Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
We may receive a commission on purchases made from links.
Hiring a professional to do work around the house is convenient, but it can get expensive. Thus, the DIY option may seem enticing. Some jobs are more daunting than others, though, and one of the more challenging is likely fixing up the roof — not just because it requires you to climb. After all, the last thing you want is to damage the roof or make things worse, so stocking up on the correct tools for the job is the first big hurdle to conquer.
Smaller repairs generally won’t require large or expensive tools. For the most part, you’ll only need tools to remove worn or damaged parts and install their replacements. If you need to do anything more than that, it’s probably better to leave the repairs to professionals. Structural repairs aren’t for novices, and given how essential a functioning roof is, it’s fair to say extensive roof repairs are among the DIY projects you should never try to do yourself.
With that said, there’s no shame in learning something new and making some minor fixes to your roof. These are some essential tools you’ll want for DIY roof repairs.
No matter what the task at hand is, if you need to get on the roof, you’ll need a good ladder. An extension ladder is generally the way to go for roof repair, as it leans and stabilizes itself against the gutter. Step ladders, while must-own home improvement gadgets, are likely to wobble and tip, becoming a life-threatening hazard in short order. Besides, an extension ladder is a sound investment even if you don’t plan to make a habit of repairing rooftops. The height and stability they offer can help with everything from repairing upstairs windows to trimming tree branches.
When shopping for an extension ladder, there are a few things to consider. You’ll, of course, want one tall enough to reach your roof. The material is key, too; if you want to stay safe and avoid any potential issues with power lines, a ladder made from non-conductive fiberglass is the way to go. Unfortunately, sturdy fiberglass extension ladders do get expensive: A Werner 16-foot Fiberglass Extension Ladder costs $300, for example. But the combination of safety, functionality, and versatility they offer makes it a small price to pay.
If you need to repair or patch a roof that’s falling apart, you’ll need to remove the damaged material first. You may be able to remove loose shingles by hand, but a quality pry bar will make the whole process much easier. A good one will also help tremendously when removing old roofing nails and be useful for a host of other DIY tasks as well, making it a versatile buy. Fortunately, this isn’t a complicated tool, nor will it break the bank.
There’s no shortage of pry bars on the market, and most quality ones aren’t all that expensive. For example, the Stanley Wonder Bar II retails for just $4.99 at Home Depot, while the Milwaukee 15-inch Pry Bar is pricier but still affordable at $16.97. If you want to spend a bit more, though, there are designated shingle removal tools to consider. These operate similarly to traditional pry bars but are specifically designed to get below roof shingles and lift them. Examples of this include the $53.30 Guardian Fall Protection 54-inch shingle remover and the $24.98 24-inch Husky Mini shingle roof shovel.
Once you’ve removed the old shingles and nails, it’s time to install replacements. A good roofing nailer is an option, but you could also consider a roofing hammer instead, especially for small-scale work. Not only can you use them to drive in and remove roof nails, but they can also cut shingles and underlayment material down to size, eliminating the need for another tool.
Naturally, there’s an argument that a roofing nailer is the superior tool. While these power tools are quicker and more effective at nailing material into rooftops, though, they have downsides for the DIYer that make them a potentially inferior choice. The main issue is that they’re bulkier tools that may be hard to use, especially for the inexperienced. You’ll also need supporting equipment, such as an air compressor or a battery and chargers, making them an even bigger investment and more cumbersome to set up. On top of all of this, they’re more expensive on their own. Nailers rarely dip below $100, with most models costing multiple hundreds of dollars. Meanwhile, roofing hammers like the Crescent 28-ounce Steel Shingler Hammer can be had for under $40.
Shingles are great for keeping the weather out, but there are times when you’ll need to use sealant as well, be it for waterproofing or filling cracks. That’s where a caulk gun can come in handy. There are several major electric caulk gun brands out there, which are great choices if you’ve already bought into their battery systems and expect to use such a tool regularly. However, they might be overkill for those who only plan to use them occasionally — and, crucially, don’t want to spend a ton of money. In that case, a manual caulk gun is a cheap yet effective alternative. There’s an Anvil caulk gun for $5.98 at Home Depot or the $4.99 Project Source caulking gun at Harbor Freight, for example.
Caul guns can come in handy for other home DIY projects, too. These tools are excellent for sealing cracks around window frames, waterproofing bathtubs and showers, repairing concrete, and more. If you’re going down this route, you may be able to justify the higher price of an electric model. These can start as low as the $40 20-volt Bauer caulk gun from Harbor Freight and go up to the Milwaukee M18 electric caulk gun, which retails for $299.00 at Home Depot.
The first step in selecting these tools was determining the scope of DIY roofing work itself. We defined the limits of such work as anything outside of full-on roof replacement and structural repair — both of which demand extensive roofing knowledge and a serious arsenal of high-end tools. All of this helped narrow the field, but this was only the start, and more filtering was needed to come up with the final list.
From here, we settled on a few key criteria that tools had to fit. We wanted to focus on tools that the average DIY-capable homeowner could use; thus, they had to be easy to use, safe, or both. We also decided to focus on reasonably affordable tools, since the goal was to have a selection of somewhat entry-level suggestions for roofing newcomers. Similarly, we made sure to choose tools that could be used for other DIY jobs beyond roofing. This way, a potential buyer can get more use from their tools.
Virtualization
As VMware itself warns of critical flaw in its load balancer
Google Cloud has admitted it made a configuration change that means some customers of its VMware Engine (GCVE) can’t use stretched cluster.
A G-Cloud incident report time-stamped 13:24 PDT on July 14 (21:24 UTC) reports some customers “are experiencing zonal outages impacting network connectivity across multiple regions” and that the trouble started at 10:00 PDT.
Google first attributed the problem to “an underlying network connectivity issue affecting the infrastructure that links the zones within a stretch cluster,” and warned “This disruption is causing synchronization issues between the affected zones.”
