There’s finally a release date for the Spaceballs sequel — but before you get too excited, it’s a whole year away. As first reported by Deadline, Amazon MGM Studios announced on Friday night that the upcoming Spaceballs movie will hit theaters on April 23, 2027, right around the 40th anniversary of the first film. Several members of the original cast will be reprising their roles, according to Deadline, including Mel Brooks, Rick Moranis, Bill Pullman, George Wynder and Daphne Zuniga.

Whispers of a potential Spaceballs 2 go back a couple of years, but Brooks officially confirmed in an extremely on-brand announcement video last summer that the movie is actually happening. Following Deadline‘s latest report, Amazon MGM Studios posted a screenshot of the article on X, along with the words, “Spaceballs: The Release Date. April 23, 2027.” The movie is being directed by Josh Greenbaum and written by Josh Gad, Dan Hernandez and Benji Samit, according to Deadline. Along with the returning cast members, it will star Gad, Keke Palmer (!!), Lewis Pullman and Anthony Carrigan.

The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign linked to North Korean hackers.

This follows the threat actors compromising a maintainer account to publish two malicious versions of Axios (1.14.1 and 0.30.4) to the npm package registry, triggering a supply chain attack.

These releases injected a dependency named plain-crypto-js that installed a remote access trojan (RAT) on macOS, Windows, and Linux systems.

The malicious versions were available for roughly three hours before being removed, but systems that installed them during that period should be considered compromised, and all credentials and authentication keys should be rotated.

The Axios maintainers said they have wiped affected systems, reset all credentials, and are implementing changes to prevent similar incidents.

The Google Threat Intelligence Group has since linked this attack to North Korean threat actors tracked as UNC1069.

“GTIG attributes this activity to UNC1069, a financially motivated North Korea-nexus threat actor active since at least 2018, based on the use of WAVESHAPER.V2, an updated version of WAVESHAPER previously used by this threat actor,” explains Google.

“Further, analysis of infrastructure artifacts used in this attack shows overlaps with infrastructure used by UNC1069 in past activities.”

Targeted in a social engineering attack

According to a post-mortem, the compromise began weeks earlier through a targeted social engineering attack on the project’s lead maintainer, Jason Saayman. 

The attackers impersonated a legitimate company, cloned its branding and founders’ likenesses, and invited the maintainer into a Slack workspace designed to impersonate the company. Saayman says the Slack server contained realistic channels, with staged activity and fake profiles that posed as employees and other open-source maintainers.

“They then invited me to a real slack workspace. this workspace was branded to the companies ci and named in a plausible manner,” explained Saayman in a post to the post-mortem.

“The slack was thought out very well, they had channels where they were sharing linked-in posts, the linked in posts i presume just went to the real companys account but it was super convincing etc. they even had what i presume were fake profiles of the team of the company but also number of other oss maintainers.”

The attackers then scheduled a meeting on Microsoft Teams that appeared to include numerous people.

During the call, a technical error was displayed, claiming that something on the system was out of date, prompting the maintainer to install a Teams update to fix the error. However, this fake update was actually RAT malware that gave threat actors remote access to the maintainer’s device, allowing them to obtain the npm credentials for the Axios project.

Other maintainers reported similar social engineering attacks, where the threat actors tried to get them to install a fake Microsoft Teams SDK update.

This attack is similar to a ClickFix attack, in which victims are shown a fake error message and then prompted to follow troubleshooting steps that deploy malware.

This attack also mirrors previous campaigns reported by Google’s threat intelligence teams, in which North Korean threat actors tracked UNC1069 used the same tactics to target cryptocurrency firms.

In previous campaigns attributed to the UNC1069 threat actor, the threat actors would deploy additional payloads on devices, such as backdoors, downloaders, and infostealers designed to steal credentials, browser data, session tokens, and other sensitive information.

Since the attackers gained access to authenticated sessions, MFA protections were effectively bypassed, allowing access to accounts without having to re-authenticate.

The Axios maintainers confirmed that the attack did not involve modifying the project’s source code, but instead relied on injecting a malicious dependency into otherwise legitimate releases.

Pelle Wessman, a maintainer of numerous open-source projects, including the popular Mocha framework, posted on LinkedIn that he was targeted in the same campaign and shared a screenshot of a fake RTC connection error message used to trick targets into installing malware.

