At a glance, it’s doing the same job as 2023’s Ultion Nuki Plus: pairing Brisant Secure’s Ultion 3 Star PLUS cylinder and UK-specific door furniture with Nuki’s Smart Lock Pro and platform. In practice, though, this version looks more cohesive, feels quicker to respond and is better aligned with how people actually use a front door every day.

Built-in Wi-Fi removes the hassle of extra bridges. Matter support makes it much easier to fit into a wider smart-home setup. The improved motor means locking and unlocking feel quicker, quieter and less clunky. While the overall design is cleaner and more refined than previous models.

Just as importantly, there are sensible fallbacks everywhere. You can still use a physical key, operate it manually from inside, and include a biometric keypad or keyfob if you want different ways in.

The latest episode of The Leaders’ Room podcast season four features Peter Lantry, managing director of Equinix Ireland. This series is created in partnership with IDA Ireland.

Once again in season four of The Leaders’ Room podcast, we get to know the leaders of some of the most influential multinationals in tech, life sciences and innovation, as well as getting insights into their leadership styles and the high-tech trends they see coming down the line.

In this latest episode, we speak to Peter Lantry, managing director of Equinix Ireland, about the intersection of energy, digital infrastructure and sustainability – and about what Ireland’s digital future could look like if we get the balance right. It’s a wide-ranging and eye-opening conversation about the global data centre giant that sits at the heart of Ireland’s digital ecosystem, and about a man whose career trajectory is decidedly well-matched to the task at hand.

Equinix is the world’s leading co-location retail data centre provider – something Lantry describes, cleverly, as akin to being a “digital airport”, connecting networks, cloud platforms, content providers and enterprises across more than 280 data centres in 35 countries. It works with major players from Nvidia and AWS to Google, as well as with smaller retail clients.

In Ireland, while Equinix has been here 10 years, many of the data centres it now owns, like those of Telecity, have been operating since 1998. The Irish operations have grown significantly since, most recently with the acquisition of two BT data centres and a new Blanchardstown facility, DB7X, now under construction.

What strikes you listening to Lantry is the sheer scale of what Equinix does – more than half a million direct connections between businesses globally, and more than 90pc of all internet traffic in the world flowing through their data centres. The subsea cables that connect Ireland to the rest of the world terminate in Dublin, most of them into an Equinix data centre.

The energy and sustainability conversation is where this episode really catches the imagination. Lantry and his team are doing genuinely pioneering things at Equinix Ireland – hydrogen fuel cells already operating at one of their Dublin sites, solar canopies going in, and an innovative grid solution planned working with the IDA, EirGrid and ESB Networks.

Lantry believes Ireland has a real opportunity, with its ambition to have 22GW of renewable power connecting to the grid by 2030. The question, he says, isn’t whether Ireland can become a leading sustainability hub, but whether we have the collective will to all work together and make it happen.

His vision of data centres that can flex dynamically with the grid – stepping in to support it when needed, rather than adding to its burden – is a compelling one. If we export our data and digital services rather than our electricity, he argues, we could generate perhaps 10 times the value for the Irish economy, so it is crucial, he believes, that we get our digital infrastructure right.

Lantry’s career trajectory means it’s easy to see why Equinix came calling. Starting as a civil and structural engineer with Arup, moving into management science and then consultancy with PwC and IBM, followed by 17 formative years with EirGrid – where he was connecting data centre customers, wind farms and working on the design and implementation of the Irish single electricity market. This was followed by a spell as managing director of Hitachi Energy, where he grew their global data centre business from €350m to €750m in a single year.

It is a CV that makes you understand why his Equinix colleagues remarked, with some amusement, that he was “fairly unique” when the energy crunch hit. He brings something genuinely rare to the role – a deep, practical understanding of both utilities and digital infrastructure, earned over several decades.

On leadership, Lantry talks about Level 5 leadership, referencing James Collins’ book ‘Good to Great’ – leading by example, listening deeply, supporting others and removing the barriers that stop teams from delivering. What comes through clearly is his sense of purpose: the utility-like nature of what Equinix does, connecting everyone and everything in a sustainable way, gives the whole team something genuinely meaningful to rally behind, he says.

