Security

Package dependencies can create vulnerabilities that are fiendishly hard to find and stamp out

The JavaScript development ecosystem may be a security nightmare, but it’s also ripe for improvement.

One such tool is the CVE Lite CLI, a free open source dependency scanner that helps reduce the risk of software supply chain attacks. It runs locally and provides actionable vulnerability fixes, if any are available.

The tool, endorsed by OWASP, has recently been updated to include override auditing, which has the potential to avert transitive dependency vulnerabilities such as the March 2022 node-ipc package incident.

The Shai-hulud software supply chain attacks that have been vexing security professionals for the past few months underscore how common it has become for threat actors to target the developer ecosystem, including CI/CD, package registries, and developer tooling.

Software developers can reduce their risk by making sure the dependencies in their apps are up to date and free of known vulnerabilities, but that’s more difficult than it should be. It’s generally apparent when a particular library or module relies on a vulnerable dependency. But there isn’t necessarily an available fix or clear remediation path.

Modern JavaScript applications, like many other programming languages, allow developers to incorporate pre-existing solutions to particular problems in the form of packages – modular code that can be imported to implement particular functionality.

These packages commonly depend on other packages, which is why they’re known as dependencies. And these dependencies in turn may also depend on still more packages, referred to as transitive or indirect dependencies.

A common security scenario goes something like this: A developer creates an app using some application framework. The app includes a dependency on “Package A”, which itself relies on “Package B” – the transitive or indirect dependency in this situation.

If the maintainers of “Package B” have deployed a patch addressing a reported CVE, but the maintainers of “Package A” haven’t gotten around to incorporating that change into their code, apps incorporating “Package A” may be vulnerable to attack. 

Among other possible responses, affected developers may choose to create an override to replace the outdated, vulnerable version of “Package B,” a configuration entry that can be removed once “Package A” gets repaired.

But Sonu Kapoor, creator of CVE Lite CLI, explained to The Register that overrides represent a legitimate security tool but have limitations. 

“When a transitive dependency has a CVE and the upstream maintainer hasn’t shipped a fix yet, you pin it via npm overrides, pnpm overrides, or Yarn resolutions,” Kapoor explained in an email. “Once the vulnerability is addressed and CI passes, you move on. The problem is what happens after that.”

Kapoor recently added an override auditing tool to the CLI. When he scanned four popular JavaScript open source projects, he found that three of the four had broken overrides.

“Cal.com has 90 override entries and 11 that are silently doing nothing,” he said. “Jest has an override for its own package name pointing at nothing in the resolved tree. NoCoDB has entries using wildcard patterns that never matched any path in the graph. Next.js was the only clean one with zero findings, which tells me the tool is finding a real pattern, not noise.”

This can be dangerous, he said, when a project migrates between package managers (e.g. npm to pnpm) that looks for overrides in a different location. 

“npm reads from overrides, pnpm from pnpm.overrides, Yarn from resolutions,” he explained. “When a team migrates package managers and forgets to move their security pins, the package manager silently ignores them. No error, no warning, the vulnerable package ships unconstrained.”

Kapoor said that AI coding assistants commonly advise developers to add override entries when asked to fix a transitive dependency vulnerability.

“That advice is correct at the moment,” he said. “None of them ever tell the developer to come back and verify the entry still works.”

CVE Lite CLI, Kapoor said, does not recommend overrides as the way to properly address a vulnerable dependency.

“Overrides look like a security fix in package.json, but routinely outlive their purpose – they can point at packages no longer in the dependency tree, apply to the wrong package manager entirely, or shift to an unintended version on every install,” he said. “The override hygiene feature exists precisely because of this failure mode: teams add an override to address a CVE, move on, and years later, the override does nothing while they still believe they’re protected.” ®

Toy Story 5 only hit theaters three days ago, but ahead of Amazon‘s Prime Day and thanks to Walmart Deals — yes, a very to-the-point name — you can already save on some of the most exciting toys launched alongside the film.

Yes, Toy Story 5 might be all about toys versus tech, but Mattel’s Interactables are some of the most exciting figures around because they can talk to each other. While these are “playscale” rather than movie-scale and a bit less tech-heavy, these versions of Buzz Lightyear, Woody, and Jessie still delight.

