CNBC reports that U.S. airlines have "canceled hundreds of flights to airports in Puerto Rico and Aruba, according to flight tallies from FlightAware and carriers' sites."

JetBlue, Southwest, and American Airlines were among the multiple airlines showing cancelled flights, which "included close to 300 flights to and from San Juan, Puerto Rico's Luis Muñoz Marín International Airport, more than 40% of the day's schedule, according to FlightAware." Airlines canceled flights throughout the Caribbean on Saturday following U.S. strikes on Venezuela after the Federal Aviation Administration ordered commercial aircraft to avoid airspace in parts of the region.... It wasn't immediately clear how long the disruptions would last, though such broad restrictions are often temporary. Airlines said they would waive change fees and fare differences for customers affected by the airspace closures who could fly later in the month.
CNN cites a U.S. official who says more than 150 U.S. aircraft (including helicopters) launched from 20 different bases "on land and sea" during Friday's attack.

The U.S. has said the lights were out in Caracas during the attack, presumably because of a targeted strike on their power grid. "Videos filmed by Caracas residents showed parts of the city in the dark," reports the Miami Herald.

United Nations secretary-general António Guterres issued a statement via his spokesman saying he was "deeply concerned that the rules of international law have not been respected," (according to a Reuters report cited by the Guardian). The Guardian adds that "a number of nations have called for an emergency meeting of the UN Security Council, in New York, today, as a result of the U.S.'s unilateral action."

86 aircraft were affected by an incident in Denver ,and 256 more in Dallas-Fort Worth, America's Federal Aviation Admistrationtold the Washington Post: The pilots flying into Denver International Airport could tell something was wrong. In urgent calls to air traffic controllers, they reported that the Global Positioning System was going haywire, forcing them to rely on backup navigation systems for more than a day. The Federal Aviation Administration issued a warning to air traffic in the area. Eight months later, in October 2022, it happened again — this time at Dallas-Fort Worth International Airport, which shut down a runway as pilots and air traffic controllers scrambled over two days without GPS to guide them. Federal officials have not said who was responsible for interfering with the systems or why it took so long to get them back online, though they've said the Denver incident was unintentional. But the disruptions stoked fear about the security vulnerabilities of GPS, a satellite network relied on daily by 6 billion people, businesses and governments.

Over the past two years, interference with the U.S. Global Positioning System has grown dramatically, threatening a network that is highly vulnerable to attack in a conflict. The danger could be posed by enemy or rogue nation-states — or even just hobbyists with commercially available equipment. Efforts by the Pentagon to upgrade GPS have been delayed by years and have cost billions, as adversaries are developing increasingly sophisticated ways to jam and trick the system with false signals that make it think it is somewhere it isn't. And it's not just civilian airline traffic at risk. The underpinnings of modern life and entire economies could be disrupted by a broad attack on the fragile satellite system — power grids, financial systems, cellphone networks — raising the prospect of catastrophe in an era of increasing electronic warfare...

A report last year by the OpsGroup, an organization of international airline operators, found that in January 2024, about 300 flights per day were affected by GPS interference. By late last year, that number had grown to 1,500 flights per day as conflicts in Eastern Europe and the Middle East continued. And in a one-month period, between July and August last year, some 41,000 flights were affected. "While GPS interference is not a new phenomenon, the scale and effects of the current wave of spoofing are unprecedented," the report found...

The Pentagon has launched eight of its next-generation GPS III satellites, which broadcast the military-grade signal that is more resistant to jamming and spoofing. Lockheed Martin, the contractor building the satellites, is also developing a next-generation spacecraft, which would have the ability to emit an even stronger "spot beam" directly to areas used by U.S. forces, making it even more difficult to jam.

President Donald Trump signed into law this month a measure that prohibits anyone based in China and other adversarial countries from accessing the Pentagon's cloud computing systems. From a report: The ban, which is tucked inside the $900 billion defense policy law, was enacted in response to a ProPublica investigation this year that exposed how Microsoft used China-based engineers to service the Defense Department's computer systems for nearly a decade -- a practice that left some of the country's most sensitive data vulnerable to hacking from its leading cyber adversary.

