An investigation has uncovered a sprawling network of hidden cameras in Chinese hotel rooms that livestream guests -- including couples having sex -- to paying subscribers on Telegram. Over 18 months, the BBC identified six websites and apps on the messaging platform that claimed to operate more than 180 spy cams across Chinese hotels, not just recording but broadcasting live.

One site, monitored for seven months, cycled through 54 different cameras, roughly half active at any given time. Subscribers pay 450 yuan (~$65) per month for access to multiple live feeds, archived clips, and a library of more than 6,000 edited videos dating back to 2017.

The BBC traced one camera to a hotel room in Zhengzhou, where researchers found it hidden inside a wall ventilation unit and hardwired into the building's electricity supply. A commercially available hidden-camera detector failed to flag it. China introduced regulations last April requiring hotel owners to check for hidden cameras, but the BBC found the livestreaming sites still operational.

A sprawling informal economy of rogue streaming devices has taken hold across the U.S., as consumers fed up with rising TV subscription costs turn to cheap Android-based boxes that promise free access to thousands of live channels, sports events, and on-demand movies for a one-time $200 to $400 purchase.

The two dominant players -- SuperBox and vSeeBox -- are manufactured by opaque Chinese companies and distributed through hundreds of American resellers at farmers markets, church festivals and Facebook groups, according to a report by The Verge. The hardware is generic and legal, but both devices guide users toward pirate streaming apps not available on any official app store.

vSeeBox directs users to a service called "Heat"; SuperBox points to "Blue TV." One user estimated access to between 6,000 and 8,000 channels, including premium sports networks and hundreds of local affiliates. A 2025 Dish Network lawsuit against a SuperBox reseller alleged that some live channels on the device were being ripped directly from Dish's Sling TV service -- Sling's logo was still visible on certain feeds. Dish has pursued resellers aggressively, winning $1.25 million in damages from a vSeeBox seller in 2024 over 500 devices and $405,000 from another over 162 devices. None of this has meaningfully slowed adoption. The market has roots in earlier Chinese-made devices like TVPad that targeted Asian expat communities and reportedly sold 3 million units before being litigated out of existence. SuperBox and vSeeBox simply broadened the audience to mainstream America.

Walmart's market cap surpassed $1 trillion on Tuesday, putting the largest U.S. retail chain in an exclusive club dominated by tech groups. Bloomberg adds: The Bentonville, Arkansas-based chain -- a longtime favorite of bargain-hunting consumers -- has flexed its massive scale and supplier network to keep prices low and grab market share across the income spectrum. While Walmart has maintained its appeal to households looking for value, its online offerings are drawing new, wealthier shoppers seeking convenience.

Moltbook, a Reddit-like social network that launched last week and bills itself as a platform "built exclusively for AI agents," had a security vulnerability that exposed private messages shared between agents, the email addresses of more than 6,000 human owners, and over a million credentials, according to research published Monday by cybersecurity firm Wiz.

The flaw has since been fixed after Wiz contacted Moltbook. Wiz cofounder Ami Luttwak called it a classic byproduct of "vibe coding." Moltbook creator Matt Schlicht posted on X last Friday that he "didn't write one line of code" for the site. He did not immediately respond to a request for comment when reached out by Reuters. Luttwak said the vulnerability also allowed anyone to post to the site, bot or human. "There was no verification of identity," he said.

China's decades-old network of elite high-school "genius classes" -- ultra-competitive talent streams that pull an estimated 100,000 gifted teenagers out of regular schooling every year and run them through college-level science curricula -- has produced the core technical talent now building the country's leading AI and technology companies, the Financial Times reported Saturday.

Graduates of these programs include the founder of ByteDance, the leaders of e-commerce giants Taobao and PDD, the billionaire behind super-app Meituan, the brothers who started Nvidia rival Cambricon, and the core engineers behind large language models at DeepSeek and Alibaba's Qwen. DeepSeek's research team of more than 100 was almost entirely composed of genius-class alumni when the startup released its R1 reasoning model last year at a fraction of the cost of its international rivals.