I found his emphasis on being fully present in every conversation particularly striking – that good leadership means making the people you are talking with feel truly heard and understood. He describes himself as something of a translator, someone who has spent a career connecting the dots between brilliant people with different expertise and different drivers. Perhaps that instinct was shaped early he says. Lantry grew up moving between countries with his parents – the Netherlands, England, France, Colombia, and back to Ireland – learning to navigate different cultures and ways of engaging. Whatever its roots, it is clearly central to how he leads today.

We’re grateful to all our interviewees again this season, for taking the time out of busy schedules to come into the studio and share their insights and their intelligence with us. And a big thanks as ever to our partners IDA Ireland who make this series possible.

The Leaders’ Room podcast is released fortnightly and can be found by searching for ‘The Leaders’ Room’ wherever you get your podcasts. For those who prefer their audio with visuals, filmed versions of the podcast interviews are all available here on SiliconRepublic.com.

Check out The Leaders’ Room podcast for in-depth insights from some of Ireland’s top leaders. Listen now on Spotify, on Apple or wherever you get your podcasts.

Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters.

A reader shared an email with BleepingComputer that appeared to be a standard Apple security notification that stated their account information had been updated.

However, embedded within the message was a phishing lure claiming that an $899 iPhone purchase had been made via PayPal, along with a phone number to call to cancel the transaction.

“Dear User 899 USD iPhone Purchase Via Pay-Pal To Cancel 18023530761,” reads the Apple account phishing email.

“The following changes to your Apple Account, hxfedna24005@icloud.com, were made on April 14, 2026 at 7:01:40 PM GMT:”

“Shipping Information”

These emails are designed to trick recipients into thinking their accounts were used for fraudulent purchases and scare them into calling the scammer’s “support” number.

When calling the number, scammers typically try to convince victims that their accounts have been compromised and may instruct them to install remote access software or provide financial information.

In previous callback phishing campaigns, this remote access has been used to steal funds from bank accounts, deploy malware, or steal data.

Abusing Apple account notifications

While the phishing lure is not new, the campaign illustrates how threat actors continue to evolve their tactics by exploiting legitimate website features to conduct attacks.

The phishing email was sent from Apple’s infrastructure using the address appleid@id.apple.com and passed SPF, DKIM, and DMARC authentication checks, indicating it was a legitimate email from Apple.

dkim=pass header.d=id.apple.com header.i=@id.apple.com header.b=o3ICBLWN
spf=pass (spf.icloud.com: domain of uatdsasadmin@email.apple.com designates 17.111.110.47 as permitted sender) smtp.mailfrom=uatdsasadmin@email.apple.com

Further analysis of the email headers shows that the message originated from Apple mail infrastructure and was not spoofed.

Initial server: rn2-txn-msbadger01107.apple.com
Outbound relay: outbound.mr.icloud.com
IP address: 17.111.110.47 (Apple-owned)

To conduct the attack, the threat actor creates an Apple ID and inserts the phishing message into the account’s personal information fields, splitting the text across the first and last name fields.

BleepingComputer was able to replicate this behavior by creating a test Apple account and adding similar callback phishing language to the first and last name fields. This is because each field cannot contain the entire scam message.

To trigger the Apple account profile change notification, the attacker modifies the account’s shipping information, which causes Apple to send a security alert notifying the user of the change.

Because Apple includes the user-supplied first and last name fields within these notifications, the phishing message is embedded directly into the email and delivered as part of a legitimate alert.

While the target of the attacks received the message, the email was initially sent to an iCloud email address associated with the attacker’s account. This email address is also included in the notification email, making the email look more concerning and potentially leading someone to believe the account was hacked.

Header analysis shows that the original recipient differs from the final delivery address, indicating that the attacker is likely using a mailing list to distribute the emails to multiple targets.

This campaign is similar to a previous phishing campaign that abused iCloud Calendar invites to send fake purchase notifications through Apple’s servers.