When Wessman refused to install the app, the threat actors tried to convince him to run a Curl command.

“When it became clear that I wouldn’t run the app and we had chatted back and forth on website and chat app they made one final desperate attempt and tried to get me to run a curl command that would download and run something, then when I refused they went dark and deleted all conversations,” explained Wessman.

Cybersecurity firm Socket also reported that this was a coordinated campaign that has begun targeting maintainers of popular Node.js projects.

Multiple developers, including maintainers of widely used packages and Node.js core contributors, reported receiving similar outreach messages and invitations to Slack workspaces operated by the attackers.

Socket noted that these maintainers are responsible for packages with billions of weekly downloads, demonstrating that the threat actors focused on high-impact projects.

“Since we published our initial analysis of the axios compromise, a deep dive into its hidden blast radius, and a report on the maintainer confirming it was social engineering, maintainers across the Node.js ecosystem have come out of the woodwork to report that they were targeted by the same social engineering campaign,” explained Socket.

“The accounts now span some of the most widely depended-upon packages in the npm registry and Node.js core itself, and together they confirm that axios was not a one-off target. It was part of a coordinated, scalable attack pattern aimed at high-trust, high-impact open source maintainers.”

Socket said the campaign followed a consistent pattern, with the threat actors first making contact through platforms like LinkedIn or Slack and then inviting recipients into private or semi-private workspaces.

After building rapport with the target, the threat actors scheduled video calls, which in some cases were conducted through sites impersonating Microsoft Teams and other platforms.

During these calls, an error message would be displayed to the targets, which prompted them to install “native” desktop software that works better or run commands to fix the technical issues.

The same playbook used against all these targets during the same time period indicates this was a coordinated campaign rather than a series of one-off attacks.

The Socket researchers say that these types of supply chain attacks are becoming more common, with attackers now focusing on widely used packages to cause widespread impact.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Get Your Copy Now

It’s smaller and more portable than the brutish Move, yet large enough to sound much fuller than the pint-sized Roam. It can sit fixed on its charging cradle to rival the homebound Sonos Era 100, or follow you anywhere. In other words, it’s the epitome of Sonos versatility, and now that it’s working properly, it’ll be hard to pass up.

Play On

Opening the Play’s brown cardboard packaging feels equal parts Scandi minimalism and sustainability, in line with recent releases like the Arc Ultra soundbar. Inside, a white acoustic wrapping gives way to a stout tubular speaker with a rubberized loop attached, measuring 7.6 x 4.4 x 3 inches and weighing just under 3 pounds. You’ll also find simple setup instructions and a wireless charging stand, but no wall adapter. You’ll need one that can supply at least 9 volts and 2 amps (18 watts), but a 15-volt, 3-amp (45-watt) model is recommended for “optimal” charging. Sonos says the adapter omission is about reducing e-waste, but will happily sell you one for $29.

Otherwise, the Sonos app is all you need to get going. After the obligatory firmware update, my Play was streaming on my home network in minutes. Sonos hosts over 100 streaming services directly, and you can also stream over third-party services like Spotify Connect, Tidal Connect, Apple AirPlay, and more. You’ll find the speaker as its own “Room” on the app’s main page, where you can swipe up to group it with other Sonos products on your network, or go into the settings to tweak options like EQ, Room name (important if you have more than one Play), and Sonos Trueplay to auto-adjust the sound to your environment.

You’ll also find a Battery Saver toggle, which is set by default to shut down the power when it’s idle for too long. It’s this feature that, according to Sonos, caused my connection woes as I tested the speaker’s 24-hour battery claim. Sonos says it identified the root cause, and after the firmware update I’ve let the speaker power down multiple times, with no further network disruptions over a week of extra testing.

Photograph: Ryan Waniata

Founders Fund has made its name backing what Peter Thiel calls “zero to one” companies — businesses that don’t just improve on existing ideas but create something entirely new. Its portfolio includes Facebook, SpaceX, and Palantir. Its latest bet is a New Zealand startup that puts solar-powered smart collars on cows.

Halter, which closed a $220 million Series E at a $2 billion valuation last month, with Founders Fund leading the round, isn’t the kind of company that tends to dominate technology headlines. There is no agentic AI involved, no humanoid robots. There is, however, a very large and largely unsolved problem: How do you manage cattle spread across some of the most remote terrain on earth, without dogs, horses, motorbikes, or helicopters?