U.S.-based supervisors, known as "digital escorts," were supposed to serve as a check on these foreign employees, but we found they often lacked the expertise needed to effectively supervise engineers with far more advanced technical skills. In the wake of the reporting, leading members of Congress called on the Defense Department to strengthen its security requirements while blasting Microsoft for what some Republicans called "a national betrayal." Cybersecurity and intelligence experts have told ProPublica that the arrangement posed major risks to national security, given that laws in China grant the country's officials broad authority to collect data.

Three decades after RFC 1883 promised to future-proof the internet by expanding the available pool of IP addresses from around 4.3 billion to over 340 undecillion, IPv6 has yet to achieve the dominance its creators envisioned. Data from Google, APNIC and Cloudflare analyzed by The Register shows less than half of all internet users rely on IPv6 today.

"IPv6 was an extremely conservative protocol that changed as little as possible," APNIC chief scientist Geoff Huston told The Register. "It was a classic case of mis-design by committee." The protocol's lack of backward compatibility with IPv4 meant users had to choose one or run both in parallel. Network address translation, which allows thousands of devices to share a single public IPv4 address, gave operators an easier path forward. Huston adds: "These days the Domain Name Service (DNS) is the service selector, not the IP address," Huston told The Register. "The entire security framework of today's Internet is name based and the world of authentication and channel encryption is based on service names, not IP addresses."

"So folk use IPv6 these days based on cost: If the cost of obtaining more IPv4 addresses to fuel bigger NATs is too high, then they deploy IPv6. Not because it's better, but if they are confident that they can work around IPv6's weaknesses then in a largely name based world there is no real issue in using one addressing protocol or another as the transport underlay." But calling IPv6 a failure misses the point. "IPv4's continued viability is largely because IPv6 absorbed that growth pressure elsewhere -- particularly in mobile, broadband, and cloud environments," said John Curran, president and CEO of the American Registry for Internet Numbers. "In that sense, IPv6 succeeded where it was needed most." Huawei has sought 2.56 decillion IPv6 addresses and Starlink appears to have acquired 150 sextillion.

An anonymous reader shares a report: Only the government could spend 20 years creating a national ID that no one wanted and that apparently doesn't even work as a national ID. But that's what the federal government has accomplished with the REAL ID, which the Department of Homeland Security (DHS) now considers unreliable, even though getting one requires providing proof of citizenship or lawful status in the country.

In a December 11 court filing [PDF], Philip Lavoie, the acting assistant special agent in charge of DHS' Mobile, Alabama, office, stated that, "REAL ID can be unreliable to confirm U.S. citizenship." Lavoie's declaration was in response to a federal civil rights lawsuit filed in October by the Institute for Justice, a public-interest law firm, on behalf of Leo Garcia Venegas, an Alabama construction worker. Venegas was detained twice in May and June during immigration raids on private construction sites, despite being a U.S. citizen. In both instances, Venegas' lawsuit says, masked federal immigration officers entered the private sites without a warrant and began detaining workers based solely on their apparent ethnicity.

And in both instances officers allegedly retrieved Venegas' Alabama-issued REAL ID from his pocket but claimed it could be fake. Venegas was kept handcuffed and detained for an hour the first time and "between 20 and 30 minutes" the second time before officers ran his information and released him.

The European Space Agency has acknowledged yet another security incident after a cybercriminal posted an offer on BreachForums the day after Christmas claiming to have stolen over 20GB of data including source code, confidential documents, API tokens and credentials.

The attacker claims they gained access to ESA-linked external servers on December 18 and remained connected for about a week, during which they allegedly exfiltrated private Bitbucket repositories, CI/CD pipelines, Terraform files and hardcoded credentials. ESA said that the breach may have affected only "a very small number of external servers" used for unclassified engineering and scientific collaboration, and that it has initiated a forensic security analysis.

An anonymous reader quotes a report from Cyber Press: A newly uncovered Chinese threat group, DarkSpectre, has been linked to one of the most widespread browser-extension malware operations to date, compromising more than 8.8 million users of Chrome, Edge, Firefox, and Opera over the past seven years. According to research by Koi.ai, the group operates three interconnected campaigns: ShadyPanda, GhostPoster, and a newly identified one named The Zoom Stealer, forming a single, strategically organized operation.

