A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups. The attacks backdoor computers that open malicious archives attached to phishing messages, some of which are personalized.

Security firm ESET said Monday that it first detected the attacks on July 18, when its telemetry spotted a file in an unusual directory path. By July 24, ESET determined that the behavior was linked to the exploitation of an unknown vulnerability in WinRAR, a utility for compressing files and has an installed base of about 500 million. ESET notified WinRAR developers the same day, and a fix was released six days later.

Serious effort and resources

The vulnerability seemed to have super Windows powers. It abused alternate data streams , a Windows feature that allows different ways of representing the same file path. The exploit abused that feature to trigger a previously unknown path traversal flaw that caused WinRAR to plant malicious executables in attacker-chosen files paths %TEMP% and %LOCALAPPDATA%, which Windows normally makes off-limits because of their ability to execute code.

Read full article

Comments

It's been less than a week since the launch of OpenAI's new GPT-5 AI model, and the rollout hasn't been a smooth one. So far, the release sparked one of the most intense user revolts in ChatGPT's history, forcing CEO Sam Altman to make an unusual public apology and reverse key decisions.

At the heart of the controversy has been OpenAI's decision to automatically remove access to all previous AI models in ChatGPT ( approximately nine , depending on how you count them) when GPT-5 rolled out to user accounts. Unlike API users who receive advance notice of model deprecations, consumer ChatGPT users had no warning that their preferred models would disappear overnight, noted independent AI researcher Simon Willison in a blog post.

The problems started immediately after GPT-5's August 7 debut. A Reddit thread titled "GPT-5 is horrible" quickly amassed over 4,000 comments filled with users expressing frustration over the new release. By August 8, social media platforms were flooded with complaints about performance issues, personality changes, and the forced removal of older models.

Read full article

Comments

Boar's Head plans to reopen the Jarratt, Virginia, facility at the center of a deadly Listeria outbreak last year despite federal inspections continuing to find sanitation violations at three of the company's other facilities, according to federal records obtained by the Associated Press .

The AP obtained 35 pages of inspection reports via a Freedom of Information Act Request. Those reports cover inspections between January 1 and July 23 at three other Boar's Head facilities: Forrest City, Arkansas; New Castle, Indiana; and Petersburg, Virginia. Overall, the reports reveal a suite of violations, including mold, condensation dripping over food areas, overflowing trash, meat and fat residue built up on walls and equipment, drains blocked with meat scraps, and pooling meat juice. The reports also recorded staff who didn't wear the proper protective hairnets and aprons—and didn't wash their hands.

In one violation, reported in the Petersburg facility, inspectors found meat waste collecting under equipment, including "5-6 hams, 4 large pieces of meat and a large quantity of pooling meat juice."

Read full article

Comments

After 34 years of connecting Americans to the Internet through phone lines, AOL recently announced it is shutting down its dial-up modem service on September 30, 2025. The announcement marks the end of a technology that served as the primary gateway to the World Wide Web for millions of users throughout the 1990s and early 2000s.

AOL confirmed the shutdown date in a help message to customers: "AOL routinely evaluates its products and services and has decided to discontinue Dial-up Internet. This service will no longer be available in AOL plans."

AOL's dial-up service launched as "America Online" in 1991, when the Internet consisted primarily of text-based content, although its dial-up roots extend back to a service launched in 1985 called Quantum Link for Commodore computers. For the next few years, as the World Wide Web emerged, websites were measured in kilobytes, images were small and compressed, and video was essentially impossible. The service grew alongside the web itself, peaking at over 20 million subscribers in the early 2000s before broadband adoption accelerated its decline.

Read full article

Comments

Reddit is now blocking the Internet Archive (IA) from indexing popular Reddit threads after allegedly catching sneaky AI firms—restricted from scraping Reddit—instead simply scraping data from IA's archived content.

