Slashdot reader BrianFagioli writes: Password manager 1Password’s 2025 Annual Report: The Access-Trust Gap exposes how everyday employees are becoming accidental hackers in the AI era. The company’s data shows that 73% of workers are encouraged to use AI tools, yet more than a third admit they do not always follow corporate policies. Many employees are feeding sensitive information into large language models or using unapproved AI apps to get work done, creating what 1Password calls “Shadow AI.” At the same time, traditional defenses like single sign-on (SSO) and mobile device management (MDM) are failing to keep pace, leaving gaps in visibility and control. The report warns that corporate security is being undermined from within. More than half of employees have installed software without IT approval, two-thirds still use weak passwords, and 38% have accessed accounts at previous employers. Despite rising enthusiasm for passkeys and passwordless authentication, 1Password says most organizations still depend on outdated systems that were never built for cloud-native, AI-driven work. The result is a growing “Access-Trust Gap” that could allow AI chaos and employee shortcuts to dismantle enterprise security from the inside.

Read more of this story at Slashdot.

Here are some recently released titles to add to your reading list. This week, we read First Contact: The Story of Our Obsession with Aliens, plus James Tynion IV and Martin Simmonds’ take on Dracula — now in black and white for extra creep-factor.

This article originally appeared on Engadget at https://www.engadget.com/entertainment/what-to-read-this-weekend-a-deep-dive-into-humankinds-search-for-alien-life-201422007.html?src=rss

An anonymous reader shared this report from CNN:
[C]iting delays in Starship’s development and competitive pressure from China, NASA asked SpaceX and Blue Origin — which holds a separate lunar lander contract with the space agency — to submit plans to expedite development of their respective spacecraft by October 29. Both companies have responded. But the space agency is also asking the broader commercial space industry to detail how they might get the job done more quickly, hinting that NASA leadership is prepared to sideline its current partners. CNN spoke with half a dozen companies about how they plan to respond to NASA’s call to action, which the agency will formally issue once the government shutdown ends, according to a source familiar with the matter.

One possibility is Lockheed Martin…

Notably, as a legacy NASA contractor, the company built the $20.4 billion Orion spacecraft that astronauts will ride when they take off from Earth… Now, Lockheed says it can piece together a two-stage lunar lander that uses spare parts harvested from Orion. The company would make use of Space Shuttle-era OMS-E engines — which are also used on Orion — to serve as the propulsion for an “ascent stage” of the lunar lander, providing the thrust for the vehicle to lift off the moon after a mission is completed. But the vehicle also needs a descent stage to get down to the lunar surface in the first place…

Other commercial space companies contacted by CNN — including Firefly Aerospace and Northrop Grumman — said simply that they were “ready to support” NASA in its endeavor to find a faster way to complete the Artemis III mission. They did not confirm whether they would formally respond to the space agency’s anticipated request for companies to submit proposals.

The more important goal, argue some experts, is to pave the way for a permanent lunar base where astronauts can live and work…

[P]erhaps the true winner will be the country that is able to build lasting infrastructure, experts say.
“It makes great press fodder to frame this as competition,” said one space policy source, who was among several that spoke to CNN on the condition of anonymity to discuss controversial issues. “But this is about the long game and the sustainability.”

Read more of this story at Slashdot.

An anonymous reader shared this report from NPR:

It’s known as the “Dueling Dinosaurs” fossil: A triceratops and a tyrannosaur, skeletons entangled, locked in apparent combat right up until the moment of their mutual demise… That discovery in 2006 now appears to have overturned decades of dinosaur dogma about Tyrannosaurus rex, the fearsome giant long thought to be the sole top predator stalking the late Cretaceous. In a paper in the journal Nature, paleontologists Lindsay Zanno and James Napoli conclude that some of the bones from that specimen belong not to a teenage T. rex, but to a fully grown individual of a different tyrannosaur species — Nanotyrannus lancensis….

One of the first of those red flags in the new specimen was the arm bones. They looked completely different than T. rex’s puny appendages… “These are powerful arms with large claws, large hands. They were using them for prey capture.” Contrast that with T. rex, “an animal that’s a mouth on legs.” There were additional clues. The animal had fewer tail vertebrae and more teeth than T. rex. Zanno and Napoli considered other lines of evidence. They created 3D models of numerous purported T. rexes against which they compared their specimen. They looked at the growth stages of the cranial nerves and sinuses of close living relatives of dinosaurs, features that were visible in the fossilized skeleton.

