The BBC reports: China has executed 11 members of a notorious mafia family that ran scam centres in Myanmar along its north-eastern border, state media report.

The Ming family members were sentenced in September for various crimes including homicide, illegal detention, fraud and operating gambling dens by a court in China's Zhejiang province. The Mings were one of many clans that ran the town of Laukkaing, transforming an impoverished backwater town into a flashy hub of casinos and red-light districts. Their scam empire came crashing down in 2023, when they were detained and handed over to China by ethnic militias that had taken control of Laukkaing during an escalation in their conflict with Myanmar's army. With these executions Beijing is sending a message of deterrence to would-be scammers.

But the business has now moved to Myanmar's border with Thailand, and to Cambodia and Laos, where China has much less influence.

Hundreds of thousands of people have been trafficked to run online scams in Myanmar and elsewhere in South East Asia, according to estimates by the UN. Among them are thousands of Chinese people, and their victims who they swindle billions of dollars from are mainly Chinese too. Frustrated by the Myanmar military's refusal to stop the scam business, from which it was almost certainly profiting, Beijing tacitly backed an offensive by an ethnic insurgent alliance in Shan State in late 2023. The alliance captured significant territory from the military and overran Laukkaing, a key border town.
Thanks to long-time Slashdot reader sinij for sharing the news.

Remember that lawsuit questioning WhatsApp's end-to-end encryption? Thursday Bloomberg reported those allegations had been investigated by special agents with America's Commerce Department, "according to the law enforcement records, as well as a person familiar with the matter and one of the contractors." Similar claims were also the subject of a 2024 whistleblower complaint to the US Securities and Exchange Commission, according to the records and the person, who spoke on the condition that they not be identified out of concern for potential retaliation. The investigation and whistleblower complaint haven't been previously reported...

Last year, two people who did content moderation work for WhatsApp told an investigator with Commerce's Bureau of Industry and Security that some staff at Meta have been able to see the content of WhatsApp messages, according to the agent's report summarizing the interviews. [A spokesperson for the Bureau later told Bloomberg that investigator's assertions were "unsubstantiated and outside the scope of his authority as an export enforcement agent."] Those content moderators, who worked for Meta through a contract with the management and technology consulting firm Accenture Plc, also alleged that they and some of their colleagues had broad access to the substance of WhatsApp messages that were supposed to be encrypted and inaccessible, according to the report. "Both sources confirmed that they had employees within their physical work locations who had unfettered access to WhatsApp," wrote the agent... One of the content moderators who told the investigator she had access said she also "spoke with a Facebook team employee and confirmed that they could go back aways into WhatsApp (encrypted) messages, stating that they worked cases that involved criminal actions," according to the document...

The investigator's report, dated July 2025, described the investigation as "ongoing," includes a case number and dubs the inquiry "Operation Sourced Encryption..." The inquiry was active as recently as January, according to a person familiar with the matter. The inquiry's current status and who may be the defined target are both unclear. Many investigations end without any formal accusations of wrongdoing...

WhatsApp on its website says it does, in some instances, allow information about messages to be seen by the company. If someone reports a user or group for problematic messages, "WhatsApp receives up to five of the last messages they've sent to you" and "the user or group won't be notified," the company says. In those cases, WhatsApp says it receives the "group or user ID, information on when the message was sent, and the type of message sent (image, video, text, etc.)." Former contractors outlined much broader access. Larkin Fordyce was an Accenture contractor who the report says an agent interviewed about content moderation work for Meta. Fordyce told the investigator he spent years doing this work out of an Austin, Texas office starting as early as the end of 2018. He said moderators eventually were granted their own access to WhatsApp, but even before that they could request access to communications and "the Facebook team was able to 'pull whatever they wanted and then send it,'" the report states...

The agent also gathered records that were filed in the whistleblower complaint to the SEC, according to his report, which doesn't describe the materials... The status of the whistleblower complaint is unclear.
Some key points from the article:

• "The investigative report seen by Bloomberg doesn't include a technical explanation of the contractors' claims."

• "A spokesperson for Meta, which acquired WhatsApp in 2014, said the contractors' claims are impossible."

