"The U.S. is absolutely facing the most serious Chinese hacking ever." That's what the Washington Post was told by a China-focused consultant at security company SentinelOne: Undeterred by recent indictments alleging widespread cyberespionage against American agencies, journalists and infrastructure targets, Chinese hackers are hitting a wider range of targets and battling harder to stay inside once detected, seven current and former U.S. officials said in interviews. Hacks from suspected Chinese government actors detected by the security firm CrowdStrike more than doubled from 2023 to more than 330 last year and continued to climb as the new administration took over, the company said... Although the various Chinese hacking campaigns seem to be led by different government agencies and have different goals, all benefit from new techniques and from Beijing's introduction of a less constrained system for cyber offense, the officials and outside researchers told The Washington Post... Chinese intelligence, military and security agencies previously selected targets and tasked their own employees with breaking in, they said. But the Chinese government decided to take a more aggressive approach by allowing private industry to conduct cyberattacks and hacking campaigns on their own, U.S. officials said.

The companies are recruiting top hackers who discover previously unknown, or "zero-day," flaws in software widely used in the United States. Then the companies search for where the vulnerable programs are installed, hack a great many of them at once, and then sell access to multiple Chinese government customers and other security companies. That hacking-for-hire approach creates hundreds of U.S. victims instead of a few, making it hard to block attacks and to decide which were China's key targets and which were unintentionally caught in the hacks, an FBI official said, speaking on the condition of anonymity to follow agency practices... "The result of that incentive structure is that there is significantly more hacking...."

China has mastered the ability to move undetected through networks of compromised U.S. devices, so that the final connection to a target appears to be an ordinary domestic connection. That makes it easy to get around technology that blocks overseas links and puts it outside the purview of the National Security Agency, which by law must avoid scrutinizing most domestic transmissions. Beijing is increasingly focused on hacking software and security vendors that provide access to many customers at once, the FBI official said. Once access is obtained, the hackers typically add new email and collaboration accounts that look legitimate... Beyond the increased government collaboration with China's private security sector is occasional collaborating with criminal groups, said Ken Dunham, an analyst at the security firm Qualys.
The article notes that China's penetration of U.S. telecom carriers "is still not fully contained, according to the current and former officials." But in addition, the group behind that attack "has more recently shown up inside core communications infrastructure in Europe, according to John Carlin, a former top national security official in the Justice Department who represents some U.S. victims of the group." And documents leaked last year from a security contractor that works with the Chinese military and other government groups "described contracts and targets in 20 countries, with booty including Indian immigration data, logs of calls in South Korea, and detailed information on roads in Taiwan.

"It also detailed prices for some services, such as $25,000 for promised remote access to an iPhone, payment disputes with government customers and employee gripes about long hours..."

The Verge's Emma Roth reports: The News/Media Alliance, a trade association behind major news publishers, announced that it has "successfully secured" the removal of 12ft.io, a website that helped users bypass paywalls online. The trade association says 12ft.io's webhost took down the site on July 14th "following the News/Media Alliance's efforts." 12ft.io -- or 12 Foot Ladder -- also allowed users to view webpages without ads, trackers, or pop-ups by disguising a user's browser as a web crawler, giving them unfettered access to a webpage's contents. Software engineer Thomas Millar says he created the site when he realized "8 of the top 10 links on Google were paywalled" when doing research during the pandemic. [...]

In its announcement, News/Media Alliance says 12ft.io "offered illegal circumvention technology" that allowed users to access copyrighted content without paying for it. The organization adds that it will take "similar actions" against other sites that let users get around paywalls. The News Media Alliance recently called Google's AI Mode "theft." (Like many chatbots, Google's AI Mode eliminates the need to visit a website, starving publishers of the pageviews they need to be compensated for their work.) "Publishers commit significant resources to creating the best and most informative content for consumers, and illegal tools like 12ft.io undermine their ability to financially support that work through subscriptions and ad revenue," News/Media Alliance president and CEO Danielle Coffey said in the press release. "Taking down paywall bypassers is an essential part of ensuring we have a healthy and sustainable information ecosystem."

