• The Chocolate Factory announced the Google Threat Intelligence Group-led actions on Wednesday and said that, in partnership with other teams, it terminated all Google Cloud Projects that had been controlled by UNC2814, a group that GTIG has tracked since 2017. They also disabled all known UNC2814 infrastructure and accounts, and revoked access to the Google Sheets API calls used by the Chinese snoops for command-and-control (C2) purposes.
• "As of Feb. 18, GTIG's investigation confirmed that UNC2814 has impacted 53 victims in 42 countries across four continents, and identified suspected infections in at least 20 more countries," the threat hunters said in the report.
• The security sleuths uncovered this campaign during a Mandiant investigation into suspicious activity in a customer's environment. Specifically, this binary, "/var/tmp/xapt," initiated a shell with root privileges, and then executed a command to retrieve the system’s user and group identifiers to confirm it had successfully escalated to root.
• Google suspects the payload was named xapt, after the command-line tool in Debian and Ubuntu systems, to make it easier to hide in the victim's environment and look like a legitimate tool.
• The intruders also used a novel backdoor, Gridtide, that abuses legitimate Google Sheets API functionality to disguise its command-and-control (C2) traffic. Mandiant has linked Gridtide to UNC2814.
• The intruders also used a novel backdoor, Gridtide, that abuses legitimate Google Sheets API functionality to disguise its command-and-control (C2) traffic. Mandiant has linked Gridtide to UNC2814.
• After breaking in, the spies moved laterally via SSH, performed reconnaissance, escalated privileges, and then deployed the Gridtide backdoor using a command, "nohup ./xapt," that allows it to run even after the user closes the session.
• "Subsequently, SoftEther VPN Bridge was deployed to establish an outbound encrypted connection to an external IP address," the threat intel team wrote. "VPN configuration metadata suggests UNC2814 has been leveraging this specific infrastructure since July 2018."
• The C-based backdoor uses Google Sheets as its C2 platform, can execute shell commands, and can upload and download files. In this case, the attacker deployed Gridtide on an endpoint containing personal information - likely to identify and track persons of interest - including full name, phone number, date and place of birth, voter ID and national ID numbers.

Digg's officially launched now for about a month and it's... really underwhelming.

The "Most Dugg" posts by upvotes as of this post:

+110, +107, +89, +86, +84, +84, +79, +79 (roughly in the last 24 hours)

As compared to Lemmy/Piefed/Mbin as seen on Lemmy.world (Top in last 24 hours):

+1.22k, +952, +855, +751, +669, +646, +620, +612

That's really poor from Digg honestly.

What do people use for free live TV these days, especially non-sports events premium channels, and especially media centre friendly m3u streams?

I looked through all my usuals, and the wiki here and none of them seemed to work. I have an epg system set up already, ideally I would plug in a steam url into my m3u playlist where the tvid for the channel is, but could not even get web streams working for premium channels.

In new research, they've used abundant, inexpensive phosphorus as a catalyst in chemical reactions that usually require precious metals like platinum, one of the metals targeted in theft of the automotive components that convert chemicals in vehicle exhaust into less harmful forms.

This advance, however, will likely be more useful in the pharmaceutical industry and could one day help bring down the price of some drugs.

How a single hack infected the world’s most important operating system.

The quality of produced food is getting significantly worse. Lower quality ingredients. Fillers. Shrinkflation. They will push it as far as they can.

Amazon is telling people who use its wishlists feature to switch to post office boxes or non-residential delivery addresses if they want to ensure their home addresses remain private, as part of a change in how it processes gifts bought from third-party sellers. The change is especially concerning to many sex workers, influencers and public figures who use Amazon wishlists to receive gifts from fans and clients.

First spotted by adult content creators raising the alarm on social media, the changes open anyone who uses wishlists publicly to increased privacy risk unless they change how they receive packages.

In an email sent to list holders, Amazon said beginning March 25, it will reveal users’ shipping addresses to third-party sellers. The platform added that gift purchasers might end up seeing your address as part of this process, too.

https://web.archive.org/web/20260225203949/https://www.404media.co/amazon-wishlist-address-private-third-party/

Note:

• this is related to the fallout and backtracking from Discord's age verification changes
• I haven't confirmed what license this is being released under

Despite the issues with the companies involved, maybe there is something here that Fediverse platforms can benefit from. Whether it is using the tools directly, or using it for ideas when building something better.

From the site:

Coop provides content review tools and includes the ability to route reviews to the experts, show relevant information for a comprehensive review, and take action. The platform includes built-in integration with the National Center for Missing & Exploited Children’s (NCMEC) API for mandatory reporting of child sexual abuse material (CSAM), ensuring compliance with relevant regulations.

Osprey is an open-source investigation and incident response tool that allows safety teams to understand what is happening on their platforms and take actions at scale. Osprey’s lightweight, user-friendly design makes it especially valuable for platforms of all sizes, from grassroots communities to established platforms that need powerful tools without enterprise-scale infrastructure.

Bluesky is taking from it already:

"We're excited for the implementation and release of Osprey," said Aaron Rodericks, Head of Trust and Safety at Bluesky, which plans to adopt Osprey. "This represents exactly the kind of open collaboration needed to democratize safety tools. By implementing Osprey, we're helping prove that effective safety infrastructure can work for platforms of all sizes, not just those with massive resources."

The FBI got a search warrant for X to provide details on the Grok prompts a man allegedly used to create more than 200 nonconsensual sexual videos of a woman he knew in real life, according to court records.

