Autodesk has spent four decades selling the software that engineers and architects use to design buildings, factories and machines. With its latest acquisition, it is buying its way into what happens after those things are built.

The company has agreed to acquire MaintainX, a maintenance and operations platform, for about $3.6 billion in cash.

The deal, announced on 28 May, is an all-cash transaction Autodesk plans to fund with cash on hand and new debt. Closing is targeted for as early as 3 August, subject to regulatory and customary conditions.

Alongside the headline price, Autodesk said it would issue $150 million in restricted stock to MaintainX employees, the standard retention sweetener that signals the buyer wants the team, not just the product.

MaintainX is the kind of company that is invisible until something breaks. Founded in San Francisco in 2018 and led by chief executive Chris Turlica, it makes mobile-first maintenance software, a modern take on the computerised maintenance management systems, or CMMS, that factories and facilities use to track work orders, assets and repairs.

More than 500,000 frontline workers use it, and the company was last valued at around $2.5 billion privately, on annual recurring revenue reported near $115 million.

At roughly $3.6 billion, Autodesk is paying a clear premium to that last private mark, which is the going rate when a strategic buyer wants a category leader rather than a turnaround.

The number also looks large against MaintainX’s revenue, the kind of multiple that only makes sense if the buyer is pricing the strategic fit rather than the current financials.

That fit is the whole rationale. Autodesk frames its strategy as converging “design, make and operate,” the idea that data should flow continuously from the moment something is designed to the years it spends in service. It has the design and the make; operations was the gap.

MaintainX slots into a new division Autodesk is calling Autodesk Operations Solutions, giving it a foothold in the daily work of the maintenance teams who keep its customers’ physical assets alive.

There is an AI logic underneath the org chart. Maintenance data, every work order, every breakdown, every part replaced, is exactly the kind of structured operational record that trains useful predictive models, and Autodesk has been pushing its own generative-AI design tools.

Owning the operate layer gives it a data stream it did not have, at a moment when every enterprise-software company is racing to turn its workflows into AI features.

For MaintainX, a $3.6bn cash exit is a clean outcome for its backers and a fast one for a company not yet a decade old.

For Autodesk, the harder work begins after August: integrating a mobile-first frontline product into a design-software giant, and proving that “design, make and operate” is a platform customers will buy as one thing rather than a slide that explains an acquisition.

Call of Duty players on previous-generation consoles can’t seem to catch a break. First, Activision announced that the next Call of Duty, which we now know is Call of Duty: Modern Warfare 4, will not be released on PS4 and Xbox One. Now, the company is also taking Call of Duty: Warzone away from both older consoles.

The publisher has confirmed that Warzone support on PS4 and Xbox One will be reduced in stages before ending later this year. The first step begins on June 4, when Warzone will be removed from the PlayStation 4 and Xbox One digital storefronts. After that, new downloads will no longer be available on either platform.

Warzone’s last-gen exit starts in June

Players who already have Warzone in their library will still be able to install and play the game for a limited time. Activision says the game will remain playable on PS4 and Xbox One through the end of Season 06 for Call of Duty: Black Ops 7.

The next major change arrives on June 25, when the Warzone in-game store will be removed from both last-gen versions. COD Points can still be redeemed in the store until then, and gameplay will continue to count toward Battle Pass progression. Players without the paid Battle Pass can still unlock free-tier rewards, including new weapons, during the remaining Black Ops 7 seasons.

The final cutoff comes with Modern Warfare 4 Season 1. Once that season begins, Warzone will no longer be playable on PS4 or Xbox One.

Upgrading may sting for PS4 holdouts

For PlayStation players, the timing is awkward. Sony’s Days of Play 2026 sale is live, but the PS5 console itself does not appear to be getting a discount. The upside is that players who do upgrade can still pick up discounted PS5 games, accessories, and PlayStation Plus memberships while the sale runs through June 10.

Activision says players will not lose their Warzone progress if they move to PS5, Xbox Series X|S, or PC using the same linked Activision account. Items bought with COD Points will also carry over. However, unused COD Points stay tied to the same console family, so PS4 players can use them on PS5, and Xbox One players can use them on Xbox Series X|S.

