It will be the first medical evacuation from the International space station in its 25-year history. The Guardian reports: An astronaut in the orbital laboratory reportedly fell ill with a "serious" but undisclosed issue. Nasa also had to cancel its first spacewalk of the year... The agency did not identify the astronaut or the medical problem, citing patient privacy. "Because the astronaut is absolutely stable, this is not an emergent evacuation," [chief health and medical officer Dr. James] Polk said. "We're not immediately disembarking and getting the astronaut down, but it leaves that lingering risk and lingering question as to what that diagnosis is, and that means there is some lingering risk for that astronaut onboard."
"SpaceX says it's Dragon spacecraft at the International Space Station is ready to return its four Crew-11 astronauts home in an unprecedented medical evacuation on Jan. 14 and 15," reports Space.com: The SpaceX statement came on the heels of NASA's announcement that the Crew-11 astronauts were scheduled to undock from the space station on Jan. 14 and splashdown off the coast of California early on Jan. 15. The Crew-11 Dragon spacecraft will return NASA astronauts Zena Cardman and Mike Fincke to Earth alongside Japanese astronaut Kimiya Yui and Russian cosmonaut Oleg Platanov... NASA officials opted for a "controlled medical evacuation" in order to provide the astronaut better treatment on the ground, NASA chief Jared Isaacman has said...

Dr. James Polk, NASA's chief medical officer, has said the medical issue is not an injury to the astronaut afflicted, but rather something related to the prolonged exposure to weighlessness by astronauts living and working on the International Space Station. "It's mostly having a medical issue in the difficult areas of microgravity and the suite of hardware that we operate in," Polk said.

Longtime Slashdot reader chicksdaddy writes: CES, the Consumer Electronics Show, isn't just about shiny new gadgets. As AP reports, this year brought back the fifth annual Worst in Show anti-awards, calling out the most harmful, wasteful, invasive, and unfixable tech at the Las Vegas show. The coalition behind the awards -- including Repair.org, iFixit, EFF, PIRG, Secure Repairs, and others -- put the spotlight on products that miss the point of innovation and make life worse for users.

2026 Worst in Show winners include:

Overall (and Repairability): Samsung's AI-packed Family Hub Fridge -- over-engineered, hard to fix, and trying to do everything but keep food cold.
Privacy: Amazon Ring AI -- expanding surveillance with features like facial recognition and mobile towers.
Security: Merach UltraTread treadmill -- an AI fitness coach that also hoovers up sensitive data with weak security guarantees, including a privacy policy that declares the company "cannot guarantee the security of your personal information" (!!).
Environmental Impact: Lollipop Star -- a single-use, music-playing electronic lollipop that epitomizes needless e-waste.
Enshittification: Bosch eBike Flow App -- pushing lock-in and digital restrictions that make gear worse over time.
"Who Asked For This?": Bosch Personal AI Barista -- a voice-assistant coffee maker that nobody really wanted.
People's Choice: Lepro Ami AI Companion -- an overhyped "soulmate" cam that creeps more than it comforts.

The message? Not all tech is progress. Some products add needless complexity, threaten privacy, or throw sustainability out the window -- and the industry's watchdogs are calling them out.

An anonymous reader quotes a report from Wired: Google is putting even more generative AI tools into Gmail as part of its goal to further personalize user inboxes and streamline searches. On Thursday, the company announced a new "AI Inbox" tab, currently in a beta testing phase, that reads every message in a user's Gmail and suggests a list of to-dos and key topics, based on what it summarizes. In Google's example of what this AI Inbox could look like in Gmail, the new tab takes context from a user's messages and suggests they reschedule their dentist appointment, reply to a request from their child's sports coach, and pay an upcoming fee before the deadline. Also under the AI Inbox tab is a list of important topics worth browsing, nestled beneath the action items at the top. Each suggested to-do and topic links back to the original email for more context and for verification.

