a few years, you'll already know what they are – just as surely as you'll have despaired of progress. If you are joyfully innocent newbie, then look at the British Library's report into its own 2023 ransomware catastrophe. It took many core systems down, some of them forever, while leaking huge amounts of data that belonged to staff and customers. As a major public institution established by law, and one devoted to knowledge as a social good, the British Library wasn't just free to be frank about what happened, it had a moral obligation to do so.

upstart writes:

Astronomers have found a planet that orbits at an angle of 90 degrees around a rare pair of peculiar stars:

Several planets orbiting two stars at once, like the fictional Star Wars world Tatooine, have been discovered in the past years. These planets typically occupy orbits that roughly align with the plane in which their host stars orbit each other. There have previously been hints that planets on perpendicular, or polar, orbits around binary stars could exist: in theory, these orbits are stable, and planet-forming discs on polar orbits around stellar pairs have been detected. However, until now, we lacked clear evidence that these polar planets do exist.

"I am particularly excited to be involved in detecting credible evidence that this configuration exists," says Thomas Baycroft, a PhD student at the University of Birmingham, UK, who led the study published today in Science Advances.

The unprecedented exoplanet, named 2M1510 (AB) b, orbits a pair of young brown dwarfs — objects bigger than gas-giant planets but too small to be proper stars. The two brown dwarfs produce eclipses of one another as seen from Earth, making them part of what astronomers call an eclipsing binary. This system is incredibly rare: it is only the second pair of eclipsing brown dwarfs known to date, and it contains the first exoplanet ever found on a path at right angles to the orbit of its two host stars.

"A planet orbiting not just a binary, but a binary brown dwarf, as well as being on a polar orbit is rather incredible and exciting," says co-author Amaury Triaud, a professor at the University of Birmingham.

The team found this planet while refining the orbital and physical parameters of the two brown dwarfs by collecting observations with the Ultraviolet and Visual Echelle Spectrograph (UVES) instrument on ESO's VLT at Paranal Observatory, Chile. The pair of brown dwarfs, known as 2M1510, were first detected in 2018 by Triaud and others with the Search for habitable Planets EClipsing ULtra-cOOl Stars (SPECULOOS), another Paranal facility.

Arthur T Knackerbracket has processed the following story:

Tech buyers should purchase refurbished devices to push vendors to make hardware more repairable and help the shift to a more circular economy, according to a senior analyst at IDC.

Presenting a TED talk, vice president of devices for EMEA Francisco Jeronimo said that in 2022 there were 62 million tons of electronic waste generated while the average e-waste per person amounted to 11.2 kg annually.

While governments and manufacturers should press for more ethical sourcing and better recycling practices in consumer tech, buyers are not entirely powerless.

"When we look into all this waste, we know there's a problem, but we don't look into what we are doing to fix it," he said. "We blame governments, we blame corporations, we blame the brands. Because at the end of the day, how can I make my smartphone more sustainable? I can't. It needs to be the brand [and] governments [that] are bringing legislation to force the brands, but we have a superpower."

The buyer's superpower comes in the form of extending the life of devices we own, and choosing to buy secondhand refurbished devices when we need new ones, he said.

"Circularity is the answer. We need to decide whether we're going to keep buying new devices or take action to extend the life of the devices we use and make better choices when we buy new products."

If users in the European Union were able to extend by one year the lifespan of washing machines, notebooks, vacuum cleaners and smartphones, roughly four million tons of CO2 emissions would be saved, a European Environmental Bureau study claimed in 2019.

Jeronimo said the popularity of secondhand clothing has taken off on platforms like Vinted and eBay, but more could be done in technology.

"When we need a new smartphone or tablet or PC, we rush to the store to buy it new, and that needs to change, and there are 62 million tons of reasons why it matters."

[...] In March 2024, research showed the tech industry was creating electronic waste almost five times faster than it was recycling it (using documented methods). A United Nations report found that e-waste recycling has benefits estimated to include $23 billion of monetized value from avoided greenhouse gas emissions and $28 billion of recovered materials like gold, copper, and iron. It also comes at a cost – $10 billion associated with e-waste treatment and $78 billion of externalized costs to people and the environment.

Of the 62 million tons of e-waste generated globally in 2022, an estimated 13.8 million tons were documented, collected, and properly recycled, the report found.

Original Submission

An Anonymous Coward writes:

https://www.forbes.com/sites/saibala/2025/05/15/apple-is-developing-tech-so-users-can-control-devices-with-only-their-thoughts/

Apple is boldly embracing brain-computer interface (BCI) technology to enable users to control its devices using only their thoughts—a novel frontier for the company.

