Philips Hue is rolling out MotionAware, a new feature that turns its smart bulbs into motion sensors using radio-frequency (RF) Zigbee signals. The upgrade works with most Hue bulbs made since 2014, but requires the new $99 Bridge Pro hub to enable. The Verge reports: To create a MotionAware motion-sensing zone, you need Hue's new Bridge Pro and at least three Hue devices in a room. It works with all new and most existing mains-powered Hue products via a firmware update. That includes smart bulbs, light strips, and fixtures. Portable devices, such as the Hue Go or Table Lamp, and battery-powered accessories, such as Hue switches, aren't compatible. Neither is Hue's current smart plug. [...] "All of the functionality you get with our physical motion sensors -- including turning on when motion is detected or off when there's been no movement for a certain amount of time -- can be configured on motion-aware motion events," says George Yianni, Hue CTO and founder, in an interview with The Verge. "We've done something that's quite a lot better than what else is out there."

MotionAware is occupancy sensing, not presence sensing; it requires movement. Yianni says it's comparable to the passive infrared sensing (PIR) Hue's physical sensors use. This means it can be triggered by pets or other motion. A sensitivity slider in the app helps fine-tune detection. According to Yianni, a key benefit over PIR is that a MotionAware zone can cover a larger area than a single PIR sensor, and it's also not limited to line of sight. MotionAware can't sense light levels, which Hue Motion Sensors can, but you can pair a light sensor to a motion zone to feed it that data. The positioning of the lights will also play a role in determining the effectiveness of the motion sensing. "We recommend that the lights surround an area which will roughly define the detection area in which motion will be detected," says Yianni. "It will sense around the lights and in the broader room thanks to reflections, but detection reliability will depend on lots of factors."

Beyond lighting automation, MotionAware can also integrate with Hue Secure, Hue's DIY security platform that includes cameras, contact sensors, and a new video doorbell. Motion detection can trigger lights to flash red, activate Hue's new plug-in chime/siren, and send an alert to your phone with a button to call emergency services. [...] MotionAware is built on RF sensing -- a technology that uses wireless signals to "see" a space and detect disruptions within it. The data is then sent to the Bridge Pro, where AI algorithms are applied to figure out what is causing those disruptions, so the system can act accordingly. This is why it's limited to the Bridge Pro, the V2 bridge isn't powerful enough to run those algorithms, says Yianni.

Tom's Hardware: According to an early Amazon Mexico listing, Logitech is preparing to launch the Signature Slim Solar+, a wireless keyboard in every sense of the word. The Signature Slim Solar+features a solar panel, providing owners with a battery lasting up to 10 years.

An anonymous reader shares a report: The total number of GPUs sold for the second quarter of 2025 hit 11.6 million units, while desktop PC CPUs went up to 21.7 million units, according to a Jon Peddie Research report. This is a 27% increase in graphics card shipments and a 21.6% jump in CPU shipments from the last quarter, which is a change from the usual drop in deliveries we've seen in recent years.

"AIB prices dropped for midrange and entry-level, while high-end AIB prices increased, and most retail suppliers ran out of stock. This is very unusual for the second quarter," said Jon Peddie Research president Dr. Jon Peddie. "We think it is a continuation of higher prices expected due to the tariffs and buyers trying to get ahead of that."

As for the three major GPU manufacturers, Nvidia still has the lead, taking in 94% of the market -- an increase of 2.1% over the previous quarter -- while AMD is at a distant second place with 6%. This is still a much better position than Intel, though, whose market share is so small it did not even register on the chart.

alternative_right writes: For decades, fragments and unofficial copies of Microsoft's 6502 BASIC have circulated online, mirrored on retrocomputing sites, and preserved in museum archives. Coders have studied the code, rebuilt it, and even run it in modern systems. Today, for the first time, we're opening the hatch and officially releasing the code under an open-source license. Microsoft BASIC began in 1975 as the company's very first product: a BASIC interpreter for the Intel 8080, written by Bill Gates and Paul Allen for the Altair 8800. That codebase was soon adapted to run on other 8-bit CPUs, including the MOS 6502, Motorola 6800, and 6809.

