Apple has been hit with a federal lawsuit claiming that the company's promotion of now-delayed Apple Intelligence features constituted false advertising and unfair competition. From a report: The suit, filed Wednesday in U.S. District Court in San Jose, seeks class action status and unspecified financial damages on behalf of those who purchased Apple Intelligence-capable iPhones and other devices. "Apple's advertisements saturated the internet, television, and other airwaves to cultivate a clear and reasonable consumer expectation that these transformative features would be available upon the iPhone's release," the suit reads.

"This drove unprecedented excitement in the market, even for Apple, as the company knew it would, and as part of Apple's ongoing effort to convince consumers to upgrade at a premium price and to distinguish itself from competitors deemed to be winning the AI-arms race. [...] Contrary to Defendant's claims of advanced AI capabilities, the Products offered a significantly limited or entirely absent version of Apple Intelligence, misleading consumers about its actual utility and performance. Worse yet, Defendant promoted its Products based on these overstated AI capabilities, leading consumers to believe they were purchasing a device with features that did not exist or were materially misrepresented."

Controversial facial recognition company Clearview AI attempted to purchase hundreds of millions of arrest records including social security numbers, mugshots, and even email addresses to incorporate into its product, 404 Media reports. From the report: For years, Clearview AI has collected billions of photos from social media websites including Facebook, LinkedIn and others and sold access to its facial recognition tool to law enforcement. The collection and sale of user-generated photos by a private surveillance company to police without that person's knowledge or consent sparked international outcry when it was first revealed by the New York Times in 2020.

New documents obtained by 404 Media reveal that Clearview AI spent nearly a million dollars in a bid to purchase "690 million arrest records and 390 million arrest photos" from all 50 states from an intelligence firm. The contract further describes the records as including current and former home addresses, dates of birth, arrest photos, social security and cell phone numbers, and email addresses. Clearview attempted to purchase this data from Investigative Consultant, Inc. (ICI) which billed itself as an intelligence company with access to tens of thousands of databases and the ability to create unique data streams for its clients. The contract was signed in mid-2019, at a time when Clearview AI was quietly collecting billions of photos off the internet and was relatively unknown at the time.

The Dutch parliament approved motions urging the government to reduce reliance on U.S. software companies by developing a sovereign cloud platform and reconsidering contracts with American firms. Reuters reports: While such initiatives have foundered in the past due to a lack of viable European alternatives, lawmakers said changing relations with the United States under the presidency of Donald Trump have given the issue fresh urgency. "The question we as Europeans must ask ourselves is: do we feel comfortable with people like Trump, (Meta CEO Mark) Zuckerberg and (X owner Elon) Musk ruling over our data?" said Marieke Koekkoek of the pro-European Volt party, who authored one of the eight motions, in an email to Reuters.

In addition to launching a sovereign cloud services platform, the motions called on the government to re-examine a decision to use Amazon's web services for the Netherlands' internet domain hosting, and to develop alternatives to U.S. software and preferential treatment for European firms in public tenders. [...] Bert Hubert, a Dutch technology expert who has advocated for reducing dependency on the U.S., said: "This is only the first step in potentially doing something." But he said one important outcome would be forcing agencies to publicly report on risks related to their reliance on U.S. cloud firms. "With the advent of Trump 2.0, it has become clear that this is not something you can harmlessly sign off on," he said.

An anonymous reader quotes a report from Politico: A top Commerce Department official sent a blistering email to his former colleagues on his way out the door Sunday warning that the Trump administration is poised to unduly enrich Elon Musk's satellite internet company with money for rural broadband. The technology offered by Starlink ... is inferior, wrote Evan Feinman, who had directed the $42.5 billion broadband program for the past three years. "Stranding all or part of rural America with worse internet so that we can make the world's richest man even richer is yet another in a long line of betrayals by Washington," Feinman said.

Feinman's lengthy email, totaling more than 1,100 words and shared with POLITICO, is a sign of deep discomfort about the changes underway that will likely transform the Broadband Equity, Access and Deployment Program. Commerce Secretary Howard Lutnick recently pledged a vigorous review of BEAD, with an aim to rip out what he sees as extraneous requirements and remove any preference for particular broadband technologies like fiber. The program, created in the 2021 infrastructure law program, became a source of partisan fighting last year on the campaign trail as Republicans attacked the Biden administration for its slow pace. No internet expansion projects have begun using BEAD money, although some states were close at the beginning of this year. Feinman's critique: In his email, Feinman notes Friday was his last day leading BEAD and that he's "disappointed not to be able to see this project through."