Craig Piggott, Halter’s 30-year-old founder and CEO, has spent nine years working on an answer. “If you manage a pasture-based farm, whether it’s dairy or beef, the most important variable is how you manage the productivity of your land,” Piggott told TechCrunch in a recent interview. “Fences are the lever — they control where animals graze and how you rest the land. Being able to do that virtually just made a lot of sense.”

The system Halter has built combines a solar-powered collar, a network of low-frequency towers, and a smartphone app to let farmers create virtual fences, monitor every animal around the clock, and move their herds without ever leaving the farmhouse. Cattle are trained to respond to audio and vibration cues from the collar — a process Piggott that likens to the way a car beeps as it approaches a wall while parking. Most animals, he says, learn within three interactions with a virtual fence. “Then you’re able to guide them and shift them around on sound and vibration alone.”

The collar does more than herd. Because it is always on and collecting behavioral data, it also tracks animal health, monitors fertility cycles, and flags when individual animals may be sick, capabilities that Piggott says have improved dramatically as Halter has accumulated what is likely the world’s largest dataset of cattle behavior. The company is now on its fifth generation of hardware, and its reproduction product is currently in beta with U.S. customers.

“The product that ranchers use today is radically different to what they bought a year ago,” Piggott said. “Every week, we’re releasing new things to our customers.”

Piggott grew up on a dairy farm in New Zealand before studying engineering and landing a brief stint at Rocket Lab, the rocket company that gave him his first glimpse of what a technology startup could be. “Rocket Lab was kind of my introduction to technology and startups and the world of venture capital,” he said. “Realizing you could raise money, hire a team, and chase an ambitious mission was inspiring. I wanted to do that in agriculture.” He started Halter at 21. “Probably a bit naive in hindsight,” he acknowledged, “but that was fine.”

Nine years later, Halter’s collar is on more than a million cattle across more than 2,000 farms in New Zealand, Australia, and the United States, where the company operates in 22 states. The financial proposition for farmers is straightforward: By giving ranchers precise control over where their herds graze, Halter can lift the productivity of their land by as much as 20% — not by saving labor costs (though that happens, too), but by ensuring cattle graze more efficiently and leave less grass behind. “In some cases, we see customers literally doubling the output off their land,” Piggott said. “The upper ceiling for returns is very, very strong.”

Halter isn’t alone in spying the opportunity. Pharmaceutical giant Merck already makes its own virtual fencing system for cattle, called Vence, and newer entrants are circling too — at Y Combinator’s most recent “demo day,” a startup called Grazemate presented a vision for herding cattle with autonomous drones (no collars necessary).

Piggott seems unbothered by either. Asked about drones, he answers: “Can I see drones playing some small part in the future? Probably. But I don’t think a drone is the right form factor for the core fencing element of virtual fencing. A collar will probably be the right form factor for a very long period of time.” And as for the bigger competitive picture, he argues the real obstacle isn’t rival technology at all. “The biggest competition is just not changing anything,” he said. “It’s doing what you did last year.”

What sets Halter apart, Piggott argues, is the sheer engineering difficulty of what it has spent nine years solving — a system managing a thousand animals needs to be reliable to many nines of uptime, because even a 1% failure rate means ten animals out at any given time. “Chasing those many nines of reliability takes time,” he said, “and that long tail is what we proved out in New Zealand over many years before we started to expand globally.”

Halter is also something of an outlier in the agricultural technology sector, which has slumped in recent years as startups struggled to persuade farmers to adopt new products while managing high operational costs. Piggott attributes Halter’s traction to its relentless focus on financial return. “From day one, Halter has been built around a really strong financial ROI,” he said. “If you can lift the productivity of land by 20%, that flows through the entire business.”

Unlike most technology companies, Halter doesn’t view the United States as the center of its universe. “The U.S. market is important for us, but it’s not the world’s biggest market,” Piggott said. “Agriculture is spread around the world, and we need to get there too.” The company has now raised roughly $400 million in total and is prioritizing expansion across the U.S., South America, and Europe.

But the scale of the remaining opportunity is perhaps best captured in a single number — one that no doubt resonated with Founders Fund and Halter’s earlier backers, too. Halter’s collar is on one million cattle, while there are one billion more in the world. With less than 10% penetration in its home market of New Zealand alone, “We have a long way to go, and a lot of product still to build,” Piggott said.

