An anonymous reader quotes a report from KrebsOnSecurity: The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as "pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers. "Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024," reads a statement from the U.S. Department of the Treasury, which sanctioned Funnull and its 40-year-old Chinese administrator Liu Lizhi. "Funnull has directly facilitated several of these schemes, resulting in over $200 million in U.S. victim-reported losses."

The Treasury Department said Funnull's operations are linked to the majority of virtual currency investment scam websites reported to the FBI. The agency said Funnull directly facilitated pig butchering and other schemes that resulted in more than $200 million in financial losses by Americans. Pig butchering is a rampant form of fraud wherein people are lured by flirtatious strangers online into investing in fraudulent cryptocurrency trading platforms. Victims are coached to invest more and more money into what appears to be an extremely profitable trading platform, only to find their money is gone when they wish to cash out. The scammers often insist that investors pay additional "taxes" on their crypto "earnings" before they can see their invested funds again (spoiler: they never do), and a shocking number of people have lost six figures or more through these pig butchering scams.

KrebsOnSecurity's January story on Funnull was based on research from the security firm Silent Push, which discovered in October 2024 that a vast number of domains hosted via Funnull were promoting gambling sites that bore the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean state-sponsored hacking group Lazarus. Silent Push found Funnull was a criminal content delivery network (CDN) that carried a great deal of traffic tied to scam websites, funneling the traffic through a dizzying chain of auto-generated domain names and U.S.-based cloud providers before redirecting to malicious or phishous websites. The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025.

An anonymous reader quotes a report from 404 Media: If you've left a comment on a YouTube video, a new website claims it might be able to find every comment you've ever left on any video you've ever watched. Then an AI can build a profile of the commenter and guess where you live, what languages you speak, and what your politics might be. The service is called YouTube-Tools and is just the latest in a suite of web-based tools that started life as a site to investigate League of Legends usernames. Now it uses a modified large language model created by the company Mistral to generate a background report on YouTube commenters based on their conversations. Its developer claims it's meant to be used by the cops, but anyone can sign up. It costs about $20 a month to use and all you need to get started is a credit card and an email address.

The tool presents a significant privacy risk, and shows that people may not be as anonymous in the YouTube comments sections as they may think. The site's report is ready in seconds and provides enough data for an AI to flag identifying details about a commenter. The tool could be a boon for harassers attempting to build profiles of their targets, and 404 Media has seen evidence that harassment-focused communities have used the developers' other tools. YouTube-Tools also appears to be a violation of YouTube's privacy policies, and raises questions about what YouTube is doing to stop the scraping and repurposing of peoples' data like this. "Public search engines may scrape data only in accordance with YouTube's robots.txt file or with YouTube's prior written permission," it says.

sinij shares a report from the BBC: France's National Assembly has voted to abolish low-emission zones, a key measure introduced during President Emmanuel Macron's first term to reduce city pollution. So-called ZFEs (zones a faibles emissions) have been criticized for hitting those who cannot afford less-polluting vehicles the hardest. A handful of MPs from Macron's party joined opposition parties from the right and far right in voting 98-51 to scrap the zones, which have gradually been extended across French cities since 2019. [...]

The low-emission zones began with 15 of France's most polluted cities in 2019 and by the start of this year had been extended to every urban area with a population of more than 150,000, with a ban on cars registered before 1997. Those produced after 1997 need a round "Crit'Air" sticker to drive in low-emission zones, and there are six categories that correspond to various types of vehicle. The biggest restrictions have been applied in the most polluted cities, Paris and Lyon, as well as Montpellier and Grenoble. The BBC notes that while the abolition is expected to pass France's Senate, it must still be included in a broader bill approved by the lower house in June and cleared by the Constitutional Council, which isn't guaranteed.

An anonymous reader quotes a report from Ars Technica: An accused movie pirate who stole more than 1,000 Blu-ray discs and DVDs while working for a DVD manufacturing company struck a plea deal (PDF) this week to lower his sentence after the FBI claimed the man's piracy cost movie studios millions. Steven Hale no longer works for the DVD company. He was arrested in March, accused of "bypassing encryption that prevents unauthorized copying" and ripping pre-release copies of movies he could only access because his former employer was used by major movie studios. As alleged by the feds, his game was beating studios to releases to achieve the greatest possible financial gains from online leaks.