Feinman's email warns the Trump administration could undermine BEAD and he encourages people to fight to retain its best aspects. Feinman said the administration should "NOT change it to benefit technology that delivers slower speeds at higher costs to the household paying the bill," adding that this isn't what rural America, congressional Republicans or Democrats, the states or the telecom industry wants. "Reach out to your congressional delegation and reach out to the Trump Administration and tell them to strip out the needless requirements, but not to strip away from states the flexibility to get the best connections for their people," Feinman wrote. He said he's not worried about the Trump administration nixing requirements around climate resiliency, labor and middle class affordability, saying those issues "were inserted by the prior administration for messaging/political purposes, and were never central to the mission of the program." Feinman warns that changes to the BEAD program under the Trump administration could stall state-level broadband progress, with Louisiana, Delaware, and Nevada already stuck in review.

Meanwhile, no specific guidance or timeline for these changes has been provided, and Arielle Roth's confirmation as NTIA head is still pending in the Senate.

Alphabet is spinning out Taara, a laser-based internet company from its X "moonshot" incubator, securing backing from Series X Capital while retaining a minority stake.

Taara's technology transmits data at 20 gigabits per second over 20km by firing pencil-width light beams between traffic light-sized terminals, extending traditional fiber-optic networks with minimal construction costs.

Based in Sunnyvale, California, the company operates in 12 countries, including India and parts of Africa, where it created a 5km laser link over the Congo River between Brazzaville and Kinshasa. The two-dozen-strong team partners with telecommunications firms like Bharti Airtel and T-Mobile to extend core fiber-optic networks to remote locations or dense urban areas.

Taara originated from Project Loon, which was shut down in 2021 after facing regulatory challenges. The company is developing silicon photonic chips to replace mirrors and lenses in its terminals and potentially enable multiple connections from a single transmitter.

This week the Free Software Foundation published memorabilia items for an online silent auction — part of their big 40th anniversary celebration. "Starting March 17, the FSF will unlock items each day for bidding on the LibrePlanet wiki at 12:00 EDT.. Bidding on all items will conclude at 15:00 EDT on March 21, 2025...

"During the auction, the FSF welcomes everyone who supports user freedom to bid on historical and symbolic free software memorabilia," they annouced this week: The auction is split into two parts: a silent auction hosted on the LibrePlanet wiki from March 17 through March 21 and a live auction held on the FSF's Galène videoconferencing server on March 23 from 14:00-17:00. The auction is only the opening act to a months-long itinerary celebrating forty years of free software activism...

Executive director Zoë Kooyman adds: "These items are valuable pieces of FSF history, and some of them are emblematic of the free software movement. We want to entrust these memorabilia in the hands of the free software community for preservation and would love to see some of these items displayed in exhibitions." All in all, there are twenty-five pieces that are either directly part of the FSF's history and/or representative of the free software movement that will be available in the silent auction.

Winning bidders can rest assured that all proceeds from this auction will go towards the FSF's continued work to promote computer user freedom worldwide.
Silent auction items include:

• A print of the famous Gnu-with-Tux-as-superheroes poster signed by Richard Stallman and artist Lissanne Lake. Bids start at $300...

• A mid-1980s VT220 terminal that "still works, and can be connected to your favorite free machine over the serial interface... This is the same terminal that was on the FSF reception desk for some time, introducing visitors to ASCII art, NetHack, and other free software lore." Bids start at $250... (with estimate shipping costs of $100)

• An Amiga 3000UX donated to the GNU project "sometime in 1990." While it now has a damaged battery, "FSF staff programmers used it at MIT to help further some early development of the GNU operating system." Starting bid: $300 (with estimated shipping costs of $400).

• "A variety of plush animals that had greeted visitors at its former offices in Boston on 51 Franklin Street..."

"The most notable items have been reserved for the live auction on Sunday, March 23," they note — including the Internet Hall of Fame medal awarded to FSF founder Richard Stallman in 2013 "as ultimate recognition of free software's immense impact on the development and advancement of the Internet."

Long-time Slashdot reader chicksdaddy writes: A group of U.S. consumer advocacy groups on Wednesday proposed legislation to address the growing epidemic of "zombie" Internet of Things (IoT) devices that have had software support cut off by their manufacturer, Fight To Repair News reports.

