SoylentNews

upstart writes:

RFK Jr cancels $500m in mRNA vaccine development in the US:

RFK Jr cancels $500m in funding for mRNA vaccines for diseases like Covid

The US Department of Health and Human Services (HHS) plans to cancel $500m (£376m) in funding for mRNA vaccines being developed to counter viruses that cause diseases such as the flu and Covid-19.

That will impact 22 projects being led by major pharmaceutical companies, including Pfizer and Moderna, for vaccines against bird flu and other viruses, HHS said.

Health Secretary Robert F Kennedy Jr, a vaccine sceptic, announced he was pulling the funding over claims that "mRNA technology poses more risks than benefits for these respiratory viruses".

Doctors and health experts have criticised Kennedy's longstanding questioning of the safety and efficacy of vaccines and his views on health policies.

The development of mRNA vaccines to target Covid-19 was critical in helping slow down the pandemic and saving millions of lives, said Peter Lurie, a former US Food and Drug Administration official.

He told the BBC that the change was the US "turning its back on one of the most promising tools to fight the next pandemic".

In a statement, Kennedy said his team had "reviewed the science, listened to the experts, and acted". "[T]he data show these vaccines fail to protect effectively against upper respiratory infections like COVID and flu," he said.

He said the department was shifting the funding toward "safer, broader vaccine platforms that remain effective even as viruses mutate".

Kennedy also claimed that mRNA vaccines can help "encourage new mutations and can actually prolong pandemics as the virus constantly mutates to escape the protective effects of the vaccine".

An Anonymous Coward writes:

Linuxiac reports that another malicious package has been uploaded to the Arch User Repository (AUR). This time around the package was google-chrome-stable, which installed a remote-access trojan along with Google Chrome.

        The good news—if you can call it that—is that the google-chrome-stable package was available on the AUR only for a few hours before the malware hidden inside was discovered. Still, it did get a few upvotes, which suggests at least some users ended up installing it.

The Arch Linux project had to warn users about a similar attack less than a month ago when a user uploaded three browser packages that also installed a malicious script identified as a remote-access trojan.

Also see: https://lwn.net/Articles/1032193/

Original Submission

An Anonymous Coward writes:

Ubuntu users will see a few changes to their command line tools with the launch of Ubuntu 25.10 in October. The wget utility for downloading files is being replaced by wcurl which offers most of the same basic functionality. It's FOSS reports: "Ubuntu Server 25.10 will no longer include wget by default, switching to wcurl instead."

Fresh installations will see this change when 25.10 releases in October. wget has been the standard command-line download tool on Linux systems for years. Most server administrators and scripts rely on its straightforward syntax for file downloads. On the other hand, wcurl is a simple curl wrapper that lets you download files without remembering curl parameters, using curl under the hood with sane defaults."

The report goes on to note another GNU utility, the screen command, will be dropped in favour of Tmux.

Original Submission

Arthur T Knackerbracket writes:

Hiding secret codes in light can protect against fake videos

A team of Cornell researchers has developed a way to "watermark" light in videos, which they can use to detect if video is fake or has been manipulated.

The idea is to hide information in nearly-invisible fluctuations of lighting at important events and locations, such as interviews and press conferences or even entire buildings, like the United Nations Headquarters. These fluctuations are designed to go unnoticed by humans, but are recorded as a hidden watermark in any video captured under the special lighting, which could be programmed into computer screens, photography lamps and built-in lighting. Each watermarked light source has a secret code that can be used to check for the corresponding watermark in the video and reveal any malicious editing.

Peter Michael, a graduate student in the field of computer science who led the work, will present the study, "Noise-Coded Illumination for Forensic and Photometric Video," on Aug. 10 at SIGGRAPH 2025 in Vancouver, British Columbia.

Editing video footage in a misleading way is nothing new. But with generative AI and social media, it is faster and easier to spread misinformation than ever before.

"Video used to be treated as a source of truth, but that's no longer an assumption we can make," said Abe Davis, assistant professor of computer science in the Cornell Ann S. Bowers College of Computing and Information Science, who first conceived of the idea. "Now you can pretty much create video of whatever you want. That can be fun, but also problematic, because it's only getting harder to tell what's real."

fliptop writes:

China's biggest solar firms shed nearly one-third of their workforces last year, company filings show, as one of the industries hand-picked by Beijing to drive economic growth grapples with falling prices and steep losses:

The job cuts illustrate the pain from the vicious price wars being fought across Chinese industries, including solar and electric vehicles, as they grapple with overcapacity and tepid demand. The world produces twice as many solar panels each year as it uses, with most of them manufactured in China.

