SoylentNews

Freeman writes:

https://arstechnica.com/ai/2026/02/openclaw-security-fears-lead-meta-other-ai-firms-to-restrict-its-use/

Last month, Jason Grad issued a late-night warning to the 20 employees at his tech startup. "You've likely seen Clawdbot trending on X/LinkedIn. While cool, it is currently unvetted and high-risk for our environment," he wrote in a Slack message with a red siren emoji. "Please keep Clawdbot off all company hardware and away from work-linked accounts."

Grad isn't the only tech executive who has raised concerns to staff about the experimental agentic AI tool, which was briefly known as MoltBot and is now named OpenClaw.
[...]
Peter Steinberger, OpenClaw's solo founder, launched it as a free, open source tool last November. But its popularity surged last month as other coders contributed features and began sharing their experiences using it on social media. Last week, Steinberger joined ChatGPT developer OpenAI, which says it will keep OpenClaw open source and support it through a foundation.
[...]
Some cybersecurity professionals have publicly urged companies to take measures to strictly control how their workforces use OpenClaw.
[...]
"Our policy is, 'mitigate first, investigate second' when we come across anything that could be harmful to our company, users, or clients," says Grad, who is cofounder and CEO of Massive, which provides Internet proxy tools to millions of users and businesses. His warning to staff went out on January 26, before any of his employees had installed OpenClaw, he says.
[...]
Some companies concerned about OpenClaw are choosing to trust the cybersecurity protections they already have in place rather than introduce a formal or one-off ban. A CEO of a major software company says only about 15 programs are allowed on corporate devices. Anything else should be automatically blocked, says the executive, who spoke on the condition of anonymity to discuss internal security protocols.
[...]
Massive, the web proxy company, is cautiously exploring OpenClaw's commercial possibilities. Grad says it tested the AI tool on isolated machines in the cloud and then, last week, released ClawPod, a way for OpenClaw agents to use Massive's services to browse the web. While OpenClaw is still not welcome on Massive's systems without protections in place, the allure of the new technology and its moneymaking potential was too great to ignore. OpenClaw "might be a glimpse into the future. That's why we're building for it," Grad says.

Original Submission

fliptop writes:

Texas is suing TP-Link Systems, a California-based maker of wi-fi routers, accusing it of concealing its ties to China and potentially exposing American users' home networks to hackers:

Texas Attorney General Ken Paxton announced the lawsuit on Feb. 17, alleging deceptive marketing practices. Paxton first began investigating TP-Link in October 2025, and Texas Gov. Greg Abbott has since prohibited state employees from using TP-Link products.

TP-Link, founded in China in 1996, states on its website that it underwent a restructuring in 2024 that split the company into TP-Link Systems and TP-Link Technologies, which serves the mainland Chinese market, and that the two entities are no longer affiliated. Devices sold to U.S. consumers also carry "Made in Vietnam" labels.

Paxton, however, alleges that those "Made in Vietnam" stickers are meant to obscure a supply chain "deeply entrenched in China," where nearly all of TP-Link's components are sourced before being shipped to Vietnam for final assembly.

Those supply-chain ties, the lawsuit claims, leave the company vulnerable to the Chinese Communist Party's (CCP) counterespionage and national security laws, which require Chinese companies and citizens to assist state intelligence efforts, including providing foreign user data upon request. The complaint also alleges that firmware vulnerabilities in TP-Link hardware have already "exposed millions of consumers to severe cybersecurity risks."

Previously: FCC Orders TP-Link to Allow Third-Party Firmware on Their Routers

Original Submission

fliptop writes:

Canadian uranium developer NexGen Energy has held preliminary talks with data centre providers about securing finance for a new mine that could supply fuel for power plants needed for artificial intelligence, its CEO said on Wednesday:

Soaring demand for AI is driving a massive build-out of power-hungry data centres, in turn boosting the need for new generation capacity, including nuclear plants that will require uranium.

To meet that need, NexGen CEO Leigh Curyer said big tech firms will follow the trend set by automakers, who offered finance for battery material mine development several years ago to ensure there was enough supply for an expected boom in demand for electric vehicles.