Storage and compute services weren’t impacted, and VMs kept running. Users just couldn’t reach their virtual servers.
That’s bad because the whole point of stretched clusters is to enhance resilience by creating a virtual pool of resources that spans two physical sites, while keeping the two rigs in synch to enable rapid failover without disruption.
Google’s next update offered “underlying inter-zone communication failures and Border Gateway Protocol (BGP) session flapping between cluster zones” as the reason for the mess, adding “Specifically, network connectivity has been lost between the affected zones and the witness appliance. Because the witness appliance is currently unreachable, the cluster zones are unable to safely synchronize state.”
At 16:05 PDT Google ‘fessed up.
“Our investigation has identified a recent configuration update that is the likely cause of the inter-zone network disruption,” the web giant admitted. “Teams are working on remediation.”
Google hasn’t said when it will set things right, so customers in the impacted regions – australia-southeast1, australia-southeast2, europe-west3, and northamerica-northeast2 – must wait to learn when they’ll once again enjoy the resilience they pay for.
Other VMware customers may not want to wait because the Broadcom business unit on Tuesday warned of seven flaws in its VMware Avi Load Balancer. One of them, CVE-2026-47865, is an authentication bypass vulnerability that earned a CVSS score of 9.8.
The product’s name is a little misleading, as it’s actually a full Application Delivery Controller that includes load balancing and a Web Application Firewall
VMware hasn’t said much about the flaw other than warning “A malicious user with network access may be able to access the Avi Control plane by bypassing the authentication mechanism.” The tool works with VMware’s Cloud Foundation bundle, Kubernetes Service, and can connect resources in public clouds. Unauthorized access is therefore distinctly undesirable.
The five remaining CVEs are also significant, with CVSS ratings ranging from 8.8 to 7.1. Broadcom has fixed the flaws in recent updates to the product. ®
This article is brought to you by X Square Robot.
Large language models gave artificial intelligence a working recipe. Pretrain a large model on broad data, and general capability follows. Robotics has no such recipe. Robotics systems have long been assembled from separate perception, planning, and control parts that rarely add up to intelligence a robot can carry from one task to another, or one machine to another. The central problem in embodied AI is to find the equivalent recipe, and the field does not yet agree on what it is.
X Square Robot, a Chinese embodied-AI company, has made an unusually explicit bet. It argues that the recipe is an integrated stack, spanning the data a robot learns from, a world model for predicting changes in the physical world, and an action model that brings together perception, planning, reasoning, and decision-making to generate executable robot behavior. The company also believes that the stack should be built and released in the open.
X Square Robot shares its vision of bringing robots into real homes.X Square Robot
What holds the stack together is a small set of principles rather than a single overarching model.
These principles make the layers interdependent, since the same robot-free data that trains the action model is also structured to feed the world model. It is worth being precise, though. The company describes the world model and the action model as complementary but independent model families that share a code base. Both sit within its broader World Unified Model, which it has presented as an architecture for training vision, language, action, and physical prediction together.
For the X Square Robot team, one of the biggest constraints on general-purpose robots is the cost and quality of interaction data, not the number of parameters. To address that, the company built its Universal Manipulation Interface (UMI) data collection system, QUANXTA Zero Series. It works by collecting demonstrations from people wearing a rig with dual grippers rather than teleoperating a robot. This approach is not itself new, and builds on established methods for robot-free data capture. What sets it apart are two engineering choices.
The first is quality control, and it is the most distinctive part. Rather than accepting recorded trajectories as they are, the system runs a closed inspection loop, and its notable step is physical playback. A sample of trajectories is replayed on the real robot, and only those that actually complete the task count as valid. That makes the validity rate a measured quantity rather than an assumption. For example, a gripper that closes a fraction of a second too early still looks like a grasp in the data, yet it has pushed the object away, so it shouldn’t be classified as valid. A smaller clean dataset can be worth more than a larger noisy one.
The second choice is how lower-cost human data and scarce robot data are combined. The company pretrains on a large volume of robot-free demonstrations to build general representations, then adds a small amount of real-robot data as an anchor to the specific machine’s dynamics. It reports that this reaches performance comparable to an all-robot dataset at roughly a 20-fold lower cost of collection, driven mainly by how much cheaper the wearable rig is than a teleoperation setup.
The resulting dataset is deliberately model-agnostic, formatted to feed both action models and world models. The caveat is that the strongest results are measured on the company’s own robots and data-collection pipelines. Broader independent testing will help confirm and extend these promising results across a wider range of settings.
In developing its world model, called WALL-WM, X Square Robot took a differentiated approach. Most action models predict a fixed-length chunk of motion from the current image and instruction. That is convenient, but it segments behavior into fixed-duration windows, so the boundaries fall where elapsed time dictates rather than where one action ends and the next begins. WALL-WM instead treats an action-grounded semantic event as its unit: a coherent piece of behavior such as reaching, grasping, or placing, something that can be named in language, seen in video, and executed as motion.
WALL-WM’s design reflects a specific concern about not discarding what large video models already know. To achieve that, a text-to-video model is coupled to a freshly initialized action network that reads from the video features without overwriting them, which preserves the visual prior. From that one process, it offers two modes. An event mode runs in variable-length segments and suits reasoning over long horizons, while a fixed-length mode produces the steady, real-time output a controller needs. That places WALL-WM between mainstream chunk-based action models and pure video world models, keeping the predictive character of a world model while still yielding executable control.
In a series of experiments, the company relied on a generalization test that is more specific than most. A model trained on a limited dataset was evaluated on long-horizon tasks in unseen settings and, on the company’s real-robot benchmark, reportedly outscored baselines that had been fine-tuned on related data. That is a meaningful result if it holds. For now, it is measured on the company’s own benchmark. With the code now being released, the broader community will have the opportunity to test, reproduce, and build on them across more settings.