Warzone gave PS4 and Xbox One players a long runway after the current-gen consoles arrived. That runway is now almost over, and anyone who wants to keep playing Call of Duty’s battle royale after this season will need to move to newer hardware soon.

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale.

The vulnerabilities range from path traversal revealing configuration files (escaping from the web server by requesting a path like “../../../../../etc/passwd” for instance), to command injection (running arbitrary shell commands on the system), and actually changing device configurations. Some of the reported vulnerabilities require an account on the management server, but some only require network access .

Fortunately, all of the vulnerabilities require access to the network in the first place to exploit – but this could include access to open guest networks as well as trusted users. If you run Ubiquti or UniFi equipment, chances are the automatic update function has already integrated the fixes, but make sure to check the advisory to see if you’re impacted and update accordingly!

FreeBSD Root Exploit

FatGid lets FreeBSD join the fun of kernel exploits to gain root.

The FatGid vulnerability doesn’t require any manipulation of disk cache; instead it is a direct kernel stack overflow in a system call. The kernel miscalculates the size of a variable as 8 bytes instead of 4, which when used later interacting with a user buffer allows the stack overflow.

Like the recent spate of Linux local privilege escalation attacks, this requires the attacker to already have an account on the system or the ability to run arbitrary programs, but remember that any bug in network services which allows command execution gets you there, so if you run network exposed FreeBSD, it’s time to update!

Kali365 Phishing-as-a-Service

Phishing-as-a-service platforms have been gaining traction, allowing criminals to automate targeting users with crafted lures. The FBI has issued a warning about the Kali365 service in particular.

Kali365 targets credentials for Microsoft 365 accounts by directing users to the official Microsoft portal for linking additional devices to the account, attaching an attacker device directly to the user identity. Alternatively, the framework steals credentials by directing the user through a hostile service which presents a false login page which captures browser sessions along with authentication cookies and tokens once the user answers the fake multi-factor login prompts.

Automating the phishing process lowers the bar for the skill level needed to create authentic-looking lures and makes it simpler for criminal groups to attack large numbers of users; Phishing-as-a-service groups operate as companies offering customer support, tracking dashboards, and pre-made phishing templates.

Glassworm Botnet Takedown

CrowdStrike, Google, and the ShadowServer Foundation have done a coordinated takedown of the infrastructure used by the Glassworm supply-chain botnet.

Glassworm has been mentioned previously; it is one of several major worms infecting the open source package supply chain repositories like NPM and PyPi or the Visual Studio extension repository. Once a victim installs a compromised package or extension, the Glassworm trojan steals any saved authentication tokens for package repositories, GitHub accounts, AI services, and any SSH keys found, and begins the stage two infection. Using the stolen credentials, the worm infects any GitHub workflows, packages, and extensions the user has access to, and installs a remote-access trojan which waits for further commands.

Glassworm used a complex control server structure including blockchain memos, BitTorrent files, and public Google Calendar entries, but the coalition of companies was able to interrupt all control channels simultaneously. Hard-coded aspects of the worm will continue to function, but all behavior which requires downloading payloads from the control servers has been disrupted.

This isn’t the first time multiple Internet companies have coordinated to take down malware, but it’s always good to see action against threats which have been decimating the package repository infrastructure lately.

TechCrunch Spyware Avoidance

On the positive side of things, TechCrunch has an article about modern features to protect users against spyware. If this isn’t news to you, there’s still almost certainly someone in your life who will benefit from a user-friendly write up of best practices!

Both major commercial mobile platforms (iOS and Android) offer advanced protection features which are minimally invasive. For users who are likely to be higher targets of spyware like journalists, lawyers, and human rights activists, or simply those who are worried, these features offer real protection.

The features explained in the article include Apple’s Lockdown mode, Androids Advanced protection mode, and WhatsApp specific application settings, all of which work to reduce common attack surfaces for devices. The advanced security modes typically have minor impacts on performance and battery life due to disabling optimization features which introduce additional complexity and attack surfaces (such as just-in-time compilation of JavaScript code into native instructions.). When situations call for an abundance of caution, a few percent of battery life daily is a reasonable compromise.

Go check out the full write up!