"It's coming. You've seen it with automakers. These tech companies, they're under an obligation to ensure the hundreds of billions that they are investing in the data centres are going to be powered," he said, speaking at a Melbourne Mining Club event.

NexGen is developing its Rook 1 uranium project in Saskatchewan and has said it expects to finalise a funding package in the second quarter.

As reported on OilPrice.com:

Global electricity demand increased by 3% annually in 2025, following growth of 4.4% in 2024, the International Energy Agency (IEA) said in its recent Electricity 2026 report.

Between 2026 and 2030, the annual average growth rate would be 3.6%, driven by higher consumption from industry, electric vehicles (EVs), air conditioning, and data centers, according to the agency.

Artificial intelligence, data centers, and advanced manufacturing support the return to growth in power demand in advanced economies, the IEA said.

U.S. electricity demand rose by 2.1% in 2025 and is expected to grow by nearly 2% annually through 2030. The rapid expansion of data centers will drive half of the increase, the agency noted.

Also at ZeroHedge.

Related:

• Microsoft: the Company Doesn't Have Enough Electricity to Install All the AI GPUs in its Inventory
• Data Centers Turn to Commercial Aircraft Jet Engines Bolted Onto Trailers as AI Power Crunch Bites
• OpenAI and Nvidia's $100B AI Plan Will Require Power Equal to 10 Nuclear Reactors
• Meta is Building "Several" Multi-Gigawatt Compute Clusters

Original Submission

AnonTechie writes:

[Source]: ETH Zurich (Eidgenössische Technische Hochschule Zürich)

Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored passwords.

People who regularly use online services have between 100 and 200 passwords. Very few can remember every single one. Password managers are therefore extremely helpful, allowing users to access all their passwords with just a single master password.

Most password managers are cloud based. A major advantage this offers users is the ability to access their passwords from different devices and also share them with friends and family members. Security is the most important feature of these password managers since, ultimately, users store sensitive data in these encrypted storage platforms, commonly called "vaults". This can also include login details for online banking or credit cards.

Most service providers therefore promote their products with the promise of "zero-knowledge encryption". This means they assure users that their stored passwords are encrypted and even the providers themselves have "zero knowledge" of them and no access to what has been stored. "The promise is that even if someone is able to access the server, this does not pose a security risk to customers because the data is encrypted and therefore unreadable. We have now shown that this is not the case", explains Matilda Backendal.

The team conducted a study to scrutinise the security architecture of three popular password manager providers: Bitwarden, Lastpass and Dashlane. Between them, they serve around 60 million users and have a 23 per cent market share. The researchers demonstrated 12 attacks on Bitwarden, 7 on LastPass and 6 on Dashlane.

[Journal Reference]: https://eprint.iacr.org/2026/058 (Cryptology ePrint Archive)

Original Submission

hubie writes:

Sony has made streaming anime pricier since buying Crunchyroll:

Crunchyroll is one of the most popular streaming platforms for anime viewers. Over the past six years, the service has raised prices for fans, and today, it announced that it's increasing monthly subscription prices by up to 20 percent.

Sony bought Crunchyroll from AT&T in 2020. At the time, Crunchyroll had 3 million paid subscribers and an additional 197 million users with free accounts, which let people watch a limited number of titles with commercials. At the time, Crunchyroll monthly subscription tiers cost $8, $10, or $15.

After its acquisition by Sony, like many large technology companies that buy a smaller, beloved product, the company made controversial changes. The Tokyo-based company folded rival Funimation into Crunchyroll; Sony shut down Funimation, which it bought in 2017, in April 2024.

In the process, Sony erased people's digital Funimation libraries that Funimation originally marketed as being available "forever, but there are some restrictions." Sony also reduced the number of free titles on Crunchyroll in 2022 before eliminating the free option completely on December 31, 2025.
Crunchyroll gets more expensive

Today, Crunchyroll raised prices for its remaining tiers. The cheapest plan, Fan, went from $8 per month to $10 per month. The Mega tier, which allows for streaming from up to four devices simultaneously, went from $12 to $14. The Ultra tier, which supports simultaneous streaming across six devices and includes access to the Crunchyroll Manga app, increased from $16 to $18.

