The UK government paid consulting firm PwC $5.65 million to build its new AI Skills Hub, a site meant to help 10 million workers gain AI skills by 2030 that functions largely as a bookmarking service, directing users to external training courses that already existed before the contract was awarded.

The hub links to platforms like Salesforce's free Trailhead learning system rather than offering original educational content. PwC has acknowledged the site does not fully meet accessibility standards. The platform also contains factual errors in its course on AI and intellectual property, which references "fair use" -- a legal doctrine specific to the U.S. -- rather than the UK's "fair dealing" framework.

Earlier this month, the media site Press Gazette reported that now Google "is increasingly prioritising AI summaries, X posts and Youtube videos" on its "Discover" feed (which appears on the leftmost homescreen page of many Android phones and the Google app's homepage).

"The changes could be devastating for publishers who rely heavily on Discover for referral traffic. And it looks set to accelerate a global trend of declining traffic to publishers from both Google search and Discover." Xavi Beumala from website analytics platform Marfeel warned in a research update: "Google Discover is no longer a publisher-first surface. It's becoming an AI platform with YouTube and X absorbing real estate that once went to newsrooms..." [They warn later that "This is not a marginal UI experiment. It is a reallocation of feed real estate away from links and toward inline Youtube plays and generated summaries."] Google says it prioritises "helpful, reliable, people-first content". Unlike Google News, there is no requirement that Google Discover showcases bona fide publisher websites.

In recent months fake news stories published by fraudulent website publishers have been promoted on Google Discover, reaping tens of millions of clicks. Google said it was working on a "fix" for this issue...

Facebook, Instagram and Tiktok content may also start flowing into the Discover feed in future. When Google announced the addition of posts from X, Instagram and Youtube Shorts in September, it said there would be "more platforms to come".

An anonymous reader shared this report from The Verge: In early December, I brought you the news that Google has begun replacing Verge headlines, and those of our competitors, with AI clickbait nonsense in its content feed [which appears on the leftmost homescreen page of many Android phones and the Google app's homepage]. Google appeared to be backing away from the experiment, but now tells The Verge that its AI headlines in Google Discover are a feature, one that "performs well for user satisfaction." I once again see lots of misleading claims every time I check my phone...

For example, Google's AI claimed last week that "US reverses foreign drone ban," citing and linking to this PCMag story for the news. That's not just false — PCMag took pains to explain that it's false in the story that Google links to...! What does the author of that PCMag story think? "It makes me feel icky," Jim Fisher tells me over the phone. "I'd encourage people to click on stories and read them, and not trust what Google is spoon-feeding them." He says Google should be using the headline that humans wrote, and if Google needs a summary, it can use the ones that publications already submit to help search engines parse our work.

Google claims it's not rewriting headlines. It characterizes these new offerings as "trending topics," even though each "trending topic" presents itself as one of our stories, links to our stories, and uses our images, all without competent fact-checking to ensure the AI is getting them right... The AI is also no longer restricted to roughly four words per headline, so I no longer see nonsense headlines like "Microsoft developers using AI" or "AI tag debate heats." (Instead, I occasionally see tripe like "Fares: Need AAA & AA Games" or "Dispatch sold millions; few avoided romance.")

But Google's AI has no clue what parts of these stories are new, relevant, significant, or true, and it can easily confuse one story for another. On December 26th, Google told me that "Steam Machine price & HDMI details emerge." They hadn't. On January 11th, Google proclaimed that "ASUS ROG Ally X arrives." (It arrived in 2024; the new Xbox Ally arrived months ago.) On January 20th, it wrote that "Glasses-free 3D tech wows," introducing readers to "New 3D tech called Immensity from Leia" — but linking to this TechRadar story about an entirely different company called Visual Semiconductor...