The Connected Consumer Product End of Life Disclosure Act is a collaboration between Consumer Reports, US PIRG, the Secure Resilient Future Foundation (SRFF) and the Center for Democracy and Technology. It requires manufacturers of connected consumer products to disclose for how long they will provide technical support, security updates, or bug fixes for the software and hardware that are necessary for the product to operate securely.
The groups proposed legal requirements that manufacturers "must notify consumers when their devices are nearing the end of life and provide guidance on how to handle the device's end of life," while end-of-life notifications "must include details about features that will be lost, and potential vulnerabilities and security risks that may arise." And when an ISP-provided device (like a router) reaches its end of life, the ISP must remove them.

"The organizations are working with legislators at the state and federal level to get the model legislation introduced," according to Fight To Repair News.

After Meta convinced an arbitrator to temporarily prevent a whistleblower from promoting their book about the company (titled: Careless People), the book climbed to the top of Amazon's best-seller list. And the book's publisher Macmillan released a defiant statement that "The arbitration order has no impact on Macmillan... We will absolutely continue to support and promote it." (They added that they were "appalled by Meta's tactics to silence our author through the use of a non-disparagement clause in a severance agreement.")

Saturday the controversy was even covered by Rolling Stone: [Whistleblower Sarah] Wynn-Williams is a diplomat, policy expert, and international lawyer, with previous roles including serving as the Chief Negotiator for the United Nations on biosafety liability, according to her bio on the World Economic Forum...

Since the book's announcement, Meta has forcefully responded to the book's allegations in a statement... "Eight years ago, Sarah Wynn-Williams was fired for poor performance and toxic behavior, and an investigation at the time determined she made misleading and unfounded allegations of harassment. Since then, she has been paid by anti-Facebook activists and this is simply a continuation of that work. Whistleblower status protects communications to the government, not disgruntled activists trying to sell books."
But the negative coverage continues, with the Observer Sunday highlighting it as their Book of the Week. "This account of working life at Mark Zuckerberg's tech giant organisation describes a 'diabolical cult' able to swing elections and profit at the expense of the world's vulnerable..."

Though ironically Wynn-Williams started their career with optimism about Facebook's role in the app internet.org. . "Upon witnessing how the nascent Facebook kept Kiwis connected in the aftermath of the 2011 Christchurch earthquake, she believed that Mark Zuckerberg's company could make a difference — but in a good way — to social bonds, and that she could be part of that utopian project...

What internet.org involves for countries that adopt it is a Facebook-controlled monopoly of access to the internet, whereby to get online at all you have to log in to a Facebook account. When the scales fall from Wynn-Williams's eyes she realises there is nothing morally worthwhile in Zuckerberg's initiative, nothing empowering to the most deprived of global citizens, but rather his tool involves "delivering a crap version of the internet to two-thirds of the world". But Facebook's impact in the developing world proves worse than crap. In Myanmar, as Wynn-Williams recounts at the end of the book, Facebook facilitated the military junta to post hate speech, thereby fomenting sexual violence and attempted genocide of the country's Muslim minority. "Myanmar," she writes with a lapsed believer's rue, "would have been a better place if Facebook had not arrived." And what is true of Myanmar, you can't help but reflect, applies globally...
"Myanmar is where Wynn-Williams thinks the 'carelessness' of Facebook is most egregious," writes the Sunday Times: In 2018, UN human rights experts said Facebook had helped spread hate speech against Rohingya Muslims, about 25,000 of whom were slaughtered by the Burmese military and nationalists. Facebook is so ubiquitous in Myanmar, Wynn-Williams points out, that people think it is the entire internet. "It's no surprise that the worst outcome happened in the place that had the most extreme take-up of Facebook." Meta admits it was "too slow to act" on abuse in its Myanmar services....

After Wynn-Williams left Facebook, she worked on an international AI initiative, and says she wants the world to learn from the mistakes we made with social media, so that we fare better in the next technological revolution. "AI is being integrated into weapons," she explains. "We can't just blindly wander into this next era. You think social media has turned out with some issues? This is on another level."

A ransomware-as-a-service variant called "Medusa" has claimed over 300 victims in "critical infrastructure sectors" (including medical), according to an joint alert from CISA, the FBI, and the Multi-State Information Sharing Analysis Center.