An anonymous reader quotes a report from TorrentFreak: Internet service providers BT, Virgin Media, Sky, TalkTalk, EE, and Plusnet account for the majority of the UK's residential internet market and as a result, blocking injunctions previously obtained at the High Court often list these companies as respondents. These so-called "no fault' injunctions stopped being adversarial a long time ago; ISPs indicate in advance they won't contest a blocking order against various pirate sites, and typically that's good enough for the Court to issue an order with which they subsequently comply. For more than 15 years, this has led to blocking being carried out as close to users as possible, with ISPs' individual blocking measures doing the heavy lifting. A new wave of blocking targeting around 200 pirate site domains came into force yesterday but with the unexpected involvement of a significant new player.

In the latest wave of blocking that seems to have come into force yesterday, close to 200 pirate domains requested by the Motion Picture Association were added to one of the longest pirate site blocking lists in the world. The big change is the unexpected involvement of Cloudflare, which for some users attempting to access the domains added yesterday, displays the [Error 451 -- Unavailable for Legal Reasons] notice ... As stated in the notice, Error 451 is returned when a domain is blocked for legal reasons, in this case reasons specific to the UK. [...] In this case there's no indication of who requested the blocking order, or the authority that issued it. However, from experience we know that the request was made by the studios of the Motion Picture Association and for the same reason the High Court in London was the issuing authority. [...] The issue lies with dynamic injunctions; while a list of domains will appear in the original order (which may or may not be made available), when the MPA concludes that other domains that appear subsequently are linked to the same order, those can be blocked too, but the details are only rarely made public.

From information obtained independently, one candidate is an original order obtained in December 2022 which requested blocking of domains with well known pirate brands including 123movies, fmovies, soap2day, hurawatch, sflix, and onionplay. This leads directly to another unusual issue. The notice linked from Cloudflare doesn't directly concern Cloudflare. The studios sent the notice to Google after Google agreed to voluntarily remove those domains from its search indexes, if it was provided with a copy of relevant court orders. Notices like these were supplied and the domains were deindexed, and the practice has continued ever since. That raises questions about the nature of Cloudflare's involvement here and why it links to the order sent to Google; notices sent to Cloudflare are usually submitted to Lumen by Cloudflare itself. That doesn't appear to be the case here. "Domains blocked by Sky, BPI and others, don't appear to be affected," notes TorrentFreak. "All relate to sites targeted by the MPA, and the majority if not all trigger malware warnings of a very serious kind, either immediately upon visiting the sites, or shortly after."

"At least in the short term, if Cloudflare is blocking a domain in the UK, moving on is strongly advised."

Apple displayed a full-screen ad for "F1 The Movie" in its TV app that linked directly to a web browser for ticket purchases without showing warning screens that the company requires other developers to include when directing users outside their apps.

The "Buy Tickets" button sent users to the F1 movie website in their default browser without confirmation dialogs or interstitial warnings. Apple mandates that third-party developers show scare sheets when linking out of apps to sell digital content, but considers movie tickets a "real-world experience" exempt from its In-App Purchase system.

Further reading: iPhone Customers Upset By Apple Wallet Ad Pushing F1 Movie.

An anonymous reader quotes a report from the Associated Press: Websites that displayed legally mandated U.S. national climate assessments seem to have disappeared, making it harder for state and local governments and the public to learn what to expect in their backyards from a warming world. Scientists said the peer-reviewed authoritative reports save money and lives. Websites for the national assessments and the U.S. Global Change Research Program were down Monday and Tuesday with no links, notes or referrals elsewhere. The White House, which was responsible for the assessments, said the information will be housed within NASA to comply with the law, but gave no further details. Searches for the assessments on NASA websites did not turn them up.

"It's critical for decision makers across the country to know what the science in the National Climate Assessment is. That is the most reliable and well-reviewed source of information about climate that exists for the United States," said University of Arizona climate scientist Kathy Jacobs, who coordinated the 2014 version of the report. "It's a sad day for the United States if it is true that the National Climate Assessment is no longer available," Jacobs said. "This is evidence of serious tampering with the facts and with people's access to information, and it actually may increase the risk of people being harmed by climate-related impacts."