Google declined our request for an interview to more fully explain the idea.
The site Android Police spotted more inaccurate headlines in December: A story from 9to5Google, which was actually titled 'Don't buy a Qi2 25W wireless charger hoping for faster speeds — just get the 'slower' one instead' was retitled as 'Qi2 slows older Pixels.' Similarly, Ars Technica's 'Valve's Steam Machine looks like a console, but don't expect it to be priced like one' was changed to 'Steam Machine price revealed.' At the time, we believed that the inaccuracies were due to the feature being unstable and in early testing.... Now, Google has stopped calling Discover replacing human-written headlines as an "experiment."
"Google buries a 'Generated with AI, which can make mistakes' message under the 'See more' button in the summary," reports 9to5Google, "making it look like this is the publisher's intended headline." While it is obvious that Google has refined this feature over the past couple of months, it doesn't take long to still find plenty of misleading headlines throughout Discover... Another article from NotebookCheck about an Anker power bank with a retractable cable was given a headline that's about another product entirely. A pair of headlines from Tom's Hardware and PCMag, meanwhile, show the two sides of using AI for this purpose. The Tom's Hardware headline, "Free GPU & Amazon Scams," isn't representative of the actual article, which is about someone who bought a GPU from Amazon, canceled their order, and the retailer shipped it anyway. There's nothing about "Amazon Scams" in the article.

Cointelegraph, once one of the most-visited cryptocurrency news sites, has seen its monthly traffic plummet from roughly 8 million visits to 1.4 million -- an 80% drop in three months -- after Google issued a manual penalty in October 2025 for the outlet's partnership with a blackhat SEO firm that used Cointelegraph's domain authority to promote affiliate links to offshore casinos and betting platforms.

The CEO, who had no prior media experience, proceeded despite warnings from Google earlier in 2025 and repeated objections from the outlet's three most senior editorial staff members throughout the year. The penalty removed Cointelegraph from Google News, Discover and search results entirely; a search for "Cointelegraph" now returns CoinDesk as the top result. Jon Rice, the former editor-in-chief, resigned on December 31st and described the situation as an "existential threat to business."

The European Commission "has opened a public call for evidence on European open digital ecosystems," writes Help Net Security, part of preparations for an upcoming Communication "that will examine the role of open source in EU's digital infrastructure." The consultation runs from January 6 to February 3, 2026. Submissions will be used to shape a Commission Communication addressed to the European Parliament, the Council, and other EU bodies, which is scheduled for publication in the first quarter of 2026... The call for evidence links Europe's reliance on digital technologies developed outside the EU to concerns over long term control of infrastructure and software supply chains... Open digital ecosystems are discussed in the context of technological sovereignty and the use of technologies that can be inspected, adapted, and shared.
Long-time Slashdot reader Elektroschock describes it as the European Commission "stepping up its efforts behind open-source software" Building on President von der Leyen's political guidelines, the initiative will review the Commission's 2020-2023 open-source approach and set out concrete actions to strengthen Europe's open-source ecosystem across key areas such as cloud, AI, cybersecurity and industrial technologies. The strategy will be presented alongside the upcoming Cloud and AI Development Act, forming a broader policy package aimed at reducing strategic dependencies and boosting Europe's digital resilience.
And "In just a few days, over 370 submissions have already been filed, indicating that the issue is touching a nerve across the EU," writes CyberNews.com: "Europe must regain control over its software supply chain to safeguard freedom, security, and innovation," suggests an individual from Slovakia. Similar perspectives appear to be widely shared among respondents...

The document doesn't mention US tech giants specifically, but rather aims to support tech sovereignty and seek "digital solutions that are valid alternatives to proprietary ones...."

"This is not a legislative initiative. The strategy will take the form of a Commission communication. The initiative will set out a general approach and will propose: actions relying on further commitments and an implementation process," the EC explains. Policymakers expect the strategy to help EU member states identify the necessary steps to support national open-source companies and communities.

