Key takeaways:

• The FCC has banned the sale of new foreign-made routers in the US, and this sweeping order applies to virtually every Wi-Fi router currently available in the US market.
• My expert advice is to hold off on purchasing a new router if you can. 
• Under the current rules, banned routers will no longer receive essential security firmware and software updates after March 1, 2027. 
• The FCC’s action has effectively frozen the entire market while router companies scramble to gain approval. 
• More specific information on which router companies will be subject to the ban is expected to become clearer within the next month or two. 

In my eight years of writing and reviewing broadband and routers, I’ve rarely seen news that I would describe as unprecedented. The FCC’s recent decision to ban foreign-made routers is absolutely unprecedented.

The sweeping order applies to any router in which any stage of “manufacturing, assembly, design and development” occurs outside the US — in other words, just about any router you can buy right now. The FCC order says that foreign-made routers pose “unacceptable risks” to national security.

The ban doesn’t apply to routers that were already authorized by the FCC — that is, every router that’s currently for sale in the US — and will only impact new models that haven’t been approved yet. That means every router that was available before the order is still available today, and router companies can still restock them using their existing manufacturing processes. 

Essentially, the FCC is freezing the entire router market. As William Budington, a technologist for the digital rights nonprofit Electronic Frontier Foundation, put it to me, “This is using an extremely blunt instrument.”

Where previous FCC bans have been limited to specific companies, such as last year’s push to ban TP-Link routers, this one affects an entire industry. So where does that leave someone who needs a new Wi-Fi router? Should you buy a model you’ve had your eye on in case it sells out? Or is it better to wait and see which companies the FCC considers foreign-made?

I know what I would do, but I gut-checked my advice with some industry experts. Turns out, we agree. 

My advice: Hold off on buying a new router for now

When I first saw the FCC’s announcement, I couldn’t stop thinking about how much chaos this would introduce to the US router market. As I tried to tease out which manufacturers would count as “foreign-made,” it quickly became clear how deeply international the supply chains for routers are. 

Understanding the scope of the ban

Take Netgear. While it’s a US-founded and headquartered company, it manufacturers routers in Vietnam, Thailand, Indonesia and Taiwan. With the exception of Starlink — the company says its newer routers are made entirely in Texas, according to the BBC — I couldn’t find a single router brand that’s homegrown. 

I don’t have any issues recommending routers that were manufactured abroad. After all, they’d already gone through the FCC’s authorization process, and I haven’t seen convincing evidence that any one router brand has more hardware vulnerabilities than another. 

Thomas Pace, CEO of cybersecurity firm NetRise, told me last year during an interview about the potential TP-Link ban: “We’ve analyzed an astonishing amount of TP-Link firmware. We find stuff, but we find stuff in everything.”

I just finished testing, reviewing and rating over 30 routers, and after years of resistance, I finally concluded that Wi-Fi 7 routers are worth the money for the speeds you get. While I stand by my recommendations, with this ban in place, the router you buy today may not be any good in a year. 

The future-looking security risk

Then I saw the FCC’s Public Notice on the ban, which specifies that manufacturers can continue providing software and firmware updates “at least until March 1, 2027.” That means if you own a foreign-made router — if you own any router, in other words — it won’t be able to get security patches after that deadline. 

That’s why I think the wise move here is to wait on buying one if you can. Keeping your router’s firmware up-to-date is an essential part of securing your home network. If you buy from a router company that doesn’t get an exemption from this ban, you risk having an unsecured device a year from now. 

It’s an ironic side effect of an order that is ostensibly designed to keep Americans safer: They may no longer be able to get the latest security fixes.  

“If you’re limiting the ability of people to get security updates, then you’re making the problem worse, not better,” Alan Butler, senior counsel at the Electronic Privacy Information Center, told me. “A lot of those routers are going to turn into pumpkins in a year unless they extend this waiver.”

By saying you can update your firmware “at least until March 1, 2027,” the FCC does leave some wiggle room for an extension. But until we know more about which companies the FCC considers foreign-made and which will be exempt, I wouldn’t feel comfortable recommending spending money on a new router right now. 