The action layer carries two connected ideas. The first is a requirement the company sets for itself with Wall-OSS-0.5, its vision-language-action model: The pretrained model should run on a real robot before any task-specific fine-tuning.
The interest is less in the scores than in the design behind them. The model trains three objectives together, namely discrete action tokens, language grounding, and continuous action generation. And it keeps gradients flowing through all of them rather than freezing parts of the network as some rival designs do. It’s also a more strict method, since it reports untuned behavior such as approaching, grasping, and recovering, including on a deformable task held out of training.
The second idea is the action interface itself, called X-Tokenizer. Most systems that turn continuous motion into discrete tokens produce codes that the language model cannot interpret. X-Tokenizer reframes tokenization as learning a semantic interface, so that the top-level code stands for the intent of a motion while lower-level codes carry finer detail, all aligned with the language model’s own features.
A useful consequence is stability. Adding noise to an action barely moves the intent code, which is what lets one tokenizer to be reused across robots without re-tuning. The tokenizer inside the production action model is a related variant of this approach. Together, the two ideas give the action layer something rather powerful: capability that transfers.
X Square Robot is betting that its unique approach combining three layers, each specialized in solving a key part of the problem, will stand out from other embodied AI stacks. The physical-playback step that grounds data quality is uncommon and sensible. The reframing of world modeling around events, with one backbone serving both reasoning and control, is a genuinely distinct approach. And the pairing of a deployable pretraining standard with a tokenizer designed as a semantic interface gives the action layer unusual coherence.
X Square Robot’s valuation has climbed above 20 billion yuan (about US $2.9 billion), suggesting that investors increasingly view data infrastructure, foundation models, and scalable training systems as long-term differentiators in embodied AI.
The next phase will bring broader validation. Much of the current evidence comes from X Square’s own robots and benchmarks. With the world model code now being made public, and as the community begins to test, reproduce, and build on the work, the reported capabilities will be tested across more robots, tasks, and settings.
X Square Robot’s recent funding rounds reflect similar confidence. The company’s valuation has climbed above 20 billion yuan (about US $2.9 billion), suggesting that investors increasingly view data infrastructure, foundation models, and scalable training systems as long-term differentiators in embodied AI.
To learn more about its future plans, the following Q&A with the X Square Robot team further explores the company’s technology, strategy, and vision.
What made now the right moment, technically, to commit to this stack? What recently became possible that wasn’t possible a couple of years ago?
It is not one breakthrough but several trends maturing together. Foundation models gave us a shared representation across vision, language, and action, so we can model what a robot sees, what it is asked to do, and how its actions change the world in one framework, rather than as separate perception, planning, and control modules.
Compute and infrastructure are finally sufficient for large-scale pretraining over long-horizon, multi-embodiment data. Just as importantly, we realized that data, not model size, is the real bottleneck for general robots—what is scarce is diverse, high-quality, reproducible interaction data. And world modeling has become practical. The useful question is no longer how to predict a few seconds of video, but how to understand the ways actions change objects, contacts, and task states. Two years ago these ingredients existed separately. Today they are mature enough to work as one system.
“We realized that data, not model size, is the real bottleneck for general robots—what is scarce is diverse, high-quality, reproducible interaction data. And world modeling has become practical.”
Your data system captures demonstrations with a wearable VR rig and custom grippers rather than teleoperating robots. What was wrong with standard teleoperation?
Teleoperation is built around controlling the robot. It forces the operator to work within the machine’s kinematics, latency, and viewpoint, and the resulting demonstrations are slower, stiffer, and less diverse. We built our system around capturing human skill instead. Manipulation is really about contact, timing, finger coordination, and recovery, not just the path the hand takes, and a wearable rig records those before the behavior is compressed onto one particular robot. It also breaks teleoperation’s expensive scaling law, in which every demonstration needs a robot.
People can generate rich data independently of any robot, and the crucial property is that those demonstrations can still be replayed and executed on a physical robot through the model. Mobility is convenient, but that replay is the real point, because it is what lets the same data be reused across different platforms.
In X Square Robot’s approach, demonstrations can be replayed and executed on a physical robot through the AI model, allowing the same data to be reused across different platforms.X Square Robot
X Square Robot reports that its pipeline has roughly an 85 percent data-validity rate. Why is quality control such an underrated bottleneck?
Because errors in robot data are far more expensive than in language data. A small timing or contact error can change what a demonstration means. If a gripper closes a fraction of a second too early, the motion still looks like a grasp, but physically it has pushed the object away. A dataset that mixes failures and accidental successes teaches ambiguity, not skill, because the real unit is the interaction, not the trajectory.
So we run automated inspection, kinematic checks, and physical replay, where we play a sample of trajectories back on the real robot and count only the ones that actually complete the task. Data quality sets the ceiling on how good a policy can be. In our experience a smaller, cleaner dataset often beats a much larger, noisier one, which is why we treat quality control as part of the model, not a preprocessing afterthought.
The model runs in both “event mode” and “chunk mode.” When does each matter?
Both matter, for different reasons. The physical world changes through events—when contact occurs, a grasp forms, or an object slips—not in fixed-frame windows. Event mode concentrates the model’s attention on those moments, and it matters most for long-horizon tasks, like clearing a table, where progress is a sequence of semantic events rather than a smooth stream. It runs in variable-length segments that follow the task rather than a clock. Chunk mode matters for deployment. Real controllers need a stable, real-time interface, and fixed-length chunks integrate cleanly with existing control systems.
We organize learning around events in the first place because a fixed window can split one motion in half or merge two together, which turns training into short-horizon pattern matching and weakens the model on long tasks. So the world model’s job is to connect event-level understanding, which is where the reasoning happens, with a fixed-length output a real robot can actually run.
Why make “deployable before fine-tuning” the criterion?
