Making sure the heatgun is on ‘low’ and gloves are on while pushing on the mold. (Credit: Zion Brock)
Although hobbyists these days most often seem to use thermoplastics as a print-and-done material in FDM printers, there’s absolutely nothing stopping you from taking things further with thermoforming. Much like forming acrylic using a hot wire or hot air, thermoplastics like PLA can be further tweaked with a similar method. This can be much less complex than 3D printing the design with supports, as demonstrated by [Zion Brock].
For this classically styled radio project the front grille was previously 3D printed with the curved shape, but to avoid an ugly edge it had to be printed with most of the grille off the print bed, requiring countless supports and hours of printing time. To get around this, [Zion] opted to print the grille flat and then thermoform its curved shape. Of course, due to the unusual shape of the grille, this required a bit more effort than e.g. a spherical form.
This is similar to what is used with sheet metal to get detailed shaped, also requiring a mold and a way to stretch the flat shape over the mold. With the flat form designed to have all the material in the right places, it was able to be printed in less than an hour in PLA and then formed with a heatgun aimed at the part while the two-section mold is slid together to create the final form.
You can find the design files and full instructions on the website for the radio project.
Samsung looks to be going all-in on 2nm chip production, a move that could start to loosen Qualcomm’s grip on future Galaxy phones.
While the upcoming Galaxy S26 is expected to debut Samsung’s first 2nm processor, the Exynos 2600, new reports suggest the company is already lining up its successor for mass production.
According to Korean outlet Hankyung, Samsung plans to begin mass production of the Exynos 2700 in the second half of 2026. Analysts at Kiwoom Securities believe the chip could power around half of the Galaxy S27 lineup, expected to land in 2027.
If that happens, it would mark a major shift away from Qualcomm-powered flagships and, by extension, from TSMC-manufactured chips.
Advertisement
Advertisement
That doesn’t mean Samsung is cutting ties with Qualcomm just yet. Current reports suggest Samsung’s 2nm yield sits at around 50%, compared to Qualcomm’s reported 65% via TSMC. Until Samsung can close that gap, Qualcomm is likely to remain part of the picture. At least for certain markets and models, that remains true.
Still, the ambition is clear. The Exynos 2700 — reportedly codenamed Ulysses — is expected to feature a deca-core CPU, an Xclipse 970 GPU, and support for next-gen standards like LPDDR6 RAM and UFS 5.0 storage. Importantly, all are built on Samsung’s 2nm SF2P process. On paper, at least, it’s shaping up to be a serious flagship contender.
The bigger story, though, is what this means for Samsung as a whole. Launching the Exynos 2600 ahead of rivals would make Samsung the first company to bring a 2nm chip to market. This would beat both Qualcomm and MediaTek, while also giving Samsung more control over its hardware stack, echoing strategies used by Apple and Google.
Advertisement
There’s also a geopolitical angle. With US tariffs still influencing supply chains, Samsung’s growing manufacturing presence could make it an attractive alternative for companies looking to reduce reliance on TSMC. That’s a long-term play, and one that hinges heavily on Samsung improving its yield rates.
For now, Samsung’s 2nm push feels like a statement of intent. Qualcomm may still be the safer option today. However, Samsung is clearly positioning Exynos as a serious rival again — and this time, the stakes are much higher.
Raytheon’s non-kinetic Coyote responds intelligently to the growing threat of drone swarms. Companies and militaries are seeking for cost-effective solutions to deal with large numbers of low-cost, off-the-shelf drones. RTX’s Raytheon division has really created a new variant that demonstrates what it’s all about.
The Coyote Block 3 Non-Kinetic variant just blasts out of a little tube and flies through the air. It’s driven by a small turbine engine, and before you know it, it’s flying at high speeds and altitudes, allowing it to quickly close in on targets. Once in the air, it simply hangs around over the contested region, waiting for any dangers to appear. When the drones begin to arrive, typically in large groups meant to overwhelm defenses, the Coyote rushes into action.
Due to platform compatibility issue, the DJI Fly app has been removed from Google Play. DJI Neo must be activated in the DJI Fly App, to ensure a…
Lightweight and Regulation Friendly – At just 135g, this drone with camera for adults 4K may be even lighter than your phone and does not require FAA…
Palm Takeoff & Landing, Go Controller-Free [1] – Neo takes off from your hand with just a push of a button. The safe and easy operation of this drone…
Unlike its explosive cousins or missiles, which simply bang into targets, this Coyote carries a non-kinetic payload, also known as an unseen blast of electricity that immediately damages the drone’s circuitry. Circuits fail, controls lock up, and the enemy aircraft plummets from the sky. There is no fireball or shrapnel; the attacking drone simply drops to the ground, and the Coyote continues to fly.