Advice for immediate router needs  

If your old router stopped working, I’m not going to tell you to wait for clarity from the FCC to get back on Wi-Fi — the timeline for concern is more in years than months. A good compromise might be to buy an older budget router rather than the latest Wi-Fi 7 model you’ve had your eye on. But if you can afford to wait a month or two, it’s worth exercising some caution. 

“I do think this is going to become a mess very quickly,” Butler said.

This is the messiest point in the process we’re likely to see. As the dust settles in the coming weeks, we’ll likely have better information on which routers will still be safe to use a year from now. 

Expert opinion: Is your current router still safe to use?

When I polled four cybersecurity experts, I was surprised to find that they were generally in favor of the FCC taking action to protect router security in theory, but critical of the execution. 

“It’s going to impact many harmless products in order to stem a real problem,” Budington said.  “It’s also not particularly well-targeted, since routers are only one part of the problem, along with IoT devices.”

The concern for national security risk 

The FCC says that routers produced abroad were “directly implicated” in the Volt, Flax and Salt Typhoon cyberattacks. These attacks aren’t necessarily targeting an average person’s data, but they can turn your router into a tool to be used in malicious attacks. 

“The individual user who owns the router probably doesn’t even know anything about it,” Butler said. “It’s happening in the background without their knowledge, and it’s not necessarily affecting them directly in any way that they can notice.” 

In the Salt Typhoon attack, hackers gained access to data from millions of people through their internet providers, aiming to gain access to information from court-authorized wiretaps. It was a particularly bold instance of a tried-and-true hacker approach called “spray and pray”: Find default login credentials and try them on as many connected devices as you can. 

“It can be only one router out of 5,000, but that one can be a bingo,” Sergey Shykevich, a threat intelligence manager at Check Point Research, told me about these types of attacks. “It’s mostly just easy. In many cases, you don’t have to be a very sophisticated actor, or even nation-state, in order to be successful.”

How you can secure your router right now 

It’s just as easy for hackers to gain access through a router’s default credentials as it is for you to change your own settings. Most routers have an app that lets you update your login credentials from there, but you can also type your router’s IP address into a URL. These are different from your Wi-Fi name and password, which should also be changed every six months or so. It’s also a good idea to keep your firmware updated, which you can do automatically in your router’s settings or by manually downloading updates in your router’s app or web portal.

When will we know more?

I wish I could point to another time when the FCC ordered a blanket ban on an entire category of consumer products, but nothing like this has happened before. Manufacturers can apply for “Conditional Approval,” and they are likely scrambling behind the scenes to make the cut. When I reached out to the FCC for more clarity on the order, I was referred to the commission’s “Covered List” FAQ page.

My best guess is that we’ll learn more specifics on which companies are banned in the next month or so — an estimate that was echoed by two industry observers I spoke with. But the wait could be even longer. Budington told me he thinks router companies might wait until the ban is lifted rather than hustle to try to move their entire supply chains to the US. 

No matter how it shakes out, we’ll likely look back on this as the most chaotic chapter of the router ban story. Unless you need a new router immediately, there’s a good chance you’ll be able to make a more informed decision a month from now. 

Virtual Private Networks (VPNs) promise to hide your online activities from prying eyes, but still need to gather some information to work properly.

Understanding exactly what data a VPN collects – and why – can help you decide whether a VPN service truly protects your privacy or simply adds another unwanted layer of surveillance.

From activity logs to the different policy types, we’ll walk you through the typical categories of logs a VPN provider might keep. We’ll explain what a “no-logs” VPN really means, highlight when a VPN’s data collection becomes too risky, and provide you with some practical tips for picking a trustworthy VPN provider.

Article continues below

What your VPN needs to collect

This article is crossposted from IEEE Spectrum’s careers newsletter. Sign up now to get insider tips, expert advice, and practical strategies, written in partnership with tech career development company Parsity and delivered to your inbox for free!

Engineers Aren’t Bad at Communication. They’re Just Speaking to the Wrong Audience.

There’s a persistent myth that engineers are bad communicators. In my experience, that’s not true.

