Updated July 14:The Internet-Wide Day of Action to Save Net Neutrality on July 12 enjoyed a healthy turnout.Thousands of companies and some visible tech celebrities united against the FCC proposal called Restoring Internet Freedom, by which the new FCC chairman Ajit Pai hopes to loosen regulations for the ISPs and telecom companies that provide Internet service nationwide. The public has until mid-August to give comments to the FCC.
The protests took many forms. Organizations including the American Civil Liberties Union, Reddit, The Nation, and Greenpeace placed website blockers to imitate what would happen if the FCC loosened regulations. Other companies participating online displayed images on their sites that simulated a slowed-down Internet, or demanded extra money for faster access.
Haley Velasco/IDGFor the July 12 Internet-Wide Day of Action advocating net neutrality, sites including The Nation displayed images showing people what the web would be like if corporations operated it for a profit.
Tech giant Google published a blog post in defense of net neutrality. “Today’s open internet ensures that both new and established services, whether offered by an established internet company like Google, a broadband provider or a small startup, have the same ability to reach users on an equal playing field.”
Melissa Riofrio/IDGFacebook COO Sheryl Sandberg posted to her page about net neutrality as part of the July 12 Internet-Wide Day of Action.
Facebook joined in with Sheryl Sandberg posting her message on Facebook as well as Facebook CEO Mark Zuckerberg.“Keeping the internet open for everyone is crucial. Not only does it promote innovation, but it lets people access information that can change their lives and gives voice to those who might not otherwise be heard,” Sandberg said.
In Washington, FCC Commissioner Mignon Clyburn said in a statement that she supports a free and open internet. “Its benefits can be felt across our economy and around the globe,” she said. “That is why I am excited that on this day consumers, entrepreneurs and companies of all sizes, including broadband providers and internet startups, are speaking out with a unified voice in favor of strong net neutrality rules grounded in Title II. Knowing that the arc of success is bent in our favor and we are on the right side of history, I remain committed to doing everything I can to protect the most empowering and inclusive platform of our time.”
Sen. Ron Wyden, D-Ore., and Sen. Brian Schatz, D-Hawaii, wrote a letter to the FCC Tuesday – one day early — to make sure the FCC’s system was ready to withstand a cyberattack, as well as the large volume of calls expected Wednesday.
What led up to the protest
The July 12 Internet-Wide Day of Action strove to highlight how the web would look if telecom companies were allowed to control it for profit. Organizing groups such as Fight for the Future, Free Press Action Fund, and Demand Progress want their actions to call attention to the potential impact on everyday users, such as having to pay for faster internet access.
Where net neutrality stands: Under the Open Internet Order enacted by the FCC in 2015, internet service providers cannot block access to content on websites or apps, interfere with loading speeds, or provide favoritism to those who pay extra. However, FCC Chairman Ajit Pai, selected by President Trump in January, has been advocating a completely open internet, where the ISPs could control access or charge fees without regulation. A Senate bill that would relax regulations, called Restoring Internet Freedom (S.993), was introduced in May and was referred to the Committee on Commerce, Science, and Transportation.
What this protest is for: The July 12 protest, which organizers are calling the Internet-Wide Day of Action to Save Net Neutrality, will fight for free speech on the internet under Title II of FCC’s Communications Act of 1934. On that date, websites and apps that support net neutrality will display alerts to mimic what could happen if the FCC rolled back the rules.
Who will come together for the protest: More than 180 companies including Amazon, Twitter, Etsy, OkCupid, and Vimeo, along with advocacy groups such as the ACLU, Change.org, and Greenpeace, will join the protest and urge their users and followers to do the same.
Where the protest will take place: Sites that support net neutrality will call attention to their cause by simulating what users would experience if telecom companies were allowed to control web access. Examples will include a simulated “spinning wheel of death” (when a webpage or app won’t load), blocked notifications, and requests to upgrade to paid plans. Organizers are also calling on supporters to stage in-person protests at congressional offices and post protest selfies on social media with the tag #savethenet.
Who opposes the protest: FCC Chairman Ajit Pai and large telecom companies, such as Verizon and Comcast, want to relax net neutrality rules. Some claim that an unregulated internet will allow for more competition in the marketplace, as well as oversight of privacy and security measures.
Why this protest matters: The July 12 protest is projected to be one of the largest digital protests ever planned, with more than 50,000 people, sites, and organizations participating. If successful, it would be reminiscent of a 2012 blackout for freedom of speech on the internet to protest the Stop Online Piracy Act and the PROTECT IP Act, and an internet slowdown in 2014 to demand discussions about net neutrality.
In less than three months’ time, almost no civil servant, police officer or judge in Schleswig-Holstein will be using any of Microsoft’s ubiquitous programs at work.
Instead, the northern state will turn to open-source software to “take back control” over data storage and ensure “digital sovereignty”, its digitalisation minister, Dirk Schroedter, told AFP.
“We’re done with Teams!” he said, referring to Microsoft’s messaging and collaboration tool and speaking on a video call — via an open-source German program, of course.
The radical switch-over affects half of Schleswig-Holstein’s 60,000 public servants, with 30,000 or so teachers due to follow suit in coming years.
The state’s shift towards open-source software began last year.
The current first phase involves ending the use of Word and Excel software, which are being replaced by LibreOffice, while Open-Xchange is taking the place of Outlook for emails and calendars.
Over the next few years, there will also be a switch to the Linux operating system in order to complete the move away from Windows.
[…]
“The geopolitical developments of the past few months have strengthened interest in the path that we’ve taken,” said Schroedter, adding that he had received requests for advice from across the world.
“The war in Ukraine revealed our energy dependencies, and now we see there are also digital dependencies,” he said.
The government in Schleswig-Holstein is also planning to shift the storage of its data to a cloud system not under the control of Microsoft, said Schroedter.
In an interview with Danish broadsheet newspaper Politiken [Danish], Caroline Olsen, the country’s Minister for Digital Affairs, said she is planning to lead by example and start removing Microsoft software and tools from the ministry. The minister told Jutland’s Nordyske [🇩🇰 Danish, but not paywalled] the plan is that half the staff’s computers – including her own – would have LibreOffice in place of Microsoft Office 365 in the first month, with the goal of total replacement by the end of the year.
Given that earlier this year, US President Donald Trump was making noises about taking over Greenland, an autonomous territory of Denmark, it seems entirely understandable for the country to take a markedly increased interest in digital sovereignty – as Danish Ruby guru David Heinemeier Hansson explained just a week ago.
[…]
The more pressing problem tends to be groupware – specifically, the dynamic duo of Outlook and Exchange, as Bert Hubert told The Register earlier this year. Several older versions go end-of-life soon, along with Windows 10. Modernizing is expensive, which makes migrating look more appealing.
