A Massachusetts man has agreed to plead guilty to hacking into one of the top education tech companies in the United States and stealing tens of millions of schoolchildren's personal information for profit. From a report: Matthew Lane, 19, of Worcester County, Massachusetts, signed a plea agreement related to charges connected to a major hack on an educational technology company last year, as well as another company, according to court documents published Tuesday. While the documents refer to the education company only as "Victim-2" and the U.S. attorney's office declined to name the victim, a person familiar with the matter told NBC News that it is PowerSchool. The hack of PowerSchool last year is believed to be the largest breach of American children's sensitive data to date. According to his plea agreement, Lane admitted obtaining information from a protected computer and aggravated identity theft and agreed not to challenge a prison sentence shorter than nine years and four months. He got access simply by trying an employee's stolen username and password combination, the complaint says, echoing a private third-party assessment of the incident previously reported by NBC News.

Read more of this story at Slashdot.

A new virtual machine manager called Karton is being developed specifically for the KDE Plasma desktop, aiming to offer a seamless, Qt-native alternative to GNOME-centric tools like GNOME Boxes. Spearheaded by University of Waterloo student Derek Lin as part of Google Summer of Code 2025, Karton uses libvirt and Qt Quick to build a user-friendly, fully integrated VM experience, with features like a custom SPICE viewer, snapshot support, and a mobile-friendly UI expected by September 2025. Neowin reports: To feel right at home in KDE, Karton is being built with Qt Quick and Kirigami. It uses the libvirt API to handle virtual machines and could eventually work across different platforms. Right now, development is focused on getting the core parts in place. Lin is working on a new domain installer that ditches direct virt-install calls in favor of libosinfo, which helps detect OS images and generate the right libvirt XML for setting up virtual machines more precisely. He's still refining device configuration and working on broader hypervisor support. Another key part of the work is building a custom SPICE viewer using Qt Quick from scratch: If you're curious, here's the list of specific deliverables Lin included in his GSoC proposal, though he notes the proposal itself is a bit outdated [...]. For those interested in the timeline, Lin's GSoC proposal says the official GSoC coding starts June 2, 2025. The goal is to have a working app ready by the midterm evaluation around July 14, 2025, with the final submission due September 1, 2025. You can learn more via KDE.org.

Read more of this story at Slashdot.

KrebsOnSecurity was hit with a near-record 6.3 Tbps DDoS attack, believed to be a test of the powerful new Aisuru IoT botnet. The attack, lasting under a minute, was the largest Google has ever mitigated and is linked to a DDoS-for-hire operation run by a 21-year-old Brazilian known as "Forky." Brian Krebs writes: [Google Security Engineer Damian Menscher] said the attack on KrebsOnSecurity lasted less than a minute, hurling large UDP data packets at random ports at a rate of approximately 585 million data packets per second. "It was the type of attack normally designed to overwhelm network links," Menscher said, referring to the throughput connections between and among various Internet service providers (ISPs). "For most companies, this size of attack would kill them." [...] The 6.3 Tbps attack last week caused no visible disruption to this site, in part because it was so brief -- lasting approximately 45 seconds. DDoS attacks of such magnitude and brevity typically are produced when botnet operators wish to test or demonstrate their firepower for the benefit of potential buyers. Indeed, Google's Menscher said it is likely that both the May 12 attack and the slightly larger 6.5 Tbps attack against Cloudflare last month were simply tests of the same botnet's capabilities. In many ways, the threat posed by the Aisuru/Airashi botnet is reminiscent of Mirai, an innovative IoT malware strain that emerged in the summer of 2016 and successfully out-competed virtually all other IoT malware strains in existence at the time.

Read more of this story at Slashdot.

Comments

Spain has ordered Airbnb to remove over 65,000 listings that violate rental regulations, citing missing license numbers and unclear ownership details. The crackdown is part of a broader government effort to address the country's housing crisis, which many blame on unregulated short-term rentals reducing long-term housing supply. Reuters reports: Most of the Airbnb listings to be blocked do not include their licence number, while others do not specify whether the owner was an individual or a corporation, the Consumer Rights Ministry said in a statement on Monday. Consumer Rights Minister Pablo Bustinduy said his goal was to end the general "lack of control" and "illegality" in the holiday rental business. "No more excuses. Enough with protecting those who make a business out of the right to housing in our country," he told reporters. Bustinduy said Madrid's high court is backing the request to withdraw as many as 5,800 listings. Airbnb will appeal the decision, a spokesperson said on Monday. The company believes the ministry does not have the authority to make rulings over short-term rentals and failed to provide an evidence-based list of non-compliant accommodation. Some of the incriminated listings are non-touristic seasonal ones, the spokesperson said.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Decrypt: The founder of online news publication TechCrunch has claimed that Coinbase's recent data breach "will lead to people dying," amid a wave of kidnap attempts targeting high-net-worth crypto holders. TechCrunch founder and venture capitalist Michael Arrington added that this should be a point of reflection for regulators to re-think the importance of know-your-customer (KYC), a process that requires users to confirm their identity to a platform. He also called for prison time for executives that fail to "adequately protect" customer information. "This hack -- which includes home addresses and account balances -- will lead to people dying. It probably has already," he tweeted. "The human cost, denominated in misery, is much larger than the $400 million or so they think it will actually cost the company to reimburse people." [...] He believes that people are in immediate physical danger following the breach, which exposed data including names, addresses, phone numbers, emails, government-ID images, and more. Arrington believes that in the wake of these attacks, crypto companies that handle user data need to be much more careful than they currently are. "Combining these KYC laws with corporate profit maximization and lax laws on penalties for hacks like these means these issues will continue to happen," he tweeted. "Both governments and corporations need to step up to stop this. As I said, the cost can only be measured in human suffering." Former Coinbase chief technology officer Balaji Srinivasan pushed back on Arrington's position that executives should be punished, arguing that regulators are forcing KYC onto unwilling companies. "When enough people die, the laws may change," Arrington hit back.

Read more of this story at Slashdot.

Comments

Google on Tuesday unveiled Veo 3, an AI video generator that includes synchronized audio -- such as dialogue and animal sounds -- setting it apart from rivals like OpenAI's Sora. The company also launched Imagen 4 for high-quality image generation, Flow for cinematic video creation, and made updates to its Veo 2 and Lyria 2 tools. CNBC reports: "Veo 3 excels from text and image prompting to real-world physics and accurate lip syncing," Eli Collins, Google DeepMind product vice president, said in a blog Tuesday. The video-audio AI tool is available Tuesday to U.S. subscribers of Google's new $249.99 per month Ultra subscription plan, which is geared toward hardcore AI enthusiasts. Veo 3 will also be available for users of Google's Vertex AI enterprise platform. Google also announced Imagen 4, its latest image-generation tool, which the company said produces higher-quality images through user prompts. Additionally, Google unveiled Flow, a new filmmaking tool that allows users to create cinematic videos by describing locations, shots and style preferences. Users can access the tool through Gemini, Whisk, Vertex AI and Workspace.

Read more of this story at Slashdot.

Comments

Comments