Even better, they’re a record 54% off, bringing each figure down to just $10. That’s right: you can get a movie-accurate, play-sized Jessie, Woody, or Buzz Lightyear for only $10 — a deal that’s definitely headed to infinity and beyond.

Each figure can speak on its own, but when you bring them near one another, some clever under-the-hood tech lets them interact, cycling through more than 10 phrases together. If you’ve got a friend in these toys already, now’s a pretty good time to add another one to the collection.

Today’s best Toy Story 5 figure deals

Scoring a Toy Story 5 figure for $10 is a pretty incredible feat, and if you’re a Walmart+ member, you’ll score free, fast shipping as well. Both Woody and Jessie come with their iconic hats, and you’ll notice that Jessie sports a sheriff badge while Woody doesn’t, making these figures accurate to their appearances in Toy Story 5.

Jessie stands 8.8 inches tall, Woody measures 9.2 inches, and Buzz Lightyear comes in at 7 inches tall. The entire Interactables PlayScale line from Mattel is designed around this scale, meaning that if you pick up one of these figures — or all three — and add Forky or Lilypad down the line, they’ll fit right in. Better yet, they’re also designed to work with Mattel’s other PlayScale figures.

Either way, whether you’re shopping for a kid who just saw Toy Story 5 in theaters or looking to upgrade your own collection — because we’re all young at heart, and we won’t judge — Walmart is serving up a practically perfect deal here. It’s a straight-out-of-Star-Command bargain to score a new Mattel figure for a record 54% off, and you can check out our behind-the-scenes tour at Mattel to see how these figures came to life.

Now for some minor spoilers. If you haven’t seen Toy Story 5 yet, consider this your warning.

Friendly reminder: a minor spoiler lies ahead.

Alright, if you’ve scrolled this far, you’ve probably already seen Toy Story 5 and know about the arrival of a new Buzz Lightyear. If you’re anything like me, you’ve likely been waiting to see a toy version of that upgraded Space Ranger.

I’m talking about the new Hi-Tech Buzz Lightyear, which gets an upgrade that finally lets the iconic toy take flight. Mattel is already serving up its own version, set to ship later in 2026 — specifically around August — that’s designed to be safe for both kids and the young at heart.

Yes, Mattel has unveiled the Toy Story 5 Flying RC Hi-Tech Edition Buzz Lightyear, an enhanced version of the iconic character from›› the film. Rather than wings that pop out and somehow generate flight, this version deploys four propellers protected by safety guards, making it much more suitable for younger fans.

Designed for kids ages 8 and up, the Toy Story 5 Flying RC Hi-Tech Edition Buzz Lightyear comes with a controller that makes takeoff and landing easy with the press of a button. It’s also intended for indoor use, and I’m certainly looking forward to going hands-on with it later this year.

If you’re already sold, Walmart is taking preorders for the Toy Story 5 Flying RC Hi-Tech Edition Buzz Lightyear right now at $75.57 with an estimated delivery date of August 20, 2026.

More Prime Day deals in the US

• Amazon Devices: Fire Sticks & Echo from $18
• Amazon Haul: viral gadgets, tech & appliances from $1.99
• Apple: MacBooks, AirPods & AirTags from $29
• Beauty: 50% off toothbrushes & hair tools
• Cheap TVs: smart TVs from $69.99
• Garden: tools, mowers, planters from $24.99
• Headphones: 50% off Beats, Bose & Samsung
• Laptops: Apple, HP & Dell from $199
• Mattresses: Sealy, Serta & more from $186
• Patio: outdoor furniture, rugs & decor from $19.99
• Sports: 50% off fitness gear, treadmills & clothing
• Vacuums: Dyson, Shark & Bissell from $34

Oracle disclosed Monday that it has reduced its workforce by 21,000 employees over the past 12 months, a decline of 13%, which means more cuts than was previously known, including jobs eliminated because of AI. “The adoption and deployment of AI technologies across our operations have resulted, and may continue to result, in reductions to our workforce,” the company said in an annual financial regulatory filing.