DarkSpectre's structure differs from that of ordinary cybercrime operations. The group runs separate but interconnected malware clusters, each with distinct goals. The ShadyPanda campaign, responsible for 5.6 million infections, focuses on long-term user surveillance and e-commerce affiliate fraud. Its extensions have appeared legitimate for years, offering new tab pages and translation utilities, before secretly downloading malicious configurations from command-and-control servers such as jt2x.com and infinitynewtab.com. Once activated, they inject remote scripts, hijack search results, and track browsing activity.

The second campaign, GhostPoster, spreads via Firefox and Opera extensions that conceal malicious payloads in PNG images via steganography. After lying dormant for several days, the extensions extract and execute JavaScript hidden within images, enabling stealthy remote code execution. This campaign has affected over one million users and relies on domains like gmzdaily.com and mitarchive.info for payload delivery.

The most recent discovery, The Zoom Stealer, exposes around 2.2 million users to corporate espionage. These extensions masquerade as productivity tools or video downloaders while secretly harvesting corporate meeting links, credentials, and speaker profiles from more than 28 video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The extensions use real-time WebSocket connections to exfiltrate data to Firebase databases, such as zoocorder.firebaseio.com, and to Google Cloud functions, such as webinarstvus.cloudfunctions.net.

China's Commerce Ministry on Wednesday demanded that the Netherlands "immediately correct its mistakes" over chipmaker Nexperia, escalating a standoff that has disrupted global semiconductor supply chains and triggered warnings from automakers about component shortages. The Dutch government in September invoked a Cold War-era law to effectively seize control of the Chinese-owned chipmaker, reportedly after the United States raised security concerns. China responded by blocking Nexperia products from leaving the country.

Nexperia manufactures billions of foundation chips -- transistors, diodes and power management components -- that are produced in Europe, assembled and tested in China, and then re-exported to customers worldwide. These low-tech, inexpensive chips are essential in almost every device that uses electricity, from car braking systems and airbag controllers to electric windows and entertainment systems.

The Commerce Ministry spokesperson said the Netherlands "remains indifferent and stubbornly insists on its own way, showing absolutely no responsible attitude towards the security of the global semiconductor supply chain." Dutch Economy Minister Vincent Karremans has repeatedly defended the intervention. Auto industry groups have warned that disruptions have not been fundamentally resolved. Japan's Nissan and German supplier Bosch have flagged looming shortages, and the German Association of the Automotive Industry warned of elevated supply risks "particularly for the first quarter" of 2026.

Longtime Slashdot reader ptorrone writes: The January 1, 2026, NYC mayoral inauguration prohibits attendees from bringing specific brand-name devices, explicitly banning Raspberry Pi single-board computers and the Flipper Zero, listed alongside weapons, explosives, and drones. Rather than restricting behaviors or capabilities like signal interference or unauthorized transmitters, the policy names two widely used educational and testing tools while allowing smartphones and laptops that are far more capable. Critics argue this device-specific ban creates confusion, encourages selective enforcement, and reflects security theater rather than a clear, capability-based public safety framework. New York has handled large-scale events more pragmatically before.

Japan's demographic transformation is no longer a distant forecast but an accelerating reality, and the National Institute of Population and Social Security Research now estimates the country's population will fall to roughly 100 million by 2050 -- more than 20 million fewer people than today.

The share of residents aged 65 and over stood at 29.4% as of September and is expected to reach 37.1% by midcentury. The dependency ratio -- children and older adults supported by every 100 working-age people -- is projected to rise from 68.0 to 89.0, meaning each working-age person will effectively support one dependent.

Akita Prefecture is currently offering a preview of this future. Its population fell 1.93% year over year as of November 1, the steepest decline of any prefecture, and more than 40% of its residents are already 65 or older. By 2050, Akita's population is projected to drop to around 560,000, roughly 60% of its current size. Japan's total fertility rate fell for the ninth consecutive year in 2024, declining to 1.15 from 1.2. A health ministry survey found around 319,000 babies were born in the first half of 2025, more than 10,000 fewer than the same period last year -- a pace that could put the full-year total at a record low.