This capability was tested during recent demonstrations for the US Army. One drill at Yuma Proving Grounds saw operators launch drone swarms directly at the defense setup. The Coyote Block 3 Non-Kinetic then fought many incoming drones simultaneously. The footage from that drill shows the interceptor speeding past its targets, followed by the drones plummeting through the air with no sign of an explosion or hit. According to reports, at least ten drones were destroyed in one strike, including those troublesome Group 1 and Group 2 types that the adversary like to deploy in large numbers.
The recovery feature is another significant advantage of this device, since the Coyote just returns to base and drops into a net. Ground crews can then inspect the airframe, perform some basic maintenance, and prepare it for the next trip. Because it is reusable, you save a lot of money compared to building and launching single-use interceptors that go up in a puff of smoke after one task. Instead of needing to build a new round every time, the main expenses are now fuel and the occasional refurbishing.
Advertisement
Raytheon builds both kinetic and non-kinetic variants of the Coyote, with the kinetic versions relying on direct collision or a warhead to destroy the target completely. The non-kinetic Block 3 variant has the same fast, jet-powered body and can fly faster and higher than many comparable aircraft, but it replaces the explosive end with an electronics-focused defeat. This makes all the difference when drone swarms arrive in waves. Conventional rockets or cannons will simply run out of ammunition if the attacks continue for an extended period of time, but a gettable platform with a reusable effect is a different issue entirely. [Source]
With a quote in minutes, Boxt Solar makes it easy to start your solar journey. I found that high-quality solar panels and professional installation let me make the most of my roof space and generate a decent amount of power from my south-facing roof.
Boxt Solar might not be right for those with special requirements (flat roofs aren’t supported, for example, and there’s only a basic choice of inverter and solar battery), but if your home is ripe for a straightforward installation, the service is professional and smooth.
Very competitive price
Simple quotation and installation process
Excellent and neat installation
High quality solar panels and other components
Initial communication could be better
No support for flat roofs
Introduction
Solar power is a brilliant, simple way to generate electricity from the sun. With technology improving, installation costs dropping, and high electricity prices, there’s never been a better time to kit your house out. While there are many companies offering installation, I’ve tried out Boxt Solar.
As with its boiler installation service, the idea behind Boxt Solar is to offer a simple quoting and installation process at very competitive prices. The flip side is that some types of roofs can’t be used for solar panels, and there’s a more limited choice of hardware than you might get with some alternatives. But, if you’ve got a house that can take a straightforward installation, the quality and simplicity of Boxt could make it a good choice.
Advertisement
Advertisement
Quote and buying
Get a quote fast
Competitive pricing
Project finalisation could do with extra detail
The Boxt Solar installation process starts with the website and a super-quick quotation process. Just tap in your postcode, select your home using the satellite image, and answer a few basic questions about the house and roof type, and you get a basic quote through.
This basic quotation makes an initial assumption about the number of solar panels you can have, and gives you a choice over the number and type of batteries you might want.
It’s remarkably quick. Having been thinking about getting solar installed for some time, I’ve been through the quotation process with several other providers in the past, and in many cases have had to wait for a final quote.
Even where I have had a quote instantly elsewhere, the price was higher and Boxt, as it is for its boiler service, is hugely competitive.
This initial quote process does highlight some of the restrictions of Boxt’s service. For starters, the company doesn’t support flat roofs. Depending on which way your house is orientated, that could be an issue.
Advertisement
Advertisement
For example, I live in a Victorian terraced house, and have had a loft conversion, so the back part of the roof is all flat. Fortunately, the front of my house is pretty much due south, which is ideal for solar; however, my neighbours over the road with loft conversions would find that their south-facing roofs are all flat, so not suitable for solar with Boxt.
There’s an argument for my house to use the flat roof for increased solar capacity, although that wouldn’t be possible with Boxt. I do get why this decision has been made. Installing solar on a flat roof is more complicated, so it’s harder to give an instant quote for and would make the system more complicated.
If you do have a lot of flat roof that you want to use, then Boxt isn’t for you, and you’ll want to talk to a more specialist company that can offer this kind of installation.
Advertisement
Next, from the installation process, you’ll see that the choice of components is relatively small. You can have a Sunsynk hybrid inverter only, rated to match the size of your array.
Then there’s a choice of just Sunsynk batteries (up to three 5.3kWh), or a Tesla PowerWall 3 13.5kWh.
Image Credit (Trusted Reviews)
Advertisement
While the choice is limited, Boxt has at least taken highly-rated products, well-suited to the jobs. The Sunsynk 3.6kW Ecco Hybrid Inverter that was quoted for my system is compact and rated for up to 7000W of DC input, with a constant 3.6kWh output and support for batteries. Likewise, the companies batteries are highly specced.
While the choice may be low, focusing on a few key components makes the process simple and helps keep the price down.
Advertisement
It’s the same with the solar panels, which are all AIKO NEOSTART S3 Mono-Glass panels. These are highly rated panels, and Boxt will update to the best available. When I got my first quote, it was for 460W panels, but before installation, they were upgraded to 475W panels at no extra cost.