[...] Crunchyroll said that the higher prices would "give fans more of what they love." Today's announcement pointed to "recent and upcoming" changes: teen profiles and PIN protection; multiple profiles; the ability to skip intro theme songs and ending credits; and "expanded device compatibility."

Crunchyroll's price hike may further frustrate subscribers, considering that the streaming service recently eliminated its free tier and acquired one of its strongest, and often cheaper, rivals. The result is that Crunchyroll and Netflix have the lion's share of the anime streaming market. In 2023, Wall Street research firm Bernstein Research reported that Crunchyroll (40 percent) and Netflix (42 percent) controlled 82 percent of the overseas (non-Japanese) anime streaming market.

[...] Anime is an increasingly lucrative opportunity for Sony, and its success so far suggests it won't stray from its strategy.

[...] The silver lining for anime and streaming viewers is that Crunchyroll is demonstrating that a niche service can scale and profit, and that when it does, it can add new experiences and further interest in its specialty. For its part, Crunchyroll recently relaunched its app for reading digital copies of manga. Crunchyroll shuttered its original Manga app in December 2023. The revived app uses an updated revenue-sharing model that's said to better benefit publishers.

Still, the changes that Sony makes to media companies it buys are worth scrutiny, especially as it continues acquiring companies. Sony-owned anime production company Aniplex announced that it bought rival Egg Firm today.

As streaming prices rise, industry consolidation is also picking up steam. More large companies buying and potentially merging streaming services will inevitably impact subscribers' experiences. For these customers, it can be worrying to consider what changes streaming mergers can bring. While there's hope for more features and content, there's also risk for higher prices and fewer options.

Original Submission

hubie writes:

"This is definitely not about dogs," senator says, urging a pause on Ring face scans:

Amazon and Flock Safety have ended a partnership that would've given law enforcement access to a vast web of Ring cameras.

The decision came after Amazon faced substantial backlash for airing a Super Bowl ad that was meant to be warm and fuzzy, but instead came across as disturbing and dystopian.

The ad begins with a young girl surprised to receive a puppy as a gift. It then warns that 10 million dogs go missing annually. Showing a series of lost dog posters, the ad introduces a new "Search Party" feature for Ring cameras that promises to revolutionize how neighbors come together to locate missing pets.

At that point, the ad takes a "creepy" turn, Sen. Ed Markey (D.-Mass.) told Amazon CEO Andy Jassy in a letter urging changes to enhance privacy at the company.

Illustrating how a single Ring post could use AI to instantly activate searchlights across an entire neighborhood, the ad shocked critics like Markey, who warned that the same technology could easily be used to "surveil and identify humans."

Markey suggested that in blasting out this one frame of the ad to Super Bowl viewers, Amazon "inadvertently revealed the serious privacy and civil liberties risks attendant to these types of Artificial Intelligence-enabled image recognition technologies."

In his letter, Markey also shared new insights from his prior correspondence with Amazon that he said exposed a wide range of privacy concerns. Ring cameras can "collect biometric information on anyone in their video range," he said, "without the individual's consent and often without their knowledge." Among privacy risks, Markey warned that Ring owners can retain swaths of biometric data, including face scans, indefinitely. And anyone wanting face scans removed from Ring cameras has no easy solution and is forced to go door to door to request deletions, Markey said.

On social media, other critics decried Amazon's ad as "awfully dystopian," declaring it was "disgusting to use dogs to normalize taking away our freedom to walk around in public spaces." Some feared the technology would be more likely to benefit police and Immigration and Customs Enforcement (ICE) officers than families looking for lost dogs.

Amazon's partnership with Flock, announced last October as coming soon, only inflamed those fears. So did the company's recent rollout of a feature using facial recognition technology called "Familiar Faces"—which Markey considers so invasive, he has demanded that the feature be paused.

"What this ad doesn't show: Ring also rolled out facial recognition for humans," Markey posted on X. "I wrote to them months ago about this. Their answer? They won't ask for your consent. This definitely isn't about dogs—it's about mass surveillance."

[...] But while Ring may have hurt its brand, WebProNews, which reports on business strategy in the tech industry, suggested that "the fallout may prove more consequential for Flock Safety than for Ring." For Flock, the Ring partnership represented a meaningful expansion of their business and "data collection capabilities," WebProNews reported. And because this all happened around one of the most-watched TV events of the year, other tech companies may be more hesitant to partner with Flock after Amazon dropped the integration and privacy advocates witnessed the seeming power of their collective outrage.

