Anthropic is blocking its services from Chinese-controlled companies, saying it's taking steps to prevent a US adversary from advancing in AI and threatening American national security. From a report: The San Francisco-based startup is widening existing restrictions on "authoritarian" regimes to cover any company that's majority-owned by entities from countries such as China. That includes their overseas operations, it said in a statement. Foreign-based subsidiaries could be used to access its technology and further military applications, the startup added.

Anthropic's Dario Amodei has publicly advocated technological sanctions on China, particularly after DeepSeek stunned Silicon Valley with an advanced model this year. While Anthropic didn't name any companies, Chinese big tech firms from Alibaba to ByteDance have joined DeepSeek in an intensifying race to build AI services that can rival the likes of OpenAI in the US. Chinese entities "could use our capabilities to develop applications and services that ultimately serve adversarial military and intelligence services and broader authoritarian objectives," Anthropic said in its Friday post.

Philips Hue is rolling out MotionAware, a new feature that turns its smart bulbs into motion sensors using radio-frequency (RF) Zigbee signals. The upgrade works with most Hue bulbs made since 2014, but requires the new $99 Bridge Pro hub to enable. The Verge reports: To create a MotionAware motion-sensing zone, you need Hue's new Bridge Pro and at least three Hue devices in a room. It works with all new and most existing mains-powered Hue products via a firmware update. That includes smart bulbs, light strips, and fixtures. Portable devices, such as the Hue Go or Table Lamp, and battery-powered accessories, such as Hue switches, aren't compatible. Neither is Hue's current smart plug. [...] "All of the functionality you get with our physical motion sensors -- including turning on when motion is detected or off when there's been no movement for a certain amount of time -- can be configured on motion-aware motion events," says George Yianni, Hue CTO and founder, in an interview with The Verge. "We've done something that's quite a lot better than what else is out there."

MotionAware is occupancy sensing, not presence sensing; it requires movement. Yianni says it's comparable to the passive infrared sensing (PIR) Hue's physical sensors use. This means it can be triggered by pets or other motion. A sensitivity slider in the app helps fine-tune detection. According to Yianni, a key benefit over PIR is that a MotionAware zone can cover a larger area than a single PIR sensor, and it's also not limited to line of sight. MotionAware can't sense light levels, which Hue Motion Sensors can, but you can pair a light sensor to a motion zone to feed it that data. The positioning of the lights will also play a role in determining the effectiveness of the motion sensing. "We recommend that the lights surround an area which will roughly define the detection area in which motion will be detected," says Yianni. "It will sense around the lights and in the broader room thanks to reflections, but detection reliability will depend on lots of factors."

Beyond lighting automation, MotionAware can also integrate with Hue Secure, Hue's DIY security platform that includes cameras, contact sensors, and a new video doorbell. Motion detection can trigger lights to flash red, activate Hue's new plug-in chime/siren, and send an alert to your phone with a button to call emergency services. [...] MotionAware is built on RF sensing -- a technology that uses wireless signals to "see" a space and detect disruptions within it. The data is then sent to the Bridge Pro, where AI algorithms are applied to figure out what is causing those disruptions, so the system can act accordingly. This is why it's limited to the Bridge Pro, the V2 bridge isn't powerful enough to run those algorithms, says Yianni.

Tesco is suing Broadcom and reseller Computacenter for at least $134 million, claiming that VMware's perpetual license support agreements were breached after Broadcom's acquisition. The supermarket giant warned it "may not be able to put food on the shelves if the situation goes pear-shaped," writes The Register's Simon Sharwood. From the report: Court documents seen by The Register assert that in January 2021 Tesco acquired perpetual licenses for VMware's vSphere Foundation and Cloud Foundation products, plus subscriptions to Virtzilla's Tanzu products, and agreed a contract for support services and software upgrades that run until 2026. Tesco claims VMware also agreed to give it an option to extend support services for an additional four years. All of this happened before Broadcom acquired VMware and stopped selling support services for software sold under perpetual licenses. Broadcom does sell support to those who sign for its new software subscriptions.