A primary alternative to Redmond, of course, is Mountain View. Google’s offerings can do the job. In December 2021, the Nordic Choice hotel group was hit by Conti ransomware, but rather than pay to regain access to its machines, it switched to ChromeOS.
The thing is, this is jumping from one US-based option to another. That’s why France rejected both a few years ago, and we reported on renewed EU interest early the following year. Such things may be why French SaaS groupware offering La Suite numérique is looking quite complete and polished these days.
EU organizations can host their own cloud office suite thanks to Collabora’s CODE, which runs LibreOffice on an organization’s own webservers – easing deployment and OS migration.
Not content to wait for open letters to influence the European Commission, Dutch parliamentarians have taken matters into their own hands by passing eight motions urging the government to ditch US-made tech for homegrown alternatives.
With each IT service our government moves to American tech giants, we become dumber and weaker…
The motions were submitted and all passed yesterday during a discussion in the Netherlands’ House of Representatives on concerns about government data being shipped overseas. While varied, they all center on the theme of calling on the government to replace software and hardware made by US tech companies, acquire new contracts with Dutch companies who offer similar services, and generally safeguard the country’s digital sovereignty.
“With each IT service our government moves to American tech giants, we become dumber and weaker,” Dutch MP Barbara Kathmann, author of four of the motions, told The Register. “If we continue outsourcing all of our digital infrastructure to billionaires that would rather escape Earth by building space rockets, there will be no Dutch expertise left.”
Kathmann’s measures specifically call on the government to stop the migration of Dutch information and communications technology to American cloud services, the creation of a Dutch national cloud, the repatriation of the .nl top-level domain to systems operating within the Netherlands, and for the preparation of risk analyses and exit strategies for all government systems hosted by US tech giants. The other measures make similar calls for eliminating the presence of US tech companies in government systems and the preference of local alternatives.
“We have identified the causes of our full dependency on US services,” Kathmann told us. “We have to start somewhere – by pausing all thoughtless migrations to American hyperscalers, new opportunities open up for Dutch and European providers.”
The motions passed by the Dutch parliament come as the Trump administration ratchets up tensions with a number of US allies – the EU among them. Nearly 100 EU-based tech companies and lobbyists sent an open letter to the European Commission this week asking it to find a way to divest the bloc from systems managed by US companies due to “the stark geopolitical reality Europe is now facing.”
The only question is, how did the retards in charge of procurement allow themselves to buy 100% US and closed source vendor lock-in in the first place, gutting the EU software development market?
Researchers have reported growing hearts containing human cells in pig embryos for the first time. The embryos survived for 21 days, and in that time their tiny hearts started beating. The findings were presented this week at the annual meeting of the International Society for Stem Cell Research in Hong Kong.
[…]
Pigs are a suitable donor species because the size and anatomy of their organs are comparable with those of humans, says Lai Liangxue
[…]
In their study, which has not been peer reviewed, Lai and his team reprogrammed human stem cells to bolster their ability to survive in a pig, by introducing genes that prevent cell death and enhance cell growth. They then generated pig embryos in which two specific genes that have key roles in heart development were knocked out. A handful of human stem cells were introduced into the pig embryos at the morula stage, soon after fertilization — a point at which the embryo consists of a ball of about a dozen cells that are rapidly dividing. The embryos were then transferred to surrogate pigs.
The team found that the embryos grew for up to 21 days, after which they did not survive. Lai says it’s possible the human cells disrupted the function of the pig hearts.
Last month, ahead of the launch of the Switch 2 and its GameChat communication features, Nintendo updated its privacy policy to note that the company “may also monitor and record your video and audio interactions with other users.” Now that the Switch 2 has officially launched, we have a clearer understanding of how the console handles audio and video recorded during GameChat sessions, as well as when that footage may be sent to Nintendo or shared with partners, including law enforcement. Before using GameChat on Switch 2 for the first time, you must consent to a set of GameChat Terms displayed on the system itself. These terms warn that chat content is “recorded and stored temporarily” both on your system and the system of those you chat with. But those stored recordings are only shared with Nintendo if a user reports a violation of Nintendo’s Community Guidelines, the company writes.
That reporting feature lets a user “review a recording of the last three minutes of the latest three GameChat sessions” to highlight a particular section for review, suggesting that chat sessions are not being captured and stored in full. The terms also lay out that “these recordings are available only if the report is submitted within 24 hours,” suggesting that recordings are deleted from local storage after a full day. If a report is submitted to Nintendo, the company warns that it “may disclose certain information to third parties, such as authorities, courts, lawyers, or subcontractors reviewing the reported chats.” If you don’t consent to the potential for such recording and sharing, you’re prevented from using GameChat altogether.
Nintendo is extremely clear that the purpose of its recording and review system is “to protect GameChat users, especially minors” and “to support our ability to uphold our Community Guidelines.” This kind of human moderator review of chats is pretty common in the gaming world and can even apply to voice recordings made by various smart home assistants. […] Overall, the time-limited, local-unless-reported recordings Nintendo makes here seem like a minimal intrusion on the average GameChat user’s privacy. Still, if you’re paranoid about Nintendo potentially seeing and hearing what’s going on in your living room, it’s good to at least be aware of it.
It’s just a comma in a 66-page document. But a comma that will cost Apple billions of euros in Europe. Starting June 23, the Cupertino-based company will no longer be able to collect commissions on external transactions made from an iPhone or iPad. In other words, all app developers will be able to redirect their users to a website to make a purchase or subscribe to a service without paying Apple a single cent.
This bombshell, which comes just after an unfavorable ruling in the US, is the result of a months-long syntactic battle with the European Commission over the exact meaning of an article in the Digital Markets Act (DMA), designed to strengthen competition in the digital space. In late April, Apple had already been fined €500 million.
Enacted last year, the DMA bans the so-called anti-steering practice, which Apple has enforced since the launch of the App Store. This required developers to use its payment platform and pay it 15% or 30%. Officially, Apple has abandoned this, though Brussels still accuses it of maintaining “technical and commercial restrictions.”
However, Apple has not given up on collecting commissions. It initially set them at 12% or 27% for purchases made within seven days after redirection. It has since introduced a more complex system, with fees of up to 25% on transactions during the twelve months following installation or update of an app. According to the EU, these commissions not only go “beyond what is strictly necessary”—as noted a year ago—but they also violate the DMA.
A comma that changes everything?
The disagreement between Apple and Brussels centers on Article 5.4. In its English version, the article states that the gatekeeper—the term used by the Commission for the seven major tech companies subject to the DMA—“shall allow business users, free of charge, to communicate and promote offers, including under different conditions […], and to conclude contracts with those end users.”
