Starting mid-July 2025, Microsoft 365 will begin blocking legacy authentication protocols like Remote PowerShell and FrontPage RPC to enhance security under its "Secure by Default" initiative. Admins must now grant explicit consent for third-party app access, which could disrupt workflows but aims to reduce unauthorized data exposure. The Register reports: First in line for the chop is legacy browser authentication to SharePoint and OneDrive using the Remote PowerShell (RPS) protocol. According to Microsoft, legacy authentication protocols like RPS "are vulnerable to brute-force and phishing attacks due to non-modern authentication." The upshot is that attempting to access OneDrive or SharePoint via a browser using legacy authentication will stop working. Also being blocked is the FrontPage Remote Procedure Call (RPC) protocol. Microsoft FrontPage was a web authoring tool that was discontinued almost two decades ago. However, the protocol for remote web authoring has lived on until now. Describing legacy protocols like RPC as "more susceptible to compromise," Microsoft will block them to prevent their use in Microsoft 365 clients. Finally, third-party apps will need administrator consent to access files and sites. Microsoft said: "Users allowing third-party apps to access file and site content can lead to overexposure of an organization's content. Requiring admins to consent to this access can help reduce overexposure." "While laudable, shifting consent to the administrator could disrupt some workflows," writes The Register's Richard Speed. "The Microsoft-managed App Consent Policies will be enabled, and users will be unable to consent to third-party applications accessing their files and sites by default. Need consent? A user will need to request an administrator to consent on their behalf."

Read more of this story at Slashdot.

An unwelcome plastic collar was removed from around the neck of a 2-year-old bear.

The evidence is stacking up that the drug is associated with a greater likelihood of heart problems.

The retrenchment on transgender rights is fueled by fear: fear of the future, fear of unfamiliar concepts, fear of not knowing one’s child.

SpaceX's Starship exploded on its test stand in South Texas ahead of an engine test, marking the fourth loss of a Starship this year. "In three previous test flights, the vehicle came apart or detonated during its flight," notes the Washington Post. No injuries were reported but the incident highlights ongoing technical challenges as SpaceX races to prove Starship's readiness for deep-space travel. From the report: In a post on the social media site X, SpaceX said that the explosion on the test stand, which could be seen for miles, happened at about 11 p.m. Central time. For safety reasons, the company had cleared personnel from around the site, and "all personnel are safe and accounted for," it said. The company is "actively working to safe the test site and the immediate surrounding area in conjunction with local officials," the post continued. "There are no hazards to residents in surrounding communities, and we ask that individuals do not attempt to approach the area while safing operations continue." Starship comprises two stages -- the Super Heavy booster, which has 33 engines, and the Starship spacecraft itself, which has six. Before Wednesday's explosion, the spacecraft was standing alone on the test stand, and not mounted on top of the booster, when it blew up. The engines are test-fired on the Starship before it's mounted on the booster. SpaceX had been hoping to launch within the coming weeks had the engine test been successful. [...] In a post on X, Musk said that preliminary data pointed to a pressure vessel that failed at the top of the rocket. You can watch a recording of the explosion on YouTube. SpaceX called the incident a "rapid unscheduled disassembly," which caught the attention of Slashdot reader hambone142. In a story submitted to the Firehose, they commented: "I worked for a major computer company whose power supplies caught on fire. We were instructed to cease saying that and instead say the power supply underwent a 'thermal event.' Gotta love it."

Read more of this story at Slashdot.

The policy says that ICE field offices are not subject to a federal law that allows members of Congress to make unannounced oversight visits to immigration facilities that “detain or otherwise house aliens.”

