Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently—are under active exploitation in widespread attacks targeting a swath of the Internet, researchers say.

The zero-day went undiscovered until March , when security firm Trend Micro said it had been under active exploitation since 2017, by as many as 11 separate advanced persistent threats (APTs). These APT groups, often with ties to nation-states, relentlessly attack specific individuals or groups of interest. Trend Micro went on to say that the groups were exploiting the vulnerability, then tracked as ZDI-CAN-25373, to install various known post-exploitation payloads on infrastructure located in nearly 60 countries, with the US, Canada, Russia, and Korea being the most common.

A large-scale, coordinated operation

Seven months later, Microsoft still hasn’t patched the vulnerability, which stems from a bug in the Windows Shortcut binary format. The Windows component makes opening apps or accessing files easier and faster by allowing a single binary file to invoke them without having to navigate to their locations. In recent months, the ZDI-CAN-25373 tracking designation has been changed to CVE-2025-9491.

Read full article

Comments

The Federal Communications Commission will vote in November to repeal a ruling that requires telecom providers to secure their networks, acting on a request from the biggest lobby groups representing Internet providers.

FCC Chairman Brendan Carr said the ruling, adopted in January just before Republicans gained majority control of the commission, “exceeded the agency’s authority and did not present an effective or agile response to the relevant cybersecurity threats.” Carr said the vote scheduled for November 20 comes after “extensive FCC engagement with carriers” who have taken “substantial steps… to strengthen their cybersecurity defenses.”

The FCC’s January 2025 declaratory ruling came in response to attacks by China, including the Salt Typhoon infiltration of major telecom providers such as Verizon and AT&T. The Biden-era FCC found that the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law, “affirmatively requires telecommunications carriers to secure their networks from unlawful access or interception of communications.”

Read full article

Comments

A measles investigation amid a large, ongoing outbreak at the Arizona-Utah border has hit a roadblock as the first probable case identified in the Salt Lake City area refuses to work with health officials, the local health department reported this week.

There have been over 150 cases collectively across the two states, mostly in northwestern Mohave County, Arizona , and the southwest health district of Utah , in the past two months. Both areas have abysmally low vaccination rates: In Mohave County, only 78.4 percent of kindergartners in the 2024–2025 school year were vaccinated against measles, according to state records. In the southwest district of Utah, only 80.7 percent of kindergartners in the 2024–2025 school year had records of measles vaccination. Public health experts say vaccination coverage of 95 percent is necessary to keep the disease from spreading in a community.

While the outbreak has largely exploded along the border, cases are also creeping to the north, toward Salt Lake County, which encompasses the city. Utah County, which sits just south of Salt Lake County, has identified eight cases, including a new case reported today .

Read full article

Comments

The road to the second flight of Blue Origin’s heavy-lifting New Glenn rocket got a lot clearer Thursday night with a success test-firing of the launcher’s seven main engines on a launch pad at Cape Canaveral Space Force Station, Florida.

Standing on a seaside launch pad, the New Glenn rocket ignited its seven BE-4 main engines at 9:59 pm EDT Thursday (01:59 UTC Friday). The engines burned for 38 seconds while the rocket remained firmly on the ground, according to a social media post by Blue Origin.

The hold-down firing of the first stage engines was the final major test of the New Glenn rocket before launch day. Blue Origin previously test-fired the rocket’s second-stage engines. Officials have not announced a target launch date, but sources tell Ars the rocket could be ready for liftoff as soon as November 9.

Read full article

Comments

2017 feels like another era these days, but if you cast your mind back that far, you might remember Tesla CEO Elon Musk’s vaporware Roadster 2.0. Full of nonsensical-sounding features that impressed people who know a little bit about rockets but nothing about cars, the $200,000 electric car promised to have a suction fan and “cold gas thrusters,” plus 620 miles (1,000 km) of range and a whole load of other stuff that’s never happening.

