Key Takeaways

• Marvell Technology’s earnings will reveal momentum in custom AI silicon and data center infrastructure spending
• Dell Technologies must demonstrate that surging AI server revenue is driving meaningful profit improvement
• Salesforce results will indicate whether enterprise customers are increasing AI software budgets
• Costco’s quarterly performance will offer insight into spending habits among value-conscious consumers
• Tesla remains a focal point without an earnings report, as robotaxi progress, China sales, and AI initiatives drive headlines

Investors are bracing for a consequential week as five prominent companies prepare to deliver earnings results and strategic updates spanning artificial intelligence infrastructure, enterprise technology, consumer retail, and the electric vehicle sector.

Chip and Hardware Giants Under the Microscope

Marvell Technology enters the spotlight as one of the week’s most anticipated reports. The semiconductor company has carved out significant market share in custom chip design, optical connectivity solutions, and AI infrastructure components for hyperscale data centers. The central question: are major cloud providers maintaining their aggressive capital expenditure on artificial intelligence buildouts?

Marvell Technology, Inc., MRVL

With shares trading near elevated levels, market participants have set a high bar for results. A convincing performance would reinforce the thesis that AI-driven semiconductor demand extends well beyond Nvidia’s dominance and is creating opportunities across the chip ecosystem.

Dell Technologies faces equally intense scrutiny. The company has evolved from its legacy PC business into a critical supplier of AI-optimized servers for enterprise and cloud customers. Substantial contracts tied to machine learning infrastructure have fueled recent growth.

But top-line expansion alone won’t satisfy shareholders. The critical metric is whether Dell can convert robust AI server demand into expanding profit margins. Manufacturing these advanced systems carries significant costs, and investors are demanding evidence that the business model is becoming more profitable, not just larger.

Enterprise Software, Consumer Spending, and Tesla’s Ongoing Narrative

Salesforce represents the software dimension of the AI investment thesis. While hardware companies build the infrastructure, Salesforce must prove that enterprises are willing to pay premium prices for AI-enhanced applications, automation capabilities, and intelligent data platforms.

Management has heavily promoted its AI agent technology and platform services as the next phase of growth. When financial results arrive, analysts will scrutinize revenue acceleration, operating margin expansion, and signs that customers are adopting—and paying for—these new AI features.

Costco shifts attention to the consumer economy. As a bellwether for middle- and upper-income households seeking value, the warehouse club’s performance carries significant weight. Membership renewal rates, same-store sales growth, and foot traffic trends will provide crucial signals about consumer resilience.

Given the stock’s elevated valuation multiple, delivering robust results and optimistic forward guidance will be essential to maintaining investor confidence in the current price level.

Tesla won’t release quarterly earnings this week, yet the company remains a constant focal point for market participants. Updates regarding autonomous vehicle deployment, sales performance in China, production margins, and statements from CEO Elon Musk frequently trigger significant price movements.

While Tesla has been repositioning its story around self-driving technology, artificial intelligence capabilities, and robotics ambitions, Wall Street hasn’t stopped monitoring fundamental metrics like delivery volumes and quarterly profitability.

Broader Market Implications

Collectively, these five companies provide a comprehensive snapshot of multiple market themes. Marvell and Dell will test the durability of AI infrastructure investment. Salesforce will determine whether that spending is translating into software adoption. Costco will gauge the health of the American consumer. Tesla will serve as a barometer for growth stock sentiment and retail investor enthusiasm around transformative technology.

The outcomes from this diverse group could establish important directional cues for equity markets as the calendar moves toward mid-year.

Key Takeaways

• Jensen Huang called on Super Micro Computer (SMCI) to strengthen its export compliance measures during his arrival in Taipei over the weekend.
• Authorities in Taiwan have detained three individuals accused of falsifying export documents while shipping Super Micro AI servers with Nvidia chips to China.
• This incident follows a March U.S. federal indictment accusing Super Micro’s co-founder and accomplices of orchestrating a ~$2.5 billion smuggling operation involving Nvidia-powered servers destined for China.
• Huang disclosed that China represents part of Nvidia’s anticipated $200 billion addressable market for the forthcoming Vera CPU.
• While H200 chips have received export approval for China, no deliveries have occurred to Chinese buyers to date.