“But maybe the most important and damning thing that we did was we were able to figure out that our animal is not a juvenile at all,” she says. This conclusion was based on slicing through the fossil’s limb bones to examine the growth rings. That work demonstrated that this animal was mature and done growing when it died around the age of 20. “That means it’s half the size and a tenth of the mass of a full grown Tyrannosaurus rex,” says Zanno… In addition, while making models of all those other alleged T. rex skeletons, Zanno says they identified another new species of tyrannosaur, one they’re calling Nanotyrannus lethaeus…

“It tells us that these end-Cretaceous ecosystems right before the asteroid hit were flourishing,” says Zanno. “They had an abundance of different predators. And refutes this idea that dinosaurs were in decline before the asteroid struck.”

Read more of this story at Slashdot.

Ayaneo is breaking into the competitive smartphone market with its latest offering, but it’s hoping to attract the mobile gamers out there. In a teaser posted to its YouTube, the gaming handheld maker offered its first look at the Ayaneo Phone. As vague as the trailer is, Ayaneo clearly has a target demographic in mind, describing the smartphone as when a “mobile phone meets the soul of gaming handheld.”

From the teaser, it looks like the Ayaneo Phone will be built with a standard dual-camera setup. Perhaps more relevant for its gaming-centric design, it looks like the smartphone will have physical shoulder buttons when held horizontally. Ayaneo previously mentioned the Ayaneo Phone during a product sharing session in the summer, where it hinted at a form factor that slides out. This could be another hint that Ayaneo is looking at making a modern-day version of the Sony Xperia Play, particularly since the Ayaneo Phone will fall under the company’s Remake branding that features remakes of retro consoles and devices.

Considering Ayaneo’s price tags for its other products, the Ayaneo Phone likely won’t be cheap. However, it could offer serious competition to other gaming smartphones from Asus or Redmagic.

This article originally appeared on Engadget at https://www.engadget.com/mobile/smartphones/ayaneos-first-smartphone-could-have-physical-shoulder-buttons-182033773.html?src=rss

Ubuntu “is adopting the memory-safe Rust language,” reports ZDNet, citing remarks at this year’s Ubuntu Summit from Jon Seager, Canonical’s VP of engineering for Ubuntu:

. Seager said the engineering team is focused on replacing key system components with Rust-based alternatives to enhance safety and resilience, starting with Ubuntu 25.10. He stressed that resilience and memory safety, not just performance, are the principal drivers: “It’s the enhanced resilience and safety that is more easily achieved with Rust ports that are most attractive to me”. This move is echoed in Ubuntu’s adoption of sudo-rs, the Rust implementation of sudo, with fallback and opt-out mechanisms for users who want to use the old-school sudo command.

In addition to sudo-rs, Ubuntu 26.04 will use the Rust-based uutils/coreutils for Linux’s default core utilities. This setup includes ls, cp, mv, and dozens of other basic Unix command-line tools. This Rust reimplementation aims for functional parity with GNU coreutils, with improved safety and maintainability.

On the desktop front, Ubuntu 26.04 will also bring seamless TPM-backed full disk encryption. If this approach reminds you of Windows BitLocker or MacOS FileVault, it should. That’s the idea.

In other news, Canonical CEO Mark Shuttleworth said “I’m a believer in the potential of Linux to deliver a desktop that could have wider and universal appeal.” (Although he also thinks “the open-source community needs to understand that building desktops for people who aren’t engineers is different. We need to understand that the ‘simple and just works’ is also really important.”)

Shuttleworth answered questions from Slashdot’s readers in 2005 and 2012.

Read more of this story at Slashdot.

Later this month, Italian citizens will have one extra step to go through before getting on porn sites. On Friday, Italy’s regulatory agency for communications, known as AGCOM, announced an age verification system that’s meant to prevent minors from accessing websites with pornographic content. The initial list of sites covers around 50 sites, including Pornhub, XHamster and OnlyFans.

The new rule will require users to get verified through “certified third parties,” which could be another company, bank or mobile operator that already has the relevant info. Once the third party verifies the user’s age, it will issue a code that grants access to the porn site. While the legislation’s stated goal is to prevent harm to minors, the age verification process uses a “double anonymity” system to quell privacy concerns. In order to protect user privacy, porn sites can only see if a user is of age and not their identity, while the third-party verifier can only see the user’s identity and not the website they’re trying to get on.

