Agreguesi i feed

Part 1 covered how Linux keylogging works in user space and why attackers lean on simple hooks or device access to capture keystrokes. Part 2 walked through the GUI layer, showing how the X Server exposes keyboard events long before applications see them. We closed with a promise to move from observing behavior to turning low-level input into usable detection signals.

An anonymous reader quotes a report from Reuters: Singapore's central bank will hold trials to issue tokenized MAS bills next year and bring in laws to regulate stablecoins as it presses forward with plans to build a scalable and secure tokenised financial ecosystem, the bank's top official said on Thursday. "Tokenization has lifted off the ground. But have asset-backed tokens achieved escape velocity? Not yet," said Chia Der Jiun, Managing Director of the Monetary Authority of Singapore (MAS), a keynote address at the Singapore FinTech Festival. He said MAS has been working on the details of its stablecoin regulatory regime and will prepare draft legislation, with the emphasis on "sound reserve backing and redemption reliability." MAS is also supporting trials under the BLOOM initiative, which explores the use of tokenized bank liabilities and regulated stablecoins for settlement, he added. "In the CBDC space, I am pleased to announce that the three Singapore banks, DBS, OCBC, and UOB, have successfully conducted interbank overnight lending transactions using the first live trial issuance of Singapore dollar wholesale CBDC," he said. MAS will expand trials to include tokenized MAS bills settled with CBDC, he added.

Read more of this story at Slashdot.

According to Car and Driver, Hyundai has suffered a data breach that leaked the personal data of up to 2.7 million customers. The leak reportedly took place in February from Hyundai AutoEver, the company's IT affiliate. It includes customer names, driver's license numbers, and social security numbers. Longtime Slashdot reader sinij writes: Thanks to tracking modules plaguing most modern cars, that data likely includes the times and locations of customers' vehicles. These repeated breaches make it clear that, unlike smartphone manufacturers that are inherently tech companies, car manufacturers collecting your data are going to keep getting breached and leaking it.

Read more of this story at Slashdot.

Machine learning now runs deep inside Linux security workflows, from containerized inference services to open-source model pipelines. These systems look harmless at first glance. You hand them data, they return predictions, and that feels like the end of the transaction. It isn't. A model can leak far more than teams expect, and that's where model inversion attacks turn into a real operational problem.

Amazon announced that its satellite broadband project called Project Kuiper will now be known as Amazon Leo. GeekWire reports: Leo is a nod to "low Earth orbit," where Amazon has so far launched more than 150 satellites as part of a constellation that will eventually include more than 3,200. In a blog post, Amazon said the 7-year-old Project Kuiper began "with a handful of engineers and a few designs on paper" and like most early Amazon projects "the program needed a code name." The team was inspired by the Kuiper Belt, a ring of asteroids in the outer solar system. A new website for Amazon Leo proclaims "a new era of internet is coming," as Amazon says its satellites can help serve "billions of people on the planet who lack high-speed internet access, and millions of businesses, governments, and other organizations operating in places without reliable connectivity." Amazon said it will begin rolling out service once it's added more coverage and capacity to the network. Details about pricing and availability haven't been announced.

Read more of this story at Slashdot.

Version:next-20251114 (linux-next) Released:2025-11-14

An anonymous reader quotes a report from the Guardian: The world is still on track for a catastrophic 2.6C increase in temperature as countries have not made sufficiently strong climate pledges, while emissions from fossil fuels have hit a record high, two major reports have found. Despite their promises, governments' new emission-cutting plans submitted for the Cop30 climate talks taking place in Brazil have done little to avert dangerous global heating for the fourth consecutive year, according to the Climate Action Tracker update (PDF). The world is now anticipated to heat up by 2.6C above preindustrial times by the end of the century -- the same temperature rise forecast last year. This level of heating easily breaches the thresholds set out in the Paris climate pact, which every country agreed to, and would set the world spiraling into a catastrophic new era of extreme weather and severe hardships. A separate report found the fossil fuel emissions driving the climate crisis will rise by about 1% this year to hit a record high, but that the rate of rise has more than halved in recent years. The past decade has seen emissions from coal, oil and gas rise by 0.8% a year compared with 2.0% a year during the decade before. The accelerating rollout of renewable energy is now close to supplying the annual rise in the world's demand for energy, but has yet to surpass it. [...] The new analyses also show a worrying weakening of the planet's natural carbon sinks. The scientists said the combined effects of global heating and the felling of trees have turned tropical forests in southeast Asia and large parts of South America from overall CO2 sinks into sources of the climate-heating gas. [...] The report projects that the level of CO2 in the atmosphere will reach 425ppm (parts per million) in 2025, compared with 280ppm in the preindustrial era. It would have been 8ppm lower if the carbon sinks had not been weakened. The GCP projection for 2025 is based on monthly data up to September and has proven accurate in the previous 19 annual reports.