Image Credit (Trusted Reviews)
I decided not to opt for a battery: working at home all day, I tend to use a lot of electricity throughout the day; I don’t have a huge amount of space to put a battery; and the relatively small footprint of my roof limits the size of array I can have and, therefore, how much spare power there is to charge a battery. Whether or not a battery is right for you will depend on your installation and how much power you generate.
Overall, the system came in at £4699 for five panels and no battery (with buy one get one free on the solar panels, and bird protection), which is great value. Pricing and offers do change quite regularly, but this gives you an idea of the cost.
Advertisement
A quote includes the full installation cost, with scaffolding, and there’s a two-year workmanship guarantee covered. All installations come with an HIES deposit guarantee, which protects your deposit should the installer cease trading before work is completed.
Advertisement
Before installation can go ahead, you need to provide images of your home, including the roof, and inside and outside areas. You then have a call to confirm your selection and what can be done on your house.
It’s at this point that you need to think about where to put everything. If you’ve got a garage or side wall with plenty of space on a path, using that space probably makes sense; if not, then you’ll need space for the inverter and battery. Both can go outside, but it’s important to clarify where you’d like them to go.
As mentioned, I didn’t go for a battery, so I needed space for the inverter only, which I wanted on my external wall, to the left of the bay window. I did feel as though this process could do with a bit more information and, perhaps, some photos of what an installed inverter looks like in a typical house (inside and out) for size reasons.
I was told that I needed space for the inverter, but regulations mean that you need isolation switches, and you may need an additional consumer input for the incoming feed. Where you want all of this stuff should be considered before installation.
Advertisement
During the call, there’s a confirmation of how many solar panels you can have. There’s no site visit, so satellite photos and images of neighbouring properties are used as a guide. In my case, my next-door neighbour already has solar, with six panels, so that was used as a guide.
Advertisement
I was told that potentially it would be five panels rather than six, due to the size of the panel that Boxt uses. That’s fine, as there’s only so much physical space, but at this point it would have been useful if I had been sent a quote for both a five- and six-panel system.
That’s particularly important, as the quote gives you a breakdown of how much electricity you will likely generate over the year, as well as how long it will take the system to pay itself off.
Advertisement
Image Credit (Trusted Reviews)
It’s a detailed report, but there is a difference between having five and six panels, and it’s good to have all of the information to hand. I say this more as a piece of information: if you start going through a quote with Boxt, just make sure you ask for additional quotes if there’s a chance you’ll end up with fewer solar panels than you first thought.
What I can say is that the report generated is thorough. It uses average data based from across the UK, based on the orientation of your roof, and makes it easier to make an informed decision based on your home.
I’m lucky in that my roof is almost directly south-facing, so about as good as you’ll get. If your house has an east- or west-facing roof, then you’ll get less direct sun, so you’ll generate less power and it will take longer to pay back.
Advertisement
In all cases, solar is a long-term investment. For my house, the system is estimated to take 11 years to pay back, paying up front. If you want to take finance, then the report lets you select three, five or 10 year finance options to see the difference in payback time and savings.
Advertisement
Image Credit (Trusted Reviews)
Having all of this to hand makes it much easier to make an informed decision. With any solar installation, it’s well worth analysing the data to make sure the system is worth it.
Assuming everything aligns and you’re happy with the quote, then the installation can be booked in. Boxt, like other solar installers are busy, but it shouldn’t take more than a few weeks until a slot is available.
Installation
Professional, clean installation
Make sure you’re very clear where everything will go
Installation is via one of Boxt’s teams. There’s good communication, with clear information on when the scaffolding will go up and come back down, and when the installation team will be on site, turning up with the solar panels, inverter and, if you ordered, a battery.
Advertisement
My scaffolding went up a few days before the planned installation. It was done neatly and professionally, and it was securely fastened to a stable work platform for the solar team to work on. As an aside, it was also useful to get up to the roof and sort out the very dirty gutters!
Image Credit (Trusted Reviews)
On installation day, the team arrived on time and were great: friendly, polite and easy to deal with. The first thing mentioned was that the six panels I’d ordered wouldn’t fit, so it would have to be five panels.
This is something that a site visit would have confirmed immediately. And, if I’d have had the five-panel quote, I would have had more information on whether to progress or not. I still would have gone ahead, but finding out on the day that I was effectively one panel down wasn’t ideal, and a bit more communication from Boxt pre-installation would have been good.
Advertisement
As the team had a spare solar panel, this was left at the end of installation, and needed to be collected separately. I left the panel outside (it’s too big to fit in my home) and found out a few days later that the collection hadn’t been arranged; a quick online chat with the help team fixed it.
Back to the installation, the job on the roof was immaculate. Many solar installations use mounting bars for the panels. Depending on the number and orientation of the panels, this can mean the ends of the bars stick out. Boxt uses individual mounts for each panel, that clamp under the tiles.