[...] For users who are concerned about their privacy, the information Google gleans by skimming through inboxes will not be used to improve the company's foundational AI models. "We didn't just bolt AI onto Gmail," says Blake Barnes, who leads the project for Google. "We built a secure privacy architecture, specifically for this moment." He emphasizes that users can turn off Gmail's new AI tools if they don't want them. At the same time Google announced its AI Inbox, the company made free for all Gmail users multiple Gemini features that were previously available only to paying subscribers. This includes the Help Me Write tool, which generates emails from a user prompt, as well as AI Overviews for email threads, which essentially posts a TL;DR summary at the top of long message threads. Subscribers to Google's Ultra and Pro plans, which start at $20 a month, get two additional new features in their Gmail inbox. First, an AI proofreading tool that suggests more polished grammar and sentence structures. And second, an AI Overviews tool that can search your whole inbox and create relevant summaries on a topic, rather than just summarizing a single email thread.

Samsung Electronics has once again sidelined Ballie, a long-anticipated robot that was first announced six years ago but never released. Bloomberg News: The device -- designed to roll and roam throughout the home -- is completely absent from this week's CES, the biggest electronics trade show. And though Samsung said last year that Ballie was nearly ready for a retail release, the product is now unlikely to resurface soon.

In an emailed statement, Samsung referred to Ballie as an "active innovation platform" within the company, rather than a forthcoming consumer device. "After multiple years of real-world testing, it continues to inform how Samsung designs spatially aware, context-driven experiences, particularly in areas like smart home intelligence, ambient AI and privacy-by-design," a Samsung spokesperson said in the statement.

Razer today unveiled Project Motoko, a concept pair of over-ear headphones equipped with dual cameras that the gaming peripherals company believes could serve as an alternative to the smart glasses that have proliferated across the wearable AI market. The headphones feature two 4K cameras positioned on the earcups along with near and far field microphones, all powered by a Qualcomm Snapdragon chip. Users can point the cameras at objects and ask questions to AI assistants including those from OpenAI, Anthropic, xAI and Microsoft.

Basic queries run locally on the device while more complex requests require a phone or PC connection. Razer's pitch centers on battery life: the wireless headset has achieved up to 36 hours on a charge during testing, according to the company, compared to the eight hours rated for Meta's second-generation Ray-Ban AI glasses. The company also argues that over-ear headphones offer more privacy since audio responses aren't audible to bystanders.

The concept remains unfinished, Bloomberg News cautioned. During a product demonstration, the headset's dual cameras failed occasionally to recognize objects even in a moderately lit room. Razer has not committed to final pricing but indicated the headphones would command a "slight premium" over other high-end headphones and would be available later this year. The company's most expensive current headset costs $400.

An anonymous reader quotes a report from Ars Technica: Californians are getting a new, supercharged way to stop data brokers from hoarding and selling their personal information, as a recently enacted law that's among the strictest in the nation took effect at the beginning of the year. [...] Two years ago, California's Delete Act took effect. It required data brokers to provide residents with a means to obtain a copy of all data pertaining to them and to demand that such information be deleted. Unfortunately, Consumer Watchdog found that only 1 percent of Californians exercised these rights in the first 12 months after the law went into effect. A chief reason: Residents were required to file a separate demand with each broker. With hundreds of companies selling data, the burden was too onerous for most residents to take on.

On January 1, a new law known as DROP (Delete Request and Opt-out Platform) took effect. DROP allows California residents to register a single demand for their data to be deleted and no longer collected in the future. CalPrivacy then forwards it to all brokers. Starting in August, brokers will have 45 days after receiving the notice to report the status of each deletion request. If any of the brokers' records match the information in the demand, all associated data -- including inferences -- must be deleted unless legal exemptions such as information provided during one-to-one interactions between the individual and the broker apply. To use DROP, individuals must first prove they're a California resident.

While California's residents have had the right to demand companies stop collecting/selling their data since 2020, doing so used to require a laborious opting out with each individual company," reports TechCrunch. But now Californians can make "a single request that more than 500 registered data brokers delete their information" — using the Delete Requests and Opt-Out Platform (or DROP): Once DROP users verify that they are California residents, they can submit a deletion request that will go to all current and future data brokers registered with the state...

