An anonymous reader quotes a report from TechCrunch: A Florida bill, which would have required social media companies to provide an encryption backdoor for allowing police to access user accounts and private messages, has failed to pass into law. The Social Media Use by Minors bill was "indefinitely postponed" and "withdrawn from consideration" in the Florida House of Representatives earlier this week. Lawmakers in the Florida Senate had already voted to advance the legislation, but a bill requires both legislative chambers to pass before it can become law.

The bill would have required social media firms to "provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena," which are typically issued by law enforcement agencies and without judicial oversight. Digital rights group the Electronic Frontier Foundation called the bill "dangerous and dumb." Security professionals have long argued that it is impossible to create a secure backdoor that cannot also be maliciously abused, and encryption backdoors put user data at risk of data breaches.

A U.S. senator introduced a bill on Friday that would direct the Commerce Department to require location verification mechanisms for export-controlled AI chips, in an effort to curb China's access to advanced semiconductor technology. From a report: Called the "Chip Security Act," the bill calls for AI chips under export regulations, and products containing those chips, to be fitted with location-tracking systems to help detect diversion, smuggling or other unauthorized use of the product.

"With these enhanced security measures, we can continue to expand access to U.S. technology without compromising our national security," Republican Senator Tom Cotton of Arkansas said. The bill also calls for companies exporting the AI chips to report to the Bureau of Industry and Security if their products have been diverted away from their intended location or subject to tampering attempts.

An anonymous reader quotes a report from BleepingComputer: Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. Pearson is a UK-based education company and one of the world's largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70 countries through its print and online services. In a statement to BleepingComputer, Pearson confirmed they suffered a cyberattack and that data was stolen, but stated it was mostly "legacy data."

"We recently discovered that an unauthorized actor gained access to a portion of our systems," a Pearson representative confirmed to BleepingComputer. "Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement's investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication. We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate." Pearson also confirmed that the stolen data did not include employee information. The education company previously disclosed in January that they were investigating a breach of one of their subsidiaries, PDRI, which is believed to be related to this attack.

BleepingComputer also notes that threat actors breached Pearson's developer environment in January 2025 using an exposed GitLab access token, gaining access to source code and hard-coded credentials. Terabytes of sensitive data was stolen from cloud platforms and internal systems.

Despite the potential impact on millions of individuals, Pearson has declined to answer key questions about the breach or its response.

Facing deep staffing cuts, the IRS plans to lean heavily on AI to maintain tax collection efforts, with Treasury Secretary Scott Bessent stating that smarter IT and the "AI boom" will offset reductions in revenue enforcement staff. The Register reports: When asked by Congressman Steny Hoyer (D-MD) whether proposed reductions in the IRS's IT budget, along with plans to cut additional staff, would affect the agencies ability to collect tax revenue, Bessent said it wouldn't, thanks to the current "AI boom." "I believe through smarter IT, through this AI boom, that we can use that to enhance collections," Bessent told Hoyer and the Committee (24:29 into the video linked [here]). "I expect collections would continue to be very robust as they were this year."

Bessent's comments didn't explain how the IRS intends to deploy AI. Given how much it has slashed its enforcement staff since Trump took office, the agency definitely needs to do something. [...] Bessent's comments didn't explain how the IRS intends to deploy AI. Given how much it has slashed its enforcement staff since Trump took office, the agency definitely needs to do something. "There is nothing that shows historically that bringing in unseasoned collections agents will result in more collections," Bessent told the Committee. "IRS already uses AI for business functions including operational efficiency, compliance and fraud detection, and taxpayer services," the agency told The Register. "AI use cases must follow all relevant IRS privacy and security policies."

Alexander Mashinsky, the former CEO of Celsius Network, was sentenced to 12 years in prison on Thursday after pleading guilty to two counts of fraud, a dramatic fall for the leader of a company once hailed as the "bank" of the crypto industry. From a report: Standing before U.S. District Judge John G. Koeltl in Manhattan's Southern District, Mashinsky faced the consequences of what prosecutors described as a sweeping scheme to defraud investors. In December he pleaded guilty to commodities fraud and a scheme to manipulate the Celsius token.

His sentencing took place in courtroom 14A at 500 Pearl Street -- a venue that has seen several crypto executives-turned-felons. Mashinsky's legal troubles began in 2023 when he was arrested on charges of securities, commodities, and wire fraud, just as Celsius reached a $4.7 billion settlement with the Federal Trade Commission -- one of the largest in the FTC's history.

