One of the latest in Craft Recordings’ excellent Bluesville reissue series is a hard to find (and rather collectible) 1961 release by the great blues legend Lightnin’ Hopkins called Blues In My Bottle. Recorded exactly one week after I was born, the all-analog process (AAA) lacquers for this outstanding reissue were cut by Matthew Lutthans at The Mastering Lab at Blue Heaven Studio. The perfectly quiet, well centered 180-gram vinyl was pressed at Quality Record Pressing in conjunction with Acoustic Sounds.
Blues In My Bottle offers an extremely strong production aesthetic as far as early blues records go but the notion of whether it is “demo disc” worthy for showing off your audio system may be a matter of personal preference. I found the recording to be super intimate, just Lightnin’ Hopkins’ voice and acoustic guitar recorded in early stereo.
The kicker for me is the simple rawness of the recording which makes this album feel extra authentic on many levels. Stick with me here. You see, it seems that Mr. Hopkins, no doubt enthusiastic about recording, got a little too close to the microphone on certain tracks such as “Wine Spodee-O-Dee.” This resulting distortion (probably sending the VU meter into the red) is precisely what makes this recording feel so incredibly real, and in your face. Its less like you are listening to a studio session and more like he is performing in a club or bar where the artist moves around a bit periodically.
Don’t get me wrong: the recording is really good overall. Hopkins’ guitar sounds quite rich and natural, almost alarmingly so for recording that is 65 years old. And of course the songs are haunting, from “Death Bells” to “Jailhouse Blues” — this is some real deal acoustic blues.
A used copy of Blues in My Bottle surfaced in the bargain bin at a local record store just in time for this review, giving me a useful point of comparison for the new edition, even if it was not a rare original pressing. Probably from the late 1970s or early 1980s, it feels similar to the old Fantasy Records “Original Jazz Classics” series. However, instead of the ID number using the OJC prefix, it says “OBC” which I’m assuming means Original Blues Classics.
The OBC version sounds pretty good too, and that same distortion is in place leading me to believe it is very much a part of the original recording.
Comparatively, this new Craft Bluesville edition sounds much warmer than the OBC edition. The vinyl and pressing quality are world’s better as are the production elements right down to the labels and cover art. As you can see from this picture, they didn’t put a whole lot of effort into trying to re-create the original cover look and feel. Thus it turned it out almost monochromatic. The new edition is clearly the one to get. Highly recommended.
Where to buy: $34.12 at Amazon
Mark Smotroff is a deep music enthusiast / collector who has also worked in entertainment oriented marketing communications for decades supporting the likes of DTS, Sega and many others. He reviews vinyl for Analog Planet and has written for Audiophile Review, Sound+Vision, Mix, EQ, etc. You can learn more about him at LinkedIn.
Telecoms giant files suit in Golden State so it doesn’t have to maintain network it claims is hardly used
AT&T wants to ditch its traditional copper phone line infrastructure
in California in favor of fiber everywhere, claiming it has to spend $1 billion
each year on a telephone network that a tiny percentage of customers use.
The US telecoms giant announced plans this week to invest $19
billion in The Golden State between now and the end of the decade to bring
fiber to more than 4 million additional households and businesses, upgrading customers
to the newer infrastructure.
As part of its plans, the telco has filed a lawsuit [PDF] against
several state officials seeking a court order to overturn California rules that
require AT&T to continue offering a “plain old telephone service” (POTS).
AT&T points out that the Federal Communications
Commission (FCC) recently adopted
rules that encourage telcos to retire their aging copper lines.
The Washington-based telecoms regulator said the expansion
of fiber cabling is hindered by “the need for carriers to divert precious
resources to the maintenance of deteriorating legacy networks that deliver
outdated services to an ever-decreasing number of subscribers.”
In its court filing, AT&T says “the copper wires
that once served every home now serve just 3 percent of households in
AT&T’s California territory,” but complains that state-level “Carrier of Last
Resort” (COLR) rules require it to continue supporting and maintaining POTS
even after the FCC has authorized the service to be phased out. Under basic pre-emption
principles, those COLR rules cannot stand, it asserts.
But while the telco likes to portray this as bringing
faster and more reliable modern network technology to all California residents,
critics say rushing to phase out the old phone network could
leave some users behind.
A nonprofit public interest group, Public Knowledge, previously warned the FCC directive could impact consumers in rural areas, the
elderly, those with disabilities, and anyone who relies on specialized medical
equipment that uses phone lines.
As The Register has previously covered, the UK’s former state-level
operator BT was forced to delay plans to turn off the public switched telephone network
(PSTN) and replace it all with all-fiber infrastructure after similar concerns
were raised. This followed the introduction of a government charter to protect
vulnerable customers, particularly those using TeleCare, which supports alarms
that the elderly or infirm can trigger if they need emergency assistance.
AT&T said it will take “a thoughtful, phased
approach to upgrade customers,” and claimed “no customer will be left
without access to phone or 911 service.”
However, Public Knowledge said the FCC order relaxes or
entirely drops various safeguards put in place by previous US administrations, including the requirement to prove through engineering tests that a new service adequately replaces the old for medical equipment and alarm systems.
