CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. From a report: "The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience."

The announcement follows a warning from MITRE Vice President Yosry Barsoum that government funding for the CVE and CWE programs was set to expire today, April 16, potentially leading to widespread disruption across the cybersecurity industry. "If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure," Barsoum said.

The CVE and CWE programs are at risk of shutdown as MITRE's DHS contract expires on April 16, 2025, with no confirmed renewal. Without continued funding, the ability to standardize, track, and respond to software vulnerabilities could collapse, leaving the cybersecurity community scrambling in a fragmented and dangerously opaque environment. Forbes reports: "Failure to renew MITRE's contract for the CVE program, seemingly set to expire on April 16, 2025, risks significant disruption," said Jason Soroko, Senior Fellow at Sectigo. "A service break would likely degrade national vulnerability databases and advisories. This lapse could negatively affect tool vendors, incident response operations, and critical infrastructure broadly. MITRE emphasizes its continued commitment but warns of these potential impacts if the contracting pathway is not maintained."

MITRE has indicated that historical CVE records will remain accessible via GitHub, but without continued funding, the operational side of the program -- including assignment of new CVEs -- will effectively go dark. That's not a minor inconvenience. It could upend how the global cybersecurity community identifies, communicates, and responds to new threats. [...] MITRE has said that discussions with the U.S. government are active and that it remains committed to the CVE mission. But with the expiration date looming, time is running short -- and the consequences of even a temporary gap are severe.

An anonymous reader quotes a report from TechCrunch: Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver's licenses. The rental company, which also owns the Dollar and Thrifty brands, said in notices on its website that the breach relates to a cyberattack on one of its vendors between October 2024 and December 2024. The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver's licenses, payment card information, and workers' compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.

Notices on Hertz's websites disclosed the breach to customers in Australia, Canada, the European Union, New Zealand, and the United Kingdom. Hertz also disclosed the breach with several U.S. states, including California and Maine. Hertz said at least 3,400 customers in Maine were affected but did not list the total number of affected individuals, which is likely to be significantly higher. Emily Spencer, a spokesperson for Hertz, would not provide TechCrunch with a specific number of individuals affected by the breach but said it would be "inaccurate to say millions" of customers are affected. The company attributed the breach to a vendor, software maker Cleo, which last year was at the center of a mass-hacking campaign by a prolific Russia-linked ransomware gang.

An anonymous reader quotes a report from Forbes: Robotaxi development is speeding at a fast pace in China, but we don't hear much about it in the USA, where the news focuses mostly on Waymo, with a bit about Zoox, Motional, May, trucking projects and other domestic players. China has 4 main players with robotaxi service, dominated by Baidu (the Chinese Google.) A recent session at last week's Ride AI conference in Los Angeles revealed some details about the different regulatory regime in China, and featured a report from a Chinese-American YouTuber who has taken on a mission to ride in the different vehicles.

Zion Maffeo, deputy general counsel for Pony.AI, provided some details on regulations in China. While Pony began with U.S. operations, its public operations are entirely in China, and it does only testing in the USA. Famously it was one of the few companies to get a California "no safety driver" test permit, but then lost it after a crash, and later regained it. Chinese authorities at many levels keep a close watch over Chinese robotaxi companies. They must get approval for all levels of operation which control where they can test and operate, and how much supervision is needed. Operation begins with testing with a safety driver behind the wheel (as almost everywhere in the world,) with eventual graduation to having the safety driver in the passenger seat but with an emergency stop. Then they move to having a supervisor in the back seat before they can test with nobody in the vehicle, usually limited to an area with simpler streets.