An anonymous reader quotes a report from SecurityWeek: Insurance giant Aflac is notifying roughly 22.65 million people that their personal information was stolen from its systems in June 2025. The company disclosed the intrusion on June 20, saying it had identified suspicious activity on its network in the US on June 12 and blaming it on a sophisticated cybercrime group. The company said it immediately contained the attack and engaged with third-party cybersecurity experts to help with incident response. Aflac's operations were not affected, as file-encrypting ransomware was not deployed.

[...] The compromised information, the insurance giant says, includes names, addresses, Social Security numbers, dates of birth, driver's license numbers, government ID numbers, medical and health insurance information, and other data. "The review of the potentially impacted files determined personal information associated with customers, beneficiaries, employees, agents, and other individuals related to Aflac was involved," Aflac said in a notification (PDF) on its website. The company is providing the affected individuals with 24 months of free credit monitoring, identity theft protection, and medical fraud protection services.

The Register reports on challenges facing Europe's pursuit of "digital sovereignty": The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to provide requested data, regardless of where that data is stored globally. This places European organizations in a precarious position, as it directly clashes with Europe's own stringent privacy regulation, the General Data Protection Regulation (GDPR)... Furthermore, these warrants often come with a gag order, legally prohibiting the provider from informing their customer that their data has been accessed. This renders any contractual clauses requiring transparency or notification effectively meaningless. While technical measures like encryption are often proposed as a solution, their effectiveness depends entirely on who controls the encryption keys. If the US provider manages the keys, as is common in many standard cloud services, they can be forced to decrypt the data for authorities, making such safeguards moot....

American hyperscalers have recognized the market demand for sovereignty and now aggressively market 'sovereign cloud' solutions, typically by placing datacenters on European soil or partnering with local operators. Critics call this 'sovereignty washing'... [Cristina Caffarra, a competition economistand driving force behind the Eurostack initiative] warns that this does not resolve the fundamental problem. "A company subject to the extraterritorial laws of the United States cannot be considered sovereign for Europe," she says. "That simply doesn't work." Because, as long as the parent company is American, it remains subject to the CLOUD Act...

Even when organizations make deliberate choices in favour of European providers, those decisions can be undone by market forces. A recent acquisition in the Netherlands illustrates this risk. In November 2025, the American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider. This came as an "unpleasant surprise" to several of its government clients, including the municipality of Amsterdam and the Dutch Ministry of Justice and Security. These bodies had specifically chosen Solvinity to reduce their dependence on American firms and mitigate CLOUD Act risks.
Still, The Register provides several examples of government systems that are "taking concrete steps to regain control over their IT."

• Austria's Federal Ministry for Economy, Energy and Tourism now has 1,200 employees on the European open-source collaboration platform Nextcloud, leading several other Austrian ministries to also implement Nextcloud. (The Ministry's CISO tells the Register "We can see our input in Nextcloud releases. That is a feeling we never had with Microsoft.")

• France's Ministry of Economics and Finance recently completed NUBO (which the Register describes as "an OpenStack-based private cloud initiative designed to handle sensitive data and services.")

• In November the International Criminal Court in The Hague announced it was replacing its Microsoft office software with a European alternative.

• The German state of Schleswig-Holstein is replacing Microsoft products with open-source alternatives for 30,000 civil servants

Thanks to long-time Slashdot reader mspohr for sharing the article.

An anonymous Slashdot reader shared this story from Interesting Engineering: Cybersecurity specialists from the research group DARKNAVY have demonstrated how modern humanoid robots can be compromised and weaponised through weaknesses in their AI-driven control systems.

In a controlled test, the team demonstrated that a commercially available humanoid robot could be hijacked with nothing more than spoken commands, exposing how voice-based interaction can serve as an attack vector rather than a safeguard, reports Yicaiglobal... Using short-range wireless communication, the hijacked machine transmitted the exploit to another robot that was not connected to the network. Within minutes, this second robot was also taken over, demonstrating how a single breach could cascade through a group of machines. To underline the real-world implications, the researchers issued a hostile command during the demonstration. The robot advanced toward a mannequin on stage and struck it, illustrating the potential for physical harm.

