Are you on the hunt for the perfect tech-related gift for your dad ahead of Father’s Day? Annoyingly, this year’s big day (June 21st) falls just before one of Amazon‘s biggest sales of the year.

I’m of course talking about Amazon Prime Day, which has just been officially announced for June 23-26. The annual sale is sure to feature everything from discounts on own-brand devices to cheap laptops, TVs, iPads – you name it.

legal

The bill awaits Gov. Hochul’s signature after passing the state legislature

New York lawmakers have approved a bill imposing new labor, energy, environmental, and community-benefit requirements on datacenters, including a one-year moratorium on certain permits for facilities drawing 20 MW or more.

The bill now heads to New York Gov. Kathy Hochul for a signature. A spokesperson for the governor told the New York Post she would review the legislation, but gave no signal as to whether she would sign it. Hochul has previously said she hoped to leave regulating datacenter construction to the local communities. 

“Today we face an unprecedented wave of proposed large-scale data center development across New York,” the bill’s sponsor Assemblymember Anna Kelles wrote in a statement posted to Instagram. “My legislation seeks to provide New York with the time necessary to fully evaluate the environmental, energy, water, and ratepayer impacts of these facilities and to develop appropriate regulatory safeguards before additional projects move forward.” 

The Assembly approved the bill on Thursday, the same day Anthropic, the AI giant behind Claude, called for a pause on LLM development sprints as developers believe the models could soon be capable of building themselves. In light of that possibility, researchers at Anthropic said the world would benefit from a slowdown in the race to make models more powerful. 

In New York, lawmakers hope to protect consumers from higher energy bills by creating a special classification for datacenter electrical customers and mandating that all necessary infrastructure upgrades, administrative expenses, and operational costs be assigned entirely to the datacenter. 

The bill also outlines electricity-sourcing requirements for datacenters with a peak load of at least 5 MW, requiring a phased shift toward renewable energy, with one-third of electricity coming from renewable sources between 2030 and 2034, two-thirds between 2035 and 2039, and 90 percent from 2040 onward.

For trade workers who are employed to build the facilities and maintain the buildings later, the bill requires the datacenters to meet prevailing wage requirements, unless the workers are operating under a collective bargaining agreement. Additionally, it demands datacenter companies help host communities with renewable energy initiatives, and mitigate the strain on local wastewater treatment facilities. 

Business leaders are urging Hochul to reject the bill, saying it was rushed through at the end of a legislative session and presented without appropriate debate. 

In a statement provided to The Register, Julie Samuels, president and CEO of Tech:NYC, which promotes the state’s technology industry, said a blanket moratorium on datacenters would slow investment in the next generation of infrastructure projects.

“Energy usage, grid capacity, and the community impact of data centers must be addressed, and the Governor’s Public Service Commission is already pursuing the right approach by ensuring data centers pay their fair share for grid upgrades and energy usage,” Samuels wrote in a statement.  

Republican Assemblymember Phil Palmesano argued that datacenters were being unfairly targeted when other technology companies were given tax incentives to build, pointing to the recent groundbreaking of the Micron chip fab in Clay, New York, which is expected to create 50,000 New York jobs throughout construction, and up to 90,000 nationally. 

The bill, approved by the Senate on Friday, includes carve-outs for certain industrial computing applications, including manufacturing.

“If we told Micron they had to power their energy demands strictly using renewable resources, they wouldn’t be here,” Palmesano said, according to the NY Post. 

One of the first drafts of the bill had called for a three-year pause on datacenter construction. ®

Google may have just accidentally shown everyone where Gemini is headed next. According to TestingCatalog, a new Troubleshooting mode has quietly appeared inside the Gemini model picker menu for some users.

It sits alongside existing options like Gemini 3.5 Flash and 3.1 Pro, which are the standard AI models you already switch between in the app.

What does the Troubleshooting mode in Gemini actually do?

Rather than giving you a wall of text to read, the Troubleshooting mode guides you through a problem step by step using a mix of text responses and interactive widgets.

For example, if you tell Gemini your car will not start, it might identify common causes like a dead battery and then present you with symptom options to tap, such as “clicks or silent,” to help narrow down the issue faster. It is a more structured, guided experience than asking Gemini a question in regular chat mode.

How is this different from just asking Gemini normally?

That is a fair question, and the answer comes down to how the mode is tuned under the hood. Redditors who got early access suggest it runs on a lower temperature setting, which means it sticks closely to the problem at hand and skips the conversational filler.

