SoylentNews

An Anonymous Coward writes:

https://www.bleepingcomputer.com/news/security/hackers-exploit-cisco-snmp-flaw-to-deploy-rootkit-on-switches/
https://archive.ph/crr3o

Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in older, unprotected Cisco networking devices to deploy a Linux rootkit and gain persistent access.

The security issue leveraged in the attacks affects the Simple Network Management Protocol (SNMP) in Cisco IOS and IOS XE and leads to RCE if the attacker has root privileges.

According to cybersecurity company Trend Micro, the attacks targeted Cisco 9400, 9300, and legacy 3750G series devices that did not have endpoint detection response solutions.

In the original bulletin for CVE-2025-20352, updated on October 6, Cisco tagged the vulnerability as exploited as a zero day, with the company's Product Security Incident Response Team (PSIRT) saying it was "aware of successful exploitation."

Trend Micro researchers track the attacks under the name 'Operation Zero Disco' because the malware sets a universal access password that contains the word "disco."

The report from Trend Micro notes that the threat actor also attempted to exploit CVE-2017-3881, a seven-year-old vulnerability in the Cluster Management Protocol code in IOS and IOS XE.

The rootkit planted on vulnerable systems features a UDP controller that can listen on any port, toggle or delete logs, bypass AAA and VTY ACLs, enable/disable the universal password, hide running configuration items, and reset the last write timestamp for them.

In a simulated attack, the researchers showed that it is possible to disable logging, impersonate a waystation IP via ARP spoofing, bypass internal firewall rules, and move laterally between VLANs.

An Anonymous Coward writes:

Geostationary satellites are broadcasting large volumes of unencrypted data to Earth, including private voice calls and text messages as well as consumer internet traffic, researchers have discovered.

Scientists at the University of California, San Diego, and the University of Maryland, College Park, say they were able to pick up large amounts of sensitive traffic largely by just pointing a commercial off-the-shelf satellite dish at the sky from the roof of a university building in San Diego.

In its paper, Don't Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites [PDF], the team describes how it performed a broad scan of IP traffic on 39 GEO satellites across 25 distinct longitudes and found that half of the signals they picked up contained cleartext IP traffic.

This included unencrypted cellular backhaul data sent from the core networks of several US operators, destined for cell towers in remote areas. Also found was unprotected internet traffic heading for in-flight Wi-Fi users aboard airliners, and unencrypted call audio from multiple VoIP providers.

According to the researchers, they were able to identify some observed satellite data as corresponding to T-Mobile cellular backhaul traffic. This included text and voice call contents, user internet traffic, and cellular network signaling protocols, all "in the clear," but T-Mobile quickly enabled encryption after learning about the problem.

More seriously, the team was able to observe unencrypted traffic for military systems including detailed tracking data for coastal vessel surveillance and operational data of a police force.

In addition, they found retail, financial, and banking companies all using unencrypted satellite communications to link their internal networks at various sites. The researchers were able to see unencrypted login credentials, corporate emails, inventory records, and information from ATM cash dispensers.

fliptop writes:

Larry Sanger says the website has become biased against conservative and religious viewpoints, but sees a way to fix it:

Wikipedia, a popular online encyclopedia millions of people treat as an authoritative source of information, is systemically biased against conservative, religious, and other points of view, according to the site's co-founder, Larry Sanger.

Sanger, 57, who now heads the Knowledge Standards Foundation, believes Wikipedia can be salvaged either by a renewed emphasis on free speech withttps://larrysanger.org/nine-theses/hin the organization or by a grassroots campaign to make diverse viewpoints heard.

Failing that, Sanger said, government intervention may be required to pierce the shell of anonymity that now protects Wikipedia's editors from defamation lawsuits by public figures who believe the site portrays them unfairly.

[...] "Basically, it's required now, even for the sake of neutrality, that they take a side when [they believe] one side is clearly wrong," Sanger said. "Pretensions of objectivity are out the window."

[...] "You simply may not cite as sources of Wikipedia articles anything that has been branded as right wing," he said. [...] "Even now, people are still sort of waking up to the reality that Wikipedia does, on many pages ... act as essentially propaganda."

