Chamath Palihapitiya, best known for his venture capital firm Social Capital and the All-In podcast, announced Monday that the AI coding startup he founded raised a sizable Series A.

The company, 8090 Labs, closed a $135 million round led by Salesforce Ventures with participation from Jeffrey Katzenberg’s WndrCo, David Sacks’ Craft Ventures, fellow All-In hosts and “besties” David Friedberg’s The Production Board and Jason Calacanis’ Launch, as well angel investors like Palo Alto Networks CEO Nikesh Arora and Quora CEO Adam D’Angelo.

Palihapitiya founded 8090 Labs in January 2024 to offer an AI coding agent specifically for corporate programming teams. Its product, Software Factory, helps corporate coders use AI to build production-quality software, not just vibe-coded prototypes, with all the controls enterprises need, such as audit trails, the company promises.

With the raise, Palihapitiya also announced on X that he will lead the startup as CEO, rather than just serving as a board member.

He said the AI rush today feels like the rise of social media in his career as an early exec at Facebook, long before it became Meta. “Since I left Facebook, I was waiting for a moment like this to return to a full-time operating role,” he wrote. “I am convinced that what we are building now is even more important, so there was no decision to make except to be all in.”

Apple is famous for keeping future iPhones under lock and key. This time, however, the leak didn’t come from a case maker or an overenthusiastic tipster. According to Reuters, confidential files linked to the iPhone 18 Pro have surfaced on the dark web following a cyberattack on Tata Electronics, one of Apple’s most important manufacturing partners in India.

The leak goes far beyond a few blurry photos

Reuters reports that the leaked archive includes supplier lists, internal component maps, engineering documents, and photographs of iPhone 18 Pro units undergoing drop testing. Several of the files reportedly carry Apple’s confidential markings and internal codenames consistent with the iPhone 18 Pro program, though Reuters notes it could not independently verify every document in the archive.

Perhaps even more concerning than the images themselves is the information surrounding them. The leaked documents reportedly map hundreds of individual iPhone components to the companies that manufacture them, revealing details Apple has historically kept closely guarded. Such information could give competitors, counterfeiters, and even suppliers a clearer picture of Apple’s supply chain and sourcing strategy.

The files are believed to be part of a much larger breach claimed by the ransomware group World Leaks, which allegedly published more than 200,000 files stolen from Tata Electronics. Following the incident, Tata tightened access to sensitive internal systems, hired a global cybersecurity consultant to conduct a forensic investigation, and is working with Apple on additional security measures.

This is bigger than an iPhone leak

The funny thing is that the iPhone 18 Pro photos aren’t really the biggest story here. Apple product leaks happen every year. What’s far more unusual is seeing the company’s supply chain exposed in this level of detail. Apple spends years negotiating supplier relationships and deliberately avoids revealing who makes specific components inside its devices, making that information arguably more valuable than a picture of an unreleased phone.

The breach also comes at a sensitive time for Apple as it continues shifting more iPhone production from China to India, with Tata playing a central role in that strategy. Whether the leaked files ultimately prove authentic or not, the incident is a reminder that in today’s tech industry, protecting the supply chain can be just as important as protecting the product itself.

The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server.

NAIC is a U.S. insurance regulatory organization present in all 50 states. The organization identified on June 11 that its PeopleSoft system had been accessed by an unauthorized party and discovered that “an unauthorized third party gained access to a portion of our IT systems.”

ShinyHunters claimed the attack and leaked the stolen data after the organization refused to pay a ransom.

NAIC responded to the threat actor’s leak and addressed some of the claims. The organization says that the hackers accessed and, in some cases, stole already publicly available statutory financial reports, credit rating agency data, outdated logs, and configuration information.

According to NAIC, the investigation found no evidence of personally identifiable information (PII) or financial data having been exposed and directly disputed the threat actor’s earlier claims that they compromised critical insurance regulatory platforms like SERFF (System for Electronic Rate and Form Filing), OPTins (Online Premium Tax for Insurance), and SBS (State-Based Systems).

The incident had operational consequences, with credit rating agencies temporarily suspending data feeds and the NAIC pausing investment designation work, but there are significant discrepancies between the hackers’ claims and the organization’s findings.

In an announcement updated on June 25, ShinyHunters claims to hold 3.1 TB of data corresponding to 105,000 files stolen from NAIC’s systems:

• INSData and Vision servers
• 264,000 insurer regulatory filing PDFs between 2017 and 2024
• 2,000 customer/order/payment records
• 45,000 rating agency files
• AWS infrastructure configs
• Stored credentials for SERFF, OPTins, and UCAA production environments

The hackers also noted in the update that a previous summary of the stolen data was exaggerated due to using AI hallucinations when evaluating the files.

However, according to the threat actor, the latest published inventory was validated by a human reviewer and should be considered accurate.

NAIC stated that all affected systems have now been remediated and that they are implementing additional defenses to prevent future attacks.

ShinyHunter’s hacking spree using the zero-day (CVE-2026-35273) in the PeopleSoft enterprise system has allegedly impacted more than 100 organizations.