Brokers are supposed to start processing requests in August 2026, then they have 90 days to actually process requests and report back. If they don't delete your data, you'll have the option to submit additional information that may help them locate your records. Companies will also be able to keep first-party data that they've collected from users. It's only brokers who seek to buy or sell that data — which can include your social security number, browsing history, email address, phone number, and more — who will be required to delete it...

The California Privacy Protection Agency says that in addition to giving residents more control over their data, the tool could result in fewer "unwanted texts, calls, or emails" and also decrease the "risk of identity theft, fraud, AI impersonations, or that your data is leaked or hacked."

An anonymous reader quotes a report from Cyber Press: A newly uncovered Chinese threat group, DarkSpectre, has been linked to one of the most widespread browser-extension malware operations to date, compromising more than 8.8 million users of Chrome, Edge, Firefox, and Opera over the past seven years. According to research by Koi.ai, the group operates three interconnected campaigns: ShadyPanda, GhostPoster, and a newly identified one named The Zoom Stealer, forming a single, strategically organized operation.

DarkSpectre's structure differs from that of ordinary cybercrime operations. The group runs separate but interconnected malware clusters, each with distinct goals. The ShadyPanda campaign, responsible for 5.6 million infections, focuses on long-term user surveillance and e-commerce affiliate fraud. Its extensions have appeared legitimate for years, offering new tab pages and translation utilities, before secretly downloading malicious configurations from command-and-control servers such as jt2x.com and infinitynewtab.com. Once activated, they inject remote scripts, hijack search results, and track browsing activity.

The second campaign, GhostPoster, spreads via Firefox and Opera extensions that conceal malicious payloads in PNG images via steganography. After lying dormant for several days, the extensions extract and execute JavaScript hidden within images, enabling stealthy remote code execution. This campaign has affected over one million users and relies on domains like gmzdaily.com and mitarchive.info for payload delivery.

The most recent discovery, The Zoom Stealer, exposes around 2.2 million users to corporate espionage. These extensions masquerade as productivity tools or video downloaders while secretly harvesting corporate meeting links, credentials, and speaker profiles from more than 28 video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The extensions use real-time WebSocket connections to exfiltrate data to Firebase databases, such as zoocorder.firebaseio.com, and to Google Cloud functions, such as webinarstvus.cloudfunctions.net.

Longtime Slashdot reader theodp writes: MacRumors reports that Apple plans to expand iPhone and Apple Watch driver's licenses to 7 U.S. states (CT, KY, MS, OK, UT, AR, VA). A recent convert is the State of Illinois, whose website videos demo how you can use your Apple Wallet license to display proof of identity or age the next time you get carded by a cop, bartender, or TSA agent. The new states will join 13 others who already offer driver's licenses in the Wallet app (AZ, MD, CO, GA, OH, HI, CA, IA, NM, MT, ND, WV, IL).

There's certainly been a lot of foot-dragging by the states when it comes to embracing phone-based driver's licenses -- Slashdot reported that Iowa was ready to launch a mobile driver's license in 2014; they didn't get one until nearly a decade later, in late 2023.

Even after its acquisition by Qualcomm, the EFF believes Arduino "isn't imposing any new bans on tinkering with or reverse engineering Arduino boards," (according to Mitch Stoltz, EFF director for competition and IP litigation). While Adafruit's managing editor Phillip Torrone had claimed to 36,000+ followers on LinkedIn that Arduino users were now "explicitly forbidden from reverse engineering," Arduino corrected him in a blog post, noting that clause in their Terms & Conditions was only for Arduino's Software-as-a-Service cloud applications. "Anything that was open, stays open."

And this week EE Times spoke to Guneet Bedi, SVP of Arduino, "who was unequivocal in saying that Arduino's governance structure had remained intact even after the acquisition." "As a business unit within Qualcomm, Arduino continues to make independent decisions on its product portfolio, with no direction imposed on where it should or should not go," Bedi said. "Everything that Arduino builds will remain open and openly available to developers, with design engineers, students and makers continuing to be the primary focus.... Developers who had mastered basic embedded workflows were now asking how to run large language models at the edge and work with artificial intelligence for vision and voice, with an open source mindset," he said. According to Bedi, this was where Qualcomm's technology became relevant. "Qualcomm's chipsets are high performance while also being very low power, which comes from their mobile and Android phone heritage. Despite being great technology, it is not easily accessible to design engineers because of cost and complexity. That made this a strong fit," he said.