Longi Green Energy (601012.SS), Trina Solar , Jinko Solar (688223.SS), JA Solar ( 002459.SZ), and Tongwei (600438.SS), collectively shed some 87,000 staff, or 31% of their workforces on average last year, according to a Reuters review of employment figures in public filings.

Analysts say the previously unreported job losses were likely a mix of layoffs and attrition due to cuts to pay and hours as companies sought to stem losses.

[...] While analysts say it is unclear whether job cuts continued this year, Beijing is increasingly signalling it intends to intervene to cut capacity, sending polysilicon prices soaring nearly 70% in July while solar panel prices have increased more modestly.

[...] But many provincial governments are likely to be reluctant to crack down hard on overcapacity, analysts say. These officials are scored on jobs and economic growth and are loathe to see local champions sacrificed to meet someone else's target.

Also at ZeroHedge.

Original Submission

hubie writes:

OpenAI's new open models can run on your hardware instead of in the cloud:

OpenAI is releasing new generative AI models today [Aug 05, 2025], and no, GPT-5 is not one of them. Depending on how you feel about generative AI, these new models may be even more interesting, though. The company is rolling out gpt-oss-120b and gpt-oss-20b, its first open-weight models since the release of GPT-2 in 2019. You can download and run these models on your own hardware, with support for simulated reasoning, tool use, and deep customization.

When you access the company's proprietary models in the cloud, they're running on powerful server infrastructure that cannot be replicated easily, even in enterprise. The new OpenAI models come in two variants (120b and 20b) to run on less powerful hardware configurations. Both are transformers with a configurable chain of thought (CoT), supporting low, medium, and high settings. The lower settings are faster and use fewer compute resources, but the outputs are better with the highest setting. You can set the CoT level with a single line in the system prompt.

The smaller gpt-oss-20b has a total of 21 billion parameters, utilizing mixture-of-experts (MoE) to reduce that to 3.6 billion parameters per token. As for gpt-oss-120b, its 117 billion parameters come down to 5.1 billion per token with MoE. The company says the smaller model can run on a consumer-level machine with 16GB or more of memory. To run gpt-oss-120b, you need 80GB of memory, which is more than you're likely to find in the average consumer machine. It should fit on a single AI accelerator GPU like the Nvidia H100, though. Both models have a context window of 128,000 tokens.

[...] OpenAI says it doesn't intend for anyone to replace its proprietary models with the new OSS releases. It did not set out to replicate what you can do with the mainline GPT releases here, and there are some notable limitations. For example, gpt-oss-120b and gpt-oss-20b are text-only with no multimodality out of the box. However, the company acknowledges there are times when someone might not want to rely on a big cloud-based AI—locally managed AI has lower latency and more opportunities for customization, and it can keep sensitive data secure on site.

OpenAI is cognizant that many users of the company's proprietary models are also leveraging open source models for these reasons. Currently, those firms are using non-OpenAI products for local AI, but the team designed the gpt-oss models to integrate with the proprietary GPT models. So customers can now use end-to-end OpenAI products even if they need to process some data locally.

Because these models are fully open and governed by the Apache 2.0 license, developers will be able to tune them for specific use cases. Like all AI firms, OpenAI builds controls into its models to limit malicious behavior, but it's been a few years since the company released an open model—the gpt-oss models are much more powerful than GPT-2 was in 2019.

[...] If you want to test that claim yourself, gpt-oss-120b and gpt-oss-20b are available for download today on HuggingFace. There are also GitHub repos for your perusal, and OpenAI will host stock versions of the models on its own infrastructure for testing. If you are interested in more technical details, the company has provided both a model card and a research blog post.

Original Submission

Arthur T Knackerbracket has processed the following story:

Cadence admits guilt in exporting chip design tools to China’s National University of Defense Technology, which is believed to be working on the Chinese nuclear program.

Cadence Design Systems, one of the leading electronic design automation (EDA) firms in the U.S., has pleaded guilty to charges, saying that it sold its chip design software to the National University of Defense Technology, located in Hunan Province in South-Central China. According to Reuters, this institution is believed to be working on nuclear explosion simulations, linking it to China’s nuclear weapons research and development efforts.

The university has been on the U.S. Department of Commerce’s Entity List — a list of companies, institutions, and individuals that the White House deems to be operating contrary to its national security and foreign policy interests — since 2015. Furthermore, its affiliates and aliases, including Hunan Guofang Keji University, Central South CAD Center, and CSCC, were also added to the restricted list in 2019 and 2022, respectively.