Engineers are often excellent communicators—inside their domain. We’re precise. We’re logical. We structure arguments clearly. We define terms. We reason from constraints.

The breakdown happens when the audience changes.

We’re used to speaking in highly technical language, surrounded by people who share our vocabulary. In that environment, shorthand and jargon are efficient. But outside that bubble, when talking to executives, product managers, marketing teams, or customers, that same precision can be confusing.

The problem isn’t that we can’t communicate. It’s that we forget to translate.

If you’ve ever explained a critical issue or error to a non-technical stakeholder, you’ve probably experienced this: You give a technically accurate explanation. They leave either more confused than before, or more alarmed than necessary.

Suddenly you’re spending more time clarifying your explanation than fixing the issue.

Under pressure, we default to what we know best—technical detail. But detail without context creates cognitive overload. The listener can’t tell what matters, what’s normal, and what’s dangerous.

That’s when the “engineers can’t communicate” narrative shows up.

In reality, we just skipped the translation step.

The Writing Shortcut

One of the simplest ways to improve written communication today is surprisingly easy: Run your explanation through an AI model and ask, “would this make sense to a non-technical audience? Where would someone get confused?”

You can also say:

• “Rewrite this for an executive audience.”
• “What analogy would help explain this?”
• “Simplify this without losing accuracy.”

Large language models are particularly good at identifying jargon and offering alternative framings. They’re essentially translation assistants.

Analogies are especially powerful. If you’re explaining system latency, compare it to traffic congestion. If you’re describing technical debt, compare it to skipping maintenance on a house. If you’re explaining distributed systems, try using supply chain examples.

The goal isn’t to “dumb it down.” It’s to map the unfamiliar onto something familiar.

Before sending an email or report, ask yourself:

• Does this audience need to understand the mechanism, or just impact?
• Does this explanation help them make a decision?
• Have I defined terms they might not know?

Translation When Speaking

When speaking—especially in meetings or presentations—most engineers have one predictable habit: We speak too fast.

Nerves speed us up. Speed causes filler words. Filler words dilute authority.

To prevent that, follow a simple rule: Speak 10 to 15 percent slower than feels natural.

Slowing down cuts down the number of times you say “um” and “uh”, gives you time to think, makes you sound more confident, and gives the listener time to process.

Another rule: Say only what the audience needs to move forward.

Explain just enough for the person to make a decision. If you overload someone with implementation details when they only need tradeoffs, you’ve made their job harder.

The Real Skill

The key skill in communication is audience awareness.

The same engineer who can clearly explain a concurrency bug to a peer can absolutely explain system risk to an executive. The difference is framing, vocabulary, and context. Not intelligence.

In the age of AI, where code generation is increasingly commoditized, the ability to translate complexity into clarity is becoming a defining advantage.

Engineers aren’t bad communicators. We just have to remember that outside our bubble, translation is part of the job.

—Brian

Robert Goddard launched the first liquid-fueled rocket 100 years ago, but his legacy still has relevant lessons for today’s engineers. Although Goddard’s headstrong confidence in his ideas helped bring about the breakthrough, it later became an obstacle in what systems engineer Guru Madhavan calls “the alpha trap.” Madhavan writes: “We love to celebrate the lone genius, yet we depend on teams to bring the flame of genius to the people.”

Read more here.

For Communications of the ACM, two Microsoft engineers propose a model for software engineering in the age of AI: Making the growth of early-in-career developers an explicit organizational goal. Without hiring early-career workers, the profession’s talent pipeline will eventually dry up. So, they argue, companies must hire them and develop talent, even if that comes with a short-term dip in productivity.

Read more here.

Looking for a job? Last year, IEEE Industry Engagement hosted its first virtual career fair to connect recruiters and young professionals. Several more career fairs are now planned, including two upcoming regional events and a global career fair in June. At these fairs, you can participate in interactive sessions, chat with recruiters, and experience video interviews.

Read more here.