An anonymous reader shared this report from the Associated Press: Two NATO-nation intelligence services suspect Russia is developing a new anti-satellite weapon to target Elon Musk's Starlink constellation with destructive orbiting clouds of shrapnel, with the aim of reining in Western space superiority that has helped Ukraine on the battlefield. Intelligence findings seen by The Associated Press say the so-called "zone-effect" weapon would seek to flood Starlink orbits with hundreds of thousands of high-density pellets, potentially disabling multiple satellites at once but also risking catastrophic collateral damage to other orbiting systems.

Analysts who haven't seen the findings say they doubt such a weapon could work without causing uncontrollable chaos in space for companies and countries, including Russia and its ally China, that rely on thousands of orbiting satellites for communications, defense and other vital needs. Such repercussions, including risks to its own space systems, could steer Moscow away from deploying or using such a weapon, analysts said. "I don't buy it. Like, I really don't," said Victoria Samson, a space-security specialist at the Secure World Foundation who leads the Colorado-based nongovernmental organization's annual study of anti-satellite systems. "I would be very surprised, frankly, if they were to do something like that." [Later they suggested the research might just be experimental.]

But the commander of the Canadian military's Space Division, Brig. Gen. Christopher Horner, said such Russian work cannot be ruled out in light of previous U.S. allegations that Russia also has been pursuing an indiscriminate nuclear, space-based weapon. "I can't say I've been briefed on that type of system. But it's not implausible," he said... The French military's Space Command said in a statement to the AP that it could not comment on the findings but said, "We can inform you that Russia has, in recent years, been multiplying irresponsible, dangerous, and even hostile actions in space."
The article also points out that this month Russia "said it has fielded a new ground-based missile system, the S-500, which is capable of hitting low-orbit targets..."

NASA Administrator Jared Isaacman, who was confirmed by the Senate just last week after a turbulent nomination process that stretched across most of 2025, said Friday that the United States will return to the moon within President Donald Trump's second term. Isaacman made the comments during an interview on CNBC, calling Trump's recommitment to lunar exploration key to unlocking what he described as an "orbital economy." He said: "We want to have that opportunity to explore and realize the scientific, economic and national security potential on the moon," he said.

The potential opportunities include establishing space data centers and infrastructure on the moon, as well as mining Helium-3, a rare gas embedded in the lunar surface that could serve as fuel for fusion power. NASA is currently working on its Artemis campaign alongside SpaceX, Blue Origin, and Boeing. Trump's One Big Beautiful Bill Act allocated $9.9 billion to the agency earlier this year.

The Artemis II mission, NASA's first crewed test flight using the Space Launch System rocket and Orion spacecraft, is expected to launch in the near future. SpaceX is contracted to build the lunar landing system for the subsequent Artemis III mission. Isaacman was first nominated by Trump in December 2024 but had his nomination pulled in May over unspecified "prior associations." Trump renominated him in November.

An anonymous reader shares a report: A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'. BleepingComputer has found that multiple MAS users began reporting on Reddit yesterday that they received pop-up warnings on their systems about a Cosmali Loader infection.

Based on the reports, attackers have set up a look-alike domain, "get[dot]activate[dot]win," which closely resembles the legitimate one listed in the official MAS activation instructions, "get[dot]activated[dot]win." Given that the difference between the two is a single character ("d"), the attackers bet on users mistyping the domain.

The Trump administration has announced it would replace the lottery programme used to grant H-1B visas for skilled foreign workers with a system that prioritises higher-paid individuals. From a report: The Department of Homeland Security said it would begin to implement a "weighted" selection process to give an advantage to higher-skilled and higher-paid applicants from February, according to a statement posted on its website. Matthew Tragesser, Citizenship and Immigration Services spokesperson, said: "The existing random selection process of H-1B registrations was exploited and abused by US employers who were primarily seeking to import foreign workers at lower wages than they would pay American workers."