®
I recently had the opportunity to sit down with Francis de Souza, COO of Google Cloud, backstage at an event in Los Angeles. Amid the din around us, de Souza, who speaks in the calm, measured manner of a university professor, offered useful advice for companies navigating the AI security moment we’re all living through, noting that “there’ll be a transition period, and then I think we get to this better place.”
He wasn’t speaking about Google at that moment, but it’s clear that even Google is still figuring things out.
De Souza’s core message was one security professionals have been trying to get executives to internalize for years, now made urgent by AI: security can’t be an afterthought. “As companies embark on this AI journey, they need to take a platform approach,” he said. “Security is not something you can bolt on later, and it’s not something you can leave up to employees to do on their own.” He warned specifically about “shadow AI” — employees reaching for consumer tools without organizational oversight — and argued that companies need to demand security, governance, and auditability from their platforms from the start. “There’s no such thing as an AI strategy without a data strategy and a security strategy. They need to go hand in hand.”
Worth noting: he wasn’t pitching Google Cloud alone. When I observed that his advice sounded like a Google advertisement, he pushed back. Google, he said, is committed to a multicloud approach, and he made the case that companies that think they’re operating on a single cloud almost certainly aren’t. “Even if they pick a single cloud, they’re relying on SaaS applications, there are business partners that may be using different clouds,” he said. “It’s important for companies to have a security posture that is consistent across clouds, across models.”
He also made the case that the threat landscape has changed so fundamentally that old defensive models are too slow. He noted that the average time between an initial breach and the handoff to the next stage of an attack has dropped from eight hours to 22 seconds, and that the attack surface has expanded well beyond the traditional network perimeter. “In addition to your usual estate, you have models now. You have data pipelines used to train the models. You have agents, you have prompts. All of this needs to be protected.”
One threat de Souza flagged that doesn’t get enough attention: agents moving through a company’s internal systems can surface forgotten data repositories that nobody has thought about in years. “A lot of organizations have old SharePoint servers [and access controls] they haven’t really updated, but it didn’t matter because nobody really knew where they were. But agents roaming your enterprise will find those data assets and will expose the data on them.”
The answer, in his view, is to meet machine speed with machine speed. “We’re now seeing the emergence of an AI-native, fully agentic defense where organizations can run agents driving their defense,” he said. “Instead of having a human-led defense or even a human in the loop, you can now have humans overseeing a fully agentic defense.” He added that this has become a leadership issue, not just a technology one. “This is a board-level issue and an executive team issue. It’s not just a security team’s issue.”
But even as AI takes on more of the defensive workload, the people qualified to oversee it are in short supply — and the vulnerabilities that AI itself is introducing are multiplying faster than security teams can address them. “We’re going to need people to deal with the bug-pocalypse,” LinkedIn’s chief information security officer Lea Kissner told the New York Times this week, adding that she doesn’t expect the industry to understand AI security in any sustainable long-term way for at least several years.
Which brings us back to the platform providers themselves. The Register has published a series of reports over the past several weeks documenting a wave of Google Cloud developers hit with five-figure bills following unauthorized API calls to Gemini models — services many of them had never used or intentionally enabled. The cases followed a familiar pattern: API keys originally deployed for Google Maps, placed publicly per Google’s own instructions, had quietly become capable of accessing Gemini after Google expanded their scope without clearly disclosing the change.
Rod Danan, CEO of interview-prep platform Prentus, said his bill hit $10,138 in roughly 30 minutes after attackers exploited his compromised API key. Isuru Fonseka, a Sydney-based developer whose account was similarly compromised, woke up to charges of roughly AUD $17,000 despite believing he had a $250 spending cap in place. What neither knew was that Google’s automated systems had upgraded their billing tiers based on account history, raising their effective ceilings to as high as $100,000 without explicit consent.
Google refunded both after The Register published its initial report. Still, Google told The Register it has no plans to change its automatic tier-upgrade policy, saying it prioritizes preventing service outages over enforcing users’ stated budget preferences.
In the meantime, there is the separate question of what happens when a developer tries to shut things down. The Register reported this week on research by security firm Aikido finding that even developers who catch a compromised key and immediately delete it may not be safe. According to Aikido’s findings, attackers can apparently continue using that key for up to 23 minutes because Google’s revocation propagates gradually across its infrastructure. Aikido researcher Joseph Leon told The Register that during that window, success rates are unpredictable — in some minutes over 90% of requests still authenticated — and attackers can use the time to exfiltrate files and cached conversation data from Gemini.
Leon also noted that Google’s own newer credential formats don’t appear to have the same problem: service account API credentials revoke in about five seconds, and Gemini’s newer AQ-prefixed key format takes about a minute. “Both run at Google scale,” he wrote in Aikido’s related paper. “Both suggest this is technically solvable for Google API keys, too.” In short, according to Leon, the 23-minute window isn’t an engineering constraint but a matter of priorities for the company.