Pepper, a New York-based technology platform for independent food distributors, has acquired Alima, a Y Combinator-backed startup that built ordering and procurement software for small food distributors in Latin America. The deal, announced on Tuesday with no disclosed financial terms, brings Alima’s two cofounders into Pepper’s leadership team and extends the company’s push into AI-driven product content and data infrastructure for an industry that still runs largely on phone calls, faxes, and personal relationships.

Jorge Vizcayno, Alima’s chief executive, will lead Pepper’s product content platform and data infrastructure, which uses AI to match and enrich product catalogues at scale. Blanca Espinosa, Alima’s chief marketing officer and cofounder, will head customer implementation, applying AI tooling to the onboarding process that has historically been one of the most friction-heavy parts of selling software to food distributors.

Two companies, one thesis

The acquisition is small in isolation but revealing in what it says about where vertical software for food distribution is heading. Pepper and Alima were built on the same premise: that independent food distributors, who collectively account for more than two-thirds of food distribution in North America and handle over $1.4 trillion in annual sales, are woefully underserved by technology.

Alima, founded in 2021, tackled the problem from the Latin American side, where the gap is even wider. More than 85 per cent of B2B food suppliers and distributors in the region lack digital sales capabilities, according to the company’s own estimates. Alima built an ordering platform for small and mid-sized distributors, focusing initially on fresh produce procurement in Mexico. The company went through Y Combinator’s Winter 2022 batch and raised $1.5 million in seed funding from Soma Capital, YC, The Dorm Room Fund, and angel investors.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

Pepper, meanwhile, has grown into a broader platform covering ordering, sales and marketing, accounts receivable, and embedded payments for US-based food distributors. The company has raised $99 million across three rounds, most recently a $50 million Series C in February led by Lead Edge Capital, with participation from ICONIQ, Index Ventures, Greylock, Harmony Partners, and Interplay. It now serves more than 500 distributors representing approximately $30 billion in annual gross merchandise volume.

The AI angle

The strategic logic of the deal centres on product content, the sprawling, fragmented catalogues that food distributors must manage across thousands of SKUs from hundreds of suppliers. In food distribution, product data is notoriously messy: item descriptions vary between suppliers, packaging formats differ by region, and pricing changes frequently. Pepper has been building AI systems to match and enrich this data automatically, and Vizcayno’s experience building similar infrastructure for Latin American distributors makes the acquisition a talent and technology play as much as a market expansion one.

Espinosa’s role is equally telling. Customer implementation, the process of getting a distributor onto a new technology platform, is where many vertical SaaS companies lose deals. Distributors often have limited technical staff, legacy systems that resist integration, and operations that cannot afford downtime during a migration. Pepper is betting that AI-assisted onboarding can compress what has traditionally been a months-long process, and Espinosa’s background in customer acquisition at Alima positions her to lead that effort.

This is Pepper’s second acquisition in seven months. In August 2025, it acquired Kimelo, a distribution toolset that included a restaurant supply ordering app. The pace suggests Pepper is consolidating a fragmented market of small vertical tools into a single platform, a playbook familiar from other industries but still relatively early in food distribution.

A $1.4 trillion market, still on paper

The broader context is that food distribution technology remains in its early innings despite its enormous addressable market. Independent distributors are the backbone of the food supply chain, connecting farms and manufacturers to the restaurants, grocery stores, and institutions that feed people. Yet the industry’s technology adoption lags far behind comparable sectors like logistics, retail, and financial services.

Pepper’s investor list, which includes Index Ventures and Greylock, signals that serious venture capital is flowing into the space. The $50 million Series C in February valued the company at an undisclosed figure but positioned it as the category leader in a market where no dominant platform has yet emerged. The Alima acquisition adds Latin American domain expertise and a bilingual founding team to a company that will likely need to expand beyond the US to justify its funding trajectory.

For Alima’s founders, the framing is pragmatic. Vizcayno described the acquisition as the most honest continuation of Alima’s journey. Whether that honesty reflects strategic alignment or the practical reality that a $1.5 million seed-stage startup in a difficult Latin American market found a faster path to impact inside a better-funded platform is, ultimately, the same thing said two different ways.