The supermarket giant says Broadcom's subscriptions mean it must pay "excessive and inflated prices for virtualization software for which Tesco has already paid," and "is unable any longer to purchase stand-alone Virtualization Support Services for its Perpetually Licensed Software without also having to purchase duplicative subscription-based licenses for those same Software products which it already owns." The complaint also alleges that Tesco's contracts with VMware include eligibility for software upgrades, but that Broadcom won't let the retailer update its perpetual licenses to cover the new Cloud Foundation 9.

The filing names Computacenter as a co-defendant as it was the reseller that Tesco relied on for software licenses, and the retailer feels it's breached contracts to supply software at a fixed price. Tesco's filing also mentions Broadcom's patch publication policy, which means users who don't acquire subscriptions can't receive all security updates and don't receive other fixes. The retailer thinks its contracts mean it is entitled to those updates. The filing suggests that lack of support is not just a legal matter, but may have wider implications because VMware software, and support for it "are essential for the operations and resilience of Tesco's business and its ability to supply groceries to consumers across the UK and Republic of Ireland."

"VMware Virtualization Software underpins the servers and data systems that enable Tesco's stores and operations to function, hosting approximately 40,000 server workloads and connecting to, by way of illustration, tills in Tesco stores," the filing states. Tesco's filing warns that Broadcom, VMware, and Computacenter are each liable for at least $134 million damages, plus interest, and that the longer the dispute persists the higher damages will climb.

An anonymous reader quotes a report from ZDNet: Over the Labor Day weekend, Cloudflare says it successfully stopped a record-breaking distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps). This came only a few months after Cloudflare blocked a then all-time high DDoS attack of 7.3 Tbps. This latest attack was almost 60% larger.

According to Cloudflare, the assault was the result of a hyper-volumetric User Datagram Protocol (UDP) flood attack that lasted about 35 seconds. During that just more than half-minute attack, it delivered over 5.1 billion packets per second. This attack, Cloudflare reported, came from a combination of several IoT and cloud providers. Although compromised accounts on Google Cloud were a major source, the bulk of the attack originated from other sources.

The specific target of this attack has not been publicly disclosed, but we can be sure the intent was to overwhelm the victim's network and render online services inoperative. Cloudflare says its globally distributed, fully autonomous DDoS mitigation network detected and neutralized the threat in real time, without notable impact on customer services or requiring manual intervention. This operation highlights both the rising sophistication of attack methods and the resilience of modern internet infrastructure defenses, especially Cloudflare's use of real-time packet analysis, fingerprinting, and rapid threat intelligence sharing across its network.

An anonymous reader quotes a report from The Register: Ten vulnerabilities in Copeland controllers, which are found in thousands of devices used by the world's largest supermarket chains and cold storage companies, could have allowed miscreants to manipulate temperatures and spoil food and medicine, leading to massive supply-chain disruptions. The flaws, collectively called Frostbyte10, affect Copeland E2 and E3 controllers, used to manage critical building and refrigeration systems, such as compressor groups, condensers, walk-in units, HVAC, and lighting systems. Three received critical-severity ratings. Operational technology security firm Armis found and reported the 10 bugs to Copeland, which has since issued firmware updates that fix the flaws in both the E3 and the E2 controllers. The E2s reached their official end-of-life in October, and affected customers are encouraged to move to the newer E3 platform. Upgrading to Copeland firmware version 2.31F01 mitigates all the security issues detailed here, and the vendor recommends patching promptly.

In addition to the Copeland updates, the US Cybersecurity and Infrastructure Security Agency (CISA) is also scheduled to release advisories today, urging any organization that uses vulnerable controllers to patch immediately. Prior to these publications, Copeland and Armis execs spoke exclusively to The Register about Frostbyte10, and allowed us to preview an Armis report about the security issues. "When combined and exploited, these vulnerabilities can result in unauthenticated remote code execution with root privileges," it noted. [...] To be clear: there is no indication that any of these vulnerabilities were found and exploited in the wild before Copeland issued fixes. However, the manufacturer's ubiquitous reach across retail and cold storage makes it a prime target for all manner of miscreants, from nation-state attackers looking to disrupt the food supply chain to ransomware gangs looking for victims who will quickly pay extortion demands to avoid operational downtime and food spoilage.