Earlier this week, it was announced that the tech giant is working with Synchron, a company that has been pioneering BCI research and work for more than a decade. The company was founded by Dr. Tom Oxley, a neurointerventionalist and technologist. Synchron has developed a stent-like implant that can be inserted using a (relatively) minimally invasive procedure on an individual's motor cortex. The stent was reportedly granted FDA clearance for human trials in 2021, and works to detect brain signals and translate them into software-enabled relays; in the case of an Apple device, the relays can select icons on a iPhone or iPad.

The video below shows a user's experience with Synchron's BCI in conjunction with the Apple Vision headset.

(see site for video)

Apple is working to establish the standards for BCI devices and protocolize what their use could look like across its device landscape. The company is expected to open up the technology and protocols to third-party developers in short order.

Among the primary goals of BCI technology is to enable the millions of individuals worldwide that may have limited physical functions to use devices. For example, the World Health Organization reports that globally, over 15 million people are living with spinal cord injuries. Many of these individuals may experience some type of loss of physical or sensory functions over the course of their lifetimes.

This is where BCIs can truly make a difference—enabling individuals to control electronic devices purely with their thoughts. In fact, reports indicate that the BCI industry is expected to grow at a CAGR of 9.35% from 2025 to 2030 and has huge potential to become a trillion dollar market within the next decade.

Original Submission

Arthur T Knackerbracket has processed the following story:

The UK needs more nuclear energy generation just to power all the AI datacenters that are going to be built, according to the head of Amazon Web Services (AWS).

In an interview with the BBC, AWS chief executive Matt Garman said the world is going to have to build new technologies to cope with the projected energy demands of all the bit barns that are planned to support AI.

"I believe nuclear is a big part of that, particularly as we look ten years out," he said.

AWS has already confirmed plans to invest £8 billion ($10.6 billion) on building out its digital and AI infrastructure in Britain between now and the end of 2028 to meet "the growing needs of our customers and partners."

Yet the cloud computing arm of Amazon isn't the only biz popping up new bit barns in Blighty. Google started building a $1 billion campus at Waltham Cross near London last year, while Microsoft began construction of the Park Royal facility in West London in 2023, and made public its plans for another datacenter on the site of a former power station in Leeds last year.

Earleir this year, approval was granted for what is set to become Europe's largest cloud and AI datacenter at a site in Hertfordshire, while another not far away has just been granted outline planning permission by a UK government minister, overruling the local district authority.

This activity is accelerating thanks to the government's AI Opportunities Action Plan, which includes streamlined planning processes to expedite the building of more data facilities in the hope this will drive AI development.

As The Register has previously reported, the infrastructure needed for AI is getting more power-hungry with each generation, and the datacenter expansion to serve the growth in AI services has led to concerns over the amount of energy required.

[...] "AI is driving exponential demand for compute, and that means power. Ultimately, a long-term, resilient energy strategy is critical," said Séamus Dunne, managing director in the UK and Ireland for datacenter biz Digital Realty.

"For the UK to stay competitive in the global digital economy, we need a stable, scalable, and low-carbon energy mix to support the next generation of data infrastructure. With demand already outpacing supply, and the UK aiming to establish itself as an AI powerhouse, it's vital we stay open to a range of solutions. That also means building public trust and working with government to ensure the grid can keep pace."

Garman told the BBC that nuclear is a "great solution" to datacenter energy requirements as it is "an excellent source of zero-carbon, 24/7 power."

This might be true, but new atomic capacity simply can't be delivered fast enough to meet near-term demand, as we reported earlier this year.  The World Nuclear Association says that an atomic plant typically takes at least five years to construct, whereas natural gas plants are often built in about two years.

Original Submission

Intel's data-leaking Spectre defenses scared off yet again

An Anonymous Coward writes:

ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit

by Thomas Claburn // Tue 13 May 2025

Researchers at ETH Zurich in Switzerland have found a way around Intel's defenses against Spectre, a family of data-leaking flaws in the x86 giant's processor designs that simply won't die.

Sandro Rüegge, Johannes Wikner, and Kaveh Razavi have identified a class of security vulnerabilities they're calling Branch Predictor Race Conditions (BPRC), which they describe in a paper [PDF] scheduled to be presented at USENIX Security 2025 and Black Hat USA 2025 later this year.