The big jump can then come to allow testing with nobody in the vehicle, but with full time monitoring by a remote employee who can stop the vehicle. From there they can graduate to taking passengers, and then expanding the service to more complex areas. Later they can go further, and not have full time remote monitoring, though there do need to be remote employees able to monitor and assist part time. Pony has a permit allowing it to have 3 vehicles per remote operator, and has one for 15 vehicles in process, but they declined comment on just how many vehicles they actually have per operator. Baidu also did not respond to queries on this. [...] In addition, Chinese jurisdictions require that the system in a car independently log any "interventions" by safety drivers in a sort of "black box" system. These reports are regularly given to regulators, though they are not made public. In California, companies must file an annual disengagement report, but they have considerable leeway on what they consider a disengagement so the numbers can't be readily compared. Chinese companies have no discretion on what is reported, and they may notify authorities of a specific objection if they wish to declare that an intervention logged in their black box should not be counted. On her first trip, YouTuber Sophia Tung found Baidu's 5th generation robotaxi to offer a poor experience in ride quality, wait time, and overall service. However, during a return trip she tried Baidu's 6th generation vehicle in Wuhan and rated it as the best among Chinese robotaxis, approaching the quality of Waymo.

An anonymous reader quotes a report from the New York Times: British laws restricting what the police can say about criminal cases are "not fit for the social media age (source paywalled; alternative source)," a government committee said in a report released Monday in Britain that highlighted how unchecked misinformation stoked riots last summer. Violent disorder, fueled by the far right, affected several towns and cities for days after a teenager killed three girls on July 29 at a Taylor Swift-themed dance class in Southport, England. In the hours after the stabbings, false claims that the attacker was an undocumented Muslim immigrant spread rapidly online. In a report looking into the riots, a parliamentary committee said a lack of information from the authorities after the attack "created a vacuum where misinformation was able to grow." The report blamed decades-old British laws, aimed at preventing jury bias, that stopped the police from correcting false claims. By the time the police announced the suspect was British-born, those false claims had reached millions.

The Home Affairs Committee, which brings together lawmakers from across the political spectrum, published its report after questioning police chiefs, government officials and emergency workers over four months of hearings. Axel Rudakubana, who was sentenced to life in prison for the attack, was born and raised in Britain by a Christian family from Rwanda. A judge later found there was no evidence he was driven by a single political or religious ideology, but was obsessed with violence. [...] The committee's report acknowledged that it was impossible to determine "whether the disorder could have been prevented had more information been published." But it concluded that the lack of information after the stabbing "created a vacuum where misinformation was able to grow, further undermining public confidence," and that the law on contempt was not "fit for the social media age."

An anonymous reader shares a report: An attorney for the Federal Trade Commission told a judge that Facebook, fearing the competitive threat of Instagram posted to their social media network, acquired both as a way to "neutralize" the rival. "They decided that competition was too hard," the FTC's attorney, Daniel Matheson, said in his opening statement in the government's antitrust case against the Meta Platforms social media empire.

He argued that with Meta's monopoly in social media, "consumers do not have reasonable alternatives they can turn to," even as satisfaction has declined. At stake is the potential breakup of Facebook-parent Meta, as the government has zeroed in on the 2012 acquisition of Instagram and 2014 purchase of WhatsApp.

Somewhere in Montana sits the only coal-fired power plant in America that hasn't installed modern pollution controls to limit particulate matter, according to the Environmental Protecction Agency. Mining.com notes that it has the highest emission rate of fine particulate matter out of any U.S. coal-burning power plant. When inhaled, the finest particles are able to penetrate deep into the lungs and even potentially the bloodstream, exacerbating heart and lung disease, causing asthma attacks and even sometimes leading to premature death.
Yet America's dirtiest coal-fired power plant — and dozens of others — "are being exempted from stringent air pollution mandates," reports Bloomberg, "as part of US. President Donald Trump's bid to revitalize the industry: Talen Energy Corp.'s Colstrip in Montana is among 47 plants receiving two-year waivers from rules to control mercury and other pollutants as part of a White House effort to ease regulation on coal-fired sites, according to a list seen by Bloomberg News. The exemptions were among a slew of actions announced by the White House Tuesday to expand the mining and use of coal. The Trump administration has argued coal is a vital part of the mix to ensure sufficient energy supply to meet booming demand for AI data centers. The carve-out, which begins in July 2027, lasts until July 2029, according to the proclamation.
In an email to Bloomberg, a White House spokesperson said the move meant that America "will produce beautiful, clean coal" while addressing "necessary electrical demand from emerging technologies such as AI."