An anonymous reader quotes a report from Cybernews: Several collections of login credentials reveal one of the largest data breaches in history, totaling a humongous 16 billion exposed login credentials. The data most likely originates from various infostealers. Unnecessarily compiling sensitive information can be as damaging as actively trying to steal it. For example, the Cybernews research team discovered a plethora of supermassive datasets, housing billions upon billions of login credentials. From social media and corporate platforms to VPNs and developer portals, no stone was left unturned. Our team has been closely monitoring the web since the beginning of the year. So far, they've discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records. None of the exposed datasets were reported previously, bar one: in late May, Wired magazine reported a security researcher discovering a "mysterious database" with 184 million records. It barely scratches the top 20 of what the team discovered. Most worryingly, researchers claim new massive datasets emerge every few weeks, signaling how prevalent infostealer malware truly is. "This is not just a leak -- it's a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What's especially concerning is the structure and recency of these datasets -- these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale," researchers said. The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data. Most of the datasets were temporarily accessible through unsecured Elasticsearch or object storage instances. Key details to be aware of: - The records include billions of login credentials, often structured as URL, login, and password. - The datasets include both old and recent breaches, many with cookies, tokens, and metadata, making them especially dangerous for organizations without multi-factor authentication or strong credential practices. - Exposed services span major platforms like Apple, Google, Facebook, Telegram, GitHub, and even government services. - The largest dataset alone includes 3.5 billion records, while one associated with the Russian Federation has over 455 million; many dataset names suggest links to malware or specific regions. - Ownership of the leaked data is unclear, but its potential for phishing, identity theft, and ransomware is severe -- especially since even a - Basic cyber hygiene -- such as regularly updating strong passwords and scanning for malware -- is currently the best line of defense for users.

Read more of this story at Slashdot.

Lina Khan wants to overthrow “the autocrats of trade.”

Hackers have stolen hundreds of millions of dollars from cryptocurrency holders and disrupted major retailers by targeting outsourced call centers used by American corporations to reduce costs, WSJ reported Thursday. The attackers exploit low-paid call center workers through bribes and social engineering to bypass two-factor authentication systems protecting bank accounts and online portals. Coinbase faces potential losses of $400 million after hackers compromised data belonging to 97,000 customers by bribing call center workers in India with payments of $2,500. The criminals also used malicious tools that exploited vulnerabilities in Chrome browser extensions to collect customer data in bulk. TaskUs, which handled Coinbase support calls, shut down operations at its Indore, India facility and laid off 226 workers. Retail attacks targeted Marks & Spencer and Harrods with hackers impersonating corporate executives to pressure tech support workers into providing network access. The same technique compromised MGM Resorts systems in 2023. Call center employees typically possess sensitive customer information including account balances and recent transactions that criminals use to masquerade as legitimate company representatives.

Read more of this story at Slashdot.

Once nearly eradicated, the “old man’s disease” is back and suffocating younger miners. Federal cuts risk putting a solution further out of reach.

Google is using its expansive library of YouTube videos to train its AI models, including Gemini and the Veo 3 video and audio generator, CNBC reported Thursday. From the report: The tech company is turning to its catalog of 20 billion YouTube videos to train these new-age AI tools, according to a person who was not authorized to speak publicly about the matter. Google confirmed to CNBC that it relies on its vault of YouTube videos to train its AI models, but the company said it only uses a subset of its videos for the training and that it honors specific agreements with creators and media companies. [...] YouTube didn't say how many of the 20 billion videos on its platform or which ones are used for AI training. But given the platform's scale, training on just 1% of the catalog would amount to 2.3 billion minutes of content, which experts say is more than 40 times the training data used by competing AI models.

Read more of this story at Slashdot.

Simon Willison, commenting on the recent paper from Apple researchers that found state-of-the-art large language models face complete performance collapse beyond certain complexity thresholds: I thought this paper got way more attention than it warranted -- the title "The Illusion of Thinking" captured the attention of the "LLMs are over-hyped junk" crowd. I saw enough well-reasoned rebuttals that I didn't feel it worth digging into. And now, notable LLM skeptic Gary Marcus has saved me some time by aggregating the best of those rebuttals together in one place! [...] And therein lies my disagreement. I'm not interested in whether or not LLMs are the "road to AGI". I continue to care only about whether they have useful applications today, once you've understood their limitations. Reasoning LLMs are a relatively new and interesting twist on the genre. They are demonstrably able to solve a whole bunch of problems that previous LLMs were unable to handle, hence why we've seen a rush of new models from OpenAI and Anthropic and Gemini and DeepSeek and Qwen and Mistral. They get even more interesting when you combine them with tools. They're already useful to me today, whether or not they can reliably solve the Tower of Hanoi or River Crossing puzzles.