That’s worth considering when reading de Souza’s advice, which is sound and should be taken very seriously. He’s not wrong, but there is currently a gap between the platforms are prescribing and how fast they are themselves adapating, and it’s good to be aware of this, too.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
In recent years, cryptocurrency theft operations have evolved far beyond isolated phishing pages and fake NFT mint scams. What once consisted mainly of individual actors running malicious wallet-connection pages has increasingly developed into a structured underground service economy built around “Drainer-as-a-Service” (DaaS) platforms.
Unlike traditional malware operations, crypto drainers typically rely on social engineering rather than device compromise. Victims are lured to fake crypto, NFT, airdrop, or DeFi websites and asked to connect their wallets. Once a malicious transaction or wallet signature is approved, the drainer can transfer cryptocurrency assets directly from the victim’s wallet, often within seconds.
An analysis conducted by Flare researchers of approximately 700 posts collected from underground forums, chats, and channels related to the “Lucifer DaaS” between January 2025 and early 2026 provides a rare look into how modern drainer operations function internally.
The findings reveal an increasingly professionalized ecosystem focused on affiliate growth, automation, phishing scalability, wallet-security bypasses, and operational resilience.
The analyzed data suggests that modern drainer operations increasingly function similarly to legitimate SaaS businesses. Actors behind Lucifer discussed software releases, bug fixes, affiliate commissions, customer support, hosting recommendations, deployment automation, website cloning, and referral systems, offering a deep dive into how DaaS ecosystems are evolving inside underground communities.
A crypto drainer is a tool designed to steal cryptocurrency assets directly from victims’ wallets by abusing wallet permissions and transaction approvals. Instead of hacking the wallet itself, attackers typically lure victims to fake crypto, NFT, airdrop, DeFi, or token-claim websites and trick them into connecting their wallets and approving malicious requests or signatures.
Once permission is granted, the drainer can automatically transfer tokens, NFTs, or other digital assets from the victim’s wallet to attacker-controlled wallets, often within seconds and across multiple blockchains.
In this model, the operator develops and maintains the draining infrastructure, while affiliates bring victims. The affiliate’s job is to generate traffic through phishing links, fake websites, compromised social media accounts, ads, spam, or direct messages. The DaaS operator handles the wallet interaction, transaction logic, alerts, and asset-draining flow.
The Lucifer dataset shows this model clearly. In one promotional post, the actor explains that affiliates provide “traffic through phishing links, fake websites, and similar methods,” while the service manages “signatures, approvals, and token transfers.” The same post describes the service as commission-based and presents Lucifer Drainer as a “professional solution” with ERC20 support, Permit2, off-chain signatures, wallet-security bypasses, multichain support, and continued product updates.
That language is important. The operators are not selling a one-time malware kit. They are selling participation in a platform.
Their Telegram channel reinforces the same point. Lucifer repeatedly states that the software is “not for sale,” and that the operators take a 20% commission from successful “hits.” In May 2025, the channel wrote that it does not sell or lease the software and only splits “20% per hit.”
This is closer to the ransomware affiliate model than to old-school phishing kits. While the developers maintain the product, the affiliates bring traffic to monetize the operation and the profits are shared.
DaaS platforms like Lucifer recruit affiliates through underground forums and Telegram channels — the same sources Flare monitors continuously.
Flare tracks drainer ecosystems, phishing infrastructure chatter, and credential exposure across thousands of dark web sources, so your security team sees threats before they reach your users.
The Lucifer channel shows a drainer operation evolving publicly into a structured DaaS platform.
In March 2025, the group announced version 6.6.6, advertising ERC20 support, Permit2 abuse, off-chain signatures, Telegram notifications, wallet-security bypasses, and multichain functionality. The same announcement again emphasized that the software was not for sale and that the operators take a 20% commission from successful “hits.”
From then on, the channel increasingly resembled a software development feed more than a typical malware operation. The operators announced bug fixes, wallet compatibility updates, Telegram-browser support, deployment improvements, and hosting features.
One of the most notable additions was a website-cloning feature that allowed affiliates to clone phishing pages and receive ZIP files preloaded with the latest Lucifer code.
Over time, the operation moved heavily toward automation. Later updates introduced “Zero Config” deployment workflows, allowing affiliates to upload static files, automatically generate phishing-ready packages, and deploy infrastructure with minimal manual work. This significantly lowered the technical barrier for affiliates.
The broader dataset also shows Lucifer actively recruiting across underground communities where other drainer brands such as Inferno, Angel, Venom, Nova, Ghost, Medusa, Vega, and Monkey were discussed. A recurring theme across the posts was “traffic.” The operators repeatedly emphasized that affiliates needed victims and phishing distribution capabilities more than advanced technical skills.
However, the group also warned that complete beginners were not welcome, suggesting the operators prioritized experienced affiliates capable of generating reliable phishing traffic with limited operational overhead.
Like other underground services, Lucifer also shows signs of operational resilience.
In August 2025, their Telegram bots were banned, so they instructed users in their channel to create new bots and grant them admin privileges. The group also gave instructions for resolving configuration problems after migration.