The 6502 port was completed in 1976 by Bill Gates and Ric Weiland. In 1977, Commodore licensed it for a flat fee of $25,000, a deal that placed Microsoft BASIC at the heart of Commodore's PET computers and, later, the VIC-20 and Commodore 64. The version we are releasing here -- labeled "1.1" -- contains fixes to the garbage collector identified by Commodore and jointly implemented in 1978 by Commodore engineer John Feagans and Bill Gates, when Feagans traveled to Microsoft's Bellevue offices. This is the version that shipped as the PET's "BASIC V2." It even contains a playful Bill Gates Easter egg, hidden in the labels STORDO and STORD0, which Gates himself confirmed in 2010.

Atlassian said it has agreed to acquire The Browser Co., a startup that offers a web browser with AI features, for $610 million in cash. CNBC: The companies aim to close the deal in Atlassian's fiscal second quarter, which ends in December. Established in 2019, The Browser Co. has gone up against some of the world's largest companies, including Google, with Chrome, and Apple, which includes Safari on its computers running MacOS. The startup debuted Arc, a customizable browser with a built-in whiteboard and the ability to share groups of tabs, in 2022.

The Dia browser, a simpler option that allows people to chat with an AI assistant about multiple browser tabs at once, became available in beta in June. Atlassian co-founder and CEO Mike Cannon-Brookes said he sees shortcomings in the most popular browsers for those who do much of their work on computers. Further reading: Atlassian Buying The Browser Company Feels Like a Waste of Money.

An anonymous reader quotes a report from ZDNet: Over the Labor Day weekend, Cloudflare says it successfully stopped a record-breaking distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps). This came only a few months after Cloudflare blocked a then all-time high DDoS attack of 7.3 Tbps. This latest attack was almost 60% larger.

According to Cloudflare, the assault was the result of a hyper-volumetric User Datagram Protocol (UDP) flood attack that lasted about 35 seconds. During that just more than half-minute attack, it delivered over 5.1 billion packets per second. This attack, Cloudflare reported, came from a combination of several IoT and cloud providers. Although compromised accounts on Google Cloud were a major source, the bulk of the attack originated from other sources.

The specific target of this attack has not been publicly disclosed, but we can be sure the intent was to overwhelm the victim's network and render online services inoperative. Cloudflare says its globally distributed, fully autonomous DDoS mitigation network detected and neutralized the threat in real time, without notable impact on customer services or requiring manual intervention. This operation highlights both the rising sophistication of attack methods and the resilience of modern internet infrastructure defenses, especially Cloudflare's use of real-time packet analysis, fingerprinting, and rapid threat intelligence sharing across its network.

An anonymous reader quotes a report from The Register: Ten vulnerabilities in Copeland controllers, which are found in thousands of devices used by the world's largest supermarket chains and cold storage companies, could have allowed miscreants to manipulate temperatures and spoil food and medicine, leading to massive supply-chain disruptions. The flaws, collectively called Frostbyte10, affect Copeland E2 and E3 controllers, used to manage critical building and refrigeration systems, such as compressor groups, condensers, walk-in units, HVAC, and lighting systems. Three received critical-severity ratings. Operational technology security firm Armis found and reported the 10 bugs to Copeland, which has since issued firmware updates that fix the flaws in both the E3 and the E2 controllers. The E2s reached their official end-of-life in October, and affected customers are encouraged to move to the newer E3 platform. Upgrading to Copeland firmware version 2.31F01 mitigates all the security issues detailed here, and the vendor recommends patching promptly.

In addition to the Copeland updates, the US Cybersecurity and Infrastructure Security Agency (CISA) is also scheduled to release advisories today, urging any organization that uses vulnerable controllers to patch immediately. Prior to these publications, Copeland and Armis execs spoke exclusively to The Register about Frostbyte10, and allowed us to preview an Armis report about the security issues. "When combined and exploited, these vulnerabilities can result in unauthenticated remote code execution with root privileges," it noted. [...] To be clear: there is no indication that any of these vulnerabilities were found and exploited in the wild before Copeland issued fixes. However, the manufacturer's ubiquitous reach across retail and cold storage makes it a prime target for all manner of miscreants, from nation-state attackers looking to disrupt the food supply chain to ransomware gangs looking for victims who will quickly pay extortion demands to avoid operational downtime and food spoilage.