At the AI safety site Foom, science journalist Mordechai Rorvig explores a paper presented at November's Empirical Methods in Natural Language Processing conference: [R]esearchers at the Swiss Federal Institute of Technology (EPFL), the Massachusetts Institute of Technology (MIT), and Georgia Tech revisited earlier findings that showed that language models, the engines of commercial AI chatbots, show strong signal correlations with the human language network, the region of the brain responsible for processing language... The results lend clarity to the surprising picture that has been emerging from the last decade of neuroscience research: That AI programs can show strong resemblances to large-scale brain regions — performing similar functions, and doing so using highly similar signal patterns.

Such resemblances have been exploited by neuroscientists to make much better models of cortical regions. Perhaps more importantly, the links between AI and cortex provide an interpretation of commercial AI technology as being profoundly brain-like, validating both its capabilities as well as the risks it might pose for society as the first synthetic braintech. "It is something we, as a community, need to think about a lot more," said Badr AlKhamissi, doctoral student in computer science at EPFL and first author of the preprint, in an interview with Foom. "These models are getting better and better every day. And their similarity to the brain [or brain regions] is also getting better — probably. We're not 100% sure about it...."

There are many known limitations with seeing AI programs as models of brain regions, even those that have high signal correlations. For example, such models lack any direct implementations of biochemical signalling, which is known to be important for the functioning of nervous systems. However, if such comparisons are valid, then they would suggest, somewhat dramatically, that we are increasingly surrounded by a synthetic braintech. A technology not just as capable as the human brain, in some ways, but actually made up of similar components.
Thanks to Slashdot reader Gazelle Bay for sharing the article.

Bloomberg reports on Amazon listings "automatically generated by an experimental AI tool" for stores that don't sell on Amazon.

Bloomberg notes that the listings "didn't always correspond to the correct product", leaving the stores to handle the complaints from angry customers: Between the Christmas and New Year holidays, small shop owners and artisans who had found their products listed on Amazon took to social media to compare notes and warn their peers... In interviews, six small shop owners said they found themselves unwittingly selling their products on Amazon's digital marketplace. Some, especially those who deliberately avoided Amazon, said they should have been asked for their consent. Others said it was ironic that Amazon was scouring the web for products with AI tools despite suing Perplexity AI Inc.for using similar technology to buy products on Amazon... Some retailers say the listings displayed the wrong product image or mistakenly showed wholesale pricing. Users of Shopify Inc.'s e-commerce tools said the system flagged Amazon's automated purchases as potentially fraudulent...

In a statement, Amazon spokesperson Maxine Tagay said sellers are free to opt out. Two Amazon initiatives — Shop Direct, which links out to make purchases on other retailers' sites, and Buy For Me, which duplicates listings and handles purchases without leaving Amazon — "are programs we're testing that help customers discover brands and products not currently sold in Amazon's store, while helping businessesâreach new customers and drive incremental sales," she said in an emailed statement. "We have received positive feedback on these programs." Tagay didn't say why the sellers were enrolled without notifying them. She added that the Buy For Me selection features more than 500,000 items, up from about 65,000 at launch in April.
The article includes quotes from the owners of affected businesses.

• A one-person company complained that "If suddenly there were 100 orders, I couldn't necessarily manage. When someone takes your proprietary, copyrighted works, I should be asked about that. This is my business. It's not their business."

• One business owner said "I just don't want my products on there... It's like if Airbnb showed up and tried to put your house on the market without your permission."

• One business owner complained "When things started to go wrong, there was no system set up by Amazon to resolve it. It's just 'We set this up for you, you should be grateful, you fix it.'" One Amazon representative even suggested they try opening a $39-a-month Amazon seller account.

An anonymous reader quotes a report from Wired: Google is putting even more generative AI tools into Gmail as part of its goal to further personalize user inboxes and streamline searches. On Thursday, the company announced a new "AI Inbox" tab, currently in a beta testing phase, that reads every message in a user's Gmail and suggests a list of to-dos and key topics, based on what it summarizes. In Google's example of what this AI Inbox could look like in Gmail, the new tab takes context from a user's messages and suggests they reschedule their dentist appointment, reply to a request from their child's sports coach, and pay an upcoming fee before the deadline. Also under the AI Inbox tab is a list of important topics worth browsing, nestled beneath the action items at the top. Each suggested to-do and topic links back to the original email for more context and for verification.