Microsoft Bans NightmareEclipse

An exploit researcher known only as “NightmareEclipse” has been featured here several times in the past months already. Showing intense frustration with their experience with the administrators of the Microsoft security bug bounty program, they have taken to releasing zero-day exploits against Windows, often coinciding with Patch Tuesday (clearly no accident; by releasing a new exploit on the same day as the Microsoft patch set, it’s unlikely to be fixed before the next months Patch Tuesday at the earliest). Previous exploits released by NightmareEclipse include BlueSun and RedHammer (local user to Windows SYSTEM privilege escalation), UnDefend to disable Windows Defender, and YellowKey which unlocks BitLocker drives using a collection of nothing more than magically named files.

Toms Hardware reports that Microsoft has disabled the researchers GitHub accounts (GitHub being owned by Microsoft has long been a point of concern for security researchers who find vulnerabilities in Microsoft products), as well as the actual Microsoft account used by the researcher.

While it’s certainly within the terms of service of Microsoft and GitHub that accounts may be terminated, the optics are particularly poor in this case, given the confusion around the initial interactions which led the researchers original anger. NightmareEclipse has moved their example code repositories to GitLab in the mean time, and promises Microsoft that “I will make sure your bones are shattered on July 14”, implying there will be additional releases (on, you guessed it, what looks like another Patch Tuesday).

Further clouding the issue, an official Microsoft statement indicates they are attempting to bring criminal (not just civil) charges against researchers who do not cooperate with the Microsoft disclosure policies, a stance which will certainly in no way exacerbate the situation.

Fingerprinting Devices by SSD

Dan Goodin at Ars Technica highlights a new paper on fingerprinting users via SSD disk performance, using just standard JavaScript.

The modern web is a hellscape of user tracking, and this attack, dubbed FROST, highlights another technique for identifying unique devices and user patterns based entirely on hardware behavior. By generating a large file using local browser storage via OPFS (origin private file system, an API for JavaScript to create raw files inside the browser storage area) and continually reading and writing data while monitoring the performance, a web page is able to monitor the disk access performance of the device.

Using a neural network trained on timing data, researchers say they are able to determine what apps may be running on the computer alongside the browser – and sometimes even what other websites are being viewed, based solely on the delays in disk IO caused by other applications and websites accessing the SSD. The paper will be presented in July, with researchers saying that the neural network can be trained to recognize “any system which reliably generates SSD accesses”.

Likely, browser developers can mitigate FROST by decreasing the performance of file operations in the OPFS API so that the performance data lacks the fidelity needed to derive user behavior.

FROST is a “side channel attack”; by monitoring one set of characteristics, side channel attacks are able to infer other system behaviors. Side channel attacks can be incredibly subtle and difficult to predict: Another side channel attack method has been to use extremely fine-grained monitoring of the power consumption of a device to derive encryption keys, predicting the CPU instructions and values based on the amount of power used to set the internal registers.

Improving Memory Safety in C#

Programming languages have been moving towards stronger default memory models, making programs more secure by default by eliminating behaviors which are commonly exploitable. Using a memory-safe language does not prevent logic errors or other security issues, but can still help by eliminating common mistakes.

Microsoft has posted an extensive article about new enhancements for C# in .NET 11. Borrowing in many ways (that’s a programming joke) from the Rust memory model, C# 16 will add additional memory enforcement and object lifetime, detecting when memory is no longer available and preventing invalid memory accesses on expired objects, with the goal of eliminating use-after-free memory corruption and attacks.

C# 16 will also increase the meaning of the “unsafe” keyword, a mechanism introduced in C# 1.0 and since heavily adopted by newer languages such as Rust and Swift. Code marked as unsafe in C# 16 is able to bypass the stricter memory model, but all code referencing it must also be marked as unsafe. Making unsafe code more difficult to use increases the overall friction of doing things the dangerous way, while clearly marking code which is higher risk.

There are few magic bullets for secure programming, but reducing the ways a programmer can make simple mistakes can be a big win.

Electrons are great. We use them to move vehicles, illuminate cities, and, of course, compute. But computation is not confined to the world of electronics. And shifting to alternative nonelectronic realms can unlock unique advantages: Photonic chips, for instance, process information with light while generating little heat. Another compelling alternative is fluidics, which uses pressurized gases or liquids to build logic circuits. Pioneered in the 1960s but sidelined by microchips, the field reemerged in the 1990s as “microfluidics.” This approach aims to shrink laboratories onto a single chip by creating microscopic fluid channels with integrated micropneumatic control systems.

