An anonymous reader shared this report from BleepingComputer: Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components. The issues allow local unprivileged users to create user namespaces with full administrative capabilities and impact Ubuntu versions 23.10, where unprivileged user namespaces restrictions are enabled, and 24.04 which has them active by default...

Ubuntu added AppArmor-based restrictions in version 23.10 and enabled them by default in 24.04 to limit the risk of namespace misuse. Researchers at cloud security and compliance company Qualys found that these restrictions can be bypassed in three different ways... The researchers note that these bypasses are dangerous when combined with kernel-related vulnerabilities, and they are not enough to obtain complete control of the system... Qualys notified the Ubuntu security team of their findings on January 15 and agreed to a coordinated release. However, the busybox bypass was discovered independently by vulnerability researcher Roddux, who published the details on March 21.

Canonical, the organization behind Ubuntu Linux, has acknowledged Qualys' findings and confirmed to BleepingComputer that they are developing improvements to the AppArmor protections. A spokesperson told us that they are not treating these findings as vulnerabilities per se but as limitations of a defense-in-depth mechanism. Hence, protections will be released according to standard release schedules and not as urgent security fixes.
Canonical shared hardening steps that administrators should consider in a bulletin published on their official "Ubuntu Discourse" discussion forum.

A new study warns that toxic Martian dust contains fine particles and harmful substances like silica and metals that pose serious health risks to astronauts, making missions to Mars more dangerous than previously thought. The Guardian reports: During Apollo missions to the moon, astronauts suffered from exposure to lunar dust. It clung to spacesuits and seeped into the lunar landers, causing coughing, runny eyes and irritated throats. Studies showed that chronic health effects would result from prolonged exposure. Martian dust isn't as sharp and abrasive as lunar dust, but it does have the same tendency to stick to everything, and the fine particles (about 4% the width of a human hair) can penetrate deep into lungs and enter the bloodstream. Toxic substances in the dust include silica, gypsum and various metals.

"A mission to Mars does not have the luxury of rapid return to Earth for treatment," the researchers write in the journal GeoHealth. And the 40-minute communication delay will limit the usefulness of remote medical support from Earth. Instead, the researchers stress that limiting exposure to dust is essential, requiring air filters, self-cleaning space suits and electrostatic repulsion devices, for example.

A breach of legacy Cerner servers at Oracle Health exposed patient data from multiple U.S. hospitals and healthcare organizations, with threat actors using compromised customer credentials to steal the data before it had been migrated to Oracle Cloud. Despite confirming the breach privately, Oracle Health has yet to publicly acknowledge the incident. BleepingComputer reports: Oracle Health, formerly known as Cerner, is a healthcare software-as-a-service (SaaS) company offering Electronic Health Records (EHR) and business operations systems to hospitals and healthcare organizations. After being acquired by Oracle in 2022, Cerner was merged into Oracle Health, with its systems migrated to Oracle Cloud. In a notice sent to impacted customers and seen by BleepingComputer, Oracle Health said it became aware of a breach of legacy Cerner data migration servers on February 20, 2025.

"We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud," reads a notification sent to impacted Oracle Health customers. Oracle says that the threat actor used compromised customer credentials to breach the servers sometime after January 22, 2025, and copied data to a remote server. This stolen data "may" have included patient information from electronic health records. However, multiple sources told BleepingComputer that it was confirmed that patient data was stolen during the attack.

Oracle Health is also telling hospitals that they will not notify patients directly and that it is their responsibility to determine if the stolen data violates HIPAA laws and whether they are required to send notifications. However, the company says they will help identify impacted individuals and provide templates to help with notifications.

An anonymous reader shares a report: New data recently released by the Environmental Protection Agency indicate that more than 158 million people across the U.S. have drinking water contaminated by toxic "forever chemicals," scientifically known as perfluoroalkyl and polyfluoroalkyl substances (PFAS).

"Drinking water is a major source of PFAS exposure. The sheer number of contaminated sites shows that these chemicals are likely present in most of the U.S. water supply," said David Andrews, deputy director of investigations and a senior scientist at the Environmental Working Group (EWG), a nonprofit advocacy organization, in a recent press release.

An anonymous reader shares a report: A former director of data science at the UK prime minister's office has told MPs that people working with data in government are not typically technical and would be unlikely to get a similar job in the private sector.

In a hearing designed to illuminate the challenges facing the Department for Science, Innovation and Technology (DSIT) as it strives to become the digital centre for government, MPs quizzed Laura Gilbert, head of AI for Government, at the Ellison Institute and former director of data science at 10 Downing Street, the prime ministers' office.

Members of the House of Common's Science, Innovation and Technology Committee wanted to know about the performance of the Government Digital Service, which in January was moved from the Cabinet Office to DSIT and merged with Central Digital and Data Office (CDDO), the Incubator for AI (i.AI). Gilbert, a particle physicist who has worked in a number of tech industry roles, said one of the challenges was understanding the level of tech skills in the civil service in central government.