Its responses are reportedly focused on diagnosis and practical fixes rather than general information. Google has not officially announced the feature, and it remains unclear whether this is a planned rollout or an internal test.

For now, the Troubleshoot feature appears to be an unintended release, meaning Google likely flipped it on by mistake, and could pull it back at any time. More details are expected in the coming weeks.

If you find Gemini’s new Troubleshooting mode exciting, there is a lot more happening with the assistant right now. Google just unveiled Gemini Spark, a 24/7 AI agent that handles your tasks in the background. On the flip side, free users may soon face stricter weekly usage caps.

Asking venture capitalists for investment is a rite of passage for tech founders. This has led to another universal experience: the VC pitching horror story. A massive conversation sharing such stories has taken place all week on X, with the comments both funny and infuriating. We read through them all to find the most interesting ones so you don’t have to.

Greg Isenberg, a startup podcaster, newsletter writer, and founder of Late Checkout Studio — a holding company whose previous ventures include a company acquired by WeWork — got the conversation started with a story about a VC falling asleep during a pitch meeting. Isenberg has a large following on X, and his post clearly struck a nerve.

“I was once pitching in a board room at a top 3 VC firm for a $15M Series A. 12 people in the meeting. One of the GPs fully fell asleep. Out cold for 30+ minutes. Nobody acknowledged it. Everyone just kept going,” he shared on X.

VCs sleeping through pitch meetings was far and away the most common horror story shared. Not just drowsing, but full on zonked.

Zynga founder Mark Pincus told his VC-asleep story. “I looked at my friend who set up the meeting and asked if i should keep presenting and she said yes. It was ‘weekend at bernies’ meets Silicon Valley,” he wrote.

Interestingly, falling asleep didn’t mean the VC wouldn’t invest. Multiple founders reported receiving term sheets from partners who’d dozed off during the pitch.

“I once pitched a partnership in 2015 for our Series A where one partner (famous Midas lister) fell asleep & another couldn’t stop scowling. Got a call 2 hrs after the IC that they were sending a term sheet over,” wrote Liz Wessel. Wessel, who co-founded and sold HR startup WayUp and is now a partner at First Round Capital, said her team didn’t take the money — and that the VC was shocked.

There were so many stories about VCs sleeping that former a16z partner Arianna Simpson wrote, “Are VCs ok?? Narcolepsy appears to be running rampant.”

There were, of course, more than a few stories about VCs signing term sheets then pulling out last minute, or ghosting, never wiring the money. The even more galling part? Some of these VCs apparently went on to treat the founders like portfolio companies anyway, asking for company updates or to serve as a reference. One founder said the VC even wanted a share of the post-acquisition proceeds.

Travis Kalanick, the Uber co-founder renowned for his determination, told a story about discovering that a VC was attempting to ghost the meeting and leave the building. Kalanick said he followed the VC to his car and pitched from the passenger’s seat.

Not everyone had bad experiences to report. Some founders said they’ve never had anything but great experiences with VCs, with a few even sharing love stories about specific investors. Yes, most VCs are hardworking, genuinely try to be helpful, and don’t take naps during meetings. But poor experiences are so common that Pincus exclaimed, “I f*cking love this moment, when founders no longer have to be afraid to call out VCs for dumb behavior.”

The most stunning stories

Still, the stories that truly stunned were the ones posted by Cloudflare founder Matthew Prince. “A Sequoia partner passed on Cloudflare because he didn’t think a woman could lead a security infrastructure company,” Prince wrote. The woman in question is Cloudflare’s co-founder and COO Michelle Zatlyn. Given that Cloudflare is now an $87 billion market cap company, with expected annual revenue of $2.8 billion in 2026, the judgment hasn’t aged well.

Sequoia partner Shaun Maguire, no stranger to controversy over his remarks himself, replied that he’s always admired Zatlyn, and asked Prince to spill the name of the partner who said that. Prince punted, “Maybe over a drink one day. But I bet you have a good guess already.”

But wait, Prince dished more!

He told a story about prominent investor Vinod Khosla, who offered to invest and then, according to Prince’s recollection, suggested that the founder “fire” his co-founders and take their stock. “I think the charitable read was it was a test of my character. But I was so offended that we never spoke again. Literally blocked his number.”

Prince was quick to add nuance about Khosla: “He’s extremely smart/clever. Has been an incredible investor — can’t argue with his track record. Just not the personality I’d choose to work with.”