Where before IA's Wayback Machine dependably archived Reddit pages, profiles, and comments—as part of its mission to archive the Internet—moving forward, only screenshots of the Reddit homepage will be archived. As The Verge noted , this means the archive will only be useful as a snapshot of popular posts and news headlines each day, rather than providing a backup documenting deleted posts or a window into various Reddit subcultures or any given user's activity.

Reddit has not confirmed which AI firms were scraping its data from the Wayback Machine. The company's spokesperson, Tim Rathschmidt, would only confirm to Ars that Reddit has become "aware of instances where AI companies violate platform policies, including ours, and scrape data from the Wayback Machine."

Read full article

Comments

Microsoft has owned GitHub since 2018, but the widely used developer platform has operated with at least a little independence from the rest of the company, with its own separate CEO and other executives. But it looks like GitHub will be more fully folded into Microsoft's org chart starting next year—GitHub CEO Thomas Dohmke announced today that he would be leaving GitHub and Microsoft "to become a founder again."

"GitHub and its leadership team will continue its mission as part of Microsoft’s CoreAI organization, with more details shared soon," Dohmke wrote. "I’ll be staying through the end of 2025 to help guide the transition and am leaving with a deep sense of pride in everything we’ve built as a remote-first organization spread around the world."

Axios reports that Microsoft isn't directly replacing Dohmke, and GitHub's leadership team will be reporting to multiple executives in the CoreAI division.

Read full article

Comments

Wikipedia's parent organization lost a challenge to the UK Online Safety Act but can bring another case if the government tries to force it to verify the identity of Wikipedia users.

The High Court of Justice in London dismissed claims from the Wikimedia Foundation, which challenged the lawfulness of the categorization system used to determine which sites must comply with obligations. But Justice Jeremy Johnson stressed "that this does not give Ofcom and the Secretary of State a green light to implement a regime that would significantly impede Wikipedia's operations."

The Online Safety Act has forced social media sites like Reddit to verify UK users' ages before letting them view adult content. The Wikimedia Foundation is worried that it will be classified as a "Category 1" operator later this summer and criticized the categorization regulations as "especially broad and vague."

Read full article

Comments

Early Monday morning, a Falcon 9 rocket lifted off from its original launch site in Florida. Remarkably, it was SpaceX's 100th launch of the year.

Perhaps even more notable was the rocket's payload: two-dozen Project Kuiper satellites, which were dispensed into low-Earth orbit on target. This was SpaceX's second launch of satellites for Amazon, which is developing a constellation to deliver low-latency broadband Internet around the world. SpaceX, then, just launched a direct competitor to its Starlink network into orbit. And it was for the founder of Amazon, Jeff Bezos, who owns a rocket company of his own in Blue Origin.

So how did it come to this—Bezos and Elon Musk, competitors in so many ways, working together in space?

Read full article

Comments

In recent months, the AI industry has started moving toward so-called simulated reasoning models that use a "chain of thought" process to work through tricky problems in multiple logical steps. At the same time, recent research has cast doubt on whether those models have even a basic understanding of general logical concepts or an accurate grasp of their own "thought process." Similar research shows that these "reasoning" models can often produce incoherent, logically unsound answers when questions include irrelevant clauses or deviate even slightly from common templates found in their training data.

In a recent pre-print paper , researchers from the University of Arizona summarize this existing work as "suggest[ing] that LLMs are not principled reasoners but rather sophisticated simulators of reasoning-like text." To pull on that thread, the researchers created a carefully controlled LLM environment in an attempt to measure just how well chain-of-thought reasoning works when presented with "out of domain" logical problems that don't match the specific logical patterns found in their training data.

The results suggest that the seemingly large performance leaps made by chain-of-thought models are "largely a brittle mirage" that "become[s] fragile and prone to failure even under moderate distribution shifts," the researchers write. "Rather than demonstrating a true understanding of text, CoT reasoning under task transformations appears to reflect a replication of patterns learned during training."

Read full article

Comments