The College Board, described as a $2 billion nonprofit, functions as the primary gatekeeper for academic success within American higher education, according to an analysis by Bloomberg. The organization significantly shapes university admissions by controlling not only who gains entry to college but also influencing what students know upon arrival.

This central role in managing and defining higher education admissions positions the Board uniquely. The story adds: The College Board writes the curriculum for 40 AP courses, administers and grades the exams, oversees the PSAT and SAT, and offers a variety of free and paid resources to help prepare for the courses and tests. Many students will wind up paying the company north of $1,000 over the course of their high school career. "If the same people can create the content and create the tests, that's a really great business model where you've got the whole public secondary education system wrapped up in one little company," says Jon Boeckenstedt, the vice provost of enrollment management at Oregon State University and a prominent critic of the College Board.

Housing so many parts of the high school experience under one roof has made the New York-based organization immensely wealthy, with more than $1 billion in annual revenue -- on which it pays no taxes as a 501(c)(3) nonprofit. But mere money isn't the biggest source of the College Board's might. Twelve decades after its creation, it's now the closest thing the fragmented American educational system has to a central governing body, with a huge amount of authority over what students are expected to know when they get to college. Higher education is arguably the most important driver of social mobility, as well as the most powerful force in selecting which members of the next generation will set the political and cultural agenda. By controlling who gets in and what they know when they get there, the College Board has become the chief gatekeeper of academic success in America.

An anonymous reader shares a report: Staff at the Federal Trade Commission have been instructed to no longer refer to the agency as "independent" in complaints, according to an email obtained by The Verge.

A Nature survey has found that three-quarters of responding U.S. scientists are considering leaving the nation following disruptions to science under the Trump administration.

Out of 1,608 respondents, 75.3% said they were contemplating leaving the country. Scientists cited concerns over research funding and the general treatment of science as contributing factors for their reasoning. Europe and Canada were mentioned as potential destinations for those looking for opportunities abroad.

theodp writes: "As I prepared for a White House meeting last fall on the nation's electricity needs," begins Microsoft President Brad Smith in The Country Needs More Electricity --And More Electricians, a Fox Business op-ed. "I met with the leaders at Microsoft who are building our AI infrastructure across the country. During our discussion, I asked them to identify the single biggest challenge for data center expansion in the U.S. I expected they would mention slow permitting, delays in bringing more power online or supply chain constraints -- all significant challenges. But instead, they highlighted a national shortage of people. Electricians, to be precise."

Much as Smith has done in the past as he declared crisis-level shortages of Computer Science, cybersecurity, and AI talent, he's calling for the nation's politicians and educators to step up to the plate and deliver students trained to address the data center expansion plans of Microsoft and Big Tech.

"How many new electricians must the U.S. recruit and train over the next decade?" Smith asks. "Probably half a million. [...] The good news is that these are good jobs. The bad news is that we don't have a national strategy to recruit and train the people to fill these jobs. Given the Trump administration's commitment to supporting American workers, American jobs and American innovation, we believe that recruiting and training more electricians should rise to its list of priorities. There are several ways to address this issue, and they deserve consideration. For example, we need to do more as a nation to revitalize the industrial arts and shop classes in American high schools. [...] This should be a priority for local school boards, state governors and appropriate federal support. [..] We must also adopt a broad perspective on where new technology is taking us. The tech sector is most often focused on computer and data science -- people who code. But the future will also be built in critical ways by a new generation of engineers, electricians, plumbers, pipefitters, iron workers, carpenters and other skilled trades.

So, is 'Learn to Wire' the new 'Learn to Code'?

Columbia University has suspended the student who created an AI tool designed to help job candidates cheat on technical coding interviews, according to disciplinary documents seen by Business Insider. Chungin "Roy" Lee received a yearlong suspension for "publishing unauthorized documents" from a disciplinary hearing about his product, Interview Coder, not for creating the tool itself. Lee had signed a form agreeing not to disclose his disciplinary record or post hearing materials online.

Interview Coder, which sells for $60 monthly, is on track to generate $2 million in annual revenue, Lee said. The university initially placed him on probation after finding him responsible for "facilitation of academic dishonesty." Lee had already submitted paperwork for a leave of absence before his suspension. He told BI he plans to move to San Francisco, which "was my plan all along."