The revelation puts new numbers to what feels to many in the tech industry like an epidemic: companies reporting record revenues while simultaneously culling their workforces, pointing to AI as both the engine of growth and the reason for the cuts. Tech layoffs hit their highest single month in years in May, and AI was the most-cited reason, according to outplacement firm Challenger, Gray & Christmas.

We recently wrote about why that rationale is something companies may want to rethink, not least because for many of these companies, the headcount they’re now cutting was hired during the pandemic hiring surge, raising questions about what’s really going on. Below, a running look — in reverse chronological order — at the bigger tech companies that have announced significant layoffs this year with AI as a stated factor.

GitLab — June 3, 2026. In one of the most recent cuts on this list, GitLab laid off roughly 350 workers, about 14% of its staff, to fund AI infrastructure investment and handle surging traffic from AI workflows. CEO Bill Staples said agentic workloads are “pushing competitors to the brink” and that the company had begun a “generational rebuild” of its core infrastructure to support what he called 100x growth requirements. GitLab is exiting 22 countries, flattening management layers, and partnering with an unspecified AI lab to rebuild its platform for agent-scale workloads. The company reported first-quarter revenue of $264 million, up 23% year-over-year, and expects to incur $30 to $35 million in restructuring costs.

Google — ongoing through May. Alphabet’s Google has quietly cut employees across its Cloud division, including its Threat Intelligence Group and Mandiant-linked cybersecurity staff, even as Cloud revenue grew 63% to exceed $20 billion for the first time and its backlog nearly doubled to over $460 billion. Over the past year, Google has cut more than a third of the managers overseeing small teams — 35% fewer managers with fewer direct reports. Unlike most companies on this list, Google has never announced a single overall number — the cuts have come through a rolling performance review process, a voluntary buyout program, and structural reorganizations, with outside estimates putting the 2026 total at between 1,500 and 3,000+ engineers.

Intuit — May 20, 2026. Intuit announced plans to eliminate roughly 3,000 jobs — about 17% of its total workforce — in a restructuring centered on reducing complexity and reallocating resources toward AI. CEO Sasan Goodarzi reportedly told staff the company is reducing complexity and simplifying the structure, so it can deliver better products.

Meta — May 20-21, 2026. Meta laid off about 8,000 employees, roughly 10% of its workforce, while moving about 7,000 employees into new AI-focused roles (that they reportedly hate). Zuckerberg told staff the cuts were necessary because “success isn’t a given” in AI.

Cisco — May 14, 2026. Cisco announced it’s cutting nearly 4,000 jobs, about 5% of its workforce, despite reporting better-than-expected profit and revenue. CFO Mark Patterson said: “This was really not a savings-driven restructure… this is more [about] realigning … resources around silicon, optics, security and AI.”

Cloudflare — May 7-8, 2026. Cloudflare cut about 20% of its workforce (1,100 people), reporting quarterly revenue of $639.8 million, up 34% year-over-year and the highest single quarter in company history. CEO Matthew Prince wrote that “the vast majority of those we laid off last week were measurers” — middle management, finance, legal, internal auditing, and revenue recognition.

General Motors — May 12, 2026. GM eliminated 500 to 600 jobs, largely in IT roles in Austin, Texas, and Warren, Michigan, saying it was reevaluating its workforce needs amid uncertain market conditions. A person familiar with the cuts told CNBC that AI played a role in the decision but that it wasn’t the only reason. GM’s statement said it was “transforming its Information Technology organization to better position the company for the future.” Despite the cuts, the company still had roughly 80 open IT positions, including roles in AI, motorsports, and autonomous vehicles.

Coinbase — May 5, 2026. The crypto exchange said it was cutting about 700 employees, or 14% of its staff, as part of a restructuring aimed at addressing market volatility and increasing AI efficiency. The company flattened its organizational structure to five layers below the CEO and COO, and said it would experiment with “one-person teams” combining engineering, design, and product roles. CEO Brian Armstrong wrote that AI had changed the pace of work dramatically — “engineers use AI to ship in days what used to take a team weeks” — and that the company needed to “leverage AI across every facet of our jobs.”