The most visible outcome of this acquisition is Uno Q, which Bedi described as being comparable to a mid-tier Android phone in capability, starting at a price of $44. For Arduino, this marked a shift beyond microcontrollers without abandoning them. "At the end of the day, we have not gone away from our legacy," Bedi said. "You still have a real-time microcontroller, and you still write code the way Arduino developers are used to. What we added is compute, without forcing people to change how they work." Uno Q combines a Linux-based compute system with a real-time microcontroller from the STM32 family. "You do not need two different development environments or two different hardware platforms," Bedi added... Rather than introducing a customized operating system, Arduino chose standard Debian upstream. "We are not locking developers into anything," Bedi said. "It is standard Debian, completely open...." Pre-built models covering tasks like object detection and voice recognition run locally on the board....

While the first reference design uses Qualcomm silicon, Bedi was careful to stress that this does not define the roadmap. "There is zero dependency on Qualcomm silicon," he said. "The architecture is portable. Tomorrow, we can run this on something else." That distinction matters, particularly for developers wary of vendor lock-in following the acquisition. Uno Q does compete directly with platforms like Raspberry Pi and Nvidia Jetson, but Bedi framed the difference less in terms of raw performance and more in flexibility. "When you build on those platforms, you are locked to the board," he said. "Here, you can build a prototype, and if you like it, you can also get access to the chip and design your own hardware." With built-in storage removing the need for external components, Uno Q positions itself less as a faster board and more as a way to simplify what had become an increasingly messy development stack...

Looking a year ahead, Bedi believes developers should experience continuity rather than disruption. The familiar Arduino approach to embedded and real-time systems remains unchanged, while extending naturally into more compute-intensive applications... Taken together, Bedi's comments suggest that Arduino's post-acquisition direction is less about changing what Arduino is, and more about expanding what it can realistically be used for, without abandoning the simplicity that made it relevant in the first place.
"We want to redefine prototyping in the age of physical artificial intelligence," Bedi said...

The Register reports on challenges facing Europe's pursuit of "digital sovereignty": The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to provide requested data, regardless of where that data is stored globally. This places European organizations in a precarious position, as it directly clashes with Europe's own stringent privacy regulation, the General Data Protection Regulation (GDPR)... Furthermore, these warrants often come with a gag order, legally prohibiting the provider from informing their customer that their data has been accessed. This renders any contractual clauses requiring transparency or notification effectively meaningless. While technical measures like encryption are often proposed as a solution, their effectiveness depends entirely on who controls the encryption keys. If the US provider manages the keys, as is common in many standard cloud services, they can be forced to decrypt the data for authorities, making such safeguards moot....

American hyperscalers have recognized the market demand for sovereignty and now aggressively market 'sovereign cloud' solutions, typically by placing datacenters on European soil or partnering with local operators. Critics call this 'sovereignty washing'... [Cristina Caffarra, a competition economistand driving force behind the Eurostack initiative] warns that this does not resolve the fundamental problem. "A company subject to the extraterritorial laws of the United States cannot be considered sovereign for Europe," she says. "That simply doesn't work." Because, as long as the parent company is American, it remains subject to the CLOUD Act...

Even when organizations make deliberate choices in favour of European providers, those decisions can be undone by market forces. A recent acquisition in the Netherlands illustrates this risk. In November 2025, the American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider. This came as an "unpleasant surprise" to several of its government clients, including the municipality of Amsterdam and the Dutch Ministry of Justice and Security. These bodies had specifically chosen Solvinity to reduce their dependence on American firms and mitigate CLOUD Act risks.
Still, The Register provides several examples of government systems that are "taking concrete steps to regain control over their IT."