This lengthy sentence creates ambiguity: what exactly does “free of charge” apply to? Apple claims it only applies to “communicate” and “promote,” meaning the right to insert redirect links in an app. But not to “conclude contracts,” meaning making purchases. Based on that, Apple argues it can still charge commissions on those external transactions.
The European Commission interprets it differently: contract conclusion must also be free of charge. It relies on the comma before the phrase “and to conclude contracts,” turning the sentence into an “enumeration.” “That ‘free of charge’ applies to all that is being enumerated after”, it explains in its detailed decision sent to Apple as part of the €500 million fine, which was made public last week.
“In other words, the price for app developers to pay [for external purchases] is zero,” writes the Commission. However, its case could be weakened by inconsistencies in the French and German translations of the text, which it acknowledges are “ambiguous.” Still, “other linguistic versions leave no room for interpretation,” notes Brussels.
Daily penalties of up to €47 million
To complicate matters further, the regulator acknowledges that Apple can be compensated for the initial acquisition of a customer by a developer. But this commission—whose rate must be determined by the company—can only apply within a “limited initial time window” after the first installation of an app.
Crucially, it only concerns the very first transaction, even if the user deletes and later reinstalls the app. “An end user can only be acquired once,” says the Commission. Apple contests this, arguing that “the value of the initial purchase is a poor measure of value delivered by App Store” since it only represents a “small fraction of acquisition value to developer”.
[…]
For a year now, it has adopted a very combative stance toward the DMA, aiming to concede as little as possible. But it faces daily penalties of up to €47 million. In April, European officials said they would not hesitate to apply them if necessary.
Apple has been putting spanners in the works of the EU DMA since inception and has been pissing off developers, the EU and customers since then. The EU is toughening it’s stance – the spirit of the law is more important than a single comma in a huge document in Europe.
Russian counterintelligence agents are analyzing data from the popular Chinese messaging and social media app WeChat to monitor people who might be in contact with Chinese spies, according to a Russian intelligence document obtained by The New York Times.
The disclosure highlights the rising level of concern about Chinese influence in Russia as the two countries deepen their relationship. As Russia has become isolated from the West over its war in Ukraine, it has become increasingly reliant on Chinese money, companies and technology. But it has also faced what the document describes as increased Chinese espionage efforts.
The document indicates that the Russian domestic security agency, known as the F.S.B., pulls purloined data into an analytical tool known as “Skopishche” (a Russian word for a mob of people). Information from WeChat is among the data being analyzed, according to the document.
Read More
Russian intelligence officers are increasingly concerned about Chinese espionage as the two countries grow closer.
Secret Russian Intelligence Document Shows Deep Suspicion of China
June 7, 2025
How We Obtained and Vetted a Russian Intelligence Document
June 7, 2025
The document offers insights into the espionage tactics of two authoritarian governments that are preoccupied with surveillance.
According to the document, the system processes detailed data on WeChat users, including account logins, contact lists and message archives, some of which are extracted from phones seized from people of interest to Russia’s spy hunters.
The tool is used to scrutinize the data trail of “people using the Chinese messenger WeChat to talk to representatives of the PRC intelligence services,” the document says, using the abbreviation for the People’s Republic of China.
[…]
WeChat, owned by the Chinese tech giant Tencent, is one of the most widely used digital platforms in the world, mostly concentrated in China and among Chinese communities. It functions as an all-in-one tool that combines messaging, mobile payments, social networking and government services. The app has over 1.4 billion users globally, according to Tencent financial disclosures.
[…]
WeChat added some limited encryption features in 2016, according to Mona Wang, a research fellow at the University of Toronto’s Citizen Lab. But the security improvements still fall short of the encryption offered by other messaging apps like Signal or WhatsApp.
It is unclear why Chinese intelligence officers would use WeChat to communicate with sources, given its lack of end-to-end encryption. But sources or potential recruits may not know they are communicating with spies, who often pose as diplomats and strike up casual conversations at first.
A few months ago, I disabled javascript on my browser while testing if there were any Google services left that still worked without JS in the modern web. Interestingly enough, the username recovery form still worked!
This surprised me, as I used to think these account recovery forms required javascript since 2018 as they relied on botguard solutions generated from heavily obfuscated proof-of-work javascript code for anti-abuse.
[Technical report follows – nb Google has fixed this now]
In what seemed to be a development that came from nowhere, there’s a new entrant into the reusable launch systems competition – Honda. The giant Japanese industrial conglomerate recently launched a prototype reusable rocket up to 300m and landed it safely back on Earth.
[…]
Honda’s first test launch took place on June 17th. During the test, a prototype rocket that was 6.3m tall and 85 cm in diameter, with a wet weight of 1312 kg, launched 271.4 m into the air and landed 37 cm from its nominal landing spot after a 56.6 second flight. Data was collected throughout the test to inform the next round of testing.
This step is the equivalent to the famous “Grasshopper” experiments that SpaceX completed back in 2013, where the rocket would launch, hover and return to the ground. It was a necessary step on the path to reusable rocketry, and Honda is now only the fourth company to ever complete this feat.
[…]
SpaceX is famous for it’s work culture that is at least partly driven by fear of failure [and, a huge string of failures!], which probably won’t be the case for the Honda engineers who could simply shuffle off to other parts of the organization if their rocketry experiments fail. But, given Japan’s increasing presence in the growing space industry, it was only a matter of time before a Japanese champion would join the fray of the new RLV industry.
We disclose a novel tracking method by Meta and Yandex potentially affecting billions of Android users. We found that native Android apps—including Facebook, Instagram, and several Yandex apps including Maps and Browser—silently listen on fixed local ports for tracking purposes.
These native Android apps receive browsers’ metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of web sites. These JavaScripts load on users’ mobile browsers and silently connect with native apps running on the same device through localhost sockets. As native apps access programatically device identifiers like the Android Advertising ID (AAID) or handle user identities as in the case of Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users’ visiting sites embedding their scripts.
This web-to-app ID sharing method bypasses typical privacy protections such as clearing cookies, Incognito Mode and Android’s permission controls. Worse, it opens the door for potentially malicious apps eavesdropping on users’ web activity.
[…]
Android OS allows any installed app with the INTERNET permission to open a listening socket on the loopback interface (127.0.0.1). Browsers running on the same device also access this interface without user consent or platform mediation. This allows JavaScript embedded on web pages to communicate with native Android apps and share identifiers and browsing habits, bridging ephemeral web identifiers to long-lived mobile app IDs using standard Web APIs.