Spectre refers to a set of hardware-level processor vulnerabilities identified in 2018 that can be used to break the security isolation between software. It does this by exploiting speculative execution - a performance optimization technique that involves the CPU anticipating future code paths (also known as branch prediction) and executing down those paths before they're actually needed.

In practice, this all means malware running on a machine, or a rogue logged-in user, can potentially abuse Spectre flaws within vulnerable Intel processors to snoop on and steal data – such as passwords, keys, and other secrets – from other running programs or even from the kernel, the heart of the operating system itself, or from adjacent virtual machines on a host, depending on the circumstances. In terms of real-world risk, we haven't seen the Spectre family exploited publicly in a significant way, yet.

There are several Spectre variants. One of these, Spectre v2, enables an attacker to manipulate indirect branch predictions across different privilege modes to read arbitrary memory; it effectively allows a malicious program to extract secrets from the kernel and other running applications.

Intel has added various hardware-based defenses against these sorts of attacks over the years, which include Indirect Branch Restricted Speculation (IBRS/eIBRS) for restricting indirect branch target prediction, a sanitizing technique called Indirect Branch Predictor Barrier (IBPB), and other microarchitectural speculation controls.

eIBRS, the researchers explain, is designed to restrict indirect branch predictions to their originating privilege domain, preventing them from leaking across boundaries. Additional protection provided by IBPB is recommended in scenarios where different execution contexts, like untrusted virtual machines (VMs), share the same privilege level and hardware domain.

But Rüegge, Wikner, and Razavi found that branch predictors on Intel processors are updated asynchronously inside the processor pipeline, meaning there are potential race conditions – situations when two or more processes or threads attempt to access and update the same information concurrently, resulting in unpredictable behavior.

Arthur T Knackerbracket has processed the following story:

This week, meet a reader we'll Regomize as "Colin" who told us about his time working as a front-end developer for an education company that decided the time was right to expand from the UK to the US.

"Suddenly we needed to localize thousands of online articles, lessons, and other documents into American English."

Inconveniently, all that content was static HTML. "There was no CMS, no database, nothing I could harness on the server side," Colin lamented to Who, Me?

After due consideration, Colin and his team decided to use regular expressions to do the job.

"Our system combined tackling spelling swaps like changing 'ae' to 'e' in words like 'archaeology' and word/phrase swaps so that British terms like 'post' were changed to the American 'mail.'" Colin knew this could go pear-shaped if the system changed a term like "post-modern" to "mail-modern," so compound words were exempt.

As Colin and his workmates considered all the necessary changes, they realized they needed a lot of rules.

"The fact it was running the replacements directly on the body HTML, and causing lots of page repaints, meant we had to build a REST API to cache which rules ran and didn't run for each page, so as to not cause slowdown by running unnecessary rules," he explained.

Which worked well until it didn't.

"One day we got a call asking why a lesson about famous artists referred to the great painter 'Vincent Truck Gogh.'"

Readers are doubtless familiar with Vincent Van Gogh, and the different names for midsize vehicles on each side of the North Atlantic.

That was just the start. Next came complaints about a religious studies lesson that explained how Adam and Eve lived in the "Yard of Eden" – not the garden. Another religion class mentioned sinister-sounding "Easter hoods" instead of the daintier "Easter bonnets."

Colin figured out that the word swaps he coded failed to consider cases where it should just skip a word altogether. A van, after all, is a truck if you're American.

"In the end, we managed to get the system to be context-aware, so that certain swaps could be suppressed if the article contained a certain trigger word which suggested it shouldn't run, and the problems went away. But it was a very entertaining bug to be involved with!"

Original Submission

_{Processed by jelizondo}

Arthur T Knackerbracket has processed the following story:

The HoloBoard augmented-reality system lets people type independently.

Jeremy is a 31-year-old autistic man who loves music and biking. He's highly sensitive to lights, sounds, and textures, has difficulty initiating movement, and can say only a few words. Throughout his schooling, it was assumed he was incapable of learning to read and write. But for the past 30 minutes, he's been wearing an augmented-reality (AR) headset and spelling single words on the HoloBoard, a virtual keyboard that hovers in the air in front of him. And now, at the end of a study session, a researcher asks Jeremy (not his real name) what he thought of the experience.

Deliberately, poking one virtual letter at a time, he types, "That was good."