An old school ransomware attack has a new twist: threatening to feed data to AI companies so it'll be added to LLM datasets. 404 Media reports: Artists&Clients is a website that connects independent artists with interested clients. Around August 30, a message appeared on Artists&Clients attributed to the ransomware group LunaLock. "We have breached the website Artists&Clients to steal and encrypt all its data," the message on the site said, according to screenshots taken before the site went down on Tuesday. "If you are a user of this website, you are urged to contact the owners and insist that they pay our ransom. If this ransom is not paid, we will release all data publicly on this Tor site, including source code and personal data of users. Additionally, we will submit all artwork to AI companies to be added to training datasets."

LunaLock promised to delete the stolen data and allow users to decrypt their files if the site's owner paid a $50,000 ransom. "Payment is accepted in either Bitcoin or Monero," the notice put on the site by the hackers said. The ransom note included a countdown timer that gave the site's owners several days to cough up the cash. "If you do not pay, all files will be leaked, including personal user data. This may cause you to be subject to fines and penalties under the GDPR and other laws."

Developer Hugo Tunius, writing in a blog post: Sideloading has been a hot topic for the last decade. Most recently, Google has announced further restrictions on the practice in Android. Many hundreds of comment threads have discussed these changes over the years. One point in particular is always made: "I should be able to run whatever code I want on hardware I own." I agree entirely with this point, but within the context of this discussion it's moot.

When Google restricts your ability to install certain applications they aren't constraining what you can do with the hardware you own, they are constraining what you can do using the software they provide with said hardware. It's through this control of the operating system that Google is exerting control, not at the hardware layer. You often don't have full access to the hardware either and building new operating systems to run on mobile hardware is impossible, or at least much harder than it should be. This is a separate, and I think more fruitful, point to make. Apple is a better case study than Google here. Apple's success with iOS partially derives from the tight integration of hardware and software. An iPhone without iOS is a very different product to what we understand an iPhone to be. Forcing Apple to change core tenets of iOS by legislative means would undermine what made the iPhone successful.

An anonymous reader shares a report: Some Microsoft Azure customers have had a worrying few days after a problematic account migration caused forecast costs for the cloud service to skyrocket, triggering budget alerts.

An alarmed Register reader got in touch after receiving warnings from Azure's automated systems that they had significantly exceeded their budgets, and a glance at Microsoft's support forums indicates their issue was not isolated.

The problem was that costs had suddenly ramped up. One user, with a budget threshold of $85, received an automated alert indicating that their spend was forecast to reach $1,027. Another said: "We're actively seeing the same issue, costs have blown up by a crazy amount. No official notice or announcement from Microsoft either, it's appalling."

PC Gamer reports: The Diablo team is the next in line to unionize at Blizzard. Over 450 developers across multiple disciplines have voted to form a union under the Communications Workers of America (CWA), and they're now the fourth major Blizzard team to do so... A wave of unions have formed at Blizzard in the last year, including the World of Warcraft, Overwatch, and Story and Franchise Development teams. Elsewhere at Microsoft, Bethesda, ZeniMax Online Studios and ZeniMax QA testers have also unionized...

The CWA says over 3,500 Microsoft workers have now organized to fight for fair compensation, job security, and improved working conditions.
CWA is America's largest communications and media labor union, and in a statement, local 9510 president Jason Justice called the successful vote "part of a much larger story about turning the tide in an industry that has long overlooked its labor. Entertainment workers across film, television, music, and now video games are standing together to have a seat at the table. The strength of our movement comes from that solidarity."

And CWA local 6215 president Ron Swaggerty said "Each new organizing effort adds momentum to the nationwide movement for video game worker power."

"What began as a trickle has turned into an avalanche," writes the gaming news site Aftermath, calling the latest vote "a direct result of the union neutrality deal Microsoft struck with CWA in 2022 when it was facing regulatory scrutiny over its $68.7 billion purchase of Activision Blizzard." We've come a long way since small units at Raven and Blizzard Albany fended off Activision Blizzard's pre-acquisition attempts at union busting in 2022 and 2023, and not a moment too soon: Microsoft's penchant for mass layoffs has cut some teams to the bone and left others warily counting down the days until their heads land on the chopping block. This new union, workers hope, will act as a bulwark...

[B]ased on preliminary conversations with prospective members, they can already hazard a few guesses as to what they'll be arm-wrestling management over at the bargaining table: pay equity, AI, crediting, and remote work.

An anonymous reader quotes a report from TechCrunch: WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was being used to stealthily hack into the Apple devices of "specific targeted users." The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known officially as CVE-2025-55177, which was used alongside a separate flaw found in iOS and Macs, which Apple fixed last week and tracks as CVE-2025-43300.