"This is a government resource paid for by the taxpayer to provide the information that really is the primary source of information for any city, state or federal agency who's trying to prepare for the impacts of a changing climate," said Texas Tech climate scientist Katharine Hayhoe, who has been a volunteer author for several editions of the report. Copies of past reports are still squirreled away in NOAA's library. NASA's open science data repository includes dead links to the assessment site. [...] Additionally, NOAA's main climate.gov website was recently forwarded to a different NOAA website. Social media and blogs at NOAA and NASA about climate impacts for the general public were cut or eliminated. "It's part of a horrifying big picture," [said Harvard climate scientist John Holdren, who was President Obama's science advisor and whose office directed the assessments]. "It's just an appalling whole demolition of science infrastructure." National climate assessments are more detailed and locally relevant than UN reports and undergo rigorous peer review and validation by scientific and federal institutions, Hayhoe and Jacobs said. Suppressing these reports would be censoring science, Jacobs said.

Mixpanel co-founder Suhail Doshi has publicly accused an Indian developer of simultaneously working at multiple startups under false pretenses. Doshi posted on X that Soham Parekh works at "3-4 startups at the same time" and has been "preying on YC companies." (YC, or Y Combinator, is a popular startup accelerator and venture capital firm.)

Doshi fired Parekh within a week at his company Playground AI and warned him to stop the practice, but said Parekh continued a year later. Parekh's resume lists positions at Dynamo AI, Union AI, Synthesia, and Alan AI, along with degrees from the University of Mumbai and Georgia Institute of Technology. Doshi called the CV "probably 90% fake and most links are gone." Several other startup founders confirmed they had either hired Parekh in the past, or had been approached by him. Nicolai Ouporov of Fleet AI said Parekh "works at more than 4 startups at any given time." Justin Harvey of AIVideo said he nearly hired Parekh, who "crushed the interview." Doshi said he corroborated the account with more than six companies before posting publicly.

Italian utility A2A and French tech firm Qarnot have launched a data center in Brescia, Italy, that captures waste heat from servers and redirects it to a local district heating system. "The Brescia project is expected to meet the heating needs of more than 1,350 apartments and cut carbon dioxide emissions by 3,500 tons annually -- equivalent to the absorption capacity of over 22,000 trees," reports Reuters. From the report: "The rapid spread of data centers and the growing electrification of consumption require major investments in power grids. But data centers also offer a remarkable opportunity for cities with district heating networks," A2A CEO Renato Mazzoncini said at the inauguration. "In (the Italian region of) Lombardy alone, with projects already in the pipeline, we estimate that 150,000 apartments could be heated this way," Mazzoncini added.

It's not dark matter, writes Space.com. But astronomers have discovered "a vast tendril of hot gas linking four galaxy clusters and stretching out for 23 million light-years, 230 times the length of our galaxy.

"With 10 times the mass of the Milky Way, this filamentary structure accounts for much of the universe's 'missing matter,' the search for which has baffled scientists for decades...." [I]t is "ordinary matter" made up of atoms, composed of electrons, protons, and neutrons (collectively called baryons) which make up stars, planets, moons, and our bodies. For decades, our best models of the universe have suggested that a third of the baryonic matter that should be out there in the cosmos is missing.

This discovery of that missing matter suggests our best models of the universe were right all along. It could also reveal more about the "Cosmic Web," the vast structure along which entire galaxies grew and gathered during the earlier epochs of our 13.8 billion-year-old universe.... The newly observed filament isn't just extraordinary in terms of its mass and size; it also has a temperature of a staggering 18 million degrees Fahrenheit (10 million degrees Celsius). That's around 1,800 times hotter than the surface of the sun...

The team's research was published on Thursday (June 19) in the journal Astronomy & Astrophysics.
Models of the cosmos (including the standard model of cosmology) "have long posited the idea that the missing baryonic matter of the universe is locked up in vast filaments of gas stretching between the densest pockets of space..." the article points out. But now thanks to Suzaku, a Japan Aerospace Exploration Agency (JAXA) satellite, and the European Space Agency's XMM-Newton, "a team of astronomers has for the first time been able to determine the properties of one of these filaments, which links four galactic clusters in the local universe."