And that alert reminds us that Medusa is a globe-spanning operation that recruits third-party affiliates to plant ransomware and negotiate with victims, notes the Register. "Even organizations that have good ransomware recovery regimes, meaning they don't need to unscramble encrypted data as they have good backups and fall-back plans, may consider paying to prevent the release of their stolen data, given the unpleasant consequences that follow information leaks. Medusa actors also set a deadline for victims to pay ransoms and provide a countdown timer that makes it plain when stolen info will be sprayed across the internet. If victims cough up $10,000 in cryptocurrency, the crims push the deadline forward by 24 hours.

The advisory reveals one Medusa actor has taken things a step further. "FBI investigations identified that after paying the ransom, one victim was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom amount already paid," the advisory states. That separate actor then "requested half of the payment be made again to provide the 'true decryptor'," the advisory states, describing this incident as "potentially indicating a triple extortion scheme."
The security groups' advisory stresses that they "do not encourage paying ransoms as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations..." (But "Regardless of whether you or your organization have decided to pay the ransom, FBI, CISA, and MS-ISAC urge you to promptly report ransomware incidents...)

Besides updating software and operating systems, the alert makes these recommendations for organizations:

• Require VPNs (or jump hosts) for remote network access

• Block remote access from unknown/untrusted origins, and disable unused ports

• Segment networks to help prevent the spread of ransomware

• Use a networking monitoring tool to spot and investigate abnormal activity — including lateral movement (using endpoint detection and response tools). Log all network traffic, and monitor it for unauthorized scanning and access attempts.

• Create recovery plans with encrypted offline backups of sensitive/proprietary data and servers

• Require multifactor authentication, use strong (and long) passwords, and "consider not requiring frequently recurring password changes, as these can weaken security." (Also audit access control following the principle of least privilege, and watch for new and/or unrecognized accounts.)

• Disable command-line and scripting activities and permissions.

Long-time Slashdot reader BenFenner writes: For the third time in recent memory, CloudFlare has blocked large swaths of niche browsers and their users from accessing web sites that CloudFlare gate-keeps. In the past these issues have been resolved quickly (within a week) and apologies issued with promises to do better. (See 2024-03-11, 2024-07-08, and 2025-01-30.)

This time around it has been over six weeks and CloudFlare has been unable or unwilling to fix the problem on their end, effectively stalling any progress on the matter with various tactics including asking browser developers to sign overarching NDAs.
That last link is an update posted today by Pale Moon's main developer: Our current situation remains unchanged: CloudFlare is still blocking our access to websites through the challenges, and the captcha/turnstile continues to hang the browser until our watchdog terminates the hung script after which it reloads and hangs again after a short pause (but allowing users to close the tab in that pause, at least). To say that this upsets me is an understatement. Other than deliberate intent or absolute incompetence, I see no reason for this to endure. Neither of those options are very flattering for CloudFlare.

I wish I had better news.
In a comment, Slashdot reader BenFenner shares a list posted by Pale Moon's developer of reportedly affected browsers:

• Pale Moon
• Basilisk
• Waterfox
• Falkon
• SeaMonkey
• Various Firefox ESR flavors
• Thorium (on some systems)
• Ungoogled Chromium
• K-Meleon
• LibreWolf
• MyPal 68
• Otter browser

Slashdot reader Z00L00K speculates that "this is some kind of anti-bot measure that fails. I suspect that the reason for them wanting a NDA to be signed is to prevent ways to circumvent the anti-bot measures..."

With Microsoft ending free security updates for Windows 10 in October, millions of PCs that don't meet Windows 11's hardware requirements face an uncertain fate... Charities that refurbish and distribute computers to low-income individuals must choose between providing soon-to-be-insecure Windows 10 machines, transitioning to Linux -- despite usability challenges for non-tech-savvy users -- or recycling the hardware, contributing to ewaste. Tom's Hardware reports: So how bad will it really be to run an end-of-lifed Windows 10? Should people worry? [Chester Wisniewski, who serves as Director and Global Field CISO for Sophos, a major security services company] and other experts I talked to are unequivocal. You're at risk. "To put this in perspective, today [the day we talked] was Patch Tuesday," he said. "There were 57 vulnerabilities, 6 of which have already been abused by criminals before the fixes were available. There were also 57 in February and 159 in January. Windows 10 and Windows 11 largely have a shared codebase, meaning most, if not all, vulnerabilities each month are exploitable on both OSs. These will be actively turned into digital weapons by criminals and nation-states alike and Windows 10 users will be somewhat defenseless against them."