[...] For users who are concerned about their privacy, the information Google gleans by skimming through inboxes will not be used to improve the company's foundational AI models. "We didn't just bolt AI onto Gmail," says Blake Barnes, who leads the project for Google. "We built a secure privacy architecture, specifically for this moment." He emphasizes that users can turn off Gmail's new AI tools if they don't want them. At the same time Google announced its AI Inbox, the company made free for all Gmail users multiple Gemini features that were previously available only to paying subscribers. This includes the Help Me Write tool, which generates emails from a user prompt, as well as AI Overviews for email threads, which essentially posts a TL;DR summary at the top of long message threads. Subscribers to Google's Ultra and Pro plans, which start at $20 a month, get two additional new features in their Gmail inbox. First, an AI proofreading tool that suggests more polished grammar and sentence structures. And second, an AI Overviews tool that can search your whole inbox and create relevant summaries on a topic, rather than just summarizing a single email thread.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission plans to authorize a new category of wireless devices in the 6 GHz Wi-Fi band that will be permitted to operate at higher power levels than currently allowed. The FCC will also consider authorizing higher power levels for certain wireless devices that are only allowed to operate indoors. The FCC said it scheduled a vote for its January 29 meeting on an order "to create a new category of unlicensed devices... that can operate outdoors and at higher power than previously authorized devices." These so-called Geofenced variable power (GVP) devices operating on the 6 GHz band will "support high data rates suitable for AR/VR, short-range hotspots, automation, and indoor navigation," and "overcome limitations of previous device classes by allowing higher power and outdoor mobility," the FCC said. They will be required to work with geofencing systems to avoid interference with fixed microwave links and radio astronomy observatories.

FCC Chairman Brendan Carr attributed the FCC's planned action to President Trump in a press release titled, "President Trump Unleashes American Innovation With 6 GHz Win." That's consistent with Carr's relatively new stance that the FCC takes orders from the president, despite his insisting during the Biden era that the FCC must operate independently from the White House. While many of Carr's regulatory decisions have been criticized by consumer advocates, the 6 GHz action is an exception. Michael Calabrese, of New America's Open Technology Institute, told Ars that "increasing the power levels for Wi-Fi connections to peripheral devices such as AR/VR is a big win for consumers" and a change that has been "long advocated by the Wi-Fi community."

Carr said that the FCC "will vote on an order that expands unlicensed operations in the 6 GHz band so that consumers can benefit from better, faster Wi-Fi and an entirely new generation of wireless devices -- from AR/VR and IoT to a range of innovative smart devices. [It] will do so through a set of forward-looking regulations that allow devices to operate at higher power while protecting incumbent users, including through geofencing systems." [...] A draft of the order said the planned "additional power will enable composite standard-power/LPI access points to increase indoor coverage and provide more versatility to American consumers." The FCC will also seek comment on a proposal to authorize LPI access points on cruise ships.

Capita, the UK outsourcer that won a $323 million contract to administer the nation's Civil Service Pension Scheme for 1.7 million members, has responded to a disastrous portal launch by asking users to hold off on complaints until its new AI chatbots go live.

The service launched on December 1 and immediately ran into problems including unrecognized passwords, broken links and placeholder text scattered across unfinished pages. In a December 17 email to members, The Register reports today, managing director Chris Clements said Capita was "working tirelessly" and promised "one of the biggest services in the United Kingdom with AI at its core" by March.

He asked users whose enquiries were not urgent to wait until the new year before contacting support again.

A new sweeping meta-analysis has found no reliable link between economic inequality and well-being or mental health, challenging a long-held assumption that has shaped public health policy discussions for decades. The study, led by Nicolas Sommet at the University of Lausanne and Annahita Ehsan at the University of British Columbia, synthesized 168 studies involving more than 11 million participants across most world regions. The researchers screened thousands of scientific papers and contacted hundreds of researchers to compile the dataset, extracting more than 100 study features from each paper and linking them to more than 500 World Bank indicators.