Plenty of other electric automakers have introduced electric hypercars in the eight years since Musk declared the second Roadster a thing, with no sign of it being any closer to reality, if the latest job postings are accurate . And it seems that over time, a lot of the people who gave the company a hefty deposit—some say interest-free loan—have become tired of waiting and want their money back.

And that’s not quite so easy, it turns out. Musk’s current Silicon Valley rival is the latest to discover this. According to Sam Altman’s social media account, he placed an order for a Roadster on July 11, 2018, with a deposit of $45,000 ($58,206 in today’s money). But after emailing Tesla for a refund, he discovered the email address associated with preorders had been deleted.

Read full article

Comments

AT&T yesterday sued the advertising industry’s official watchdog over the group’s demand that AT&T stop using its rulings for advertising and promotional purposes.

As previously reported , BBB National Programs’ National Advertising Division (NAD) found that AT&T violated a rule “by issuing a video advertisement and press release that use the NAD process and its findings for promotional purposes,” and sent a cease-and-desist letter to the carrier. The NAD operates the US advertising industry’s system of self-regulation, which is designed to handle complaints that advertisers file against each other and minimize government regulation of false and misleading claims.

While it’s clear that both AT&T and T-Mobile have a history of misleading ad campaigns, AT&T portrays itself as a paragon of honesty in new ads calling T-Mobile “the master of breaking promises.” An AT&T press release about the ad campaign said the NAD “asked T-Mobile to correct their marketing claims 16 times over the last four years,” and an AT&T commercial said T-Mobile has faced more challenges for deceptive ads from competitors than all other telecom providers in that time.

Read full article

Comments

When Hyundai’s E-GMP platform for electric vehicles arrived on the market, it cemented the Korean automaker’s place as one of the leaders of its industry. And in the absence of an influx of Chinese EVs, the Ioniq range of cars, crossovers, and SUVs is about as leading-edge as you’ll find in showrooms right now, particularly mainstream brands.

The first of the E-GMP cars was the Ioniq 5, which looks like a 1980’s hatch scaled up to the midsize crossover segment. Now made in the US, it has been a firm hit—and at the beginning of the month just got a hefty price cut , to boot. A midsized sedan followed, but these are a less common sight here given American car-buying tastes. Those tastes shaped the Ioniq 9, though.

The underlying technology might hail from Hyundai’s Namyang R&D center in South Korea, but the Ioniq 9 is the result of that technology expressed through the tastes of suburban America. Not so much the exterior styling, though. The hood is too low, the corners are more rounded, and it’s generally a less-threatening shape than the average domestic three-row SUV.

Read full article

Comments

As artificial intelligence drives the need for vastly more computing storage and processing power, interest in space-based data centers has spiked.

Although several startup companies, such as Starcloud, have begun to address this problem, the idea has also attracted the interest of tech barons. In May, it emerged that former Google chief executive Eric Schmidt acquired Relativity Space due to his interest in space-based data centers. Then, earlier this month, Amazon founder Jeff Bezos predicted that gigawatt-scale data centers will be built in space within the next 10 to 20 years.

Now, Elon Musk, whose SpaceX owns and operates significantly more space-based infrastructure than any other company or country in the world, has also expressed interest in the technology.

Read full article

Comments

One reason to use the Task Manager in Windows is to see if any of the apps running on your computer are misbehaving or using a disproportionate amount of resources. But what do you do when the misbehaving app is the Task Manager itself?

After a recent Windows update, some users (including Windows Latest ) noticed that closing the Task Manager window was actually failing to close the app, leaving the executable running in memory. More worryingly, each time you open the Task Manager, it spawns a new process on top of the old one, which you can repeat essentially infinitely (or until your PC buckles under the pressure).

Each instance of Task Manager takes up around 20MB of system RAM and hovers between 0 and 2 percent CPU usage—if you have just a handful of instances open, it’s unlikely that you’d notice much of a performance impact. But if you use Task Manager frequently or just go a long time between reboots, opening up two or three dozen copies of the process that are all intermittently using a fraction of your CPU can add up, leading to a potentially significant impact on performance and battery life.

Read full article

Comments