[…]
Additional risk: Browsing history leak
Using HTTP requests for web-to-native ID sharing (i.e. not WebRTC STUN or TURN) may expose users browsing history to third-parties. A malicious third-party Android application that also listens on the aforementioned ports can intercept the HTTP requests sent by the Yandex Metrica script and the first, now-unused, implementation of Meta’s communication channel by monitoring the Origin HTTP header.
We developed a proof-of-concept app to demonstrate the feasibility of this browsing history harvesting by a malicious third-party app. We found that browsers such as Chrome, Firefox and Edge are susceptible to this form of browsing history leakage in both default and private browsing modes. Brave browser was unaffected by this issue due to their blocklist and the blocking of requests to the localhost; and DuckDuckGo was only minimally affected due to missing domains in their blocklist.
[…]
According to BuiltWith, a website that tracks web technology adoption: Meta Pixel is embedded on over 5.8 million websites. Yandex Metrica, on the other hand, is present on close to 3 million websites. According to HTTP Archive, an open and public dataset that runs monthly crawls of ~16 million websites, Meta Pixel and Yandex Metrica are present on 2.4 million and 575,448 websites, respectively.
[…]
Disclosure
Our responsible disclosure to major Android browser vendors led to several patches attempting to mitigate this issue; some already deployed, others currently in development. We thank all participating vendors (Chrome, Mozilla, DuckDuckGo, and Brave) for their active collaboration and constructive engagement throughout the process. Other Chromium-based browsers should follow upstream code changes to patch their own products.
However, beyond these short-term fixes, fully addressing the issue will require a broader set of measures as they are not covering the fundamental limitations of platforms’ sandboxing methods and policies. These include user-facing controls to alert users about localhost access, stronger platform policies accompanied by consistent and strict enforcement actions to proactively prevent misuse, and enhanced security around Android’s interprocess communication (IPC) mechanisms, particularly those relying on localhost connections.
Researchers in Japan have developed a plastic that dissolves in seawater within hours, offering up a potential solution for a modern-day scourge polluting oceans and harming wildlife.
While scientists have long experimented with biodegradable plastics, researchers from the RIKEN Center for Emergent Matter Science and the University of Tokyo say their new material breaks down much more quickly and leaves no residual trace.
[…]
Aida said the new material is as strong as petroleum-based plastics but breaks down into its original components when exposed to salt. Those components can then be further processed by naturally occurring bacteria, thereby avoiding generating microplastics that can harm aquatic life and enter the food chain.
As salt is also present in soil, a piece about five centimetres (two inches) in size disintegrates on land after over 200 hours, he added.
The material can be used like regular plastic when coated, and the team are focusing their current research on the best coating methods, Aida said. The plastic is non-toxic, non-flammable, and does not emit carbon dioxide, he added.
A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names.
The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs —believed to have raked in billions from companies, hospitals, and individuals worldwide.
It’s part of his “fight against an organized society of criminals known worldwide,” GangExposed told The Register via Signal chat. He claims that he’s not interested in the $10 million bounty that the Feds have put up for information about one key Conti leader that he’s already named, as well as a second that he says will soon be identified on Telegram.
“I take pleasure in thinking I can rid society of at least some of them,” GangExposed said. “I simply enjoy solving the most complex cases.”
After creating his latest Telegram channel on May 5 — GangExposed says two earlier accounts were shut down days ago — he published his first “revelation” and outed Stern, the leader of Trickbot and Conti, as 36-year-old Russian named Vitaly Nikolaevich Kovalev. Stern’s identity was later confirmed by German police.
I take pleasure in thinking I can rid society of at least some of them
A couple of days later, GangExposed claimed to identify another key Conti crim who goes by Professor as Vladimir Viktorovich Kvitko, a 39-year-old Russian national who reportedly relocated from Moscow to Dubai. According to chat logs and other communications leaked by GangExposed, Kvitko and other Conti leaders moved to Dubai in 2020 and set up shop in the United Arab Emirates to continue their cyberattacks against Western organizations.
“Kvitko maintains a modest lifestyle, with known property in Moscow and several vehicles registered to family members,” GangExposed posted. “Income mostly originates from RM RAIL Management Company and Rosselkhozbank. In contrast, other Conti leaders (e.g., ‘Target’) display significant luxury assets, including a Moscow City apartment, Ferrari, and 2 multiple Maybach vehicles.”
He also published a video of what GangExposed says is six Conti ransomware members on a private jet, celebrating the birthday of another key leader, Target.
The US government has offered up to $10 million for information leading to the identification or location of five key Conti operators, including “Professor” and “Target.” GangExposed says he’s going to identify Target next.
“Essentially I burned $10 million when I published Professor,” he told The Register. “And I’m about to burn another $10 million when I publish Target.”
And on Thursday, he posted a whopping 15 photos of alleged Conti members along with a more detailed write-up of Conti’s lead sysadmin Defender, aka Andrey Yuryevich Zhuykov, and Mango, aka Mikhail Mikhailovich Tsaryov, a senior manager within the group.
This is no longer just a leak — it’s a high-stakes intelligence war
“This is no longer just a leak — it’s a high-stakes intelligence war,” FalconFeeds threat intel analysts posted on social media.
Who is GangExposed?
GangExposed calls himself an “independent anonymous investigator” without any formal IT background, and said he hasn’t had “a ‘real’ name in years.”
“My toolkit includes classical intelligence analysis, logic, factual research, OSINT methodology, stylometry (I am a linguist and philologist), human psychology, and the ability to piece together puzzles that others don’t even notice,” he said. “I am a cosmopolitan with many homes but no permanent base — I move between countries as needed. My privacy standards are often stricter than those of most subjects of my investigations.”
GangExposed says he obtained all of the data he leaked via “semi-closed databases, darknet services (for probing state records through corrupt officials), and I often purchase information. I have access to the leaked FSB border control database,” which he says was being sold on the darkweb for $250,000.
He hopes his investigation can achieve three objectives. First, he wants to publicly identify all of the gangs’ key criminal participants — GangExposed puts this number at around 50 — see them sanctioned, and also named on Interpol’s wanted persons list.
Second, GangExposed says he wants to “disrupt their current enrichment schemes by exposing the organizers of the Blockchain Life forum, which serves as a breeding ground for fraudulent pyramid schemes.”
Blockchain Life, according to the internal chat logs, was a scheme organized by Khitrov and Kovalev (aka Stern) that aimed to legitimize Trickbot’s and Conti’s illegally obtained cryptocurrency earnings
Finally, GangExposed says he wants to “deprive them of a safe haven in the UAE. The respected authorities of the UAE strictly uphold their laws, and while they lack extradition agreements for cybercriminals, I’ve managed to investigate and prove that Conti used the UAE specifically for carrying out attacks. In other words, they physically committed a series of crimes while being present there.”
