Whoop fitness trackers had promised free upgrades to anyone who'd been a member for at least six months — and then reneged. "After customers began complaining, the company responded with a Reddit post, according to a report from TechCrunch: Now, anyone with more than 12 months remaining on their subscription is eligible for a free upgrade to Whoop 5.0 (or a refund if they've already paid the fee). And customers with less than 12 months can extend their subscription to get the upgrade at no additional cost.
Whoop acknowledged that they'd previously said anyone who'd been a member for six months would receive a free upgrade. Friday they described that blog article as "incorrect". ("This was never our policy and should never have been posted... We removed that blog article... We're sorry for any confusion this may have caused.")

TechCrunch explains: While the company said it's making these changes because it "heard your feedback," it also suggested that its apparent stinginess was tied to its transition from a [2021] model focused on monthly or six-month subscription plans to one where it only offers 12- and 24-month subscriptions...

There's been a mixed response to these changes on the Whoop subreddit, with one moderator describing it as a "win for the community." Other posters were more skeptical, with one writing, "You don't publish a policy by accident and keep it up for years. Removing it after backlash doesn't erase the fact [that] it is real."
Other changes announced by Whoop:

• "If you purchased or renewed a WHOOP 4.0 membership in the last 30 days before May 8, your upgrade fee will be automatically waived at checkout..."

• "If you've already upgraded to WHOOP 5.0 on Peak and paid a one-time upgrade fee despite having more than 12 months remaining, we'll refund that fee."

"Thank you for your feedback. We remain committed to delivering the best technology, experience, and value to our community."

"A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver," reports The Hacker News: Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint.

The vulnerability was first flagged by ReliaQuest late last month when it found the shortcoming being abused in real-world attacks by unknown threat actors to drop web shells and the Brute Ratel C4 post-exploitation framework. According to [SAP cybersecurity firm] Onapsis, hundreds of SAP systems globally have fallen victim to attacks spanning industries and geographies, including energy and utilities, manufacturing, media and entertainment, oil and gas, pharmaceuticals, retail, and government organizations. Onapsis said it observed reconnaissance activity that involved "testing with specific payloads against this vulnerability" against its honeypots as far back as January 20, 2025. Successful compromises in deploying web shells were observed between March 14 and March 31.
"In recent days, multiple threat actors are said to have jumped aboard the exploitation bandwagon to opportunistically target vulnerable systems to deploy web shells and even mine cryptocurrency..."



Thanks to Slashdot reader bleedingobvious for sharing the news.

Exposure-management company Tenable recently discussed how the MCP tool-interfacing framework for AI can be "manipulated for good, such as logging tool usage and filtering unauthorized commands." (Although "Some of these techniques could be used to advance both positive and negative goals.")

Now an anonymous Slashdot reader writes: In a demonstration video put together by security researcher Seth Fogie, an AI client given a simple prompt to 'Scan and exploit' a web server leverages various connected tools via MCP (nmap, ffuf, nuclei, waybackurls, sqlmap, burp) to find and exploit discovered vulnerabilities without any additional user interaction

As Tenable illustrates in their MCP FAQ, "The emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns." With over 12,000 MCP servers and counting, what does this all lead to and when will AI be connected enough for a malicious prompt to cause serious impact?

"Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware," reports Ars Technica, "a strong indication that devices belonging to him have been hacked in recent years." As an employee of DOGE, [30-something Kyle] Schutt accessed FEMA's proprietary software for managing both disaster and non-disaster funding grants [to Dropsite News]. Under his role at CISA, he likely is privy to sensitive information regarding the security of civilian federal government networks and critical infrastructure throughout the U.S. According to journalist Micah Lee, user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware... Besides pilfering login credentials, stealers can also log all keystrokes and capture or record screen output. The data is then sent to the attacker and, occasionally after that, can make its way into public credential dumps...

Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.
The credentials may have been exposed when service providers were compromised, the article points out, but the "steady stream of published credentials" is "a clear indication that the credentials he has used over a decade or more have been publicly known at various points.

"And as Lee noted, the four dumps from stealer logs show that at least one of his devices was hacked at some point."

Thanks to Slashdot reader gkelley for sharing the news.