Nvidia’s chief executive Jensen Huang touched down in Taipei over the weekend and immediately confronted the escalating concerns surrounding Super Micro Computer (SMCI) and alleged AI chip smuggling operations to China.

NVIDIA Corporation, NVDA

Addressing media at Songshan Airport, Huang emphasized that Nvidia maintains “rigorous” standards when briefing partners on U.S. export regulations. He expressed his expectation that Super Micro will “enhance and improve” its compliance framework to avoid future violations.

His remarks follow an announcement from Taiwan’s Keelung District Prosecutors’ Office that three individuals were detained earlier this week. The suspects allegedly filed false shipping documents to facilitate the export of Super Micro servers—equipped with cutting-edge Nvidia AI processors—to destinations including China, Hong Kong, and Macau.

Super Micro has not issued an immediate statement in response to media inquiries. The company previously indicated its dedication to safeguarding advanced American technology and pledged to reinforce its international trade compliance operations.

This marks another chapter in Super Micro’s ongoing export control challenges. Earlier this year in March, federal prosecutors in the United States indicted Super Micro co-founder Yih-Shyan “Wally” Liaw alongside two associates for allegedly orchestrating a conspiracy to smuggle approximately $2.5 billion in Nvidia-equipped servers to China using shell entities across Southeast Asia.

Liaw has entered a not guilty plea. Super Micro maintains that it is not a defendant in the case and is actively cooperating with authorities.

While the Taiwan detention is administratively separate from the U.S. federal charges, both investigations share significant overlap. Each case involves similar alleged smuggling networks—utilizing intermediary companies to circumvent U.S. export restrictions and funnel prohibited Nvidia AI technology into China.

A Bloomberg investigation published earlier this month identified a firm associated with Thailand’s national artificial intelligence initiative as potentially facilitating the transfer of Super Micro servers to Chinese entities. That reporting named Alibaba (BABA) among several ultimate recipients.

China Remains Central to Nvidia’s Growth Strategy

Despite ongoing export control controversies surrounding its products, Huang made clear that China continues to factor prominently in Nvidia’s future revenue projections.

Speaking to journalists at the airport, Huang revealed that China is incorporated into the $200 billion total addressable market estimate he presented for Nvidia’s next-generation Vera CPU during the company’s earnings call on May 20th.

Nvidia’s H200 processor has secured U.S. licensing for Chinese exports, with approximately ten Chinese companies authorized to acquire the technology. Yet remarkably, zero H200 units have reached any Chinese customer thus far.

Huang characterized the Chinese market as “very important” and “very large,” stating it “would be terrific” to supply it. Nevertheless, recent discussions between President Trump and Chinese President Xi Jinping in Beijing this month yielded no resolution on export matters.

Taiwan Events: GTC and Computex

Huang’s Taiwan visit precedes Nvidia’s GTC Taipei conference and his keynote address at Computex, slated for June 1st. Industry observers anticipate he will unveil detailed information about the software architecture underlying Nvidia’s Vera Rubin platform.

He characterized the platform as “the largest product launch, probably in the history of Taiwan.” Every Vera Rubin NVL72 system incorporates nearly 2 million individual components and engages approximately 150 Taiwanese supply chain partners.

According to current reports, Super Micro shipments connected to the smuggling investigations remain suspended, with both U.S. and Taiwan authorities continuing their active inquiries.

XRP market depth on Binance has dropped to its weakest level since January 2020, according to CryptoQuant analyst Arab Chain. 

The analyst said XRP’s 30-day liquidity index on Binance fell to about 0.043 while the token traded near $1.34.

The reading points to a sharp fall in available liquidity compared with earlier market phases. Arab Chain said the index had previously reached readings above 3 and 4 points between 2022 and 2024, when XRP saw stronger trading activity and higher volatility.

XRP Binance liquidity falls to a six-year low

Low liquidity does not give a direct bullish or bearish signal on its own. However, thinner market depth can make XRP more sensitive to large orders because fewer bids and asks sit near the current price.

That means sudden buying or selling can move price faster than usual. For traders, the current setup creates a market where volatility can rise even if daily volume remains modest.

The drop also signals weaker speculative activity on Binance. Arab Chain said the decline may show reduced new liquidity inflows and a more cautious market structure.

The update comes as XRP remains stuck near the same range it has traded around for months. The $1.35–$1.40 area now carries added focus because it connects thin liquidity with repeated whale activity.

