Hackers with links to China reportedly successfully infiltrated a number of unnamed government and tech entities using advanced malware. As reported by Reuters, cybersecurity agencies from the US and Canada confirmed the attack, which used a backdoor known as “Brickstorm” to target organizations using the VMware vSphere cloud computing platform.

As detailed in a report published by the Canadian Centre for Cyber Security on December 4, PRC state-sponsored hackers maintained "long-term persistent access" to an unnamed victim’s internal network. After compromising the affected platform, the cybercriminals were able to steal credentials, manipulate sensitive files and create "rogue, hidden VMs" (virtual machines), effectively seizing control unnoticed. The attack could have begun as far back as April 2024 and lasted until at least September of this year.

The malware analysis report published by the Canadian Cyber Centre, with assistance from The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), cites eight different Brickstorm malware samples. It is not clear exactly how many organizations in total were either targeted or successfully penetrated.

In an email to Reuters, a spokesperson for VMware vSphere owner Broadcom said it was aware of the alleged hack, and encouraged its customers to download up-to-date security patches whenever possible. In September, the Google Threat Intelligence Group published its own report on Brickstorm, in which it urged organizations to "reevaluate their threat model for appliances and conduct hunt exercises" against specified threat actors.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/chinese-hackers-reportedly-targeting-government-entities-using-brickstorm-malware-133501894.html?src=rss

©

© Greggory DiSalvo via Getty Images

Amazon is reportedly considering discontinuing use of the US Postal Service and building out its own shipping network to rival it, according to The Washington Post. The e-commerce behemoth spends more than $6 billion a year on the public mail carrier, representing just shy of 8 percent of the service's total revenues. That's up from just shy of $4 billion in 2019, and Amazon continues to grow.

However, it sounds like that split might be due to a breakdown in negotiations between Amazon and the USPS rather than Amazon proactively pullings its business. Amazon provided Engadget with the following statement regarding the Post's reporting and its negotiations with the USPS: 

"The USPS is a longstanding and trusted partner and we remain committed to working together. We’ve continued to discuss ways to extend our partnership that would increase our spend with them, and we look forward to hearing more from them soon — with the goal of extending our relationship that started more than 30 years ago. We were surprised to hear they want to run an auction after nearly a year of negotiations, so we still have a lot to work through. Given the change of direction and the uncertainty it adds to our delivery network, we're evaluating all of our options that would ensure we can continue to deliver for our customers."

The auction Amazon is referring to would be a "reverse auction," according to the Post. The USPS would be offering its mailing capabilities to the highest bidder, essentially making Amazon and other high-volume shippers compete for USPS resources. This move would reportedly be a result of the breakdown in talks between Amazon and the USPS. 

Over the past decade, Amazon has invested heavily in shipping logistics, buying its own Boeing planes, debuting electric delivery vans and slowly building out a drone delivery network. Last year, Amazon handled over 6.3 billion parcels, a 7 percent increase over the previous year, according to the Pitney Bowes parcel shipping index. USPS, for its part, handled roughly 6.9 billion, just a 3 percent increase over 2023. That is to say that Amazon's shipping network can already handle over 90 percent of the volume of the US Postal Service (at least by sheer numbers).

The USPS has been in dire financial condition for some time, losing billions of dollars a year. Negotiations between Amazon and the public carrier have reportedly stalled, which, together with the agency's need to keep raising its prices, may create more urgency for the company to eliminate its reliance on the service altogether.

The Postal Service has struggled to modernize and adapt (its attempt to electrify the truck fleet was a bust) in a market where the likes of Amazon and Walmart are investing billions in delivering packages around the country at lightning speed. The ever-accelerating digitization of communication and heavy investment in privately owned shipping operations threatens the very existence of one of the country's greatest public goods.