BleepingComputer reported about the threat actor’s zero-day attacks before Oracle disclosed the security issue publicly. Both cloud and on-premises Oracle PeopleSoft customer instances were targeted in breaches that left behind extortion demands signed by ShinyHunters.

The hackers told us that most of the targeted organizations were in the education sector and had been previously extorted by the threat actor.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

WhatsApp username reservations are now open globally. While you still need a phone number to create an account, usernames let you start conversations without sharing your phone number. 

Claiming yours would take less than a minute, but only when you go in with all the details. 

What should you know before reserving your username?

Your username must be between 3 and 35 characters and must comply with WhatsApp’s policies. Beyond those limits, you’re mostly free to choose what you like.

WhatsApp has already reserved certain handles for top celebrities, VIPs, and verified organizations, so those names are locked. 

If nothing clicks, WhatsApp’s built-in generator can suggest unique handles.

How do you actually reserve your username?

Go to Settings > Account > Username on the latest version of WhatsApp. Thereafter, you can enter your desired username, and the app will tell you whether it is available. The app will also give you suggestions regarding available usernames. 

As seen in the screenshot, you can also use your Instagram or Facebook username. 

Once you select one, it will be linked to your WhatsApp account and will appear when the feature goes live later this year. If the option isn’t visible, hang tight. WhatsApp is rolling this out region by region and will notify you in the app when it arrives in your country. 

When it does, anyone messaging you for the first time won’t see your phone number, as long as you’ve enabled your username. For extra protection, you can also set an optional username key that contacts will need in addition to your handle to message you.

If you change your mind later, WhatsApp will also let you change or remove your username. 

The importance of usernames

WhatsApp usernames follow a pattern set by Signal, which added phone-number-free contact discovery in 2024. Telegram has also had this feature for years. 

The addition addresses one of WhatsApp’s longest-standing privacy gaps. Sharing your contact information in the app has always required handing over your phone number, making it harder to maintain separation among personal, professional, and public connections.

Apple’s iOS 26.5.2 update adds a variety of fixes to keep your data safe while browsing the web. Here’s what you need to know and why you should update.

On Monday, just under a month after releasing iOS 26.5.1, Apple made iOS 26.5.2 available for download. The update contains more than 25 different security enhancements, and over 15 of them are related to WebKit.

Notably, Apple patched two WebKit vulnerabilities that used maliciously crafted web content to disclose sensitive information. One of the vulnerabilities, a cross-origin issue, was resolved with improved tracking of security origins, while the other security issue was addressed with validation improvements.

iOS 26.5.2 also prevents sensitive data from being leaked when an iOS user visits a webpage. Apple addressed a permissions issue with additional restrictions. Similarly, Apple has added enhanced checks to prevent malicious websites from processing restricted web content outside the sandbox.

Another now-patched WebKit Storage vulnerability let malicious websites silently hijack clipboard data, affecting the text users were copying and pasting. iOS 26.5.2 resolves this issue through improvements to state management.

Multiple now-resolved WebRTC and WebKit issues allowed maliciously crafted websites to cause unexpected Safari and process crashes, along with memory corruption. All of these vulnerabilities have been addressed with the iOS 26.5.2 update.

Additionally, Apple fixed three kernel-related issues. One of the vulnerabilities, which was addressed with improvements to input sanitization, let apps leak sensitive kernel states. The other two kernel-related issues let apps cause an unexpected system termination and let them write or corrupt kernel memory.

Overall, though, iOS 26.5.2 mostly includes WebKit-related fixes, which will undoubtedly make web browsing safer on an iPhone. Unlike other iOS releases, Monday’s software update doesn’t include fixes for vulnerabilities that were used in targeted attacks.

Even so, AppleInsider recommends installing the iOS 26.5.2 update to ensure your devices have the latest security enhancements. Unlike the iOS 27 developer betas, which may contain bugs, glitches, and performance issues, iOS 26.5.2 is an update that should be installed by all users.

OS PLATFORMS

Polished Mandriva descendant still makes room for PCs the 64-bit world has left behind

Mageia 10 marks 15 years since the distribution’s first release in June 2011. The project began the previous year as a fork of Mandriva, itself formerly known as Mandrake Linux. We last looked at Mageia alongside the other Mandrake descendants in 2022.

What sets Mageia apart from OpenMandriva Lx, PCLinuxOS, and Russia’s ROSA Linux is its continued support for 32-bit x86 PCs. Its GNOME and KDE Plasma live images are available only for x86-64, while the Xfce edition comes in both x86-64 and x86-32 versions.

There is also a “Classic Installer” ISO, which lets you choose your own desktop from nine different desktop environments, plus another 16 window managers, as detailed in the release notes. Both the standard GNOME session and GNOME Classic are available, while Liquidshell provides a lightweight alternative to KDE Plasma.