"The Overwatch 2 team at Blizzard has unionized," reports Kotaku: That includes nearly 200 developers across disciplines ranging from art and testing to engineering and design. Basically anyone who doesn't have someone else reporting to them. It's the second wall-to-wall union at the storied game maker since the World of Warcraft team unionized last July... Like unions at Bethesda Game Studios and Raven Software, the Overwatch Gamemakers Guild now has to bargain for its first contract, a process that Microsoft has been accused of slow-walking as negotiations with other internal game unions drag on for years.

"The biggest issue was the layoffs at the beginning of 2024," Simon Hedrick, a test analyst at Blizzard, told Kotaku... "People were gone out of nowhere and there was nothing we could do about it," he said. "What I want to protect most here is the people...." Organizing Blizzard employees stress that improving their working conditions can also lead to better games, while the opposite — layoffs, forced resignations, and uncompetitive pay can make them worse....

"We're not just a number on an Excel sheet," [said UI artist Sadie Boyd]. "We want to make games but we can't do it without a sense of security." Unionizing doesn't make a studio immune to layoffs or being shuttered, but it's the first step toward making companies have a discussion about those things with employees rather than just shadow-dropping them in an email full of platitudes. Boyd sees the Overwatch union as a tool for negotiating a range of issues, like if and how generative AI is used at Blizzard, as well as a possible source of inspiration to teams at other studios.

"Our industry is at such a turning point," she said. "I really think with the announcement of our union on Overwatch...I know that will light some fires."
The article notes that other issues included work-from-home restrictions, pay disparities and changes to Blizzard's profit-sharing program, and wanting codified protections for things like crunch policies, time off, and layoff-related severance.

Long-time Slashdot reader smooth wombat writes: Over the past year there have been stories about North Korean spies unknowingly or knowingly being hired to work in western companies. During an interview by Kraken, a crypto exchange, the interviewers became suspicious about the candidate. Instead of cutting off the interview, Kraken decided to continue the candidate through the hiring process to gain more information. One simple question confirmed the user wasn't who they said they were and even worse, was a North Korean spy.
Would-be IT worker "Steven Smith" already had an email address on a "do-not-hire" list from law enforcement agencies, according to CBS News. And an article in Fortune magazine says Kraken asked him to speak to a recruiter and take a technical-pretest, and "I don't think he actually answered any questions that we asked him," according to its chief security officer Nick Percoco — even though the application was claiming 11 years of experience as a software engineer at U.S.-based companies: The interview was scheduled for Halloween, a classic American holiday—especially for college students in New York—that Smith seemed to know nothing about. "Watch out tonight because some people might be ringing your doorbell, kids with chain saws," Percoco said, referring to the tradition of trick or treating. "What do you do when those people show up?"

Smith shrugged and shook his head. "Nothing special," he said.

Smith was also unable to answer simple questions about Houston, the town he had supposedly been living in for two years. Despite having listed "food" as an interest on his résumé, Smith was unable to come up with a straight answer when asked about his favorite restaurant in the Houston area. He looked around for a few seconds before mumbling, "Nothing special here...."

The United Nations estimates that North Korea has generated between $250 million to $600 million per year by tricking overseas firms to hire its spies. A network of North Koreans, known as Famous Chollima, was behind 304 individual incidents last year, cybersecurity company CrowdStrike reported, predicting that the campaigns will continue to grow in 2025.
During a report CBS News actually aired footage of the job interview with the "suspected member of Kim Jong Un's cyberarmy." "Some people might call it trolling as well," one company official told the news outlet. "We call it security research." (And they raise the disturbing possibility that another IT company might very well have hired "Steven Smith"...)

CBS also spoke to CrowdStrike co-founder Dmitri Alperovitch, who says the problem increased with remote work, as is now fueling a state-run weapons program. "It's a huge problem because these people are not just North Koreans — they're North Koreans working for their munitions industry department, they're working for the Korean People's Army." (He says later the results of their work are "going directly" to North Korea's nuclear and ballistic missile programs.)

And when CBS notes that the FBI issued a wanted poster of alleged North Korean agents and arrested Americans hosting laptop farms in Arizona and Tennesse ("computer hubs inside the U.S. that conceal the cybercriminals real identities"), Alperovitch says "They cannot do this fraud without support here in America from witting or unwitting actors. So they have hired probably hundreds of people..." CBS adds that FBI officials say "the IT worker scene is expanding worldwide."