A startup called Friending has launched a social platform built around a premise that sounds almost quaint in 2026: helping people make friends by meeting in person. The app, based in Raleigh, North Carolina, connects users by shared interests and geographic proximity, then deliberately limits chat functionality to push them toward face-to-face meetings rather than prolonged online conversations. Every user is verified through a third-party identity service, and the platform can confirm when two users’ phones are physically near each other, a feature designed to validate that meetings actually happen.

The timing is deliberate. In 2023, US Surgeon General Vivek Murthy issued an 82-page advisory declaring loneliness and social isolation a public health epidemic, finding that lacking social connection carries health risks comparable to smoking up to 15 cigarettes per day. Social isolation increases the risk of premature death by 29 per cent, heart disease by 29 per cent, and stroke by 32 per cent. Among older adults, chronic loneliness raises the risk of dementia by approximately 50 per cent. Half of American adults reported experiencing loneliness even before the pandemic.

Friending is far from the first app to try to address this. Bumble BFF launched in 2016 and saw a 16 per cent increase in time spent on its parent platform after adding the feature. Peanut, which connects mothers, has raised $17 million. Yubo, aimed at young adults, has raised $65.7 million. The friendship app category as a whole has attracted more than $84 million in venture capital. Yet none of these platforms has achieved the scale or cultural penetration of dating apps, which suggests either that the market is harder to crack or that the product designs have not yet found the right formula.

What Friending does differently

Friending’s distinguishing feature is its insistence on brevity in online interaction. Where most social platforms optimise for engagement time, measuring success by how long users stay on their screens, Friending treats extended chat as a failure state. The app is designed so that the valuable action is not the conversation but the meeting that follows it. The proximity verification feature, which registers when two users’ phones are physically close, serves as both a safety mechanism and a behavioural nudge: it confirms the meeting happened and reinforces the platform’s core proposition.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The identity verification layer is worth noting in a market where catfishing and fake profiles have eroded trust across social platforms. Friending uses a third-party verification system, though the company has not disclosed which provider it uses or what level of identity confirmation is required.

Gabor Kadas, the company’s founder, has described the app as a response to a paradox he experienced personally: moving between countries and accumulating thousands of online connections while feeling increasingly isolated. The company is currently raising venture capital to fund development and expansion, though it has not disclosed the size of the round or any committed investors.

The harder question

The challenge for any friendship app is not getting people to download it but getting them to use it more than once. Dating apps benefit from a powerful, specific motivation: the desire for romantic connection is urgent enough to overcome the friction of meeting strangers. Friendship is different. The need is real but diffuse, and the social cost of admitting you need an app to make friends remains higher than the cost of admitting you need one to find a date.

There is also the question of whether limiting online interaction actually helps. Research from the New York Academy of Sciences suggests that the relationship between social media and loneliness depends on the type of platform and the nature of the engagement. Active participation, such as responding to posts and sending messages, is associated with reduced loneliness. Passive use, such as scrolling without interacting, is not. By restricting chat, Friending may be removing one of the mechanisms through which users build the comfort and trust necessary to meet a stranger in person.

None of this means the idea lacks merit. The Surgeon General’s advisory was not a passing observation; it was a formal declaration that the country’s social fabric is fraying in ways that produce measurable harm. If Friending can convert even a fraction of the lonely half of America into regular users, it will have found something the larger platforms have not. The question is whether an app that asks people to put down their phones is fighting the problem or fighting human nature at the same time.

Samsung is expanding its already crowded TV lineup for 2026 with a new range of Mini LED 4K UHD models, alongside an updated Neo QLED series that pushes further into premium territory. The strategy is familiar but effective: take the core advantages of Mini LED backlighting; better contrast control, higher brightness, and more precise local dimming, and pair them with a deeper layer of AI-driven processing and smart platform refinements.

There’s a lot to unpack across both categories, so we’re keeping this focused. This article breaks down Samsung’s 2026 Mini LED 4K lineup; where the company is clearly trying to hit the sweet spot between performance and price, while the Neo QLED models, which lean more heavily into flagship features and higher-end positioning, are covered separately. 

What Are Samsung Mini LED TVs?