• Austria's Federal Ministry for Economy, Energy and Tourism now has 1,200 employees on the European open-source collaboration platform Nextcloud, leading several other Austrian ministries to also implement Nextcloud. (The Ministry's CISO tells the Register "We can see our input in Nextcloud releases. That is a feeling we never had with Microsoft.")

• France's Ministry of Economics and Finance recently completed NUBO (which the Register describes as "an OpenStack-based private cloud initiative designed to handle sensitive data and services.")

• In November the International Criminal Court in The Hague announced it was replacing its Microsoft office software with a European alternative.

• The German state of Schleswig-Holstein is replacing Microsoft products with open-source alternatives for 30,000 civil servants

Thanks to long-time Slashdot reader mspohr for sharing the article.

On Wednesday (Christmas Eve), the Free Software Foundation announced it had received two major contributions totaling around $900,000 USD — in the cryptocurrency Monero.

The two donations "are among some of the largest private gifts ever made to the organization," the FSF said in a statement.

"The donors wish to remain anonymous," according to the FSF's statement: The organization is in its annual winter fundraising drive, currently at three-quarters of its $400,000 USD winter goal, and will now switch its focus to a member drive thanks in part to these donations... The donation will support the organization's technical team and infrastructure capacity, as well as strengthen its campaigns, education, licensing, and advocacy initiatives, and future opportunities. The FSF is seeking donations until year-end after which they aim to gain 100 associate members through its year-end fundraising ending January 16.
The FSF's executive director said the donations prove "that software freedom is recognized more and more as a principal issue today, at the core of several other social movements people care about like privacy, ownership, and the right to repair...

"We are proudly supported by a large variety of contributors who care about digital rights. All donations matter, whether $5 or $500,000."

An anonymous reader quotes a report from TechCrunch: Across Uzbekistan, a network of about a hundred banks of high-resolution roadside cameras continuously scan vehicles' license plates and their occupants, sometimes thousands a day, looking for potential traffic violations. Cars running red lights, drivers not wearing their seatbelts, and unlicensed vehicles driving at night, to name a few. The driver of one of the most surveilled vehicles in the system was tracked over six months as he traveled between the eastern city of Chirchiq, through the capital Tashkent, and in the nearby settlement of Eshonguzar, often multiple times a week. We know this because the country's sprawling license plate-tracking surveillance system has been left exposed to the internet.

Security researcher Anurag Sen, who discovered the security lapse, found the license plate surveillance system exposed online without a password, allowing anyone access to the data within. It's not clear how long the surveillance system has been public, but artifacts from the system show that its database was set up in September 2024, and traffic monitoring began in mid-2025. The exposure offers a rare glimpse into how such national license plate surveillance systems work, the data they collect, and how they can be used to track the whereabouts of any one of the millions of people across an entire country. The lapse also reveals the security and privacy risks associated with the mass monitoring of vehicles and their owners, at a time when the United States is building up its nationwide array of license plate readers, many of which are provided by surveillance giant Flock.

Speaking of Italy's competition authority , it has fined Ryanair $301 million for abusing its dominant market position to limit sales of tickets by online travel agents. The Guardian: The authority said Europe's largest airline had "implemented an abusive strategy to hinder travel agencies" via an "elaborate strategy" of technical obstacles for agents and passengers to make it difficult for online travel agents to sell Ryanair tickets and instead force sales through its own website.

The fine related to Ryanair's conduct between April 2023 and at least until April 2025, the authority said on Tuesday. It said Ryanair had prevented online travel agents from selling tickets on its flights in combination with other airlines and services, weakening competition. Ryanair said it would immediately appeal against the "legally flawed" ruling.

Apple has been fined $116 million by Italy's antitrust regulator over the "excessively burdensome" privacy rules it imposes on third-party apps. From a report: The Italian Competition Authority (AGCM) says that Apple abused its dominant app store market position by burdening developers with "disproportionate" terms around data collection that exceed privacy law requirements, compared to rules for native iOS apps.

The fine specifically targets the App Tracking Transparency (ATT) policy Apple launched in 2021, which requires third-party developers to ask users for consent twice to track their data across other apps and websites. Apple's own apps can obtain this permission in a single tap. AGCM says that the burden of consenting twice led to a reduction in user consent rates for advertising profiling, thus harming developers whose business models depend upon revenue generated by personalized ads.