Pretraining should produce capability, not just a good starting point. If a model is only useful after heavy fine-tuning, then most of the intelligence still lives in the downstream supervision, not in the foundation model. Deployable before fine-tuning is a more honest test of what pretraining actually learned. A well-pretrained robot should already know how to approach, grasp, move, avoid obstacles, and correct itself. Fine-tuning should adapt it to a specific task or robot, not create the ability from nothing. It is also a practical requirement. A robot in a home or a workplace shouldn’t need a brand-new dataset and a new policy every time the task changes, so a foundation model that already carries general skill, and some ability to recover, is the minimum bar for something genuinely useful in the real world.
What is the most challenging part of cross-embodiment learning?
Robots differ in control frequency, delay, compliance, sensing precision, and contact dynamics, so the same instruction can require different action decompositions and recovery strategies, and a behavior that works on one arm cannot simply be copied to another. Cross-embodiment learning needs an intermediate abstraction, lower than language but higher than joint angles: how you approach an object, how you make contact, how you apply force, and how you recover from a mistake.
When we say cross-embodiment, the main capability we mean is multi-embodiment generalization: transferring across robots, training on many embodiments at once, and adapting to different kinematics. Human-to-robot transfer and other techniques are specific approaches to that goal.
“A robot in a home or workplace shouldn’t need a new dataset and policy every time the task changes. A useful foundation model should already carry general skills and the ability to recover.”
What would you most like to see other researchers attempt to reproduce or stress-test?
Three things, above all. Whether event-level representations really generalize beyond our own datasets, across more tasks, scenes, objects, embodiments, and failure conditions. Whether pretraining stays effective on robots the model never saw during training, or whether its capability is still too tightly coupled to what it has already seen. And whether real-robot evaluation can become a shared language for the field, so that we compare not just success rates but the reasons systems fail, where an instruction was misread, where perception broke down, or where recovery fell short. Robotics has been driven too often by impressive demonstrations, and real progress comes from results that are reproducible and diagnosable.
What capability is still missing before robots become dependable in homes?
Benchmarks measure competence, like whether a model can finish a task. Homes demand reliability, safe and consistent operation over time in a place that changes every day, with objects moving, instructions that are vague, and people interrupting. The missing piece is not a higher one-time success rate: it is robust recovery. A dependable home robot has to know when it is uncertain, when to slow down, when to ask for help, and how to bring the world back to a safe state after it drops something or misunderstands a request.
In a real home, failure recovery matters more than raw success, because the home does not reset itself. Homes also demand careful personalization, learning a household’s routines and preferences over time, with safety and trust as first principles. That combination, not any single skill, separates a capable demonstration from a robot people can live with.
X Square Robot’s approach is that, in a real home, failure recovery matters more than raw success, because the home does not reset itself and it demands careful personalization, with safety and trust as first principles. X Square Robot
How do the open-source components fit into X Square Robot’s World Unified Model direction?
We see these releases as layers of the World Unified Model direction rather than isolated projects. Wall-OSS-0.5, the action model, asks whether an open vision-language-action model can gain directly measurable capability from large-scale pretraining, so it is the capability layer. WALL-WM, the world model, asks how a robot should understand change in the world, shifting from fixed windows to event-level modeling, so it is the representation layer. The data system supplies the interaction data that both of them learn from.
Together they form a loop in which models produce capability, world models organize understanding, and the open-source community drives reproduction and improvement. World Unified Model is the broader architecture those layers support, bringing vision, language, action, and physical prediction together.
We are releasing these pieces openly because embodied intelligence cannot be solved by one organization; it needs many embodiments, many real tasks, and broad feedback, and the long-term goal is a stack that keeps learning and ultimately moves robots from laboratory demonstrations toward reliable everyday use.
Sarah Connor warned us: Multiple reports are routinely confirming that the alleged “AI revolution” is not going the way Big Tech and VC investors would like it to. SoftBank’s founder and largest shareholder, however, still believes the revolution will come to pass. AI skeptics, in his view, are simply on the wrong side of history. Or are they?
Masayoshi Son is hell-bent on bringing AI to the masses, and he’s ready to spend the enormous sums required to reach this historic goal. Speaking at SoftBank’s annual corporate conference in Tokyo, the outspoken founder shared a few numbers about that spending, though he chose not to elaborate on exactly where the money would come from.
Son believes developing and deploying AI for the wider society will cost $5 trillion a year through 2040. He said he’s “confident” that figure reflects the true cost of the AI revolution. His reasoning: if AI-related revenue eventually accounts for 20% of global GDP by 2040, spending $5 trillion, or roughly 800 trillion yen, a year to get there will ultimately amount to a rounding error.
In recent years, Son has emerged as one of the most enthusiastic proponents of generative AI, chatbots, and other LLM-related technologies. SoftBank has invested heavily in OpenAI and several other AI-related unicorns, and Son has previously predicted that the first true artificial general intelligence (AGI) will arrive by 2030.

Given all that, Son doesn’t want to hear anything about an AI bubble. Asking about one, he says, is an absurd proposition, and people who raise the question, in his words, simply don’t understand what AI is about. SoftBank has made a few prescient bets on tech unicorns in the past, providing early investment to Chinese giant Alibaba and bringing the iPhone to the Japanese market.
However, the conglomerate has also made some costly mistakes. WeWork, the office sharing company SoftBank valued at $47 billion in 2019, ultimately filed for bankruptcy a few years later.
The AI revolution could hand the Japanese conglomerate and its “boss” another massive stream of profits, a second Alibaba, but with exponentially bigger margins. Or it could turn into an exponentially larger dot-com bubble, one that burns large parts of the financial world, Wall Street included.

According to Deutsche Bank analysts, the AI boom may currently be the only thing keeping the US economy out of a recession. Separately, several surveys suggest many CEOs privately believe an AI bubble does exist, yet remain in full FOMO mode, planning to keep investing regardless. Meanwhile, nearly half of the data center projects planned for 2026 in the US aren’t likely to come online on schedule, and rising geopolitical tensions in the Middle East add another layer of uncertainty.
