Security

And then Microsoft busted them all

A single npm user on Thursday published 14 malicious packages within a four-hour window, all mimicking popular OpenSearch, Elasticsearch, DevOps, and environment-configuration libraries, according to Microsoft.

It’s the latest in a seemingly never-ending string of supply chain attacks targeting developer tools, and stealing cloud credentials and CI/CD pipeline secrets in its wake.

Using a newly created maintainer alias, vpmdhaj (a39155771@gmail[.]com), the threat actor published 14 packages impersonating legitimate libraries from the @opensearch and @elastic ecosystems and targeting Amazon Web Services, HashiCorp Vault, GitHub Actions, and the npm registry itself. This suggests that the attacker “likely chose a developer audience to have AWS and Elastic cloud credentials in their environments,” Microsoft warned in a Thursday blog. 

All of the malicious packages include the same install-time stager and the same Bun-compiled, second-stage payload: a 195 KB credential harvester purpose-built for cloud and CI/CD environments.

Plus, as we’ve seen with all of the other open source supply chain attacks of late, after stealing tokens and other secrets, the attacker can move laterally across cloud environments, steal additional sensitive data, and push even more poisoned updates to packages owned by hijacked maintainer identities, thus expanding the attack beyond the initial 14.

All of the malicious libraries have since been removed, and Microsoft published a list of all 14 in its blog. Give that a read to help identify systems that installed or built affected package versions on or after May 28. Be sure to also rotate an AWS IAM/STS, HashiCorp Vault, npm publish, and GitHub Actions tokens that may have been exposed.

To trick users into installing these developer tools and search engines, the attacker used typosquatting – naming a package one or two letters off from the legitimate one – or lookalike naming (such as opensearch-setup-tool, opensearch-config-utility, and elastic-opensearch-helper) to impersonate well-known libraries. 

In addition to this social engineering technique, used to drive installs through users’ typing mistakes or trust, the attacker also used two other techniques to make the supply chain attack more believable.

This includes spoofing upstream metadata. “Every unscoped package sets its package.json homepage, repository, and bugs fields to the legitimate github.com/opensearch-project/opensearch-js project,” Microsoft’s threat hunters explained.

And finally, they inflated version numbers, so the phony “releases” jump straight to 1.0.7265, 1.0.9108, or 2.1.9201 to indicate a mature release history.

After tricking users into installing the npm packages – all 14 are listed in the blog, so give that a read – the credential-stealing payloads automatically execute through preinstall hooks as soon as the victim runs npm install.

For this, the attacker used one of two stagers. The Gen-1 stager uses install, preinstall, and postinstall hooks that all invoke preinstall.js, and then collects a ton of host information including hostname, platform, arch, Node version, USER/USERNAME, cwd, INIT_CWD, npm_package_name, npm_package_version. It then base64-encodes the JSON, and POSTs it to the actor’s command-and-control server, which then serves a second-stage payload, written to payload.bin in the package install directory. 

“The package’s index.js re-launches the same payload.bin on every subsequent require() of the module – a quiet persistence mechanism that survives across CI build stages and developer rebuild loops,” according to Microsoft.

The later Gen-2 stager replaces the install-time C2 roundtrip with a stealthier loader that checks whether bun is already present on the host. If not, it downloads the legitimate Bun runtime v1.3.13, and then executes the second-stage payload, which sets to work stealing credentials across  AWS, HashiCorp Vault, npm, GitHub Actions, and other CI/CD environments.®

Meta is developing an AI-powered pendant that it plans to start testing in the next year, according to a memo viewed by The Information.

This device would presumably build on the work of Limitless, an AI device startup that Meta acquired at the end of 2025. The startup made an AI pendant that users could attach to their shirt or wear as a necklace to record their conversations.  At the time, Meta said the acquisition would allow it to “accelerate our work to build AI-enabled wearables.”

Earlier AI wearables have failed to catch on with consumers — perhaps due to privacy concerns and tone-deaf marketing, or perhaps because they just weren’t that useful. But companies like OpenAI aren’t giving up.

The memo also reportedly states that the company is planning to expand its lineup of AI glasses and launch a business subscription called Wearables for Work. With all these planned devices, Meta is apparently hoping to reverse the fortunes of its hardware-focused Reality Labs division, which lost $4 billion in the first quarter of this year.

TechCrunch has reached out to Meta for comment.

A new pair of Beats headphones are on the way, as a new unnamed model surfaces in a series of Instagram posts by football star Lamine Yamal.