It’s worth noting that recollections of conversations tend to vary, and we don’t know what Khosla actually said, meant, or remembers. But eyes popped at such open talk about one of the Valley’s most successful, powerful VCs. Many people called Prince’s candor an example of having “FU” money. Prince, of course, is a billionaire these days.

Not all of Prince’s stories cast VCs as the villains. Specifically, he thought he had lined up a simple meet-and-greet on a Monday with Marc Andreessen, the co-founder of venture firm a16z. Instead, Andreessen showed up with his whole investment team, ready to be wowed. The ill-prepared Prince did not impress. “I framed the rejection letter they sent,” he said of the result. Others told similar stories of meetings with Andreessen and his firm.

Perhaps the funniest story came from Julie Fredrickson, a founder-turned-investor, who received a call from a VC associate before arriving at a firm’s office — warning her about a rock formation visible outside the window that, apparently unbeknownst to the investors inside, was shaped like male genitalia. “The firm will forever in my mind be Dickrock Ventures,” she wrote.

While the Valley’s VCs got roasted most heavily, founders shared incidents involving international VCs, too. Some VCs also dished about pitching to limited partner investors.

The threads are worth reading not just for the laughs, but for what they reveal: The fundraising process is opaque, the power dynamic is real, and the experiences that founders whisper about privately are a lot more common than the industry tends to acknowledge publicly.

Perhaps Isenberg explained the moral behind all of these stories best. “If you’re raising right now, just know: every founder has a story like this. The process is weird. The power dynamic is weird,” he wrote.

A second lesson may be: If Andreessen agrees to meet with you, he means business.

Playtonic is shifting the Yooka-Laylee series from platforming to familiar-looking arcade racing.

After successfully replacing the firmware with a replacement image that did nothing more than display the word “patched” on the speaker’s LED display, the researcher got to wondering what else a hacker might do. So he turned his attention to FreeRTOS, the open source operating system that ran the Katana V2X. It contained a set of HID functions for allowing the speaker to act as a human interface device, a classification that includes keyboards, mice, and webcams. The speaker implemented a limited HID that allowed for things like changing the volume and playing or pausing sound, but little else.

The researcher discovered that he could change the speaker’s USB descriptor set, which is essentially a report that informs devices about the capabilities of a USB- or Bluetooth-connected peripheral. He was able to augment the existing descriptor set with a second one that reported the speaker being a keyboard. Then he used code already included in the firmware to streamline the process of sending keypresses.

All of this gave Moorats an idea: What if he used his device to send commands to the speaker that used the HID to pass them along to the connected PC? After some trial and error, he found that he could. In a blog post published on Wednesday, he wrote:

Chaining it all together, I was able to totally remotely, over the air, upload a custom firmware to my speaker which I hadn’t paired with, which would reboot, flash the custom firmware, and after rebooting type in the command echo pwned and execute it.

Advertisement

In a real attack scenario, I would execute the keystrokes for opening powershell.exe or similar and paste an actually malicious one-liner into that, but as a proof of concept, this was more than enough for me. A real attacker would also likely disable the routine for updating the firmware in both normal and recovery mode, making it impossible to wipe the malicious firmware from the device or patch it in the future.

This is worsened by the fact that Bluetooth is always on for the speaker, even in sleep mode, with no apparent way to disable it.

Advertisement

Before the speaker and USB-connected device can interact, they must successfully complete a challenge-and-response authentication procedure. Since the devices perform this handshake automatically each time the software boots, this isn’t usually a problem for the hacker. In certain cases, however, such as when the Katana V2X app isn’t open on the connected device, it’s a requirement.

The most oversubscribed sporting event in history is also the most phished. With more than 150 million ticket requests in the first 15 days and just six million seats across 16 cities in the US, Canada, and Mexico, the 2026 FIFA World Cup has created exactly the conditions that fraud thrives on: scarcity, urgency, and money moving fast.

Security researchers, the FBI, and multiple cybersecurity firms have published warnings in the past week describing a fraud infrastructure that is already operational, well-resourced, and scaling. The picture that emerges is not a handful of opportunistic phishing pages. It is a layered ecosystem of fake domains, banking malware, credential theft, and social media impersonation, all converging on the same window.

One operator, 300 cloned FIFA sites

The most detailed findings come from Group-IB, which tracked more than 4,300 fraudulent FIFA domains registered since August 2025. At the centre is a group it calls Ghost Stadium, a Chinese-speaking, financially motivated operation running a single phishing kit across more than 300 of those sites.

The fake is good. The page is a near-perfect copy of fifa.com, mimicking FIFA’s real single sign-on login, run by PingIdentity, down to the genuine client ID copied from the live site. It loads images directly from FIFA’s own servers, so the page looks authentic and slips past tools that flag copied assets.