And yet, Son appears unfazed. SoftBank’s CEO predicts AI data centers will need 3 terawatts of power generation by 2040, nearly double the total power consumed worldwide today.
To meet that demand, Son said gas will serve as the primary power source in the near term, with nuclear fusion, not traditional nuclear plants, eventually taking over as the cheaper, cleaner alternative. Asked whether space based solar power, as championed by Elon Musk, could be the answer instead, Son said both could play a role, but that fusion on Earth would ultimately be the more practical option.
Within the next decade and a half, Son believes, AI agents will be the ones calling the shots, as many as 100 trillion of them by 2040. “We will go from a human-centric world to an agent-centric world. The age when humans are the highest life form on Earth will end. For better or for worse, it will happen, and it can’t be stopped,” Son said.
A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware.
The campaign drew traffic from search results for security products, cryptocurrency services, financial tools, developer utilities, secure email providers, macOS utilities, and gaming software.
The malware collects data from more than 19 web browsers, steals info from 32 cryptocurrency wallets, and exfiltrates sensitive details from messaging and social media apps.
Cybersecurity company ArcticWolf identified the activity after finding that one of its products was impersonated in the campaign starting June 26.
In total, the researchers uncovered 292 fake repositories, each including a README file with a download link directing visitors to a malicious download page.

The landing pages feature wording and branding designed to inspire trust, such as a button named “Download Secure Content” and spoofed trust badges.
Analyzing the code for the delivery page, the researchers noticed that it relies on “a single templated HTML/JS artifact reused across all impersonated brands.”
” Its client-side script parses the URL path into two segments – path[0] as a user_code (the “rotating” path token, e.g., yyvxx9rswefr, which tracks the referring repository/redirector), and path[1] as the referrer domain (e.g., Arctic-Wolf[.]github.io),” Arctic Wolf says.
Visible branding is derived from a second segment when it is rendered, by replacing the hyphens with spaces and applying the proper title cases.

According to the researchers, the page delivers a large ZIP archive, whose name and payload is changed roughly every minute. Inside the archive is a trojanized libcurl.dll and a legitimate, signed WinGUP updater that gets a different name based on the impersonated product.
“When the user runs the executable, gup.exe side-loads libcurl.dll, which decodes and reflectively executes an embedded infostealer entirely in memory.”
The information stealer appears to be a variant of the BoryptGrab family, targeting the following data from infected systems:
The researchers note that this variant of BoryptGrab exhibits a previously undocumented capability to bypass Chrome’s App-Bound Encryption through direct code injection into the browser process.
The stolen data is compressed before being sent to a Russia-based command-and-control (C2) server.

Arctic Wolf reports that the malware does not establish persistence on the host and is instead designed to collect as much data as possible in a single execution.
Similarly, there’s no anti-analysis layer at all, and the temporary directory where the collected data is stored during exfiltration staging isn’t wiped, leaving forensic evidence behind.
At the time of Arctic Wolf’s report, GitHub had removed a large portion of the malicious repositories, though the researchers report that several dozen GitHub Pages redirectors still remained active.
The researchers couldn’t attribute the campaign to a specific threat actor, though they assess that the operator is likely Russian-speaking and financially motivated.
Arctic Wolf concludes that the success of the campaign depends entirely on users trusting “free downloads” of premium software tools and recommends caution when interacting with unofficial GitHub pages.
The researchers shared a Yara rule for detecting this activity along with indicators of compromise (IoCs) associated with BoryptGrab.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Over the years, phone-makers have shown off handsets that stretch, bend and fold. But inside a secret room at Samsung Display’s headquarters in South Korea — one that had never before been opened up to the press — I got a firsthand look at the company’s vision for the future of smartphones.
Along one wall sat a lineup of concept displays that could eventually make their way into future mobile devices. I wasn’t allowed to touch the prototypes, but they were mounted on machines that repeatedly bent, folded and rolled the displays, showing off their range of motion.
Watch this: I Went Inside Samsung’s Secret Display Lab and Saw Its Wildest Phone Concepts
Consumer tech shows such as CES and Mobile World Congress have become stages for companies to exhibit their most ambitious innovations — many of which never see the light of day. Still, they show how manufacturers are exploring ways to make our devices more intuitive and compelling. Samsung is one of the biggest players in the foldable phones market, having released the clamshell-style Flip, book-style Fold and even the phone-tablet hybrid Galaxy Z TriFold. The company’s expected to unveil the Galaxy Z 8 series next week at its Galaxy Unpacked event.
During my visit to Samsung’s global headquarters in June, I got a rare behind-the-scenes look at how the company tests its latest mobile displays, along with an exclusive preview of what may be coming next. Samsung didn’t share specs for its concept displays, but here’s what I saw during my tour — and what it could mean for your future phone.
The Flex S folds into a Z shape.
One concept, called the Flex S, opens and closes in a Z shape (not to be confused with the Galaxy Z TriFold, which forms a C shape and folds shut like a pamphlet). The Flex S opens up to a tablet-sized display, which could be ideal for watching movies. That’s what I appreciated about the TriFold, which I happened to review while recovering from strep throat. Lying in bed, I enjoyed having a larger screen for streaming that I could simply fold shut when I was finished.
See also: From Extreme Heat to Half a Million Folds: A Rare Look Inside Samsung’s Display Lab
The Out Foldable has screens on the outside of both panels.
Another prototype, called the Out Foldable, is like a reverse book-style foldable. Instead of placing the larger display on the inside, as Samsung does with the Galaxy Z Fold 7, the design puts both screens on the exterior and unfolds into a wider, mini-tablet-like layout, similar to some early foldables such as the 2019 Huawei Mate X.
This is a configuration I’m a little more wary of for a couple of reasons. One, it might be hard to avoid scratching or cracking the wrap-around external display. And two, I’m not sure I really need a touchscreen display on the back of my phone. But I have to admit, it looks pretty cool nonetheless.