The Metropolitan Police has confirmed its first permanent installation of live facial recognition (LFR) cameras is coming this summer and the location will be the South London suburb of Croydon. From a report: The two cameras will be installed in the city center in an effort to combat crime and will be attached to buildings and lamp posts on North End and London Road. According to the police they will only be turned on when officers are in the area and in a position to make an arrest if a criminal is spotted. The installation follows a two-year trial in the area where police vans fitted with the camera have been patrolling the streets matching passersby to its database of suspects or criminals, leading to hundreds of arrests. The Met claims the system can alert them in seconds if a wanted wrong'un is spotted, and if the person gets the all-clear, the image of their face will be deleted.

sciencehabit quotes a report from Science.org: Whales sing, orcas squeal, and sea turtles croak. But sharks are more the strong, silent type. Now, researchers report the first evidence that sharks make sounds, too, described today in Royal Society Open Science. The animals may be making the sounds -- a series of clicking noises -- by snapping their flat rows of teeth, which are blunt for crushing prey. The sharks can hear mostly low-frequency noise, and the clicks they emit are higher pitched, which suggests they are not for communicating with other rigs. It's possible they are a defensive tactic. Marine mammals that eat rigs, such as leopard seals, can hear in the frequency range of the rig clicks, but the researchers question whether a few clicks would deter an attack. The sounds might be part of their response to being startled, the team says.

According to the Financial Times, Fidelity Investments is in advanced stages of developing its own stablecoin. Binance reports: The Boston-based financial services giant plans for the token to serve as a form of digital cash, according to the report, which cites two people close to the matter. The token would form part of company's strategy to enter the tokenized government bonds market. Stablecoins are a cryptocurrency whose value is pegged to a real-world asset such as the U.S. dollar or gold. They provide a convenient way for crypto traders to preserve their fiat value without having to cash out of the market.

The news emerges just days after Fidelity filed paperwork to register a blockchain-based version of its U.S. dollar money market fund. The company seeks to register an "OnChain" share class of its Treasury Digital Fund (FYHXX), which holds cash and U.S. Treasury securities and is available only to Fidelity's hedge fund and institutional clients. A Fidelity stablecoin could fill the role of cash in this fund. The report comes a day after World Liberty Financial, a crypto venture backed by Donald Trump and his family, launched a U.S. dollar-pegged stablecoin called USD1.

Fortune reports that over 4 million Gen Zers are currently not in education, employment, or training (NEET), with experts blaming a broken educational system and "worthless degrees" for failing to deliver on promises of career readiness. From the report: While some Gen Zers may fall into this category because they are taking care of a family member, many have become frozen out of the increasingly tough job market where white-collar jobs are becoming seemingly out of reach. In the U.S., this translates to an estimated over 4.3 million young people not in school or work. Across the pond in the U.K., the situation is also only getting worse, with the number of NEET young people rising by over 100,000 in the last year alone.

A British podcaster went so far as to call the situation a "catastrophe" -- and cast a broad-stroke blame on the education system. "In many cases, young people have been sent off to universities for worthless degrees which have produced nothing for them at all," the political commentator, journalist and author, Peter Hitchens slammed colleges last week. "And they would be much better off if they apprenticed to plumbers or electricians, they would be able to look forward to a much more abundant and satisfying life." With millions of Gen Zers waking up each day feeling left behind, there needs to be a "wake-up call" that includes educational and workplace partners stepping up, Jeff Bulanda, vice president at Jobs for the Future, tells Fortune.

The U.S. has added 80 entities to its export blacklist to prevent China from acquiring advanced American chips for military development, including AI, quantum tech, and hypersonic weapons. The Verge reports: More than 50 of the new entities added to the list are based in China, with others located in Iran, Taiwan, Pakistan, South Africa, and the United Arab Emirates. BIS says the restrictions have been applied to entities that acted "contrary to US national security and foreign policy," and are intended to hinder China's ability to develop high-performance computing capabilities, quantum technologies, advanced artificial intelligence, and hypersonic weapons.

Six of the newly blacklisted entities are subsidiaries of Inspur Group -- China's leading cloud computing service provider and a major customer for US chip makers such as Nvidia, AMD, and Intel -- which BIS alleges had contributed to projects developing supercomputers for the Chinese military. The Beijing Academy of Artificial Intelligence is another addition to the list, which has criticized its inclusion. "American technology should never be used against the American people," said Jeffrey Kessler, Under Secretary of Commerce for Industry and Security. "BIS is sending a clear, resounding message that the Trump administration will work tirelessly to safeguard our national security by preventing U.S. technologies and goods from being misused for high performance computing, hypersonic missiles, military aircraft training, and UAVs that threaten our national security."

An anonymous reader shares a report: After years of decline, the number of applications to the country's two-year MBA programs rebounded in 2024 -- rising 19%, according to a survey by the Graduate Management Admission Council. The pandemic saw a blossoming of new ways to deliver an MBA, but tradition has reasserted itself: The biggest growth last year was in conventional two-year and part-time programs.