So, in short, even though Windows 10 has been around since 2015, there are still massive security holes being patched. Even within the past few weeks, dozens of vulnerabilities were fixed by Microsoft. So what's a charity to do when these updates are running out and clients will be left vulnerable? "What we decided to do is one year ahead of the cutoff, we discontinued Windows 10," said Casey Sorensen, CEO of PCs for People, one of the U.S.'s largest non-profit computer refurbishers. "We will distribute Linux laptops that are 6th or 7th gen. If we distribute a Windows laptop, it will be 8th gen or newer." Sorensen said that any PC that's fifth gen or older will be sent to an ewaste recycler.

[...] Sorensen, who founded the company in 1998, told us that he's comfortable giving clients computers that run Linux Mint, a free OS that's based on Ubuntu. The latest version of Mint, version 22.1, will be supported until 2029. "Ten years ago if we distributed Linux, they would be like what is it," he said. But today, he notes that many view their computers as windows to the Internet and, for that, a user-friendly version of Linux is acceptable. Further reading: Is 2025 the Year of the Linux Desktop?

Microsoft says that some USB printers will start printing random text after installing Windows updates released since late January 2025. From a report: The known issue affects Windows 10 (version 22H2) and Windows 11 (versions 22H2 and 23H2), but according to an update to the Windows release health dashboard, the latest Windows 11 24H2 is not impacted.

"After installing the January 2025 Windows preview update (KB5050092), released January 29, 2025, or later updates, you might observe issues with USB connected dual-mode printers that support both USB Print and IPP Over USB protocols," Redmond explains. "You might observe that the printer unexpectedly prints random text and data, including network commands and unusual characters."

On affected systems, users will often see erroneously printed text that begins with the header "POST /ipp/print HTTP/1.1," followed by other IPP (Internet Printing Protocol) related issues headers. These printing issues are more frequent when the printer is turned on or reconnected after being disconnected. Affected users will observe the printer unexpectedly printing when the print spooler sends IPP protocol messages to the printer and the printer driver is installed on the Windows device.

Mozilla has warned that the U.S. Department of Justice's proposed remedies in its antitrust case against Google would harm independent browsers and reduce competition in the browser market. The DOJ and several state attorneys general last week filed revised proposed remedies in the U.S. v. Google search case that would prohibit all search payments to browser developers, a move Mozilla says would disproportionately impact smaller players.

"These proposed remedies prohibiting search payments to small and independent browsers miss the bigger picture -- and the people who will suffer most are everyday internet users," said Mark Surman, President of Mozilla. Unlike Apple and Microsoft, which generate revenue from hardware and operating systems, Mozilla relies primarily on search revenue to fund browser development. Mozilla argues that cutting these payments would not solve search dominance but would instead strengthen the position of tech giants.

Mozilla also warned that the proposal threatens its ability to maintain Gecko, one of only three major browser engines alongside Google's Chromium and Apple's WebKit. "If we lose our ability to maintain Gecko, it's game over for an open, independent web," Surman said, noting that even Microsoft abandoned its browser engine in 2019. "If Mozilla is unable to sustain our browser engine, it would severely impact browser engine competition and mean the death of the open web as we know it -- essentially, creating a web where dominant players like Google and Apple, have even more control, not less."

Firefox serves 27 million monthly active users in the U.S. and nearly 205 million globally.

An anonymous reader quotes a report from the EFF: EFF is deeply saddened to learn of the passing of Mark Klein, a bona fide hero who risked civil liability and criminal prosecution to help expose a massive spying program that violated the rights of millions of Americans. Mark didn't set out to change the world. For 22 years, he was a telecommunications technician for AT&T, most of that in San Francisco. But he always had a strong sense of right and wrong and a commitment to privacy. When the New York Times reported in late 2005 that the NSA was engaging in spying inside the U.S., Mark realized that he had witnessed how it was happening. He also realized that the President was not telling Americans the truth about the program. And, though newly retired, he knew that he had to do something. He showed up at EFF's front door in early 2006 with a simple question: "Do you folks care about privacy?"