Read more of this story at Slashdot.

Netflix is launching a new slate of TV-streamed party games that are all playable using your phone as the controller. The Verge reports: To start, Netflix is offering Boggle Party, Party Crasher: Fool Your Friends, Lego Party, Pictionary: Game Night, and Tetris Time Warp. A social deduction game based on the Knives Out series, Dead Man's Party: A Knives Out Game, is also part of this new slate but will launch at a later time. The streaming platform's approach to gaming has been unfocused, with the company bouncing between being a boutique development studio while also being a platform for premium and exclusive mobile gaming experiences. Offering party games on your TV seems like a better fit -- one that could allow Netflix to finally find its gaming footing.

Read more of this story at Slashdot.

Xpeng's flying-car subsidiary Aridge has begun trial production at the world's first dedicated flying-car factory in Guangzhou. Euronews reports: The 120,000-square-meter facility has produced its first detachable eVTOL aircraft for the modular "Land Aircraft Carrier." With an annual capacity of up to 10,000 modules, the factory will eventually assemble one aircraft every 30 minutes. Trial operations focus on process verification, equipment testing, and producing prototypes for airworthiness certification before moving into mass production.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: As generative AI content starts to fill our social apps, a project to bring back Vine's six-second looping videos is launching with Twitter co-founder Jack Dorsey's backing. On Thursday, a new app called diVine will give access to more than 100,000 archived Vine videos, restored from an older backup that was created before Vine's shutdown. The app won't just exist as a walk down memory lane; it will also allow users to create profiles and upload their own new Vine videos. However, unlike on traditional social media, where AI content is often haphazardly labeled, diVine will flag suspected generative AI content and prevent it from being posted. According to TechCrunch, a volunteer preservation group called the Archive Team saved Vine's content when it shut down in 2016. The only problem was that everything was stored in massive 40-50 GB binary blob files that were basically unusable for casual viewing. Evan Henshaw-Plath (who goes by the name Rabble), an early Twitter employee and member of Jack Dorsey's nonprofit "and Other Stuff," dug into those backup files to try and salvage as much as he could. He spent months writing big-data extraction scripts, reverse-engineering how the archived binaries were structured, and reconstructing the original video files, old user info, view counts, and more. "I wasn't able to get all of them out, but I was able to get a lot out and basically reconstruct these Vines and these Vine users, and give each person a new user [profile] on this open network," he said. Rabble estimates that through this process he was able to successfully recover 150,000-200,000 Vine videos from around 60,000 creators. diVine then rebuilt user profiles on top of the decentralized Nostr protocol so creators can reclaim their accounts, request takedowns, or upload missing videos. You can check out the app for yourself at diVine.video. It's available in beta form on both iOS and Android.

Read more of this story at Slashdot.

Longtime Slashdot reader dskoll shares a press release from Apple: Issey Miyake and Apple today unveiled iPhone Pocket. Inspired by the concept of "a piece of cloth," its singular 3D-knitted construction is designed to fit any iPhone as well as all pocketable items. When stretched, the open textile subtly reveals its contents and allows users to peek at their iPhone display. iPhone Pocket can be worn in a variety of ways -- handheld, tied onto bags, or worn directly on the body. Featuring a playful color palette, the short strap design is available in eight colors, and the long strap design in three colors. The "Long" sock variant comes in at only $229.95 and is available in three elegant colors: sapphire, cinnamon, and black. What do Slashdotters think of this very real product?

Read more of this story at Slashdot.

Apple is cutting its App Store fee from 30% to 15% for developers who join a new Mini Apps Partner Program, which requires using more of Apple's built-in technology to power lightweight "mini apps." "This includes using Apple software to register a user's purchase history, verify user ages and to process in-app purchases," reports CNBC. From the report: A "mini app" is a lightweight piece of software inside a third-party app store, like that of Discord's. These apps uses are built using web technology like HTML or Javascript. [...] Apple has argued that both developers and users are better off when using its technology and rules, instead of eschewing them to try to avoid fees. "This program is designed to help developers who host mini apps grow their business and further the availability of mini apps on the App Store -- all while providing a great customer experience," the company said in its announcement. [...] Participants in the new program will still have to provide Apple with information for each specific mini-app experience they offer.