Advertisement
Image Credit (Trusted Reviews)
This gives a much neater finish winothing sticking out from the sides of the panels.
Image Credit (Trusted Reviews)
Likewise, the bird proofing is very neat. Rather than using a mesh, which a bird could get its foot caught in, Boxt uses vertical bits of metal, which feels safer, while stopping pigeons from getting under the panels.
Image Credit (Trusted Reviews)
I can’t say how important it is to opt for the bird proofing. My neighbours originally had their system installed without, and pigeons got under it, with red mites making their way into their home, so they retrospectively added it. Avoid this and make sure you have bird proofing from the start.
Advertisement
Advertisement
The rest of the installation was done with precision and neatness, and I like the way that the cables on the roof where tucked under the tiles to keep them out of site. Sure, I was always going to end up with some cables running down the front of the house, but where cables could be hidden, they were.
Image Credit (Trusted Reviews)
There are a few more components to think about. An extra consumer unit was required, which can go inside or out.
I went for an outside installation, with a neat weatherproof box on the wall. Regulations require that an isolator switch is installed below this, which is fine: this switch is a bit ugly, but a pot-plant in front of it hides the switch, while still giving easy access to it.
Image Credit (Trusted Reviews)
My inverter was installed at head height, even though I had asked the pre-installation team to keep it as low as possible. Where the scaffolding was prevented a lower fitting at the time of installation.
Advertisement
Beneath the inverter, there was another strip of cabling with another isolator. Again, this is because of regulations. With the scaffolding up, the inverter wasn’t too visible; with the scaffolding down, the first thing you could see when walking past my house was an inverter, its red and green lights on the Wi-Fi module (please, smart home manufacturers, stop putting lights on everything), and the switches below. While the finish was very professional, the overall look wasn’t great.
Advertisement
Image Credit (Trusted Reviews)
I spoke to Boxt, and had the inverter lowered by just over 50cm, which largely hides it from view as you walk past.
Image Credit (Trusted Reviews)
The isolator switches were relocated to under the left-hand-side of the bay window, where they’re easy to access but, crucially, remain hidden.
Image Credit (Trusted Reviews)
Advertisement
I mention this as more of a guide for anyone using Boxt (or, indeed, another installer): make sure you know exactly where the inverter and any switches will go, and confirm exactly where you want them prior to installation.
Overall, the final installation was expertly done, and looked neater than other installations I’ve spotted walking around my neighbourhood, particularly with the panels themselves. I also prefer the inverter to be outside, as it would take up too much room inside a small, terraced house (it’s almost like those pesky Victorians didn’t think about solar panels when building millions of these houses).
At the end of the installation, Boxt commissions the inverter and gets it connected to your Wi-Fi. Boxt maintains the inverter’s master account and invites you as a full admin guest.
This makes a lot of sense, as if there are any issues, the support team can look at the app and see what’s going on.
Advertisement
From the Sunsynk app, you can see how much solar is being generated, what a battery (if connected) is doing and, via a clamp, how much power you’re drawing or sending to the grid. This information can have a slight delay, but it should give a close approximation of what’s going on.
Image Credit (Trusted Reviews)
Advertisement
For overall power consumption, I find that the Octopus app is best, but the Sunsynk app gives me a breakdown between solar and grid that’s very useful, so I know what I’m generating.
After the installation I was emailed the installation certificates and all the data that’s required for getting on a feed-in tariff. I signed up for the Octopus feed-in tariff as soon as I could, which means I get paid 15p per kWh exported to the grid. This took a few weeks to complete, after which I got a new dashboard in the Octopus app to track my earnings.
Performance
Lots of power on a clear day
Helpful support team
The first thing that I noticed was that the Synsynk app was often quite wrong. It would register the amount of solar power I was generating properly, but the house load and information from the grid was often completely wrong, even accounting for a delay. For example, on a cloudy day with 60W of solar, the Synsynk app would report that I was exporting 14W to the grid, suggesting a house load of just 46W; the Octopus app had it right at around 473W consumed.
Talking to the support team, they could view my inverter and see that the data wasn’t quite right. After sending a firmware update to the inverter and monitoring the system, sent someone round who moved the internal clamp, fixing the issue.
Advertisement
Image Credit (Trusted Reviews)
Advertisement
I find the Sunsynk app useful for seeing how much power I’m generating at any one time, but the Octopus app is better for seeing actual live household use.
Image Credit (Trusted Reviews)
Aside from monitoring solar and, if you have one, battery performance, the Sunsynk app isn’t much use. It has a section called Intelligent, where I could connect my Philips Hue lights to the system, using colour-changing to show the state of battery charge. That’s pretty useless, and it’s a shame that there aren’t more features.
Image Credit (Trusted Reviews)
For example, I’d like the app to have the ability to send a notification when solar generation exceeds a certain level, as a prompt to use up some power by turning on the washing machine or dishwasher.