Among the popular movies that Hale is believed to have leaked between 2021 and 2022 was Spider-Man: No Way Home, which the FBI alleged was copied "tens of millions of times" at an estimated loss of "tens of millions of dollars" for just one studio on one movie. Other movies Hale ripped included animated hits like Encanto and Sing 2, as well as anticipated sequels like The Matrix: Resurrections and Venom: Let There Be Carnage. The cops first caught wind of Hale's scheme in March 2022. They seized about 1,160 Blu-rays and DVDs in what TorrentFreak noted were the days just "after the Spider-Man movie leaked online." It's unclear why it took close to three years before Hale's arrest, but TorrentFreak suggested that Hale's case is perhaps part of a bigger investigation into the Spider-Man leaks. A plea deal for Hale significantly reduced the estimated damages from his piracy case to under $40,000 and led to the dismissal of two charges, though he still faces up to five years in prison and a $250,000 fine for one remaining copyright infringement charge. His final sentence and restitution amount will be decided at a court hearing in Tennessee at the end of August.

A Texas jury ruled that Intel may hold a license to patents owned by VLSI Technology through its agreement with Finjan Inc., both controlled by Fortress Investment Group -- potentially nullifying over $3 billion in previous patent infringement verdicts against Intel. Reuters reports: VLSI has sued Intel in multiple U.S. courts for allegedly infringing several patents covering semiconductor technology. A jury in Waco, Texas awarded VLSI $2.18 billion in their first trial in 2021, which a U.S. appeals court has since overturned and sent back for new proceedings.

An Austin, Texas jury determined that VLSI was entitled to nearly $949 million from Intel in a separate patent infringement trial in 2022. Intel has argued in that case that the verdicts should be thrown out based on a 2012 agreement that gave it a license to patents owned by Finjan and other companies "under common control" with it. U.S. District Judge Alan Albright held the latest jury trial in Austin to determine whether Finjan and VLSI were under the "common control" of Fortress. VLSI said it was not subject to the Finjan agreement, and that the company did not even exist until four years after it was signed.

The SEC on Thursday voluntarily dismissed its lawsuit against Binance, the world's largest cryptocurrency exchange. It brings an end to one of the last remaining crypto enforcement actions brought by the agency. Reuters reports: The SEC had accused the defendants in 2023 of artificially inflating trading volumes, diverting customer funds, failing to restrict U.S. customers from Binance's platform, and misleading investors about its market surveillance controls. It also accused Binance of unlawfully facilitating trading of several tokens that prior SEC leadership deemed unregistered securities. Developing...

An anonymous reader quotes a report from SC Media: Thousands of ASUS routers have been compromised with malware-free backdoors in an ongoing campaign to potentially build a future botnet, GreyNoise reported Wednesday. The threat actors abuse security vulnerabilities and legitimate router features to establish persistent access without the use of malware, and these backdoors survive both reboots and firmware updates, making them difficult to remove.

The attacks, which researchers suspect are conducted by highly sophisticated threat actors, were first detected by GreyNoise's AI-powered Sift tool in mid-March and disclosed Thursday after coordination with government officials and industry partners. Sekoia.io also reported the compromise of thousands of ASUS routers in their investigation of a broader campaign, dubbed ViciousTrap, in which edge devices from other brands were also compromised to create a honeypot network. Sekoia.io found that the ASUS routers were not used to create honeypots, and that the threat actors gained SSH access using the same port, TCP/53282, identified by GreyNoise in their report. The backdoor campaign affects multiple ASUS router models, including the RT-AC3200, RT-AC3100, GT-AC2900, and Lyra Mini.

GreyNoise advises users to perform a full factory reset and manually reconfigure any potentially compromised device. To identify a breach, users should check for SSH access on TCP port 53282 and inspect the authorized_keys file for unauthorized entries.