• One contractor "said that there was little vetting" of foreign nationals hired to do content moderation for Meta, saying this granted them "full access to the same portal to review" content moderation cases

An anonymous reader quotes a report from SecurityWeek: The White House has announced that software security guidance issued during the Biden administration has been rescinded due to "unproven and burdensome" requirements that prioritized administrative compliance over meaningful security investments. The US Office of Management and Budget (OMB) has issued Memorandum M-26-05 (PDF), officially revoking the previous administration's 2022 policy, 'Enhancing the Security of the Software Supply Chain through Secure Software Development Practices' (M-22-18), as well as the follow-up enhancements announced in 2023 (M-23-16).

The new guidance shifts responsibility to individual agency heads to develop tailored security policies for both software and hardware based on their specific mission needs and risk assessments. "Each agency head is ultimately responsible for assuring the security of software and hardware that is permitted to operate on the agency's network," reads the memo sent by the OMB to departments and agencies. "There is no universal, one-size-fits-all method of achieving that result. Each agency should validate provider security utilizing secure development principles and based on a comprehensive risk assessment," the OMB added.

While agencies are no longer strictly required to do so, they may continue to use secure software development attestation forms, Software Bills of Materials (SBOMs), and other resources described in M-22-18.

Longtime Slashdot reader schwit1 shares a report from CBS News: A former Google engineer has been found guilty on multiple federal charges for stealing the tech giant's trade secrets on artificial intelligence to benefit Chinese companies he secretly worked for, federal prosecutors said. According to the U.S. Attorney's Office for the Northern District of California, a jury on Thursday convicted Linwei Ding on seven counts of economic espionage and seven counts of theft of trade secrets, following an 11-day trial. The 38-year-old, also known as Leon Ding, was hired by Google in 2019 and was a resident of Newark.

According to evidence presented at trial, Ding stole more than 2,000 pages of confidential information containing Google AI trade secrets between May 2022 and April 2023. He uploaded the information to his personal Google Cloud account. Around the same time, Ding secretly affiliated himself with two Chinese-based technology companies. Around June 2022, prosecutors said Ding was in discussions to be the chief technology officer for an early-stage tech company. Several months later, he was in the process of founding his own AI and machine learning company in China, acting as the company's CEO. Prosecutors said Ding told investors that he could build an AI supercomputer by copying and modifying Google's technology.

In late 2023, prosecutors said Ding downloaded the trade secrets to his own personal computer before resigning from Google. According to the superseding indictment, Google uncovered the uploads after finding out that Ding presented himself as CEO of one of the companies during an Beijing investor conference. Around the same time, Ding told his manager he was leaving the company and booked a one-way flight to Beijing. "Silicon Valley is at the forefront of artificial intelligence innovation, pioneering transformative work that drives economic growth and strengthens our national security. The jury delivered a clear message today that the theft of this valuable technology will not go unpunished," U.S. Attorney Craig Missakian said in a statement.

An anonymous reader quotes a report from the Guardian: The UK could introduce a universal basic income (UBI) to protect workers in industries that are being disrupted by AI, the investment minister Jason Stockwood has said. "Bumpy" changes to society caused by the introduction of the technology would mean there would have to be "some sort of concessionary arrangement with jobs that go immediately", Lord Stockwood said. The Labour peer told the Financial Times: "Undoubtedly we're going to have to think really carefully about how we soft-land those industries that go away, so some sort of [universal basic income], some sort of lifelong mechanism as well so people can retrain."

A universal basic income is not part of official government policy, but when asked whether people in government were considering the need for UBI, Stockwood told the FT: "People are definitely talking about it." [...] While he has previously been a vocal proponent of a wealth tax in the UK, Stockwood told the FT he had not repeated his calls for the government to go further on taxing the rich. However, he added: "If you make your money and the first thing you do is you speak to a tax adviser to ask: 'Where can we pay the lowest tax?' we don't want those people in this country, I'd suggest, because you're not committed to your communities and the long-term success in this country."