The details of the investigation are contained in an FBI affidavit about the alleged actions of Simon Tuck, who is accused of extensively harassing and threatening the woman’s husband. Tuck regularly worked out with and texted with the woman and, according to the affidavit, secretly filmed her while she was working out in his garage. Over the course of the last several months, Tuck swatted their home, made a series of anonymous reports to the man’s employer claiming that he was a child abuser and a drug addict, posed as the man and made a series of mass shooting and suicide threats. Tuck also made a series of other threats and bizarre actions, which included reaching out to a funeral home to say that the man would be dead soon and sending threats to the man while posing as a member of Sector 16, a Russian hacking crew.

The affidavit notes that, in January, the FBI got a search warrant for the man’s conversations with Grok. The FBI says that it received “prompts provided to GrokAI that generated approximately 200 pornographic videos of a woman who closely resembled VICTIM’s wife’s physical appearance.”

https://web.archive.org/web/20260225192408/https://www.404media.co/fbi-subpoenaed-x-to-get-grok-prompts-used-to-create-nonconsensual-porn/

Valve’s Counter-Strike, Team Fortress, and Dota Games Have Slot Machine-Like Features That Entice Users to Pay for the Chance to Win Rare Prizes That Can Be Exchanged for Money Lawsuit Alleges Valve’s In-Game “Loot Box” Feature Violates New York’s Gambling Laws and Can Lead to Serious Harms, Especially for Young People

New York City police are investigating after officers were pelted with snowballs while responding to a massive snowball fight at Washington Square Park in Manhattan.

A video of the fracas shows two uniformed officers pacing a walkway in the park Monday as snowballs fly at them from all directions, hitting the officers and covering them in snow.

The officers, growing visibly frustrated, shoved at least two people to the ground as snowballs continued to whizz by. At one point, a person runs up behind an officer and mushes some snow onto his head. One of the officers can be seen rubbing his eye toward the end of the video.

In a statement Tuesday, the New York Police Department said multiple uniformed officers were struck in the face with snowballs and were "removed by EMS in stable condition" to a nearby hospital, but did not disclose additional information on their injuries.

The Ministry of Foreign Affairs and Trade has confirmed officials were in talks with the US on the requirements and scope of an Enhanced Border Security Partnership (EBSP).

The US has given the 42 countries in its Visa Waiver Program - a reciprocal agreement that allowed citizens to visit for up to 90 days without a visa - until the end of the year to conclude EBSP negotiations or risk losing visa-free travel status.

Any information handed over to the US may end up with the country's controversial Immigration and Customs Enforcement border force - or ICE as it is commonly known - and concerns have been raised about the opaque process, data sovereignity and surveillance overreach.

New Zealand's Ministry of Foreign Affairs and Trade (MFAT) refused to clarify what safeguards were being considered to protect New Zealanders' private information or if it was aware of any ICE personnel stationed in New Zealand at present.

Biometric sharing programmes already exist between Five Eyes countries (New Zealand, Australia, Canada, the United States and the United Kingdom) as part of Migration Five arrangements but typically operated on a 'hit/no-hit' basis where initial biometric checks provided minimal information, and further data requests were considered on a case by case basis.

But EBSPs could provide full automated access to other countries' national databases, according to critics and minutes from European Union member state negotiations.

PDF.

Today’s leading AI models engage in sophisticated behaviour when placed in strategic competition. They spontaneously attempt deception, signaling intentions they do not intend to follow; they demonstrate rich theory of mind, reasoning about adversary beliefs and anticipating their actions; and they exhibit credible metacognitive self-awareness, assessing their own strategic abilities before deciding how to act.

Here we present findings from a crisis simulation in which three frontier large language models (GPT-5.2, Claude Sonnet 4, Gemini 3 Flash) play opposing leaders in a nuclear crisis.

According to Taiwan tech publication DigiTimes, most AI firms are unwilling to wait two years for HDD supplies to stabilize and are shifting to SSDs instead. To contain costs, they are choosing QLC NAND-based drives over the faster, more durable, and more expensive TLC variants.

Japan’s Fair Trade Commission raided Microsoft Japan’s offices on Wednesday as part of an investigation into whether it improperly restricted customers of its Azure platform from using rival cloud services, a source with direct knowledge of the matter told Reuters.

PDF.

We show that large language models can be used to perform at-scale deanonymization. With full Internet access, our agent can re-identify Hacker News users and Anthropic Interviewer participants at high precision, given pseudonymous online profiles and conversations alone, matching what would take hours for a dedicated human investigator. We then design attacks for the closed-world setting. Given two databases of pseudonymous individuals, each containing unstructured text written by or about that individual, we implement a scalable attack pipeline that uses LLMs to: (1) extract identity-relevant features, (2) search for candidate matches via semantic embeddings, and (3) reason over top candidates to verify matches and reduce false positives. Compared to prior deanonymization work (e.g., on the Netflix prize) that required structured data or manual feature engineering, our approach works directly on raw user content across arbitrary platforms. We construct three datasets with known ground-truth data to evaluate our attacks. The first links Hacker News to LinkedIn profiles, using cross-platform references that appear in the profiles. Our second dataset matches users across Reddit movie discussion communities; and the third splits a single user's Reddit history in time to create two pseudonymous profiles to be matched. In each setting, LLM-based methods substantially outperform classical baselines, achieving up to 68% recall at 90% precision compared to near 0% for the best non-LLM method. Our results show that the practical obscurity protecting pseudonymous users online no longer holds and that threat models for online privacy need to be reconsidered.

• LessWrong;
• Hacker News.