[...] On his website, Sanger outlines a series of ideas for returning Wikipedia to its original stance on fairness and free speech. A handful of his ideas center on increasing transparency into site management, such as revealing who Wikipedia's leaders are, allowing the public to rate articles, ending decision-making by consensus, and adopting a legislative process for determining editorial policy.

Related: Elon Musk Plans to Take on Wikipedia With 'Grokipedia'

Original Submission

upstart writes:

Malicious app required to make "Pixnapping" attack work requires no permissions:

Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other private data in less than 30 seconds.

The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet. The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.

Pixnapping attacks begin with the malicious app invoking Android programming interfaces that cause the authenticator or other targeted apps to send sensitive information to the device screen. The malicious app then runs graphical operations on individual pixels of interest to the attacker. Pixnapping then exploits a side channel that allows the malicious app to map the pixels at those coordinates to letters, numbers, or shapes.

"Anything that is visible when the target app is opened can be stolen by the malicious app using Pixnapping," the researchers wrote on an informational website. "Chat messages, 2FA codes, email messages, etc. are all vulnerable since they are visible. If an app has secret information that is not visible (e.g., it has a secret key that is stored but never shown on the screen), that information cannot be stolen by Pixnapping."

The new attack class is reminiscent of GPU.zip, a 2023 attack that allowed malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites. It worked by exploiting side channels found in GPUs from all major suppliers. The vulnerabilities that GPU.zip exploited have never been fixed. Instead, the attack was blocked in browsers by limiting their ability to open iframes, an HTML element that allows one website (in the case of GPU.zip, a malicious one) to embed the contents of a site from a different domain.

Pixnapping targets the same side channel as GPU.zip, specifically the precise amount of time it takes for a given frame to be rendered on the screen.

"This allows a malicious app to steal sensitive information displayed by other apps or arbitrary websites, pixel by pixel," Alan Linghao Wang, lead author of the research paper "Pixnapping: Bringing Pixel Stealing out of the Stone Age," explained in an interview. "Conceptually, it is as if the malicious app was taking a screenshot of screen contents it should not have access to. Our end-to-end attacks simply measure the rendering time per frame of the graphical operations to determine whether the pixel was white or nonwhite."

c0lo writes:

The noise of Bitcoin mining is driving Americans crazy

"It echoes across agricultural land and forests, chasing away deer. It seeps into walls, vibrating bedrooms and dinner tables." One resident said it was as though a "jet engine is forever stationed nearby".

Bitcoin mining has exploded in the US over the past decade, particularly in the wake of Donald Trump's re-election to the White House and his embrace of cryptocurrency. But it's an energy-intensive process: the powerful computers that create and protect the cryptocurrency need fans on the go constantly to cool them down. And across rural, mostly Republican towns, residents are getting sick of the noise – and getting sick, full stop.

Much of America's Bitcoin mining industry is in Texas, said Time, "home to giant power plants, lax regulation, and crypto-friendly politicians". In Granbury, where Marathon – one of the world's largest Bitcoin holders – has a mine, a group of people are being "worn thin from strange, debilitating illnesses". Some were experiencing fainting spells, chest pains, migraines and panic attacks; others were "wracked by debilitating vertigo and nausea. The mine is causing "mental and physical" health issues, said one ears, nose, and throat specialist based in Granbury. "Imagine if I had vuvuzela in your ear all the time."

Granbury Residents Demand Answers from MARA's Bitcoin Mine As Lawsuit Over Noise Nuisance Continues

Texas state court rejected MARA's dismissal bid, now residents are demanding that the cryptomine turn over documents

Granbury, TX —

Today, Citizens Concerned About Wolf Hollow, a community group composed of Granbury residents and represented by Earthjustice, filed a motion to compel in its lawsuit against MARA Holdings, Inc, asking the Texas State Court to require the cryptomining plant to turn over key information pertaining to the excessive noise the facility creates and the resulting nuisance level conditions. This comes on the heels of the Court denying MARA's motion to dismiss earlier this summer, a decision which allows the community group to move forward in the lawsuit. The cryptomining company has withheld basic information and documentation related to the excessive noise generated by its 24/7 cryptocurrency mining operations — noise that has caused ongoing harm to the surrounding community. Now, the community group is demanding answers, seeking much needed information including the equipment used at the plant, any mitigation measures the company has taken, and detailed noise pollution data.

looorg writes:

Amazon accidentally turned off large portions of the internet on Monday morning.