As a general rule, users should treat unexpected account alerts claiming purchases or urging them to call support numbers with caution, especially if they did not initiate any recent changes or if they contain unusual email addresses.

BleepingComputer contacted Apple on Friday about this campaign, but did not receive a response, and the abuse is still possible.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot

Every time I’ve written about Meta’s AI-enabled glasses, I invariably get asked these questions: Why do you even want these? Why do you want smart glasses that can play music or misidentify native flora in a weirdly cheery voice? I am a lifelong Ray-Ban Wayfarer wearer, and I’m also WIRED’s resident Meta wearer. I grab a pair of Meta glasses whenever I leave the house because I like being able to use one device instead of two or three on a walk. With Meta glasses, I can wear sunglasses and workout headphones in one!

Meta sold more than 7 million pairs in 2025. Take a look at any major outdoor or sporting event, and you’ll see more than a few people wearing these to record snippets for Instagram or TikTok. Meta’s partnership with EssilorLuxottica has made smart glasses accessible, stylish, and useful and is undoubtedly the reason why Google, and now Apple, are trying to horn in on the market. After the notable flop that is the Apple Vision Pro, Apple is recalibrating its face-wearable strategy, moving away from augmented reality (AR) toward simpler, display-less, and hopefully good-looking glasses.

That’s not to say that you shouldn’t be careful how you use these glasses. Meta doesn’t have the greatest track record on privacy, and the company has continued to push forward with policies that are questionable at best. Even if you’re not concerned that face recognition will allow Meta to target immigrants or enable stalkers to find their victims, at the very least, people really do not like the idea that you could start recording them at any moment.

Probably the biggest hurdle to wearing Meta glasses is that even doing so seems like a gross violation of the social contract. After all, these are Mark Zuckerberg’s “pervert glasses.” When I pop these on my head, I’ve had friends (and my spouse) recoil and say, “I have apps to warn me away from people like you.” The best part, though, is that Oakley and Ray-Ban already make really great sunglasses. Even if the battery runs out or you don’t use Meta AI at all, these are stellar at shading your eyes from the sun.

Anyway, if you decide to try them, here’s what you should get. If you do chicken out, check out our buying guides to the Best Smart Glasses or the Best Workout Headphones for more.

Best Overall

Last year, Meta upgraded the original Meta Ray-Ban Wayfarers that became a smash hit. These are Meta’s entry-level glasses, and they come in a variety of lens styles. You can order them with clear lenses, prescription lenses, transition lenses, or the OG sunglass lenses, as well as in a variety of fits, including standard, large, or high-bridge frames. Improvements to this generation include an upgrade to a 12-MP camera and up to eight hours of battery life; writer Boone Ashworth’s testing clocked in at five to six hours.

The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes.

Starting April 15, the service will only analyze and provide additional details (e.g., severity rating, product lists) for security issues that meet specific criteria related to the risk they pose.

The National Vulnerability Database (NVD) will still list all submitted vulnerabilities, but those considered low priority will have a severity rating only from the CVE Numbering Authority (CNA) that evaluated and submitted it.

In an announcement this week, the non-regulatory federal agency said it will only provide additional details for vulnerabilities that meet one of the following criteria:

• are in CISA’s Known Exploited Vulnerabilities (KEV) catalog
• affect the U.S. federal government software
• involve critical software as per Executive Order 14028

NIST explained that the decision was driven by the large number of submissions, which grew by 263% recently and continued to accelerate in 2026. The organization enriched 42,000 CVEs in 2025, but it can no longer keep up with the increasing volume.

NIST NVD is a public, centralized database of known software and hardware vulnerabilities, which also provides additional descriptions and analyses on top of the unique identifiers (CVE IDs) assigned by CNAs, such as vendors and the not-for-profit The MITRE Corporation.

The point of enriching vulnerability details is to make CVE entries usable for risk management, including assigning severity scores, identifying affected product versions, classifying weaknesses, and providing links to advisories, patches, or related research.