Despite this, court records reveal that the chip design company and its China subsidiary, Cadence China, delivered EDA tools to CSCC at least 56 times between 2015 and 2020. This continued even though several Cadence China employees knew that CSCC is simply an alias that NUDT used to circumvent American sanctions. Furthermore, Cadence also sold its products to Phytium Technology Co., a Chinese semiconductor company that’s known to be closely working with NUDT, without applying for the proper export licenses.

The company pleaded guilty to one count of conspiracy to commit export control violations, requiring it to pay $140 million in forfeitures, civil, and criminal penalties. Aside from that, the court is also expected to put it under probation for three years, preventing it from doing business with sanctioned institutions at the risk of even harsher penalties.

canopic jug writes:

Some billing changes caused AWS to delete the entirety of developer Seuros' account rather than roll back to the old billing account on record. He has written an annotated timeline and analysis of how AWS came to not just delete a 10-year old, paid up account without warning but also give him quite a run around.

On July 23, 2025, AWS deleted my 10-year-old account and every byte of data I had stored with them. No warning. No grace period. No recovery options. Just complete digital annihilation.

[...] Lessons Learned

1. Never trust a single provider—no matter how many regions you replicate across
2. "Best practices" mean nothing when the provider goes rogue
3. Document everything—screenshots, emails, correspondence timestamps
4. The support theater is real—they literally cannot help you
5. Have an exit strategy executable in hours, not days

AWS won't admit their mistake. They won't acknowledge the rogue proof of concept. They won't explain why MENA operates differently. They won't even answer whether your data exists.

But they will ask you to rate their support 5 stars.

The cloud isn't your friend. It's a business. And when their business needs conflict with your data's existence, guess which one wins?

Plan accordingly.

[....] At one point during this ordeal, I hit rock bottom. I was ready to delete everything—yank all my gems from RubyGems, delete the organizations, the websites, everything I'd created. Leave a single message: "AWS killed this."

It would have made headlines. Caused chaos for thousands of projects. Trended on HN, Reddit, YouTube. But it would have hurt the wrong people—developers who depend on my work, not AWS.

As he points out, having all your activities managed by a single provider leaves one at risk for such extinction events. But maybe moving over to another, similar cloud provider is just kicking the can down the road and asking for a repeat of events under new circumstances.

Previously:
(2023) AWS to Charge Customers for Public IPv4 Addresses From 2024
(2019) Amazon Slams Media For Not Saying Nice Things About AWS
(2019) Amazon is Saying Nothing About the DDoS Attack That Took Down AWS, but Others Are
(2019) Azure Might be Woefully Inefficient and Unprofitable
(2018) The Cloud is a Six-Horse Race, and Three of Those Have Been Lapped

Original Submission

looorg writes:

Live from the bottom of the ocean. Underwater robot draws in millions of people watching it live as it explores the bottom of the sea.

A robot is navigating the dark, cold depths of the South Atlantic seabed, streaming images of dazzling coral and previously unseen fish, while scientists provide live commentary on YouTube – and Argentines are captivated. It's the first time human eyes, albeit remotely, are witnessing this underwater oasis in real time, where the frigid, nutrient-rich Malvinas current meets the warm, salty waters of the Brazil Current.

https://www.france24.com/en/americas/20250803-the-bright-side-underwater-robot-live-stream-mesmerizes-argentines
https://www.youtube.com/watch?v=oAanpXjQpN8 [10:05:00 Fascinating. Audio in Spanish. --JE]

Original Submission

upstart writes:

Infrared contact lens helps people see in the dark, even with their eyes closed:

Researchers have developed a contact lens that can convert infrared light, which is normally invisible to our eyes, into visible light.

Because infrared light can pass through our eyelids, study participants wearing the contact lenses could see with their eyes shut.

The contact lenses can only give the wearer blurry infrared "sight", but the researchers say they're working on increasing resolution for uses like night vision.

Many people have wished for night vision on a dark walk home. But have you ever wondered if it's possible to see with your eyes closed?

Both are feasible with a contact lens that allows the wearer to see light that's usually invisible to our eyes — and can pass through our eyelids.

The infrared lens, which was developed by researchers in China, was unveiled in the journal Cell today.

Tian Xue, a neuroscientist at the University of Science and Technology of China and study co-author, said the material had the potential to give people "super-vision".

But in the shorter term, the team's ambitions are more modest.

"Flickering infrared light could be used to transmit information in security, rescue, encryption or anti-counterfeiting settings," Professor Xue said in a press release.

Our eye cells only register light in a small proportion of the electromagnetic spectrum.

If we could see longer wavelengths — just outside the visible spectrum into the near-infrared — we'd be able to see humans and other warm-blooded animals "glow" faintly as they emit infrared light.