Google denied claims Monday that it had issued a security warning to Gmail users about a major vulnerability. The company stated that recent reports claiming a broad Gmail security alert were "entirely false." Google said its email service blocks more than 99.9% of phishing and malware attempts from reaching users' inboxes.

PC Gamer reports: The Diablo team is the next in line to unionize at Blizzard. Over 450 developers across multiple disciplines have voted to form a union under the Communications Workers of America (CWA), and they're now the fourth major Blizzard team to do so... A wave of unions have formed at Blizzard in the last year, including the World of Warcraft, Overwatch, and Story and Franchise Development teams. Elsewhere at Microsoft, Bethesda, ZeniMax Online Studios and ZeniMax QA testers have also unionized...

The CWA says over 3,500 Microsoft workers have now organized to fight for fair compensation, job security, and improved working conditions.
CWA is America's largest communications and media labor union, and in a statement, local 9510 president Jason Justice called the successful vote "part of a much larger story about turning the tide in an industry that has long overlooked its labor. Entertainment workers across film, television, music, and now video games are standing together to have a seat at the table. The strength of our movement comes from that solidarity."

And CWA local 6215 president Ron Swaggerty said "Each new organizing effort adds momentum to the nationwide movement for video game worker power."

"What began as a trickle has turned into an avalanche," writes the gaming news site Aftermath, calling the latest vote "a direct result of the union neutrality deal Microsoft struck with CWA in 2022 when it was facing regulatory scrutiny over its $68.7 billion purchase of Activision Blizzard." We've come a long way since small units at Raven and Blizzard Albany fended off Activision Blizzard's pre-acquisition attempts at union busting in 2022 and 2023, and not a moment too soon: Microsoft's penchant for mass layoffs has cut some teams to the bone and left others warily counting down the days until their heads land on the chopping block. This new union, workers hope, will act as a bulwark...

[B]ased on preliminary conversations with prospective members, they can already hazard a few guesses as to what they'll be arm-wrestling management over at the bargaining table: pay equity, AI, crediting, and remote work.

An anonymous reader quotes a report from Ars Technica: Earlier this month, EA announced that players in its Battlefield 6 open beta on PC would have to enable Secure Boot in their Windows OS and BIOS settings. That decision proved controversial among players who weren't able to get the finicky low-level security setting working on their machines and others who were unwilling to allow EA's anti-cheat tools to once again have kernel-level access to their systems. Now, Battlefield 6 technical director Christian Buhl is defending that requirement as something of a necessary evil to combat cheaters, even as he apologizes to any potential players that it has kept away.

"The fact is I wish we didn't have to do things like Secure Boot," Buhl said in an interview with Eurogamer. "It does prevent some players from playing the game. Some people's PCs can't handle it and they can't play: that really sucks. I wish everyone could play the game with low friction and not have to do these sorts of things." Throughout the interview, Buhl admits that even requiring Secure Boot won't completely eradicate cheating in Battlefield 6 long term. Even so, he offered that the Javelin anti-cheat tools enabled by Secure Boot's low-level system access were "some of the strongest tools in our toolbox to stop cheating. Again, nothing makes cheating impossible, but enabling Secure Boot and having kernel-level access makes it so much harder to cheat and so much easier for us to find and stop cheating." [...]

Despite all these justifications for the Secure Boot requirement on EA's part, it hasn't been hard to find people complaining about what they see as an onerous barrier to playing an online shooter. A quick Reddit search turns up dozens of posts complaining about the difficulty of getting Secure Boot on certain PC configurations or expressing discomfort about installing what they consider a "malware rootkit" on their machine. "I want to play this beta but A) I'm worried about bricking my PC. B) I'm worried about giving EA complete access to my machine," one representative Redditor wrote.

An anonymous reader quotes a report from TechCrunch: WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was being used to stealthily hack into the Apple devices of "specific targeted users." The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known officially as CVE-2025-55177, which was used alongside a separate flaw found in iOS and Macs, which Apple fixed last week and tracks as CVE-2025-43300.