NIST NVD is used universally by security researchers, software vendors, government agencies, IT professionals, journalists, and regular users seeking more information about a specific security issue.

“All submitted CVEs will still be added to the NVD. However, those that do not meet the criteria above will be categorized as “Not Scheduled,” explains NIST.

“This will allow us to focus on CVEs with the greatest potential for widespread impact. While CVEs that do not meet these criteria may have a significant impact on affected systems, they generally do not present the same level of systemic risk as those in the prioritized categories.”

NIST admits that the new rules allow some potentially high-impact CVE slip through. For this reason, the agency accepts enrichment requests for “any lowest priority CVEs” via email messages at ‘nvd@nist.gov.’

The lack of enrichment or notable delays was noticeable since 2024, but the organization has now formally declared that it will focus on the most important entries.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot

Rim-driven thrusters turn the normal propeller-motor arrangement inside out; rather than mounting the motor at the center of the propeller, they use a large hollow motor, with the blades attached to the inside of the rotor. They’re mostly used in ship propellers, though there have been some suggestions to use them in electric aircraft. [Integza], always looking for new and unusual ways to create propulsion, took this idea and made it into a jet engine.

Rather than using an electric motor, the fan in this design is propelled by miniature rocket nozzles along the edge. The fan levitates on a layer of high-pressure gas between the fan rim and the housing. To prevent too much pressurized gas from escaping, the fan and housing needed to fit together closely, but with minimal friction. A prototype made out of acrylic and resin and powered by compressed air proved that the idea worked, but [Integza] wanted to make to this a combustion-powered engine.

The full engine would be similar to a rocket engine, with the fan being the nozzle. The combustion chamber was built out of a brass fitting, and it burned propane in compressed air. The fan and housing were CNC-milled out of aluminium and brass, respectively. They worked well when powered with compressed air, but seized up when connected to the combustion chamber — the fan was thermally expanding and jamming in the housing. Progressively rounding down the edges of the fan failed to solve this, and a hole melted in the fan during one test. [Integza] machined a new fan, which he anodized to increase its heat resistance.

To keep it from overheating, he sprayed water into the combustion chamber, creating steam and cooling the exhaust stream to a manageable temperature. The engine did work, though we do wonder whether the fan actually increases its thrust over that of the base rocket engine.

This isn’t the first unconventional jet engine [Integza]’s built, nor the first which tries to amplify the thrust produced by a rocket engine.

Thanks to [Keith Olson] for the tip!

Panic, the company behind the tiny and excellent Playdate console, is taking a stand on generative AI. The company has published an AI disclosure that says as of this month, the Playdate Catalog “will no longer accept titles that use ‘Generative AI’ for art, audio, music, text, or dialog.” Panic does allow for developers to use AI assistance for coding, but also says that “we will flag any title as such and specify the extent that it was used (for example, “Lua debugging”) so the customer can decide whether to support it or not.”

This comes a day after Panic announced that Playdate season three was happening and would arrive later this year. For those who don’t recall, the Playdate includes a “season” worth of games when you buy it, 24 titles in total with two revealed every week. Season two came out last year with 12 games — but, as Game Developer notes, one of those games used generative AI for writing and coding. On Bluesky, someone asked Panic if it would disclose what games in season three used AI, and the company confirmed that it was a requirement for season three that developers not use AI for art, music, writing or coding.

Specifically, Panic says you can’t use large language models like ChatGPT or Google Gemini, AI image generators like Stable Diffusion or audio generators like MuseNet and Suno. Previously-approved games with generative AI will be allowed to stay on the catalog with a disclosure that indicates what exactly AI was used for. The company says these guidelines are “under constant discussion and is subject to change at any time.”

I recall seeing AI disclosures on games in the Playdate Catalog in the past, but it makes sense to be up-front and clear on exactly what Panic allows and what it will reject. That said, it’s fairly easy to sideload games onto a Playdate, so anyone who wants to use generative AI to make a game isn’t entirely out of luck — though distribution and discovery for Playdate owners will obviously be harder.