PayPal — May 5, 2026. PayPal announced plans to cut around 20% of its workforce over the next two to three years — north of 4,500 jobs — as part of a turnaround strategy centered on AI adoption and organizational simplification. CEO Enrique Lores told investors the company would “aggressively adopt AI” in its development processes and formed a new “AI transformation and simplification” team reporting directly to him, tasked with redesigning the company’s processes “function by function.” Lores framed the cuts as removing organizational layers, and said AI would extend well beyond coding into customer service, support operations, and risk management.

Microsoft — April-May 2026. Microsoft offered buyouts structured as voluntary separations, without disclosing how many employees these would impact. CFO Amy Hood said total headcount declined year-over-year in fiscal Q3, and is expected to keep declining as the company focuses on “building high-performing teams that operate with pace and agility” amid rising AI investment.

Snap — April 16, 2026. Snap cut roughly 16% of its global workforce — about 1,000 full-time employees — and closed more than 300 open roles, with CEO Evan Spiegel citing AI advancements as a key driver. “Rapid advancements in artificial intelligence enable our teams to reduce repetitive work, increase velocity, and better support our community, partners, and advertisers,” Spiegel wrote in a memo filed with the SEC. The company said it had already seen small squads using AI tools to drive progress across Snapchat+, ad platform performance, and infrastructure efficiency.

IBM — rolling through 2026. Between Q4 2025 cuts and April 2026 Red Hat engineering reductions, estimates range from 3,000 to 9,000 U.S. positions eliminated, bringing IBM’s cumulative total since September 2024 above 15,000. Bloomberg reported IBM plans to triple its U.S. entry-level hiring for AI and hybrid-cloud roles, even as roughly 200 HR positions were replaced by AI agents. An IBM spokesperson described the Q4 2025 round as a routine rebalancing affecting “a low single-digit percentage” of its global workforce.

Atlassian — March 11, 2026. Atlassian cut about 1,600 jobs (10% of its workforce) to “rebalance” toward AI and enterprise sales, even as shares rose nearly 2% on the news. CEO Mike Cannon-Brookes said: “Our approach is not ‘AI replaces people.’ But it would be disingenuous to pretend AI doesn’t change the mix of skills we need or the number of roles required in certain areas. It does.”

Dell — Jan 30 (though disclosed in March 2026). Dell’s total workforce fell about 10% in fiscal 2026 — roughly 11,000 jobs — to about 97,000 employees from 108,000 a year earlier, with $569 million spent on severance. The cuts came as Dell projected its AI-optimized server revenue could double in fiscal 2027.

Oracle — March 5-31, 2026. As noted above, Oracle began telling employees it would be cutting thousands of jobs via terminal emails. The cuts came even as Oracle posted $3.7 billion in quarterly net income, up 27% year-over-year, with remaining performance obligations up 325% to $553 billion — savings redirected toward AI data centers. The cuts that would later total 21,000 over 12 months, as Oracle disclosed in its June 22 annual filing.

Block — February 26-27, 2026. Jack Dorsey’s Block cut 4,000 jobs — nearly half its workforce, down to under 6,000 from over 10,000. Dorsey wrote on X: “We’re already seeing that the intelligence tools we’re creating and using, paired with smaller and flatter teams, are enabling a new way of working which fundamentally changes what it means to build and run a company.” He added: “I think most companies are late. Within the next year, I believe the majority of companies will reach the same conclusion and make similar structural changes.”

Salesforce — February 10, 2026. Salesforce laid off fewer than 1,000 employees across marketing, product management, data analytics, and its Agentforce AI unit. The company told Fortune, “Because of the benefits and efficiencies of Agentforce, we’ve seen the number of support cases we handle decline and we no longer need to actively backfill support engineer roles.” This followed an earlier cut of about 4,000 customer-support roles, shrinking that team from roughly 9,000 to 5,000, with CEO Marc Benioff saying the company needed “less heads” because AI agents handle the work.

Amazon — January 28, 2026. Amazon cut 16,000 corporate jobs, following 14,000 cuts in October 2025 — about 9% of its corporate workforce in three months. The company said it was part of “strengthen[ing] our organization by reducing layers, increasing ownership, and removing bureaucracy.” CEO Andy Jassy had said in June 2025 that, “As we roll out more generative AI and agents, it should change the way our work is done. We will need fewer people doing some of the jobs that are being done today… in the next few years, we expect that this will reduce our total corporate workforce as we get efficiency gains from using AI extensively across the company.”