They also replicated their findings using Gallup World Poll data spanning 2005 to 2021, which surveyed more than two million respondents from more than 150 countries. People living in more economically unequal places did not, on average, report lower life satisfaction or happiness than those in more equal places. The average effect across studies was not statistically significant and was practically equivalent to zero. Studies that did find links between inequality and poorer mental health turned out to reflect publication bias, where small, noisy studies reporting larger effects were over-represented in the literature. The study adds: Further analyses showed that the near-zero averages conceal more-complex patterns. Greater income inequality was associated with lower well-being in high-inflation contexts and, surprisingly, higher well-being in low-inflation contexts. Greater inequality was also associated with poorer mental health in studies in which the average income was lower. We conclude that inequality is a catalyst that amplifies other determinants of well-being and mental health (such as inflation and poverty) but on its own is not a root cause of negative effects on well-being and mental health.

An anonymous reader quotes a report from Cyber Press: A newly uncovered Chinese threat group, DarkSpectre, has been linked to one of the most widespread browser-extension malware operations to date, compromising more than 8.8 million users of Chrome, Edge, Firefox, and Opera over the past seven years. According to research by Koi.ai, the group operates three interconnected campaigns: ShadyPanda, GhostPoster, and a newly identified one named The Zoom Stealer, forming a single, strategically organized operation.

DarkSpectre's structure differs from that of ordinary cybercrime operations. The group runs separate but interconnected malware clusters, each with distinct goals. The ShadyPanda campaign, responsible for 5.6 million infections, focuses on long-term user surveillance and e-commerce affiliate fraud. Its extensions have appeared legitimate for years, offering new tab pages and translation utilities, before secretly downloading malicious configurations from command-and-control servers such as jt2x.com and infinitynewtab.com. Once activated, they inject remote scripts, hijack search results, and track browsing activity.

The second campaign, GhostPoster, spreads via Firefox and Opera extensions that conceal malicious payloads in PNG images via steganography. After lying dormant for several days, the extensions extract and execute JavaScript hidden within images, enabling stealthy remote code execution. This campaign has affected over one million users and relies on domains like gmzdaily.com and mitarchive.info for payload delivery.

The most recent discovery, The Zoom Stealer, exposes around 2.2 million users to corporate espionage. These extensions masquerade as productivity tools or video downloaders while secretly harvesting corporate meeting links, credentials, and speaker profiles from more than 28 video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The extensions use real-time WebSocket connections to exfiltrate data to Firebase databases, such as zoocorder.firebaseio.com, and to Google Cloud functions, such as webinarstvus.cloudfunctions.net.

Finnish authorities on Wednesday seized a vessel suspected of severing an undersea telecommunications cable that connects Helsinki to Tallinn by dragging its anchor across the Gulf of Finland, the latest in a string of infrastructure incidents that have put Baltic Sea nations on edge since Russia's 2022 invasion of Ukraine.

Police are investigating the case as aggravated criminal damage and have not disclosed the ship's name, nationality or details about its crew. The cable belongs to Finnish telecoms group Elisa. Estonia's justice ministry reported that a second telecoms cable connecting the two countries -- owned by Sweden's Arelion -- also went down on Wednesday. This follows Finland's December 2024 boarding of the Russian-linked oil tanker Eagle S, which investigators said damaged a power cable and multiple telecoms links using the same anchor-dragging method. A Finnish court in October dismissed criminal charges against the Eagle S crew after prosecutors failed to prove intent.

A study by a Singapore government agency has found that children exposed to high levels of screen time before age two showed brain development changes linked to slower decision-making and higher anxiety in adolescence, adding to concerns about early digital exposure. From a report: The study was conducted by a team within the country's Agency for Science, Technology and Research and the National University of Singapore, and published in The Lancet's eBioMedicine open access journal. It tracked 168 children for more than a decade, and conducted brain scans on them at three time points. Heavier screen exposure among very young children was associated with "accelerated maturation of brain networks" responsible for vision and cognitive control, the study found.