An anonymous reader quotes a report from CNN: The National Oceanic and Atmospheric Administration announced Thursday its well-known "billion-dollar weather and climate disasters" database "will be retired," a move that will make it next to impossible for the public to track the cost of extreme weather and climate events. The weather, climate and oceans agency is also ending other products, it has recently announced, due in large part to staffing reductions. NOAA is narrowing the array of services it provides, with climate-related programs scrutinized especially closely.

The disasters database, which will be archived but no longer updated beyond 2024, has allowed taxpayers, media and researchers to track the cost of natural disasters -- spanning extreme events from hurricanes to hailstorms -- since 1980. Its discontinuation is another Trump-administration blow to the public's view into how fossil fuel pollution is changing the world around them and making extreme weather more costly. [...]

The database vacuums loss information from throughout the insurance industry, among other public and private sources. According to the database, there were 403 weather and climate disasters totally at least $1 billion in the United States since 1980, totaling more than $2.945 trillion. As of April 8, there had not been any confirmed billion-dollar disasters so far in 2025, but it lists four events as having the potential to make the tally, including the Los Angeles-area wildfires in January. Between 1980 and 2024, there were nine such disasters on average each year, though in the past five years, that annual average has jumped to 24. The record for one year was 28 events in 2023. "What makes this resource uniquely valuable is not just its standardized methodology across decades, but the fact that it draws from proprietary and non-public data sources (such as reinsurance loss estimates, localized government reports, and private claims databases) that are otherwise inaccessible to most researchers," Jeremy Porter, head of climate implications for and co-founder of First Street, a climate risk financial modeling firm, told CNN via email.

"Without it, replicating or extending damage trend analyses, especially at regional scales or across hazard types, is nearly impossible without significant funding or institutional access to commercial catastrophe models."

A federal judge has allowed key parts of a class action lawsuit against Delta Air Lines to proceed, stemming from massive flight disruptions caused by CrowdStrike's faulty Windows update in July 2024. The Register reports: Delta blamed its reliance on Microsoft software and the CrowdStrike incident for its woes. However, according to the plaintiffs in the action (PDF), both companies offered the airline assistance, which Delta turned down. Customers of the Atlanta-based carrier affected by the delays and cancellations claim they struggled to secure refunds and compensation from the airline. The plaintiffs allege that "although Delta offered reimbursement of eligible expenses through their website and app, Delta failed to clarify that the customer would only be receiving a partial reimbursement."

"Furthermore, Delta did not disclose to its customers that acceptance of the partial reimbursement would release any legal claims the customer may have against Delta until after the customer 'click[ed] on the button to accept the partial reimbursement.'" The action concerns both US domestic and international travel. The former is covered by US Department of Transportation rules, which require airline agents to "inform customers of their right to a refund ... before making an offer for alternative transportation, travel credits, vouchers, or other compensation in lieu of refunds."

The latter claims come under the Montreal Convention, which is designed to be a single, universal treaty to govern airline liability. Delta, which estimated its operational losses at around half a billion dollars due to the outage, sought to dismiss the complaint. While the US District Judge, Mark H. Cohen, granted the airline's motion to dismiss some of the claims, he permitted others to proceed. These were Count I (breach of contract based on failure to refund) and Count XII (violation of the Montreal Convention).

An anonymous reader quotes a report from Ars Technica: The US Senate today voted along party lines to kill a Federal Communications Commission program to distribute Wi-Fi hotspots to schoolchildren, with Democrats saying the Republican-led vote will make it harder for kids without reliable Internet access to complete their homework. The Senate approved a Congressional Review Act (CRA) resolution to nullify the hotspot rule, which was issued by the Federal Communications Commission in July 2024 under then-Chairwoman Jessica Rosenworcel. The program would be eliminated if the House version passes and President Trump signs the joint resolution of disapproval.

The Rosenworcel FCC's rule expanded E-Rate, a Universal Service Fund program, allowing schools and libraries to use E-Rate funding to lend out Wi-Fi hotspots and services that could be used off-premises. The FCC rule was titled, "Addressing the Homework Gap through the E-Rate Program," and the hotspot lending program was scheduled to begin in funding year 2025, which starts in July 2025. Today's Senate vote on the resolution of disapproval was 50-38. There was a 53-47 vote on Tuesday that allowed the Senate measure to proceed to the final step. Sen. Richard Blumenthal (D-Conn.) said on Tuesday that "this resolution would prevent millions of students, educators, and families from getting online." Sen. Edward Markey (D-Mass.) called the Republican move "a cruel and shortsighted decision that will widen the digital divide and rob kids of the tools they need to succeed."