In November 2025, Lucifer said a documentation domain hosted on Google Firebase had been suspended after research reports. The group responded by moving documentation to InterPlanetary File System (IPFS is a decentralized, peer-to-peer file-sharing protocol used to store and distribute data), presenting decentralization as a way to keep operations running after takedowns.
This mirrors behavior seen across the wider drainer ecosystem. Check Point’s research on “Inferno Drainer” described how the operation continued adapting despite wallet warnings, blacklists, and anti-phishing defenses.
Drainers became popular because they match the structure of modern crypto crime.
Crypto assets are liquid, fast-moving, and often irreversible once transferred. Attackers do not need to compromise a bank portal or wait for a mule account. A successful wallet approval can immediately “drain” assets.
They also benefit from user confusion. Wallet prompts, approvals, signatures, permits, and token allowances are still difficult for many users to understand. Attackers exploit that complexity by making malicious prompts look like routine Web3 interactions.
The abuse of the authorization mechanisms Permit and Permit2 became especially attractive because these mechanisms can allow token transfers through signed permissions rather than obvious direct transfers. That makes the user interaction feel less alarming, while still giving attackers a path to assets.
The findings suggest that Lucifer is part of a much broader underground ecosystem that includes operations and other wallet-draining services competing for affiliates, traffic, and visibility across underground communities.
The analyzed Lucifer dataset provides a rare public look into how modern DaaS operations function behind the scenes. The collected posts reveal an ecosystem focused on continuous development, affiliate retention, infrastructure resilience, automation, and operational scalability.
The findings also highlight how modern crypto-drainer operations increasingly resemble legitimate SaaS businesses. Rather than selling a static phishing kit, DaaS operators now maintain active platforms designed to simplify deployment, reduce technical barriers, and maximize affiliate efficiency.
Features such as website cloning, automated ZIP deployment, “Zero Config” workflows, affiliate commissions, and support channels demonstrate how operational maturity has become a competitive advantage within the ecosystem.
Crypto drainers are no longer isolated phishing pages operated by individual actors, but increasingly structured service platforms built around scalability and repeatability. As these ecosystems continue lowering the technical barrier for affiliates, wallet theft operations may become more accessible, more automated, and more difficult to disrupt at scale.
DaaS platforms are designed to make malicious wallet interactions look routine. Knowing what to look for is the first line of defense. Watch for these warning signs before connecting your wallet to any crypto site:
Wallet connection requested immediately on a crypto/NFT/airdrop site.
Unexpected signature or “Approve” requests before receiving anything.
Requests for unlimited token approvals or Permit/Permit2 permissions.
“Gasless claim” or “off-chain signature” prompts that still require wallet approval.
Fake urgency: “claim now,” “wallet verification,” “limited mint,” “expiring rewards.”
Links received through Telegram, Discord, X/Twitter DMs, or fake support accounts.
Recently created or suspicious-looking crypto domains.
Websites cloned from legitimate DeFi, NFT, or exchange platforms.
Multiple redirects before reaching the wallet prompt.
Wallet warnings ignored or bypassed.
Using a main wallet with large holdings for unknown Web3 sites.
Repeated prompts to reconnect or re-sign transactions.
Influencer or project accounts suddenly pushing unexpected mint/claim links.
Browser tabs opening new wallet approval windows automatically.
Transaction details that are vague, empty, or difficult to understand.
“Free NFT” or “free token” campaigns requiring approvals first.
Discord or Telegram admins privately messaging users first.
Websites asking users to disable wallet security protections.
Wallet drained immediately after signing a message instead of sending funds manually.
Any platform pressuring users to act fast before verifying legitimacy.
Flare provides early visibility into fraud operations before they reach victims. By monitoring underground forums, Telegram channels, and marketplaces, Flare detects leaked data, victim lists, and recruitment activity tied to Caller-as-a-Service campaigns.
This allows organizations to proactively respond (reset credentials, alert users, and strengthen defenses) before attackers strike, reducing both risk and impact.
Sponsored and written by Flare.
There was a time when Craftsman’s return policy was legendary. You used to be able to walk into any Sears and get a brand-new tool on the spot. It didn’t matter if it was a factory defect or user error that broke the tool; you’d get a replacement, no questions asked. This all changed in the late 2010s after Stanley Black and Decker purchased the brand, upon which the wording on Craftsman’s tool warranty became significantly more restrictive.
There is still a lifetime warranty for certain hand tools and mechanics tools, though other products have more limited warranties, either in the types of damage covered or the length of coverage. Craftsman’s power tools, for example, only have warranties ranging from one to three years, depending on the tool. In any case, Craftsman products must be returned to an official retailer such as Lowe’s or Ace Hardware, and this is where some users have encountered friction. Some buyers stated that exchanges have been refused outright, while others have claimed that stores may not offer replacements for outdated models.
While Craftsman’s warranty is comparable to most other brands on the market today, it’s no longer necessarily outstanding. Several other tool brands also offer lifetime warranties on hand tools, and some have coverage that’s better than what Craftsman currently provides. Those who are thinking of investing in a brand and want to feel secure in their purchases might first want to check what sort of coverage these other brands offer.