The Flex Slidable (right) can expand horizontally.
The Flex Slidable does as the name suggests. It can roll out to a wider display, which could be helpful for gaming or watching videos.
My first thought when I saw this concept was, “LG is rolling in its grave right now.” (Pun intended.) The company teased a rollable smartphone at CES 2021, but the product was canceled after the company shuttered its mobile division just a few months later. In 2023, Motorola also unveiled a rollable smartphone concept with a screen that extends upwards, and its parent company, Lenovo, showcased laptop concepts at this year’s CES that extend both horizontally and vertically. We’ll have to see if Samsung’s ideas make it out of the lab.
The Flex Hybrid can fold and roll open to a wider screen.
Lastly, Samsung combined elements from its other concepts to create what it’s dubbed the Flex Hybrid. This model can fold open and also expand with a rollable display. This makes for a more compact design while ensuring you don’t damage the screen.
A foldable device with a rollable component provides extra screen real estate without adding as much bulk. One of the biggest drawbacks of the Galaxy Z TriFold is that it feels thick when its three display panels are folded shut. This approach could eliminate the need for an additional foldable panel, instead using a display that rolls out when you need more space and tucks away when you don’t.
Next to these concepts were a couple more that caught my eye — quite literally, in the case of one device that had a dazzling 5,000-nit peak brightness. For reference, the Galaxy S26 Ultra can hit a peak brightness of 2,600 nits. It was a lot to look at indoors, but that level of luminance could make it easier to peer at your screen in bright sunlight.
Looking at a 5,000-nit display indoors might not be very comfortable, but it can come in handy in the bright outdoors.
And finally, I saw a prototype mobile display with bezels so thin they were almost invisible. To highlight just how narrow the 0.6mm borders around the screen were, Samsung placed the phone-sized concept device on top of a tablet display. The two screens combined to form a single image of colorful cathedral windows. From a distance, it was hard to tell there was even a phone in the middle of the tablet; the image appeared seamless, uninterrupted by a phone’s thick borders.
With bezels this thin, it’s hard to tell there’s a mobile display nestled in the center of this tablet.
An expansive display stretching from one end of the phone to another can feel more immersive, but I also wonder how tricky it might be to hold the device without accidentally tapping something on the screen.
As with all concepts, it’s not clear if or when Samsung will work these display technologies into its future mobile devices. But seeing these concepts offered a rare and fascinating glimpse into where smartphones could be headed.
In the previous installment on UDP broadcasting and service discovery, the basics of both were explored, including an implementation in the form of NyanSD and its protocol. Contained in the comment section was a very good demonstration of why one of the most exciting aspects of software development is the opportunity to share your latest creations with other people. This being the ability to get solid feedback on all the points – including any potential boneheaded omissions – that you really should address, whether intentional or accidental.
The most pertinent point raised was definitely that of broadcast addresses and IPv4 subnets, with the latter topic especially being something that the sysadmins at the office would talk about all the time, but which us software developers were always happy to ignore as something that didn’t concern us. Turns out the joke was on me and everyone else – like our esteemed readers – who thought that they could escape the fascinating world of subnets, as today we’ll take an in-depth look at what subnets are and how they are relevant to the world of UDP network discovery.
I somewhat alluded in the first article to the topic of ‘which broadcast address to use’ as being somewhat of a rough topic to figure out, which is clearly why I just stuck to a blatantly ‘works for me’ /24 subnet that usually will work on networks, until it does not.

The short version of ‘what is a subnet’ is to point at the subnet mask that we have been mostly mindlessly mashing into networking configuration dialogs along with the IPv4 address for many decades now. Usually this takes the form of 255.255.255.0, which is just the human-readable version of the actual bitmask. Here the loopback interface already tends to use 255.0.0.0 as its netmask, which is a detail that tends to be easy to gloss over as this is just one of those local OS things.
Putting netmasks in the crudest and simplest terms, they are a bitmask that is used to identify how an IPv4 pool of addresses is split up by defining which bits of the 32-bit IPv4 address identify a subnet. Normally we call the trailing part of an IPv4 address (the .123) the host identifier, with the preceding section the network identifier.
By masking part of this host ID and using it to create a subnet identifier, we can then use this for additional routing, just at the cost of a reduced number of possible host IDs within that subnet.
As an example, the common 255.255.255.0 mask identifies the first 24 bits (3 bytes) of the 32-bit (4-byte) IPv4 address, hence the mask being referred to as /24. With this mask, the remaining host ID bits allow for 256 hosts, of which two are not used for hosts: the first (e.g. 192.168.0.0) and last (e.g. 192.168.0.255) in the range. The last host ID in the range forms the broadcast address for that subnet.
This is why, for a /24 subnet, you can generally get away with just slapping a .255 on the end of an interface’s address, but also why for other subnet configurations it’s likely to explode violently.
To get briefly back to the loopback’s /8 style netmask, this means a single subnet with a maximum of 16,777,214 hosts, which ought to be sufficient for local system networking shenanigans. Its opposite extreme would be the /31 style netmask, which with just two potential host IDs is practically useless.
IPv6 subnetting is similar, but due to the much larger address pool and differences in the protocol this is a whole other kettle of fish that is as likely to send a network administrator’s heart racing in excitement as it is to make the average software developer run away screaming. This can be a fun topic for another day, perhaps.
This overview of IPv4 subnetting also skips over details like the different classes of IPv4 subnets beyond the Class A type here, but those are happily left to sysadmins and kin for now.
In order to thus obtain the broadcast address for a given network interface you need to know two things: the IPv4 address and its associated netmask. From this you can then tell three things: the subnet ID, the broadcast address in that subnet, and the current host ID. Of these we only really care about the the second item.