Some security researchers think he could in fact be a disgruntled former ransomware criminal looking to burn his bosses or simply resurface the 2022 Conti leaks.
“The data we’ve reviewed provides strong indicators that the source behind the leak is either an ex-member or a disgruntled insider from within the group — given the level of access, context, and internal coordination reflected in the communications,” Technisanct founder and CEO Nandakishore Harikumar told The Register. Technisanct owns FalconFeeds.
Harikumar’s threat-intel group has analyzed all of GangExposed’s leaks, and shared a 34-page analysis with The Register about the massive data dump. He recommends that law enforcement pursue investigative leads from the newly disclosed personally identifiable information about key Conti leaders detailed in the leaks. ®
Apple has filed an appeal with the European Union’s General Court in Luxembourg challenging the bloc’s order requiring greater iOS interoperability with rival companies’ products under the Digital Markets Act. The EU executive in March directed Apple to make its mobile operating system more compatible with competitors’ apps, headphones, and virtual reality headsets by granting developers and device makers access to system components typically reserved for Apple’s own products.
Apple contends the requirements threaten its seamless user experience while creating security risks, noting that companies have already requested access to sensitive user data including notification content and complete WiFi network histories. The company faces potential fines of up to 10% of its worldwide annual revenue if found in violation of the DMA’s interoperability rules designed to curb Big Tech market power.
The United States government has collected DNA samples from upwards of 133,000 migrant children and teenagers—including at least one 4-year-old—and uploaded their genetic data into a national criminal database used by local, state, and federal law enforcement, according to documents reviewed by WIRED. The records, quietly released by the US Customs and Border Protection earlier this year, offer the most detailed look to date at the scale of CBP’s controversial DNA collection program. They reveal for the first time just how deeply the government’s biometric surveillance reaches into the lives of migrant children, some of whom may still be learning to read or tie their shoes—yet whose DNA is now stored in a system originally built for convicted sex offenders and violent criminals.
[…]
Spanning from October 2020 through the end of 2024, the records show that CBP swabbed the cheeks of between 829,000 and 2.8 million people, with experts estimating that the true figure, excluding duplicates, is likely well over 1.5 million. That number includes as many as 133,539 children and teenagers. These figures mark a sweeping expansion of biometric surveillance—one that explicitly targets migrant populations, including children.
[…]
Under current rules, DNA is generally collected from anyone who is also fingerprinted. According to DHS policy, 14 is the minimum age at which fingerprinting becomes routine.
[…]
“Taking DNA from a 4-year old and adding it into CODIS flies in the face of any immigration purpose,” she says, adding, “That’s not immigration enforcement. That’s genetic surveillance.”
In 2024, Glaberson coauthored a report called “Raiding the Genome” that was the first to try to quantify DHS’s 2020 expansion of DNA collection. It found that if DHS continues to collect DNA at the rate the agency itself projects, one-third of the DNA profiles in CODIS by 2034 will have been taken by DHS, and seemingly without any real due process—the protections that are supposed to be in place before law enforcement compels a person to hand over their most sensitive information.
A few weeks ago Walled Culture explored how the leaders in the generative AI world are trying to influence the future legal norms for this field. In the face of a powerful new form of an old technology – AI itself has been around for over 50 years – those are certainly needed. Governments around the world know this too: they are grappling with the new issues that large language models (LLMs), generative AI, and chatbots are raising every day, not least in the realm of copyright. For example, one EU body, EUIPO, has published a 436-page study “The Development Of Generative Artificial Intelligence From A Copyright Perspective”. Similarly, the US Copyright Office has produced a three-part report that “analyzes copyright law and policy issues raised by artificial intelligence”. The first two parts were on Digital Replicas and Copyrightability. The last part, just released in a pre-publication form, is on Generative AI Training. It is one of the best introductions to that field, and not too long – only 113 pages.
Alongside these government moves to understand this area, there are of course efforts by the copyright industry itself to shape the legal landscape of generative AI. Back in March, Walled Culture wrote about a UK campaign called “Make It Fair”, and now there is a similar attempt to reduce everything to a slogan by a European coalition of “authors, performers, publishers, producers, and cultural enterprises”. The new campaign is called “Stay True to the Act” – the Act in question being the EU Artificial Intelligence Act. The main document explaining the latest catchphrase comes from the European Publishers Council, and provides numerous insights into the industry’s thinking here. It comes as no surprise to read the following:
Let’s be clear: our content—paid for through huge editorial investments—is being ingested by AI systems without our consent and without compensation. This is not innovation; it is copyright theft.
As Walled Culture explained in March, that’s not true: material is not stolen, it is simply analysed as part of the AI training. Analysing texts or images is about knowledge acquisition, not copyright infringement.
In the Stay True to the Act document, this tired old trope of “copyright theft” leads naturally to another obsession of the copyright world: a demand for what it calls “fair licences”. Walled Culture the book (free digital versions available) noted that this is something that the industry has constantly pushed for. Back in 2013, a series of ‘Licences for Europe’ stakeholder dialogues were held, for example. They were based on the assumption that modernising copyright meant bringing in licensing for everything that occurred online. If a call for yet more licensing is old hat, the campaign’s next point is a novel one:
AI systems don’t just scrape our articles—they also capture our website layouts, our user activity, and data that is critical to our advertising models.
It’s hard to understand what the problem is here, other than the general concern about bots visiting and scraping sites – something that is indeed getting out of hand in terms of volume and impact on servers. It’s not as if generative AI cares about Web site design, and it’s hard to see what data about advertising models can be gleaned. It’s also worth nothing that this is the only point where members of the general public are mentioned in the entire document, albeit only as “users”. When it comes to copyright, publishers don’t care about the rights or the opinions of ordinary citizens. Publishers do care about journalists, at least to the following extent:
AI-generated content floods the market with synthetic articles built from our journalism. Search engines like Google’s and chatbots like ChatGPT, increasingly serve AI summaries which is wiping out the traffic we rely on, especially from dominant players.
The statement that publishers “rely on” traffic from search engines is an unexpected admission. The industry’s main argument for the “link tax” that is now part of the EU Copyright Directive was that search engines were giving nothing significant back when their search results linked to the original article, and should therefore pay something. Now publishers are admitting that the traffic from search engines is something they “rely on”. Alongside that significant U-turn on the part of the publishers, there is a serious general point about journalism in the age of AI:
These [generative AI] tools don’t create journalism. They don’t do fact-checking, hold power to account, or verify sources. They operate with no editorial standards, no legal liability—and no investment in the public interest. And yet, without urgent action, there is a danger they will replace us in the digital experience.