An anonymous reader quotes a report from Wired: Earlier this month, Joseph Thacker's neighbor mentioned to him that she'd preordered a couple of stuffed dinosaur toys for her children. She'd chosen the toys, called Bondus, because they offered an AI chat feature that lets children talk to the toy like a kind of machine-learning-enabled imaginary friend. But she knew Thacker, a security researcher, had done work on AI risks for kids, and she was curious about his thoughts.

So Thacker looked into it. With just a few minutes of work, he and a web security researcher friend named Joel Margolis made a startling discovery: Bondu's web-based portal, intended to allow parents to check on their children's conversations and for Bondu's staff to monitor the products' use and performance, also let anyone with a Gmail account access transcripts of virtually every conversation Bondu's child users have ever had with the toy.

Without carrying out any actual hacking, simply by logging in with an arbitrary Google account, the two researchers immediately found themselves looking at children's private conversations, the pet names kids had given their Bondu, the likes and dislikes of the toys' toddler owners, their favorite snacks and dance moves. In total, Margolis and Thacker discovered that the data Bondu left unprotected -- accessible to anyone who logged in to the company's public-facing web console with their Google username -- included children's names, birth dates, family member names, "objectives" for the child chosen by a parent, and most disturbingly, detailed summaries and transcripts of every previous chat between the child and their Bondu, a toy practically designed to elicit intimate one-on-one conversation. More than 50,000 chat transcripts were accessible through the exposed web portal. When the researchers alerted Bondu about the findings, the company acted to take down the console within minutes and relaunched it the next day with proper authentication measures.

"We take user privacy seriously and are committed to protecting user data," Bondu CEO Fateen Anam Rafid said in his statement. "We have communicated with all active users about our security protocols and continue to strengthen our systems with new protections," as well as hiring a security firm to validate its investigation and monitor its systems in the future.

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: Two security professionals who were arrested in 2019 after performing an authorized security assessment of a county courthouse in Iowa will receive $600,000 to settle a lawsuit they brought alleging wrongful arrest and defamation. The case was brought by Gary DeMercurio and Justin Wynn, two penetration testers who at the time were employed by Colorado-based security firm Coalfire Labs. The men had written authorization from the Iowa Judicial Branch to conduct "red-team" exercises, meaning attempted security breaches that mimic techniques used by criminal hackers or burglars.

The objective of such exercises is to test the resilience of existing defenses using the types of real-world attacks the defenses are designed to repel. The rules of engagement for this exercise explicitly permitted "physical attacks," including "lockpicking," against judicial branch buildings so long as they didn't cause significant damage. [...] DeMercurio and Wynn's engagement at the Dallas County Courthouse on September 11, 2019, had been routine. A little after midnight, after finding a side door to the courthouse unlocked, the men closed it and let it lock. They then slipped a makeshift tool through a crack in the door and tripped the locking mechanism. After gaining entry, the pentesters tripped an alarm alerting authorities.

Within minutes, deputies arrived and confronted the two intruders. DeMercurio and Wynn produced an authorization letter -- known as a "get out of jail free card" in pen-testing circles. After a deputy called one or more of the state court officials listed in the letter and got confirmation it was legit, the deputies said they were satisfied the men were authorized to be in the building. DeMercurio and Wynn spent the next 10 or 20 minutes telling what their attorney in a court document called "war stories" to deputies who had asked about the type of work they do. When Sheriff Leonard arrived, the tone suddenly changed. He said the Dallas County Courthouse was under his jurisdiction and he hadn't authorized any such intrusion. Leonard had the men arrested, and in the days and weeks to come, he made numerous remarks alleging the men violated the law. A couple months after the incident, he told me that surveillance video from that night showed "they were crouched down like turkeys peeking over the balcony" when deputies were responding. I published a much more detailed account of the event here. Eventually, all charges were dismissed.

An anonymous reader shares a report: Chat & Ask AI, one of the most popular AI apps on the Google Play and Apple App stores that claims more than 50 million users, left hundreds of millions of those users' private messages with the app's chatbot exposed, according to an independent security researcher and emails viewed by 404 Media. The exposed chats showed users asked the app "How do I painlessly kill myself," to write suicide notes, "how to make meth," and how to hack various apps.