Samsung’s Mini LED TVs are still LCD-based displays, but they use a more advanced form of full-array LED backlighting. The difference comes down to scale: the LEDs are significantly smaller, which allows for far more precise local dimming and better control of light across the screen—especially when rendering bright objects against darker backgrounds.

When paired with HDR formats like HDR10+, this improved backlight control translates into higher peak brightness, better contrast, and expanded color volume. In practical terms, that means a more dynamic and accurate picture without abandoning the proven strengths of LCD technology.

Samsung 2026 Mini LED TV Lineup 

For 2026, Samsung is introducing two Mini LED TV series so far: the M80H and M70H. Both models feature 4K UHD resolution, the Tizen smart TV platform, gaming-focused features, and Samsung’s Vision AI Companion for enhanced picture and usability.

The M80H series is available in screen sizes from 55 to 85 inches, while the M70H series spans a broader range from 43 to 85 inches. Between the two, there’s enough flexibility to match just about any viewing distance or room size without forcing a compromise on features.

Key Features

Both series are built to deliver a strong 4K UHD viewing experience, with AI-driven processing handling upscaling and scene optimization. The M80H uses Samsung’s NQ4 AI Gen2 Processor, while the M70H relies on the Mini LED Processor 4K, with both designed to enhance clarity and detail on a scene-by-scene basis.

Samsung’s Real Depth Enhancer is included on both models, improving foreground definition and helping key on-screen elements stand out more clearly. The M80H adds AI Customization Mode, which learns your preferred picture settings by genre during setup and then automatically adjusts image quality based on what you’re watching.

For audio, the M80H also includes Active Voice Amplifier, which boosts dialogue and important sound effects to improve clarity—especially useful when background noise tries to steal the scene. 

Also, with Q Symphony, the M80H and M70H can be combined with compatible Samsung soundbars and Wi-Fi speakers to operate as a single, coordinated sound system rather than isolated components.

Gaming support for both models includes Samsung’s Gaming Hub, Cloud Gaming, and VRR (Variable Refresh Rate) in both series. However, the M80H also provides AI Auto Game Mode, Gaming Motion Plus, and AMD Freesync Premium Pro support

Samsung’s Vision AI experience is included in both Mini LED TV series. Anchored by the Perplexity TV App, Vision AI on TVs goes beyond simple voice commands or video enhancements by combining AI audio/video processing, Bixby voice control, Tizen Smart TV integration, and Knox Security into a single, seamless ecosystem.

Comparison

There’s a fair amount of feature overlap between the M80H and M70H models, but key differences remain. We’ve included a detailed comparison chart below to make it easier to see where they separate.

The Bottom Line

Samsung’s 2026 Mini LED lineup sits in a very calculated middle ground. You’re getting the core benefit that actually matters; Mini LED backlighting for better contrast, brightness control, and more consistent HDR performance without paying Neo QLED prices. Add in Tizen, Vision AI, and solid gaming support, and these don’t feel stripped down in daily use. For a lot of buyers, this is where the real value is.

What’s missing is just as important. No Quantum Dot layer means color accuracy and color volume won’t match Samsung’s Neo QLED models, and you’re not getting the full processing and refinement stack reserved for the higher tier. These are for buyers who want a meaningful step up from basic LED TVs without drifting into premium pricing. If you’re chasing reference-level performance, keep walking. If you want a well-equipped 4K Mini LED TV that covers the essentials and then some, this is the safer—and smarter—place to land.

Availability & Pricing

Samsung’s 2026 Mini LED 4K TVs are available now:

M80H Series

M70H Series

For more information: Samsung Product Page

Related Reading:

Reddit is stepping up its fight against bots, and now your account could be asked to prove it is human if the platform detects fishy behaviour.

Reddit CEO Steve Huffman says these checks will be rare, but they are meant to protect what makes Reddit work in the first place – real people talking to real people.

As AI-generated content spreads, Reddit admits it is getting harder to tell who is behind a post. So instead of broad crackdowns, it is focusing on suspicious behavior and adding clearer signals across the platform.