An anonymous reader quotes a report from TechCrunch: LexisNexis Risk Solutions, a data broker that collects and uses consumers' personal data to help its paying corporate customers detect possible risk and fraud, has disclosed a data breach affecting more than 364,000 people. The company said in a filing with Maine's attorney general that the breach, dating back to December 25, 2024, allowed a hacker to obtain consumers' sensitive personal data from a third-party platform used by the company for software development.

Jennifer Richman, a spokesperson for LexisNexis, told TechCrunch that an unknown hacker accessed the company's GitHub account. The stolen data varies, but includes names, dates of birth, phone numbers, postal and email addresses, Social Security numbers, and driver license numbers. It's not immediately clear what circumstances led to the breach. Richman said LexisNexis received a report on April 1, 2025 "from an unknown third party claiming to have accessed certain information." The company would not say if it had received a ransom demand from the hacker.

A security researcher has discovered an exposed database containing 184 million login credentials for major services including Apple, Facebook, and Google accounts, along with credentials linked to government agencies across 29 countries. Jeremiah Fowler found the 47-gigabyte trove in early May, but the database contained no identifying information about its owner or origins.

The records included plaintext passwords and usernames for accounts spanning Netflix, PayPal, Discord, and other major platforms. A sample analysis revealed 220 email addresses with government domains from countries including the United States, China, and Israel. Fowler told Wired he suspects the data was compiled by cybercriminals using infostealer malware. World Host Group, which hosted the database, shut down access after Fowler's report and described it as content uploaded by a "fraudulent user." The company said it would cooperate with law enforcement authorities.

An anonymous reader quotes a report from The Verge: Secretary of State Marco Rubio announced Wednesday that the U.S. would restrict visas for "foreign nationals who are responsible for censorship of protected expression in the United States." He called it "unacceptable for foreign officials to issue or threaten arrest warrants on U.S. citizens or U.S. residents for social media posts on American platforms while physically present on U.S. soil" and "for foreign officials to demand that American tech platforms adopt global content moderation policies or engage in censorship activity that reaches beyond their authority and into the United States."

It's not yet clear how or against whom the policy will be enforced, but seems to implicate Europe's Digital Services Act, a law that came into effect in 2023 with the goal of making online platforms safer by imposing requirements on the largest platforms around removing illegal content and providing transparency about their content moderation. Though it's not mentioned directly in the press release about the visa restrictions, the Trump administration has slammed the law on multiple occasions, including in remarks earlier this year by Vice President JD Vance.

The State Department's homepage currently links to an article on its official Substack, where senior advisor for the Bureau of Democracy, Human Rights, and Labor Samuel Samson critiques the DSA as a tool to "silence dissident voices through Orwellian content moderation." He adds, "Independent regulators now police social media companies, including prominent American platforms like X, and threaten immense fines for non-compliance with their strict speech regulations." "We will not tolerate encroachments upon American sovereignty," Rubio says in the announcement, "especially when such encroachments undermine the exercise of our fundamental right to free speech."

A former Minnesota waitress unknowingly helped North Korean workers steal $17.1 million in wages from over 300 American companies through an elaborate remote work scheme, federal prosecutors said this week. Christina Chapman operated a "laptop farm" from her home, managing dozens of computers that allowed North Koreans using stolen U.S. identities to work as legitimate tech employees.

The FBI estimates this broader infiltration involves thousands of North Korean workers generating hundreds of millions annually for the sanctions-hit regime. Chapman, recruited via LinkedIn in 2020 to serve as "the U.S. face" for overseas IT workers, handled logistics including receiving company laptops, installing remote access software, and processing falsified employment documents.

The North Korean workers accessed the devices daily from overseas, with some maintaining jobs for months or years at major American corporations. Chapman earned just under $177,000 before the FBI raided her Arizona operation in October 2023, seizing over 90 computers. She pleaded guilty in February to wire fraud, identity theft, and money laundering charges, facing up to nine years in prison at her July sentencing.

