Enlarge / Windows 10 and 11 have their own version of the Acropalypse screenshot editing bug. (credit: acropalypse.app/Andrew Cunningham)

Earlier this week, programmer and "accidental security researcher" Simon Aarons disclosed a bug in Google's Markup screenshot editing tool for its Pixel phones. Dubbed "acropalypse," the bug allows content you've cropped out of your Android screenshot to be partially recovered, which can be a problem if you've cropped out sensitive information.

Today, Aarons' collaborator, David Buchanan, revealed that a similar bug affects the Snipping Tool app in Windows 11. As detailed by Bleeping Computer , which was able to verify the existence of the bug, PNG files all have an "IEND" data chunk that tells software where the image file ends. A screenshot cropped with Snipping Tool and then saved over the original (the default behavior) adds a new IEND chunk to the PNG image but leaves a bunch of the original screenshot's data after the IEND chunk.

Buchanan says that a version of the acropalypse script "with minor changes" can be used to read and recover that data, partially restoring the part of the image you cropped out of your original screenshot. Buchanan is " holding off on publishing " Windows-compatible versions of those scripts since Microsoft (unlike Google) hasn't had time to patch the vulnerability.

Enlarge / A BATM sold by General Bytes. (credit: General Bytes)

Hackers drained millions of dollars in digital coins from cryptocurrency ATMs by exploiting a zero-day vulnerability, leaving customers on the hook for losses that can’t be reversed, the kiosk manufacturer has revealed.

The heist targeted ATMs sold by General Bytes, a company with multiple locations throughout the world. These BATMs, short for bitcoin ATMs, can be set up in convenience stores and other businesses to allow people to exchange bitcoin for other currencies and vice versa. Customers connect the BATMs to a crypto application server (CAS) that they can manage or, until now, that General Bytes could manage for them. For reasons that aren’t entirely clear, the BATMs offer an option that allows customers to upload videos from the terminal to the CAS using a mechanism known as the master server interface.

Going, going, gone

Over the weekend, General Bytes revealed that more than $1.5 million worth of bitcoin had been drained from CASes operated by the company and by customers. To pull off the heist, an unknown threat actor exploited a previously unknown vulnerability that allowed it to use this interface to upload and execute a malicious Java application. The actor then drained various hot wallets of about 56 BTC, worth roughly $1.5 million. General Bytes patched the vulnerability 15 hours after learning of it, but due to the way cryptocurrencies work, the losses were unrecoverable.

Enlarge (credit: Nikon)

Amazon has plans to lay off at least 27,000 workers this year, including 9,000 that were announced in an internal email yesterday morning. One unexpected casualty: Digital Photography Review, also known as DPReview, is losing its entire editorial staff, and the site will stop publishing on April 10 .

The announcement post, written by DPReview General Manager Scott Everett, says that new pieces will continue to be posted through April 10, and "the site will be locked" afterward. It's unclear what will happen to the site's content afterward—the post promises only that the site's articles "will be available in read-only mode for a limited period afterwards." Any photos and text that readers have uploaded to their accounts can be requested and downloaded until April 6 , "after which we will not be able to complete the request."

Former site editor Gannon Burgett said on Twitter that the decision to lay off the staff was announced in January and that " Amazon hasn't yet come up with an archival plan " for the site. Cameras, even digital ones, tend to have a pretty long shelf life, and there's an active used market for lenses and camera bodies—if DPReview.com goes offline entirely, that would be a huge blow to anyone trying to research older products.

Enlarge / "A gaming PC riding a skateboard" as generated by the DALL-E 2-powered Bing Image Creator. The version of DALL-E in the Bing Chat preview may be more advanced. (credit: Bing Image Creator)

Microsoft is giving its work-in-progress Bing AI chatbot the ability to generate images, the company announced today . Bing preview users can generate images by typing "create an image" (or something similar) followed by the prompt. As with other AI-powered image generators, the more detailed a prompt you provide, the more specific and consistent the output is.

Not all Bing preview users will be able to generate images right away, as Microsoft is rolling the feature out in phases (it's not working for me as of this writing). Initially, it will only work in the chatbot's "Creative" mode . The bot has three "personalities," and "Creative" is the most prone to giving wrong answers and inaccurate information.

Microsoft said it was using "an advanced version" of the DALL-E generator without providing additional details. The Bing chatbot was using OpenAI's GPT-4 model several weeks before it was formally announced to the public, so Microsoft could also be using a more powerful pre-release version of the DALL-E model. The image generator Microsoft made available to the public in October uses DALL-E 2.

Enlarge / Amazon has announced 27,000 layoffs since November 2022. (credit: Nathan Stirk/Getty Images)

Amazon will fire another 9,000 workers in the coming weeks. The news was delivered in an email from company CEO Andy Jassy to employees this morning and follows large cuts in November and again in January .