Team leader Konstantinos Migkas (of the Netherlands' Leiden Observatory) explained the significance of their finding. "For the first time, our results closely match what we see in our leading model of the cosmos — something that's not happened before."

"It seems that the simulations were right all along."

An anonymous reader quotes a report from Cybernews: Several collections of login credentials reveal one of the largest data breaches in history, totaling a humongous 16 billion exposed login credentials. The data most likely originates from various infostealers. Unnecessarily compiling sensitive information can be as damaging as actively trying to steal it. For example, the Cybernews research team discovered a plethora of supermassive datasets, housing billions upon billions of login credentials. From social media and corporate platforms to VPNs and developer portals, no stone was left unturned.

Our team has been closely monitoring the web since the beginning of the year. So far, they've discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records. None of the exposed datasets were reported previously, bar one: in late May, Wired magazine reported a security researcher discovering a "mysterious database" with 184 million records. It barely scratches the top 20 of what the team discovered. Most worryingly, researchers claim new massive datasets emerge every few weeks, signaling how prevalent infostealer malware truly is.

"This is not just a leak -- it's a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What's especially concerning is the structure and recency of these datasets -- these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale," researchers said. The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data. Most of the datasets were temporarily accessible through unsecured Elasticsearch or object storage instances. Key details to be aware of: - The records include billions of login credentials, often structured as URL, login, and password.
- The datasets include both old and recent breaches, many with cookies, tokens, and metadata, making them especially dangerous for organizations without multi-factor authentication or strong credential practices.
- Exposed services span major platforms like Apple, Google, Facebook, Telegram, GitHub, and even government services.
- The largest dataset alone includes 3.5 billion records, while one associated with the Russian Federation has over 455 million; many dataset names suggest links to malware or specific regions.
- Ownership of the leaked data is unclear, but its potential for phishing, identity theft, and ransomware is severe -- especially since even a - Basic cyber hygiene -- such as regularly updating strong passwords and scanning for malware -- is currently the best line of defense for users.

An anonymous reader quotes a report from Ars Technica: Tech support scammers have devised a method to inject their fake phone numbers into webpages when a target's web browser visits official sites for Apple, PayPal, Netflix, and other companies. The ruse, outlined in a post on Wednesday from security firm Malwarebytes, threatens to trick users into calling the malicious numbers even when they think they're taking measures to prevent falling for such scams. One of the more common pieces of security advice is to carefully scrutinize the address bar of a browser to ensure it's pointing to an organization's official website. The ongoing scam is able to bypass such checks.

The unknown actors behind the scam begin by buying Google ads that appear at the top of search results for Microsoft, Apple, HP, PayPal, Netflix, and other sites. While Google displays only the scheme and host name of the site the ad links to (for instance, https://www.microsoft.com/ the ad appends parameters to the path to the right of that address. When a target clicks on the ad, it opens a page on the official site. The appended parameters then inject fake phone numbers into the page the target sees.

Google requires ads to display the official domain they link to, but the company allows parameters to be added to the right of it that aren't visible. The scammers are taking advantage of this by adding strings to the right of the hostname. The parameters aren't displayed in the Google ad, so a target has no obvious reason to suspect anything is amiss. When clicked on, the ad leads to the correct hostname. The appended parameters, however, inject a fake phone number into the webpage the target sees. The technique works on most browsers and against most websites. Malwarebytes.com was among the sites affected until recently, when the site began filtering out the malicious parameters.

Researchers are cautioning users against clicking unsubscribe links embedded in email bodies, citing new data showing such actions can expose recipients to malicious websites and confirm active email addresses to attackers. DNSFilter found that one in every 644 clicks on unsubscribe links leads users to potentially malicious websites.

"You've left the safe, structured environment of your email client and entered the open web," TK Keanini, DNSFilter's chief technology officer, told WSJ. The risks range from confirming to bad actors that an email address belongs to an active user to redirecting victims to fake websites designed to steal login credentials or install malware. Clicking such links "can make you a bigger target in the future," said Michael Bargury, CTO of security company Zenity.