Apple said at the time that the flaw was used in an "extremely sophisticated attack against specific targeted individuals." Now we know that dozens of WhatsApp users were targeted with this pair of flaws. Donncha O Cearbhaill, who heads Amnesty International's Security Lab, described the attack in a post on X as an "advanced spyware campaign" that targeted users over the past 90 days, or since the end of May. O Cearbhaill described the pair of bugs as a "zero-click" attack, meaning it does not require any interaction from the victim, such as clicking a link, to compromise their device.

The two bugs chained together allow an attacker to deliver a malicious exploit through WhatsApp that's capable of stealing data from the user's Apple device. Per O Cearbhaill, who posted a copy of the threat notification that WhatsApp sent to affected users, the attack was able to "compromise your device and the data it contains, including messages." It's not immediately clear who, or which spyware vendor, is behind the attacks. When reached by TechCrunch, Meta spokesperson Margarita Franklin confirmed the company detected and patched the flaw "a few weeks ago" and that the company sent "less than 200" notifications to affected WhatsApp users. The spokesperson did not say, when asked, if WhatsApp has evidence to attribute the hacks to a specific attacker or surveillance vendor.

Microsoft has found no link between the August 2025 KB5063878 security update and customer reports of failure and data corruption issues affecting solid-state drives (SSDs) and hard disk drives (HDDs). From a report: Redmond first told BleepingComputer last week that it is aware of users reporting SSD failures after installing this month's Windows 11 24H2 security update. In a subsequent service alert seen by BleepingComputer, Redmond said that it was unable to reproduce the issue on up-to-date systems and began collecting user reports with additional details from those affected.

"After thorough investigation, Microsoft has found no connection between the August 2025 Windows security update and the types of hard drive failures reported on social media," Microsoft said in an update to the service alert this week. "As always, we continue to monitor feedback after the release of every Windows update, and will investigate any future reports."

An anonymous reader quotes a report from TechCrunch: Credit reporting giant TransUnion has disclosed a data breach affecting more than 4.4 million customers' personal information. In a filing with Maine's attorney general's office on Thursday, TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers' personal data for its U.S. consumer support operations.

TransUnion claimed "no credit information was accessed," but provided no immediate evidence for its claim. The data breach notice did not specify what specific types of personal data were stolen. In a separate data breach disclosure filed later on Thursday with Texas' attorney general's office, TransUnion confirmed that the stolen personal information includes customers' names, dates of birth, and Social Security numbers. [...] It's not clear who is behind the breach at TransUnion, or if the hackers made any demands to the company.

Nevada has been crippled by a cyberattack that began on August 24, taking down state websites, intermittently disabling phone lines, and forcing offices like the DMV to close. The Register reports: The Office of Governor Joseph Lombardo announced the attack via social media on Monday, saying that a "network security incident" took hold in the early hours of August 24. Official state websites remain unavailable, and Lombardo's office warned that phone lines will be intermittently down, although emergency services lines remain operational. State offices are also closed until further notice, including Department of Motor Vehicles (DMV) buildings. The state said any missed appointments will be honored on a walk-in basis.

"The Office of the Governor and Governor's Technology Office (GTO) are working continuously with state, local, tribal, and federal partners to restore services safely," the announcement read. "GTO is using temporary routing and operational workarounds to maintain public access where it is feasible. Additionally, GTO is validating systems before returning them to normal operation and sharing updates as needed." Local media outlets are reporting that, further to the original announcement, state offices will remain closed on Tuesday after officials previously expected them to reopen. The state's new cybersecurity office says there is currently no evidence to suggest that any Nevadans' personal information was compromised during the attack.

A widely used Node.js utility called fast-glob, relied on by thousands of projectsâ"including over 30 U.S. Department of Defense systems -- is maintained solely by a Russian developer linked to Yandex. While there's no evidence of malicious activity, cybersecurity experts warn that the lack of oversight in such critical open-source projects leaves them vulnerable to potential exploitation by state-backed actors. The Register reports: US cybersecurity firm Hunted Labs reported the revelations on Wednesday. The utility in question is fast-glob, which is used to find files and folders that match specific patterns. Its maintainer goes by the handle "mrmlnc", and the Github profile associated with that handle identifies its owner as a Yandex developer named Denis Malinochkin living in a suburb of Moscow. A website associated with that handle also identifies its owner as the same person, as Hunted Labs pointed out.

