Doctors personally liable if mandatory NHS AI transcriber gets it wrong

https://pivot-to-ai.com/2025/04/30/doctors-personally-liable-if-mandatory-nhs-ai-transcriber-gets-it-wrong/ - text
https://www.youtube.com/watch?v=9RWdZml54eg&list=UU9rJrMVgcXTfa8xuMnbhAEA - video

@buherator not just mazdas, nissans too! And others , that sort of prompted me to dig into mine and resulted in https://github.com/ea/bosch_headunit_root
https://noc.social/@todayilearned/114425467000309539

30 April 1945 | As Soviet forces neared his command bunker in Berlin Adolf Hitler shot himself.

Hitler's Thousand Year Reich lasted twelve years, four months & eight days.

We need to commemorate all the victims & remember where ideologies of hatred may lead humanity to.

"Microsoft CEO says up to 30% of the company’s code was written by AI."

It can't be 30% by plain math. Just replacing 30% of existing code with new code takes (many) years, and then we include all produced code. If they ONLY used AI to write all code for the last few years, and they wrote it at a high pace, it could *perhaps* be done.

We all know that AI can't write code that good. But sure "up to 30%" could also mean "2%".

Of all *new* code perhaps? Still feels high.

https://techcrunch.com/2025/04/29/microsoft-ceo-says-up-to-30-of-the-companys-code-was-written-by-ai/

🚨 New advisory was just published! 🚨

MagicINFO exposes an endpoint with several flaws that, when combined, allow an unauthenticated attacker to upload a JSP file and execute arbitrary server-side code:
https://ssd-disclosure.com/ssd-advisory-samsung-magicinfo-unauthenticated-rce/

#Mozilla: Multiple Vulnerabilities in Mozilla Products (Firefox, Firefox Updater, Thunderbird) Could Allow for Arbitrary Code Execution:
CVE-2025-2817, CVE-2025-4082, CVE-2025-4083:
👇
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/

🌪️HP printers are back to TyphoonPWN. This year, we’re offering up to $20,000 for a Pre-Auth Remote Code Execution vulnerability in HP MFP 4303dw/fdw printers.

If you’ve been researching HP printers, this is your moment. Show off your skills, get recognized, and earn big. 🏆

Remote participation is fully supported. Register now:
👉 https://typhooncon.com/typhoonpwn-2025/

NEW: A court in India has ordered the block Proton Mail across the whole country as part of a case where a local design firm received obscene emails.

As of this writing, Proton Mail is still working, based on our tests.

Story by @jagmeets13

https://techcrunch.com/2025/04/29/indian-court-orders-blocking-of-proton-mail/

Prosecutors have requested Alex Mashinsky, CEO of the collapsed Celsius cryptocurrency company, be sentenced to at least twenty years in prison for his "sustained, calculated campaign of deceit carried out over years, targeting ordinary people."

https://www.courtlistener.com/docket/67604619/144/united-states-v-mashinsky/

#Celsius #crypto #cryptocurrency

Significant event for many, many reasons. Especially the fact Sophie Wilson spoke at it considering what is going on in the UK right now. One of the world's most widely used chips wouldn't exist without her contribution.

https://www.theregister.com/2025/04/29/arm_40/

#bbcmicro #arm

Google published a blog post about 0days and the like. This jumped out at me:

Vendor investments in exploit mitigations are having a clear impact on where threat actors are able to find success.

Stack canaries gained popularity in the Linux world in 2002. When did the Linux-based Ivanti ICS product get stack canaries, after years of ITW exploitation? 2025. That's right. They decided to wait TWENTY THREE YEARS before deciding to turn on a compile-time flag that would have prevented successful exploitation of April's CVE-2025-22457.

We all know that comparing the security disposition of companies/products based on CVE counts is both foolish and futile, but sometimes they make it easy for us. 😂

NEW: Last year, there were 34 recorded zero-days being exploited in real-world attacks, which were attributed to specific groups.

Of those, 23 were attributed to government-backed hackers, including spyware makers, which shows that governments are the main users of zero-days.

And while those got caught, Google's @_clem1 told us that spyware makers “are investing more resources in operational security to prevent their capabilities being exposed and to not end up in the news.”

Full story:

https://techcrunch.com/2025/04/29/government-hackers-are-leading-the-use-of-attributed-zero-days-google-says/

21 million employee screenshots leaked in bossware breach blunder.

https://www.bitdefender.com/en-us/blog/hotforsecurity/21-million-employee-screenshots-leaked-in-bossware-breach-blunder

Proof-of-work challenges have become the current hotness for defeating AI scrapers. I think it’s great we have these and that they’re getting deployed to great effect. But I’ve also seen a lot of people claim the “AI scrapers” problem is now solved and I’m sorry to tell you this but no it’s not.

The reason it’s solved right now is because most of these scrapers don’t execute JavaScript. But with enough people deploying PoW proxies, the economics around that change enough to make it worthwhile for AI companies to do so. AI companies have more money than you. Yes it’ll cost them, but that cost is worth it to them because otherwise they don’t have a business.

(Also Anubis and other solutions default to only triggering if the User-Agent header contains Mozilla so guess what! It’ll soon need to be enabled regardless of the value of that header because it’s trivial to circumvent. Then the cost goes up for the operator too as more and more users get affected.)

The JS needed for the PoW stuff isn’t complicated. A small JS interpreter can handle that. What mostly remains is then the cost of the hash. Right now most things use SHA256, for which we have CPU extensions and AVX instructions to speed this up. Constantly increasing the PoW rounds doesn’t solve this. Eventually the experience degrades too much for real users, whereas servers literally don’t care. Nobody is sitting there waiting for the output to be rendered. All they want is to get the content to train on.

PoW proxies are a stopgap, and a very useful one. But a stopgap nonetheless. We’re buying ourselves time. But we’re going to need more than this. Including legislation that outlaws some of this shit entirely.

AI is a technology, but the root of the problem we’re facing is a societal and political one. We cannot ignore those aspects and exclude them from a solution.

All of the gear needed for #Pwn2Own Berlin is on its way. Next stop - Germany!

In 15 minutes Europe will hopefully launch its next climate satellite. The launch can however only be watched via YouTube since we apparently can’t do that ourselves and have to put our government info next to the antivax promo. https://www.esa.int/ESA_Multimedia/ESA_Web_TV