Tekton is a family-owned business based in Grand Rapids, Michigan, that makes a wide range of hand tools. The brand has a reputation for quality and offers some pretty impressive coverage to complement it. In fact, some might argue that Tekton has the best and most customer-friendly warranty policy in the tool industry today. The company’s policy is simple: If a tool doesn’t work the way it’s supposed to, the company will replace it. There are no time limits, and it doesn’t matter how old a tool is or how long it’s been since it was purchased. You don’t need to worry about shipping costs, nor do you need to have a receipt. This is particularly nice for hand-me-down tools or those purchased second-hand.
The process is simple. All you need to do is take a picture of the broken tool and upload it to the Warranty page on the Tekton website along with the tool’s item number and a brief description of what’s wrong with it. You then provide your name, address, and contact information, and then Tekton will ship a new one to your home for free. You don’t even need to leave your house.
Reddit is full of first-hand accounts from buyers who have used Tekton’s warranty claim service and experienced no issues. Many have also claimed that replacement parts arrived within just a few days, with some even receiving replacements the day after they filed the report.
Harbor Freight has a reputation as a budget tool retailer. Much of the company’s business model is based on cutting out the middlemen, offering popular tools through its own store-owned brands at lower prices than the competition. The company also has a range of warranty policies for its different brands and tool types, some of which are pretty great.
The company’s best warranty is for its hand tools. If you have a broken Harbor Freight hand tool, you can walk into any Harbor Freight, and they will swap it out for a new one on the spot if you’re the original owner, replacing older models with comparable new ones if a product has been discontinued. This applies to all hand tools in the Pittsburgh, Quinn, Doyle, and Icon lines.
Many Reddit users have even claimed that they didn’t need a receipt to claim a warranty, and that they were able to walk into the store with a broken tool and walk out with a new one, no questions asked. That said, others have suggested making an account, as it will allow Harbor Freight to track your purchase history and pull up proof of purchase if necessary. The company’s Hercules brand also boasts an impressive 5-year limited warranty for its power tools, significantly better than the 3-year warranty offered by Craftsman.
Sonic Tools is best known for its automotive and aviation products as well as its Sonic Foam System storage solutions. The professional-grade manufacturer is popular among mechanics and industrial technicians alike, and it promises a lifetime warranty.
Like Tekton, Sonic Tools has an online warranty claim process. Start by going to the Warranty page on the Sonic Tools USA website and filling in your personal information, shipping information, the reason that you’re claiming the warranty, and the tool’s part number. You then attach photos of the tool and a close-up of the printed part number on the tool and submit the form. Sonic claims that it will process the warranty within 24 hours and immediately ship out a replacement tool. This doesn’t require a receipt or any other form of proof of purchase. This warranty covers most Sonic Tools products, with only a few caveats regarding consumable items, products not marketed under the Sonic Tools brand, and items that have been subjected to clear misuse or modification.
While not all users are satisfied with Sonic Tools’ build quality and pricing, the sentiment regarding the company’s warranty is extremely positive. Redditors have reported receiving replacement tools very quickly, sometimes within a week of submitting through the portal, and it’s hard to find anyone who claims to have had a bad experience with the warranty process.
Kobalt, Lowe’s in-house brand, has an exceptionally large catalog of hand and power tools. These tools are often on the budget side of the spectrum, but are well known for offering decent quality and performance. Like Craftsman, not every product that Kobalt makes is covered by the same warranty. It offers 1-year, 3-year, 5-year, and lifetime guarantees, with power tools typically getting the 5-year guarantee and hand tools generally getting lifetime coverage. On top of this, Lowe’s offers a satisfaction guarantee that allows you to return or replace nearly any product you aren’t happy with within 90 days.
To make an exchange, you just need to take the tool to any Lowe’s. Most warranties only cover material and workmanship defects and require valid proof of purchase. That said, Lowe’s lets users create an account to track their purchase history, which can be used instead of a physical receipt. Additionally, products covered by Lowe’s lifetime guarantee can be exchanged, no questions asked.
On paper, you should be able to get any warrantied tool replaced at your local Lowe’s, but owners’ experiences have varied. Some buyers have stated that the process is smooth and easy, but others have claimed to have had difficulties getting Lowe’s to honor the warranty in-store and were told to contact Kobalt for a replacement instead.
Another automotive tool brand with a top-quality warranty worth considering is SK Professional Tools. The company has been a staple for decades and specializes in high-end, industrial-quality hand tools, and it offers a limited lifetime warranty on all of its products. This warranty covers damage acquired with normal use as well as any manufacturing defects, but doesn’t cover damage caused by misuse or modification.
To file a claim, you’ll need to go to the Warranty Claim section on the SK Professional Tools website. This gives you the option to request a return for store credit, exchange the broken tool for a comparable product, or receive a ratchet or breaker bar repair kit to fix your existing tool. You’ll then enter the product information, a description of the reason for the claim, a photo of the product, and your personal and shipping information. Once this is completed, the company’s customer service team will contact you and provide you with return instructions.