Google will discontinue its Android Instant Apps feature in December 2025, ending a nearly decade-long experiment that allowed users to try portions of mobile apps without installing them. The feature, rolled out in early 2017, enabled developers to create lightweight app versions under 15 megabytes that could run temporarily on users' devices when they tapped specific links.

The feature struggled with low developer uptake due to the technical complexity of creating these stripped-down app versions.

Cisco is updating its networking and security products to make AI networks speedier and more secure, part of a broader push to capitalize on the AI spending boom. From a report: A new generation of switches -- networking equipment that links computer systems -- will offer a 10-fold improvement in performance, the company said on Tuesday. That will help prevent AI applications from suffering bottlenecks when transferring data, Cisco said. Networking speed has become a bigger issue as data center operators try to manage a flood of AI information -- both in the cloud and within the companies' own facilities. Slowdowns can hinder AI models, Cisco President and Chief Product Officer Jeetu Patel said in an interview. That applies to the development phase -- known as training -- and the operation of the models, a stage called inference. A massive build-out of data centers has made Cisco more relevant, he said. "AI is going to be network-bound, both on training and inference," Patel said. Having computer processors sit idle during training because of slow networks is "just throwing away money."

An anonymous reader quotes a report from The Verge: Secretary of State Marco Rubio announced Wednesday that the U.S. would restrict visas for "foreign nationals who are responsible for censorship of protected expression in the United States." He called it "unacceptable for foreign officials to issue or threaten arrest warrants on U.S. citizens or U.S. residents for social media posts on American platforms while physically present on U.S. soil" and "for foreign officials to demand that American tech platforms adopt global content moderation policies or engage in censorship activity that reaches beyond their authority and into the United States."

It's not yet clear how or against whom the policy will be enforced, but seems to implicate Europe's Digital Services Act, a law that came into effect in 2023 with the goal of making online platforms safer by imposing requirements on the largest platforms around removing illegal content and providing transparency about their content moderation. Though it's not mentioned directly in the press release about the visa restrictions, the Trump administration has slammed the law on multiple occasions, including in remarks earlier this year by Vice President JD Vance.

The State Department's homepage currently links to an article on its official Substack, where senior advisor for the Bureau of Democracy, Human Rights, and Labor Samuel Samson critiques the DSA as a tool to "silence dissident voices through Orwellian content moderation." He adds, "Independent regulators now police social media companies, including prominent American platforms like X, and threaten immense fines for non-compliance with their strict speech regulations." "We will not tolerate encroachments upon American sovereignty," Rubio says in the announcement, "especially when such encroachments undermine the exercise of our fundamental right to free speech."

Telegram has partnered with xAI to integrate the Grok chatbot into its platform for one year, with xAI paying $300 million in cash and equity. Telegram will also receive 50% of subscription revenue from Grok. TechCrunch reports: Earlier this year, xAI made the Grok chatbot available to Telegram's premium users. It seems Grok might now be made available to all users. A video posted by [Telegram CEO Pavel Durov] on X suggested that Grok can be pinned on top of chats within the app, and users can also ask questions to Grok from the search bar. Notably, Meta has also integrated Meta AI into the search bar on Instagram and WhatsApp. The video also shows that you will be able to use Grok for writing suggestions, summarizing chats, links, and documents, and creating stickers. Grok will supposedly also help answer questions for businesses and assist with moderation. UPDATE: In a response to Durov's X post outlining the partnership, Elon Musk said: "No deal has been signed."

"Musk's denial, however, raises questions about the status and structure of the agreement," reports TheStreet. "It's unclear whether the partnership has been formalized or if Durov was announcing a framework that remains under discussion. Neither Telegram nor xAI has issued a follow-up clarification."

Japan Post has launched a "digital address" system that links seven-digit combinations of numbers and letters to physical addresses. From a report: Under the system, users can input these seven-digit codes on online shopping websites, and their addresses will automatically appear on the sites.

People can obtain digital addresses by registering with Japan Post's Yu ID membership service. Their digital addresses will not change even if their physical addresses change. Their new addresses will be linked to the codes if they submit notices of address changes.

Google's new AI Mode for Search, which is rolling out to everyone in the U.S., has sparked outrage among publishers, who call it "the definition of theft" for using content without fair compensation and without offering a true opt-out option. Internal documents revealed by Bloomberg earlier this week suggest that Google considered giving publishers more control over how their content is used in AI-generated results but ultimately decided against it, prioritizing product functionality over publisher protections.