A problem at Amazon's cloud computing service disrupted internet use around the world early Monday, taking down dozens of online services, including social media site Snapchat, the Roblox and Fortnite video games and chat app Signal.

About three hours after the outage began, Amazon Web Services said it was starting to recover from the problem. AWS provides behind-the-scenes cloud computing infrastructure to some of the world's biggest organizations. Its customers include government departments, universities and businesses, including The Associated Press.

Amazon pinned the outage on issues related to its domain name system, which converts web addresses into IP addresses so websites and apps can load on internet-connected devices.

"The world now runs on the cloud," and the internet is seen as a utility like water or electricity, Burgess said.

Several major apps were not working. Coinbase, Fortnite, Signal and Zoom faced lengthy outages, as did Amazon's own services, including its Ring video surveillance products.

Millions of companies and organizations rely on AWS to host their websites, apps and other critical online systems. The company has data centers all over the world, and Amazon is said to have at least 30% of the total cloud market.

Amazon did not give a reason for what caused the outage.

https://apnews.com/article/amazon-east-internet-services-outage-654a12ac9aff0bf4b9dc0e22499d92d7
https://techcrunch.com/2025/10/20/amazon-dns-outage-breaks-much-of-the-internet/

Original Submission

AnonTechie writes:

Step into the Massachusetts Institute of Technology (MIT) Media Lab in Cambridge, US, and the future feels a little closer. Glass cabinets display prototypes of weird and wonderful creations, from tiny desktop robots to a surrealist sculpture created by an AI model prompted to design a tea set made from body parts. In the lobby, an AI waste-sorting assistant named Oscar can tell you where to put your used coffee cup. Five floors up, research scientist Nataliya Kosmyna has been working on wearable brain-computer interfaces she hopes will one day enable people who cannot speak, due to neurodegenerative diseases such as amyotrophic lateral sclerosis, to communicate using their minds.

Kosmyna spends a lot of her time reading and analysing people's brain states. Another project she is working on is a wearable device – one prototype looks like a pair of glasses – that can tell when someone is getting confused or losing focus. Around two years ago, she began receiving out-of-the blue emails from strangers who reported that they had started using large language models such as ChatGPT and felt their brain had changed as a result. Their memories didn't seem as good – was that even possible, they asked her? Kosmyna herself had been struck by how quickly people had already begun to rely on generative AI. She noticed colleagues using ChatGPT at work, and the applications she received from researchers hoping to join her team started to look different. Their emails were longer and more formal and, sometimes, when she interviewed candidates on Zoom, she noticed they kept pausing before responding and looking off to the side – were they getting AI to help them, she wondered, shocked. And if they were using AI, how much did they even understand of the answers they were giving?

[...] AI companies are determined to push their products on to the public before we fully understand the psychological and cognitive costs

[...] Digital multitasking gives you a false sense of being on top of things without ever getting to the bottom of anything

[...] Are schools equipped to produce creative thinkers – or is the education system going to churn out mindless, AI-essay writing drones?

The Guardian

Original Submission

The war against drones is heating up with airports around the world reporting incursions by these robotic flying pests. Cost effective solutions are still thin on the ground. With countries like Russia and China on the warpath there is a need to step up development and research for better drone management solutions. On the back of drone developments in the Ukraine war, a new R&D facility is being planned for Adelaide in South Australia to accelerate the development of next generation counter drone technology.

ASX-listed technology company DroneShield has announced it will build a new $13m research facility in Adelaide as it moves to "accelerate the development" of its next-generation counter-drone products amid a world of "surging" drone attacks.

The investment was expected to create about 20 high-skilled engineering roles in the city, focused radiofrequency electronics, electronic warfare and systems integration, the company said.

The facility will be led by Jeff Wojtiuk, a former Lockheed Martin Australia engineer.

The facility is expected to be fully operational by March next year.