Cloudflare CEO Matthew Prince warned that LaLiga's ISP blocking campaign -- intended to stop football piracy -- has caused widespread collateral damage by blocking millions of unrelated websites, including emergency services, in Spain. He called the strategy "bonkers" and expressed fear that lives could be lost due to the overblocking. TorrentFreak reports: Posting to X last week, Prince asked if anyone wanted any general feedback, declaring that he felt "in an especially truthful mood." The first response contained direct questions about the LaLiga controversy, the blame for which LaLiga places squarely on the shoulders of Cloudflare. For the first time since Cloudflare legal action failed to end LaLiga's blocking campaign, Prince weighed in with his assessment of the current situation and where he believes it's inevitably heading.

"A huge percentage of the Internet sits behind us, including small businesses and emergency resources in Spain," Prince explained. "The strategy of blocking broadly through ISPs based on IPs is bonkers because so much content, including emergency services content, can be behind any IP. The collateral damage is vast and is hurting Spanish citizens from accessing critical resources," he added. [...]

Despite LaLiga's unshakable claims to the contrary, Prince believes that it's not a case of 'if' disaster strikes, it's 'when.' "It's only a matter of time before a Spanish citizen can't access a life-saving emergency resource because the rights holder in a football match refuses to send a limited request to block one resource versus a broad request to block a whole swath of the Internet," Prince warned. "When that unfortunately and inevitably happens and harms lives, I'm confident policy makers and courts in Spain and elsewhere will make the right policy decision. Until then, it'll be up to users to make politicians clear on the risk. I pray no one dies."

The suggestion that LaLiga's demands were too broad, doesn't mean that Cloudflare is refusing to help, Prince suggested. On the contrary, there's a process available, LaLiga just needs to use it. "We've always been happy and willing to work with rights holders in conjunction with judicial bodies to protect their content. We have a clear process that works around the world to do that," Prince explained.

A German court has sentenced two former Volkswagen executives to prison and handed suspended sentences to two others for their roles in the Dieselgate emissions scandal, marking the conclusion of a nearly four-year fraud trial. Politico reports: The former head of diesel development was sentenced to four and a half years in prison, and the head of drive train electronics to two years and seven months by the court in Braunschweig, German news agency dpa reported. Two others received suspended sentences of 15 months and 10 months. The scandal began in September 2015 when the U.S. Environmental Protection Agency issued a notice of violation. saying that the company had rigged engine control software that let the cars pass emissions tests while they emitted far more pollution in actual driving.

The company has paid more than $33 billion in fines and compensation to vehicle owners. Two VW managers received prison sentence in the U.S. The former head of the company's Audi division, Rupert Stadler, was given a suspended sentence of 21 months and a fine of 1.1 million euros ($1.25 million). The sentence is still subject to appeal. Missing from the trial, which lasted almost four years, was former CEO Martin Winterkorn. Proceedings against him have been suspended because of health issues, and it's not clear when he might go on trial. Winterkorn has denied wrongdoing. Further proceedings are open against 31 other suspects in Germany.

An anonymous reader quotes a report from Ars Technica: For millions of music fans, the most controversial app ban of the past year was not the brief TikTok outage but the ongoing delisting of Musi from Apple's App Store. Those users are holding out hope that Musi can defeat Apple in court and soon be reinstated. However, rather than coming to any sort of resolution, that court fight has intensified over the past month, with both sides now seeking sanctions, TorrentFreak reported. [...] For Musi, the App Store removal came as an existential threat, prompting a lawsuit after Musi's attempts to work out the dispute with Apple outside of court failed. The music-streaming app has alleged that the Apple ban did not come at YouTube's request but at the request of Apple's apparent music industry friends who allegedly asked Apple to find a way to get the app removed -- prompting Apple to push YouTube to re-open a supposedly resolved complaint.

In a court filing, Apple claimed that this "conspiracy theory," as well as other "baseless" claims, were "false and misleading allegations" warranting sanctions. "Discovery thoroughly disproved Musi's baseless conspiracy theory that Apple schemed to eliminate the Musi app from the App Store to benefit 'friends' in the music industry," Apple argued. But Musi fired back over the weekend, calling (PDF) Apple's motion for sanctions "frivolous" and demanding sanctions be ordered instead against Apple for allegedly abusing the sanctions rule as a "tactic of intimidation and harassment." Musi noted that Apple's requested sanctions against Musi "are not appropriate if there is even 'some credible evidence,'" then included internal emails and references to testimony from Apple's own employees that seemingly met this low bar.