It was not obvious that Jeremy would be able to wear an AR headset, let alone use it to communicate. The headset we use, Microsoft's HoloLens 2, weighs 566 grams (more than a pound), and the straps that encircle the head can be uncomfortable. Interacting with virtual objects requires precise hand and finger movements. What's more, some people doubt that people like Jeremy can even understand a question or produce a response. And yet, in study after study, we have found that most nonspeaking autistic teenage and adult participants can wear the HoloLens 2, and most can type short words on the HoloBoard.

The HoloBoard prototype that Jeremy first used in 2023 was three years in the making. It had its origins in an interdisciplinary feasibility study that considered whether individuals like Jeremy could tolerate a commercial AR headset. That study was led by the three of us: a developmental psychologist (Vikram Jaswal at the University of Virginia), an electrical and software engineer (Diwakar Krishnamurthy at the University of Calgary), and a computer scientist (Mea Wang, also at the University of Calgary).

Our journey to this point was not smooth. Some autism researchers told us that nonspeaking autistic people "do not have language" and so couldn't possibly communicate by typing. They also said that nonspeaking autistic people are so sensitive to sensory experiences that they would be overwhelmed by augmented reality. But our data, from more than a half-dozen peer-reviewed studies, have shown both assumptions to be wrong. And those results have informed the tools we're creating, like the HoloBoard, to enable nonspeaking autistic people to communicate more effectively.

Nonspeaking autistic people may also appear inattentive, engage in impulsive behavior, and score poorly on standard intelligence tests (many of which require spoken responses within a set amount of time). Historically, these challenges have led to unfounded assumptions about these individuals' ability to understand language and their capacity for symbolic thought. To put it bluntly, it has sometimes been assumed that someone who can't talk is also incapable of thinking.

Most attempts to provide nonspeaking autistic people with an alternative to speech have been rudimentary. Picture-based communication systems, often implemented on an iPad or tablet, are frequently used in schools and therapy clinics. If a user wants a cookie, they can tap a picture of a cookie. But the vocabulary of these systems is limited to the concepts that can be represented by a simple picture.

There are other options. Some nonspeaking autistic people have learned, over the course of many years and guided by parents and professionals, to communicate by spelling words and sentences on a letterboard that's held by a trained human assistant - a communication and regulation partner, or CRP. Part of the CRP's role is to provide attentional and emotional support, which can help with conditions that commonly accompany severe autism and that interfere with communication, including anxiety, attention-deficit hyperactivity disorder, and obsessive-compulsive disorder. Having access to such assisted methods of communication has allowed nonspeaking autistic people to graduate from college, write poetry, and publish a best-selling memoir.

But the role of the CRP has generated considerable controversy. Critics contend that the assistants can subtly guide users to point to particular letters, which would make the CRP, rather than the user, the author of any words produced. If nonspeaking autistic people who use a letterboard really know how to spell, critics ask, why is the CRP necessary? Some professional organizations, including the American Speech-Language-Hearing Association, have even cautioned against teaching nonspeaking autistic people communication methods that involve assistance from another person.

And yet, research suggests that CRP-aided methods can teach users the skills to communicate without assistance; indeed, some individuals who previously required support now type independently. And a recent study by coauthor Jaswal showed that, contrary to critics' assumptions, most of the nonspeaking autistic individuals in his study (which did not involve a CRP) knew how to spell. For example, in a string of text without any spaces, they knew where one word ended and the next word began. Using eye tracking, Jaswal's team also showed that nonspeaking autistic people who use a letterboard look at and point to letters too quickly and accurately to be responding to subtle cues from a human assistant.

fliptop writes:

Regeneron has agreed to buy 23andMe, the once buzzy genetic testing company, out of bankruptcy for $256 million under a court-supervised sale process:

23andMe declared bankruptcy in March and announced it would seek a buyer, while also saying that co-founder and CEO Anne Wojcicki would resign.

Under the proposed agreement with Regeneron, the Tarrytown, New York, drugmaker will acquire 23andMe's assets, including its personal genome service and total health and research services. Regeneron said Monday that it will abide by 23andMe's privacy policies and applicable law to protect customer data.

Data privacy experts had raised concerns about 23andMe's storehouse of data for about 15 million customers, including their DNA.

23andMe's consumer-genome services will continue interrupted, the purchaser said. Regeneron will not acquire 23andMe's Lemonaid Health telehealth business.

Also at ZeroHedge.

Previously: 23andMe Reportedly Faces Bankruptcy — What Will Happen to Everyone's DNA Samples?