Beverly Hills High School has deployed an AI-powered surveillance apparatus that includes facial recognition cameras, behavioral analysis software, smoke detector-shaped bathroom listening devices from Motorola, drones, and license plate readers from Flock Safety -- a setup the district spent $4.8 million on in the 2024-2025 fiscal year and considers necessary given the school's high-profile location in Los Angeles.

Similar systems are spreading to campuses nationwide as schools try to stop mass shootings that killed 49 people on school property this year, 59 in 2024, and 45 in 2023. A 2023 ACLU report found that eight of the ten largest school shootings since Columbine occurred at schools that already had surveillance systems, and 32% of students surveyed said they felt like they were always being watched. The technology has a spotty track record, however.

Gun detection vendor Evolv, used by more than 800 schools including Beverly Hills High, was reprimanded by the FTC in 2024 for claiming its AI could detect all weapons after it failed to flag a seven-inch knife used to stab a student in 2022. Evolv has also flagged laptops and water bottles as guns. Rival vendor Omnilert flagged a 16-year-old student at a Maryland high school reaching for an empty Doritos bag as a possible gun threat; police held the teenager at gunpoint.

Not every school is buying in. Highline Schools in Washington state cancelled its $33,000 annual ZeroEyes contract this year and spent the money on defibrillators and Ford SUVs for its safety team instead.

During a search for the Brown shoogin suspect, a law enforcement press conference included a request for "Ring camera footage from residents and businesses near Brown University," according to local news reports.

But in the end it was Flock cameras according to an article in Gizmodo, after a Reddit poster described seeing "odd" behavior of someone who turned out to be the suspect: The original Reddit poster, identified only as John in the affidavit, contacted police the next day and came in for an interview. He told them about his odd encounter with the suspect, noting that he was acting suspiciously by not having appropriate cold-weather clothes on when he saw him in a bathroom at Brown University. That was two hours before the shooting. After spotting him in the bathroom wearing a mask, John actually started following the suspect in what he called a "game of cat and mouse...." Police detectives showed John two images obtained through Flock, the company that's built extensive surveillance infrastructure across the U.S. used by investigators, and he recognized the suspect's vehicle, replying, "Holy shit. That might be it," according to the affidavit. Police were able to track down the license plate of the rental car, which gave them a name, and within 24 hours, they had found Claudio Manuel Neves Valente dead in a storage facility in Salem, New Hampshire, where he reportedly rented a unit.
"We intend to continue using technology to make sure our law enforcement are empowered to do their jobs," Flock's safety CEO Garrett Langley wrote on X.com, pinning the post to the top of his feed.

Though ironically, hours before Providence Police Chief Oscar Perez credited Flock for helping to find the suspect, CNN was interviewing Flock's safety CEO to discuss "his response to recent privacy concerns surrounding Flock's technology." To Langley, the situation underscored the value and importance of Flock's technology, despite mounting privacy concerns that have prompted some jurisdictions to cancel contracts with the company... Langley told me on Thursday that he was motivated to start Flock to keep Americans safer. His goal is to deter crime by convincing would-be criminals they'll be caught... One of Flock's cameras had recently spotted [the suspect's] car, helping police pinpoint Valente's location. Flock turned on additional AI capabilities that were not part of Providence Police's contract with the company to assist in the hunt, a company spokesperson told CNN, including a feature that can identify the same vehicle based on its description even if its license plates have been changed.

The company has faced criticism from some privacy advocates and community groups who worry that its networks of cameras are collecting too much personal information from private citizens and could be misused. Both the Electronic Frontier Foundation and the American Civil Liberties Union have urged communities not to work with Flock. "State legislatures and local governments around the nation need to enact strong, meaningful protections of our privacy and way of life against this kind of AI surveillance machinery," ACLU Senior Policy Analyst Jay Stanley wrote in an August blog post. Flock also drew scrutiny in October when it announced a partnership with Amazon's Ring doorbell camera system... ["Local officers using Flock Safety's technology can now post a request directly in the Ring Neighbors app asking for help," explains Flock's blog post.]