Most likely, this part of the dispute will not be settled until July 30, when a hearing is scheduled on the motions for sanctions. Apple is seemingly hoping that the court will agree that Musi's complaint misrepresents the facts and is so misleading that the complaint must be struck entirely, perhaps cutting out the heart of Musi's argument. However, Musi pointed out that Apple previously sought sanctions and withdrew that fight, allegedly recognizing that its bid for sanctions was "baseless." To convince the court that this second bid is "equally frivolous," Musi shared receipts, attaching internal communications from Apple employees that Apple allegedly worked hard to keep out of the courtroom.

An anonymous reader quotes a report : Washington is joining a growing list of states trying to tear down barriers for consumers who want to repair their electronics rather than buy new ones. Gov. Bob Ferguson last week signed the state's new "Right to Repair" policy, House Bill 1483, into law. It was a yearslong effort to get the law approved. "This is a win for every person in Washington state," said the bill's prime sponsor, Rep. Mia Gregerson, D-SeaTac.

In 2021, the Federal Trade Commission reported that consumers with broken electronics don't have much choice but to replace them because repairs require specialized tools, unique parts and inaccessible proprietary software. And those restrictions, the FTC found, disproportionately burden communities of color and low-income communities. Some companies engage in a practice called "parts pairing" that can make replacing parts of a device impossible. Washington's new law would largely outlaw this tactic.

Starting Jan. 1, 2026, the law will require manufacturers to make tools, parts and documentation needed for diagnostics and maintenance available to independent repair businesses. The requirement applies to digital electronics, like computers, cellphones and appliances, sold in Washington after July 1, 2021. Manufacturers won't be able to use parts that inhibit repairs. The state attorney general's office could enforce violations of the new law under the Consumer Protection Act.

Texas Governor Greg Abbott signed an online child safety bill, bucking a lobbying push from big tech companies that included a personal phone call from from Apple CEO Tim Cook. From a report: The measure requires app stores to verify users' ages and secure parental approval before minors can download most apps or make in-app purchases. The bill drew fire from app store operators such as Google and Apple, which has argued that the legislation threatens the privacy of all users.

The bill was a big enough priority for Apple that Cook called Abbott to emphasize the company's opposition to it, said a person familiar with their discussion, which was first reported by the Wall Street Journal.

German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. From a report: "adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider," the company said. "We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts."

Adidas added that the stolen information did not include the affected customers' payment-related information or passwords, as the threat actors behind the breach only gained access to contact. The company has also notified the relevant authorities regarding this security incident and will alert those affected by the data breach.

"Do we need publicly-owned social networks to escape Silicon Valley?" asks an opinion piece in Spain's El Pais newspaper.

It argues it's necessary because social media platforms "have consolidated themselves as quasi-monopolies, with a business model that consists of violating our privacy in search of data to sell ads..." Among the proposals and alternatives to these platforms, the idea of public social media networks has often been mentioned. Imagine, for example, a Twitter for the European Union, or a Facebook managed by media outlets like the BBC. In February, Spanish Prime Minister Pedro Sánchez called for "the development of our own browsers, European public and private social networks and messaging services that use transparent protocols." Former Spanish prime minister José Luis Rodríguez Zapatero — who governed from 2004 until 2011 — and the left-wing Sumar bloc in the Spanish Parliament have also proposed this. And, back in 2021, former British Labour Party leader Jeremy Corbyn made a similar suggestion.