The researchers suggested this may have been the result of "intense sensory stimulation that screens provide." They found that screen time measured at ages three and four, however, did not show the same effects. Those children with "altered brain networks" took longer to make decisions when they were 8.5, and also had higher anxiety symptoms at age 13, the study said.

An anonymous reader quotes a report from Ars Technica: The nervous system does an astonishing job of tracking sensory information, and does so using signals that would drive many computer scientists insane: a noisy stream of activity spikes that may be transmitted to hundreds of additional neurons, where they are integrated with similar spike trains coming from still other neurons. Now, researchers have used spiking circuitry to build an artificial robotic skin, adopting some of the principles of how signals from our sensory neurons are transmitted and integrated. While the system relies on a few decidedly not-neural features, it has the advantage that we have chips that can run neural networks using spiking signals, which would allow this system to integrate smoothly with some energy-efficient hardware to run AI-based control software.

[...] There are four ways that these trains of spikes can convey information: the shape of an individual pulse, through their magnitude, through the length of the spike, and through the frequency of the spikes. Spike frequency is the most commonly used means of conveying information in biological systems, and the researchers use that to convey the pressure experienced by a sensor. The remaining forms of information are used to create something akin to a bar code that helps identify which sensor the reading came from. In addition to registering the pressure, the researchers had each sensor send a "I'm still here" signal at regular time intervals. Failure to receive this would be an indication that something has gone wrong with a sensor.

The spiking signals allow the next layer of the system to identify any pressure being experienced by the skin, as well as where it originated. This layer can also do basic evaluation of the sensory input: "Pressure-initiated raw pulses from the pulse generator accumulated in the signal cache center until a predefined pain threshold is surpassed, activating a pain signal." This can allow the equivalent of basic reflex reactions that don't involve higher-level control systems. For example, the researchers set up a robotic arm covered with their artificial skin, and got it to move the arm whenever it experiences pressure that can cause damage. The second layer also combines and filters signals from the skin before sending the information on to the arm's controller, which is the equivalent of the brain in this situation. So, the same system caused a robotic face to change expressions based on how much pressure its arm was sensing.

[...] The skin is designed to be assembled from a collection of segments that can snap together using magnetic interlocks. These automatically link up any necessary wiring, and each segment of skin broadcasts a unique identity code. So, if the system identifies damage, it's relatively easy for an operator to pop out the damaged segment and replace it with fresh hardware, and then update any data that links the new segment's ID with its location. The researchers call their development a neuromorphic robotic e-skin, or NRE-skin. "Neuromorphic" as a term is a bit vague, with some people using it to mean a technology that directly follows the principles used by the nervous system. That's definitely not this skin. Instead, it uses "neuromorphic" far more loosely, with the operation of the nervous system acting as an inspiration for the system.The findings have been published in the journal PNAS.

Apple has agreed to a settlement with Brazil's antitrust regulator that will require the company to allow third-party app stores on iPhones and permit developers to direct users to external payment options, marking another country where Apple's tightly controlled App Store model is being pried open by government action.

Brazil's Administrative Council of Economic Defense approved the settlement this week, resolving an investigation that began in 2022 into whether Apple's restrictions on app distribution and payments limited competition. Under the new rules, developers can offer third-party payment methods within their apps alongside Apple's own system. The fee structure varies: purchases through Apple's system remain subject to a 10% or 25% commission plus a 5% transaction fee. Apps that include a clickable link to external payment will face a 15% fee, while static text directing users elsewhere incurs no charge. Third-party app stores will pay a 5% Core Technology Commission.

The Justice Department justified its delayed release of sensitive files by citing the need to carefully redact information that could identify victims, but at least some of those redactions have proven to be technically ineffective and can be bypassed by simply copying and pasting the blacked-out text into a new document.

