Greg Adams Photography posted a photo:

Found Slide -- The Sirkka Sopanen Collection

Thomas Hawk posted a photo:

Found Slide -- The Sirkka Sopanen Collection

Like a Rolling Stone

Thomas Hawk posted a photo:

Like a Rolling Stone

The Guardian

Latest news, sport, business, comment, analysis and reviews from the Guardian, the world's leading liberal voice

‘Vanishingly rare’ copy of US Declaration of Independence found by volunteer in UK archives

One of 11 surviving copies of ‘Exeter printing’ and only one known outside US was taken from American privateer ship

For Michael Scurr, a volunteer at the National Archives in Kew, west London, it was “just a boring old Thursday morning” when he sat down in late May to catalogue a collection of documents from the British national collection that had never previously been recorded in detail.

As he opened a volume of 18th-century Royal Navy correspondence, however, Scurr unfolded a document whose opening words he recognised. “In Congress, July 4, 1776. A declaration by the representatives of the United States of America …”

Continue reading...

VK: Voorpagina

Volkskrant.nl biedt het laatste nieuws, opinie en achtergronden

Uitbraak hantavirus is voorbij, aldus Wereldgezondheidsorganisatie

Uitbraak hantavirus is voorbij, aldus WHO

Slashdot

News for nerds, stuff that matters

AI Agent Executes 'First' End-To-End Ransomware Attack

Sysdig says it has documented the first ransomware attack carried out end to end by an AI agent, which autonomously exploited exposed systems, stole credentials, established persistence, compromised a production database, and destroyed data. The research team named the attacker "JadePuffer" and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248. "The most striking characteristic, however, was the LLM's behavior," Sysdig director of threat research Michael Clark said in a blog post. An anonymous reader quotes an excerpt from The Register: JadePuffer's "self-narrating" payloads "contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don't often write but LLM-generated code produces reflexively," Clark added. "The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds." After exploiting CVE-2025-3248, a missing authentication vulnerability in Langflow that allows remote, unauthenticated attackers to execute arbitrary Python on the host, the AI agent began scanning for and collecting secrets, including LLM provider API keys, cloud credentials "with explicit coverage of Chinese providers" including Alibaba, Aliyun, Tencent, and Huawei, while also scanning for AWS, Azure and Google Cloud Platform, cryptocurrency wallets, and database credentials.

The AI also installed a crontab entry on the Langflow server to maintain persistence and call back to the attacker's infrastructure every 30 minutes. JadePuffer's intended target was a separate internet-exposed production server running a MySQL database and an Alibaba Nacos configuration service, we're told. Nacos is an open-source service-discovery and dynamic configuration platform developed by Alibaba and used in the cloud provider's microservices applications. The agent connected to the server's exposed MySQL port using root credentials, although Sysdig doesn't know how the attacker obtained them. These credentials weren't stolen from the victim's environment.

JadePuffer then attacked Nacos via multiple vectors including an authorization bypass flaw (CVE-2021-29441) and forging a valid JSON web token (JWT) using Nacos's default signing key. Additionally, using its root database access, the LLM injected a backdoor administrator into the Nacos backing database. It ultimately encrypted all 1,342 Nacos service configuration items using MySQL's built-in AES encryption function, and created an extortion demand, ransom note, Bitcoin payment address, and a Proton Mail contact [...]. However, according to the threat hunters, the victim can't recover the encrypted data, even if they paid the ransom demand, because the agent escalated "from row-level deletion to dropping entire database schemas, narrating its own targeting rationale," without backing up any of the encrypted data.

Read more of this story at Slashdot.

The Register

Biting the hand that feeds IT — Enterprise Technology News and Analysis

Startup sues Palo Alto Networks' Koi Security, saying an AI-hallucinated report falsely linked it to Chinese espionage