How Reddit plans to separate humans from bots

If Reddit detects signs of automation or unusual behavior, it may trigger a human verification check. This could involve simple actions like passkeys or FaceID that confirm a human is present.

In some cases, third-party biometric systems like Sam Altman’s World ID may be used. The platform may also use government-issued IDs in regions where laws require them. However, Reddit says that your identity will stay separate from your account.

The company is also standardizing labels for automated accounts. Approved bots will carry an [APP] tag, making it obvious you are interacting with software. Developers will need to register their tools to get this label, which adds a layer of transparency.

What does this mean for your Reddit experience?

Since Reddit says this is not a sitewide verification system, most users might never be asked to prove anything. Even when such checks take place, the focus will be on confirming a human exists, not identifying who that person is.

At the same time, the platform will continue removing harmful bots at scale, already taking down around 100,000 accounts daily. It is also improving reporting tools so users can flag suspicious activity more easily.

Reddit is not banning AI-written posts outright, but it is drawing a firm line. For now, the platform cares less about how content is written and more about who is behind it.

A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets.

Initial access is obtained through the ClickFix technique by hijacking the clipboard and tricking the user into executing a malicious PowerShell command.

According to researchers at cybersecurity company Gen Digital, Torg Grabber is actively developed, with 334 unique samples compiled in three months (between December 2025 and February 2026) and new command-and-control (C2) servers registered every week.

Apart from cryptocurrency wallets, Torg Grabber steals data from 103 password managers and two-factor authentication tools, and 19 note-taking apps.

Rapid evolution

In a technical report this week, Gen Digital researchers say that Torg Grabber’s initial builds used a Telegram-based and then a custom, encrypted TCP protocol for data exfiltration.

On December 18, 2025, the two mechanisms were abandoned in favor of an HTTPS connection routed through Cloudflare infrastructure. The method supports chunked data uploads and payload delivery.

The malware features several anti-analysis mechanisms, multi-layered obfuscation, and uses direct syscalls and reflective loading for evasion, running the final payload entirely in memory.

On December 22, 2025, Torg Grabber added App-Bound Encryption (ABE) bypass to beat Chrome’s (and Brave’s, Edge’s, Vivaldi’s, and Opera’s) cookie protection system, like many other information stealers.

However, the researchers also discovered a standalone tool called Underground, used for extracting browser data.

It injects a DLL reflectively into the browser to access Chrome’s COM Elevation Service and extract the master encryption key, a method also recently seen in VoidStealer.

Extensive data theft capabilities

Gen Digital found that Torg Grabber targets 25 Chromium-based browsers and 8 Firefox variants, trying to steal credentials, cookies, and autofill data.

Of the 850 browser extensions it targets, 728 are for cryptocurrency wallets, covering “essentially every crypto wallet ever conceived by human optimism.”

“The marquee names are all there – MetaMask, Phantom, TrustWallet, Coinbase, Binance, Exodus, TronLink, Ronin, OKX, Keplr, Rabby, Sui, Solflare,” the researchers say.

“But the list doesn’t stop at the big names. It keeps going, deep into the long tail, past projects with install counts you could fit in a phone booth.”

Apart from wallets, the malware also targets a large list of 103 extensions for passwords, tokens, and authenticators: LastPass, 1Password, Bitwarden, KeePass, NordPass, Dashlane, ProtonPass, Enpass, Psono, Pleasant Password Server, heylogin, 2FAAuth, GAuth, TOTP Authenticator, and Akamai MFA.

Torg Grabber also targets information from Discord, Telegram, Steam, VPN apps, FTP apps, email clients, password managers, and desktop cryptocurrency wallet apps.

The malware can also profile the host, create a hardware fingerprint, document installed software (including 24 antivirus tools), take screenshots of the user’s desktop, and steal files from the Desktop/Documents folders.

Also notable is its capability to execute shellcode on the compromised device, delivered in ChaCha-encrypted zlib-compressed form from the C2.

Gen Digital cautions that Torg Grabber continues to develop rapidly, registering new C2 domains weekly, and that its operator base is expanding, with 40 tags documented by the time of analysis.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Download The Report