Mandrake Linux started out in 1998 as an easier version of Red Hat Linux using the new KDE desktop, which, at that time, Red Hat refused to incorporate due to concerns over the licence of KDE’s Qt toolkit. Nearly three decades later, Mageia remains an RPM-based distro. Version 10 offers two RPM package-management tools: Mageia’s urpmi command and DNF. urpmi also has its own graphical wrapper called Rpmdrake, but Fedora’s dnfdragora is an optional install. Since RHEL and the RHELatives, Fedora, SUSE and openSUSE all use RPM as well, packages of big-name apps such as Google Chrome are available – but Mageia is a different distro, whose common ancestry dates back more than 25 years, and packages for Fedora or openSUSE may not install or work correctly. It comes with Flatpak preinstalled, although no Flatpak applications are installed by default. As with other niche distros, Flatpak may help when you can’t find a native package of something. For those with the 32-bit edition, though, we suspect that few Flatpaks support that architecture.

Mageia 10 is a polished, friendly graphical Linux, built from recent components such as kernel 6.18. True, it does feel a little old-fashioned in some ways: for instance, it uses separate root and user accounts – although sudo is installed, it’s not configured for use. However, it’s a solid choice if you want to get away from the Debian/Fedora mainstream – and if you have a capable 32-bit machine, like a Windows 10 32-bit box, or some other need to run a 32-bit OS such as specific hardware support, then this is one of the best choices around today.

The Welcome screen is rich and very helpful, offering the ability to install extra apps, switch repositories, and more. Alongside it is the Mageia Control Center, which can manage most aspects of the OS without going near a command line. The distro is also well documented, with a substantial Mageia wiki.

It does use systemd, but, even so, it’s relatively lightweight. In our testing on a 32-bit VirtualBox VM, the Xfce edition used just 633 MB of RAM at idle, which is low by modern standards, and 7.8 GB of disk space. If you choose the KDE Plasma desktop, you get Plasma 6.5.5 with a choice of X11 or Wayland. The installation occupies about the same amount of disk space, although the RAM usage rises sharply: about 1.7 GB at idle. Xfce has an unusual GNOME 2-style two-panel setup, while the Plasma layout is clean and simple. We installed the Liquidshell desktop to have a look, but it’s very basic and rather clunky. 

Mageia forked from Mandriva in 2011, before the company closed down, while OpenMandriva did so afterwards. They are still quite similar distributions, though, and we really wish that the two teams could settle their differences and merge the distros. Either way, Mageia’s 32-bit edition is an increasingly rare offering in an increasingly 64-bit world, which might win it some new admirers. ®

Waymo robotaxis are no longer available on Uber’s ride-hail app in Phoenix, Arizona, ending a nearly three-year partnership in the city, both companies confirmed to TechCrunch on Monday.

Uber said it is readying the launch of a separate autonomous vehicle partnership in the city, but did not name the partner. Waymo told TechCrunch that the vehicles Uber used for this “pilot” program have already been integrated into its own Phoenix fleet, available through its app. Waymo users started noticing that the company’s vehicles were absent from Uber’s network in recent days. Waymo’s vehicles are still available on Uber in Austin and Atlanta, for instance.

The quiet end to this partnership in Phoenix, which Waymo said happened in May, comes as the Alphabet-owned company is starting to put its newest robotaxis — the Zeekr-made van it calls Ojai — on the road. It’s also happening as the Uber-Waymo relationship appears to be wearing in some places, with the two companies poised to directly compete against each other in London as early as this year.

Still, both companies praised the collaboration in Phoenix as a successful jumping-off point for their respective robotaxi plans, which have gotten increasingly ambitious since 2023.

“This was a productive pilot that paved the way for future expansions and partnerships across the globe. After hundreds of thousands of trips with Uber, we have integrated these vehicles back into our Phoenix fleet, where they will continue to serve riders through Waymo, including our public transit integration with Via, and delivery with DoorDash,” Waymo told TechCrunch. “We’re grateful to all of the Uber customers who took fully autonomous trips with us, and we look forward to continuing to serve the Phoenix community.”

“Phoenix was our first pilot market with Waymo and was an intentionally limited deployment, reaching just over a dozen vehicles dedicated to the program. We learned a lot from that collaboration, which helped us to quickly scale Austin and Atlanta, where hundreds of Waymo AVs are available exclusively on Uber and our coverage area continues to expand,” Uber said.

The robotaxi landscape looks much different than it did when these two companies kicked off this collaboration in 2023. Back when it was first announced, the idea of Uber and Waymo partnering up still seemed unlikely given their messy legal battle that ended in a settlement in 2018. Robotaxis as a technology were in a far more uncertain place, as no operator had reached scale yet. Cruise was still seen as a viable competitor, as it had not yet gone through its own scandal and been absorbed into General Motors.

In the three years since, Waymo has grown its fleet to around 4,000 vehicles, and Uber has inked deals to add dozens of autonomous vehicle partners to its network.

This Phoenix partnership remained an unusual one, as it was the only city where Waymo operated directly and through Uber. Waymo is in the process of launching in around 20 new cities this year, is operating in 11 major U.S. metro areas, and the company offers more than 500,000 trips every week.