CYBER-CRIME

A familiar tactic popularized by chaotic crime crew Lapsus$

UPDATED A new extortion brand called Pink – which may be a rebrand of BlackFile – uses voice phishing and fake help-desk calls to gain initial access to organizations’ IT environments, steal their sensitive data, and threaten to leak it unless the victims pay a ransom demand.

Palo Alto Networks’ Unit 42 first spotted the gang, which it tracks as cluster CL-CRI-1147, and its data-leak site, which went live on May 31. “Pink uses vishing and IT impersonation to phish credentials/MFA, then exfiltrates enterprise cloud storage and productivity data to extort victims,” the threat-intelligence biz said in a LinkedIn post.

Google Threat Intelligence is not so sure it’s a new gang, however.

“After retiring the BlackFile brand in May 2026, we assess the group launched the ‘Redact’ brand and has now potentially surfaced as ‘Pink,,” Austin Larsen, Principal Threat Analyst at Google Threat Intelligence Group, told us. “This new operation exhibits hallmarks of UNC6671, including similar credential-harvesting infrastructure, data leak site (DLS), and recurring messaging that claims to ‘improve the security’ of victims who pay. Additionally, we attribute the Pink (CL-CRI-1147) domains recently published by Unit42 to UNC6671.”

Regardless whether it’s brand new or just a new coat of paint, the tactics are very familiar.  Pink is one of many goon squads to use these social-engineering tactics to steal employees’ credentials and bypass multi-factor authentication, using this access to burgle companies’ cloud storage and databases. 

Chaotic crime crew Lapsus$, during its 2021 and 2022 extortion spree that hit Nvidia, Microsoft, and Okta, among others, popularized this style of phone-based intrusions before Scattered Spider picked up the mantle. Scattered Spider is perhaps best known for its 2023 Las Vegas casino digital heists, and reportedly bragged that all it took to break into MGM’s networks was a 10-minute call with the help desk.

Over the last few years, ShinyHunters has used this same playbook to steal sensitive data from Ticketmaster, AT&T, and other Salesforce customers, and thousands of schools and universities that use Canvas’ digital learning platform.

Despite multiple arrests across all three gangs, they keep coming back to victimize more organizations. Most incident responders, including Google’s Mandiant and Unit 42, link many of these criminal collectives to The Com, a loosely knit group of primarily English speakers made up of several interconnected networks of hackers, SIM swappers, and extortionists, with some of its subgroups offering real-life violent crime for hire.

According to Unit 42, this latest cluster of extortion activity is also “likely a Com-affiliated actor.” And after investigating “multiple” of these extortion attacks over the past few months, on Monday, they spotted something that led them to Pink’s name-and-shame website.

“On June 1, 2026, an existing extortion negotiation that had never received a response, attributed to a likely Com-related cluster, received new communication from a threat actor via a free webmail account,” Unit 42 analysts Richard Emerson and Cuong Dinh said in a Wednesday threat-intel post. “The actor provided a new qTox ID and a leak site associated with the Pink brand, but referenced exfiltrating almost identical information from the original extortion notice.”

Pink data thieves set a 72-hour deadline for the victim to respond before leaking the stolen goods.

After gaining access to the victim’s account, the criminals snoop around for valuable corporate and customer data from platforms like SharePoint and OneDrive. After exfiltrating the stolen files, Pink attackers use compromised victim accounts and internal Teams messages to extort the company.

“The actor reuses second-level domains to target multiple organizations, and the third-level domain typically thematically represents the target,” Emerson and Dinh wrote.

They also listed the following phishing domains as indicators of compromise: 

• passkeyadd[.]com

• passkeydeploy[.]com

• deploypasskey[.]com

Along with these three IP addresses:

• 185[.]178.208[.]153 (hosted phishing domains)

• 172[.]93.100[.]252 (accessed compromised accounts)

• 96[.]232.20[.]66 (residential proxy IP responsible for extortion email creation)

Plus, these user-agent strings were observed during data exfiltration:

Network defenders can use these to assist in threat-hunting efforts. And be very wary of help desk calls, both from people claiming to be employees locked out of corporate accounts and from those purporting to be support staff rolling out a mandatory MFA update or other emergency. ®

HP has just collaborated with Ferrari to make a special edition laptop that borrows from the car maker’s racing DNA. The result of this partnership is the HP Limited Edition Scuderia Ferrari AI PC. And in typical Ferrari fashion, this laptop is covered in a furious red shade. When you flip over the laptop, you will see a glass lid that has over 2,000 micro-holes to ensure airflow, a design inspired by the exposed engine bay in Ferrari’s cars. 