Apple said at the time that the flaw was used in an "extremely sophisticated attack against specific targeted individuals." Now we know that dozens of WhatsApp users were targeted with this pair of flaws. Donncha O Cearbhaill, who heads Amnesty International's Security Lab, described the attack in a post on X as an "advanced spyware campaign" that targeted users over the past 90 days, or since the end of May. O Cearbhaill described the pair of bugs as a "zero-click" attack, meaning it does not require any interaction from the victim, such as clicking a link, to compromise their device.

The two bugs chained together allow an attacker to deliver a malicious exploit through WhatsApp that's capable of stealing data from the user's Apple device. Per O Cearbhaill, who posted a copy of the threat notification that WhatsApp sent to affected users, the attack was able to "compromise your device and the data it contains, including messages." It's not immediately clear who, or which spyware vendor, is behind the attacks. When reached by TechCrunch, Meta spokesperson Margarita Franklin confirmed the company detected and patched the flaw "a few weeks ago" and that the company sent "less than 200" notifications to affected WhatsApp users. The spokesperson did not say, when asked, if WhatsApp has evidence to attribute the hacks to a specific attacker or surveillance vendor.

Microsoft has found no link between the August 2025 KB5063878 security update and customer reports of failure and data corruption issues affecting solid-state drives (SSDs) and hard disk drives (HDDs). From a report: Redmond first told BleepingComputer last week that it is aware of users reporting SSD failures after installing this month's Windows 11 24H2 security update. In a subsequent service alert seen by BleepingComputer, Redmond said that it was unable to reproduce the issue on up-to-date systems and began collecting user reports with additional details from those affected.

"After thorough investigation, Microsoft has found no connection between the August 2025 Windows security update and the types of hard drive failures reported on social media," Microsoft said in an update to the service alert this week. "As always, we continue to monitor feedback after the release of every Windows update, and will investigate any future reports."

One of Australia's largest banks has apologized to staff who found out they had been fired through an automated email asking them to hand back their laptops. From a report: ANZ's retail banking executive Bruce Rush said it was "not our intention to share such sensitive news with you in this way" as the firm cuts jobs in its retail banking business. The bank said the emails were sent to some staff ahead of schedule in error. It said it has since stopped sending the emails and that staff have been spoken to personally.

The Financial Sector Union said the email caused "panic and distress" and was a result of the company forcing through a "chaotic pace of change." The union's president Wendy Streets said it had not been consulted on the changes the bank was making, adding that "ANZ must do better." "Speed and cost-cutting cannot come at the expense of dignity and respect for workers," Ms Streets said, describing the "botched" episode as "disgusting." Mr Rush wrote in an email to staff: "Unfortunately, these emails indicate an exit date for some of our colleagues before we've been able to share their outcome with them."

An anonymous reader quotes a report from TechCrunch: Credit reporting giant TransUnion has disclosed a data breach affecting more than 4.4 million customers' personal information. In a filing with Maine's attorney general's office on Thursday, TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers' personal data for its U.S. consumer support operations.

TransUnion claimed "no credit information was accessed," but provided no immediate evidence for its claim. The data breach notice did not specify what specific types of personal data were stolen. In a separate data breach disclosure filed later on Thursday with Texas' attorney general's office, TransUnion confirmed that the stolen personal information includes customers' names, dates of birth, and Social Security numbers. [...] It's not clear who is behind the breach at TransUnion, or if the hackers made any demands to the company.

Typepad, which launched in 2003 to make it easier for the masses to start their blogging journey, is shutting down. From a blog post: We have made the difficult decision to discontinue Typepad, effective September 30, 2025. After September 30, 2025, access to Typepad -- including account management, blogs, and all associated content -- will no longer be available. Your account and all related services will be permanently deactivated. Please note that after this date, you will no longer be able to access or export any blog content.

An anonymous reader shares a report: German banks blocked PayPal payments totalling more than 10 billion euros ($11.7 billion) over fraud concerns, the Sueddeutsche Zeitung newspaper reported on Wednesday, without specifying its sources. The payments were halted on Monday after lenders flagged millions of suspicious direct debits from PayPal that appeared last week, the newspaper said. Asked to comment on the report, a PayPal spokesperson said a temporary service interruption had affected "certain transactions from our banking partners and potentially their customers", but that the issue had now been resolved.