As in recent years, the great majority of student demand came from overseas, but applications from the US rose as well. While the two-year class graduating this spring included record levels of international students at many institutions, most of the top 20 schools as ranked by Bloomberg Businessweek welcomed classes last fall with a reduced international presence. Given the Trump administration's hostility to immigration, the graduating class of 2025 could prove to be the high-water mark for international MBA students in the US for at least the near future.

An anonymous reader quotes a report from Android Authority: No matter the manufacturer, every Android phone has one thing in common: its software base. Manufacturers can heavily customize the look and feel of the Android OS they ship on their Android devices, but under the hood, the core system functionality is derived from the same open-source foundation: the Android Open Source Project. After over 16 years, Google is making big changes to how it develops the open source version of Android in an effort to streamline its development. [...] Beginning next week, all Android development will occur within Google's internal branches, and the source code for changes will only be released when Google publishes a new branch containing those changes. As this is already the practice for most Android component changes, Google is simply consolidating its development efforts into a single branch.

This change will have minimal impact on regular users. While it streamlines Android OS development for Google, potentially affecting the speed of new version development and bug reduction, the overall effect will likely be imperceptible. Therefore, don't expect this change to accelerate OS updates for your phone. This change will also have minimal impact on most developers. App developers are unaffected, as it pertains only to platform development. Platform developers, including those who build custom ROMs, will largely also see little change, since they typically base their work on specific tags or release branches, not the main AOSP branch. Similarly, companies that release forked AOSP products rarely use the main AOSP branch due to its inherent instability.

External developers who enjoy reading or contributing to AOSP will likely be dismayed by this news, as it reduces their insight into Google's development efforts. Without a GMS license, contributing to Android OS development becomes more challenging, as the available code will consistently lag behind by weeks or months. This news will also make it more challenging for some developers to keep up with new Android platform changes, as they'll no longer be able to track changes in AOSP. For reporters, this change means less access to potentially revealing information, as AOSP patches often provide insights into Google's development plans. [...] Google will share more details about this change when it announces it later this week. If you're interested in learning more, be sure to keep an eye out for the announcement and new documentation on source.android.com. Android Authority's Mishaal Rahman says Google is "committed to publishing Android's source code, so this change doesn't mean that Android is becoming closed-source."

"What will change is the frequency of public source code releases for specific Android components," says Rahman. "Some components like the build system, update engine, Bluetooth stack, Virtualization framework, and SELinux configuration are currently AOSP-first, meaning they're developed fully in public. Most Android components like the core OS framework are primarily developed internally, although some features, such as the unlocked-only storage area API, are still developed within AOSP."

The United States has won far more Nobel Prizes in physics, chemistry, and medicine than any other nation, with the UK and Germany following in second and third place, according to an analysis of nearly 900 prize-winning publications.

Universities account for roughly three-fourths of Nobel Prize-winning research, with a small number of elite institutions producing a disproportionate share of winners. Cambridge University leads with 32 prizes, followed by Harvard (22) and Columbia (13). While prizes are concentrated among researchers from the US, UK, and Germany, 43 countries have produced at least one scientific Nobel laureate.

Outside Europe and the Anglosphere, Japan leads with 11 prizes, while Argentina, China, and India have only one or two each. The average age of Nobel Prize winners has steadily increased from about 45 in the 1920s to 65 in the 2010s, though the age at which scientists perform their groundbreaking work has remained relatively constant at around 40.

Transport for London will ban most e-bikes across its network from March 31 amid growing safety concerns over battery fires, the transport authority announced on Wednesday. The ban, covering London Underground, Overground, Elizabeth Line and DLR trains, exempts only folding e-bikes, which are considered less likely to have been modified and pose a reduced safety risk.

TfL implemented the measure following union strike threats after several incidents, including an e-bike that exploded into flames at Rayners Lane Underground platform last month. The train drivers' union Aslef said the incident could have caused mass casualties.

An anonymous reader quotes a report from Gizmodo: Scientists scrutinizing the seafloor beneath a calving iceberg found a remarkable array of living creatures, switching up notions of how the giant chunks of ice affect their immediate environs. The scientists investigated a region of seafloor recently exposed by the calving of a gigantic iceberg -- A-84 -- which is as large as Chicago. The team found a surprisingly vibrant community of critters on the seafloor below where A-84 was once attached to an ice shelf attached to Antarctica.

Without the 197-square-mile (510-square-kilometer) iceberg in the way, the team was able to scrutinize the seafloor at depths of 4,265 feet (1,300 meters) using the remotely operated vehicle (ROV) SuBastian. The team found large corals and sponges supporting other lifeforms, including icefish, giant sea spiders, and octopus. [...] With the icebergs covering the seafloor, organisms below the shelf cannot get nutrients for survival from the surface. The team hypothesized that ocean currents are a critical driver for life beneath the ice sheets. The team also collected data on the larger ice sheet, whose shrinking size spells concern for the animals that live beneath it.