What’s this machine all about?

Of course, there are plenty of other elements that have been borrowed from Ferrari’s luxurious sports cars. For example, there is a light bar right above the haptic trackpad. The keyboard backlight is adorned in a red shade that is reminiscent of Ferrari control panels. On the underside, there is a glass window sitting atop a carbon fiber-inspired cover that gives you a peek at the innards, including the two fans and heat sinks.

HP and @Ferrari are bringing performance, precision and design heritage together in a new way.

Introduced ahead of the Monaco Grand Prix, the HP Limited Edition Scuderia Ferrari AI PC reflects nearly two years of collaboration between Ferrari’s Design Studio and HP’s industrial… pic.twitter.com/Tf0g1wcqDB

— HP (@HP) June 4, 2026

Now, this is not a mass-market laptop. Far from it, actually. HP says that it is only making 4,999 units of the HP Limited Edition Scuderia Ferrari AI PC, and each one will bear its own unique identifier number at the back. As far as the specs go, it offers a 14-inch 3K tandem OLED display with touch input support, 120 Hz refresh rate, and 700 nits of peak brightness. It draws power from Intel’s Core Ultra X7 processor, alongside a generous 64 GB of RAM. This is a Copilot+ PC that can deliver 180 TOPS of AI firepower, and yes, there’s a dedicated Copilot key on this one, as well.

Now, this won’t be the first time that an automobile brand has joined hands with a player in the PC industry to make special edition laptops. This is not even the first such adventure for Ferrari. Back in 2009, the Italian car maker partnered with Acer to make the Ferrari One laptop. This was followed by a similar partnership struck between Asus and Lamborghini. MSI also inked a similar deal with Mercedes-AMG to make one of its Stealth 16 laptops. 

What else?

The port situation is not bad either. You get a total of four of them, which include an HDMI 2.1 port, a pair of Thunderbolt ports on the left edge, a USB-C port with DisplayPort 1.4 output, and a USB-A port sitting alongside a 3.5 mm headphone/audio combo jack and a Kensington security lock. Now this is a once-in-a-lifetime kind of deal. 

HP makes it abundantly clear that it is only making a limited batch of this laptop, and once that’s sold, it’s gone for good. As far as market availability goes, the HP Limited Edition Scuderia Ferrari AI PC will be sold only in nine countries, including the U.S., UK, Australia, Japan, and a handful of European nations. Moreover, it will only be sold through HP’s website and not in brick-and-mortar stores. 

The HP Limited Edition Scuderia Ferrari AI PC is priced at $5,599, and it will go on sale starting June 12th in the US. Given the specs, it’s an extremely high asking price, but if it comes as any consolation, the laptop will come with a bunch of exclusive items, including a Poltrona Frau leather sleeve that is used in Ferrari’s sports cars and custom wallpapers, as well.

Advertisement

from the get-rid-of-the-chokepoints-and… dept

In January 2011, a man in Tahrir Square held up a handwritten sign that read “Facebook: against every unjust.” Fourteen years later, almost to the day, Mark Zuckerberg sat in a place of honor at the inauguration of Donald Trump, ahead of the incoming cabinet. Same exact platform. Radically different relationship to power.

That contrast is the starting point for a piece I’ve spent the last month working on, published yesterday at Liberalism.org, exploring the intersection of decentralization and democracy: Enshittification, Despotification, and the Open Internet. It tries to explain how the internet technology we were told would liberate us is now being used as part of an authoritarian crackdown on rights and freedoms — and, more importantly, why that outcome was arguably built into the architecture from the start.