[...] Ring's statements so far do not "acknowledge the real issue," Scott-Railton said, which is privacy risks. For Ring, it seemed like a missed opportunity to discuss or introduce privacy features to reassure concerned users, he suggested, noting the backlash showed "Americans want more control of their privacy right now" and "are savvy enough to see through sappy dog pics."

"Stop trying to build a surveillance dystopia consumers didn't ask for" and "focus on shipping good, private products," Scott-Railton said.

He also suggested that lawmakers should take note of the grassroots support that could possibly help pass laws to push back on mass surveillance. That could help block not just a potential future partnership with Flock, but possibly also stop Ring from becoming the next Flock.

Original Submission

fliptop writes:

The quality of the education that our children are receiving in America's public schools just continues to go down. At one time, the concern was that not enough students were taking advanced courses. But now we have reached a point where a very large portion of our high school graduates cannot read effectively, cannot write effectively and cannot do basic math effectively:

Dr. Kent Ingle is the president of Southeastern University, and he recently authored an excellent piece in which he warned that reading levels among incoming college students are so bad that many are struggling "to understand basic text on a page"...

A stunning report revealed that many university professors now find themselves teaching students who struggle to read, not just to interpret literature or write essays, but to understand basic text on a page. According to Fortune, a growing number of Gen Z students enter college unable to "read effectively," forcing professors to break down even simple passages line by line.

That trend should alarm every parent, employer and policymaker in this country. It is not just an academic concern. It is a cultural crisis.

This is not some random guy that is making these claims.

This is the president of a major university.

[...] Large numbers of students that are entering our colleges must take remedial math courses that teach concepts that should have been taught in elementary and middle school...

Five years ago, about 30 incoming freshmen at UC San Diego arrived with math skills below high-school level. Now, according to a recent report from UC San Diego faculty and administrators, that number is more than 900—and most of those students don't fully meet middle-school math standards. Many students struggle with fractions and simple algebra problems. Last year, the university, which admits fewer than 30 percent of undergraduate applicants, launched a remedial-math course that focuses entirely on concepts taught in elementary and middle school. (According to the report, more than 60 percent of students who took the previous version of the course couldn't divide a fraction by two.) One of the course's tutors noted that students faced more issues with "logical thinking" than with math facts per se. They didn't know how to begin solving word problems.

The university's problems are extreme, but they are not unique. Over the past five years, all of the other University of California campuses, including UC Berkeley and UCLA, have seen the number of first-years who are unprepared for precalculus double or triple. George Mason University, in Virginia, revamped its remedial-math summer program in 2023 after students began arriving at their calculus course unable to do algebra, the math-department chair, Maria Emelianenko, told me.

Previously: Professors Issue Warning Over Surge in College Students Unable to Read

Original Submission

hubie writes:

Brace Yourself For Price Surges Ahead!

Well, the ongoing AI supercycle has disrupted supply chains, and we have talked about DRAM and NAND before, but it appears HDDs are also in significant demand: according to WD's CEO, Irving Tan, the manufacturer's entire capacity for this year is booked out. Speaking at the Q2 earnings call, Tan revealed that the focus has been on developing products that cater to the needs of enterprise customers. Given the pace of hyperscaler buildout, it's fair to say demand for HDDs will only increase going forward.

Yeah, thanks, Erik. As we highlighted, we're pretty much sold out for calendar 2026. We have firm POs with our top seven customers. And we've also established LTAs with two of them for calendar 2027 and one of them for calendar 2028. Obviously, these LTAs have a combination of volume of exabytes and price.

- WD's CEO

When we talk about major PC-first manufacturers pivoting towards AI, it is clear that demand is coming from the segment, as WD's VP of Investor Relations noted that the company's cloud revenue accounted for 89% of total revenue. In comparison, consumer revenue accounted for just 5%. When the numbers are too distant, as in WD's case, it makes sense on a business level to pivot towards enterprise demand while sidelining the client segment, as every other manufacturer is currently doing. And, in the case of Western Digital, well, this strategy is working for them.