A Florida federal judge has dismissed the majority of claims against celebrities who endorsed Sam Bankman-Fried's now-collapsed cryptocurrency exchange FTX. Judge K. Michael Moore ruled that investors failed to demonstrate the high-profile endorsers -- including Tom Brady, Gisele Bundchen, Kevin O'Leary, Larry David, Shohei Ohtani, and Stephen Curry -- knew about FTX's fraudulent activities.

In his ruling, Moore wrote that while the celebrity endorsers may have been "uninformed, negligent, or even reckless," plaintiffs didn't adequately establish that defendants had "knowledge of FTX's fraud" or "the requisite intent to deceive and defraud investors."

An anonymous reader quotes a report from The Guardian: Chris Pelkey was killed in a road rage shooting in Chandler, Arizona, in 2021. Three and a half years later, Pelkey appeared in an Arizona court to address his killer. Sort of. "To Gabriel Horcasitas, the man who shot me, it is a shame we encountered each other that day in those circumstances," says a video recording of Pelkey. "In another life, we probably could have been friends. I believe in forgiveness, and a God who forgives. I always have, and I still do," Pelkey continues, wearing a grey baseball cap and sporting the same thick red and brown beard he wore in life.

Pelkey was 37 years old, devoutly religious and an army combat veteran. Horcasitas shot Pelkey at a red light in 2021 after Pelkey exited his vehicle and walked back towards Horcasitas's car. Pelkey's appearance from beyond the grave was made possible by artificial intelligence in what could be the first use of AI to deliver a victim impact statement. Stacey Wales, Pelkey's sister, told local outlet ABC-15 that she had a recurring thought when gathering more than 40 impact statements from Chris's family and friends. "All I kept coming back to was, what would Chris say?" Wales said. [...]

Wales and her husband fed an AI model videos and audio of Pelkey to try to come up with a rendering that would match the sentiments and thoughts of a still-alive Pelkey, something that Wales compared with a "Frankenstein of love" to local outlet Fox 10. Judge Todd Lang responded positively to the AI usage. Lang ultimately sentenced Horcasitas to 10 and a half years in prison on manslaughter charges. "I loved that AI, thank you for that. As angry as you are, as justifiably angry as the family is, I heard the forgiveness," Lang said. "I feel that that was genuine." Also in favor was Pelkey's brother John, who said that he felt "waves of healing" from seeing his brother's face, and believes that Chris would have forgiven his killer. "That was the man I knew," John said.

According to Bloomberg, the Trump administration plans to revise a set of chip trade restrictions called the "AI diffusion" rule, which were scheduled to take effect on May 15. CNBC reports: The rule, which was proposed in the last days of the Biden administration, organizes countries into three different tiers, all of which have different restrictions on whether advanced AI chips like those made by Nvidia, AMD, and Intel can be shipped to the country without a license.

Chipmakers including Nvidia and AMD have been against the rule. AMD CEO Lisa Su told CNBC on Wednesday that the U.S. should strike a balance between restricting access to chips for national security and providing access, which will boost the American chip industry. Nvidia CEO Jensen Huang said earlier this week that being locked out of the Chinese AI market would be a "tremendous loss."

An anonymous reader quotes a report from Ars Technica: Broadcom has been sending cease-and-desist letters to owners of VMware perpetual licenses with expired support contracts, Ars Technica has confirmed. Following its November 2023 acquisition of VMware, Broadcom ended VMware perpetual license sales. Users with perpetual licenses can still use the software they bought, but they are unable to renew support services unless they had a pre-existing contract enabling them to do so. The controversial move aims to push VMware users to buy subscriptions to VMware products bundled such that associated costs have increased by 300 percent or, in some cases, more. Some customers have opted to continue using VMware unsupported, often as they research alternatives, such as VMware rivals or devirtualization.

Over the past weeks, some users running VMware unsupported have reported receiving cease-and-desist letters from Broadcom informing them that their contract with VMware and, thus, their right to receive support services, has expired. The letter [PDF], reviewed by Ars Technica and signed by Broadcom managing director Michael Brown, tells users that they are to stop using any maintenance releases/updates, minor releases, major releases/upgrades extensions, enhancements, patches, bug fixes, or security patches, save for zero-day security patches, issued since their support contract ended.