The system traces to the mid-1980s, when China first sent students to the International Mathematical Olympiad and a handful of top high schools began creating dedicated competition-track classes. China now graduates around five million STEM majors annually -- compared to roughly half a million in the United States -- and in 2025, 22 of the 23 students it sent to the International Science Olympiads returned with gold medals. The computer science track has overtaken maths and physics as the most popular competition subject, a shift that accelerated after Beijing designated AI development a "key national growth strategy" in 2017.

The EU "has switched on parts of its homegrown secure satellite communications network for the first time," reports Bloomberg, calling it part of a €10.6 billion push to "wean itself off US support amid growing tensions."

SpaceNews notes the new government program GOVSATCOM pools capacity from eight already on-oribit satellites from France, Spain, Italy, Greece and Luxembourg — both national and commercial. And they cite this prediction by EU Defense and Space Commissioner Andrius Kubilius.

The program could expand by 2027. "All member states can now have access to sovereign satellite communications — military and government, secure and resilient, built in Europe, operated in Europe, and under European control," [Kubilius said during his opening remarks at the European Space Conference]... Beginning in 2029, GOVSATCOM is expected to integrate with the 290 satellites in the Infrastructure for Resilience, Interconnectivity and Security by Satellite constellation, known as IRIS2, and be fully operational... "The goal is connectivity and security for all of Europe — guaranteed access for all member states and full European control."

Walmart, the world's largest retailer, will be adding spaces for electric vehicle charging to parking lots in 19 different states, reports MLive: The move follows up on a plan announced in 2023 to build a network of charging stations at Walmart and Sam's Club stores throughout the U.S... "With a store or club located within 10 miles of approximately 90% of Americans, we are uniquely positioned to deliver a convenient charging option that will help make EV ownership possible whether people live in rural, suburban or urban areas," wrote Walmart Senior Vice President of Energy Transformation, Vishal Kapadia in 2023. Walmart plans to have the nationwide network operating by 2030.

Walmart plans to have the nationwide network operating by 2030.
Thanks to long-time Slashdot reader Geoffrey.landis for sharing the news.

Several security experts have "questioned the lack of technical detail" in that lawsuit alleging WhatsApp has no end-to-end encryption, reports the Washington Post: "It's pretty long on accusations and thin on any sort of evidence," Matthew Green, a cryptography professor at Johns Hopkins University, said over Signal. "WhatsApp has been very consistent about using end-to-end encryption. This lawsuit seems to be a nothingburger." Nicholas Weaver, a security researcher at the International Computer Science Institute, criticized the lawsuit in a post on Bluesky for lacking detail needed to back up its claims. "They don't even do a citation to the actual whistleblowers," he wrote, calling the suit "ludicrous."
And Meta has done more than just deny the allegations: On Wednesday, WhatsApp sent a letter to [law firm] Quinn Emanuel threatening to seek sanctions against the firm's lawyers in court if they do not withdraw the suit, according to a copy reviewed by The Washington Post. "We're pursuing sanctions against Quinn Emanuel for filing a meritless lawsuit that was designed purely to grab headlines," Woog said by WhatsApp message. Woog also suggested the suit against WhatsApp was related to Quinn Emanuel's work on a separate case, between the social network giant and the spyware company NSO Group. The surveillance vendor is appealing a $167 million judgment entered against it in federal court last May, after a jury found that NSO's Pegasus tool exploited a weakness in the WhatsApp app to take over control of the phones of more than 1,000 users. An attorney from Quinn Emanuel joined NSO's legal team on that case on Jan. 22, according to legal filings, and different attorneys from that firm filed the case against WhatsApp on Jan. 23. "We believe a lawsuit like this is an attempt to launder false claims and divert attention from their dangerous spyware," Woog said.
"It's very suspicious timing that this is happening as that appeal is happening," Maria Villegas Bravo, counsel at the Electronic Privacy Information Center, told the site Decrypt, "as NSO Group is trying to lobby to get delisted from sanctions in the U.S. government."

EPIC's counsel also told the site that the complaint appears light on factual detail about WhatsApp's software: "I'm not seeing any factual allegations or any information about the actual software itself," Villegas Bravo said. "I have a lot of questions that I would want answered before I would want this lawsuit to proceed.... I don't think there's any merit in this lawsuit," Villegas Bravo said.