According to the legislation, users have to do this each time they try to get on affected porn sites. AGCOM said the new rule goes into effect on November 12, and any porn sites that are found non-compliant could be hit with penalties of up to 250,000 euros. 

Italy is the latest in the European Union to implement age verification rules, after France put a similar system into place in the summer. Just outside the EU, the UK also recently introduced its own age verification process that requires either a selfie or government ID. Since then, Pornhub said that UK visitors to its site have plummeted 77 percent.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/italy-will-be-the-latest-country-to-require-age-verification-for-porn-sites-170913842.html?src=rss

Slashdot reader joshuark shares this report from SFGate:

The mystery object that struck a plane at 36,000 feet is likely not space debris, as some speculated, but rather a Silicon Valley test project gone wrong…

WindBorne Systems, a Palo Alto startup that uses atmospheric balloons to collect weather data for AI-based forecast models,has come forward to say that they believe they may be responsible for the object that hit the windshield… “At 6am PT, we sent our preliminary investigation to both NTSB and FAA, and are working with both of them to investigate further,” [WindBorne’s CEO John Dean posted on social media…]
WindBorne said the company has launched more than 4,000 balloons and that it coordinates with the Federal Aviation Administration for every launch.

WindBorne “has conducted more than 4,000 launches,” the company said in a statement, noting that they’ve always coordinated those launched with America’s Federal Aviation Administration and filed aviation alerts for every launched balloon. Plus “The system is designed to be safe in the event of a midair collision… Our balloon is 2.4 pounds at launch and gets lighter throughout flight.”

We are working closely with the FAA on this matter. We immediately rolled out changes to minimize time spent between 30,000 and 40,000 feet. These changes are already live with immediate effect. Additionally, we are further accelerating our plans to use live flight data to autonomously avoid planes, even if the planes are at a non-standard altitude. We are also actively working on new hardware designs to further reduce impact force magnitude and concentration.

Read more of this story at Slashdot.

Slashdot reader joshuark shares this report from SFGate:

The mystery object that struck a plane at 36,000 feet is likely not space debris, as some speculated, but rather a Silicon Valley test project gone wrong…

WindBorne Systems, a Palo Alto startup that uses atmospheric balloons to collect weather data for AI-based forecast models,has come forward to say that they believe they may be responsible for the object that hit the windshield… “At 6am PT, we sent our preliminary investigation to both NTSB and FAA, and are working with both of them to investigate further,” [WindBorne’s CEO John Dean posted on social media…]
WindBorne said the company has launched more than 4,000 balloons and that it coordinates with the Federal Aviation Administration for every launch.

WindBorne “has conducted more than 4,000 launches,” the company said in a statement, noting that they’ve always coordinated those launched with America’s Federal Aviation Administration and filed aviation alerts for every launched balloon. Plus “The system is designed to be safe in the event of a midair collision… Our balloon is 2.4 pounds at launch and gets lighter throughout flight.”

We are working closely with the FAA on this matter. We immediately rolled out changes to minimize time spent between 30,000 and 40,000 feet. These changes are already live with immediate effect. Additionally, we are further accelerating our plans to use live flight data to autonomously avoid planes, even if the planes are at a non-standard altitude. We are also actively working on new hardware designs to further reduce impact force magnitude and concentration.

Read more of this story at Slashdot.

The address bar/ChatGPT input window in OpenAI’s browser ChatGPT Atlas “could be targeted for prompt injection using malicious instructions disguised as links,” reports SC World, citing a report from AI/agent security platform NeuralTrust:

NeuralTrust found that a malformed URL could be crafted to include a prompt that is treated as plain text by the browser, passing the prompt on to the LLM. A malformation, such as an extra space after the first slash following “https:” prevents the browser from recognizing the link as a website to visit. Rather than triggering a web search, as is common when plain text is submitted to a browser’s address bar, ChatGPT Atlas treats plain text as ChatGPT prompts by default.

An unsuspecting user could potentially be tricked into copying and pasting a malformed link, believing they will be sent to a legitimate webpage. An attacker could plant the link behind a “copy link” button so that the user might not notice the suspicious text at the end of the link until after it is pasted and submitted. These prompt injections could potentially be used to instruct ChatGPT to open a new tab to a malicious website such as a phishing site, or to tell ChatGPT to take harmful actions in the user’s integrated applications or logged-in sites like Google Drive, NeuralTrust said.