Binance whales withdraw XRP near $1.35

CryptoQuant analyst Amr Taha reported that XRP whales withdrew $49.2 million from Binance on May 22 while the token traded below $1.35. In exchange-flow terms, negative whale netflow means large holders moved more XRP away from Binance than they sent in.

That move matters because it happened during price weakness, not after a strong rally. Whale withdrawals during weakness can show that some large holders are reducing available exchange supply instead of preparing to sell.

The May 22 reading also followed similar whale behavior earlier this year. Taha cited negative Binance whale netflows of $60.7 million on Feb. 27, $35.5 million on March 6, and $37 million on March 26.

All four signals appeared near the $1.35–$1.40 range. That makes the zone one of the clearest recent areas of repeated Binance whale withdrawals.

Still, whale withdrawals do not confirm an immediate rebound. They can reduce potential sell-side supply, but price still needs stronger demand and a clean technical breakout.

XRP price stays below key moving averages

XRP traded at $1.36 on May 25, 2026, according to crypto.news price data. The token was up 0.23% over 24 hours, while its 24-hour trading volume stood at about $1.35 billion.

The same data showed XRP trading between $1.34 and $1.37 over the past 24 hours. XRP ranked fifth by market cap, with a market value of about $84.23 billion.

The short-term chart remains weak. XRP traded near $1.3584, below the 9-day moving average at $1.3663 and the 21-day moving average at $1.4051.

That structure keeps pressure on buyers unless XRP reclaims the $1.36–$1.40 area. The shorter moving average also remains below the longer one, which keeps the near-term trend neutral-to-bearish.

Immediate support sits near $1.3435, close to the daily low. Resistance stands near $1.3663, followed by the larger $1.4051–$1.4060 zone.

Volume near 29.06 million XRP remains low compared with earlier selloff spikes. That shows the latest bounce has not yet drawn strong market participation.

The MACD also remains below the zero line. The MACD reading near -0.0150, signal line near -0.0066, and negative histogram near -0.0084 show weak bearish momentum.

Traders watch $1.40 and $1.50 resistance

Related crypto.news coverage said XRP recently traded near $1.37 as exchange-flow data showed cooling deposit pressure. The same report said Binance and Coinbase had shifted toward withdrawal-led transactions, which may show easing exchange selling pressure. XRP stayed within a range, with support near $1.29–$1.35 and resistance near $1.50.

Separate crypto.news coverage showed a large XRP options trader collected $224,500 in premiums by betting XRP would stay near $1.40 through June 26. The trader sold 1.5 million contracts each of the $1.40 call and put options on Deribit.

That options trade fits the wider range-bound setup. Crypto.news noted that XRP had traded between $1.30 and $1.50 for roughly 60% of 2026, making the $1.40 area a key short-term price zone.

Crypto Patel also cautioned against aggressive upside targets without enough liquidity, structure, or a clear catalyst map. The analyst said $10 remains a long-run target, while the best accumulation area sits between $1 and $0.70.

CRYPTOWZRD said XRP closed indecisively and continued to hold a range. The analyst said a move above $1.40 could open upside, while a rejection near that level could set up a move back toward $1.32.

• The malware spread through npm, PyPI, and Rust packages in coordinated waves.
• It steals crypto wallets, SSH keys, and cloud developer credentials.
• AI coding tools were also targeted through malicious config files.

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

Security researchers identified dozens of malicious packages spread across major open-source repositories, all designed to steal sensitive developer data such as wallet keys, cloud credentials, and source code access tokens.

Instead of a single malicious upload, attackers deployed multiple packages in waves using different accounts.

This approach made the activity harder to detect at the early stages and allowed the malware to blend into routine dependency updates.

Coordinated attack across major developer ecosystems

The TrapDoor operation affected at least three major package ecosystems: npm, PyPI, and Crates.io.

Together, researchers identified more than 30 malicious packages and over 300 affected versions distributed within a short window.

The activity reportedly began around May 22, 2026, although GitHub reported unauthorized access to internal repositories on May 20. It then escalated quickly over the following days.

The packages were not isolated incidents. Instead, they appeared to be part of a coordinated release strategy involving multiple developer accounts.

This structure suggests planning rather than opportunistic abuse. Each package carried similar behavior patterns and pointed to a shared malicious framework used by the attackers.