An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access.

The threat actor is using file names that indicate business and financial documents delivered by the victim’s contacts, whose accounts had been compromised.

By downloading and executing the malicious attachments, the recipient starts an infection chain that leads to installing the legitimate ManageEngine Endpoint Central, which is used by IT administrators to manage systems from a centralized dashboard.

Telemetry data from cybersecurity company Kaspersky shows that the campaign spreads across Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia.

Attack chain

Kaspersky reports that the attacks begin with messages sent from compromised accounts that contain nothing but a heavily obfuscated VBS file.

These files are given names that make them appear to be financial reports, billing statements, account notices, and similar documents likely to draw the target’s attention and prompt them to open the file.

The filenames are also localized in multiple languages, further confirming the campaign’s global reach.

“Based on evidence collected from multiple victims through social media reports and submitted samples, we can conclude that the threat actor had gained access to several WhatsApp accounts and used them to distribute the malicious VBScript files to contacts on the compromised users’ contact lists,” Kaspersky explains.

“At the time of writing, the exact method used to compromise these WhatsApp accounts remains unknown.”

If the victim downloads and opens the file on Windows, the VBScript fetches two additional scripts from the attacker’s infrastructure, which, in turn, disable UAC protections through Registry modifications and download a ZIP archive containing the ManageEngine Endpoint Central program.

The software is silently installed in the background and configured to connect to attacker-controlled management servers, giving them remote administration access on the victim’s computer.

Kaspersky notes that when the initial VBScript file is delivered via WhatsApp Web, it must be downloaded, but when opened in the WhatsApp Desktop client, it can be executed directly via Windows Script Host (wscript.exe).

While Kaspersky does not attribute the attacks to a specific threat actor, the researchers found signs of Chinese language use and infrastructure overlap with IPs previously associated with ValleyRAT and Gh0st RAT activity.

However, there is insufficient evidence for high-confidence attribution to be possible.

WhatsApp users are advised to treat files sent by contacts, even trusted ones, with caution and to always verify them through secondary means.

All downloaded files should be scanned with an up-to-date antivirus before executing them.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Presented by Splunk

Every day, organizations learn things their AI systems never get to use.

A security analyst corrects an AI-generated investigation. A network engineer identifies the root cause of a recurring outage. An observability team discovers that a pattern of latency, logs and infrastructure changes predicts service degradation. A customer operations team learns which signals indicate an escalation is likely.

Each moment contains valuable organizational knowledge. But in most enterprises, that knowledge disappears into tickets, dashboards, chat threads, post-incident reviews and the minds of individual experts. It may help solve the immediate problem, but it rarely becomes part of a reusable system that improves future AI-driven decisions.

That is the next challenge for the agentic enterprise.

The future will not be defined simply by who has the most capable model or the most autonomous agents. Many organizations will have access to similar frontier models. Many will deploy agents across security, IT, engineering, customer service, and business operations.

The real differentiator will be whether those agents can learn from the organization around them.

Not by constantly retraining the underlying model, but by capturing operational experience, converting it into institutional knowledge and making that knowledge available to future agents, workflows, and decisions.

The agentic enterprise is not just an enterprise that uses AI. It is an enterprise that learns through AI.

Agentic enterprises allow AI systems to learn from them

The AI conversation has been dominated by model capability: larger context windows, better reasoning, faster inference, stronger tool use, and more sophisticated agentic behavior.

Those advances matter. But in the enterprise, a model is only one part of the system.

A model does not automatically know how a specific organization operates. It does not inherently know which remediation step solved last month’s outage, which analyst correction improved a threat investigation, which network signal preceded a service disruption, or which internal policy should override an otherwise plausible recommendation.

That knowledge belongs to the enterprise.

For agentic systems to improve, organizations need a way to capture that knowledge and make it reusable. In many cases, that does not require changing the model itself. It requires changing the ecosystem around the model: the knowledge base, retrieval layer, prompts, policies, guardrails, routing logic and workflows that shape how agents behave.

The model may remain the same. The learning system around it becomes smarter.