In his email to staff, Jassy wrote that most of the job cuts will come in four parts of the company: Amazon Web Services or AWS; "People Experience and Technology Solutions"; advertising; and the game-streaming platform Twitch, which has been owned by the Internet behemoth since 2014 . Those areas of the company were also heavily affected by the earlier layoffs, which involved 18,000 workers.

"This was a difficult decision, but one that we think is best for the company long term," Jassy wrote.

Enlarge / An example of lighting and skin effects in the AI image generator Midjourney v5. (credit: Julie W. Design )

On Wednesday, Midjourney announced version 5 of its commercial AI image synthesis service, which can produce photorealistic images at a quality level that some AI art fans are calling creepy and " too perfect ." Midjourney v5 is available now as an alpha test for customers who subscribe to the Midjourney service, which is available through Discord.

"MJ v5 currently feels to me like finally getting glasses after ignoring bad eyesight for a little bit too long," said Julie Wieland, a graphic designer who often shares her Midjourney creations on Twitter. "Suddenly you see everything in 4k, it feels weirdly overwhelming but also amazing."

Wieland shared some of her Midjourney v5 generations with Ars Technica (seen below in a gallery and in the main image above), and they certainly show a progression in image detail since Midjourney first arrived in March 2022. Version 3 debuted in August, and version 4 debuted in November . Each iteration added more detail to the generated results, as our experiments show:

Enlarge (credit: Getty Images)

Multiple threat actors—one working on behalf of a nation-state—gained access to the network of a US federal agency by exploiting a four-year-old vulnerability that remained unpatched, the US government warned.

Exploit activities by one group likely began in August 2021 and last August by the other, according to an advisory jointly published by the Cybersecurity and Infrastructure Security Agency, the FBI, and the Multi-State Information Sharing and Analysis Center. From last November to early January, the server exhibited signs of compromise.

Vulnerability not detected for 4 years

Both groups exploited a code-execution vulnerability tracked as CVE-2019-18935 in a developer tool known as the Telerik user interface (UI) for ASP.NET AJAX, which was located in the agency’s Microsoft Internet Information Services (IIS) web server. The advisory didn’t identify the agency other than to say it was a Federal Civilian Executive Branch Agency under the CISA authority.

Enlarge (credit: Getty )

A public pool in the UK is expected to save £20,000 (about $24,000) and cut carbon emissions by 25.8 tons annually by warming a 25 m and children's pool with waste heat from a data center from startup Deep Green . Data center owners have long tried to limit the impact of heat emanating from their machines, with some going as far as to submerge servers in water and others finding ways to redirect waste heat so it can warm larger areas, like buildings and communities. UK-based Deep Green is a newcomer in the data-center heat game and is making its entrance notable by putting a monetary figure on potential savings, which are fueled by the heat's low, low rate of free.

Deep Green's paying customers are machine-learning and AI firms seeking computing resources. As reported by Datacenter Dynamics on Tuesday, clients can leverage Deep Green's 28 kW system with high-performance computing (HPC) capabilities. The HPC cluster at the Exmouth Leisure Centre swimming pool has 12 four-CPU cards and could eventually be used for cloud services and video rendering, Deep Green CEO Mark Bjornsgaard told the publication. According to the BBC , the server is about the size of a washing machine.

The computers are submerged in mineral oil that captures heat that gets transferred into pool water with a heat exchanger. The pool still has a gas boiler to boost the water's temperature if required. Deep Green claims it's transferring about 96 percent of the energy used by its computers and reducing a pool's gas heat usage by 62 percent. Deep Green is paying the Exmouth Leisure Centre for all the electricity its data center uses, as well as any setup costs, and the Exmouth Leisure Centre gets the heat for free.

Enlarge / Microsoft 365 Copilot will attempt to automate content generation and analysis in all of the former Microsoft Office apps. (credit: Microsoft)

Today Microsoft took the wraps off of Microsoft 365 Copilot , its rumored effort to build automated AI-powered content-generation features into all of the Microsoft 365 apps .

The capabilities Microsoft demonstrated make Copilot seem like a juiced-up version of Clippy , the oft-parodied and arguably beloved assistant from older versions of Microsoft Office. Copilot can automatically generate Outlook emails, Word documents, and PowerPoint decks, can automate data analysis in Excel, and can pull relevant points from the transcript of a Microsoft Teams meeting, among other features.

Microsoft is currently testing Copilot "with 20 customers, including eight in Fortune 500 enterprises." The preview will be expanded to other organizations "in the coming months," but the company didn't mention when individual Microsoft 365 subscribers would be able to use the features. The company will "share more on pricing and licensing soon," suggesting the feature may be a paid add-on in addition to the cost of a Microsoft 365 subscription.