News/Media Alliance slammed Google for "further depriving publishers of original content both traffic and revenue." Their full statement reads: "Links were the last redeeming quality of search that gave publishers traffic and revenue. Now Google just takes content by force and uses it with no return, the definition of theft. The DOJ remedies must address this to prevent continued domination of the internet by one company." 9to5Google's take: It's not hard to see why Google went the route that it did here. Giving publishers the ability to opt out of AI products while still benefiting from Search would ultimately make Google's flashy new tools useless if enough sites made the switch. It was very much a move in the interest of building a better product.

Does that change anything regarding how Google's AI products in Search cause potential harm to the publishing industry? Nope.

Google's tools continue to serve the company and its users (mostly) well, but as they continue to bleed publishers dry, those publishers are on the verge of vanishing or, arguably worse, turning to cheap and poorly produced content just to get enough views to survive. This is a problem Google needs to address, as it's making the internet as a whole worse for everyone.

Microsoft has officially cited Apple's App Store policies as the roadblock preventing its Xbox mobile store launch promised for July 2024. In an amicus brief supporting Epic Games filed this week, Microsoft alleged that Apple's "anti-steering policies" have "stymied" its mobile store ambitions despite a court injunction allowing developers to advertise alternative payment methods.

The brief challenges Apple's attempt to overturn this crucial ruling, which enabled Fortnite's App Store return with external payment links. Microsoft argues that launching its store under threat of Apple potentially winning a temporary stay creates significant business risk. The restrictions also impact Microsoft's Xbox mobile app functionality.

KrebsOnSecurity was hit with a near-record 6.3 Tbps DDoS attack, believed to be a test of the powerful new Aisuru IoT botnet. The attack, lasting under a minute, was the largest Google has ever mitigated and is linked to a DDoS-for-hire operation run by a 21-year-old Brazilian known as "Forky." Brian Krebs writes: [Google Security Engineer Damian Menscher] said the attack on KrebsOnSecurity lasted less than a minute, hurling large UDP data packets at random ports at a rate of approximately 585 million data packets per second. "It was the type of attack normally designed to overwhelm network links," Menscher said, referring to the throughput connections between and among various Internet service providers (ISPs). "For most companies, this size of attack would kill them." [...]

The 6.3 Tbps attack last week caused no visible disruption to this site, in part because it was so brief -- lasting approximately 45 seconds. DDoS attacks of such magnitude and brevity typically are produced when botnet operators wish to test or demonstrate their firepower for the benefit of potential buyers. Indeed, Google's Menscher said it is likely that both the May 12 attack and the slightly larger 6.5 Tbps attack against Cloudflare last month were simply tests of the same botnet's capabilities. In many ways, the threat posed by the Aisuru/Airashi botnet is reminiscent of Mirai, an innovative IoT malware strain that emerged in the summer of 2016 and successfully out-competed virtually all other IoT malware strains in existence at the time.

Google has launched the NotebookLM app for Android and iOS, offering a native mobile experience with offline support, audio overviews, and integration into the system share sheet for adding sources like PDFs and YouTube videos. 9to5Google reports: This native experience starts on a homepage of your notebooks with filters at the top for Recent, Shared, Title, and Downloaded. The app features a light and dark mode based on your device's system theme with no manual toggle. Each colorful card features the notebook name, emoji, number of sources, and date, as well as a play button for Audio Overviews. There's background playback and offline support for the podcast-style experience (the fullscreen player has a nice glow), while you can "Join" the AI hosts (in beta) to ask follow-up questions.

You get a "Create new" button at the bottom of the list to add PDFs, websites, YouTube videos, and text. Notably, the NotebookLM app will appear in the Android and iOS share sheet to quickly add sources. When you open a notebook, there's a bottom bar for the list of Sources, Chat Q&A, and Studio. It's similar to the current mobile website, with the native client letting users ditch the Progressive Web App. Out of the gate, there are phone and (straightforward) tablet interfaces. You can download the app for iOS and Android using their respective links.