On May 23, some mystery headphones appeared in an FCC filing, indicating a new pair was coming out of Cupertino. One week later, an Instagram post has shown that it’s from Beats.

The shots on the official account for Lamine Yamal showed the sporting celebrity wearing and carrying around some bright pink headphones. In the four photographs and one video, the headphones are either around his neck or hanging off a bag to his side.

Three of the shots give a clear look at the headphones, complete with the side “b” logo synonymous with Beats headphones.

Though the post doesn’t mention the headphones directly, nor offer any real information about them, we can tell from the images that they have an over-ear earcup design. This closely matches the simple drawing shown in the FCC filing.

While there are no real rumors about Beats headphones, the most probable match would be an update to the Beats Studio Pro, originally released in July 2023. While there are no other details for the headphones as of yet, the appearance with a celebrity indicates that a launch could happen within weeks.

Celebrity tease

Lamine Yamal is a prominent football player who plays for La Liga club Barcelona, as well as the Spain national team. In the clips, he is shown traveling to a training camp ahead of the World Cup.

Close-up of the mystery Beats headphones – Image Credit: Lamine Yamal

Advertisement

At the time of publication, Yamal has 43 million followers on Instagram. After an hour, his Beats-containing post achieved more than 1 million likes and 5.1 thousand comments.

The use of a celebrity on Instagram as the initial tease for a product launch is a typical promotion strategy for the Apple subsidiary. Regularly, Beats uses sports stars to promote earbuds, headphones, and speakers long before their launch.

Offbeat

5, 4, 3, 2, 1… pfft

BORK!BORK!BORK! The National Space Centre in England took things a little too far with its simulation of a rocket launch, unless it was seeking to recreate NASA’s leaking Space Launch System (SLS) via a plastic bottle and some water.

The Leicester-based museum features exhibits aplenty, including some rockets to gawp at, an intriguing parafoil-equipped Gemini capsule, a planetarium, and lots of interactive stations to educate and inform visitors about the space age.

Some of those interactive exhibits can, however, be a little too realistic for comfort, such as a bottle rocket intended to illustrate the Space Race between the United States and the Soviet Union.

It’s a simple enough concept. Select a rocket type, learn some stuff about it, watch as a water bottle is pressurized, listen to the countdown, and then liftoff! It’s an activity that kids – and adults – might have attempted in a garden or park.

Things didn’t go as planned at the National Space Centre, and was reminiscent of the repeated leaks NASA’s SLS suffered during launch preparations. Where the exhibit’s Soviet Union’s bottle blasted off as expected, the American one did not. It spewed water from the base in an unintended recreation of NASA’s initial attempts to fuel the SLS, before giving a pathetic twitch when the countdown reached zero.

Still, it could have been worse. Had the museum decided to recreate the failure of the Soviet Union’s N1 Moon rocket, or Blue Origin’s explosive test of its New Glenn this week, onlookers might have needed a change of clothes after a sudden, and very watery, boom.

The interactive display might not be quite what the museum intended, but it indicates that even in the high-tech world of the space age, the curse of bork is never far away.

Unless, of course, the plan was always to remind users of SLS leakage, if not the explosive excesses of today’s commercial providers.

The National Space Centre told us:

“We currently have one water rocket out, the USA rocket. There are these bands that are needed to keep the bottle in place within its frame, the bands for that rocket snapped a few times recently so we have run out of spares and are waiting on parts be delivered for it to be back in action, but the soviet rocket is completely fine and has been all week.” ®

This is, without a doubt, more work than setting up Wispr Flow. When you’re done, though, you have a working application with no monthly subscription. I recommend trying it out.

A Few Other Free Alternatives

Like I said before: AI transcription and LLMs are both widely available technologies. It should be no surprise, then, that there are many Wispr Flow alternatives out there right now.

For Mac users, the completely free and open source MacParakeet is a great option. It’s open source and completely free to download and use without an account. There’s also no upselling in the application. Transcribing is handled using local models, either Parakeet or Whisper, and a variety of LLMs—both local and online—are supported for the formatting step. That’s the closest completely free app to Wispr Flow I’ve found.

VoiceInk, another Mac-only option, is open source and free to use if you download the code from GitHub and compile it yourself. The app otherwise costs $25, one time, after which you can use all features without any ongoing payments. Note that the formatting step for this requires an API key from a service such as Gemini, Anthropic, OpenAI, or Claude.

Windows and Linux users should look into FOSS Voquill, which is completely free, open source software (hence the FOSS), and works offline. It doesn’t offer a formatting step, which is disappointing, but I’m including it because it’s the best free Windows and Linux option I’ve found without any annoying upselling.