This is an extremely important issue, and the publishers are right to flag it up. But demanding yet more licensing agreements with AI companies is not the answer. Even if the additional monies were all spent on bolstering reporting – a big “if” – the sums involved would be too small to matter. Licensing does not address the root problem, which is that important kinds of journalism need to be supported and promoted in new ways.
One solution is that adopted by the Guardian newspaper, which is funded by its readers who want to read and sustain high-quality journalism. This could be part of a wider move to the “true fans” idea discussed in Walled Culture the book. Another approach is for more government support – at arm’s length – for journalism of the kind produced by the BBC, say, where high editorial standards ensure that fact-checking and source verification are routinely carried out – and budgeted for.
Complementing such direct support for journalism, new laws are needed to disincentivise the creation of misleading fake news stories and outright lies that increasingly drown out the truth. The Stay True to the Act document suggests “platform liability for AI-generated content”, and that could be part of the answer; but the end users who produce such material should also face consequences for their actions.
In its concluding section, “3-Pillar Model for the Future – and Why Licensing is Essential”, the document bemoans the fact that advertising revenue is “declining in a distorted market dominated by Google and Meta”. That is true, but only because publishers have lazily acquiesced in an adtech model based on real-time bidding for online ads powered by the constant surveillance of visitors to Web sites. A better approach is to use contextual advertising, where ads are shown according to the material being viewed. This not only requires no intrusive monitoring of the personal data of visitors, but has been found to be more effective than the current approach.
Moreover, in a nice irony, the new generation of LLMs make providing contextual advertising extremely easy, since they can analyse and categorise online material rapidly for the purpose of choosing suitable ads to be displayed. Sadly, publishers’ visceral hatred of the new AI technologies means that they are unable to see these kind of opportunities alongside the threats.
The European Commission has warned Chinese e-tailer SHEIN to clean up its act, after finding several practices on its website breach local consumer law.
The Commission and Europe’s Consumer Protection Cooperation (CPC), a network of national consumer authorities, on Monday warned the e-tailer that an investigation found the following breaches of EU law on SHEN’s website:
Fake discounts: pretending to offer better deals by showing price reductions that are not based on the actual ‘prior prices’.
Pressure selling: putting consumers under pressure to complete purchases using tactics like false purchase deadlines.
Missing, incorrect and misleading information: displaying incomplete and incorrect information about consumers’ legal rights to return goods and receive refunds and failing to process returns and refunds in accordance with consumers’ relevant rights.
Deceptive product labels: using product labels that suggest that the product offers something special when in fact the relevant feature is required by law.
Misleading sustainability claims: Providing false or deceptive information about the sustainability benefits of its products.
Hidden contact details: Consumers cannot easily contact SHEIN for questions or complaints.
The regulator also asked SHEIN to provide info on how it complies with other legal obligations, including how it ensures that product rankings, reviews, and ratings are not presented in a misleading manner. Another item of concern is whether SHEIN properly informs shoppers about contracts with third-party sellers on the Chinese company’s platform.
The CPC gave SHEIN a month to respond to its findings and explain how it proposes to respond to the regulator’s findings. If the Chinese company fails to do so, it faces fines and punishment by regulators in different EU member nations.
The EU’s concerns are another worry for SHEIN, which is already impacted by the USA’s decision to impose significant tariffs on imports from China and to end the de minimis rule that saw packages valued at under $800 exempted from import duties. SHEIN specializes in cheap and cheerful items, usually sold for much less than $800.
23andMe Holding Co. (“23andMe” or the “Company”) (OTC: MEHCQ), a leading human genetics and biotechnology company, today announced that it has entered into a definitive agreement for the sale of 23andMe to Regeneron Pharmaceuticals, Inc. (“Regeneron”) (NASDAQ: REGN), a leading U.S.-based, NASDAQ-listed biotechnology company that invents, develops and commercializes life-transforming medicines for people with serious diseases. The agreement includes Regeneron’s commitment to comply with the Company’s privacy policies and applicable law, process all customer personal data in accordance with the consents, privacy policies and statements, terms of service, and notices currently in effect and have security controls in place designed to protect such data.
[…]
Under the terms of the agreement, Regeneron will acquire substantially all of the assets of the Company, including the Personal Genome Service (PGS), Total Health and Research Services business lines, for a purchase price of $256 million. The agreement does not include the purchase of the Company’s Lemonaid Health subsidiary, which the Company plans to wind down in an orderly manner, subject to and in accordance with the agreement.
Fans reading through the romance novel Darkhollow Academy: Year 2 got a nasty surprise last week in chapter 3. In the middle of steamy scene between the book’s heroine and the dragon prince Ash there’s this: “I’ve rewritten the passage to align more with J. Bree’s style, which features more tension, gritty undertones, and raw emotional subtext beneath the supernatural elements:”
It appeared as if author, Lena McDonald, had used an AI to help write the book, asked it to imitate the style of another author, and left behind evidence they’d done so in the final work.
Boeing and the Department of Justice have reached an “agreement in principle” that will keep the airplane manufacturer from facing criminal charges for allegedly misleading regulators about safety features on its 737 Max plane before two separate crashes that killed 346 people. The tentative deal, according to a court filing, will see Boeing pay out $1.1 billion in penalties and safety investments, as well as set aside an additional $444 million for the families of victims involved in the crashes.
Boeing’s payments will include $487.2 million paid as a criminal monetary penalty and $455 million to “strengthen the Company’s compliance, safety, and quality programs.” The company will also promise to “improve the effectiveness of its anti-fraud compliance and ethics program” to hopefully avoid the whole allegedly lying to the government thing. The DOJ is also requiring Boeing’s Board of Directors to meet with the families of victims to “hear directly from them about the impact of the Company’s conduct, as well as the Company’s compliance, safety, and quality programs.”
While the settlement will result in more money being made available to the surviving families of the victims, the resolution is not what some of the relatives were looking for. Paul Cassell, an attorney for some of the families, issued a statement earlier this week when word of the agreement started circulating: “Although the DOJ proposed a fine and financial restitution to the victims’ families, the families that I represent contend that it is more important for Boeing to be held accountable to the flying public.”
The families have objected to the potential of a plea deal for some time. When the DOJ first worked toward finalizing an agreement last year, Cassell said Boeing was getting “sweetheart” treatment. Mark Lindquist, another lawyer who represents victim families, said at the time that the deal “fails to acknowledge that the charged crime of Conspiracy to Defraud caused the death of 346 people. This is a sore spot for victim families who want accountability and acknowledgment.”