Feedback loops turn every outcome into a teachable moment for agents

Every agentic workflow creates signals.

An agent receives a request. It retrieves context, reasonsthrough possible actions, calls tools, and generates answers. A human accepts, rejects, or modifies that answer. Downstream systems reveal whether the action worked.

That entire chain is valuable.

AI observability gives organizations visibility into what happened: the prompt, response, reasoning path, tool calls, data sources, intermediate steps, failure modes and outcomes. Without that visibility, organizations cannot understand why an agent behaved the way it did, let alone improve it.

But observability alone is not enough.

The larger opportunity is to turn observed behavior into institutional knowledge. A trace should not only help a developer and operators debug an agent. It should help the enterprise understand what the agent learned, what the human corrected, what outcome followed, and what should change before the next similar event.

That is the shift from monitoring AI to teaching AI.

In the agentic enterprise, feedback loops connect action to outcome, outcome to knowledge and knowledge back to future action.

A learning system in practice across security, observability and the network

Consider a service experiencing intermittent degradation.

An observability agent detects unusual latency and error rates. A network agent identifies packet loss across a specific path. A security agent notices that the same time window includes suspicious authentication behavior and unusual traffic from a previously unseen source.

Individually, each agent has only a partial view. Together, they create a richer operational picture.

The first time this incident occurs, human experts may need to intervene. A network engineer confirms that packet loss was caused by a misconfigured routing change. A security analyst determines that the suspicious traffic was not an attack, but a side effect of a misrouted internal service. An SRE connects the network event to the application degradation.

That resolution contains knowledge the organization should not have to relearn.

A mature agentic learning system would capture the traces, human corrections, topology context, security findings, observability signals and final remediation steps. It would preserve the relationship between those signals: latency pattern, network path, identity behavior, routing change and remediation.

The next time a similar pattern appears, agents would not start from zero. They could retrieve the prior case, compare current conditions, recommend the proven diagnostic path and escalate with better context.

The underlying frontier model did not need to be retrained.

The enterprise learned.

The architecture of the learning agentic enterprise

A learning-oriented agentic enterprise needs more than a model or chatbot. It needs an architecture that can capture experience, turn it into usable knowledge, connect that knowledge to operational context, and govern how it changes future agent behavior.

Memory preserves what happened: what the agent saw, what it did, where humans intervened, and what outcomes followed.

Knowledge bases turn that experience into reusable guidance, including playbooks, examples, policies, procedures, and evidence.

A data fabric connects the operational environment. The signals agents need live across logs, metrics, traces, tickets, identity systems, security tools, network telemetry, collaboration platforms, and business applications. A data fabric makes those signals discoverable, correlated, governed, and usable in context.

AI observability explains how agents behave by capturing prompts, tool calls, intermediate steps, responses, feedback, and outcomes. That visibility helps organizations understand where agents succeed, where they fail, and what should improve.

The control plane governs how learning becomes change: what knowledge is promoted, which prompts or policies are updated, which agents can use new information, what approvals are required, and how changes are audited.

Together, these capabilities allow AI systems to improve over time in a controlled, trustworthy way that allows the enterprise to learn from its own operations.

The organizations that learn fastest will win

The next era of AI will not be won by models alone. It will be won by organizations that can capture what they learn from every workflow, expert correction, incident, investigation, and outcome.

The most advanced agentic enterprises will not simply deploy more agents. They will build systems that allow every agent to benefit from the collective knowledge of the organization.

That means connecting operational data through a data fabric. It means observing agent behavior deeply enough to understand it. It means preserving experience in memory and institutionalizing it in knowledge bases. It means using a control plane to govern how learning changes agent behavior.

The future of AI is not a single autonomous agent acting alone. It is an ecosystem of agents, humans, data and controls that learns over time.

The organizations that build that ecosystem will create AI systems that get better with every interaction. Not because the model is constantly changing, but because the enterprise itself is becoming more intelligent.

Learn more about how Cisco Data Fabric powered by the Splunk Platform is accelerating agentic operations.

Hao Yang is Vice President AI at Splunk, a Cisco Company.

Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact sales@venturebeat.com.

A July 2025 lawsuit by Apple against leaker Jon Prosser resulted in a default ruling, but that default has been set aside as Prosser has finally agreed to participate in discovery.