The exposed data was discovered by an independent security researcher who goes by Harry. The issue is a misconfiguration in the app's usage of the mobile app development platform Google Firebase, which by default makes it easy for anyone to make themselves an "authenticated" user who can access the app's backend storage where in many instances user data is stored.

Harry said that he had access to 300 million messages from more than 25 million users in the exposed database, and that he extracted and analyzed a sample of 60,000 users and a million messages. The database contained user files with a complete history of their chats with the AI, timestamps of those chats, the name they gave the app's chatbot, how they configured the model, and which specific model they used. Chat & Ask AI is a "wrapper" that plugs into various large language models from bigger companies users can choose from, Including OpenAI's ChatGPT, Anthropic's Claude, and Google's Gemini.

joshuark shares a report from BleepingComputer: The FBI has seized the notorious RAMP cybercrime forum, a platform used to advertise a wide range of malware and hacking services, and one of the few remaining forums that openly allowed the promotion of ransomware operations. Both the forum's Tor site and its clearnet domain, ramp4u[.]io, now display a seizure notice stating, "The Federal Bureau of Investigation has seized RAMP."

While there has been no official announcement by law enforcement regarding this seizure, the domain name servers have now been switched to those used by the FBI when seizing domains. If so, law enforcement now has access to a significant amount of data tied to the forum's users, including email addresses, IP addresses, private messages, and other potentially incriminating information. In a forum post to the XSS hacking forum, one of the alleged former RAMP operators known as "Stallman" confirmed the seizure.

French lawmakers have voted to ban social media access for children under 15 and prohibit mobile phones in high schools, positioning France as the second country after Australia to impose sweeping age-based digital restrictions. The Guardian reports: The lower national assembly adopted the text by a vote of 130 to 21 in a lengthy overnight session from Monday to Tuesday. It will now go to the Senate, France's upper house, ahead of becoming law. Macron hailed the vote as a "major step" to protect French children and teenagers in a post on X. The legislation, which also provides for a ban on mobile phones in high schools, would make France the second country to take such a step following Australia's ban for under-16s in December. [...] "The emotions of our children and teenagers are not for sale or to be manipulated, either by American platforms or Chinese algorithms," Macron said in a video broadcast on Saturday. Authorities want the measures to be enforced from the start of the 2026 school year for new accounts.

Former prime minister Gabriel Attal, who leads Macron's Renaissance party in the lower house, said he hoped the Senate would pass the bill by mid-February so that the ban could come into force on September 1. He added that "social media platforms will then have until December 31 to deactivate existing accounts" that do not comply with the age limit. [...] The draft bill excludes online encyclopedias and educational platforms. An effective age verification system would have to come into force for the ban to become reality. Work on such a system is under way at the European level.

An anonymous reader quotes a report from Politico: The interim head of the country's cyber defense agency uploaded sensitive contracting documents into a public version of ChatGPT last summer, triggering multiple automated security warnings that are meant to stop the theft or unintentional disclosure of government material from federal networks, according to four Department of Homeland Security officials with knowledge of the incident. The apparent misstep from Madhu Gottumukkala was especially noteworthy because the acting director of the Cybersecurity and Infrastructure Security Agency had requested special permission from CISA's Office of the Chief Information Officer to use the popular AI tool soon after arriving at the agency this May, three of the officials said. The app was blocked for other DHS employees at the time.

None of the files Gottumukkala plugged into ChatGPT were classified, according to the four officials, each of whom was granted anonymity for fear of retribution. But the material included CISA contracting documents (PDF) marked "for official use only," a government designation for information that is considered sensitive and not for public release. Cybersecurity sensors at CISA flagged the uploads this past August, said the four officials. One official specified there were multiple such warnings in the first week of August alone. Senior officials at DHS subsequently led an internal review to assess if there had been any harm to government security from the exposures, according to two of the four officials. It is not clear what the review concluded.

Amazon is discontinuing its Amazon One palm recognition ID system for stores later this year, the company informed users. From a report: The company will discontinue Amazon One services at retail businesses on June 3, 2026, according to a support page for the service and email messages to customers. "In response to limited customer adoption, we're discontinuing Amazon One, our authentication service for facility access and payment," an Amazon spokesperson said. "All customer data associated with Amazon One will be securely deleted after the service ends."