Last month browser security platform LayerX also described how malicious prompts could be hidden in URLs (as a parameter) for Perplexity’s browser Comet. And last week SquareX Labs demonstrated that a malicious browser extension could spoof Comet’s AI sidebar feature and have since replicated the proof-of-concept (PoC) attack on Atlas.

But another new vulnerability in ChatGPT Atlas “could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant’s memory and run arbitrary code,” reports The Hacker News, citing a report from browser security platform LayerX:

“This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware,” LayerX Security Co-Founder and CEO, Or Eshed, said in a report shared with The Hacker News. The attack, at its core, leverages a cross-site request forgery (CSRF) flaw that could be exploited to inject malicious instructions into ChatGPT’s persistent memory. The corrupted memory can then persist across devices and sessions, permitting an attacker to conduct various actions, including seizing control of a user’s account, browser, or connected systems, when a logged-in user attempts to use ChatGPT for legitimate purposes….

“What makes this exploit uniquely dangerous is that it targets the AI’s persistent memory, not just the browser session,” Michelle Levy, head of security research at LayerX Security, said. “By chaining a standard CSRF to a memory write, an attacker can invisibly plant instructions that survive across devices, sessions, and even different browsers. In our tests, once ChatGPT’s memory was tainted, subsequent ‘normal’ prompts could trigger code fetches, privilege escalations, or data exfiltration without tripping meaningful safeguards….”

LayerX said the problem is exacerbated by ChatGPT Atlas’ lack of robust anti-phishing controls, the browser security company said, adding it leaves users up to 90% more exposed than traditional browsers like Google Chrome or Microsoft Edge. In tests against over 100 in-the-wild web vulnerabilities and phishing attacks, Edge managed to stop 53% of them, followed by Google Chrome at 47% and Dia at 46%. In contrast, Perplexity’s Comet and ChatGPT Atlas stopped only 7% and 5.8% of malicious web pages.

From The Conversation:

Sandboxing is a security approach designed to keep websites isolated and prevent malicious code from accessing data from other tabs. The modern web depends on this separation. But in Atlas, the AI agent isn’t malicious code — it’s a trusted user with permission to see and act across all sites. This undermines the core principle of browser isolation.

Thanks to Slashdot reader spatwei for suggesting the topic.

Read more of this story at Slashdot.

“Traditionally, exploring the interior of atomic nuclei requires enormous particle accelerators that stretch for kilometers and propel beams of electrons at extremely high speeds,” writes SciTechDaily.

But MIT physicists have unveiled a groundbreaking alternative that “used the atom’s own electrons as probes to momentarily enter the nucleus…”

In research published in Science, a team of MIT physicists achieved exceptionally precise measurements of the energy of electrons orbiting a radium atom that had been chemically bonded with a fluoride atom to form radium monofluoride. By studying these molecules, the researchers created a kind of miniature particle collider. Within this environment, the electrons surrounding the radium atom were confined closely enough to occasionally slip into the nucleus before returning to their usual orbits… When those electrons returned to their outer paths, they retained the altered energy, effectively carrying a “message” from within the nucleus that could be decoded to reveal its internal arrangement…

[The researchers] trapped and cooled the molecules and sent them through a system of vacuum chambers, into which they also sent lasers, which interacted with the molecules. In this way, the researchers were able to precisely measure the energies of electrons inside each molecule. When the researchers analyzed their measurements, they noticed that the electrons carried slightly different energies than expected if they had remained outside the nucleus. The difference was incredibly small, only about one millionth of the energy of the laser photon used to excite the molecules, but it was clear evidence that the electrons had entered the radium nucleus and interacted with its protons and neutrons…

The researchers plan to use this new technique to create a detailed map of how forces are distributed inside the nucleus… to chart the nucleus with greater precision and search for possible violations of fundamental symmetries in nature.

“It is thought that additional sources of fundamental symmetry violation are required to explain the almost complete absence of antimatter in our universe,” the article points out. “Such violations could be seen within the nuclei of certain atoms such as radium…

“Unlike most atomic nuclei, which are spherical in shape, the radium atom’s nucleus has a more asymmetrical configuration, similar to a pear. Scientists predict that this pear shape could significantly enhance their ability to sense the violation of fundamental symmetries, to the extent that they may be potentially observable.”

Read more of this story at Slashdot.