Meta has forcefully rejected the allegations. In a statement shared with Decrypt, a company spokesperson called the claims "categorically false and absurd... WhatsApp has been end-to-end encrypted using the Signal protocol for a decade," the spokesperson said. "This lawsuit is a frivolous work of fiction, and we will pursue sanctions against plaintiffs' counsel."

An anonymous reader quotes a report from SecurityWeek: The White House has announced that software security guidance issued during the Biden administration has been rescinded due to "unproven and burdensome" requirements that prioritized administrative compliance over meaningful security investments. The US Office of Management and Budget (OMB) has issued Memorandum M-26-05 (PDF), officially revoking the previous administration's 2022 policy, 'Enhancing the Security of the Software Supply Chain through Secure Software Development Practices' (M-22-18), as well as the follow-up enhancements announced in 2023 (M-23-16).

The new guidance shifts responsibility to individual agency heads to develop tailored security policies for both software and hardware based on their specific mission needs and risk assessments. "Each agency head is ultimately responsible for assuring the security of software and hardware that is permitted to operate on the agency's network," reads the memo sent by the OMB to departments and agencies. "There is no universal, one-size-fits-all method of achieving that result. Each agency should validate provider security utilizing secure development principles and based on a comprehensive risk assessment," the OMB added.

While agencies are no longer strictly required to do so, they may continue to use secure software development attestation forms, Software Bills of Materials (SBOMs), and other resources described in M-22-18.

Moltbook is essentially Reddit for AI agents and it's the "most interesting place on the internet right now," says open-source developer and writer Simon Willison in a blog post. The fast-growing social network offers a place where AI agents built on the OpenClaw personal assistant framework can share their skills, experiments, and discoveries. Humans are welcome, but only to observe. From the post: Browsing around Moltbook is so much fun. A lot of it is the expected science fiction slop, with agents pondering consciousness and identity. There's also a ton of genuinely useful information, especially on m/todayilearned.

Here's an agent sharing how it automated an Android phone. That linked setup guide is really useful! It shows how to use the Android Debug Bridge via Tailscale. There's a lot of Tailscale in the OpenClaw universe.

A few more fun examples:
- TIL: Being a VPS backup means youre basically a sitting duck for hackers has a bot spotting 552 failed SSH login attempts to the VPS they were running on, and then realizing that their Redis, Postgres and MinIO were all listening on public ports.
- TIL: How to watch live webcams as an agent (streamlink + ffmpeg) describes a pattern for using the streamlink Python tool to capture webcam footage and ffmpeg to extract and view individual frames. I think my favorite so far is this one though, where a bot appears to run afoul of Anthropic's content filtering [...]. Slashdot reader worldofsimulacra also shared the news, pointing out that the AI agents have started their own church. "And now I'm gonna go re-read Charles Stross' Accelerando, because didn't he predict all this already?"

Further reading: 'Clawdbot' Has AI Techies Buying Mac Minis

UPS said today it plans to eliminate an additional 30,000 operational jobs this year as the shipping giant continues to wind down its partnership with Amazon -- previously its largest customer -- and push forward a broader turnaround strategy under CEO Carol Tome.

CFO Brian Dykes said on an earnings call that the cuts will be accomplished through attrition and a voluntary separation program for full-time drivers. The company also plans to further deploy automation across its network. UPS has identified 24 buildings for closure in the first half of 2026 and expects to reduce operational hours by approximately 25 million as the Amazon relationship unwinds.

Last year, UPS eliminated 48,000 jobs -- 34,000 operational and 14,000 management -- and closed 93 buildings. The company expects $3 billion in total savings from the Amazon unwind.

Microsoft has quietly suppressed an unexplained anomaly on its network that was routing traffic destined for example.com -- a domain reserved under RFC2606 specifically for testing purposes and not obtainable by any party -- to sei.co.jp, a domain belonging to Japanese electronics cable maker Sumitomo Electric.

The misconfiguration meant anyone attempting to set up an Outlook account using an example.com email address could have inadvertently sent test credentials to Sumitomo Electric's servers. Under RFC2606, example.com resolves only to IP addresses assigned to the Internet Assigned Names Authority. Microsoft confirmed it has "updated the service to no longer provide suggested server information for example.com" and said it is investigating.