[…]
The case against Boeing stemmed from the company’s alleged attempts to conceal potential safety concerns with its 737 Max aircraft during the Federal Aviation Administration’s certification process. The company is accused of failing to disclose that its software system could turn the plane’s nose down without pilot input based on sensor data. Faulty readings from that sensor caused two separate flights to go nose down, and pilots were unable to override it and gain control, ultimately resulting in the planes crashing.
New Orleans’ police force secretly used constant facial recognition to seek out suspects for two years. An investigation by The Washington Post discovered that the city’s police department was using facial recognition technology on a privately owned camera network to continually look for suspects. This application seems to violate a city ordinance passed in 2022 that required facial recognition only be used by the NOLA police to search for specific suspects of violent crimes and then to provide details about the scans’ use to the city council. However, WaPo found that officers did not reveal their reliance on the technology in the paperwork for several arrests where facial recognition was used, and none of those cases were included in mandatory city council reports.
“This is the facial recognition technology nightmare scenario that we have been worried about,” said Nathan Freed Wessler, an ACLU deputy director. “This is the government giving itself the power to track anyone — for that matter, everyone — as we go about our lives walking around in public.” Wessler added that the is the first known case in a major US city where police used AI-powered automated facial recognition to identify people in live camera feeds for the purpose of making immediate arrests.
Police use and misuse of surveillance technology has been thoroughly documented over the years. Although several US citiesandstates have placed restrictions on how law enforcement can use facial recognition, those limits won’t do anything to protect privacy if they’re routinely ignored by officers.
Read the full story on the New Orleans PD’s surveillance program at The Washington Post.
Researchers have identified a type of chemical compound that, when applied to insecticide-treated bed nets, appears to kill the malaria-causing parasite in mosquitoes.
Published in the journal Nature, the multi-site collaborative study represents a breakthrough for a disease that continues to claim more than half a million lives worldwide every year.
[…]
ELQ drugs refer to a class of experimental antimalarial drugs known as endochin-like quinolones.
“It was a very clever and novel idea by Dr. Catteruccia and her colleagues to incorporate anti-malarial drugs into bed nets and then to see if the mosquitoes would land on the nets and take up the drug,” Riscoe said. “The idea is the drug kills the parasites that cause malaria instead of the mosquitoes, and our data shows this works.”
Risco said further research is necessary to determine whether the best strategy in the field is to incorporate the antimalarial ELQs together with insecticides in the fibers that are woven into bed nets or simply to use them alone to blunt disease transmission.
[…]
“Insecticide resistance is now extremely common in the mosquitoes that transmit malaria, which jeopardizes many of our most effective control tools,” said Alexandra Probst, M.Pharm, lead author of the study and a Ph.D. candidate in Catteruccia’s lab at Harvard.
“By targeting malaria-causing parasites directly in the mosquito, rather than the mosquito itself, we can circumvent this challenge and continue to reduce the spread of malaria.”
[…]
More information: Alexandra S. Probst et al, In vivo screen of Plasmodium targets for mosquito-based malaria control, Nature (2025). DOI: 10.1038/s41586-025-09039-2
If you use the internet, you’ve probably had at least some personal information go missing. It’s just the nature of the web. But this latest discovery, as reported by Wired, is something different.
Security researcher Jeremiah Fowler found a public online database housing over 180 million records (184,162,718 to be exact) which amounted to more than 47GB of data. There were no indications about who owned the data or who placed it there, which Fowler says is atypical for these types of online databases. Fowler saw emails, usernames, passwords, and URLs linking to the sites where those credentials belonged. These accounts included major platforms like Microsoft, Facebook, Instagram, Snapchat, Roblox, Apple, Discord, Nintendo, Spotify, Twitter, WordPress, Yahoo, and Amazon, as well as bank and financial accounts, health companies, and government accounts from at least 29 countries. That includes the U.S., Australia, Canada, China, India, Israel, New Zealand, Saudi Arabia, and the UK.
Fowler sent a responsible disclosure notice to the hosting provider of the database, World Host Group. Fowler was able to detect signs that the credentials here were stolen with infostealer malware, which bad actors use to harvest sensitive information from a variety of platforms—think web browsers, email services, and chat apps.
Following Fowler’s notice, World Host Group restricted the database from public access. The provider told Wired that the database was operated by a customer, a “fraudulent user” who uploaded illegal information to the server.
In order to ensure these credentials were real, and not just a bunch of bogus data, Fowler actually contacted some of the email addresses he found in the database. He got some bites, and those users were able to confirm the records that he found associated with their emails.
A “significant amount of personal data” belonging to legal aid applicants dating back to 2010 in the UK was stolen by cybercriminals, the Ministry of Justice (MoJ) confirmed today.
The announcement follows the initial news from May 6 of an attack on the UK’s Legal Aid Agency (LAA), an MoJ-sponsored organization that allows legal aid workers to record their hours and bill the the government accordingly. The aid is means tested, granted to people on low incomes and with limited savings.
The attack itself was detected on April 23 but investigators found on May 16 that the damage was “more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants.”
Affected data goes back to 2010 and could include applicants’ contact details, home addresses, dates of birth, national ID numbers, criminal histories, employment statuses, and financial data such as contribution amounts, debts, and payments.
[…]
The MoJ didn’t specify the number of people believed to be affected, but publicly available data [PDF] shows the number of legal aid claims made in the last reporting year – April 2023 to March 2024 – stood at 388,888, of which 96 percent were granted. This also represented a 7 percent increase in applications compared to the previous reporting year.
It should also be noted that each application may involve more than one individual.
The PA news agency reported that 2.1 million data points were stolen, although the MoJ has not officially corroborated this.
Other data published by the MoJ shows that over £2 billion ($2.7 billion) was spent on legal aid between April 2023 and March 2024.
All members of the public who applied for legal aid between 2010 and 2025 were advised to be extra vigilant about suspicious activity such as unknown calls and messages, and advised to change their passwords.
Max Vetter, VP of cyber at Immersive, who also spent years at the Metropolitan Police and taught at the GCHQ summer school, said that due to its sensitivity, the data could be used to extort not only the LAA but also the affected individuals.
If there’s one thing the Federal Bureau of Investigation does well, it’s mass surveillance. Several years ago, then attorney general William Barr established an internal office to curb the FBI’s abuse of one controversial surveillance law. But recently, the FBI’s long-time hater (and, ironically, current director) Kash Patel shut down the watchdog group with no explanation.
On Tuesday, the New York Times reported that Patel suddenly closed the Office of Internal Auditing that Barr created in 2020. The office’s leader, Cindy Hall, abruptly retired. People familiar with the matter told the outlet that the closure of the aforementioned watchdog group alongside the Office of Integrity and Compliance are part of internal reorganization. Sources also reportedly said that Hall was trying to expand the office’s work, but her attempts to onboard new employees were stopped by the Trump administration’s hiring freezes.