MeetingTV has sued Palo Alto Networks after its newly acquired Koi Security threat-intelligence biz published a blog that linked the video conferencing and webinar startup to a Chinese corporate espionage operation. The legal complaint filed against Koi Security, its researchers, and Palo Alto Networks alleges that Koi used an LLM to generate the threat report, the AI system hallucinated findings about MeetingTV, and the security shop then published those as facts in a December 30 blog. It accuses Koi of “reckless publication of an AI-driven cybersecurity report that falsely accused Plaintiff MeetingTV Inc. of criminal conduct including operating core infrastructure for a well-funded Chinese criminal organization running a large-scale malware and corporate espionage campaign,” according to court documents [PDF]. “The false attributions were the direct product of Koi’s unsupervised reliance on their proprietary ‘Wings’ analytical platform, which generated erroneous correlations between the Plaintiff’s business and an alleged cybercriminal actor they called DarkSpectre,” the lawsuit continues. A Palo Alto Networks spokesperson told The Register that the company “is aware of the lawsuit brought by MeetingTV Inc. regarding a threat research report published by Koi Security prior to the acquisition,” but declined to answer our specific questions about MeetingTV’s allegations and the Koi blog. “We believe Koi’s cybersecurity research reflects its commitment to identifying and exposing threats to users and enterprises, and we expect that this dispute will be resolved through the appropriate legal process,” the spokesperson said. Koi’s blog, which has since been silently edited to remove references to MeetingTV’s product called Zoomcorder, originally labeled the meeting recording service as a “public-facing front” for a Chinese criminal operation and said it lent “credibility to the infrastructure while serving as a monetization channel” - allegations MeetingTV disputes in its lawsuit. The blog also claimed the operation was behind a 2.2-million-user campaign stealing corporate meeting intelligence. As a result of the report, MeetingTV says, security companies and service providers around the globe blocked MeetingTV’s domains and services, labeling it as malware and command-and-control infrastructure. The startup’s founder and CEO, longtime entrepreneur Michael Robertson, told us the blocks are the only way he found out about the Koi report in the first place. According to Robertson, Koi did not reach out to MeetingTV prior to publishing its threat report. “Even after publishing they never contacted us,” he told The Register. “I was contacting the security companies one by one asking them to unlock us. Most never respond in any fashion, but one finally did respond and told us he was blocking us because of the Koi report and he gave us the url.” Robertson says he’s still struggling, as providers including Verizon and Palo Alto Networks, which completed its Koi acquisition in April, continue to block his startup. “If people on the internet are blocked from reaching your company, then that's a death sentence,” he said. “Plus all the LLMs now say we're working with Chinese cyber criminals. How will that ever get removed?” After the acquisition closed, Robertson emailed Palo Alto CEO Nikesh Arora directly and asked him to take action. “Now your company owns Koi and is continuing to publish and rely on the false report,” the email said. “Our domain and Google subdomains are blocked and labeled as malware and command and control by your company and others around the world … Take down the false report which is defaming us and in its place put a full retraction. Remove our domains from your own blacklist and help get them removed from others who are blocking us because of the Koi report.” A mysterious extension The December blog linked Zoomcorder to the Zoom Stealer campaign, which it attributed to the Chinese threat actor DarkSpectre, via a browser extension identified as "Twitter X Video Downloader." According to Robertson and the lawsuit, however, this extension doesn’t exist – and Koi “refused to supply information” about the software when MeetingTV requested it. “Koi’s single-actor theory rested on a fabricated technical ‘pivot’ – a single piece of software they repeatedly identified as the ‘Twitter X Video Downloader’ extension,” the lawsuit alleges. “This alleged extension was described as the critical bridge connecting the Zoom Stealer campaign (defined entirely by Plaintiff’s infrastructure) to ShadyPanda, core DarkSpectre infrastructure.” Robertson said he believes Koi used an LLM to generate the threat report, and it hallucinated findings about MeetingTV’s Zoomcorder product that the security shop published as facts. “They admit to using AI for their analysis,” Robertson said. “Maybe a human made it all up? Maybe it was AI? What's clear is that if the software doesn't exist, then even the most rudimentary analysis is impossible to do, yet they labeled our urls, services, and software as criminals.” The bigger picture in all of this, according to Robertson, is that we know AI systems hallucinate. Their findings should not be accepted as fact without any human review. “We're on the doorstep of an era where AI will be used to make critical life-altering decisions on people's lives: Did you pay your taxes, what your credit rating should be, will you get admitted to the University, do you qualify for the home loan, should you be on the no-fly list, etc.,” Robertson said. “Will these be made without human oversight? Will people have due process – see the accusations against them, present their own evidence, have a neutral arbiter? None of that happened in our case,” he continued. “They just declared us criminals and published it to the world.”®

Wel.nl

Minder lezen, Meer weten.

Locatie en tijdstip bruiloft Taylor Swift bekend in New York

De bruiloft van zangeres Taylor Swift en American football-speler Travis Kelce begint vrijdag om 17.00 uur lokale tijd in New York en duurt tot in de vroege ochtenduren van zaterdag. Dat meldden diverse Amerikaanse media nadat The Associated Press een kopie had bemachtigd van een door de stad afgegeven vergunning.

Ook de locatie is nu bekend. Uit de vergunning blijkt dat dit Madison Square Garden in Manhattan is. Er gingen al langer geruchten rond dat het feest daar zou plaatsvinden. Op de locatie komen donderdag om 18.30 uur lokale tijd al honderd gasten bijeen voor een repetitiediner.

Voor de daadwerkelijke bruiloft worden hele stratenblokken in het hart van Manhattan afgezet tijdens het drukke feestweekeinde, zo blijkt uit de vergunning. Zaterdag 4 juli - Independence Day - vieren de Amerikanen hun onafhankelijkheid. Dit jaar bestaan de Verenigde Staten 250 jaar.

Swift en Kelce maakten hun verloving in augustus bekend.


Duizenden mensen geëvacueerd vanwege grote natuurbrand in het zuiden van Frankrijk

In het zuiden van Frankrijk zijn zo’n drieduizend mensen geëvacueerd vanwege een grote natuurbrand, meldt persbureau AFP donderdagavond.