The demand is primarily driven by the large-scale data center buildout occurring worldwide, with HDD requirements being more prevalent in US-based facilities. For those unaware, AI is nothing without data, and to store large quantities of data, CSPs use HDDs, which are the most cost-effective and efficient storage medium. The data scales to exabytes in data centers, encompassing content such as scraped web data, processed data backups, inference logs, and related data. Like AI memory, HDDs have seen massive adoption in recent years, putting suppliers under pressure.

With the AI frenzy, we have seen major PC components go into short supply, and unfortunately, this trend will persist for quite some time before we witness a meaningful recovery.

Original Submission

edinlinux writes:

Humanoid robotics has advanced incredibly in the past year.

This is a robot show by Unitree, a leading Chinese maker that appeared this week during Chinese New Year celebrations on their national CCTV network.

The robots breakdance, do acrobatics, fight with numbchuks [sic]... incredible. The video speaks for itself!

https://www.youtube.com/watch?v=mUmlv814aJo [4:50 -Ed]

Reuters reported on the Gala a couple of days ago, saying:

Four rising humanoid robot startups - Unitree Robotics, Galbot, Noetix and MagicLab - demonstrated their products at the gala, a televised event and touchstone for China comparable to the Super Bowl for the United States.

The programme's first three sketches prominently featured humanoid robots, including a lengthy martial arts demonstration where over a dozen Unitree humanoids performed sophisticated fight sequences waving swords, poles and nunchucks in close proximity to human children performers.

The fight sequences included a technically ambitious one that imitated the wobbly moves and backward falls of China's "drunken boxing" martial arts style, showing innovations in multi-robot coordination and fault recovery - where a robot can get up after falling down.

The programme's opening sketch also prominently featured Bytedance's AI chatbot Doubao, while four Noetix humanoid robots appeared alongside human actors in a comedy skit and MagicLab robots performed a synchronised dance with human performers during the song "We Are Made in China".

The hype surrounding China's humanoid robot sector comes as major players including AgiBot and Unitree prepare for initial public offerings this year, and domestic artificial intelligence startups release a raft of frontier models during the lucrative nine-day Lunar New Year public holiday.

Last year's gala stunned viewers with 16 full-size Unitree humanoids twirling handkerchiefs and dancing in unison with human performers.

[...]

Behind the spectacle of robots running marathons and executing kung-fu kicks and backflips, China has positioned robotics and AI at the heart of its next-generation AI+ manufacturing strategy, betting that productivity gains from automation will offset pressures from its ageing workforce.

Original Submission

hubie writes:

Penn biologists and collaborators show that collective intelligence doesn't emerge by rewarding the most accurate individuals but by rewarding those who improve the group's prediction as a whole:

When a crowd gets something right, like guessing how many beans are in a jar, forecasting an election, or solving a difficult scientific problem, it's tempting to credit the sharpest individual in the room. But new research suggests focusing on the 'expert' can lead groups astray.

In a study published in Proceedings of the National Academy of Sciences, researchers led by Joshua Plotkin at the University of Pennsylvania show that collective intelligence, or the "wisdom of crowds"—a phenomenon wherein groups often outperform individuals on complex tasks—is more likely to emerge when individuals are rewarded not for being right themselves, but for helping the group get closer to the truth.

Computer scientists can engineer collective intelligence in algorithms with centralized control, assigning subtasks, tuning whose input counts more, and basically running the whole operation like a tower controller. But real-world groups, whether people, animals, or loose networks of decision-makers, rarely have that kind of top-down, organized control.

Instead, individuals in natural settings more often tend to learn socially, copying strategies from one another that appear successful.

"Social learning is everywhere," Plotkin says, "but it can cause a problem for collective problem solving. The very mechanism that spreads good ideas can also wipe out the vital variation a group needs to perform well together."

[...] To determine under how individual incentives might produce collective intelligence, they tested three reward schemes: rewarding those whose predictions are accurate—the experts; rewarding "niche experts," those whose predictions are accurate but focus on underrepresented factors; and rewarding "reformers," those whose contributions improve the collective prediction regardless of their own personal accuracy.