We did. And what Mark told us changed everything. Through his work, Mark had learned that the National Security Agency (NSA) had installed a secret, secure room at AT&T's central office in San Francisco, called Room 641A. Mark was assigned to connect circuits carrying Internet data to optical "splitters" that sat just outside of the secret NSA room but were hardwired into it. Those splitters -- as well as similar ones in cities around the U.S. -- made a copy of all data going through those circuits and delivered it into the secret room. Mark not only saw how it works, he had the documents to prove it. He brought us over a hundred pages of authenticated AT&T schematic diagrams and tables. Mark also shared this information with major media outlets, numerous Congressional staffers, and at least two senators personally. One, Senator Chris Dodd, took the floor of the Senate to acknowledge Mark as the great American hero he was.

An anonymous reader quotes a report from Ars Technica: On Wednesday, Google DeepMind announced two new AI models designed to control robots: Gemini Robotics and Gemini Robotics-ER. The company claims these models will help robots of many shapes and sizes understand and interact with the physical world more effectively and delicately than previous systems, paving the way for applications such as humanoid robot assistants. [...] Google's new models build upon its Gemini 2.0 large language model foundation, adding capabilities specifically for robotic applications. Gemini Robotics includes what Google calls "vision-language-action" (VLA) abilities, allowing it to process visual information, understand language commands, and generate physical movements. By contrast, Gemini Robotics-ER focuses on "embodied reasoning" with enhanced spatial understanding, letting roboticists connect it to their existing robot control systems. For example, with Gemini Robotics, you can ask a robot to "pick up the banana and put it in the basket," and it will use a camera view of the scene to recognize the banana, guiding a robotic arm to perform the action successfully. Or you might say, "fold an origami fox," and it will use its knowledge of origami and how to fold paper carefully to perform the task.

In 2023, we covered Google's RT-2, which represented a notable step toward more generalized robotic capabilities by using Internet data to help robots understand language commands and adapt to new scenarios, then doubling performance on unseen tasks compared to its predecessor. Two years later, Gemini Robotics appears to have made another substantial leap forward, not just in understanding what to do but in executing complex physical manipulations that RT-2 explicitly couldn't handle. While RT-2 was limited to repurposing physical movements it had already practiced, Gemini Robotics reportedly demonstrates significantly enhanced dexterity that enables previously impossible tasks like origami folding and packing snacks into Zip-loc bags. This shift from robots that just understand commands to robots that can perform delicate physical tasks suggests DeepMind may have started solving one of robotics' biggest challenges: getting robots to turn their "knowledge" into careful, precise movements in the real world. DeepMind claims Gemini Robotics "more than doubles performance on a comprehensive generalization benchmark compared to other state-of-the-art vision-language-action models."

Google is advancing this effort through a partnership with Apptronik to develop next-generation humanoid robots powered by Gemini 2.0. Availability timelines or specific commercial applications for the new AI models were not made available.

An anonymous reader quotes a report from The Register: New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it. The data was lifted from Allstate's National General business unit, which ran a website for consumers who wanted to get a quote for a policy. That task required users to input a name and address, and once that info was entered, the site searched a LexisNexis Risk Solutions database for data on anyone who lived at the address provided. The results of that search would then appear on a screen that included the driver's license number (DLN) for the given name and address, plus "names of any other drivers identified as potentially living at that consumer's address, and the entire DLNs of those other drivers."

Naturally, miscreants used the system to mine for people's personal information for fraud. "National General intentionally built these tools to automatically populate consumers' entire DLNs in plain text -- in other words, fully exposed on the face of the quoting websites -- during the quoting process," the court documents [PDF] state. "Not surprisingly, attackers identified this vulnerability and targeted these quoting tools as an easy way to access the DLNs of many New Yorkers," according to the lawsuit. The digital thieves then used this information to "submit fraudulent claims for pandemic and unemployment benefits," we're told. ... [B]y the time the insurer resolved the mess, crooks had built bots that harvested at least 12,000 individuals' driver's license numbers from the quote-generating site.

The Ballista botnet is actively exploiting a high-severity remote code execution flaw (CVE-2023-1389) in TP-Link Archer AX-21 routers, infecting over 6,000 devices primarily in Brazil, Poland, the UK, Bulgaria, and Turkey. Tom's Hardware reports: According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks.

Ballista's most recent exploitation attempt was February 17, 2025 and Cato CTRL first detected it on January 10, 2025. Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico.

SpaceX's Starlink has secured its first agreement in India, partnering with telecommunications leader Bharti Airtel to bring high-speed satellite internet to the world's most populous country, the companies announced Tuesday [PDF].