At first glance, this may seem like a good idea: a public platform wouldn't require algorithms — which are designed to stimulate addiction and confrontation — nor would it have to collect private information to sell ads. Such a platform could even facilitate public conversations, as pointed out by James Muldoon, a professor at Essex Business School and author of Platform Socialism: How to Reclaim our Digital Future from Big Tech (2022)... This could be an alternative that would contribute to platform pluralism and ensure we're not dependent on a handful of billionaires. This is especially important at a time when we're increasingly aware that technology isn't neutral and that private platforms respond to both economic and political interests.
There's other possibilities. Further down they write that "it makes much more sense for the state to invest in, or collaborate with, decentralized social media networks based on free and interoperable software" that "allow for the portability of information and content." They even spoke to Cory Doctorow, who they say "proposes that the state cooperate with the software systems, developers, or servers for existing open-source platforms, such as the U.S. network Bluesky or the German firm Mastodon." (Doctorow adds that reclaiming digital independence "is incredibly important, it's incredibly difficult, and it's incredibly urgent."

The article also acknowledges the option of "legislative initiatives — such as antitrust laws, or even stricter regulations than those imposed in Europe — that limit or prevent surveillance capitalism." (Though they also figures showing U.S. tech giants have one of the largest lobbying groups in the EU, with Meta being the top spender...)

"In the 1970s, the USSR used nuclear devices to try to send water from Siberia's rivers flowing south, instead of its natural route north..." remembers the BBC. [T]he Soviet Union simultaneously fired three nuclear devices buried 127m (417ft) underground. The yield of each device was 15 kilotonnes (about the same as the atomic bomb dropped on Hiroshima in 1945). The experiment, codenamed "Taiga", was part of a two-decade long Soviet programme of carrying out peaceful nuclear explosions (PNEs).

In this case, the blasts were supposed to help excavate a massive canal to connect the basin of the Pechora River with that of the Kama, a tributary of the Volga. Such a link would have allowed Soviet scientists to siphon off some of the water destined for the Pechora, and send it southward through the Volga. It would have diverted a significant flow of water destined for the Arctic Ocean to go instead to the hot, heavily populated regions of Central Asia and southern Russia. This was just one of a planned series of gargantuan "river reversals" that were designed to alter the direction of Russia's great Eurasian waterways...

Years later, Leonid Volkov, a scientist involved in preparing the Taiga explosions, recalled the moment of detonation. "The final countdown began: ...3, 2, 1, 0... then fountains of soil and water shot upward," he wrote. "It was an impressive sight." Despite Soviet efforts to minimise the fallout by using a low-fission explosive, which produce fewer atomic fragments, the blasts were detected as far away as the United States and Sweden, whose governments lodged formal complaints, accusing Moscow of violating the Limited Test Ban Treaty...

Ultimately, the nuclear explosions that created Nuclear Lake, one of the few physical traces left of river reversal, were deemed a failure because the crater was not big enough. Although similar PNE canal excavation tests were planned, they were never carried out. In 2024, the leader of a scientific expedition to the lake announced radiation levels were normal.
"Perhaps the final nail in the coffin was the Chernobyl nuclear disaster in 1986, which not only consumed a huge amount of money, but pushed environmental concerns up the political agenda," the article notes.

"Four months after the Number Four Reactor at the Chernobyl Nuclear Power Plant exploded, Soviet Premier Mikhail Gorbachev cancelled the river reversal project."

And a Russian blogger who travelled to Nuclear Lake in the summer of 2024 told the BBC that nearly 50 years later, there were some places where the radiation was still significantly elevated.

"In large, companies failed to self-regulate," writes long-time Slashdot reader BrendaEM: They have not been respected the individual's right to privacy. In software and web interfaces, companies have buried their privacy setting so deep that they cannot be found in a reasonable amount of time, or an unreasonable amount of steps are needed to attempt to retain data. These companies have taken away the individual's right to privacy --by default.

Are laws needed that protect a person's privacy by default--unless specific steps are taken by that user/purchaser to relinquish it? Should the wording of the explanation be so written that the contract is brief, explaining the forfeiture of the privacy, and where that data might be going? Should a company selling a product be required to state before purchase which rights need to be dismissed for its use? Should a legal owner who purchased a product expect it to stop functioning--only because a newer user contract is not agreed to?
Share your own thoughts and experiences in the comments. What's your ideal privacy policy?

And do we need opt-out-by-defaut privacy laws?