Today, there is a second fluidic revival, this time in the domain of soft robotics. Scaling microfluidic designs up to the millimeter-scale range (millifluidics) enables the higher flow rates necessary to drive robotic actuators. These robots exploit the nonlinear behaviors of soft materials to create lifelike motion and safer interactions, often utilizing pressurized air.

By building systems that “think” with the same air that powers them, we can drastically reduce the need for bulky electronic-to-pneumatic interfaces. This is the focus of my Soiboi Studio robotics lab. With millifluidic logic, I have steadily scaled the complexity of my designs. What began with a simple oscillator has most recently evolved into a clock featuring a soft, four-digit, seven-segment display.

What Is Millifluidics?

Building on microfluidics research from the early 2000s and recent developments from the Grover Lab at the University of California, Riverside, I’ve developed millifluidic devices using standard 3D printing and silicone casting. The basic architecture is simple: A flexible membrane is sandwiched between rigid layers embedded with networks of air channels.

Just as electronics rely on differing voltage potentials, these fluidic circuits operate on the pressure difference between atmospheric pressure (logical 0) and a near-vacuum at around −60 kilopascals of relative pressure (logical 1). Using negative pressure means the membrane is pulled into openings. This creates robust seals that allow me to replicate electronic building blocks.

A cast silicone membrane forms the face of the clock [top], while behind it sits 3D-printed millifluidic blocks [middle rows]. An Arduino Uno controls driver boards that operate solenoids, which are connected to valves that are attached to a vacuum pump [bottom row].James Provost

While fluidic resistors are easily realized by adjusting the channel geometry, the heart of the system is a valve that mimics a metal-oxide-semiconductor field-effect transistor, or MOSFET. This vacuum “transistor” features a flow layer with two chambers (the source and drain) divided by a central valve seat and a control layer containing a cavity (the gate). A membrane runs between the control and flow layers and normally prevents airflow between the source and drain chambers. To switch the transistor on, a vacuum is applied to the gate chamber, sucking the membrane into the cavity and lifting it off the seat. This opens a path for airflow, equivalent to closing an electric circuit. By adding a small aperture to the membrane, I created a check valve—the fluidic equivalent of a diode. By combining transistors and resistive “pull-down” channels, I can build a full suite of logic gates.

The original microfluidic designs that inspired me were fabricated from etched glass and milled acrylic. Adapting them for a standard 3D printer required reengineering the logic elements and mastering two critical fabrication techniques.

First, I need airtight prints, yet printed plastic is notoriously porous. By printing at elevated temperatures, slow speeds, and slight overextrusion, I was able to fill microscopic gaps. When you’re using transparent filament, there’s a handy visual indicator: The more transparent the plastic appears, the lower its porosity.

Second, I used glass for my print bed. By printing the upper and lower chambers directly against this bed, I got the interface surface to become mirror smooth. This finish is essential for creating reliable, airtight seals. A 0.3-millimeter silicone membrane is placed between the layers and secured with screws.

How Does the Soft Clock Work?

The clockface is a cast silicone membrane. Each digit segment is formed by a small underlying cavity. When air is evacuated from this cavity, the membrane is sucked inward to create a concave hollow; when atmospheric pressure is restored, the silicone pops back flush with the surface. The result is a mesmerizing, organic motion.

The “brain” of the clock is an Arduino Uno, while the fluidics significantly reduce the hardware footprint. A four-digit, seven-segment display with two separator dots would require 29 solenoid valves to control directly. My clock needs just 11 valves.

A pneumatic transistor is off when its upper control chamber is at atmospheric pressure [top]. When air is removed from the control chamber, it lifts a membrane, which allows air to flow between lower flow chambers and turns the transistor on [bottom]. James Provost

To understand how it works, consider a standard electronic four-digit, seven-segment LED display. This also uses 11 pins to drive its digits. (In clockface displays, an additional pin is required to drive the separator dots.) Every digit is connected to a shared data bus with seven lines, one per segment. The four control lines select individual digits. Only one digit is illuminated at time, and strobing the digits at least 50 times per second creates the illusion that all four are simultaneously illuminated.