Solar is very much an individual thing, but I can say that I’m impressed with my system. Having had it installed late in December, I was just in time for the shortest days, mixed with dull, cloudy days.
Advertisement
On a clean, bright, sunny day, the system can (so far) deliver up to 1.4kW from a notional capacity of 2.37kW. Once the solar array is fully cranked up, it’s free power in the house, and it’s always nice to check the real-time information from Octopus and see a deficit – sometimes over 1kW.
Advertisement
What difference solar makes can only really be seen over a year, and maximising it does involve rethinking how appliances are used. I can see where solar is working.
Going away at the end of November, with nobody in the house, the 30 November was a nice, bright sunny day. Overall, that day, my usage in the house was just 4.14kWh, which is tiny. Without solar, and just background device usage (fridge, router, etc), I’d expect at least 7kWh. Compared to the previous day (29 November), when we were away but it was cloudy, the hourly breakdown shows what solar does – there are hours where no external power is used.
Image Credit (Trusted Reviews)
Pre-installation in November, my average usage was 12.89kWh of power per day; in December that came down to 11.79kWh per day with similar conditions throughout the month.
Where possible, I do try to maximise solar usage. So, on a bright sunny day when running a deficit, I try to run the washing machine, dishwasher and/or tumble dryer. Effectively, these appliances become free to run if there’s solar power.
Advertisement
Advertisement
Via my export tariff, I managed to export 13.75kWh in December, with the tariff only kicking in half-way through the month. That’s £2.06 of earnings. In January, I exported 31.59kWh of power (earning £4.74).
The best export day I had was 4.2kWh, but on dull, cloudy days, there’s nothing going out. What this shows me is that in the colder, darker months, when I use more power, there’s rarely enough spare power to charge a battery for later, so I think I made the right decision not to have one.
While the export figures I have are hardly life-changing, they do make an impact: I basically export enough power that I claw back enough to pay for one and two days’ worth of electricity for nothing.
Once we hit the summer months, with a higher sun and longer daylight hours, my electricity production should massively jump, and sunny days should be almost free for me. I’ll update this review over the year to give a better idea.
Advertisement
Exact savings depend on the amount of sunlight and overall electricity demand, but I can say with confidence that on bright days, the solar panels can generate more power than I use and cope with spikes from higher-demand appliances, such as a washing machine. There’s a clear impact.
Advertisement
Should you buy it?
You want a simple process and a good price
Advertisement
If you can go for a simple straightforward installation, Boxt’s combination of simple sign-up, fast installation and quality components are a winner.
Advertisement
You have more complex needs
If you need to specify which components you want, or have need of a more complicated installation, such as on a flat roof, an alternative supplier might be best.
Advertisement
Final Thoughts
Are solar panels worth it? Without a doubt, if you’ve got the right type of roof that gets adequate sunshine, then a solar system will save you money and generate power that you can use, export and/or top up a battery. It’s worth doing your sums to make sure that any system will pay for itself in an acceptable time frame and if a battery will be of benefit to you.
Would I buy from Boxt Solar? Yes, I would, but with some caveats. For those who need a more complicated installation, such as on a flat roof, or who want specific components (battery, inverter, etc.), then Boxt isn’t for you.
If you want a straightforward installation, then the combination of low price, high-quality components and quality installation is a winner. Just make sure that you get all of your questions answered up front, including where the kit will go exactly, and get quotes for all variations of the number of panels you might have installed, just in case things change on the day. With that information, you can’t go wrong.
FAQs
Do solar panels work on cloudy days?
Advertisement
Yes, but not as efficiently. On an overcast day, my five-panel array can hit up to 267W; on a bright, sunny day, I’ve seen up to 1.4kW of power.
Do solar panels have be cleaned?
Rain will mostly clean off the panels, but having them cleaned yearly can help maintain maximum performance.
An anonymous reader shares a report: An Anthropic safety researcher quit, saying the “world is in peril” in part over AI advances. Mrinank Sharma said the safety team “constantly [faces] pressures to set aside what matters most,” citing concerns about bioterrorism and other risks.
Anthropic was founded with the explicit goal of creating safe AI; its CEO Dario Amodei said at Davos that AI progress is going too fast and called for regulation to force industry leaders to slow down. Other AI safety researchers have left leading firms, citing concerns about catastrophic risks.
Security firm iVerify says it has uncovered a new spyware platform dubbed ZeroDayRAT, a tool designed to seize near-total control of a compromised smartphone. According to the company, the malware works on both Android and iOS devices – including the latest versions of each operating system – and offers a… Read Entire Article Source link
Apple’s long-promised overhaul of Siri has hit fresh problems during internal testing, forcing the company to push several key features out of the iOS 26.4 update that was slated for March and spread them across later releases, Bloomberg is reporting.