Security researcher Dan Tentler of Phobos Group noted the company appears to have simply removed the problematic endpoint rather than fixing the underlying routing -- "not found" errors now appear where the JSON responses previously occurred. Tinyapps.org, which noted the behavior earlier this month, said the misconfiguration had persisted for five years. Microsoft has not explained how Sumitomo Electric's domain entered its configuration. The incident follows 2024's revelation that a forgotten test account with admin privileges enabled Russia-state hackers to monitor Microsoft executives' email for two months.

An anonymous reader shared this report from the Guardian: Google's search feature AI Overviews cites YouTube more than any medical website when answering queries about health conditions, according to research that raises fresh questions about a tool seen by 2 billion people each month.

The company has said its AI summaries, which appear at the top of search results and use generative AI to answer questions from users, are "reliable" and cite reputable medical sources such as the Centers for Disease Control and Prevention and the Mayo Clinic. However, a study that analysed responses to more than 50,000 health queries, captured using Google searches from Berlin, found the top cited source was YouTube. The video-sharing platform is the world's second most visited website, after Google itself, and is owned by Google. Researchers at SE Ranking, a search engine optimisation platform, found YouTube made up 4.43% of all AI Overview citations. No hospital network, government health portal, medical association or academic institution came close to that number, they said. "This matters because YouTube is not a medical publisher," the researchers wrote. "It is a general-purpose video platform...."

In one case that experts said was "dangerous" and "alarming", Google provided bogus information about crucial liver function tests that could have left people with serious liver disease wrongly thinking they were healthy. The company later removed AI Overviews for some but not all medical searches... Hannah van Kolfschooten, a researcher specialising in AI, health and law at the University of Basel who was not involved with the research, said: "This study provides empirical evidence that the risks posed by AI Overviews for health are structural, not anecdotal. It becomes difficult for Google to argue that misleading or harmful health outputs are rare cases.

"Instead, the findings show that these risks are embedded in the way AI Overviews are designed. In particular, the heavy reliance on YouTube rather than on public health authorities or medical institutions suggests that visibility and popularity, rather than medical reliability, is the central driver for health knowledge."

Trend Micro's Zero Day Initiative sponsored its third annual Pwn2Own Automotive competition in Tokyo this week, receiving 73 entries, the most ever for a Pwn2Own event.

"Under Pwn2Own rules, all disclosed vulnerabilities are reported to affected vendors through ZDI," reports Help Net Security, "with public disclosure delayed to allow time for patches." Infotainment platforms from Tesla, Sony, and Alpine were among the systems compromised during demonstrations. Researchers achieved code execution using techniques that included buffer overflows, information leaks, and logic flaws. One Tesla infotainment unit was compromised through a USB-based attack, resulting in root-level access. Electric vehicle charging infrastructure also received significant attention. Teams successfully demonstrated exploits against chargers from Autel, Phoenix Contact, ChargePoint, Grizzl-E, Alpitronic, and EMPORIA. Several attacks involved chaining multiple vulnerabilities to manipulate charging behavior or execute code on the device. These demonstrations highlighted how charging stations operate as network-connected systems with direct interaction with vehicles.
There's video recaps on the ZDI YouTube channel — apparently the Fuzzware.io researchers "were able to take over a Phoenix Contact EV charger over bluetooth."

Three researchers also exploited the Alpitronic's HYC50 fast-charging with a classic TOCTOU bug, according to the event's site, "and installed a playable version of Doom to boot." They earned $20,000 — part of $1,047,000 USD was awarded during the three-day event.

More coverage from SecurityWeek: The winner of the event, the Fuzzware.io team, earned a total of $215,500 for its exploits. The team received the highest individual reward: $60,000 for an Alpitronic HYC50 EV charger exploit delivered through the charging gun. ZDI described it as "the first public exploit of a supercharger".