Update, December 4, 2025, 2:24PM ET: This story has been updated with a statement from Amazon and more details about the "reverse auction" the USPS reportedly wants to conduct if it no longer works with Amazon.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/amazon-reportedly-considering-ending-ties-with-the-us-postal-service-144555021.html?src=rss

©

© FinkAvenue via Getty Images

The UK has fined a porn operator called AVS Group £1 million ($1.33 million) for failing to have strong enough age checks, regulator Ofcom announced. The company which was also hit with an additional £50,000 fine for its failure to respond to information request and now has 72 hours to introduce effective age checks or face a further penalty of £1,000 a day. 

In July, the UK government announced it would start checking compliance by websites that publish or display pornographic content to implement a system for "highly effective age checks." Methods approved by Ofcom include credit card checks, photo ID matching and even estimating a user's age with a provided selfie. However, users have been circumventing the age checks via methods like using a VPN and providing a fake ChatGPT-generated photo ID. 

The fine is the third such penalty arising from the UK's Online Safety Act designed to protect children and adults from harmful content. In October, 4Chan was also hit with a £20,000 ($26,700) fine for failing to comply with the internet and telecommunications regulator's request for information under the same law.

The UK isn't the only region to have implemented age checks. Around half of US states now require it, as do France, Italy, Australia and China. Australia took things a step further by banning social media use by children under 16, including sites popular with young people like Twitch and YouTube.

Ofcom's safety director, Oliver Griffiths, said the crackdown on weak age verification for adult sites would continue. "The tide on online safety is beginning to turn for the better. But we need to see much more from tech companies next year and we’ll use our full powers if they fall short."

This article originally appeared on Engadget at https://www.engadget.com/general/uk-fines-porn-company-%C2%A31-million-for-weak-age-checks-130056578.html?src=rss

©

© liebre via Getty Images

Artificial intelligence is showing up everywhere in Google's services these days, whether or not people want them and sometimes in places where they really don't make a lick of sense. The latest trial from Google appears to be giving articles the AI treatment in Google Discover. The Verge noticed that some articles were being displayed in Google Discover with AI-generated headlines different from the ones in the original posts. And to the surprise of absolutely no one, some of these headlines are misleading or flat-out wrong. 

For instance, one rewritten headline claimed "Steam Machine price revealed," but the Ars Technica article's actual headline was "Valve's Steam Machine looks like a console, but don’t expect it to be priced like one." No costs have been shared yet for the hardware, either in that post or elsewhere from Valve. In our own explorations, Engadget staff also found that Discover was providing original headlines accompanied by AI-generated summaries. In both cases, the content is tagged as "Generated with AI, which can make mistakes." But it sure would be nice if the company just didn't use AI at all in this situation and thus avoided the mistakes entirely.

The instances The Verge found were apparently "a small UI experiment for a subset of Discover users," Google rep Mallory Deleon told the publication. "We are testing a new design that changes the placement of existing headlines to make topic details easier to digest before they explore links from across the web." That sounds innocuous enough, but Google has a history of hostility towards online media its frequent role as middleman between publishers and readers. Web publishers have made multiple attempts over the years to get compensation from Google for displaying portions of their content, and in at least two instances, Google has responded by cutting out those sources from search results and later claiming that showing news doesn't do much for the bottom line of its ad business. 

For those of you who do in fact want more AI in your Google Search experience, you're in luck. AI Mode, the chatbot that's already been called outright "theft" by the News Media Alliance, is getting an even more symbiotic integration into the mobile search platform. Google Search's Vice President of Product Robby Stein posted yesterday on X that the company is testing having AI Mode accessible on the same screen as an AI Overview rather than the two services existing in separate tabs. 

This article originally appeared on Engadget at https://www.engadget.com/ai/google-discover-is-testing-ai-generated-headlines-and-they-arent-good-234700720.html?src=rss

©

Ireland's media regulator, Coimisiún na Meán, has announced investigations into both TikTok and LinkedIn for possible violations of the European Union's Digital Services Act, Reuters reports. The investigations are focused on both platforms' illegal content reporting features, which might not meet the requirements of the DSA.