The move coincides with a sweeping pullback from Amazon's physical retail experiments. Amazon announced Tuesday that it's closing all of its Amazon Go and Amazon Fresh locations, a total of 72 stores nationwide, concentrating its efforts instead on its Whole Foods Market locations and grocery delivery from Amazon.com. Amazon One launched in 2020 as a way to help speed up in-store entry and payments, identifying customers who opted-in and eliminating the need for them to present a credit card to pay. It often worked in conjunction with the company's Just Walk Out technology, which uses cameras and sensors to let customers avoid using a checkout line.

An anonymous reader shares a report: Apple is being sued by Reincubate, which makes the Camo smartphone webcam app. It has filed a lawsuit against Apple in a U.S. federal court in New Jersey, accusing the company of anticompetitive conduct and patent infringement. The suit alleges that Apple copied Camo's technology, integrated similar features into iOS, and used control over its software ecosystem to disadvantage Reincubate's Camo product.

Reincubate's Camo and Camo Studio apps allow iOS or Android phones to function as webcams for Mac and PCs. The company launched Camo in 2020. In 2022, Apple introduced Continuity Camera, a feature that enables iPhones to serve as webcams for Macs but works only within Apple's device ecosystem. According to the lawsuit, Apple copied patented features from Camo and built them into iOS to "redirect user demand to Apple's own platform-tied offering."

An anonymous reader quotes a report from Science.org: Some 10,109 doctoral-trained experts in science and related fields left their jobs last year as President Donald Trump dramatically shrank the overall federal workforce. That exodus was only 3% of the 335,192 federal workers who exited last year but represents 14% of the total number of Ph.D.s in science, technology, engineering, and math (STEM) or health fields employed at the end of 2024 as then-President Joe Biden prepared to leave office. The numbers come from employment data posted earlier this month by the White House Office of Personnel Management (OPM). At 14 research agencies Science examined in detail, departures outnumbered new hires last year by a ratio of 11 to one, resulting in a net loss of 4224 STEM Ph.D.s. The graphs that follow show the impact is particularly striking at such scientist-rich agencies as the National Science Foundation (NSF). But across the government, these departing Ph.D.s took with them a wealth of subject matter expertise and knowledge about how the agencies operate.

[...] Science's analysis found that reductions in force, or RIFs, accounted for relatively few departures in 2025. Only at the Centers for Disease Control and Prevention, where 16% of the 519 STEM Ph.D.s who left last year got pink RIF slips, did the percentage exceed 6%, and some agencies reported no STEM Ph.D. RIFs in 2025. At most agencies, the most common reasons for departures were retirements and quitting. Although OPM classifies many of these as voluntary, outside forces including the fear of being fired, the lure of buyout offers, or a profound disagreement with Trump policies, likely influenced many decisions to leave. Many Ph.D.s departed because their position was terminated.

A data breach at SoundCloud exposed information tied to 29.8 million user accounts, according to Have I Been Pwned. While SoundCloud says no passwords or financial data were accessed, attackers mapped email addresses to public profile data and later attempted extortion. BleepingComputer reports: The company confirmed the breach on December 15, following widespread reports from users who were unable to access SoundCloud and saw 403 "Forbidden" errors when connecting via VPN. SoundCloud told BleepingComputer at the time that it had activated its incident response procedures after detecting unauthorized activity involving an ancillary service dashboard. "We understand that a purported threat actor group accessed certain limited data that we hold," SoundCloud said. "We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles."

While SoundCloud didn't provide further details regarding the incident, BleepingComputer learned that the breach affected 20% of all SoundCloud users, roughly 28 million accounts based on publicly reported user figures (SoundCloud later published a security notice confirming the information provided by BleepingComputer's sources). After the breach, BleepingComputer also learned that the ShinyHunters extortion gang was responsible for the attack, with sources saying that the threat group was also attempting to extort SoundCloud. This was confirmed by SoundCloud in a January 15 update, which said the threat actors had "made demands and deployed email flooding tactics to harass users, employees, and partners."