They found that rewarding the standard experts fails because it inadvertently destroys the diversity of opinion. In this scenario, individuals simply imitate the single most successful peer until everyone is watching the same factor and ignoring the rest of the puzzle.

Rewarding niche experts results in predictions that can be accurate, but fragile; the group struggles when the expert is out of their depth. When a problem changes suddenly, when factors are correlated, when some information is missing, or when the environment is constantly changing, under those conditions, the niche expert approach can converge, yes, but it can converge to the wrong prediction.

By contrast, rewarding reformers facilitates diverse beliefs and collective accuracy, helps the process recover after changes (e.g., to the task), and keeps working when individual judgments are noisy, biased, overconfident, or anomalous. What matters is not who is right, but whose contribution moves the group's prediction in a better direction.

Speaking to more natural, real-world scenarios, first author Guocheng Wang says, "Reformers don't need to be accurate on their own, but they should be rewarded for improving the collective accuracy of the group."

Scientific collaborations often resemble the "niche expert" system, the team explains. Researchers gain recognition for rare expertise that fills a gap in a larger project. On the other hand, markets, prediction platforms, and even stock trading more closely resemble the reformer model: profits come not from being closest to the truth but from moving collective beliefs in the right direction.

"Hopefully," says Plotkin, "this kind of research will help guide non-market institutions to set up incentive schemes that engender good collective outcomes, even for problems that are too difficult for any one person to solve alone."

Journal Reference: https://doi.org/10.1073/pnas.2516535122

Original Submission

jelizondo writes:

ScienceTech Daily published a very interesting story about bonobos being able to track imaginary objects:

In a set of carefully designed experiments modeled on children's tea parties, researchers at Johns Hopkins University found that an ape could engage in pretend play. The results mark the first controlled demonstration that an ape can imagine objects that are not actually there, a skill long considered uniquely human.

Across three separate tests, the bonobo interacted with invisible juice and imaginary grapes in a consistent and reliable way. The performance challenges longstanding assumptions about the limits of animal cognition.

The researchers conclude that the ability to understand pretend objects falls within the mental capacities of at least one enculturated ape. They suggest this ability could trace back 6 to 9 million years to a common ancestor shared by humans and other apes.

"It really is game-changing that their mental lives go beyond the here and now," said co-author Christopher Krupenye, a Johns Hopkins assistant professor in the Department of Psychological and Brain Sciences who studies how animals think. "Imagination has long been seen as a critical element of what it is to be human, but the idea that it may not be exclusive to our species is really transformative.

"Jane Goodall discovered that chimps make tools, and that led to a change in the definition of what it means to be human, and this, too, really invites us to reconsider what makes us special and what mental life is out there among other creatures."

"Evidence for representation of pretend objects by Kanzi, a language-trained bonobo" by Amalia P. M. Bastos and Christopher Krupenye, 5 February 2026, Science. DOI: 10.1126/science.adz0743

The article continues with a more detailed look into what it means for other primates to have imagination, as human do.

Original Submission

Freeman writes:

https://arstechnica.com/science/2026/02/dna-inspired-molecule-breaks-records-for-storing-solar-heat/

Heating accounts for nearly half of the global energy demand, and two-thirds of that is met by burning fossil fuels like natural gas, oil, and coal. Solar energy is a possible alternative, but while we have become reasonably good at storing solar electricity in lithium-ion batteries, we're not nearly as good at storing heat.

To store heat for days, weeks, or months, you need to trap the energy in the bonds of a molecule that can later release heat on demand. The approach to this particular chemistry problem is called molecular solar thermal (MOST) energy storage. While it has been the next big thing for decades, it never really took off.
[...]
In the past, MOST energy storage solutions have been plagued by lackluster performance. The molecules either didn't store enough energy, degraded too quickly, or required toxic solvents that made them impractical.
[...]
Previous attempts at MOST systems have struggled to compete with Li-ion batteries. Norbornadiene, one of the best-studied candidates, tops out at around 0.97 MJ/kg. Another contender, azaborinine, manages only 0.65 MJ/kg. They may be scientifically interesting, but they are not going to heat your house.