The main issue appears to be how these platforms’ reporting tools are presented and implemented. Regulators found possible "deceptive interface designs" in the content reporting features they examined, which could make them less effective at actually weeding out illegal content. "The reporting mechanisms were liable to confuse or deceive people into believing that they were reporting content as illegal content, as opposed to content in violation of the provider’s Terms and Conditions," the regulator wrote in a press release announcing its investigation.

“At the core of the DSA is the right of people to report content that they suspect to be illegal, and the requirement on providers to have reporting mechanisms, that are easy to access and user-friendly, to report content considered to be illegal, “ John Evans, Coimisiún na Meán's DSA Commissioner, said in the press release. "Providers are also obliged to not design, organize or operate their interfaces in a way which could deceive or manipulate people, or which materially distorts or impairs the ability of people to make informed decisions."

Evans goes on to note that Coimisiún na Meán has already gotten other providers to make "significant changes to their reporting mechanisms for illegal content," likely due to the threat of financial penalties. Many tech companies have headquarters in Ireland, and if a platform provider is found to violate the DSA, Irish regulators can fine them up to six percent of their revenue in response.

Ireland's Data Protection Commission is already conducting a separate investigation into the social media platform X for allegedly training its Grok AI assistant on posts from users. Doing so would violate the General Data Protection Regulation or GDPR, and allow Ireland to take a four percent cut of the company's global revenue.

This article originally appeared on Engadget at https://www.engadget.com/social-media/ireland-is-investigating-tiktok-and-linkedin-for-possible-dsa-violations-194519622.html?src=rss

©

Here’s hoping the retailers offering tasty Cyber Monday deals that caught your eye aren’t having trouble with Shopify. The ecommerce platform is experiencing some issues. According to a support page, some merchants were having trouble logging into the Shopify platform, which was experiencing outages with the checkout and admin systems. Shopify’s point-of-sale (POS), API and mobile and support systems also saw “degraded performance.”

Editor's note (on December 2 10:35AM ET): The outage appears to have been resolved, with Shopify posting on X at 6:11PM yesterday that it “had a system degradation that has now been mitigated.” The statement further clarified that checkout and storefronts remained online during the outage, while admin interfaces were “temporarily unavailable for some merchants.” Also, the outage “briefly extended to POS but was quickly resolved.”

In an update at 12:39PM ET, Shopify wrote “We are continuing to investigate and apply mitigations for the issues with accessing Admins and POS systems.” It added “Some merchants may also see an issue with POS checkouts, due to not being able to access POS systems.”

At 2:31PM ET, the company posted an update to its status page, saying “We have found and fixed an issue with our login authentication flow, and are seeing signs of recovery for admin and POS login issues now. We are continuing to monitor recovery.” You might start to see some services go back to normal, and it should hopefully not impact your holiday shopping too much.

Shopify said in a blog post just last week that it powers 12 percent of ecommerce in the US. Brands including Netflix, Mattel, Supreme, Glossier and Converse are among those that use the platform.

When asked for more details about the outage, Shopify directed Engadget to its status page as well as a tweet posted at 10AM that read, “We're aware of an issue with Admins impacting selected stores, and are working to resolve it.”

Somewhat ironically, that very account posted on November 27 that 56 seconds was the average amount of wait time the prior week and that its team was ready to “keep that pace” for the Black Friday/Cyber Monday shopping rush. It has been hours since the outage was first reported this morning.

Update, December 1 2025, 2:48PM ET: This story has been updated to include Shopify’s latest post about resolving a login authentication issue, as well as its tweet from November 27.

Update, December 2 2025, 10:35AM ET: This story has been updated to include an Editor’s note with the latest on the outage, which seems to mostly have been resolved.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/shopify-was-down-for-much-of-cyber-monday-180958407.html?src=rss

©