"A modern free society has an obligation to offer electronic tax filing that respects user freedom," says a Free Software Foundation blog post, "and the United States is not excluded from this responsibility."

"Governments, and/or the companies that they partner with, are responsible for providing free as in freedom software for necessary operations, and tax filing is no exception." For many years now, a large portion of [U.S.] taxpayers have filed their taxes electronically through proprietary programs like TurboTax. Millions of taxpayers are led to believe that they have no other option than to use nonfree software or Service as a Software Substitute (SaaSS), giving up their freedom as well as their most private financial information to a third-party company, in order to file their taxes...

While the options for taxpayers have improved slightly with the IRS's implementation of the IRS Direct File program [in 25 states], this program unfortunately does require users to hand over their freedom when filing taxes.... Taxpayers shouldn't have to use a program that violates their individual freedoms to file legally required taxes. While Direct File is a step in the right direction as the program isn't in the hands of a third-party entity, it is still nonfree software. Because Direct File is a US government-operated program, and ongoing in the process of being deployed to twenty-five states, it's not too late to call on the IRS to make Direct File free software.

In the meantime, if you need to file US taxes and are yet to file, we suggest filing your taxes in a way that respects your user freedom as much as possible, such as through mailing tax forms. Like with other government interactions that snatch away user freedom, choose the path that most respects your freedom.
Free-as-in-freedom software would decrease the chance of user lock-in, the FSF points out. But they list several other advantages, including:

• Repairability: With free software, there is no uncertain wait period or reliance on a proprietary provider to make any needed bug or security fixes.

• Transparency: Unless you can check what a program really does (or ask someone in the free software community to check for you), there is no way to know that the program isn't doing things you don't consent to it doing.

• Cybersecurity: While free software isn't inherently more secure than nonfree software, it does have a tendency to be more secure because many developers can continuously improve the program and search for errors that can be exploited. With proprietary programs like TurboTax, taxpayers and the U.S. government are dependent on TurboTax to protect the sensitive financial and personal information of millions with few (if any) outside checks and balances...

• Taxpayer dollars spent should actually benefit the taxpayers: Taxpayer dollars should not be used to fund third-party programs that seek to control users and force them to use their programs through lobbying....

"We don't have to accept this unjust reality: we can work for a better future, together," the blog post concludes (offering a "sample message" U.S. taxpayers could send to IRS Commissioner Danny Werfel).

"Take action today and help make electronic tax filing free as in freedom for everyone."

Here's an update from the Wall Street Journal about a "widespread series of alarming cyberattacks on U.S. infrastructure."

China was behind it, "Chinese officials acknowledged in a secret December meeting... according to people familiar with the matter..." The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwan, the people, who declined to be named, said... U.S. officials went public last year with unusually dire warnings about the uncovered Volt Typhoon effort. They publicly attributed it to Beijing trying to get a foothold in U.S. computer networks so its army could quickly detonate damaging cyberattacks during a future conflict. [American officials at the meeting perceived the remarks as "intended to scare the U.S. from involving itself if a conflict erupts in the Taiwan Strait."]

The Chinese official's remarks at the December meeting were indirect and somewhat ambiguous, but most of the American delegation in the room interpreted it as a tacit admission and a warning to the U.S. about Taiwan, a former U.S. official familiar with the meeting said... In a statement, the State Department didn't comment on the meeting but said the U.S. had made clear to Beijing it will "take actions in response to Chinese malicious cyber activity," describing the hacking as "some of the gravest and most persistent threats to U.S. national security...."