An anonymous reader quotes a report from BleepingComputer: Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. The U.S. Justice Department also indicted three Russian nationals (Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, and Aleksandr Aleksandrovich Shishkin) and a Kazakhstani (Dmitriy Rubtsov) for their involvement in operating, maintaining, and profiting from these two illegal services.

During this joint action dubbed 'Operation Moonlander,' U.S. authorities worked with prosecutors and investigators from the Dutch National Police, the Netherlands Public Prosecution Service (Openbaar Ministerie), and the Royal Thai Police, as well as analysts with Lumen Technologies' Black Lotus Labs. Court documents show that the now-dismantled botnet infected older wireless internet routers worldwide with malware since at least 2004, allowing unauthorized access to compromised devices to be sold as proxy servers on Anyproxy.net and 5socks.net. The two domains were managed by a Virginia-based company and hosted on servers globally.

On Wednesday, the FBI also issued a flash advisory (PDF) and a public service announcement warning that this botnet was targeting patch end-of-life (EoL) routers with a variant of the TheMoon malware. The FBI warned that the attackers are installing proxies later used to evade detection during cybercrime-for-hire activities, cryptocurrency theft attacks, and other illegal operations. The list of devices commonly targeted by the botnet includes Linksys and Cisco router models, including:

- Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550
- Linksys WRT320N, WRT310N, WRT610N
- Cisco M10 and Cradlepoint E100 "The botnet controllers require cryptocurrency for payment. Users are allowed to connect directly with proxies using no authentication, which, as documented in previous cases, can lead to a broad spectrum of malicious actors gaining free access," Black Lotus Labs said. "Given the source range, only around 10% are detected as malicious in popular tools such as VirusTotal, meaning they consistently avoid network monitoring tools with a high degree of success. Proxies such as this are designed to help conceal a range of illicit pursuits including ad fraud, DDoS attacks, brute forcing, or exploiting victim's data."

An anonymous reader quotes a report from TechCrunch: A Florida bill, which would have required social media companies to provide an encryption backdoor for allowing police to access user accounts and private messages, has failed to pass into law. The Social Media Use by Minors bill was "indefinitely postponed" and "withdrawn from consideration" in the Florida House of Representatives earlier this week. Lawmakers in the Florida Senate had already voted to advance the legislation, but a bill requires both legislative chambers to pass before it can become law.

The bill would have required social media firms to "provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena," which are typically issued by law enforcement agencies and without judicial oversight. Digital rights group the Electronic Frontier Foundation called the bill "dangerous and dumb." Security professionals have long argued that it is impossible to create a secure backdoor that cannot also be maliciously abused, and encryption backdoors put user data at risk of data breaches.

Software firm 37signals is completing its migration from AWS to on-premises infrastructure, expecting to save $1.3 million annually on storage costs alone. CTO David Heinemeier Hansson announced the company has begun migrating 18 petabytes of data from Amazon S3 to Pure Storage arrays costing $1.5 million upfront but only $200,000 yearly to operate.

AWS waived $250,000 in data egress fees for the transition, which will allow 37signals to completely delete its AWS account this summer. The company has already slashed $2 million in annual costs after replacing cloud compute with $700,000 worth of Dell servers in 2024. "Cloud can be a good choice in certain circumstances, but the industry pulled a fast one convincing everyone it's the only way," wrote Hansson, who began the repatriation effort in 2022 after discovering their annual AWS bill exceeded $3.2 million.

CrowdStrike, the cybersecurity firm that became a household name after causing a massive global IT outage last year, has announced it will cut 5% of its workforce in part due to "AI efficiency." From a report: In a note to staff earlier this week, released in stock market filings in the US, CrowdStrike's chief executive, George Kurtz, announced that 500 positions, or 5% of its workforce, would be cut globally, citing AI efficiencies created in the business.

"We're operating in a market and technology inflection point, with AI reshaping every industry, accelerating threats, and evolving customer needs," he said. Kurtz said AI "flattens our hiring curve, and helps us innovate from idea to product faster," adding it "drives efficiencies across both the front and back office. AI is a force multiplier throughout the business," he said. Other reasons for the cuts included market demand for sustained growth and expanding the product offering.

An anonymous reader quotes a report from BleepingComputer: Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. Pearson is a UK-based education company and one of the world's largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70 countries through its print and online services. In a statement to BleepingComputer, Pearson confirmed they suffered a cyberattack and that data was stolen, but stated it was mostly "legacy data."