Such high-speed switching is not possible with air. Instead, I rely on memory. Each segment acts like a capacitor: By evacuating its cavity (logic 1), you “charge” the segment; by restoring atmospheric pressure (logic 0), you discharge it. Hence, each digit acts as an independent 7-bit memory. If the system is sufficiently airtight, the segments maintain their state for several seconds.

Like the electronic display, the system utilizes a seven-line data bus. Each line connects to a solenoid valve that provides either vacuum or atmospheric pressure. To selectively address the individual digits, I placed a fluidic transistor between each segment and its data line. All the transistors’ control inputs for a given digit are combined into one “write enable” line connected to its own solenoid valve. Activating this valve allows me to write data into the corresponding digit’s memory.

The clock updates one digit per second, meaning a full cycle across the face takes 4 seconds. This cycle also drives the separator dots: A set of fluidic diodes connects the enable lines to the dots’ cavities. Consequently, as each digit is addressed, the dots pulse automatically.

This display is more than a clock; it is a soft robot that happens to tell time. By offloading computation to the same air that powers movement, the clock approaches a new class of machines that are simpler, lighter, and more integrated. I’m now developing a guide for getting started with vacuum-powered logic and may release a refined version of this clock in the future. Watching the silicone skin morph serves as a fascinating reminder that not all logic needs silicon; sometimes, all you need is flexible silicone and a flow of air.

This article appears in the June 2026 print issue as “The Soft Clock.”

Google’s approach to digital car keys is designed to be secure and shareable.

What is Android’s digital car key feature?

How do digital car keys work on Android?

How do you add a digital car key to your Android phone?

Which phones and cars support digital car keys?

Are there any risks to using digital car keys?

The Dublin-registered tax-tech firm paired a Series C led by Headline with the acquisition of PwC’s Indirect Tax Edge, a bet that periodic compliance is giving way to real-time.

Indirect tax is the kind of problem most people never think about until a government decides to watch every transaction in real time.

That is now happening across much of the world, and Fonoa has just raised $110 million and bought a piece of PwC on the strength of it.The company announced both moves together, framing them as one bet rather than two.

The funding is a Series C led by the venture firm Headline, with new investors Eurazeo and Forestay Capital joining existing backers including Index Ventures, OMERS, Coatue and Dawn Capital. Fonoa, registered in Dublin and run by co-founder and chief executive Davor Tremac, did not disclose a valuation.

The capital, the company said, will go toward building more autonomous, AI-driven intelligence into its compliance platform.

The acquisition is the more unusual half. Fonoa is taking over PwC’s Indirect Tax Edge, an enterprise compliance product used by some of the world’s largest organisations to handle VAT and GST filing, e-filing and transactional tax data.

The deal builds on an arrangement first announced in 2024, when Fonoa agreed to acquire the product from PwC; the latest step folds Edge into Fonoa’s platform while PwC continues to support its clients with consulting and reporting around it.

The logic Tremac set out is structural. Most enterprise tax functions, he argued, run on a patchwork of point solutions, a tool for one country, a system for one step, a spreadsheet for the gaps between, which worked when tax was slower and largely national.

It stops working once authorities demand real-time e-invoicing and transaction-level reporting across borders, which is increasingly the norm in markets representing the bulk of global trade.

Edge customers, in this framing, are running best-in-class periodic compliance but lack a connected path to real-time reporting from inside the same trusted system. Fonoa’s pitch is that it can give them that continuity, full lifecycle coverage on a single data model, without making them start over, and layer AI-driven monitoring on top of workflows that used to demand heavy manual effort.

That a Big Four firm chose to hand a live enterprise product to a scale-up, rather than build the real-time layer itself, is the part of the announcement that carries the most weight.

It is a vote of confidence in Fonoa’s infrastructure, and it slots into a broader European pattern of B2B fintech and regulatory-technology consolidating as compliance grows more demanding, the same shift that has lifted firms like the Dutch SME bank Finom.

The raise and the acquisition are, on Fonoa’s account, two expressions of the same wager: that indirect tax is bifurcating between firms that move to connected, real-time-ready systems and those left managing the gaps as regulators close in.

The unanswered questions are the usual ones for a company-issued announcement, the valuation, the price paid for Edge, the eventual headcount, none of which Fonoa disclosed. What it did disclose is direction, and a Big Four partner willing to stand behind it.