Langley told me it was up to police to reassure communities that the cameras would be used responsibly... "If you don't trust law enforcement to do their job, that's actually what you're concerned about, and I'm not going to help people get over that." Langley added that Flock has built some guardrails into its technology, including audit trails that show when data was accessed. He pointed to a case in Georgia where that audit found a police chief using data from LPR cameras to stalk and harass people. The chief resigned and was arrested and charged in November...

More recently, the company rolled out a "drone as first responder" service — where law enforcement officers can dispatch a drone equipped with a camera, whose footage is similarly searchable via AI, to evaluate the scene of an emergency call before human officers arrive. Flock's drone systems completed 10,000 flights in the third quarter of 2025 alone, according to the company... I asked what he'd tell communities already worried about surveillance from LPRs who might be wary of camera-equipped drones also flying overhead. He said cities can set their own limitations on drone usage, such as only using drones to respond to 911 calls or positioning the drones' cameras on the horizon while flying until they reach the scene. He added that the drones fly at an elevation of 400 feet.

Hackers breached approximately 120,000 IP cameras across South Korea and allegedly sold footage captured from private homes, gynecology offices, breastfeeding rooms and massage parlors to an overseas pornography website, prompting an interagency government task force to announce sweeping reforms on December 7.

Police believe one suspect alone hacked 63,000 cameras and produced 545 videos that netted him 35 million won ($24,000) in cryptocurrency; a second suspect, operating independently, compromised 70,000 devices and earned 18 million won from 648 videos. The footage accounted for 62% of all content on the website, which maintains a dedicated "Korean" category. A government survey found that only 59% of installation companies consistently carried out mandatory security measures such as changing default passwords. Lawmakers are now pursuing legislation requiring security-certified IP cameras in sensitive facilities.

An anonymous reader shares a report: Browser extensions with more than 8 million installs are harvesting complete and extended conversations from users' AI conversations and selling them for marketing purposes, according to data collected from the Google and Microsoft pages hosting them.

Security firm Koi discovered the eight extensions, which as of late Tuesday night remained available in both Google's and Microsoft's extension stores. Seven of them carry "Featured" badges, which are endorsements meant to signal that the companies have determined the extensions meet their quality standards. The free extensions provide functions such as VPN routing to safeguard online privacy and ad blocking for ad-free browsing. All provide assurances that user data remains anonymous and isnâ(TM)t shared for purposes other than their described use.

An anonymous reader quotes a report from the Wall Street Journal: The alleged perpetrator had improper access to virtually every South Korean adult's personal information: names, phone numbers and even the keycode to enter residential buildings. It was one of the biggest data breaches of recent years and it has sent the company it targeted -- Coupang, South Korea's equivalent of Amazon -- reeling, generating lawsuits, government investigation and calls to toughen penalties against such leaks. The leak went undetected for nearly five months, hitting Coupang's radar on Nov. 18 only after a customer flagged suspicious activity.

At first, Coupang, which was founded by a Korean-American entrepreneur, said it had experienced a data "exposure" affecting roughly 4,500 customer accounts. But within days, the e-commerce firm revised the figure: The leak exposed up to roughly 34 million user accounts in South Korea -- a sum representing more than 90% of the country's working-age population. Coupang started calling the incident a "leak" after Korean regulators took issue with the company's prior word choice. "The Whole Nation Is a Victim," read one local news headline.

An investigation has found that the alleged perpetrator had once worked in South Korea as a software developer for authentication systems at Coupang, which is known for its blockbuster U.S. initial public offering a few years ago. The suspected leaker is believed to be a Chinese national who has moved back to China and is now on the lam, South Korean officials say. They haven't named the person. Even after leaving the firm roughly a year ago, the suspect secretly held on to an internal authentication key that granted him unfettered access to the personal information of Coupang users, South Korean authorities and lawmakers say. The infiltration, using overseas servers, started on June 24. By using the login credentials, the suspect was able to appear as if he were still a Coupang employee when accessing the company's systems.