[Ed. question: If you were a betting person, where are you putting your money for the most effective counter? EMP? Kinetic? Lasers? Drone attacking drones?]

Original Submission

AnonTechie writes:

An interesting article on the economics of AI Chips by Mihir Kshirsagar

This week, Open AI announced a multibillion-dollar deal with Broadcom to develop custom AI chips for data centers projected to consume 10 gigawatts of power. This investment is separate from another multibillion-dollar deal OpenAI struck with AMD last week. There is no question that we are in the midst of making one of the largest industrial infrastructure bets in United States history. Eight major companies—Microsoft, Amazon, Google, Meta, Oracle, OpenAI, and others—are expected to invest over $300 billion in AI infrastructure in 2025 alone. Spurred by news about the vendor-financed structure of the AMD investment and a conversation with my colleague Arvind Narayanan, I started to investigate the unit economics of the industry from a competition perspective.

What I have found so far is surprising. It appears that we're making important decisions about who gets to compete in AI based on financial assumptions that may be systematically overstating the long-run sustainability of the industry by a factor of two. That said, I am open to being wrong in my analysis and welcome corrections as I write these thoughts up in an academic article with my colleague Felix Chen.

Here is the puzzle: the chips at the heart of the infrastructure buildout have a useful lifespan of one to three years due to rapid technological obsolescence and physical wear, but companies depreciate them over five to six years. In other words, they spread out the cost of their massive capital investments over a longer period than the facts warrant—what The Economist has referred to as the "$4trn accounting puzzle at the heart of the AI cloud."

Center for Information Technology Policy (Princeton University)

Original Submission

An Anonymous Coward writes:

For those interested in scanning files for malware and other threat detection under Linux and using the GNOME desktop, Lenspect is a new GNOME-aligned application that is a GUI powered by VirusTotal for being a Linux-native security threat scanner.

As noted by This Week in GNOME, Lenspect has launched as a security threat scanner built atop Google-owned VirusTotal. In turn users of this GNOME-focused desktop application need to have their own VirusTotal API key.

Lenspect is written in Python and makes use of the GTK toolkit. Lenspect 1.0 was released last week as the project's inaugural release. Lenspect is licensed under the GPLv3.

Lenspect is available via Flathub or its sources can be grabbed from GitHub.

Original Submission

AnonTechie writes:

The Royal United Services Institute for Defence and Security Studies

This paper explores how Russian state-affiliated and state-aligned actors are discussing, conceptualising and framing AI within their online communications.

As generative AI technologies rapidly evolve, their implications for global information security are becoming more acute. This paper explores how Russian state-affiliated and state-aligned actors are discussing, conceptualising and framing AI within their online communications. Drawing on original analysis of communications from Russian-linked online channels, the paper investigates how actors in the Russian influence ecosystem perceive the role of AI in information warfare and what their narratives reveal about evolving threat trajectories.

The report finds that a diverse range of Russian actors are actively engaged in conversations about AI. These actors are not only discussing the use of AI tools to automate and amplify content, but also exploring the role of AI as a narrative device, boasting of its effectiveness, warning of its dangers and framing it as both a strategic asset and a potential threat.

The analysis reveals a growing focus on AI as both an opportunity and a threat among various Russian actors, from those affiliated with groups like Wagner, to pro-Russian hacktivist collectives and online influencers. AI is often portrayed as a powerful tool for information manipulation, capable of generating persuasive content, amplifying messaging and overwhelming adversaries with sheer volume. At the same time, many actors express significant anxiety about Western dominance over AI development, suggesting that these technologies could be used to subvert Russian public opinion, erode autonomy and destabilise the domestic information environment. Concerns about surveillance, deepfakes (digitally altered videos or images aiming to misrepresent a person as doing or saying something they did not say or do in the original version of the image or video) and algorithmic bias feature prominently in this discourse.

[Full Report]: https://static.rusi.org/russia-ai-and-the-future-of-disinformation-warfare.pdf [PDF]

Original Submission

An Anonymous Coward writes:

This article details two bugs discovered in the NVIDIA Linux Open GPU Kernel Modules and demonstrates how they can be exploited. The bugs can be triggered by an attacker controlling a local unprivileged process. Their security implications were confirmed via a proof of concept that achieves kernel read and write primitives.