You can listen to our conversation with Piggott on this newest episode of the StrictlyVC Download podcast, which drops Tuesdays.

from the another-day-in-paradise dept

A quick refresher: there was originally $42.5 billion in broadband grants headed to the states thanks to the 2021 infrastructure bill most Republicans voted against (yet routinely try to take credit for among their constituents).

But after taking office this second time, the Trump administration rewrote the grant program’s guidance to eliminate provisions ensuring the resulting broadband is affordable to poor people, and to ensure that Elon Musk and Jeff Bezos gets billions in new broadband subsidies for their fledgling satellite broadband networks.

Money given to Bezos and Musk is money not spent on better, faster, local fiber optics (especially popular community owned networks). A serious broadband policy would ensure that open access fiber is the priority, followed by wireless, with satellite filling the gaps. Satellite was never intended to be the primary delivery mechanism for broadband, because of obvious congestion and capacity constraints.

The Trump NTIA is doing all of this under the pretense that giving taxpayer money to billionaires (for satellite service they already planned to deploy) instead of spending it on high quality fiber is “saving taxpayers money.” That’s generally resulted in widespread delays for this BEAD (Broadband, Equity, Access and Deployment) program, despite Republicans spending much of last election season complaining this program was taking too long.

The Trump NTIA hijacking of the program has also created a $21 billion pool of “non deployment funds” made up of the fake savings Republicans claim they created by screwing up the program. There’s a looming fight emerging over what happens to that money. Congress and the infrastructure law specifically states this money is supposed to be dedicated to expanding broadband access.

States would obviously like to use this money either for broadband, or for local infrastructure. But you get the sense that this giant wad of cash is very tempting for the Trump administration to just hijack and use as an unaccountable slush fund, doled out to its most loyal red state allies (or just kept by the “Treasury”).

After delays and excuses extended in to last summer, the Trump NTIA was supposed to provide guidance for states on how this money could be used earlier this month, but has been a no show:

“Under pressure from senators at an appropriations hearing, Commerce Secretary Howard Lutnick last month sought to calm fears when he said that so-called “non-deployment” funds under the Broadband Equity, Access and Deployment, or BEAD, program would not be rescinded.

But with no guidance so far from the department’s National Telecommunications and Information Administration, which was expected but delayed this week, lawmakers and others are pushing to have their voice heard on exactly how states will be able to use the $21 billion pot of money.”

Advertisement

It’s not clear if states can trust the word of Lutnick (who’s been a little distracted by Epstein allegations). The Trump administration has threatened (quite illegally) to withhold BEAD funding entirely from states that attempt to stand up to telecom monopolies or insist that taxpayer-funded broadband is affordable. There were also several initiatives to withhold BEAD funds if states tried to regulate AI.

Unsurprisingly, many states are afraid to be honest about what a cock up this whole hijacking has been in the press for fear of losing billions in potential (and already technically awarded) funding.

There’s a real potential here that taxpayer money that was originally earmarked for future-proof, ultra-fast fiber network is going to be repurposed into a general free for all slush fund that gets redirected to whoever praises the Trump administration the most. And I wouldn’t be surprised that this ultimately results in state lawsuits against the federal government for redirecting funds.

“I think the state officials who think they’re going to be made whole, need to reread the Merchant of Venice, because [NTIA boss Arielle] Roth is coming for her pound of flesh,” Sascha Meinrath, Palmer Chair in Telecommunications at Penn State University, told me in an email. “I wouldn’t be at all surprised if it’s operationalized in a way to directly target or disadvantage blue states — whether in what it does, or what’s tied to the acceptance of the funding.”

One last side note: last election season the “abundance” folks like Ezra Klein spent ample time parroting GOP criticism of the admitted delays and problems with this BEAD program (ignoring why the program took so long, as well as other examples of similar broadband grant programs from the same year doing well) as an example of a Democratic bureaucratic dysfunction.

But I’ve noticed that since Trump hijacked the program, introduced massive delays, redirected billions to billionaires, and even tried to run off with half the funding, the subject hasn’t been revisited by Klein since. Quite generally (since infrastructure just doesn’t get those clicks) the press coverage of this whole mess has ranged from nonexistent to positively tepid.

Filed Under: bead, broadband, elon musk, fiber, ntia, satellite, taxpayers, telecom