Nguyen's pyrimidone-based system blew those numbers out of the water. The researchers achieved an energy storage density of 1.65 MJ/kg—nearly double the capacity of Li-ion batteries and substantially higher than any previous MOST material.
[...]
Achieving high energy density on paper is one thing. Making it work in the real world is another. A major failing of previous MOST systems is that they are solids that need to be dissolved in solvents like toluene or acetonitrile to work.
[...]
Nguyen's team tackled this by designing a version of their molecule that is a liquid at room temperature, so it doesn't need a solvent.
[...]
The MOST-based heating system, the team says in their paper, would circulate this rechargeable fuel through panels on the roof to capture the sun's light and then store it in the basement tank.

upstart writes:

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS:

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

ClickFix attacks typically trick users into manually executing malicious commands under the guise of fixing errors, installing updates, or enabling functionality.

However, this new variant uses a novel technique in which an attacker-controlled DNS server delivers the second-stage payload via DNS lookups.

In a new ClickFix campaign seen by Microsoft, victims are instructed to run the nslookup command that queries an attacker-controlled DNS server instead of the system's default DNS server.

The command returns a query containing a malicious PowerShell script that is then executed on the device to install malware.

"Microsoft Defender researchers observed attackers using yet another evasion approach to the ClickFix technique: Asking targets to run a command that executes a custom DNS lookup and parses the Name: response to receive the next-stage payload for execution," reads an X post from Microsoft Threat Intelligence.

While it is unclear what the lure is to trick users into running the command, Microsoft says the ClickFix attack instructs users to run the command in the Windows Run dialog box.

This command will issue a DNS lookup for the hostname "example.com" against the threat actor's DNS server at 84[.]21.189[.]20 and then execute the resulting response via the Windows command interpreter (cmd.exe).

This DNS response returns a "NAME:" field that contains the second PowerShell payload that is executed on the device.

owl writes:

https://www.righto.com/2026/02/8087-instruction-decoding.html

In the 1980s, if you wanted your IBM PC to run faster, you could buy the Intel 8087 floating-point coprocessor chip. With this chip, CAD software, spreadsheets, flight simulators, and other programs were much speedier. The 8087 chip could add, subtract, multiply, and divide, of course, but it could also compute transcendental functions such as tangent and logarithms, as well as provide constants such as π. In total, the 8087 added 62 new instructions to the computer.

But how does a PC decide if an instruction was a floating-point instruction for the 8087 or a regular instruction for the 8086 or 8088 CPU? And how does the 8087 chip interpret instructions to determine what they mean? It turns out that decoding an instruction inside the 8087 is more complicated than you might expect. The 8087 uses multiple techniques, with decoding circuitry spread across the chip. In this blog post, I'll explain how these decoding circuits work.

Original Submission

hubie writes:

Security devs forced to hide Boolean logic from overeager optimizer:

The creators of security software have encountered an unlikely foe in their attempts to protect us: modern compilers.

Today's compilers boil down code into its most efficient form, but in doing so they can undo safety precautions.

"Modern software compilers are breaking our code," said René Meusel, sharing his concerns in a FOSDEM talk on February 1.

Meusel manages the Botan cryptography library and is also a senior software engineer at Rohde & Schwarz Cybersecurity.

As the maintainer of Botan, Meusel is cognizant of all the different ways encryption can be foiled. It's not enough to get the math right. Your software also needs to encrypt and decrypt safely.

Writing code to execute this task can be trickier than some might imagine. And the compilers aren't helping.

Meusel offered an example of the kind of problem he deals with implementing a simple login system.

The user types in a password, which gets checked against a database, character by character. Once the first character doesn't match, an error message is returned.

For a close observer trying to break in, the time it takes the system to return that error indicates how many letters of the guessed password the user has already entered correctly. A longer response time indicates more of the password has been guessed.

This side-channel leak has been used in the past to facilitate brute-force break-ins. It just requires a high-resolution clock that can tell the minuscule differences in response times.

Good thing cryptographers are a congenitally paranoid sort. They have already created preventive functions to equalize these response times to the user so they are not so revealing. These constant-time implementations "make the run time independent of the password," Meusel said.

The GNU C compiler is excellent with reasoning about Boolean values. It may be too clever. Like Microsoft Clippy-level clever.