Back in 2022, NVIDIA started distributing the Linux Open GPU Kernel Modules. Since 2024, using these modules is officially "the right move" for both consumer and server hardware. The driver provides multiple kernel modules, the bugs being found in nvidia.ko and nvidia-uvm.ko. They expose ioctls on device files, most of them being accessible to unprivileged users. These ioctls are meant to be used by NVIDIA's proprietary userland binaries and libraries. However, using the header files provided in the kernel modules repository as a basis, it's possible to make direct ioctl calls.

While manually probing the attack surface related to memory allocation and management we found two vulnerabilities. They were reported to NVIDIA and the vendor issued fixes in their NVIDIA GPU Display Drivers update of October 2025

https://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html

[Ed. note: if you've ever wondered about the nitty-gritty details of exploits, TFA breaks down these use-after-free exploits and show how they work]

Original Submission

It has been a while since I was able to update the community on various aspects of our site.

Back in the Saddle

Many of you will recall that I had to step back from many of my site duties to begin a period of medical treatment. That has now been completed and, although it was not 100% successful, I am feeling better than when it started. During that time I was asked, where possible, to continue to help manage the site until replacements could be found for various roles.

Unfortunately we have not been successful in finding anyone to help administer the site. It might appear a daunting task, and the job list is appreciable, but many of those tasks take literally 2 minutes to complete. Perhaps the most important role is being available to answer the queries that arrive at admin@soylentnews.org. They are often simple to resolve and again only take a few minutes, but the emails have to be checked fairly frequently, at least daily. It is usually an empty mailbox. I would be more than happy to step down from this role but I realise that some may be wary of volunteering to take on the task. You needn't be, and if several people wish to consider it the current job list can easily be divided between them. So if you are interested then please contact admin@soylentnews.org and I can start to show you around without any firm commitment on your part. If you do not fancy it you can say 'no thanks' and remain as a community member. However, I cannot say what the future will hold for me and I cannot keep the role indefinitely. I would rather have a person or two who at least are aware of how the site works before I disappear at some point in the future.

I have approached the Board and offered my services, although I would prefer to hand the role over to someone else. This should actually be as a result of an election process but unless someone wishes to step forward there is little point. The Board has agreed to me taking on the role again, for which I am grateful.

Jelizondo

'jelizondo' joined the editorial team a month or two back and has hit the ground running, having already published approaching 200 stories. Not only has he brought an extra pair of hands to the team but he has also brought a new perspective on what we do. It is always useful to have a fresh look at what we do and to question why we do it that way. Often there are very good reasons but it is sometimes easy to forget how the team has developed since the fledgling days in 2014. While he is a recent addition to the team he has been a community member from the first few weeks of the site's creation. I'm sure you will make him feel welcome.

Flagging Trial

Some of you will be unaware of 'flagging'. Staff with a specific seclev have had the ability to delete comments from the database since the site was created . This is necessary because legally we are required to remove certain material. Initially the deletion was a 'hard' delete and although the database remained in a stable condition, the linking of comments below a deletion was broken so that while they existed in the database but could not be seen. kolie corrected this to a soft delete - 'deleted' comments would not display but subsequent comments still displayed as they should. It is a far better system. However, it is a system that is still under development although the basic system is fully functional. It is a continuation of the community discussions that kolie held in his journal over the last year or two.

With the relatively small (but slowly growing) community the number of journals being used has also fallen. Furthermore, they have been targeted by ACs who in a small number of cases have abused the journals and made them unusable for the owners purpose. Flagging such abuses removes the abuse from view but of course others rightly complained that there was no community visibility of flagged material. Thus it is necessary to develop a management system which allows a flagged comment to be reviewed, returned to view if it has been incorrectly flagged, edited if the offending material can be removed, or blocked entirely in the event of CSAM, doxxing, banned users, or unacceptable material being found.

Journal owners complained that their journals were being spoiled by the antics of the few ACs and as a trial we have given the journal owners the ability to flag material that they believe is intended to disrupt their discussions or to abuse the journal owner directly. That trial is running at the moment. Several journal owners have used it, but there is no obligation on any journal owner to do so if they do not wish to. It is in addition to the current moderation system and it is not intended to replace it - indeed argument and moderation should be used if it is simply a difference of opinion. The alternative would be to make journals accessible only to logged-in users in the same way that front page stories are currently published.