The new Siri — first announced at WWDC in June 2024 and originally due by early 2025 — struggles to reliably process queries, takes too long to respond and sometimes falls back on OpenAI’s ChatGPT instead of Apple’s own technology, the report said. Apple has instructed engineers to begin testing new Siri capabilities on iOS 26.5 instead, due in May, and internal builds of that update include a settings toggle labeled “preview” for the personal data features. A more ambitious chatbot-style Siri code-named Campo, powered by Google servers and a custom Gemini model, is in development for iOS 27 in September.
State-backed hackers are using Google’s Gemini AI model to support all stages of an attack, from reconnaissance to post-compromise actions.
Bad actors from China (APT31, Temp.HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and open-source intelligence, generating phishing lures, translating text, coding, vulnerability testing, and troubleshooting.
Cybercriminals are also showing increased interest in AI tools and services that could help in illegal activities, such as social engineering ClickFix campaigns.
AI-enhanced malicious activity
The Google Threat Intelligence Group (GTIG) notes in a report today that APT adversaries use Gemini to support their campaigns “from reconnaissance and phishing lure creation to command and control (C2) development and data exfiltration.”
Chinese threat actors employed an expert cybersecurity persona to request that Gemini automate vulnerability analysis and provide targeted testing plans in the context of a fabricated scenario.
Advertisement
“The PRC-based threat actor fabricated a scenario, in one case trialing Hexstrike MCP tooling, and directing the model to analyze Remote Code Execution (RCE), WAF bypass techniques, and SQL injection test results against specific US-based targets,” Google says.
Another China-based actor frequently employed Gemini to fix their code, carry out research, and provide advice on technical capabilities for intrusions.
The Iranian adversary APT42 leveraged Google’s LLM for social engineering campaigns, as a development platform to speed up the creation of tailored malicious tools (debugging, code generation, and researching exploitation techniques).
Additional threat actor abuse was observed for implementing new capabilities into existing malware families, including the CoinBait phishing kit and the HonestCue malware downloader and launcher.
Advertisement
GTIG notes that no major breakthroughs have occurred in that respect, though the tech giant expects malware operators to continue to integrate AI capabilities into their toolsets.
HonestCue is a proof-of-concept malware framework observed in late 2025 that uses the Gemini API to generate C# code for second-stage malware, then compiles and executes the payloads in memory.
HonestCue operational overview Source: Google
CoinBait is a React SPA-wrapped phishing kit masquerading as a cryptocurrency exchange for credential harvesting. It contains artifacts indicating that its development was advanced using AI code generation tools.
One indicator of LLM use is logging messages in the malware source code that were prefixed with “Analytics:,” which could help defenders track data exfiltration processes.
Based on the malware samples, GTIG researchers believe that the malware was created using the Lovable AI platform, as the developer used the Lovable Supabase client and lovable.app.
Advertisement
Cybercriminals also used generative AI services in ClickFix campaigns, delivering the AMOS info-stealing malware for macOS. Users were lured to execute malicious commands through malicious ads listed in search results for queries on troubleshooting specific issues.
AI-powered ClickFix attack source: Google
The report further notes that Gemini has faced AI model extraction and distillation attempts, with organizations leveraging authorized API access to methodically query the system and reproduce its decision-making processes to replicate its functionality.
Although the problem is not a direct threat to users of these models or their data, it constitutes a significant commercial, competitive, and intellectual property problem for the creators of these models.
Essentially, actors take information obtained from one model and transfer the information to another using a machine learning technique called “knowledge distillation,” which is used to train fresh models from more advanced ones.
“Model extraction and subsequent knowledge distillation enable an attacker to accelerate AI model development quickly and at a significantly lower cost,” GTIG researchers say.
Advertisement
Google flags these attacks as a threat because they constitute intellectual theft, they are scalable, and severely undermine the business model of AI-as-a-service, which has the potential to impact end users soon.
In a large-scale attack of this kind, Gemini AI was targeted by 100,000 prompts that posed a series of questions aimed at replicating the model’s reasoning across a range of tasks in non-English languages.
Google has disabled accounts and infrastructure tied to documented abuse, and has implemented targeted defenses in Gemini’s classifiers to make abuse harder.
The company assures that it “designs AI systems with robust security measures and strong safety guardrails” and regularly tests the models to improve their security and safety.
Advertisement
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
When enterprises fine-tune LLMs for new tasks, they risk breaking everything the models already know. This forces companies to maintain separate models for every skill.
Researchers at MIT, the Improbable AI Lab and ETH Zurich have developed a new technique that enables large language models to learn new skills and knowledge without forgetting their past capabilities.
Their technique, called self-distillation fine-tuning (SDFT), allows models to learn directly from demonstrations and their own experiments by leveraging the inherent in-context learning abilities of modern LLMs. Experiments show that SDFT consistently outperforms traditional supervised fine-tuning (SFT) while addressing the limitations of reinforcement learning algorithms.