This isn’t quite as hassle-free as some of the others, but it’s still a relatively simple return process with great coverage. Owners’ real-world experiences back it up, too, with customer reports on Reddit outlining positive experiences with SK’s return process. Some of them also claimed that they were able to resolve warranty claims simply by calling the company’s customer service line.
Craftsman was among the first tool brands to offer a lifetime warranty on its hand tools. That said, the company’s warranty, while still competitive, isn’t as legendary as it once was. There are now several other brands that offer lifetime warranties on their hand tools and many that offer longer coverage periods on their power tools.
To choose brands that offer coverage as good or better than Craftsman, we started by looking at the top tool brands and examining their warranty periods. Narrowing it down to options that offered lifetime warranties on hand tools and exceptional warranties on power tools (when applicable), we dug deeper into the return process to find the ones with the simplest warranty processes. We also screened out brands with excessive loopholes that allow them to avoid replacing a tool under reasonable circumstances.
Once we selected our brands, we turned to owner reports and experiences, primarily on Reddit, to see how well the return systems work in practice. That way, a potential tool buyer will have as detailed a picture of a brand’s warranty coverage as possible before they spend their hard-earned money.
U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide.
23-year-old Jacob Butler (also known online as “Dort”) was arrested by Canadian authorities in Ottawa on Wednesday pursuant to an extradition warrant.
According to a criminal complaint unsealed on Thursday in the District of Alaska, Butler was taken into custody based on IP address and online account information, transaction records, and online messaging records that exposed his links to the KimWolf botnet.
Butler now awaits extradition to the U.S. and is facing one count of aiding and abetting computer intrusions, which carries a maximum sentence of 10 years in prison.
As detailed in court documents, KimWolf operated as a DDoS-for-hire service and was used by cybercriminals to launch attacks reaching nearly 30 terabits per second, the largest DDoS attack publicly disclosed at the time.
Using a cybercrime-as-a-service model, Butler sold access to a massive network of compromised enslaved systems (ranging from digital photo frames and web cameras to Android-based TV boxes and streaming devices).
The botnet was used in more than 25,000 attacks targeting computers and servers worldwide (including Department of Defense Information Network IP addresses) and caused financial losses exceeding $1 million for some victims.
Researchers at cybersecurity firm Synthient, who have been tracking KimWolf’s rapid expansion, noted in January that KimWolf grew to almost 2 million after compromising Android devices in attacks exploiting vulnerabilities in residential proxy networks, and that it generated approximately 12 million unique IP addresses each week.
Separately, the Central District of California unsealed seizure warrants targeting 45 DDoS-for-hire platforms, which disrupted multiple DDoS platforms, including at least one that collaborated with the KimWolf botnet.
“These seizures broadly disrupted the DDoS platforms, including at least one that collaborated with Butler’s KimWolf botnet,” the Justice Department said yesterday.
“U.S. authorities also seized domain records associated with many of these services, redirecting them to an authorized ‘splash page,’ which displays a warning to potential visitors that DDoS services are illegal.”
Butler’s arrest follows a March 2026 international operation in which U.S., German, and Canadian authorities seized command-and-control infrastructure used by KimWolf and three related botnets (Aisuru, JackSkid, and Mossad), which collectively infected over 3 million IoT devices.
As the U.S. Justice Department said at the time, the four botnets collectively infected more than 3 million IoT devices, including web cameras, digital video recorders, and Wi-Fi routers, many of them in the United States.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
“Canonical says Ubuntu Pastebin will be decommissioned at the end of May 2026,” writes Slashdot reader BrianFagioli, “as part of an infrastructure modernization effort.”
The announcement only appeared this week, giving the Linux community barely any warning before a service that has been tied to Ubuntu support culture for years suddenly disappears.
Ubuntu Pastebin has long been used for sharing logs, crash reports, config files, and terminal output across IRC, Ask Ubuntu, forums, bug reports, Reddit, and countless troubleshooting guides scattered around the internet. The bigger concern is link rot. Once the shutdown happens, years of old support discussions could lose critical debugging information overnight. Community members have already pointed out that some Ubuntu packages and scripts still reference paste.ubuntu.com directly.
While it is understandable that aging services eventually get retired, the extremely short transition period is rubbing many Linux users the wrong way, especially in a community where old documentation and archived troubleshooting threads still regularly help people solve problems a decade later.
Storage is expensive these days, whether you’re looking at the prices of spinning rust or magic little sticks of silicon. But what if there was some benevolent overlord that you could trick into giving you unlimited storage? That’s where Noisecloud comes in.
Created by [Lucas], Noisecloud is a tool that lets you use YouTube as a form of effectively-unlimited file storage. It works by taking whatever file data you have on hand, and turns it into frames of digital noise that can be stored and transported as an MP4 file and uploaded to YouTube. The encoding process involves first compressing the data with gzip, then packaging it into a high-constrast series of video frames that are then encoded with FFmpeg. Video containers can be produced in various resolutions, all the way down to 640×360 @ 30 fps. There’s also a special “TikTok mode” which is optimised to best preserve data on short form sites that use vertical orientation as default. More commentary from the creator is available via the supporting article on Github.