An Anonymous Coward writes:

https://www.nextron-systems.com/2025/08/01/plague-a-newly-discovered-pam-based-backdoor-for-linux/

As part of our ongoing threat hunting efforts, we identified a stealthy Linux backdoor that appears to have gone publicly unnoticed so far. We named it Plague. The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access.

What caught our attention: although several variants of this backdoor have been uploaded to VirusTotal over the past year, not a single antivirus engine flags them as malicious (see screenshot). To our knowledge, there are no public reports or detection rules available for this threat, suggesting that it has quietly evaded detection across multiple environments. [...]

This malware features anti-debugging capabilities to thwart analysis and reverse engineering attempts, string obfuscation to make detection more difficult, hardcoded passwords for covert access, as well as the ability to hide session artifacts that would normally reveal the attacker's activity on infected devices.

Once loaded, it will also scrub the runtime environment of any traces of malicious activity by unsetting SSH-related environment variables and redirecting command history to /dev/null to prevent logging, eliminating audit trails and login metadata, and erasing the attacker's digital footprint from system history logs and interactive sessions.

"Plague integrates deeply into the authentication stack, survives system updates, and leaves almost no forensic traces. Combined with layered obfuscation and environment tampering, this makes it exceptionally hard to detect using traditional tools," threat researcher Pierre-Henri Pezier said.

"The malware actively sanitizes the runtime environment to eliminate evidence of an SSH session. Environment variables such as SSH_CONNECTION and SSH_CLIENT are unset using unsetenv, while HISTFILE is redirected to /dev/null to prevent shell command logging."

While analyzing the malware, the researchers also discovered compilation artifacts indicating active development over an extended period, with samples compiled using various GCC versions across different Linux distributions.

Article continues @: https://www.nextron-systems.com/2025/08/01/plague-a-newly-discovered-pam-based-backdoor-for-linux/
Article archived @: https://archive.ph/gzh9Z
Article referenced @: https://www.bleepingcomputer.com/news/security/new-plague-malware-backdoors-linux-devices-removes-ssh-session-traces/

Original Submission

upstart writes:

Russian volcano erupts for first time in centuries:

Russian volcano erupts for first time in more than 500 years ShareSaveShareSaveAdam DurbinBBC NewsShareSave

A volcano in far eastern Russia has erupted for the first time in more than 500 years, which experts say may be linked to last week's massive earthquake.

The Krasheninnikov Volcano in Kamchatka threw up an ash plume up to six kilometres (3.7 miles) high overnight. There are no threats to populated areas, Russia's emergency ministry said.

Hours later, another large earthquake in Russia led to tsunami warnings in three areas of the peninsula.

Both events may be connected to a massive 8.8 magnitude earthquake which hit a similar area last week, which caused tsunami warnings as far away as French Polynesia and Chile.

Russian experts had warned strong aftershocks were possible for several weeks after Wednesday's earthquake - which was one of the strongest ever recorded and saw millions of people evacuate.

Sunday's 7.0 magnitude quake hit the Kuril Islands and could lead to waves of up to 18cm (7in), Russia's emergency ministry reported.

It said people in three areas of Kamchatka "must still move away from the shore", despite the low wave heights.

The last recorded eruption of Krasheninnikov was in the 15th century, according to the head of the Kamchatka Volcanic Eruption Response Team.

Olga Girina also said it may be linked to the earlier 8.8 magnitude earthquake, according to Russian state news agency RIA.

The Kamchatka Peninsula is remote but lies in the "Pacific Ring of Fire" - so called because of the high number of earthquakes and volcanoes that occur here.

upstart writes:

Inspired by astronauts, researchers use high-tech pants to uncover heart issues on MRI:

Astronauts wear lower body negative-pressure (LBNP) pants to simulate the effect of gravity during space travel. Now, a new study published in European Heart Journal – Cardiovascular Imaging suggests the same basic technology could significantly improve the performance of MRI-based exercise stress testing.

Researchers with the University of Texas at Arlington (UTA) first got the idea while watching an astronaut floating in space. If LBNP pants can help astronauts in space, they thought, perhaps it could help patients undergoing a stress test inside an MRI scanner.

The group put this theory to the test by developing new LBNP pants that could be worn during an MRI stress test, improving the patient's ability to move and—hopefully—providing more effective stress test results that can be used to put together a treatment strategy. By simulating the effect of standing up, clinicians are able to evaluate the stress test results and gain a much better understanding of how the patient moves—and how their heart is functioning.

According to the first-in-human data published in European Heart Journal – Cardiovascular Imaging, this new-look technology does show substantial potential. But much more research will still be necessary before anything gains regulatory approval.