Original Submission

canopic jug writes:

The Verge, Space News, and The South China Morning Post are reporting that Red China has begun assembling a 744 TOPS super computer in Earth's orbit. The advantages of an orbital super computer include better access to solar energy, easier radiation of waste heat, and, above all, shorter communications times with other satellites.

The satellites communicate with each other at up-to-100Gbps using lasers, and share 30 terabytes of storage between them, according to Space News. The 12 launched last week carry scientific payloads, including an X-ray polarization detector for picking up brief cosmic phenomena such as gamma-ray bursts. The satellites also have the capability to create 3D digital twin data that can be used for purposes like emergency response, gaming, and tourism, ADA Space says in its announcement.

— China begins assembling its supercomputer in space. The Verge.

They are part of the Three-Body Computing Constellation, space-based infrastructure being developed by Zhejiang Lab. Once complete, the constellation would support real-time, in-orbit data processing with a total computing capacity of 1,000 peta operations per second (POPS) – or one quintillion operations per second – the report said.

— China launches satellites to start building the world's first supercomputer in orbit. The South China Morning Post.

The satellites feature advanced AI capabilities, up to 100 Gbps laser inter-satellite links and remote sensing payloads—data from which will be processed onboard, reducing data transmission requirements. One satellite also carries a cosmic X-ray polarimeter developed by Guangxi University and the National Astronomical Observatories of the Chinese Academy of Sciences (NAOC), which will detect, identify and classify transient events such as gamma-ray bursts, while also triggering messages to enable followup observations by other missions.

— China launches first of 2,800 satellites for AI space computing constellation. Space News.

Maintenance will be difficult.

Previously:
(2025) PA's Largest Coal Plant to Become 4.5GW Gas-Fired AI Hub
(2025) FTC Removes Posts Critical of Amazon, Microsoft, and AI Companies
(2025) Real Datacenter Emissions Are A Dirty Secret
(2022) Amazon and Microsoft Want to Go Big on Data Centres, but the Power Grid Can't Support Them

Original Submission

hubie writes:

EU users have less than two weeks to opt out of Meta's AI training:

Privacy watchdog Noyb sent a cease-and-desist letter to Meta Wednesday, threatening to pursue a potentially billion-dollar class action to block Meta's AI training, which starts soon in the European Union.

In the letter, Noyb noted that Meta only recently notified EU users on its platforms that they had until May 27 to opt their public posts out of Meta's AI training data sets. According to Noyb, Meta is also requiring users who already opted out of AI training in 2024 to opt out again or forever lose their opportunity to keep their data out of Meta's models, as training data likely cannot be easily deleted. That's a seeming violation of the General Data Protection Regulation (GDPR), Noyb alleged.

"Meta informed data subjects that, despite that fact that an objection to AI training under Article 21(2) GDPR was accepted in 2024, their personal data will be processed unless they object again—against its former promises, which further undermines any legitimate trust in Meta's organizational ability to properly execute the necessary steps when data subjects exercise their rights," Noyb's letter said.

[...] The letter accused Meta of further deceptions, like planning to seize data that users may not consider "public," like disappearing stories typically only viewed by small audiences. That, Noyb said, differs significantly from AI crawlers scraping information posted on a public website.

According to Noyb, there would be no issue with Meta's AI training in the EU if Meta would use a consent-based model rather than requiring rushed opt-outs. As Meta explained in a blog following a threatened preliminary injunction on AI training in Germany, the company plans to collect AI training data using a "legitimate interest" legal basis, which supposedly "follows the clear guidelines of the European Data Protection Committee of December 2024, which reflect the consensus between EU data protection authorities."

shrewdsheep writes:

https://www.theregister.com/2025/05/13/nextcloud_play_store_complaint/
https://nextcloud.com/blog/nextcloud-android-file-upload-issue-google/

Exclusive European software vendor Nextcloud has accused Google of deliberately crippling its Android Files application, which it says has more than 800,000 users.

The problem lies with the "All files access" permission, where broad access to files on a device is required. While most applications can make do with Google's more privacy-friendly storage access tools, such as Storage Access Framework (SAF) or the MediaStore API, others require more permissions – hence the "All files access" privilege.

Nextcloud's Android Files app is a file synchronization tool that, according to the company, has long had permission to read and write all file types. "Nextcloud has had this feature since its inception in 2016," it said, "and we never heard about any security concerns from Google about it."

That changed in 2024, when someone or something at Google's Play Store decided to revoke the permission, effectively crippling the application. Nextcloud was instructed to use "a more privacy-aware replacement."