A Chinese official would likely only acknowledge the intrusions even in a private setting if instructed to do so by the top levels of Xi's government, said Dakota Cary, a China expert at the cybersecurity firm SentinelOne. The tacit admission is significant, he said, because it may reflect a view in Beijing that the likeliest military conflict with the U.S. would be over Taiwan and that a more direct signal about the stakes of involvement needed to be sent to the Trump administration. "China wants U.S. officials to know that, yes, they do have this capability, and they are willing to use it," Cary said.
The article notes that top U.S. officials have said America's Defense Department "will pursue more offensive cyber strikes against China."

But it adds that the administration "also plans to dismiss hundreds of cybersecurity workers in sweeping job cuts and last week fired the director of the National Security Agency and his deputy, fanning concerns from some intelligence officials and lawmakers that the government would be weakened in defending against the attacks."

A former Facebook employee/whistleblower alleges Meta's AI model Lllama was used to help DeepSeek.

The whistleblower — former Facebook director of global policy Sarah Wynn-Williams — testified before U.S. Senators on Wednesday. CBS News found this earlier response from Meta: In a statement last year on Llama, Meta spokesperson Andy Stone wrote, "The alleged role of a single and outdated version of an American open-source model is irrelevant when we know China is already investing over 1T to surpass the US technologically, and Chinese tech companies are releasing their own open AI models as fast, or faster, than US ones."

Wynn-Williams encouraged senators to continue investigating Meta's role in the development of artificial intelligence in China, as they continue their probe into the social media company founded by Zuckerberg. "The greatest trick Mark Zuckerberg ever pulled was wrapping the American flag around himself and calling himself a patriot and saying he didn't offer services in China, while he spent the last decade building an $18 billion business there," she said.
The testimony also left some of the lawmakers skeptical of Zuckerberg's commitment to free speech after the whistleblower also alleged Facebook worked "hand in glove" with the Chinese government to censor its platforms: In her almost seven years with the company, Wynn-Williams told the panel she witnessed the company provide "custom built censorship tools" for the Chinese Communist Party. She said a Chinese dissident living in the United States was removed from Facebook in 2017 after pressure from Chinese officials. Facebook said at the time it took action against the regime critic, Guo Wengui, for sharing someone else's personal information. Wynn-Williams described the use of a "virality counter" that flagged posts with over 10,000 views for review by a "chief editor," which Democratic Sen. Richard Blumenthal of Connecticut called "an Orwellian censor." These "virality counters" were used not only in Mainland China, but also in Hong Kong and Taiwan, according to Wynn-Williams's testimony.

Wynn-Williams also told senators Chinese officials could "potentially access" the data of American users.

Germany will get a new "super-high-tech ministry" responsible for research, technology, and aerospace, according to the coalition agreement published by the incoming government this week. From a report: The announcement is one of several nods to science in the 144-page agreement, unveiled on 9 April following weeks of negotiations between the center-right Christian Democrats (CDU) and its sister party, the Christian Social Union in Bavaria (CSU) -- who together won the most seats in February's federal elections -- and the center-left Social Democrats. The agreement is expected to be formally approved by the three parties by early May, paving the way for CDU leader Friedrich Merz to be elected chancellor.

[...] The new agreement lists a number of scientific priorities for the new government, including support for artificial intelligence, quantum technologies, biotechnology, microchip development and production, and fusion energy. "Our goal is that the world's first fusion reactor should be realized in Germany," the text states. It also mentions personalized medicine, oceans research, and sustainability research as "strategic" areas. But the agreement does not include any budget estimates, and observers caution it is unclear where the money for new programs would come from. The agreement does affirm current commitments to increase the budgets of the country's main research organizations by 3% per year through 2030.

Defense Secretary Pete Hegseth has ordered the termination of multiple IT and consulting contracts with firms including Accenture, Deloitte, and Booz Allen Hamilton, describing them as "wasteful spending."

A Department of Defense memo indicates the cuts target the Defense Health Agency's consulting services contract and the Air Force's agreement with Accenture to "re-sell third-party Enterprise Cloud IT Services," services the government can "already fulfill directly with existing procurement resources."