"Our initial proof-of-concept data clearly highlights the strength and promise of this approach," lead author Brandon Hathorn, a PhD student with UTA, said in a statement.

"We've completely transformed the way we look at exercise cardiac MRI," added Michael Nelson, PhD, an associate professor and director of the Clinical Imaging Research Center (CIRC) at UTA. "In my opinion, the recent developments we've made should become the new standard. You shouldn't be doing exercise cardiac MRI without lower body negative-pressure pants."

UTA's CIRC includes a 3.0T MRI scanner with a 70-cm bore. Equipment this large is ideal for MRI-based exercise stress tests, which can be used to help evaluate a patient's quality of life and calculate their risk of experiencing adverse outcomes in the future.

upstart writes:

Breakthrough collaboration between multiple telescopes reveals most unusual long-period radio transient ever found:

Astronomers have made a groundbreaking discovery using some of the world's most advanced radio telescopes. Researchers, led by Fengqiu Adam Dong, a Jansky Fellow at the NSF Green Bank Observatory (NSF GBO), have identified an exceptionally unusual cosmic object known as a Long Period Radio Transient (LPT), named CHIME J1634+44. This object stands out as one of the most polarized LPTs ever discovered, and it is the only one observed to be spinning up (meaning its rotation is speeding up) a phenomenon never seen before in this class of astronomical objects.

[...] "You could call CHIME J1634+44 a 'unicorn', even among other LPTs," said Dong, noting this LPT's particularly unusual traits. Despite hundreds of detections across multiple observatories, including those listed above, and additional observations by the LOw Frequency ARray (LOFAR) in the Netherlands, the timing of the repeating radio bursts from CHIME J1634+44 is unclear. "The bursts seem to repeat either every 14 minutes, or 841 seconds—but there is a distinct secondary period of 4206 seconds, or 70 minutes, which is exactly five times longer. We think both are real, and this is likely a system with something orbiting a neutron star," explained Dong.

Normally, objects like neutron stars or white dwarfs slow down over time because they lose energy, so their spin period gets longer. But for CHIME J1634+44, the period is actually getting shorter—meaning it's spinning up, not slowing down. The only way to make the timing of the bursts fit together is to assume this spin-up is real, but that doesn't make sense for a lone star. Therefore, researchers believe that CHIME J1634+44 might actually be two stars orbiting each other very closely. If the orbit of this binary system is shrinking, it could be because they are losing energy, by emitting gravitational waves or interacting with each other, which could make it look like the period is getting shorter. This kind of shrinking orbit has been seen in other close pairs of white dwarfs. The radio bursts from CHIME J1634+44 are 100% circularly polarized, which means the radio waves twist in a perfect spiral as they travel—which is extremely rare. No known neutron star or white dwarf has ever been seen to do this for every burst. This suggests that the way these radio waves are being produced is different from what we see in all other known objects.

fliptop writes:

Artificial intelligence (AI) has become one of the most potent force multipliers the criminal underground has ever seen. Generative models that write immaculate prose, mimic voices, and chain exploits together have lowered the cost of sophisticated attacks to almost nothing:

This isn’t news. Last year, Jen Easterly, former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), warned that AI “will exacerbate the threat of cyberattacks [by making] people who are less sophisticated actually better at doing some of the things they want to do.”

The truth of that warning is already visible. The first quarter of 2025 saw an unprecedented 126% surge in ransomware incidents. Since then, there’s been a spree of high-impact attacks against high-profile brands. British retail institutions, global brands, major logistics operators, and more have all been hit by highly sophisticated attacks.

Ransomware, phishing, and deepfakes have merged into a low-barrier ecosystem where a cloud-hosted toolkit, a stolen credential, and a crypto wallet now suffice to run an international extortion ring.

[...] Dark-web marketplaces have grown into one of the world’s largest shadow economies. Listings resemble Amazon product pages, complete with escrow, loyalty discounts, and 24-hour ‘customer success’ chat. Competition drives platform fees down, so developers chase scale: more affiliates, more victims, more leverage.

[...] It’s time to move upstream and license offensive-AI capabilities the way we already license explosives, narcotics, and zero-day exports. Any model that can autonomously scan, exploit, or deepfake at scale should sit behind the regulatory equivalent of a locked cabinet, complete with audited access logs, financial surety, and criminal liability for willful leaks. Cloud providers and model builders love to invoke “dual-use,” but dual-use is exactly why controlled-substance laws exist: society decided that convenience doesn’t trump harm. Apply the same logic here, and we choke supply instead of eternally mopping the floor.

Related: Uncovering WormGPT: A Cybercriminal’s Arsenal

Original Submission