Read more of this story at Slashdot.

Apple software chief Craig Federighi has ruled out bringing macOS to the iPad, amusingly using a kitchen utensil analogy to explain the company's design philosophy. "We don't want to create a boat car or, you know, a spork," Federighi said in an interview. "Someone said, 'If a spoon's great, a fork's great, then let's combine them into a single utensil, right?' It turns out it's not a good spoon and it's not a good fork. It's a bad idea. And so we don't want to build sporks." The new version of iPadOS, which will ship to consumers later this year, features dynamically resizable windows that users can drag by their corners and a menu bar that is accessible through swipe gestures or cursor movement. Some observers might consider the iPad Pro itself a "convertible" product that blurs the line between tablet and laptop, he said. However, the Mac and iPad serve distinct purposes, he asserted. "The Mac lets the iPad be iPad," he said adding that Apple's objective "has not been to have iPad completely displace those places where the Mac is the right tool for the job." Rather than full convergence, Federighi said the iPad "can be inspired by elements of the Mac" while remaining a separate platform. "I think the Mac can be inspired by elements of iPad, and I think that that's happened a great deal."

Read more of this story at Slashdot.

Margaret Mitchell, chief ethics scientist at Hugging Face and founder of Google's responsible AI team, has dismissed artificial general intelligence as "just vibes and snake oil." Mitchell, who was ousted from Google in 2021, has co-written a paper arguing that AGI should not serve as a guiding principle for the AI industry. Mitchell contends that both "intelligence" and "general" lack clear definitions in AI contexts, creating what she calls an "illusion of consensus" that allows technologists to pursue any development path under the guise of progress toward AGI. "But as for now, it's just like vibes, vibes and snake oil, which can get you so far. The placebo effect works relatively well," she told FT in an interview. She warns that current AI advancement is creating a "massive rift" between those profiting from the technology and workers losing income as their creative output gets incorporated into AI training data.

Read more of this story at Slashdot.

Pouria Amirshahi, a leftist member of Parliament, hopes that the decision will be reversed so that he can travel to meet lawmakers to understand life under President Trump.

Officials ordered a huge cleanup effort after videos of the mountains of garbage spread widely online.

Taiwan, which makes most of the world’s advanced computer chips, relies almost entirely on imported energy.

When it comes to artificial intelligence, more intensive computing uses more energy, producing more greenhouse gases.

The nation’s key program for retiree benefits continues to see financing shortfalls. Unless Congress acts, those drops could lead to payment cuts in eight years.

An anonymous reader quotes a report from Ars Technica: Tech support scammers have devised a method to inject their fake phone numbers into webpages when a target's web browser visits official sites for Apple, PayPal, Netflix, and other companies. The ruse, outlined in a post on Wednesday from security firm Malwarebytes, threatens to trick users into calling the malicious numbers even when they think they're taking measures to prevent falling for such scams. One of the more common pieces of security advice is to carefully scrutinize the address bar of a browser to ensure it's pointing to an organization's official website. The ongoing scam is able to bypass such checks. The unknown actors behind the scam begin by buying Google ads that appear at the top of search results for Microsoft, Apple, HP, PayPal, Netflix, and other sites. While Google displays only the scheme and host name of the site the ad links to (for instance, https://www.microsoft.com/ the ad appends parameters to the path to the right of that address. When a target clicks on the ad, it opens a page on the official site. The appended parameters then inject fake phone numbers into the page the target sees. Google requires ads to display the official domain they link to, but the company allows parameters to be added to the right of it that aren't visible. The scammers are taking advantage of this by adding strings to the right of the hostname. The parameters aren't displayed in the Google ad, so a target has no obvious reason to suspect anything is amiss. When clicked on, the ad leads to the correct hostname. The appended parameters, however, inject a fake phone number into the webpage the target sees. The technique works on most browsers and against most websites. Malwarebytes.com was among the sites affected until recently, when the site began filtering out the malicious parameters.

Read more of this story at Slashdot.