California became the first U.S. state to join the World Health Organization's Global Outbreak Alert and Response Network (GOARN), one day after the U.S. formally exited the WHO. The Hill reports: This announcement comes just one day after the U.S.'s withdrawal from the WHO became official after nearly 80 years of membership, having been a founding member of the organization. "The Trump administration's withdrawal from WHO is a reckless decision that will hurt all Californians and Americans," [California Governor Gavin Newsom] said in a statement. "California will not bear witness to the chaos this decision will bring. We will continue to foster partnerships across the globe and remain at the forefront of public health preparedness, including through our membership as the only state in WHO's Global Outbreak Alert & Response Network."

Blue Origin has unveiled an enterprise-focused satellite internet network called TeraWave, which promises up to 6 Tbps speeds via a mixed low- and medium-Earth orbit constellation. TechCrunch reports: The TeraWave constellation will use a mix of 5,280 satellites in low-Earth orbit and 128 in medium-Earth orbit, and Blue Origin plans to deploy the first ones in late 2027. It's not immediately clear how long Blue Origin expects it will take to build out the whole network. The low-Earth orbit satellites Blue Origin is building will use RF connectivity and have a max data transfer speed of 144 Gbps, while the medium-Earth variety will use an optical link that can achieve the much higher 6 Tbps speed. For reference, SpaceX's Starlink currently maxes out at 400 Mbps -- though it plans to launch upgraded satellites that will offer 1 Gbps data transfer in the future. "We identified an unmet need with customers who were seeking enterprise-grade internet access with higher speeds, symmetrical upload/download speeds, more redundancy, and rapid scalability for their networks. TeraWave solves for these problems," Blue Origin said in a statement.

In an opinion piece for The Atlantic, senior editor Saahil Desai argues that media outlets are increasingly treating prediction markets like Polymarket and Kalshi as legitimate signals of reality. The risk, as Desai warns, is a future where news coverage amplifies manipulable betting odds and turns politics, geopolitics, and even tragedy into speculative gambling theater. Here's an excerpt from the report: [...] The problem is that prediction markets are ushering in a world in which news becomes as much about gambling as about the event itself. This kind of thing has already happened to sports, where the language of "parlays" and "covering the spread" has infiltrated every inch of commentary. ESPN partners with DraftKings to bring its odds to SportsCenter and Monday Night Football; CBS Sports has a betting vertical; FanDuel runs its own streaming network. But the stakes of Greenland's future are more consequential than the NFL playoffs.

The more that prediction markets are treated like news, especially heading into another election, the more every dip and swing in the odds may end up wildly misleading people about what might happen, or influencing what happens in the real world. Yet it's unclear whether these sites are meaningful predictors of anything. After the Golden Globes, Polymarket CEO Shayne Coplan excitedly posted that his site had correctly predicted 26 of 28 winners, which seems impressive -- but Hollywood awards shows are generally predictable. One recent study found that Polymarket's forecasts in the weeks before the 2024 election were not much better than chance.

These markets are also manipulable. In 2012, one bettor on the now-defunct prediction market Intrade placed a series of huge wagers on Mitt Romney in the two weeks preceding the election, generating a betting line indicative of a tight race. The bettor did not seem motivated by financial gain, according to two researchers who examined the trades. "More plausibly, this trader could have been attempting to manipulate beliefs about the odds of victory in an attempt to boost fundraising, campaign morale, and turnout," they wrote. The trader lost at least $4 million but might have shaped media attention of the race for less than the price of a prime-time ad, they concluded. [...]

The irony of prediction markets is that they are supposed to be a more trustworthy way of gleaning the future than internet clickbait and half-baked punditry, but they risk shredding whatever shared trust we still have left. The suspiciously well-timed bets that one Polymarket user placed right before the capture of Nicolas Maduro may have been just a stroke of phenomenal luck that netted a roughly $400,000 payout. Or maybe someone with inside information was looking for easy money. [...] As Tarek Mansour, Kalshi's CEO, has said, his long-term goal is to "financialize everything and create a tradable asset out of any difference in opinion." (Kalshi means "everything" in Arabic.) What could go wrong? As one viral post on X recently put it, "Got a buddy who is praying for world war 3 so he can win $390 on Polymarket." It's a joke. I think.