Nevada has been crippled by a cyberattack that began on August 24, taking down state websites, intermittently disabling phone lines, and forcing offices like the DMV to close. The Register reports: The Office of Governor Joseph Lombardo announced the attack via social media on Monday, saying that a "network security incident" took hold in the early hours of August 24. Official state websites remain unavailable, and Lombardo's office warned that phone lines will be intermittently down, although emergency services lines remain operational. State offices are also closed until further notice, including Department of Motor Vehicles (DMV) buildings. The state said any missed appointments will be honored on a walk-in basis.

"The Office of the Governor and Governor's Technology Office (GTO) are working continuously with state, local, tribal, and federal partners to restore services safely," the announcement read. "GTO is using temporary routing and operational workarounds to maintain public access where it is feasible. Additionally, GTO is validating systems before returning them to normal operation and sharing updates as needed." Local media outlets are reporting that, further to the original announcement, state offices will remain closed on Tuesday after officials previously expected them to reopen. The state's new cybersecurity office says there is currently no evidence to suggest that any Nevadans' personal information was compromised during the attack.

A widely used Node.js utility called fast-glob, relied on by thousands of projectsâ"including over 30 U.S. Department of Defense systems -- is maintained solely by a Russian developer linked to Yandex. While there's no evidence of malicious activity, cybersecurity experts warn that the lack of oversight in such critical open-source projects leaves them vulnerable to potential exploitation by state-backed actors. The Register reports: US cybersecurity firm Hunted Labs reported the revelations on Wednesday. The utility in question is fast-glob, which is used to find files and folders that match specific patterns. Its maintainer goes by the handle "mrmlnc", and the Github profile associated with that handle identifies its owner as a Yandex developer named Denis Malinochkin living in a suburb of Moscow. A website associated with that handle also identifies its owner as the same person, as Hunted Labs pointed out.

Hunted Labs told us that it didn't speak to Malinochkin prior to publication of its report today, and that it found no ties between him and any threat actor. According to Hunted Labs, fast-glob is downloaded more than 79 million times a week and is currently used by more than 5,000 public projects in addition to the DoD systems and Node.js container images that include it. That's not to mention private projects that might use it, meaning that the actual number of at-risk projects could be far greater.

While fast-glob has no known CVEs, the utility has deep access to systems that use it, potentially giving Russia a number of attack vectors to exploit. Fast-glob could attack filesystems directly to expose and steal info, launch a DoS or glob-injection attack, include a kill switch to stop downstream software from functioning properly, or inject additional malware, a list Hunted Labs said is hardly exhaustive. [...] Hunted Labs cofounder Haden Smith told The Register that the ties are cause for concern. "Every piece of code written by Russians isn't automatically suspect, but popular packages with no external oversight are ripe for the taking by state or state-backed actors looking to further their aims," Smith told us in an email. "As a whole, the open source community should be paying more attention to this risk and mitigating it." [...]

Hunted Labs said that the simplest solution for the thousands of projects using fast-glob would be for Malinochkin to add additional maintainers and enhance project oversight, as the only other alternative would be for anyone using it to find a suitable replacement. "Open source software doesn't need a CVE to be dangerous," Hunted Labs said of the matter. "It only needs access, obscurity, and complacency," something we've noted before is an ongoing problem for open source projects. This serves as another powerful reminder that knowing who writes your code is just as critical as understanding what the code does," Hunted Labs concluded.

The FBI and other law enforcement and intelligence agencies around the world warned Wednesday that a Chinese-government hacking campaign that previously penetrated nine U.S. telecommunications companies has expanded into other industries and regions, striking at least 200 American organizations and 80 countries. From a report: The joint advisory was issued with the close allies in the Five Eyes English-language intelligence-sharing arrangement and also agencies from Finland, Netherlands, Poland and the Czech Republic, an unusually broad array meant to demonstrate global resolve against what intelligence officials said is a pernicious campaign that exceeds accepted norms for snooping.

"The expectation of privacy here was violated, not just in the U.S., but globally," FBI Assistant Director Brett Leatherman, who heads the bureau's cyber division, told The Washington Post in an interview. Chinese hackers won deep access to major communication carriers in the U.S. and elsewhere, then extracted call records and some law enforcement directives, which allowed them to build out a map of who was calling whom and whom the U.S. suspected of spying, Leatherman said. Prominent politicians in both major U.S. parties were among the ultimate victims.