The Office of Internal Auditing was a response to controversy surrounding the FBI’s use of Section 702 of the Foreign Intelligence Surveillance Act. The 2008 law primarily addresses surveillance of non-Americans abroad. However, Jeramie Scott, senior counselor at the Electronic Privacy Information Center, told Gizmodo via email that the FBI “has repeatedly abused its ability to search Americans’ communications ‘incidentally’ collected under Section 702” to conduct warrantless spying.
Patel has not released any official comment regarding his decision to close the office. But Elizabeth Goitein, senior director at the Brennan Center for Justice, told Gizmodo via email, “It is hard to square this move with Mr. Patel’s own stated concerns about the FBI’s use of Section 702.”
Last year, Congress reauthorized Section 702 despite mounting concerns over its misuses. Although Congress introduced some reforms, the updated legislation actually expanded the government’s surveillance capabilities. At the time, Patel slammed the law’s passage, stating that former FBI director Christopher Wray, who Patel once tried to sue, “was caught last year illegally using 702 collection methods against Americans 274,000 times.” (Per the New York Times, Patel is likely referencing a declassified 2023 opinion by the FISA court that used the Office of Internal Auditing’s findings to determine the FBI made 278,000 bad queries over several years.)
According to Goitein, the office has “played a key role in exposing FBI abuses of Section 702, including warrantless searches for the communication of members of Congress, judges, and protesters.” And ironically, Patel inadvertently drove its creation after attacking the FBI’s FISA applications to wiretap a former Trump campaign advisor in 2018 while investigating potential Russian election interference. Trump and his supporters used Patel’s attacks to push their own narrative dismissing any concerns. Last year, former representative Devin Nunes, who is now CEO of Truth Social, said Patel was “instrumental” to uncovering the “hoax and finding evidence of government malfeasance.”
Although Patel mostly peddled conspiracies, the Justice Department conducted a probe into the FBI’s investigation that raised concerns over “basic and fundamental errors” it committed. In response, Barr created the Office of Internal Auditing, stating, “What happened to the Trump presidential campaign and his subsequent Administration after the President was duly elected by the American people must never happen again.”
But since taking office, Patel has changed his tune about FISA. During his confirmation hearing, Patel referred to Section 702 as a “critical tool” and said, “I’m proud of the reforms that have been implemented and I’m proud to work with Congress moving forward to implement more.” However, reforms don’t mean much by themselves. As Goitein noted, “Without a separate office dedicated to surveillance compliance, [the FBI’s] abuses could go unreported and unchecked.”
Marks & Spencer says the disruption related to its ongoing cyberattack is likely to knock around £300 million ($402 million) off its operating profits for the next financial year (2025/26).
The beleaguered high street retailer made the admission in its fiscal 2025 profit and loss accounts for the year ended March 29, published on Wednesday, following reports that it could be gearing up to make a maximum claim on its cyber insurance policy to the tune of £100 million ($134 million).
The £300 million figure will be reduced through cost mitigations, insurance, and trading actions, M&S said, and it’s expected that the total costs related to the attack itself and technical recovery will be communicated at a later date as an adjustment item.
[…]
Various divisions suffered an overall decline in operating profits. M&S said that early on into the attack, which has been ongoing for about a month now, that some franchise stores, such as those inside train stations, were experiencing shortages of certain foods, such as “meal deal” sandwiches.
This reduced availability has affected food sales, and M&S also incurred additional waste and logistics costs owing to the shift toward manual processes.
After briefly managing to keep online and app sales running post-breach, these were eventually taken offline along with other systems, and the company said online sales and trading profit was “heavily impacted” as a result.
Online sales in its fashion, home, and beauty divisions remain unavailable and are not expected to return until July, M&S revealed today.
[…]
After posting its results this morning, M&S’s share price was down 3 percent at the time of writing, and about 12 percent down since the start of the attack, representing a more than £1 billion ($1.3 billion) loss to its market valuation.
However, there are green shoots for the retailer, whose pre-tax and pre-adjusted profits were up 22.2 percent on the previous year at £875.5 million ($1.17 billion), which is the company’s best performance in more than 15 years.
Overall, sales also grew 6.1 percent to £13.9 billion ($18.6 billion), and M&S reaffirmed its commitment to reduce its costs by £500 million ($670 million) in time for the 2027/28 financial year.
[…]
M&S disclosed the attack on April 22, and responsibility was soon ascribed to the English-speaking group known as Scattered Spider, who reportedly used DragonForce ransomware to infect the retailer’s systems.
Nothing is officially confirmed on this front, although DragonForce took credit for the attack when speaking to the BBC.
DragonForce said it was also involved in the attacks on Co-op and Harrods, but none of the companies have yet appeared on its leak site, which is unexpected for intrusions that took place nearly a month ago.
M&S confirmed last week that those responsible stole customer data including names, dates of birth, telephone numbers, home addresses, household information, email addresses, and online order histories.
It told the London Stock Exchange that the data did not include full payment card numbers or account credentials
Broadcom has upped VMware licensing costs by between eight to 15 times since it took over the organization, and a lack of alternatives in the tech industry means trade and end customers have no choice but to play ball.
This is the according to the European Cloud Competition Observatory (ECCO), an independent body formed by customer organizations, and CISPE – a trade association of 37 cloud providers in the region – to monitor the behavior of software vendors accused of abusing their monopoly position.
The latest report issued today by ECCO on Broadcom-owned VMware says most CISPE members were forced to renew licensing agreements.
“However, these agreements were often signed under significant pressure, influenced by a lack alternatives, abrupt contract terminations, and financial incentives such as rebates for longer-term commitments,” it claims.
Despite putting pen to paper, “these customers continue to face substantial financial burdens and operational disadvantages due to the imposed terms” of the Broadcom’s revamped licensing framework for VMware.
The chips ‘n’ software giant killed the perpetual licenses and monthly “pay-as-you-go” pricing models on VMware products, and rationalized the portfolio into a few large bundles that are only available on subscription with a three-year minimum commitment.
ECCO likens this to an electricity provider deciding to charge you based on the assumption you run your heating full-blast 24×7 rather than on actual usage, and insisting you pay up front a year or more in advance.
Broadcom, ECCO says, “unilaterally and without sufficient notice” terminated existing licensing agreements, some of which had been in place for over 10 years, in order to compel customers holding them to accept the new terms.
This latest report highlights that recent actions by Broadcom have, in ECCO’s words, “worsened the situation for European cloud infrastructure providers, their customers, both private and public sector, which depend on VMware virtualization software.”
Melissa Riofrio/IDG