According to Nextcloud, "SAF cannot be used, as it is for sharing/exposing our files to other apps ... MediaStore API cannot be used as it does not allow access to other files, but only media files."

Original Submission

looorg writes:

Scientists have re-calculate when the universe will end and it's a lot sooner than previously expected.

"sooner" still means a mind-bending 10 to the power of 78 years from now. That is a 1 followed by 78 zeros, which is unimaginably far into the future. However, in cosmic terms, this estimate is a dramatic advancement from the previous prediction of 10 to the power of 1,100 years, made by Falcke and his team in 2023.

Lets hope the next predictions does not come with the same results. The logarithmic end of time.

https://www.space.com/astronomy/scientists-calculate-when-the-universe-will-end-its-sooner-than-expected

Original Submission

M&S Forces Customer Password Resets After Data Breach

upstart writes:

M&S forces customer password resets after data breach:

Marks and Spencer (M&S) has confirmed that customer data was stolen during the Easter DragonForce ransomware attack on its server infrastructure and will be prompting all online customers to reset their account passwords as a precautionary move.

The attack unfolded three weeks ago and is thought to have been the work of a white-label affiliate of DragonForce – possibly the notorious Scattered Spider operation, which uses social engineering tactics to conduct its intrusions.

The stolen tranche of data is understood to include contact details email addresses, postal addresses and phone numbers; personal information including names and dates of birth; and data on customer interactions with the chain, including online order histories, household information, and 'masked' payment card details.

M&S added that customer reference numbers, but not payment information, belonging to holders of M&S credit cards or Sparks Pay cards – including former cardholders – may also have been taken.

"We have written to customers today to let them know that unfortunately, some personal customer information has been taken," said M&S chief exec Stuart Machin.

"Importantly there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action."

[...] NordVPN chief technology officer, Marijus Briedis, described M&S' assertion that the attackers have not yet leaked or shared the stolen data was "overly optimistic" under the circumstances and warned that even if passwords or credit card details were not exposed, the data that was taken was still very useful to cyber criminals.

"This type of data can be used in phishing campaigns or combined with other leaked information to commit identity theft," explained Briedis.

"Consumers often underestimate how damaging 'harmless' data like order history or email addresses can be in the wrong hands. These M&S hackers could use this data to build highly personalised phishing emails, designed to look identical to what the retailer would send, and these are much harder to spot.

"This breach highlights how companies must not only secure financial data, but also treat seemingly less sensitive information – like customer profiles and purchase records – as critical assets that require protection."

Arthur T Knackerbracket has processed the following story:

Police and federal agencies have found a controversial new way to skirt the growing patchwork of laws that curb how they use facial recognition: an AI model that can track people using attributes like body size, gender, hair color and style, clothing, and accessories. 

The tool, called Track and built by the video analytics company Veritone, is used by 400 customers, including state and local police departments and universities all over the US. It is also expanding federally: US attorneys at the Department of Justice began using Track for criminal investigations last August. Veritone’s broader suite of AI tools, which includes bona fide facial recognition, is also used by the Department of Homeland Security—which houses immigration agencies—and the Department of Defense, according to the company. 

“The whole vision behind Track in the first place,” says Veritone CEO Ryan Steelberg, was “if we’re not allowed to track people’s faces, how do we assist in trying to potentially identify criminals or malicious behavior or activity?” In addition to tracking individuals where facial recognition isn’t legally allowed, Steelberg says, it allows for tracking when faces are obscured or not visible. 

The product has drawn criticism from the American Civil Liberties Union, which—after learning of the tool through MIT Technology Review—said it was the first instance they’d seen of a nonbiometric tracking system used at scale in the US.They warned that it raises many of the same privacy concerns as facial recognition but also introduces new ones at a time when the Trump administration is pushing federal agencies to ramp up monitoring of protesters, immigrants, and students.

Veritone gave us a demonstration of Track in which it analyzed people in footage from different environments, ranging from the January 6 riots to subway stations. You can use it to find people by specifying body size, gender, hair color and style, shoes, clothing, and various accessories. The tool can then assemble timelines, tracking a person across different locations and video feeds. It can be accessed through Amazon and Microsoft cloud platforms.

In an interview, Steelberg said that the number of attributes Track uses to identify people will continue to grow. When asked if Track differentiates on the basis of skin tone, a company spokesperson said it’s one of the attributes the algorithm uses to tell people apart but that the software does not currently allow users to search for people by skin color. Track currently operates only on recorded video, but Steelberg claims the company is less than a year from being able to run it on live video feeds.