The terminations also include 11 other contracts supporting "non-essential" activities like DEI programs, climate initiatives, and COVID-19 response efforts. The cuts represent $5.1 billion in spending and will yield nearly $4 billion in savings, according to Hegseth. The funds will be redirected toward "critical priorities to Revive the Warrior Ethos, Rebuild the Military, and Reestablish Deterrence," with Hegseth noting the money would better serve "healthcare for our warfighters and their families, instead of $500 an hour business process consultant."

Hours after Donald Trump imposed record 125% tariffs on Chinese products entering the US, China has announced it will further curb the number of US films allowed to screen in the country. From a report: "The wrong action of the US government to abuse tariffs on China will inevitably further reduce the domestic audience's favourability towards American films," the China Film Administration said in a statement on Thursday. "We will follow the market rules, respect the audience's choice, and moderately reduce the number of American films imported."

The move mirrors the potential countermeasure suggested by two influential Chinese bloggers earlier in the week, warning that "China has plenty of tools for retaliation." Both Liu Hong, a senior editor at Xinhuanet, the website of the state-run Xinhua news agency, as well as Ren Yi, the grandson of former Guangdong party chief Ren Zhongyi, posted an identical proposal involving a heavy reduction on the import of US movies and further investigation of the intellectual property benefits of American companies operating in China. China is the world's second largest film market after the US.

An anonymous reader shares a report: Gas boiler fittings outnumbered new heat pump installations by more than 15 to one last year, and only one in eight new homes were equipped with the low-carbon alternative despite the government's clean energy targets.

Poorer households are also being shut out of the heat pump market as the grants available are inadequate and should be increased, according to a report by the Resolution Foundation thinktank. The UK has the slowest introduction of heat pumps in Europe: fewer than 100,000 were fitted last year, compared with 1.5m gas boilers. Most of the boilers were replacements for existing units, but new houses are still being built with gas as standard -- only 13% of new homes came with heat pumps last year.

If the government is to meet its net zero targets, switching people to heat pumps will be essential: about 450,000 households will need to install them each year by 2030. But the grant available through the boiler upgrade scheme -- $9,700 in England and Wales -- still leaves homeowners paying about $7000 on average.

An anonymous reader shares a report: Meta's latest whistleblower, Sarah Wynn-Williams, got a warm reception on Capitol Hill Wednesday, as the Careless People author who the company has fought to silence described the company's chief executive as someone willing to shapeshift into whatever gets him closest to power. The message was one that lawmakers on the Senate Judiciary subcommittee on crime and counterterrorism were very open to. Their responses underscore that amid CEO Mark Zuckerberg's latest pivot in cozying up to the right, his perception in Washington has not yet totally changed, even as he reportedly lobbies President Donald Trump to drop the government's antitrust case against the company.

"He's recently tried a reinvention in which he is now a great advocate of free speech, after being an advocate of censorship in China and in this country for years," subcommittee Chair Josh Hawley (R-MO) said, pointing to longtime conservative allegations that Meta has suppressed things like vaccine skepticism and the Hunter Biden laptop story. "Now that's all wiped away. Now he's on Joe Rogan and says that he is Mr. Free Speech, he is Mr. MAGA, he's a whole new man, and his company, they're a whole new company. Do you buy this latest reinvention of Mark Zuckerberg?"

"If he is such a fan of freedom of speech, why is he trying to silence me?" Wynn-Williams asked in response. Meta convinced an arbitrator to order her to stop making disparaging statements and halt further publishing and promotion of the book, which details Meta's alleged dealings with the Chinese government and claims of sexual harassment from a top executive.

The U.S. Army told the government it had a lot of success using AI to "process targets" during a recent deployment. It said that it had used AI systems to identify targets at a rate of 55 per day but could get that number up to 5,000 a day with "advanced artificial intelligence tools in the future." 404 Media: The line comes from a new report from the Government Accountability Office -- a nonpartisan watchdog group that investigates the federal government. The report is titled "Defense Command and Control" and is, in part, about the Pentagon's recent push to integrate AI systems into its workflow.