Although you can obtain the broadcast address yourself by applying the netmask to the address, the OS’s APIs tend to happily give you the precomputed broadcast address. If that’s not your style or not an option, a manual procedure is to:
1 in these bits to get the highest possible host ID.If we thus start with a 192.168.0.0/24 network, we end up with 192.168.0.255, while for a 192.168.0.0/26 network with just six bits available the maximum value is 64, ergo we get 192.168.0.63, since we start counting at 0.
With this we can now broadcast UDP packets on any interface without any (major) worries.
A small glitch in the whole above story is that there’s actually another broadcast address, one which is always the same for each interface and can be considered to make the whole preceding explanation completely irrelevant. This being the local, or limited, broadcast address, which is either the best thing since sliced bread or the worst sin ever committed in the history of IP networking, depending on whom you ask.
This cheat code takes the form of the address 255.255.255.255 and if you send a packet on a UDP socket to it, you’ll get happy UDP responses from any service that is listening on the specified port. This raises the point of why you’d not just use this broadcast address on all interface, rather than bother with all the earlier described nonsense.
The only major difference between this local broadcast address and the earlier described directed broadcast address is that the latter can also be used to target a foreign network, instead of just the local network. This makes it a very attractive option if you just want to query the local network with UDP broadcast packets.
As for why you’d not want to use a local broadcast address, I couldn’t really find any references or citations on why this would be the case. Both would appear to be perfectly valid approaches to broadcasting, each with its own pros and cons.
One final topic was my mistaken hardcoding of a /24 style broadcast address in NyanSD. Here reader ziew helpfully pointed me towards the Poco::Net::NetworkInterface::broadcastAddress() function, which seemed perfect. Unfortunately Poco’s implementation at least on Windows 10 appears to be rather broken.
After getting only 0.0.0.0 as broadcast address from this function, I had a bit of a look at what was happening, including checking what I got as subnet mask both for the default index parameter and for the next index. Across two different Windows 10 installations and both GCC in MSYS2 as well as MSVC 2017/2022 with various versions of Poco the returned values were… interesting enough to file a bug report on the Poco issue tracker.
Clearly this isn’t going to be fixed just yet, but on the bright side the horrific atrocity that I committed by hardcoding a /24 broadcast address will still work on basically every home LAN out there that NymphCast is likely to be used on.
Maybe I could just switch to a local broadcast address and that’d be even better. Feel free to torch down this idea in the comments, just be sure to provide solid reasoning and cite your sources.
Writing out the above pretty much clarifies I think why past me got a bit overwhelmed when trying to ‘just do a UDP broadcast thing’. Even just scratching the surface of IPv4 subnets and not even venturing into IPv6 territory makes one already feel a bit antsy.
Certainly, one could totally argue that anything other than a /24 network is unlikely to be encountered outside of certain government and business networks with either very specific needs, very enthusiastic sysadmins, or both, but it’s always better to design software with such real-life scenarios in mind.
OpenAI’s entry into the world of consumer devices is expected to begin with the release of a portable smart speaker that lacks a screen, according to a Bloomberg report on Tuesday. The device is being positioned as “a new type of computer for the AI era,” Bloomberg’s Mark Gurman reported, adding that it would “serve as a humanlike AI companion that lives in the home.”
The device, which Gurman wrote is still in development, is expected to operate in much the same way today’s smart speakers do: answer questions, play media, operate smart-home appliances, as well as respond to messages and make use of capabilities offered by OpenAI’s ChatGPT.
But OpenAI’s device is expected to go a bit further into homes by offering a “personality” that would make a humanlike connection with users. It will include “mechanical elements that can move on their own, creating a sense that it is alive,” Bloomberg reported.
The product leak comes days after Apple sued OpenAI, accusing the company of stealing its trade secrets. Apple alleged it “uncovered a pattern of theft of Apple’s trade secrets by OpenAI employees who were formerly at Apple.” Apple also called the instances it uncovered “the tip of the iceberg.”
However, OpenAI feels its new product “veers significantly” from any Apple device currently on the market and that it is “unlikely” its new device violates any Apple trade secrets, according to anonymous sources described as knowledgeable of OpenAI’s plans.
There’s been much speculation lately about OpenAI’s hardware ambitions. The company has been linked to a possible release of AI earbuds later this year or early 2027 and is also said to be working on a smartphone in partnership with component-makers MediaTek, Qualcomm and Luxshare.
OpenAI’s hardware ambitions have included a high-profile partnership with former Apple designer Jony Ive. One recent rumor was that the devices could include one worn in the ear, but that OpenAI could have as many as five different devices ready by the end of 2028.
OpenAI didn’t immediately respond to a request for comment.
(Disclosure: Ziff Davis, CNET’s parent company, in April 2025 filed a lawsuit against OpenAI, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.)
Looking for a different day?
A new NYT Strands puzzle appears at midnight each day for your time zone – which means that some people are always playing ‘today’s game’ while others are playing ‘yesterday’s’. If you’re looking for Tuesday’s puzzle instead then click here: NYT Strands hints and answers for Tuesday, July 14 (game #863).
Strands is the NYT’s latest word game after the likes of Wordle, Spelling Bee and Connections – and it’s great fun. It can be difficult, though, so read on for my Strands hints.
Want more word-based fun? Then check out my NYT Connections today and Quordle today pages for hints and answers for those games, and Marc’s Wordle today page for the original viral word game.
SPOILER WARNING: Information about NYT Strands today is below, so don’t read on if you don’t want to know the answers.
• Today’s NYT Strands theme is… Rose-colored glasses
Play any of these words to unlock the in-game hints system.
• Spangram has 11 letters
• First side: bottom, 3rd column
• Last side: top, 4th column
Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON’T WANT TO SEE THEM.
The answers to today’s Strands, game #864, are…
Just four long words made up today’s game, but that didn’t make the search any easier.
I am more familiar with a slight variation on today’s theme — rose-tinted spectacles — which I had viewed as meaning to look favorably on something you are biased towards (such as the fortunes of your team). But the words here leaned more towards fanaticism.