A rumor video posted by Jon Prosser in early 2025 suggested that he had seen the upcoming transparent UI design. Later, a lawsuit from Apple accused Prosser of conspiring with Michael Ramacciotti to steal secret contents of a test device owned by Ethan Lipnik.

Prosser didn’t respond to Apple’s July 2025 lawsuit, which led to a default judgement, but now that default has been set aside by the judge. This occurred at Apple’s and Prosser’s lawyers’ request on June 10.

Apple didn’t share its exact reasoning for giving Prosser a break here, as the default judgement would go in Apple’s favor. However, it seems that discovery could uncover more details about what occurred, which could lead to more harsh results.

Basically, it seems Apple wants the Prosser case to serve as a warning.

The order signed by the judge says that Prosser must produce all materials by June 9 and sit for deposition by June 16. Since both of those days have passed, those things surely have already taken place.

The judge also says Prosser has ten days from June 22 to file a responsive pleading to Apple’s complaint. It is unclear how Prosser might choose to plead given the circumstances.

In the time since the lawsuit began, Prosser has continued to post videos about Apple leaks. The most recent video was posted on June 17, so after his deposition date.

Prosser used to be a more trusted leaker, but has seemingly fallen into the habit of repeating other rumors rather than having his own sources. For example, the latest video on iPhone Fold is compelling, but lacks any new details or leaks.

There is a mysterious phenomenon in which strong radio signals arrive periodically from space, yet their source remains completely unknown. Known as “long-period radio transients” (LPTs), these phenomena are observed as radio bursts that repeat at intervals ranging from several minutes to several hours. Only a dozen or so examples have been discovered within the Milky Way, and their physical nature has long remained a mystery.

Previous research has suggested that candidates for the source of LPTs include neutron stars known as magnetars, which rotate extremely slowly, and binary systems consisting of white dwarfs with companion stars. However, the magnetar hypothesis faces the problem of contradicting existing theoretical models.

On the other hand, while a few cases suggesting a connection to white dwarf binaries have been reported, there had been no cases in which the accretion process was directly confirmed to be actually occurring.

Against this backdrop, an international research team led by the University of Sydney in Australia conducted a sky-survey using the Australian Square Kilometer Array Pathfinder (ASKAP) radio telescope and identified the true nature of a mysterious object named ASKAP J174508.9-505149. These observational results are said to be the strongest evidence to date pointing to LPT as one of the sources of this phenomenon.

“For the first time we have pinpointed the origin of these signals,” said Kovi Rose, a doctoral student at the University of Sydney’s School of Physics and the Commonwealth Scientific and Industrial Research Organization, in a press release. “We’ve been able to show that the source for one of these transients comes from a white dwarf actively pulling material from a companion star.”

A White Dwarf and a Companion Star

Rose and his research team confirmed through spectroscopic observations that ASKAP J1745-5051 exhibits hydrogen emission lines (the Balmer series) and helium emission lines (HeI and HeII). In particular, the strong HeII emission line is known as an optical feature characteristic of “magnetic cataclysmic variables.”

Cataclysmic variables is a general term for close binary systems in which a white dwarf accretes matter from a companion star. Among these, those in which the white dwarf possesses a strong magnetic field and gas accretes along magnetic field lines are called “magnetic cataclysmic variables.”

Furthermore, analysis of the radial velocities of the Balmer series emission lines revealed that the orbital period of this binary system is approximately 1.368 hours, which was confirmed to match the repetition period of the radio pulses, approximately 1.345 hours. Furthermore, based on the orbital period, the companion star’s mass was estimated to be approximately 0.096 times that of the sun, and its radius approximately 0.13 times that of the sun, indicating that it corresponds to an M6-class red dwarf.

In other words, ASKAP J1745-5051 is a binary system in which a white dwarf and a red dwarf orbit each other at an extremely close distance. A white dwarf is the high-density remnant of a star that has reached the end of its life; although it is about the size of Earth, its mass is comparable to that of the sun. Its companion, the red dwarf, is larger but less dense, with a mass of only about one-tenth that of the Sun. The two stars orbit each other in a short period of just over one hour.