Hunted Labs told us that it didn't speak to Malinochkin prior to publication of its report today, and that it found no ties between him and any threat actor. According to Hunted Labs, fast-glob is downloaded more than 79 million times a week and is currently used by more than 5,000 public projects in addition to the DoD systems and Node.js container images that include it. That's not to mention private projects that might use it, meaning that the actual number of at-risk projects could be far greater.

While fast-glob has no known CVEs, the utility has deep access to systems that use it, potentially giving Russia a number of attack vectors to exploit. Fast-glob could attack filesystems directly to expose and steal info, launch a DoS or glob-injection attack, include a kill switch to stop downstream software from functioning properly, or inject additional malware, a list Hunted Labs said is hardly exhaustive. [...] Hunted Labs cofounder Haden Smith told The Register that the ties are cause for concern. "Every piece of code written by Russians isn't automatically suspect, but popular packages with no external oversight are ripe for the taking by state or state-backed actors looking to further their aims," Smith told us in an email. "As a whole, the open source community should be paying more attention to this risk and mitigating it." [...]

Hunted Labs said that the simplest solution for the thousands of projects using fast-glob would be for Malinochkin to add additional maintainers and enhance project oversight, as the only other alternative would be for anyone using it to find a suitable replacement. "Open source software doesn't need a CVE to be dangerous," Hunted Labs said of the matter. "It only needs access, obscurity, and complacency," something we've noted before is an ongoing problem for open source projects. This serves as another powerful reminder that knowing who writes your code is just as critical as understanding what the code does," Hunted Labs concluded.

Starting with Word for Windows version 2509, Microsoft is making cloud saving the default behavior. New documents will automatically save to OneDrive (or another cloud destination), with dated filenames, unless users manually revert to local saving in the settings. From the report: "Anything new you create will be saved automatically to OneDrive or your preferred cloud destination", writes Raul Munoz, product manager at Microsoft on the Office Shared Services and Experiences team. Munoz backs up the decision with half a dozen advantages for saving documents to the cloud. From never losing progress and access anywhere to easy collaboration and increased security and compliance. While cloud saving is without doubt beneficial in some cases, Munoz fails to address the elephant in the room. Some users may not want that their documents are stored in the cloud. There are good reasons for that, including privacy.

Summed up:
- If you do not mind that Word documents are stored in the cloud, you do not need to become active.
- If you mind that Word documents are stored in the cloud by default, you need to modify the default setting.

Google has eliminated more than one-third of its managers overseeing small teams, an executive told employees last week, as the company continues its focus on efficiencies across the organization. From a report: "Right now, we have 35% fewer managers, with fewer direct reports" than at this time a year ago, said Brian Welle, vice president of people analytics and performance, according to audio of an all-hands meeting reviewed by CNBC. "So a lot of fast progress there."

At the meeting, employees asked Welle and other executives about job security, "internal barriers" and Google's culture after several recent rounds of layoffs, buyouts and reorganizations. Welle said the idea is to reduce bureaucracy and run the company more efficiently. "When we look across our entire leadership population, that['s mangers, directors and VPs, we want them to be a smaller percentage of our overall workforce over time," he said.

An anonymous reader shares a report: Security researchers from Palo Alto Networks' Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it's quite simple. You just have to ensure that your prompt uses terrible grammar and is one massive run-on sentence like this one which includes all the information before any full stop which would give the guardrails a chance to kick in before the jailbreak can take effect and guide the model into providing a "toxic" or otherwise verboten response the developers had hoped would be filtered out.

The paper also offers a "logit-gap" analysis approach as a potential benchmark for protecting models against such attacks. "Our research introduces a critical concept: the refusal-affirmation logit gap," researchers Tung-Ling "Tony" Li and Hongliang Liu explained in a Unit 42 blog post. "This refers to the idea that the training process isn't actually eliminating the potential for a harmful response -- it's just making it less likely. There remains potential for an attacker to 'close the gap,' and uncover a harmful response after all."