Read more of this story at Slashdot.

LinkedIn is rolling out an AI-powered people search tool that lets users find connections by describing what they need instead of relying on names or titles. For example, you can enter a more descriptive search, such as "Northwestern alumni who work in entertaining marketing," or even pose a question, like "Who can help me understand the US work visa system." The Verge reports: LinkedIn senior director of product management Rohan Rajiv tells The Verge that the platform will rank results based on the connections you might have with someone, as well as their relevance to your search. [...] LinkedIn is rolling out AI-powered people search to Premium users in the US starting today, but the platform plans on bringing it to all users soon.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Jeff Bezos' Blue Origin has landed the booster of its New Glenn mega-rocket on a drone ship in the Atlantic Ocean on just its second attempt -- making it the second company to perform such a feat, following Elon Musk's SpaceX. It's an accomplishment that will help the new rocket system become an option to send larger payloads to space, the Moon, and beyond. Thursday's launch wasn't just about the landing attempt, though. Roughly 34 minutes after takeoff, the upper stage of New Glenn successfully deployed the rocket's first commercial payload: twin spacecraft for NASA that will travel to Mars to study the red planet's atmosphere. The pair of achievements are remarkable for the second-ever launch of such a massive rocket system. And it could put Blue Origin in position to compete with SpaceX, which dominates the world's launch market with its Falcon 9, Falcon Heavy, and Starship rockets. You can watch a recording of the launch here.

Read more of this story at Slashdot.

Version:6.17.8 (stable) Released:2025-11-13 Source:linux-6.17.8.tar.xz PGP Signature:linux-6.17.8.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.17.8

Version:6.12.58 (longterm) Released:2025-11-13 Source:linux-6.12.58.tar.xz PGP Signature:linux-6.12.58.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.58

Why Advanced Keylogging Techniques Depend on the Linux GUIAdvanced keylogging leans on the Linux GUI because once a user signs into a graphical session, the input path stops being simple. The GUI decides which window receives focus, how toolkits interpret the keystrokes, and when events get redirected or buffered, so the attacker's visibility changes. The hardware layer still shows the raw signal. It just doesn't reflect how people actually work on a desktop, and that gap is exactly where more capable keyloggers operate.

Keylogging turns up more often than people think. You see it in audits, red team work, and during investigations where credentials quietly leak through input streams. This piece breaks down how it actually happens on Linux '' where keystrokes travel, how the system reports them, and how simple code can listen in.

FFmpeg, the open source multimedia framework that powers video processing in Google Chrome, Firefox, YouTube and other major platforms, has called on Google to either fund the project or stop burdening its volunteer maintainers with security vulnerabilities found by the company's AI tools. The maintainers patched a bug that Google's AI agent discovered in code for decoding a 1995 video game but described the finding as "CVE slop." The confrontation centered on a Google Project Zero policy announced in July that publicly discloses reported vulnerabilities within a week and starts a ninety-day countdown to full disclosure regardless of patch availability. FFmpeg, written primarily in assembly language, handles format conversion and streaming for VLC, Kodi and Plex but operates without adequate funding from the corporations that depend on it. Nick Wellnhofer resigned as maintainer of libxml2, a library used in all major web browsers, because of the unsustainable workload of addressing security reports without compensation and said he would stop maintaining the project in December.

Read more of this story at Slashdot.

Democratic U.S. Senator Elizabeth Warren is escalating pressure on the defense industry to stop opposing military right-to-repair legislation, as House and Senate negotiators work to finalize the fiscal 2026 National Defense Authorization Act. From a report: In a sharply-worded November 5 letter to the National Defense Industrial Association (NDIA) obtained by Reuters, Warren accused the industry group of attempting to undermine bipartisan efforts to give the Pentagon greater ability to repair weapons and equipment it owns. She called the group's opposition "a dangerous and misguided attempt to protect an unacceptable status quo of giant contractor profiteering." Currently, the government is often required to pay contractors like NDIA members Lockheed Martin, Boeing and RTX to use expensive original equipment and installers to service broken parts, versus having trained military maintainers 3D print spares in the field and install them faster and more cheaply.

Read more of this story at Slashdot.