The key argument builds on Cory Doctorow’s encapsulation of how centralized systems get enshittified — big companies take control of chokepoints to extract ever-greater value from users — but extends it to show how those same chokepoints become targets for political manipulation as well. It also makes the case that infrastructure choices are far from neutral — they shape the incentives that determine who ends up with power:

What changed was that the underlying incentives of that centralized architecture had time to work. Centralized systems create chokepoints. Chokepoints, once they exist, attract everyone with an interest in squeezing them: companies looking to extract more value from users, governments looking to extract compliance from companies, and political movements looking to extract influence from both. In 2011, Facebook hadn’t yet figured out how lucrative those chokepoints would be, or how much leverage they offered to the powerful.

By 2025, everyone had figured it out.

Advertisement

This is the part most debates about tech and democracy miss. The real question is whether the underlying architecture creates incentives that concentrate power or that distribute it. It’s not about whether technology is inherently good or bad, liberating or oppressive. Architecture shapes incentives; incentives shape outcomes. And once you’ve built a chokepoint, the attempts to capture it will be relentless, because the payoff for whoever controls it just keeps growing.

That’s the Doctorow half of the argument — enshittification, the corporate extraction playbook. But the piece extends it into territory Doctorow didn’t name: despotification, the political analog, where the same chokepoints that enable corporate extraction also enable authoritarian control:

The problem of centralized systems is that they create an irresistible temptation to control and exploit. Users who found value early on feel stuck: they can leave, but doing so means abandoning their community. That lack of easy exit creates lock-in, and lock-in enables enshittification.

And the same chokepoints that let companies extract value also let governments extract power. Those seeking control hunt up and down the network stack for leverage, and centralized providers concentrate it.

Call this despotification: the political analog of enshittification, where the same chokepoints get exploited to extract compliance from platforms—and ultimately to gain control over what people can say and hear.

Advertisement

The temptation of those in power to twist the knobs to their liking became irresistible. This took many forms: X downranking posts with links to external sites, Amazon choosing which products to show you as the promoted results, Instagram choosing which content deserves to be sent to you as a reminder notification, Substack choosing which newsletters to suggest to you. Each of these choices can be tweaked in ways that enable greater usage, engagement, and revenue, and not necessarily in the interests of the users.

But the piece doesn’t just diagnose the problem — it argues that none of this is inevitable. The same way democracy requires active defense, so does a genuinely decentralized internet:

Decentralization, like democracy itself, is something we have to fight for. Absent deliberate effort, the default trajectory runs toward centralization, because centralization is convenient, and convenience wins in the short term.

Which means the decentralized alternatives have to be genuinely better, not just philosophically purer. The centralized platforms won the last round because they removed friction. They didn’t ask users to manage config files or understand network topology—they said “click here and it works,” and most people took that deal. Any decentralized successor that requires users to become their own sysadmins will lose the same way the last generation of open protocols lost.

What’s different now is that we’re closer than we’ve ever been to having decentralized systems that are actually more convenient and more empowering, where the user experience is competitive with the centralized incumbents, and the democratic benefits come built in rather than bolted on. The goal is to build systems where those two things point in the same direction.

Advertisement

There’s a lot more in the full piece, including a section on how this same chokepoint logic is already being embedded into the infrastructure of whatever comes next — and why the architectural decisions being made right now will matter as much as anything that happened with social media.

Filed Under: centralization, chokepoints, decentralization, democracy, despotification, enshittification

Cape Fear was one of my most anticipated Apple TV shows of 2026, but I was also worried about it. Adapting such an iconic story is no easy task, as people will always end up comparing it to the original. That said, I was impressed by Nick Antosca’s take on Max Cady and the terror he unleashes on everyone around him.

To give you a quick synopsis of Cape Fear, it follows Cady, a vicious and unreformed ex-convict who gets revenge on the two attorneys who put him behind bars. That’s enough to send a chill down your spine, and it requires a really strong performance to stick the landing.

Adding magnets to a 3D print can be very useful in a design, but there are some things that can trip you up if you’re not aware of them. In a recent video by [Lost in Tech] some of the essentials are covered, including why you shouldn’t get magnets near most extruder nozzles or the printing bed.

The easiest method is of course to add magnets in after printing, using friction fit with or without ribs, or with a dab of glue. Here making sure that the magnet stays in place is the trick, as you do not want the magnet to get lost or end up in the tummy of a curious pet or toddler.

Things get spicy when you’re talking about adding magnets during the printing process, as some extruders are made of a ferromagnetic material and thus a magnet will happily stick to said nozzle if it’s not pure brass or similar. As seen in the video even some purported ‘brass’ nozzles aren’t pure enough to not be significantly ferromagnetic.