For enterprise applications, the method enables a single model to accumulate multiple skills over time without suffering from performance regression on earlier tasks. This offers a potential pathway for building AI agents that can adapt to dynamic business environments, gathering new proprietary knowledge and skills as needed without requiring expensive retraining cycles or losing their general reasoning abilities.
Advertisement
The challenge of continual learning
Once an LLM is trained and deployed, it remains static. It does not update its parameters to acquire new skills, internalize new knowledge, or improve from experience. To build truly adaptive AI, the industry needs to solve “continual learning,” allowing systems to accumulate knowledge much like humans do throughout their careers.
The most effective way for models to learn is through “on-policy learning.” In this approach, the model learns from data it generates itself allowing it to correct its own errors and reasoning processes. This stands in contrast to learning by simply mimicking static datasets. Without on-policy learning, models are prone to “catastrophic forgetting,” a phenomenon where learning a new task causes the model to lose its past knowledge and ability to perform previous tasks.
However, on-policy learning typically requires reinforcement learning (RL), which depends on an explicit reward function to score the model’s outputs. This works well for problems with clear outcomes, such as math and coding. But in many real-world enterprise scenarios (e.g., writing a legal brief or summarizing a meeting), defining a mathematical reward function is difficult or impossible.
RL methods also often fail when trying to teach a model entirely new information, such as a specific company protocol or a new product line. As Idan Shenfeld, a doctorate student at MIT and co-author of the paper, told VentureBeat, “No matter how many times the base model tries, it cannot generate correct answers for a topic it has zero knowledge about,” meaning it never gets a positive signal to learn from.
Advertisement
The standard alternative is supervised fine-tuning (SFT), where the model is trained on a fixed dataset of expert demonstrations. While SFT provides clear ground truth, it is inherently “off-policy.” Because the model is just mimicking data rather than learning from its own attempts, it often fails to generalize to out-of-distribution examples and suffers heavily from catastrophic forgetting.
SDFT seeks to bridge this gap: enabling the benefits of on-policy learning using only prerecorded demonstrations, without needing a reward function.
How SDFT works
SDFT solves this problem by using “distillation,” a process where a student model learns to mimic a teacher. The researchers’ insight was to use the model’s own “in-context learning” (ICL) capabilities to create a feedback loop within a single model.
In-context learning is the phenomenon where you provide the LLM with a difficult task and one or more demonstrations of how similar problems are solved. Most advanced LLMs are designed to solve new problems with ICL examples, without any parameter updates.
Advertisement
During the training cycle, SDFT employs the model in two roles.
The teacher: A frozen version of the model is fed the query along with expert demonstrations. Using ICL, the teacher deduces the correct answer and the reasoning logic required to reach it.
The student: This version sees only the query, simulating a real-world deployment scenario where no answer key is available.
When the student generates an answer, the teacher, which has access to the expert demonstrations, provides feedback. The student then updates its parameters to align closer to the teacher’s distribution.
This process effectively creates an on-policy learning loop by combining elements of SFT and RL. The supervision comes not from a static dataset, but from the model’s own interaction and outputs. It allows the model to correct its own reasoning trajectories without requiring an external reward signal. This process works even for new knowledge that RL would miss.
Advertisement
SDFT in action
To validate the approach, the researchers tested SDFT using the open-weight Qwen 2.5 model on three complex enterprise-grade skills: science Q&A, software tool use, and medical reasoning.
The results showed that SDFT learned new tasks more effectively than standard methods. On the Science Q&A benchmark, the SDFT model achieved 70.2% accuracy, compared to 66.2% for the standard SFT approach.
Contrary to SFT, SDFT preserves the model’s original knowledge while learning new tasks and knowledge (source: arXiv)
More important for enterprise adoption is the impact on catastrophic forgetting. When the standard SFT model learned the science task, its ability to answer general questions (such as logic or humanities) collapsed. In contrast, the SDFT model improved on the science task while holding its “Previous Tasks” score steady at 64.5%. This stability suggests companies could specialize models for specific departments (e.g., HR or Legal) without degrading the model’s basic common sense or reasoning capabilities.
Advertisement
The team also simulated a knowledge injection scenario, creating a dataset of fictional “2025 Natural Disasters” to teach the model new facts. They tested the model on indirect reasoning questions, such as “Given the floods in 2025, which countries likely needed humanitarian aid?”
Standard SFT resulted in a model that memorized facts but struggled to use them in reasoning scenarios. The SDFT model, having internalized the logic during training, scored 98% on the same questions.
Finally, the researchers conducted a sequential learning experiment, training the model on science, tool use, and medical tasks one after another. While the standard model’s performance oscillated, losing previous skills as it learned new ones, the SDFT model successfully accumulated all three skills without regression.
SDFT can learn different skills sequentially while preserving its previous knowledge (source: arXiv)
Advertisement
This capability addresses a major pain point for enterprises currently managing “model zoos” of separate adapters for different tasks.