The landmark deal will enable Starlink to tap into Airtel's extensive retail network and ground infrastructure while expanding its global reach into previously underserved regions across India, pending regulatory authorizations.

"We are excited to work with Airtel and unlock the transformative impact Starlink can bring to the people of India," said Gwynne Shotwell, President and Chief Operating Officer of SpaceX. "The team at Airtel has played a pivotal role in India's telecom story, so working with them to complement our direct offering makes great sense for our business."

The collaboration will explore selling Starlink equipment through Airtel's retail stores and offering services to business customers while connecting communities in rural areas with limited connectivity.

Internet shutdowns in Africa hit a record high in 2024, with 21 shutdowns across 15 countries. The previous record was 19 shutdowns in 2020 and 21. The Guardian reports: Authorities in Comoros, Guinea-Bissau and Mauritius joined repeat offenders such as Burundi, Ethiopia, Equatorial Guinea and Kenya. Guinea, Nigeria, Senegal and Tanzania were also on the list. But perpetrators also included militias and other non-state actors. Telecommunication and internet service providers who shut services based on government orders are also complicit in violating people's rights, said Felicia Anthonio, the #KeepItOn campaign manager at Access Now, citing the UN guiding principles on business and human rights.

The details showed that most of the shutdowns were imposed as a response to conflicts, protests and political instability. There were also restrictions during elections. [...] At least five shutdowns in Africa had been imposed for more than a year by the end of 2024, according to Access Now. As of early 2025, the social network Meta was still restricted in Uganda, despite authorities engaging with its representatives. On the Equatorial Guinean island of Annobon, internet and cell services have been cut off since an August 2024 protest over environmental concerns and isolation from the rest of the country. The increase in shutdowns led the African Commission on Human and Peoples' Rights to pass a landmark resolution in March 2024 to help reverse the trend.

August, 2023: Thousands of Crypto Scammers are Enslaved by Human-Trafficking Gangsters, Says Bloomberg Reporter. ("They'd lure young people from across Southeast Asia...with the promise of well-paying jobs in customer service or online gambling.")

February, 2025: A coordinated response begins by Thai, Chinese and Myanmar authorities, which includes cutting power, internet, and fuel supplies to the scam centers.

Today: The Associated Press reports that thousands of the people liberated from locked compounds in Myanmar now "have found themselves trapped once again, this time in overcrowded facilities with no medical care, limited food and no idea when they'll be sent home." Thousands of sick, exhausted and terrified young men and women, from countries all over the world squat in rows, packed shoulder to shoulder, surgical masks covering their mouths and eyes. Their nightmare was supposed to be over... The armed groups who are holding the survivors, as well as Thai officials across the border, say they are awaiting action from the detainees' home governments. It's one of the largest potential rescues of forced laborers in modern history, but advocates say the first major effort to crack down on the cyber scam industry has turned into a growing humanitarian crisis...

An unconfirmed list provided by authorities in Myanmar says they're holding citizens from 29 countries including Philippines, Kenya and the Czech Republic. Authorities in Thailand say they cannot allow foreigners to cross the border from Myanmar unless they can be sent home immediately, leaving many to wait for help from embassies that has been long in coming. China sent a chartered flight Thursday to the tiny Mae Sot airport to pick up a group of its citizens, but few other governments have matched that. There are roughly 130 Ethiopians waiting in a Thai military base, stuck for want of a $600 plane ticket. Dozens of Indonesians were bused out one morning last week, pushing suitcases and carrying plastic bags with their meager possessions as they headed to Bangkok for a flight home... The recent abrupt halt to U.S. foreign aid funding has made it even harder to get help to released scam center workers...

It's not clear how much of an effect these releases will have on the criminal groups that run the scam centers. February marked the third time the Thais have cut internet or electricity to towns across the river. Each time, the compounds have managed to work around the cuts. Large compounds have access to diesel-powered generators, as well as access to internet provider Starlink, experts working with law enforcement say.
The article also points out that "The people released are just a small fraction of what could be 300,000 people working in similar scam operations across the region, according to an estimate from the United States Institute of Peace. Human rights groups and analysts add that the networks that run these illegal scams will continue to operate unless much broader action is taken against them..."

"The United Nations Office on Drugs and Crimes estimates that between $18 billion and $37 billion was lost in Asia alone in 2023, with minimal government action against the criminal industry's spread."