The move is the latest in a broad crackdown on US immigration by President Donald Trump, who has dramatically stepped up deportations of immigrants and sent enforcement agents into cities across the country to carry out arrests. The change also follows moves earlier this year to curb the number of applicants for the H-1B visa, which is popular among technology and professional services companies, including charging an additional $100,000 fee.

Beryl Howell, a federal judge on the US District Court for the District of Columbia, late on Tuesday ruled the White House could move forward with the application charge after the US Chamber of Commerce had sued in October to block the six-figure fee.

An anonymous reader quotes a report from TechCrunch: Across Uzbekistan, a network of about a hundred banks of high-resolution roadside cameras continuously scan vehicles' license plates and their occupants, sometimes thousands a day, looking for potential traffic violations. Cars running red lights, drivers not wearing their seatbelts, and unlicensed vehicles driving at night, to name a few. The driver of one of the most surveilled vehicles in the system was tracked over six months as he traveled between the eastern city of Chirchiq, through the capital Tashkent, and in the nearby settlement of Eshonguzar, often multiple times a week. We know this because the country's sprawling license plate-tracking surveillance system has been left exposed to the internet.

Security researcher Anurag Sen, who discovered the security lapse, found the license plate surveillance system exposed online without a password, allowing anyone access to the data within. It's not clear how long the surveillance system has been public, but artifacts from the system show that its database was set up in September 2024, and traffic monitoring began in mid-2025. The exposure offers a rare glimpse into how such national license plate surveillance systems work, the data they collect, and how they can be used to track the whereabouts of any one of the millions of people across an entire country. The lapse also reveals the security and privacy risks associated with the mass monitoring of vehicles and their owners, at a time when the United States is building up its nationwide array of license plate readers, many of which are provided by surveillance giant Flock.

An anonymous reader quotes a report from MarketWatch: ServiceNow announced a deal to acquire cybersecurity company Armis on Tuesday, marking a new milestone in the software giant's artificial-intelligence business strategy. The $7.75 billion all-cash transaction is part of ServiceNow's goal of advancing governance and trust in autonomous AI agents, and the company's largest transaction to date. "The acquisition of Armis will extend and enhance ServiceNow's Security, Risk, and [Operational Technology] portfolios in critical and fast-growing areas of cybersecurity and drive increased AI adoption by strengthening trust across businesses' connected environments," the company wrote in a press release.

While ServiceNow built its foundation IT service management products, the company has positioned itself as an "AI control tower" that orchestrates workflows across HR, customer service and security operations. Organizations today are operating in increasingly complex environments, with assets spanning from laptops and servers to smart grid devices, Gina Mastantuono, chief financial officer of ServiceNow, told MarketWatch on Tuesday. "But at the same time, cyber threats are becoming more sophisticated and more complex," she added.

ServiceNow's Security and Risk business crossed $1 billion in annual contract value earlier this year, and the Armis acquisition is expected to triple ServiceNow's market opportunity in the sector. Armis currently has over $340 million in annual recurring revenue, with growth exceeding 50% year-over-year, according to the press release. The Armis acquisition would allow ServiceNow to create an "end-to-end proactive cybersecurity exposure and operations stack that enables enterprises to see, decide and act across a business' entire technology footprint," Mastantuono said.

An anonymous reader shares a report: It's been more than eight years since Amazon bought Whole Foods, but the two companies still haven't aligned their setup for the Microsoft software their employees use. That disconnect was flagged in an 8-week Deloitte review of Whole Foods' use of Microsoft 365 apps earlier this year, according to an internal document obtained by Business Insider. Deloitte found that Whole Foods relies on "fragmented" Microsoft toolsets, has loose security and data-retention practices, and employs a complex user-management setup -- all of which contribute to inefficiencies and lower productivity when working with Amazon employees.

The consulting firm recommended a 24-month integration plan that would first move Whole Foods' corporate employees onto Amazon's backend system, followed by its frontline workers. The phased approach would ensure a "smooth transition for users and minimal disruption to business processes," while generating cost savings, the document said. The review, completed in May, highlights Amazon's ongoing challenges in integrating Whole Foods. Since acquiring the chain in 2017, the company has struggled to scale the business and integrate operations, resulting in frequent reorganizations and shifting strategic priorities.