The damage is in the details: the fake login also asks to reset the password. Once a victim enters credentials, the attacker locks them out of their real FIFA account and resells any tickets tied to it. Most traffic comes from Facebook ads with reused tracking codes, plus links on Telegram, WhatsApp, and in search results. Payment options include card entry, money-transfer apps like Chime and Nequi, Mexico-only processors, and a crypto option that converts card payments into cryptocurrency. That last one is a reliable tell, since FIFA’s official ticketing never accepts crypto.

13,000 domains and counting

FortiGuard Labs counted more than 13,000 World Cup-themed domains registered between January and May, roughly 8.8% of them classified as malicious or suspicious. The FBI’s public service announcement lists dozens of fake FIFA domains, from misspelled lookalikes to phony job pages, and warns more are coming.

Ticket fraud is just one piece. Group-IB also found counterfeit merchandise shops, bogus streaming sites that take a subscription fee and then install malware, and fake betting platforms that collect passport scans and selfies for identity theft. Bitdefender separately tracked FIFA lottery emails promising payouts of up to $2 million.

Group-IB estimates losses from premium and hospitality ticket fraud alone at $71 million to $474 million, with the broader campaign potentially reaching into the billions. Those are projections based on visible infrastructure, not confirmed losses.

Banking malware in streaming apps

For fans chasing free match streams, the bigger danger is on the phone. ThreatFabric observed a spike in malicious unofficial streaming apps, many posing as the popular RojaDirecta, around the recent Champions League final and expects a repeat at the World Cup on a larger scale.

Kaspersky tied those apps to two Android banking trojan families: Massiv and Perseus. Neither is distributed through Google Play, so installing one requires clicking past Android’s built-in warnings. Once installed, the malware uses accessibility tools to overlay fake bank login screens on real apps, record keystrokes, intercept one-time codes from SMS and authenticator apps, and control the screen remotely.

Perseus, built on leaked code from the older Cerberus trojan, even reads note-taking apps for saved passwords and crypto recovery phrases. The simplest red flag, according to ThreatFabric, is a streaming app requesting accessibility access. No legitimate streaming app needs it.

Social media, stolen credentials, and open Wi-Fi

Fortinet counted over 1,700 spoofed FIFA accounts, nearly 90% on Facebook and Instagram, plus a scheme using fake FIFA job ads and calendar invites to redirect applicants to a lookalike Google login. Bitdefender found more than 55 football-themed ad campaigns on Facebook and Instagram pushing counterfeit kits, fake Panini stickers, and phishing pages.

Stolen FIFA logins are already circulating. Fortinet found hundreds of thousands of user credentials, plus more than 4,600 FIFA-related URLs, in data collected by credential-stealing malware families including Vidar, LummaC2, and RedLine.

Host-city Wi-Fi is its own problem. A Kaspersky survey that drove around Mexico City, Monterrey, and Guadalajara found 10% to 12% of networks open and password-free, with the WPS pairing feature still active on nearly half. Both leave openings for rogue “evil twin” hotspots that copy a real network and quietly intercept traffic.

What to watch for

The scams leave clear tells. Buy tickets only through fifa.com, typed directly, not via an ad or search result. Enable multi-factor authentication, and treat any seller requesting cryptocurrency as a scam. On Android, refuse accessibility permissions for streaming apps. On open Wi-Fi in host cities, use mobile data for banking and email.

Meta says it is now showing warning pop-ups when people search Facebook for FIFA tickets, and it partnered with Visa to take down a Facebook network linked to fake World Cup gambling sites. The FBI is asking victims to report at IC3.

The bigger concern is what has not yet been activated. Group-IB counted roughly 3,800 fraudulent FIFA domains sitting parked and unused, ready to switch on. With ready-made scam kits and ticket-buying bots already for sale, the peak window is easy to predict: 11 June to 19 July, when searches for tickets, streams, and travel will be at their highest.

Thinking about investing in a Fire TV Stick? You’ve timed it well — there’s another Amazon Prime Day fast approaching, and these little gadgets are almost certainly going to be heavily discounted during the event.

A Fire TV stick plugs into your TV’s HDMI port to turn it into a smart TV, from which you can access various apps — including not just Prime Video but all the best streaming services. It’ll also enable you to control your TV using your voice, via Alexa — a game-changer for commands that would otherwise require lengthy typing using your remote’s arrow keys (truly, is there anything more dull?).