Once the trial has finished we should be in a much better position to decide how the function will be managed: who will review the flagged comments, how quickly must reviews be carried out, and how will the contents be edited while showing clearly that such editing has taken place etc?

It has to be realised that flagging only affects a very small number of anonymous posters but they are intent on disrupting the site wherever they can. Unfortunately that is mainly in the few journals that are active, but it is also seen in Polls.

Once the trial has been completed it is intended to present the findings to the community for discussion and possible approval.

Finally...

As usual, we encourage the community to submit potential stories for publication and discussion. We normally approach submissions with the following priorities in mind, providing that the material is suitable for discussion.

1. Submissions from named community accounts.
2. Submissions from Upstart - the IRC submission bot. This is because an actual user has taken the trouble to make a submission even if he/she remains anonymous.
3. Submissions from other anonymous sources.
4. Submissions found by search bots.

Sometimes it is not possible to stick to this set of priorities because of the need to vary story content across the topics that we cover and, regrettably, not every submission is suitable for publication. It stands to reason that the better prepared a submission is then the more likely it is to be used, and the submission guidelines are contained in the Wiki.

janrinok writes:

Quantum crystals offer a blueprint for the future of computing and chemistry:

Imagine industrial processes that make materials or chemical compounds faster, cheaper, and with fewer steps than ever before. Imagine processing information in your laptop in seconds instead of minutes or a supercomputer that learns and adapts as efficiently as the human brain. These possibilities all hinge on the same thing: how electrons interact in matter.

A team of Auburn University scientists has now designed a new class of materials that gives scientists unprecedented control over these tiny particles. Their study, published in ACS Materials Letters, introduces the tunable coupling between isolated-metal molecular complexes, known as solvated electron precursors, where electrons aren't locked to atoms but instead float freely in open spaces.

From their key role in energy transfer, bonding, and conductivity, electrons are the lifeblood of chemical synthesis and modern technology. In chemical processes, electrons drive redox reactions, enable bond formation, and are critical in catalysis. In technological applications, manipulating the flow and interactions between electrons determines the operation of electronic devices, AI algorithms, photovoltaic applications, and even quantum computing. In most materials, electrons are bound tightly to atoms, which limits how they can be used. But in electrides, electrons roam freely, creating entirely new possibilities.

"By learning how to control these free electrons, we can design materials that do things nature never intended," says Dr. Evangelos Miliordos, Associate Professor of Chemistry at Auburn and senior author of the study based on state-of-the-art computational descriptions.

In their work, the Auburn team proposed novel materials structures termed Surface Immobilized Electrides by anchoring special molecules—solvated electron precursors—onto stable surfaces such as diamond and silicon carbide. This design makes the electronic properties of the electrides robust and tunable. Depending on how the molecules are arranged, the electrons can form isolated "islands" that act like quantum bits for advanced computing or extended metallic "seas" that drive complex chemical reactions.

An Anonymous Coward writes:

JPMorgan requires staff to hand over biometric data to access new headquarters New York bank is imposing eye and fingerprint scans amid heightened security concerns at corporate offices

JPMorgan Chase has told staff moving into the US bank's new multibillion-dollar Manhattan headquarters they must share their biometric data to access the building, overriding a prior plan for voluntary enrolment.

Employees who have started work at its 270 Park Avenue skyscraper since August have received emails saying biometric access is "required", according to a communication seen by the Financial Times. This allows people to scan their fingerprints or eye instead of ID badges to get through the lobby security gates.

[...] Dave Komendat, chief security officer at Corporate Security Advisors, said biometrics had been used for decades at higher-security areas, such as government installations and data centres, but putting them in commercial buildings for large numbers of people would be used at a new and larger scale.

https://www.ft.com/content/d5351d3d-d64f-4a90-a3da-d1ef8e8bea66
https://archive.ph/YCV85

[Ed. question: Would this be a deal breaker for any of you for joining or continuing to work at the company?]

Original Submission