It’s probably not a practical way to store your files, given the fussy encoding and decoding required to actually use the data. However, it’s an interesting proof of concept that explores how data can be stashed in unexpected places via publicly-accessible services. We’ve explored similar work before, too.
Recently, the biggest trend in kitchen gadgets has been “hands-free” and AI-powered devices that act as automated countertop assistants. There are plenty of devices that exist now for people who want to cook more (or at least look like someone who has their life together) but don’t always have the energy for a full kitchen marathon after work.
From a robot stirring your soup to a bread machine that kneads your dough while you watch TV, here is a list of gadgets that may make you feel like you’ve won adulthood. Or at least make cooking feel much less intimidating.
The Nosh Chef Robot is a huge upgrade from a slow cooker or Instant Pot, as it can manage much of the cooking process autonomously.
The AI-powered robot dispenses exact amounts of oils, spices, and ingredients from reusable ingredient cartridges. Users still need to load ingredients beforehand, but once everything is in place, the robot can roughly chop, stir, sauté, portion, plate, and self-clean after meals. However, it can’t bake, roast, or steam, so there are limitations, but the company says it supports more than 500 dishes, such as stir-fry and curry.
The system runs on NoshOS, a proprietary AI trained on thousands of recipes and cooking techniques. Built-in sensors monitor moisture, texture, and browning levels in real time, adjusting heat and seasoning throughout the cooking process. It can even recognize ingredients already loaded into the device and recommend meals based on what’s available.
The Nosh One is currently available for preorder on Kickstarter, with shipments expected in summer 2026.
An automatic soup stirrer sounds unnecessary until you use it once, and suddenly you’re hooked.
Instead of standing over the stove painstakingly stirring soup, sauce, risotto, pudding, or oatmeal, the StirMate Automatic Pot Stirrer rotates around the pot for you while you prep other ingredients, answer emails, or scroll on your phone.
It could also serve as a helpful accessibility tool for people with mobility issues or chronic pain.
Developed by father-and-son company StirMate, the third-generation model launched recently and includes a stronger motor, adjustable speed settings, and redesigned paddles for thicker recipes. It can run for up to 10 hours on a single charge and recharges in about an hour.
Modern bread machines have evolved far beyond basic sandwich bread. This newer smart model from KitchenArm automates the mixing, kneading, proofing, and baking process, turning homemade bread into a mostly hands-off experience. Just add ingredients, select a setting, and let the machine do the work.
The KitchenArm Smart Bread Machine includes 29 automatic programs with 21 bread settings, including white, French, whole wheat, rye, and sweet breads, plus non-bread options for yogurt, jam, and cake. There’s also a fully customizable “Homemade” mode for adjusting kneading and rising times manually.
Morning routines are significantly easier when your coffee machine remembers your order and the usual time you want to drink it.
The De’Longhi Rivelia is a newer option and has recently garnered attention for its smart personalization features. In addition to grinding beans, brewing espresso, and frothing milk automatically, the Rivelia supports up to four user profiles, remembers favorite drinks and strength preferences, and adapts recommendations over time based on usage habits. Its “Coffee Routines” feature can even suggest beverages depending on the time of day.
While it’s definitely expensive, it’s widely considered one of the most popular high-end espresso machines currently available.
Store-bought oat milk prices alone are enough to push some people into making their own. The Nama M1 automates the entire process of making almond, oat, soy, or cashew milk, eliminating the old method of soaking, blending, and then straining that previously made homemade plant milk feel like a full-time job.
Newer nut milk makers have become faster, smarter, and much easier to clean, and the Nama M1 is one of the more widely reviewed examples currently on the market. Using centrifugal force, it can produce creamy plant milk in a few minutes with minimal prep work.
The KitchenArt Auto-Measure Spice Carousel is one of the simplest products on this list, but it solves a very real problem: accidentally dumping half a container of garlic powder into dinner because the spice lid suddenly betrayed you. This rotating carousel stores up to 12 spices and dispenses measured amounts in 1/4 tsp amounts or poured normally through the built-in spouts.
No apps, no AI, no complicated setup. Just a genuinely practical kitchen tool.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
The smart glasses industry has long been a tortured dream of Silicon Valley. The premise is appealing enough: What if, to enjoy the benefits of mobile computing, people didn’t have to stare at their phones all day long and could, instead, simply wear a lightweight computing device on their face? Science fiction fans (a demographic that is strong in the tech industry) can see this vision perfectly.
However, the industry has — for much of the last decade — resembled a financial black hole into which gargantuan investments have been sunk and from which little to no profit has ever emerged.
“Everybody’s losing money,” said Chi Xu, the founder and CEO of the smart glasses company Xreal, which is a longtime partner of Google. I met Xu at Google’s I/O conference in Mountain View last week, where he was promoting Xreal’s Project Aura. That’s its latest effort to create a set of functional XR glasses that people actually want to use.
“That’s because it’s very hard, what we’re doing,” he said.