The Document Foundation, which operates the popular open source productivity suite LibreOffice, is positioning the suite's newest release, v25.8, as a strategic asset for digital sovereignty, targeting governments and enterprises seeking independence from foreign software vendors and cloud infrastructure.

The Document Foundation released the update last week with zero telemetry architecture, full offline capability, and OpenPGP encryption for documents, directly addressing national security concerns about extraterritorial surveillance and software backdoors. The suite requires no internet access for any features and maintains complete transparency through open source code that governments can audit. Government bodies in Germany, Denmark, and France, alongside national ministries in Italy and Brazil, have deployed LibreOffice to meet GDPR compliance, national procurement laws, and IT localization mandates while eliminating unpredictable licensing costs from proprietary vendors.

"It's time to own your documents, own your infrastructure, and own your future," the foundation wrote in a blog post.

Farmers Insurance disclosed a breach affecting 1.1 million customers after attackers exploited Salesforce in a widespread campaign involving ShinyHunters and allied groups. According to BleepingComputer, the hackers stole personal data such as names, birth dates, driver's license numbers, and partial Social Security numbers. From the report: The company disclosed the data breach in an advisory on its website, saying that its database at a third-party vendor was breached on May 29, 2025. "On May 30, 2025, one of Farmers' third-party vendors alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor's databases containing Farmers customer information (the "Incident")," reads the data breach notification (PDF) on its website. "The third-party vendor had monitoring tools in place, which allowed the vendor to quickly detect the activity and take appropriate containment measures, including blocking the unauthorized actor. After learning of the activity, Farmers immediately launched a comprehensive investigation to determine the nature and scope of the Incident and notified appropriate law enforcement authorities."

The company says that its investigation determined that customers' names, addresses, dates of birth, driver's license numbers, and/or last four digits of Social Security numbers were stolen during the breach. Farmers began sending data breach notifications to impacted individuals on August 22, with a sample notification [1, 2] shared with the Maine Attorney General's Office, stating that a combined total of 1,111,386 customers were impacted. While Farmers did not disclose the name of the third-party vendor, BleepingComputer has learned that the data was stolen in the widespread Salesforce data theft attacks that have impacted numerous organizations this year. Further reading: Google Suffers Data Breach in Ongoing Salesforce Data Theft Attacks

The Federal Trade Commission is warning major U.S. tech companies against yielding to foreign government demands that weaken data security, compromise encryption, or impose censorship on their platforms. From a report: FTC Chairman Andrew N. Ferguson signed the letter sent to large American companies like Akamai, Alphabet (Google), Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X (Twitter). Ferguson stresses that weakening data security at the request of foreign governments, especially if they don't alert users about it, would constitute a violation of the FTC Act and expose companies to legal consequences.

Ferguson's letter specifically cites foreign laws such as the EU's Digital Services Act and the UK's Online Safety and Investigatory Powers Acts. Earlier this year, Apple was forced to remove support for iCloud end-to-end encryption in the United Kingdom rather than give in to demands to add a backdoor for the government to access encrypted accounts. The UK's demand would have weakened Apple's encryption globally, but it was retracted last week following U.S. diplomatic pressure.

Security researchers have uncovered critical vulnerabilities in Perplexity's Comet browser that enable attackers to hijack user accounts and execute malicious code through the browser's AI summarization features. The flaws, discovered independently by Brave and Guardio Labs, exploit indirect prompt injection attacks that bypass traditional web security mechanisms when users request webpage summaries.

Brave demonstrated account takeover through a malicious Reddit post that compromised Perplexity accounts when summarized. The vulnerability allows attackers to embed commands in webpage content that the browser's large language model executes with full user privileges across authenticated sessions.

Guardio's testing found the browser would complete phishing transactions and prompt users for banking credentials without warning indicators. The paid browser, available to Perplexity Pro and Enterprise Pro subscribers since July, processes untrusted webpage content without distinguishing between legitimate instructions and attacker payloads.