How the TrapDoor malware operates inside developer systems

Once installed, TrapDoor packages execute automatically through standard build and installation processes used in modern development environments.

In JavaScript packages, malicious code is triggered through post-install scripts, which run immediately after a dependency is added.

In Python packages, the malware can activate during import, allowing it to execute without any explicit function call.

Rust packages use build scripts to achieve the same result during compilation.

After execution, the malware scans local systems for valuable data. This includes SSH keys, API tokens, and configuration files commonly used in cloud and blockchain development workflows.

It also targets browser-stored credentials and environment variables, which often contain sensitive authentication data.

Stolen information is then sent to external servers controlled by the attackers.

In some cases, the malware attempts to maintain persistence by modifying startup processes or inserting malicious hooks into development tools.

Crypto-focused targeting and high-value data theft

What makes this campaign particularly concerning is its focus on crypto-related development environments.

The malware specifically searches for crypto wallet-related files and credentials linked to platforms such as Coinbase, MetaMask, Binance, and Solana-based tools.

It also targets cloud infrastructure credentials from providers like AWS and GitHub access tokens.

These are especially valuable because they can provide attackers with direct access to private repositories, deployment pipelines, and backend systems.

In addition, the malware attempts to collect SSH keys that could allow remote access to developer machines or production servers.

This combination of targets gives attackers a wide range of entry points into both personal and enterprise systems.

AI development tools also under pressure

One of the more unusual elements of the TrapDoor campaign is its interaction with AI-assisted development environments.

Some malicious packages include configuration files designed to influence coding assistants and automated development tools.

Files such as .cursorrules and CLAUDE.md were reportedly used to manipulate AI coding assistants into performing actions that could expose sensitive information.

Instead of directly hacking systems, the attackers attempted to exploit how AI tools interpret project instructions.

This approach reflects a shift in attack methods.

Rather than targeting only code execution, the campaign also attempts to influence developer workflows that rely on AI-generated suggestions and automated analysis.

An active supply chain attack is targeting crypto and artificial intelligence developers in a bid to steal crypto, data or credentials, says the developer platform Socket.

Socket said in a report on Sunday that it discovered the malware campaign, which it dubbed “TrapDoor,” on Friday, and the campaign has deployed more than 34 malicious packages and 384 related versions, with attackers repeatedly pushing new releases across ecosystems.

TrapDoor targets crypto, decentralized finance, AI, and security developers, stealing wallet data, Secure Shell, or SSH keys, cloud credentials, GitHub tokens, browser extension data and API keys, Socket said.

The malware also targets popular crypto wallets, including Coinbase, Binance, Solana, Sui, Aptos, and MetaMask in addition to the Brave internet browser, Socket chief technology officer Ahmad Nassri said on Sunday. 

Nassri said the malware injects hidden instructions to “hijack your AI coding assistant,” targeting Claude and Cursor. “The goal appears to be to trick AI assistants into running a ‘security scan’ or similar workflow that causes secret discovery and exfiltration,” Socket said.

Source: Socket

Crypto and AI developers have increasingly become targets as malicious actors have been loading poisoned packages into “app stores” for developers, knowing they will install them as part of their normal workflow, often without checking. 

TrapDoor specifically targets popular developer resources such as npm (node package manager), the package store for JavaScript/Node.js developers, the language behind most websites and web apps.

It was also found in PyPI, the equivalent for Python developers, which is widely used in data science, AI, and automation, and Crates, the same thing for Rust developers.

Related: GitHub investigates unauthorized access to internal repositories 

The malicious package names are crafted to look like “development helpers, project setup tools, model routing utilities, prompt engineering packages, Solidity tooling, and Sui or Move build helpers,” Socket said. 

“This gives the campaign broad reach across adjacent developer communities where crypto wallets, cloud credentials, GitHub tokens, and SSH keys are likely to be present,” it added.

Developer platform GitHub has been used to disseminate the malicious packages, Socket said, adding the attack appeared to be AI-assisted.

“The GitHub activity shows signs of rapid, AI-assisted-style iteration: broad security-themed scaffolding, generic lure repositories, prompt-injection documentation, and partially implemented extraction concepts mixed with working malware components.”

GitHub itself was compromised on May 20 when it reported unauthorized access to its internal repositories following the compromise of an employee’s device. 

Magazine: Polymarket seeks Japan entry, Harvard dumps entire ETH position: Hodler’s Digest