"We recently discovered that an unauthorized actor gained access to a portion of our systems," a Pearson representative confirmed to BleepingComputer. "Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement's investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication. We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate." Pearson also confirmed that the stolen data did not include employee information. The education company previously disclosed in January that they were investigating a breach of one of their subsidiaries, PDRI, which is believed to be related to this attack.

BleepingComputer also notes that threat actors breached Pearson's developer environment in January 2025 using an exposed GitLab access token, gaining access to source code and hard-coded credentials. Terabytes of sensitive data was stolen from cloud platforms and internal systems.

Despite the potential impact on millions of individuals, Pearson has declined to answer key questions about the breach or its response.

Switzerland will hold a national referendum on the introduction of electronic identity cards after opponents of the legislation secured enough signatures to force a public vote. The Federal Chancellery confirmed Wednesday that 55,344 valid signatures were submitted against the Federal Act on Electronic Identity passed last December.

The proposed e-ID would enable citizens to apply online for criminal record extracts, driving licenses, and age verification when purchasing alcohol. This marks the second referendum on e-ID implementation, after voters rejected a previous version in 2021. The government has revised its approach, making the new system free, optional, and fully state-operated rather than privately managed. If approved, the e-ID would come into force no earlier than 2026, though the collection effort suggests privacy concerns remain paramount for many Swiss voters.

The curl open source project is fighting against a flood of AI-generated false security reports. Daniel Stenberg, curl's original author and lead developer, declared on LinkedIn that they are "effectively being DDoSed" by these submissions.

"We still have not seen a single valid security report done with AI help," Stenberg wrote. This week alone, four AI-generated vulnerability reports arrived seeking reputation or bounties, ArsTechnica writes. One particularly frustrating May 4 report claiming "stream dependency cycles in the HTTP/3 protocol stack" pushed Stenberg "over the limit." The submission referenced non-existent functions and failed to apply to current versions.

Some AI reports are comically obvious. One accidentally included its prompt instruction: "and make it sound alarming." Stenberg has asked HackerOne, which manages vulnerability reporting, for "more tools to strike down this behavior." He plans to ban reporters whose submissions are deemed "AI slop."

President Trump's proposed 2026 budget seeks to cut nearly $500 million from CISA, accusing the agency of prioritizing censorship over cybersecurity and election protection. "The proposed cuts -- which are largely symbolic at this stage as they need to be approved by Congress -- are framed as a purge of the so-called 'censorship industrial complex,' a term the White House uses to describe CISA's work countering misinformation," reports The Register. From the report: In its fiscal 2024 budget request, the agency had asked [PDF] for a total of just over $3 billion to safeguard the nation's online security across both government and private sectors. The enacted budget that year was about $34 million lower than the previous year's. Now, a deep cut has been proposed [PDF], as the Trump administration decries the agency's past work tackling the spread of misinformation on the web by America's enemies, as well as the agency's efforts safeguarding election security. [...]

"The budget eliminates programs focused on so-called misinformation and propaganda as well as external engagement offices such as international affairs," it reads [PDF]. "These programs and offices were used as a hub in the censorship industrial complex to violate the First Amendment, target Americans for protected speech, and target the President. CISA was more focused on censorship than on protecting the nation's critical systems, and put them at risk due to poor management and inefficiency, as well as a focus on self-promotion."

Microsoft has instituted a stringent new performance management system that places ousted employees on a two-year rehiring block list and categorizes their departures as "good attrition," Business Insider reported Tuesday, citing internal documents. The company now tracks staff departures it considers beneficial, mirroring Amazon's "unregretted attrition" metric, though no specific targets have been established yet.

Microsoft recently terminated 2,000 underperforming employees without severance and implemented a new performance improvement plan (PIP). Employees facing performance issues now must choose between entering the PIP or accepting a "Global Voluntary Separation Agreement" with 16 weeks of pay.

Further reading: Microsoft Offers Underperformers Cash To Quit.

The Open Document Format reached its 20th anniversary on May 1, marking two decades since OASIS approved the XML-based standard originally developed by Sun Microsystems from StarOffice code. Even as the format has seen adoption by several governments including the UK, India, and Brazil, plus organizations like NATO, Microsoft Office's proprietary formats remain the de facto standard.