Across the government, and especially in the military, there has been a push to add or incorporate AI into various systems. The pitch here is that AI systems would help the Pentagon ID targets on the battlefield and allow those systems to help determine who lives and who dies. The Ukrainian and Israeli military are already using similar systems but the practice is fraught and controversial.

China retaliated against the US after new tariffs imposed by President Donald Trump, announcing it would raise the tariff on US goods to 84%, escalating the trade conflict between the world's two largest economies. From a report: The Chinese countermeasures are effective April 10, according to a government statement Wednesday. China's move came after Trump's latest tariffs went into force at midday Wednesday in Beijing, taking the cumulative rate announced this year to 104%. A day earlier, China vowed to "fight to the end" if the US insists on new tariffs. Where US-China Decoupling Is Hardest: After decades of trade integration, Chinese companies have become increasingly essential suppliers of goods and materials that range from niche to ones many Americans can barely do without.

At $41 billion last year, smartphones -- largely consisting of Apple's iPhones -- were the single largest US import from China. More than 70% of all smartphone imports are from China, according to Bloomberg analysis of 2024 trade data from the US International Trade Commission.

Farther afield, China supplies the entirety of hair from badgers and other animals imported into the US for brush-making. It also delivers almost 90% of the gaming consoles US consumers buy from overseas.

Over 99% of the electric toasters, heated blankets, calcium, and alarm clocks the US imports are from China. Ditto for more than 90% of folding umbrellas, vacuum flasks, artificial flowers, LED lamps, and wooden coat-hangers.

Hackers intercepted about 103 bank regulators' emails for more than a year, gaining access to highly sensitive financial information, Bloomberg News reported Tuesday, citing two people familiar with the matter and a draft letter to Congress. From the report: The attackers were able to monitor employee emails at the Office of the Comptroller of the Currency after breaking into an administrator's account, said the people, asking not to be identified because the information isn't public. OCC on Feb. 12 confirmed that there had been unauthorized activity on its systems after a Microsoft security team the day before had notified OCC about unusual network behavior, according to the draft letter.

The OCC is an independent bureau of the Treasury Department that regulates and supervises all national banks, federal savings associations and the federal branches and agencies of foreign banks -- together holding trillions of dollars in assets. OCC on Tuesday notified Congress about the compromise, describing it as a "major information security incident."

"The analysis concluded that the highly sensitive bank information contained in the emails and attachments is likely to result in demonstrable harm to public confidence," OCC Chief Information Officer Kristen Baldwin wrote in the draft letter to Congress that was seen by Bloomberg News. While US government agencies and officials have long been the targets of state-sponsored espionage campaigns, multiple high-profile breaches have surfaced over the past year.

New submitter toutankh writes: The UK government is developing a tool to predict murder.

China is moving fast to dominate biotechnology, and the U.S. risks falling behind permanently unless it takes action over the next three years, a congressional commission said. WSJ: Congress should invest at least $15 billion to support biotech research over the next five years and take other steps to bolster manufacturing in the U.S., while barring companies from working with Chinese biotech suppliers, the National Security Commission on Emerging Biotechnology said in a report Tuesday. To achieve its goals, the federal government and U.S.-based researchers will also need to work with allies and partners around the world.

"China is quickly ascending to biotechnology dominance, having made biotechnology a strategic priority for 20 years," the commission said. Without prompt action, the U.S. risks "falling behind, a setback from which we may never recover." The findings convey the depth of worry in Washington that China's rapid biotechnology advances jeopardize U.S. national security. Yet translating the concern into tangible actions could prove challenging.

[...] China plays a large role supplying drug ingredients and even some generic medicines to the U.S. For years, it produced copycat versions of drugs developed in the West. Recent years have seen it become a formidable hub of biotechnology innovation, after the Chinese government gave priority to the field as a critical sector in China's efforts to become a scientific superpower.