“We offer the ability to maintain only a single model for all the company’s needs,” Shenfeld said. This consolidation “can lead to a substantial reduction in inference costs” because organizations don’t need to host multiple models simultaneously.
SDFT limitations and availability
The code for SDFT is available on GitHub and ready to be integrated into existing model training workflows.
“The SDFT pipeline is more similar to the RL pipeline in that it requires online response generation during training,” Shenfeld said. They are working with Hugging Face to integrate SDFT into the latter’s Transformer Reinforcement Learning (TRL) library, he added, noting that a pull request is already open for developers who want to test the integration.
Advertisement
For teams considering SDFT, the practical tradeoffs come down to model size and compute. The technique requires models with strong enough in-context learning to act as their own teachers — currently around 4 billion parameters with newer architectures like Qwen 3, though Shenfeld expects 1 billion-parameter models to work soon. It demands roughly 2.5 times the compute of standard fine-tuning, but is best suited for organizations that need a single model to accumulate multiple skills over time, particularly in domains where defining a reward function for reinforcement learning is difficult or impossible.
While effective, the method does come with computational tradeoffs. SDFT is approximately four times slower and requires 2.5 times more computational power (FLOPs) than standard fine-tuning because the model must actively generate its own answers (“rollouts”) during training to compare against the teacher. However, the researchers note that because the model retains knowledge better, organizations may avoid the costly multi-stage retraining processes often required to repair models that suffer from catastrophic forgetting.
The technique also relies on the underlying model being large enough to benefit from in-context learning. The paper notes that smaller models (e.g., 3 billion parameters) initially struggled because they lacked the “intelligence” to act as their own teachers.
However, Shenfeld said that the rapid improvement of small models is changing this dynamic. “The Qwen 2.5 3B models were too weak, but in some experiments we currently do, we found that the Qwen 3 4B model is strong enough,” he said. “I see a future where even 1B models have good enough ICL capabilities to support SDFT.”
Advertisement
Ultimately, the goal is to move beyond static snapshots toward systems that improve through use.
“Lifelong learning, together with the ability to extract learning signal from unstructured user interactions… will bring models that just keep and keep improving with time,” Shenfeld said.
“Think about the fact that already the majority of compute around the world goes into inference instead of training. We have to find ways to harness this compute to improve our models.”
Last May, law enforcement authorities around the world scored a key win when they hobbled the infrastructure of Lumma, an infostealer that infected nearly 395,000 Windows computers over just a two-month span leading up to the international operation. Researchers said Wednesday that Lumma is once again “back at scale” in hard-to-detect attacks that pilfer credentials and sensitive files.
Lumma, also known as Lumma Stealer, first appeared in Russian-speaking cybercrime forums in 2022. Its cloud-based malware-as-a-service model provided a sprawling infrastructure of domains for hosting lure sites offering free cracked software, games, and pirated movies, as well as command-and-control channels and everything else a threat actor needed to run their infostealing enterprise. Within a year, Lumma was selling for as much as $2,500 for premium versions. By the spring of 2024, the FBI counted more than 21,000 listings on crime forums. Last year, Microsoft said Lumma had become the “go-to tool” for multiple crime groups, including Scattered Spider, one of the most prolific groups.
Takedowns are hard
The FBI and an international coalition of its counterparts took action early last year. In May, they said they seized 2,300 domains, command-and-control infrastructure, and crime marketplaces that had enabled the infostealer to thrive. Recently, however, the malware has made a comeback, allowing it to infect a significant number of machines again.
“LummaStealer is back at scale, despite a major 2025 law-enforcement takedown that disrupted thousands of its command-and-control domains,” researchers from security firm Bitdefender wrote. “The operation has rapidly rebuilt its infrastructure and continues to spread worldwide.”
Advertisement
As with Lumma before, the recent surge leans heavily on “ClickFix,” a form of social engineering lure that’s proving to be vexingly effective in causing end users to infect their own machines. Typically, these types of bait come in the form of fake CAPTCHAs that—rather requiring users to click a box or identify objects or letters in a jumbled image—instruct them to copy text and paste it into an interface, a process that takes just seconds. The text comes in the form of malicious commands provided by the fake CAPTCHA. The interface is the Windows terminal. Targets who comply then install loader malware, which in turn installs Lumma.
Apple has released iOS 26.3 to the public, with the changes including a simplified way to transfer to an Android device.
Transfer to Android is now an option in iOS 26.3
Following another beta testing cycle, Apple has released its update for iOS 26.3 to the public. The update follows after just one beta build was tested by Apple, with testers using the first build throughout the end-of-year holiday period. While iOS 26.2 brought many new features to the operating system, iOS 26.3 brings somewhat fewer. This is fairly common for Apple, as the main features are released as part of the initial release in the fall, with fewer features added down the road. Continue Reading on AppleInsider | Discuss on our Forums