For much of the industry’s existence, the problems of smart glasses have seemed somewhat obvious: bulky, uncomfortable, and socially awkward form factor, paired with negligibly beneficial software. Now, however, industry insiders — including Xu — feel like their business has turned a corner and may be reaching an inflection point.
That supposed inflection point has something to do with Meta, whose 2023 partnership with Ray-Ban launched one of the first lines of models that has actually managed to sell a lot of units. (It’s worth noting, however, that the division responsible for the glasses, Reality Labs, still operates at a massive loss.)
Now, as form factors shrink and software improves, Xu feels that Xreal can finally become a leader in the space. “You need all the key pieces ready — you need the hardware ready, the operating system needs to be ready, and then you need a great user interface,” Xu said.
Xreal’s newest model Aura is wired smart glasses that have OLED displays embedded within them, meaning that you can watch high-resolution videos within the frames themselves. Somewhat awkwardly, Aura comes tethered to a “puck” — essentially a phone-shaped mini-computer that powers the experience behind the glasses. When using it, you can ostensibly just slip it into your pocket.
But in exchange for the awkwardness of the puck, the user gets a wider variety of fun experiences with the glasses, including an immersive Google Maps app, VR YouTube videos, and a “painting app” that lets you — via the powers of hand tracking — create holographic imagery that only you can see. There are also reportedly games, playable (again) via hand tracking, and basic web surfing functionality.
“Whether you are following a floating recipe while cooking, setting up a private workspace at a coffee shop or on a flight, or watching a movie on a virtual big screen at home, the experience is seamless,” the company promises.
Xu also says that he imagines the device being used not just by the casual consumer but by professionals as well. “It’s not just about watching the NBA game in a hologram type of format, you could also go to a coffee shop and do some work,” he said.
Currently, the glasses are only available for developers, but the plan is for them to launch commercially later this year. Xreal is also working on an IPO that is expected to take place before 2026 is over, although Xu declined to say much about it.
In the meantime, the company is working on that whole turning-a-profit thing. Xu notes that his company has been raising its gross margin while lowering its costs for marketing and sales. “Next year is the year when we could actually break even,” he says.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Save $300 on Apple’s latest 14-inch MacBook Pro with an upgrade to the M5 Pro 18C CPU/20C GPU chip and boost to 48GB RAM. The flash deal ends today.
Apple’s M5 Pro 14-inch MacBook Pro was released in March 2026, but a popular configuration is already marked down heavily during B&H’s flash sale that ends today. Save $300 on this M5 Pro model that has an 18-core CPU with a 20-core GPU, an upgrade from the standard 15-core CPU and 16-core GPU. It also has 48GB of RAM, double that of the standard 24GB found in the entry model. Rounding out the key specs is a 1TB SSD.
Save $300 on 14″ MacBook Pro 48GB RAM
Normally priced at $2,799, the M5 Pro/48GB RAM/1TB spec is discounted to $2,499, reflecting the lowest price seen since its March release. B&H states supply is limited at the reduced price, and the deal ends today at 8:59 p.m. Pacific Time.
This MacBook Pro deal sits alongside several other discounts on the M5 Pro and M5 Max line, so it’s worth checking out highlights from the sale below.
14-inch MacBook Pro M5 Pro and M5 Max sale
16-inch MacBook Pro M5 Pro and M5 Max deals
You can also compare prices and score deals across every configuration in our 14-inch MacBook Pro M5 Pro/M5 Max Price Guide and 16-inch MacBook Pro M5 Pro/M5 Max Price Guide.
Blockchain.com files with SEC for U.S. IPO
Holiday Weekend Open Thread – Corporette.com
Bitcoin Accumulation Weakens as BTC Realized Losses Hit $600M
Dell Technologies DELL Stock Surges 15% on AI Server Momentum and Analyst Upgrades in 2026
Space X IPO Is ‘Bad News’ for Tech Stocks: But What About Bitcoin?
Makerfield: a tale of two social-media histories
MicroStrategy’s Saylor Says Miners No Longer Set Bitcoin Price, Another Force Has Taken Over
Robinhood crypto COO Tanya Denisova exits
NYT Strands Answers May 24 2026 Revealed for Puzzle No. 812 Theme Summer Essentials
A 0.12% parameter add-on gives AI agents the working memory RAG can’t
AI infrastructure race heats up as IREN pitches full-stack strategy, WhiteFiber lands $160M deal
WhatsApp ads could make Irish debut after discussions with DPC
Trump Invests $1M-$5M in Kura Sushi USA Chain With 27 California Locations
You Can Now Add ChatGPT To PowerPoint
Revolut Launches Dogecoin Debit Card Across UK and EU
2026 CJ Cup Byron Nelson leaderboard: Brooks Koepka finds putting stroke in Round 1
Trump Media’s Bitcoin Stash Shrinks Again as 2,650 BTC Lands on Crypto.com
Charity run by Reform leader Malcolm Offord accused of ‘law breaking’ over Scottish registration
Goldman Sachs reinstates Ageas stock coverage with neutral rating
Exa Labs raises $250 million in funding led by a16z
You must be logged in to post a comment Login