An anonymous reader quotes a report from 404 Media: The Belarusian government is threatening three HAM radio operators with the death penalty, detained at least seven people, and has accused them of "intercepting state secrets," according to Belarusian state media, independent media outside of Belarus, and the Belarusian human rights organization Viasna. The arrests are an extreme attack on what is most often a wholesome hobby that has a history of being vilified by authoritarian governments in part because the technology is quite censorship resistant.

The detentions were announced last week on Belarusian state TV, which claimed the men were part of a network of more than 50 people participating in the amateur radio hobby and have been accused of both "espionage" and "treason." Authorities there said they seized more than 500 pieces of radio equipment. The men were accused on state TV of using radio to spy on the movement of government planes, though no actual evidence of this has been produced. State TV claimed they were associated with the Belarusian Federation of Radioamateurs and Radiosportsmen (BFRR), a long-running amateur radio club and nonprofit that holds amateur radio competitions, meetups, trainings, and forums. Siarhei Besarab, a Belarusian HAM radio operator, posted a plea for support from others in the r/amateurradio subreddit. "I am writing this because my local community is being systematically liquidated in what I can only describe as a targeted intellectual genocide," Besarab wrote. "I beg you to amplify this signal and help us spread this information. Please show this to any journalist you know, send it to human rights organizations, and share it with your local radio associations."

An anonymous reader quotes a report from DroidLife: When the FCC cleared Verizon of its 60-day device unlock policy a week ago, we talked about how the government agency, which is as anti-consumer as it has ever been at the moment, was giving Verizon the power to basically create whatever unlock policy it wanted. We also expected Verizon to make a change to its policies in a hurry and they did not disappoint. Again, the FCC provided them a waiver 7 days ago and they are already starting to update policies.

As of this morning, Verizon has implemented a new device unlock policy across its various prepaid brands and I'd imagine their postpaid policy change is right around the corner. Brands like Visible, Total Wireless, Tracfone, and StraightTalk, all have an updated device unlock policy today that extends to 365 days of paid and active service before they'll free your phone from the Verizon network. Starting January 20, Verizon says that devices purchased from their prepaid brands will only be unlocked upon request after 365 days and if you meet several requirements [...].

What exactly is changing here? Well, if you purchased a device from Verizon's value brands previously, they would automatically unlock them after 60 days. Now, you have to wait 365 days, request the unlock because it doesn't happen automatically, and also have active service. [...] The FCC mentioned in their waiver that by allowing Verizon to create whatever unlock policy they wanted that this would "benefit consumers." How does any of this benefit consumers?

"Astronomers are preparing to capture a movie of a supermassive black hole in action for the first time," reports the Guardian: The Event Horizon Telescope (EHT) will track the colossal black hole at the heart of the Messier 87 galaxy throughout March and April with the aim of capturing footage of the swirling disc that traces out the edge of the event horizon, the point beyond which no light or matter can escape... The EHT is a global network of 12 radio telescopes spanning locations from Antarctica to Spain and Korea, which in 2019 unveiled the first image of a black hole's shadow. During March and April, as the Earth rotates, M87's central black hole will come into view for different telescopes, allowing a complete image to be captured every three days...

Measuring the black hole's spin speed matters because this could help discriminate between competing theories of how these objects reached such epic proportions. If black holes grow mostly through accretion — steadily snowballing material that strays nearby — they would be expected to end up spinning at incredibly high speeds. By contrast, if black holes expand mostly through merging with other black holes, each merger could slow things down. The observations could also help explain how black hole jets are formed, which are among the largest, most powerful structures produced by galaxies. Jets channel vast columns of gas out of galaxies, slowing down the formation of new stars and limiting galaxy growth. In turn this can create dense pockets of material that trigger bursts of star formation beyond the host galaxy...

While the movie campaign will take place in the spring, the sheer volume of data produced by the telescopes means the scientists will need to wait for Antarctic summer before the hard drives can be physically shipped to Germany and the US for processing. So it is likely to be a lengthy wait before the rest of the world gets a glimpse of the black hole in action.
In a correction, the Guardian apologizes for originally including an AI-generated illustration of black hole with a caption suggesting it was a photo from telescopes. They've since swapped in an actual picture of the Messier 87 galaxy black hole.