The letter tells users that the implementation of any such updates "past the Expiration Date must be immediately removed/deinstalled," adding: "Any such use of Support past the Expiration Date constitutes a material breach of the Agreement with VMware and an infringement of VMware's intellectual property rights, potentially resulting in claims for enhanced damages and attorneys' fees." [...] The cease-and-desist letters also tell recipients that they could be subject to auditing: "Failure to comply with [post-expiration reporting] requirements may result in a breach of the Agreement by Customer[,] and VMware may exercise its right to audit Customer as well as any other available contractual or legal remedy."

An anonymous reader quotes a report from TechCrunch: The U.S. Federal Trade Commission (FTC) on Monday released new documentation detailing its new "Rule on Unfair or Deceptive Fees." The rule, set to take effect on May 12, prohibits hidden fees for live events, hotels, and short-term rentals. It also bans practices such as "bait-and-switch pricing" and any actions that conceal or misrepresent total prices and fees.

In a newly published FAQ, the FTC offers a guide for these types of businesses, providing detailed information about pricing transparency. The rule will impact businesses, including live-event ticket sellers and short-term lodging providers, like hotels, motels, Airbnb, or VRBO. Third-party platforms, resellers, and travel agents are also covered by the new regulation. (Airbnb already updated its service in advance of this new regulation to show users the total cost of their stay upfront.) [...]

Also included in the FTC's new FAQ are the types of fees that can be excluded, such as taxes or government fees, shipping charges, and charges for optional goods or services people may select to buy as part of the same transaction. (Note that handling charges aren't on this list.) However, the FTC notes that businesses must disclose that it has excluded charges from the total price before asking for payment. For example, if a business excludes shipping charges from the advertised price, it's required to clearly state the amount and purpose of those charges.

An anonymous reader quotes a report from TechCrunch: Spyware maker NSO Group will have to pay more than $167 million in damages to WhatsApp for a 2019 hacking campaign against more than 1,400 users. On Tuesday, after a five-year legal battle, a jury ruled that NSO Group must pay $167,256,000 in punitive damages and around $444,719 in compensatory damages. This is a huge legal win for WhatsApp, which had asked for more than $400,000 in compensatory damages, based on the time its employees had to dedicate to remediate the attacks, investigate them, and push fixes to patch the vulnerability abused by NSO Group, as well as unspecified punitive damages.

The trial, as well as the whole lawsuit, prompted a series of revelations, such as the location of the victims of the 2019 spyware campaign, as well as the names of some of NSO Group's customers. The ruling marks the end -- pending a potential appeal -- of a legal battle that started in more than five years ago, when WhatsApp filed a lawsuit against the spyware maker. The Meta-owned company accused NSO Group of accessing WhatsApp servers and exploiting an audio-calling vulnerability in the chat app to target around 1,400 people, including dissidents, human rights activists, and journalists. NSO Group's spokesperson Gil Lainer left the door open for an appeal. "We will carefully examine the verdict's details and pursue appropriate legal remedies, including further proceedings and an appeal," Lainer said in a statement.

President Trump's proposed 2026 budget seeks to cut nearly $500 million from CISA, accusing the agency of prioritizing censorship over cybersecurity and election protection. "The proposed cuts -- which are largely symbolic at this stage as they need to be approved by Congress -- are framed as a purge of the so-called 'censorship industrial complex,' a term the White House uses to describe CISA's work countering misinformation," reports The Register. From the report: In its fiscal 2024 budget request, the agency had asked [PDF] for a total of just over $3 billion to safeguard the nation's online security across both government and private sectors. The enacted budget that year was about $34 million lower than the previous year's. Now, a deep cut has been proposed [PDF], as the Trump administration decries the agency's past work tackling the spread of misinformation on the web by America's enemies, as well as the agency's efforts safeguarding election security. [...]

"The budget eliminates programs focused on so-called misinformation and propaganda as well as external engagement offices such as international affairs," it reads [PDF]. "These programs and offices were used as a hub in the censorship industrial complex to violate the First Amendment, target Americans for protected speech, and target the President. CISA was more focused on censorship than on protecting the nation's critical systems, and put them at risk due to poor management and inefficiency, as well as a focus on self-promotion."