A 2022 complaint filed by the US Virgin Islands seeking damages from Jeffrey Epstein's estate appeared on the DOJ's "Epstein Library" website with black boxes throughout. Techdirt founder Mike Masnick and others shared on Bluesky that the redactions could be trivially circumvented. The exposed text includes allegations that a co-executor signed over $400,000 in foundation checks "payable to young female models and actresses, including a former Russian model," and details about an immigration lawyer allegedly "involved in one or more forced marriages arranged among Epstein's victims."

Separately, Drop Site News was also apparently able to guess URLs of files not yet published by extrapolating the format.

The Danish government has accused Russia of being behind two "destructive and disruptive" cyberattacks in what it describes as "very clear evidence" of a hybrid war. From a report: The Danish Defence Intelligence Service (DDIS) announced on Thursday that Moscow was behind a cyberattack on a Danish water utility in 2024 and a series of distributed denial-of-service (DDoS) attacks on Danish websites in the lead-up to the municipal and regional council elections in November.

The first, it said, was carried out by the pro-Russian group known as Z-Pentest and the second by NoName057(16), which has links to the Russian state. "The Russian state uses both groups as instruments of its hybrid war against the west," DDIS said in a statement. "The aim is to create insecurity in the targeted countries and to punish those that support Ukraine. Russia's cyber operations form part of a broader influence campaign intended to undermine western support for Ukraine." It added: "The DDIS assesses that the Danish elections were used as a platform to attract public attention -- a pattern that has been observed in several other European elections."

An anonymous reader quotes a report from KrebsOnSecurity: Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware. When Internet users try to visit expired domain names or accidentally navigate to a lookalike "typosquatting" domain, they are typically brought to a placeholder page at a domain parking company that tries to monetize the wayward traffic by displaying links to a number of third-party websites that have paid to have their links shown.

A decade ago, ending up at one of these parked domains came with a relatively small chance of being redirected to a malicious destination: In 2014, researchers found (PDF) that parked domains redirected users to malicious sites less than five percent of the time -- regardless of whether the visitor clicked on any links at the parked page. But in a series of experiments over the past few months, researchers at the security firm Infoblox say they discovered the situation is now reversed, and that malicious content is by far the norm now for parked websites. "In large scale experiments, we found that over 90% of the time, visitors to a parked domain would be directed to illegal content, scams, scareware and anti-virus software subscriptions, or malware, as the 'click' was sold from the parking company to advertisers, who often resold that traffic to yet another party," Infoblox researchers wrote in a paper published today.

Apple has announced a sweeping set of changes to iOS in Japan that will allow alternative app marketplaces, third-party payment processing, and non-WebKit browser engines -- all to comply with Japan's Mobile Software Competition Act, which takes effect December 18. The changes, now available in iOS 26.2, bear a strong resemblance to Apple's compliance measures for the European Union's Digital Markets Act but differ in key ways.

Japanese developers who want to offer alternative payment options must display them alongside Apple's in-app purchase system, giving users a choice at checkout rather than replacing Apple's option entirely. Apps cannot be distributed directly from websites as they can in the EU; they must go through an authorized marketplace.

Apple has established a tiered fee structure for the new arrangements. Apps distributed through the App Store using in-app purchase will pay between 15 and 26% depending on whether developers qualify for the Small Business Program. Alternative payment processing drops the 5% payment fee but keeps the base commission. Apps distributed outside the App Store pay a flat 5% Core Technology Commission on digital goods and services.

The company introduced several user-facing changes beyond app distribution. iPhone users in Japan will see browser and search engine choice screens during device setup, can assign third-party voice assistants to the side button, and can select alternative default navigation apps. Apple said it worked closely with Japanese regulators on protections for younger users. Apps in the Kids category cannot link to external websites for purchases, and users under 13 cannot access web links for transactions in any app.

An Apple spokesperson told Bloomberg that the company has no plans to extend these changes to other markets.