Microsoft countered ODF by developing Office Open XML, eventually getting it standardized through Ecma International. "ODF is much more than a technical specification: it is a symbol of freedom of choice, support for interoperability and protection of users from the commercial strategies of Big Tech," said Eliane Domingos, Chair of the Document Foundation, which oversees LibreOffice -- a fork created after Oracle acquired Sun.

Riot Games has reduced cheating in Valorant to under 1% of ranked games through its controversial kernel-level anti-cheat system Vanguard, according to the company's anti-cheat director Phillip Koskinas. The system enforces Windows security features like Trusted Platform Module and Secure Boot while preventing code execution in kernel memory.

Beyond technical measures, Riot deploys undercover operatives who have infiltrated cheat development communities for years. "We've even gone as far as giving anti-cheat information to establish credibility," Koskinas told TechCrunch, describing how they target even "premium" cheats costing thousands of dollars.

Riot faces increasingly sophisticated threats, including direct memory access attacks using specialized PCI Express hardware and screen reader cheats that use separate computers to analyze gameplay and control mouse movements. To combat repeat offenders, Vanguard fingerprints cheaters' hardware. Koskinas admits to deliberately slowing some enforcement: "To keep cheating dumb, we ban slower." The team also employs psychological warfare, publicly discrediting cheat developers and trolling known cheaters to undermine their credibility in gaming communities.

TeleMessage, a communications app used by former Trump national security adviser Mike Waltz, has suspended services after a reported hack exposed some user messages. The breach follows controversy over Waltz's use of the app to coordinate military updates, including accidentally adding a journalist to a sensitive Signal group chat. From the report: In an email, Portland, Oregon-based Smarsh, which runs the TeleMessage app, said it was "investigating a potential security incident" and was suspending all its services "out of an abundance of caution." A Reuters photograph showed Waltz using TeleMessage, an unofficial version of the popular encrypted messaging app Signal, on his phone during a cabinet meeting on Wednesday. A separate report from 404 Media says hackers have also targeted GlobalX Air -- one of the main airlines the Trump administration is using as part of its deportation efforts -- and claim to have stolen flight records and passenger manifests for all its flights, including those for deportation. From the report: The data, which the hackers contacted 404 Media and other journalists about unprompted, could provide granular insight into who exactly has been deported on GlobalX flights, when, and to where, with GlobalX being the charter company that facilitated the deportation of hundreds of Venezuelans to El Salvador. "Anonymous has decided to enforce the Judge's order since you and your sycophant staff ignore lawful orders that go against your fascist plans," a defacement message posted to GlobalX's website reads. Anonymous, well-known for its use of the Guy Fawkes mask, is an umbrella some hackers operate under when performing what they see as hacktivism.

An anonymous reader quotes a report from Ars Technica: Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment card information and other sensitive data, security researchers said Monday. The infections are the result of a supply-chain attack that compromised at least three software providers with malware that remained dormant for six years and became active only in the last few weeks. At least 500 e-commerce sites that rely on the backdoored software were infected, and it's possible that the true number is double that, researchers from security firm Sansec said. Among the compromised customers was a $40 billion multinational company, which Sansec didn't name. In an email Monday, a Sansec representative said that "global remediation [on the infected customers] remains limited."

"Since the backdoor allows uploading and executing arbitrary PHP code, the attackers have full remote code execution (RCE) and can do essentially anything they want," the representative wrote. "In nearly all Adobe Commerce/Magento breaches we observe, the backdoor is then used to inject skimming software that runs in the user's browser and steals payment information (Magecart)." The three software suppliers identified by Sansec were Tigren, Magesolution (MGS), and Meetanshi. All three supply software that's based on Magento, an open source e-commerce platform used by thousands of online stores. A software version sold by a fourth provider named Weltpixel has been infected with similar code on some of its customers' stores, but Sansec so far has been unable to confirm whether it was the stores or Weltpixel that were hacked. Adobe has owned Megento since 2018.

BrianFagioli writes: Microsoft has officially begun rejecting high-volume emails that don't meet its new authentication rules.

Here's the deal. If you send more than 5,000 messages per day to Outlook.com addresses (including hotmail.com and live.com) and you're not properly set up with SPF, DKIM, and DMARC, your emails may never arrive.