Another issue is that of heat, which is something that magnets generally do not like much. Using magnets like you’d use heat inserts for bolts is a recipe for disaster, as the heat from a soldering iron will demagnetize the magnet, which for the typical magnet is less than 200°C. At least this should mean that the magnet stuck to your extruder nozzle will eventually fall off by itself after it demagnetizes.

With the bed of the typical FDM printer these days you’re talking about magnetically attached plates, with the underlying heated bed using a Halbach array configuration as is typical of flat magnets, yet with the gotcha that these aren’t typically real Halbach arrays, but knock-offs with simply alternating north-south pole magnets. As it turns out, these types of magnetic arrays can be disturbed by another magnet, such as a powerful neodymium magnet near said printing bed, flipping polarity in a way that cannot be easily undone.

You can still install magnets during printing, but it’s recommended to use something like side-insertion, where the extruder nozzle cannot pull out a magnet. Regardless of your approach, it’s good to know of the risks with ferromagnetic nozzles, the magnetic bed and treating magnets like they’re just heat inserts. While you can get higher-temperature magnets, many of the same issues still remain here.

Zoë Schiffer: Deviants and freaks, the new name of our podcast. And this is, I mean, just going back to red teaming, that’s work that a trust and safety team typically does. And those teams—

Leah Feiger: We don’t have those anymore.

Zoë Schiffer: They’re not as big as they used to be. There’s just not as much work. So yeah, I mean, it will be interesting to see how this plays out. Obviously within Meta, we’ve been talking to folks this week who kind of met the news with a sigh. The company has just laid off a large portion of the workforce. We’ve written about that. We’ve talked about that. And I checked in with people being like, “Well, how’s it going now?” The hack was kind of an excuse to talk to people, see how they’re doing. And they’re like, “I mean, as you’d expect, we’re asked to do two jobs now instead of one.” So you can imagine how that’s playing out.

Brian Barrett: I also, we were talking about AI regulation earlier and all this emphasis on national security and these high-level things, but again, not as much on consumer-facing products, which would be if you had say some sort of bureau that looked after consumer finances and protecting that, that would be helpful to have in this moment as well. We used to have one of those. Technically, I guess we still do. Not really. So all of this broader deregulation is coming at this moment when the tools that were once available are not. These new tools are very fallible. We’re going to see a lot more of this.

Leah Feiger: Can I bring us to a topic that has nothing to do with AI, guys?

Brian Barrett: Please.

Zoë Schiffer: Wow. I didn’t know one existed, but yes, go off, queen.

Brian Barrett: Also, I think we can probably try to find a way to tie it back in.

Zoë Schiffer: We can. We can.

Leah Feiger: No, absolutely not. Well, OK. This story is something that we have been thinking about, covering, looking at for a long time, but it is all about a DOGE whistleblower who just filed a lawsuit against Elon Musk. This all really started last year. On April 14, 2025, Dan Berulis, an IT staffer at the National Labor Relations Board, the NLRB, filed a whistleblower complaint with a massive claim. He said that DOGE had compromised the agency’s data and appeared to be exfiltrating it out of the NLRB.

Archival audio: A whistleblower is coming forward with claims that DOGE not only accessed data from his agency but also took a substantial amount of sensitive data with them. According to a disclosure shared with Congress, “Around 10 gigabytes of data, the equivalent of a full stack of encyclopedia is worth if someone printed these files as hard copy documents.”

Leah Feiger: This was a massive claim, especially at the same time as you guys very much remember, DOGE teams were firing federal workers and accessing sensitive data across the country. We were in the height of this last year in April. Berulis went public in an NPR article. His name was attached to it, and he claimed a threatening note had been taped to his door, and he was already scared about speaking out. Fast-forward a little bit, Berulis has now filed a defamation lawsuit in a DC court against Elon Musk. He said that Musk made him a target of further violence by falsely stating that Berulis’ whistleblower claim against DOGE was fake. This is a really intense claim for a variety of reasons, and what this all really harkens back to is Musk last year resharing an X post from a right-wing influencer claiming that DOGE had been cleared and that this whistleblower’s testimony was fake basically. After that happened—