Regardless of interpretation I needed a hint to get going and was rewarded with QUIXOTIC, a word I would have failed to see otherwise. From here I found the other two words with a T-I-C ending, before the spangram helped me to locate IMPRACTICAL.
Strands is the NYT’s not-so-new-any-more word game, following Wordle and Connections. It’s now a fully fledged member of the NYT’s games stable that has been running for a year and which can be played on the NYT Games site on desktop or mobile.
I’ve got a full guide to how to play NYT Strands, complete with tips for solving it, so check that out if you’re struggling to beat it each day.
A security researcher published a wire-level analysis on July 12 proving that xAI’s Grok Build coding CLI was packaging developers’ entire tracked repositories, including full Git history, committed secrets, and API keys, and sending them to a Google Cloud Storage bucket. The upload volume was roughly 27,800 times greater than the data the coding task actually required, according to the analysis.
The researcher, publishing as cereblab, tested version 0.2.93 of Grok Build, intercepted the upload, cloned the git bundle from the captured request, and recovered a file the AI agent had been explicitly told not to open. xAI had marketed the tool with claims that “nothing from your codebase transmitted to xAI servers during a session.” The wire data directly contradicts this.
The privacy toggle that was supposed to prevent data transmission did nothing, according to multiple reports. Grok has a history of privacy issues, including training on X user data without consent in what regulators called a “very likely” breach of EU law. A quarter of European firms have banned Grok entirely in favour of alternatives with better security controls.
Elon Musk confirmed the uploads and said SpaceXAI would delete all prior Grok Build user data. The company documented a “zero data retention” policy and added a /privacy endpoint. A same-client retest observed a server-side flag disabling the uploads. However, no independent audit has confirmed the deletion. Grok Build launched alongside Grok 4.5 as xAI’s answer to Claude Code and Cursor, making the privacy breach particularly damaging for a product positioned to win enterprise developer trust.
OpenAI is reportedly developing a screen-free, portable smart speaker meant to act as a personalized home computer and humanlike AI companion. “It will help control smart-home appliances, play media, answer questions, respond to messages and tap into the range of capabilities offered by OpenAI’s ChatGPT,” reports Bloomberg, citing people familiar with the matter. The device, expected to be unveiled this year and released in 2027, would mark OpenAI’s first major hardware push after acquiring Jony Ive’s io Products. Bloomberg reports: Apple sued OpenAI last week, accusing the company of stealing trade secrets. But OpenAI believes that the device veers significantly from anything Apple has on the market today and that it’s unlikely that it violates trade secrets belonging to the iPhone maker, the people said. OpenAI’s success in hardware will hinge on bringing a novel approach to the market — something it aims to do with the smart speaker. For instance, the device’s technology is meant to become increasingly personalized and proactive as it gains a deeper understanding of its owner over time, according to the people.
OpenAI envisions the device anticipating needs, surfacing information proactively and serving as an expert on its user, they said. Though the speaker is designed to stay in the home, it will be easy to move around the house. OpenAI believes the product’s defining feature will be its personality and ability to connect on a humanlike level with users. The speaker incorporates mechanical elements that can move on their own, creating a sense that it is alive and not just an object responding to commands. The machine also will draw on personal information such as emails to better understand its owner. The goal is for the device to feel like a companion and become a physical manifestation of OpenAI’s ChatGPT. Still, the exact plans could change as the company works through the development and legal process.
The device’s communication abilities will rely on a more advanced version of the ChatGPT Voice Mode — GPT-Live — that OpenAI rolled out this month. The new voice mode is designed to act more like a human. It can listen and talk at the same time, adapt more naturally during conversations, and quickly process information. Though the new product resembles a speaker, OpenAI internally describes it as the first of its kind: a computer built for AI to help make busy people more productive. It includes a camera and other sensors that help it understand a user’s surroundings and context, as well as advanced AI models beyond those available on conventional smart speakers. Another central difference is that the device includes a rechargeable battery, allowing it to be carried from room to room throughout the day. A user could bring it into the laundry room while doing chores, move it into the kitchen for cooking assistance, and later place it in a living room or bedroom to have it play music. It can also remain plugged into a single room if the customer chooses.
Loro Piana Fall 2026 Enters Houston’s Art Scene
Weekend Open Thread: Nutriplenish Leave-In Conditioner
2026 Genesis Scottish Open Thursday TV coverage: Round 1
Super Eagles star Moses Simon opens up on Liverpool transfer regret
Character.AI enters the microdrama arena with its own productions, but there’s a twist
XRP BOMBSHELL… XRP OMBOARDED FOR TRANSACTIONS!!!
Get Your ESP32 Sunny Side Up With This Solar Dev Board
Dark Secrets Emerge When Jailbreaking LLMs
Crypto Just Entered Its Most Important 6-Month Candle (Could Decide Everything!)
ASX 200 Slides Over 0.6% as Rare Earths and Lithium Stocks Tumble Amid Global Semiconductor Sell-Off Today
Major update after Huntingdon train attack as man enters plea
how to make coin bank box with cardboard #scienceproject #money #diy #shorts
SpaceX Shares Slide Nearly 6% Amid Post-IPO Volatility and Starship Test Focus
39-year-old Djokovic wins five-hour thriller to enter Wimbledon semis | Other Sports News
Level Infinite Launches Gangstar Mirage City in India with Pre-Registrations
Cloudflare Precursor Watches Your Mouse and Keyboard To Decide If You Are Human
Entra passkey enrollment vishing targets Microsoft 365 users
DeFi Dashboard Zapper to Shut Down After 7 Years
Maase Inc Shares Jump 16% as Speculative China-Based AI Pivot Stock Extends Its Volatile 2026 Rally Today
Tough task staring Gilas in the eyes entering second round of Qualifiers
You must be logged in to post a comment Login