Windows users and Mac users who don’t like the above options for any reason have one more choice: OpenWhispr. This open source tool doesn’t require an account (but you’ll have to find a tiny “Continue without an account” button). The application offers a subscription, but you can opt to set up local models and external API keys instead to avoid paying.

Do You Really Need to Type With Your Voice?

Wispr Flow has its upsides. It’s easy to configure, for one thing, and has a consistent user interface. I can understand why someone might opt to pay for a subscription. But if money is tight right now, there are free options available.

I had fun exploring this growing field, but I’m going to stick to my keyboard. Wispr Flow, and apps like it, promise to let you write at the speed of thought, but I type faster than I think. If I can be philosophical for a second, writing is how I think. Typing a sentence, looking at it, and refining it isn’t an annoying part of the writing process—it is the writing process. And I often don’t know what my opinion on something is until I take the time to refine my thoughts. I can’t help but feel a lot of that would be lost if, instead of typing, I just talked to my computer.

But every brain is different, and these tools may work well for you. Which is why I’m glad there are so many options out there.

The Witcher 3: Wild Hunt is one of my favourite games of all time. Steeped in rich lore, abundant with characters and dripping in magic, it’s got so much to offer I’ve felt almost greedy as I devour its gameplay. And maybe I am, because I’ve certainly got a rumbly in my tumbly for more. When CD Projekt Red announced that a new Witcher game was in the works back in 2022, well, I felt a similar tingle to the one Yennefer undoubtedly bestows upon Geralt.

This time round, it’s a new trilogy, passing Geralt’s carefully-handed reins over to Ciri. Taking over from ‘daddy’, she’ll become the main protagonist. For Geralt, reportedly, he’ll hold a simple supporting role. It’s a clever move, granting players both new and old an appealing place to jump in, but it’s given players plenty to talk about.

The golden age of Microsoft’s Github Copilot appears to be at an end — for the little guy, at least. The company is switching its billing system from a flat subscription rate to a token-usage system that has the potential to bill users at a significantly higher rate. Bigger enterprises may still have the juice for it, but smaller companies and workers could find themselves wondering how they’re supposed to balance the monthly budget.

The changes, which will take place June 1, mean that users will charged based on how many tokens they burn through as they work instead of a low flat rate based on requests.

Some developers with financial whiplash have taken to places like Reddit and X to bemoan what — in many cases — appears to be a drastic escalation in cost.

“What a joke,” one Redditor recently wrote, claiming that, while they currently only pay around $29 per month, the new rate will balloon their costs to nearly $750 a month. “This new usage model is just stupidly expensive. I’m adjusting mine by cancelling. At that cost, it is no longer cost-effective or useful in any practical way.”

Another user posted “WOW, didn’t expect new pricing model to be this ridiculous,” sharing a screenshot that appeared to show that their costs had shot up from around $50 to some $3,000.

The increases sound extreme. However, some Copilot users have bitten back at this criticism — noting that, if you know what you’re doing, you really shouldn’t be blowing through quite so many tokens on a regular basis. The people spending this much are vibe-coders with little actual development knowledge, those critics maintain.

“The vast difference between some of us working all day and still barely having overage and then these screenshots. I struggle to believe it’s complexity differences in the workload,” wrote one user. “The only way it gets crazy like that is if you are purely ‘vibe coding’ with a ton of bloated iterations,” they later added. “It’s pretty affordable for even small outfits if used as a tool, on pretty much any provider.”

Others have focused on the mind-boggling economics behind the company’s previous model. “Holy fuck how much money was copilot losing,” one Redditor asked in a recent post.

It’s a good question.

The economics behind Copilot have not always seemed so easy to grasp, and the amount that the company must have spent to subsidize the ongoing vibe-coding escapades of its user base is similarly mysterious and hidden from public view.

While some have criticized the changes and others have critiqued those critiques, still other online voices have argued that developers have a perfectly good reason to be upset, given that Microsoft encouraged users to use its chatbot indiscriminately and now appear to be pulling the rug out from under them.

“To all the people blaming…the people who actually used the system the way that Microsoft built it (and even encouraged it to be used this way), honestly the only one at fault here is Microsoft. Microsoft provided this billing method and they kept making it easier and easier to burn through massive numbers of tokens on single premium requests that could churn for hours or even days while spawning dozens or even hundreds of sub-agents,” one user wrote.

TechCrunch reached out to Microsoft for comment, but did not hear back by publication time.

Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks.

The company fixed the CVE-2026-0257 flaw earlier this month, warning that it could be used to establish unauthorized VPN connections on the device.

“GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection,” reads Palo Alto’s advisory.

The flaw received a Medium severity rating because it requires devices to be configured with authentication override cookies enabled and a specific certificate configuration.

However, on Friday, Palo Alto Networks updated the advisory to warn that the flaw was now being actively exploited in attacks against unpatched devices, raising the severity rating to High.

“Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied,” reads the update.

This update comes after Rapid7 warned that it had observed the flaw being exploited against numerous customers starting on May 17.

“Rapid7 MDR identified successful exploitation across numerous customers, however we did not observe any indication of successful lateral movement from the devices. The earliest date for observed exploitation was May 17, 2026,” explains Rapid7.

“As of May 29, 2026,  this vulnerability has been added to the CISA KEV.”

According to Rapid7, the attacks began with hackers authenticating to GlobalProtect gateways using forged authentication override cookies that targeted the local administrator account.

The company first observed exploitation on May 18 from infrastructure hosted by Vultr, with a second wave of attacks detected on May 21 originating from Dromatics Systems.

In some cases, attackers were able to connect to the device via VPN using forged cookies, granting them access to internal networks. However, Rapid7 says that in many incidents, even though the appliance accepted the forged cookie, they were unable to establish a full VPN session.

Rapid7’s investigation into affected customers found that the impacted devices had GlobalProtect authentication override cookies enabled and were configured in a way that allowed attackers to forge valid authentication cookies.

The researchers say the flaw stems from PAN-OS’s validation of authentication override cookies.

A GlobalProtect VPN device decrypts these types of cookies using a configured private key and then trusts the decrypted contents without performing any signature verification.

If the same certificate is reused for both HTTPS services and authentication override cookies, attackers can obtain the corresponding public key via the HTTPS session and then use it to create forged cookies that the device will accept as legitimate.

Rapid7 developed a proof-of-concept exploit that demonstrates how an attacker can retrieve the public certificates exposed by a GlobalProtect portal or gateway, generate a forged authentication override cookie for an arbitrary user, and authenticate without knowing valid credentials. Using this PoC, the researchers successfully authenticated to an unpatched GlobalProtect gateway.

Organizations using GlobalProtect VPN devices should immediately install the latest security updates to patch the flaws.

Admins can also mitigate the flaw by turning off the authentication override feature or utilizing a different certificate for this feature and not sharing it with other services on the device.

CISA has now added the flaw to its Known Exploited Vulnerability catalog, ordering federal agencies to mitigate the flaw by June 1, 2026.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Download Now

A group of 20 Snap alumni has come together to launch a fund called Ghost Angels to back the next generation of social media. The fund declined to disclose how much it has raised so far, but says it has backed at least five companies and plans to deploy the remaining capital within the next year into at least 15 companies. 

Max Rivera, who once led global partnerships at Snap, started the fund in 2025 to formalize the already-growing Snap alumni angel-investing community. Though Rivera runs the fund, there are around 20 other founder members and investors, including a small number of those still at Snap, alongside alumni like Alexandra Levitt, who ran Snap’s corporate accelerator, and Will Wu, who was a founding member of Snap’s product and design team. 

“We were intentional about the mix,” Rivera, who currently works at Microsoft’s AI lab, told TechCrunch, noting that Ghost Angels wanted to bring in former senior executives alongside those earlier in their careers, too. “That diversity of thought and experience is core to how we evaluate deals and support founders.” 

Much has changed since he first started at Snap nearly 10 years ago. Today, the people building companies have much leaner teams, while “founders are launching fast and iterating in public.” 

“We’re seeing experimentation of different monetization models beyond ads with subscriptions, token [and] usage-based, or even outcome-based,” he said. “Founders are also more in the forefront, with founder-led GTM as a key pillar.” 

Naturally, the fund is focused on investing in pre-seed to seed AI startups that are building in social media and consumer. Rivera said one of the biggest trends he has noticed about the next generation of social media is how “social” and “media” have actually split. The idea of what consumers know as social media today is a platform that relies heavily on ads, with an algorithm driving content and recommendations. 

“A lot of people are disillusioned with that relative to the original promise of connecting people in your life,” Rivera said. TechCrunch reported last year that the next generation of social media was moving away from building generalized platforms and toward niche communities. 

“On the social side, we’re backing founders that are applying AI in creative ways to finally deliver on that original promise,” Rivera continued. “On the media side, [we’re backing] AI native formats and generative creative tools across different media types, from music to gaming, sports, and fashion, that are dramatically lowering the barrier to creation and distribution.”