Microsoft’s July 2026 Patch Tuesday fixed a record 622 vulnerabilities, including 58 critical, two exploited in the wild, and one publicly disclosed, plus 428 Chromium bugs
Actively abused flaws include CVE‑2026‑56155 (AD FS privilege escalation) and CVE‑2026‑56164 (SharePoint privilege escalation), alongside notable issues in BitLocker and Copilot
Surge in fixes is linked to Microsoft’s use of Anthropic’s Mythos AI, with patch volumes rising sharply since its adoption
Microsoft has released its July 2026 Patch Tuesday download, marking another record-breaking update, addressing hundreds of flaws across the ecosystem.
The release, which is currently rolling out to Microsoft users, fixes a staggering 622 vulnerabilities, including 58 critical-severity ones, two that were observed as being abused in the wild, and one which has already been publicly disclosed.
On top of that, Microsoft shipped fixes for another 428 Chromium bugs, as well.
Latest Videos From
A jump in numbers
There are simply too many vulnerabilities to mention all of them, however two that are being exploited in the wild are CVE-2026-56155 and CVE-2026-56164. The former is described as an “Insufficient granularity of access control in Active Directory Federation Services (AD FS)” bug, which allows an authorized attacker to elevate privileges locally. It carries a severity score of 7.8/10 (high).
Advertisement
The latter is a “Missing authentication for critical function in Microsoft Office SharePoint” bug that allows an unauthorized attacker to elevate privileges over a network. Microsoft assigned it a medium severity score (5.3/10), but the National Vulnerability Database gave it a 9.8/10 (critical).
Other notable mentions include CVE-2026-50661, a protection mechanism failure in Windows BitLocker that allows unauthorized attackers to bypass a security feature with a physical attack, and CVE-2026-48561, an improper neutralization of special elements used in a command in Microsoft Copilot, that allows an unauthorized attacker to execute code over a network.
If you think fixing 622 vulnerabilities in a month is a lot, you’re absolutely right. It’s well above what Microsoft is used to do, and this is most likely due to the company now using the fabled Mythos – Anthropic’s cybersecurity-oriented AI.
Advertisement
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In June 2026, roughly a month and a half after the release of Mythos, Microsoft fixed 206 flaws, which raised eyebrows because it was significantly above the company’s usual amount of bugs fixed.
In May it fixed 120 flaws, in April 167, and in March – 79.
FreeBSD 16 has removed the last GPL-licensed code from its base system, retiring the old GNU ‘dialog’ implementation after the installer moved to ‘bsddialog’ and the final dependency was disabled. Phoronix reports: This ticket to retire dialog was opened back in February while is now merged to the FreeBSD source tree for what will become FreeBSD 16.0. With dialog removed, the latest FreeBSD code now retires the GNU sub-tree of the FreeBSD base system now that no more GNU code remains. FreeBSD 16.0 is working its way toward release that is expected to happen in December 2027.
Emergent’s vibe coding platform hit a $1.5bn valuation a year after launch. Its founder says most businesses do not need software, they need a way to turn how they work into it.
“Most businesses don’t need any software. They need a way to turn how they actually work into software.” That is how Mukund Jha pitched his startup as he announced it had become a $1.5bn unicorn.
Emergent, the vibe coding platform Jha runs with his twin brother Madhav, has raised a $130m Series C. The round values it at $1.5bn, about five times its valuation in January. That makes Emergent a unicorn roughly a year after its 2025 launch.
Creaegis, a private equity firm, led the round. Claypond Capital and Sentinel Global co-led. Earlier backers Khosla Ventures, SoftBank’s Vision Fund 2, Lightspeed, and Y Combinator returned. Total funding now reaches $230m.
Emergent lets people build full software by typing plain-language prompts. Autonomous AI agents write the code, then handle hosting, testing, and deployment. Jha says 70% of its users have never coded.
Advertisement
“You’re basically getting an engineering team in a box,” he told TechCrunch. The company says more than 12 million apps have been built on the platform in a year. Jha puts annual revenue at a $120m run-rate, with 200,000 paying customers.
These are not just websites. Users build CRMs, inventory systems, and marketplaces. Jha points to an Ohio roofer who replaced five tools with one system, and a Florida car detailer who rebuilt his site in four days. Software that once cost six figures, he says, now costs a few thousand dollars.
A crowded, expensive race
Emergent is chasing the same wave as some of the most richly valued startups in tech. Lovable is reportedly seeking a $13.2bn valuation. Anysphere’s Cursor was bought by SpaceX for $60bn in June. That boom has also flooded app stores with a surge of AI-built apps.
Against those numbers, $1.5bn looks modest. Emergent’s bet is a different customer. It targets small businesses and solo founders, not the professional developers who lean on Replit and Cursor. Jha calls Replit his closest rival.
Advertisement
He is candid about the limits. He admits design is a weakness, noting that many AI-built sites look alike. Success rates, he says, are still lower than he wants them to be.
What Emergent does with the money
Most of the cash will go to hiring and research. Emergent wants to lift its success rates and support more complex apps, including ones that run on open-source models. It is weighing a European office and expanding in San Francisco.
Jha’s ambition is bigger than an app builder. He wants Emergent to become “the operating system for businesses,” and is putting $200,000 into two builder contests to draw more people in. If software itself gets solved, he told Business Insider, builders will simply move on to harder problems, from quantum computing to drug discovery.
Microsoft just released the third edition of its AI in Education Report, surveying more than 3,000 students, educators and leaders across six countries. Ira Apfel sat down with Pat Yongpradit, general manager of global education and workforce policy at Microsoft, which sells AI tools including Copilot to schools, at ISTELive 26 in Orlando, to talk through what the data reveals about daily use, trust, training gaps, and where the policy backlash against AI in schools may be headed next.
Pat Yongpradit on Adoption, Trust and Cheating
Yongpradit walks through why daily AI use in schools still lags far behind overall adoption, even though nine in 10 educators, students and leaders report having tried the tools at least once. He addresses the recent drop in student optimism, framing it as a predictable dip on a familiar technology adoption curve rather than a warning sign.
The conversation also covers the wide gap between how much training school leaders believe their staff have received and what teachers and students say they have actually experienced. Yongpradit also shares his candid take on academic integrity, arguing that the panic around cheating has more to do with long-standing temptation than with any single tool.
The Nothing Phone 4(b) is a capable budget Android handset with a clean OS, avant-garde looks and excellent battery life. Its internal power is fine for the price, although lacking against some of the competition, and the dual camera array is mostly fine for the price.
Classic Nothing design
Solid internal grunt
Excellent battery life
Screen is dimmer than some rivals
A fair bit dearer than the last CMF phone
Performance isn’t as strong as rival devices
Key Features
Advertisement
Review Price:
£299
Snapdragon 6 Gen 4 SoC
Advertisement
The Phone 4(b) has a decent mid-range Qualcomm chip inside to offer solid day-to-day performance.
50MP + 8MP camera system
Advertisement
It features a dual camera setup with a 50MP main sensor and 8MP ultrawide, meaning no dedicated telephoto lens is present.
Signature Nothing design
Advertisement
In spite of being a more affordable option, this handset retains Nothing’s signature industrial design and unique elements.
Introduction
The Nothing Phone 4(b) is the first of a new kind of phone for the London-based brand.
The budget phones sector was rocked by the decision from Nothing that it wasn’t going to release a sequel to the excellent CMF Phone 2 Pro this year, and instead chose to launch a spiritual successor under its own Nothing branding.
Advertisement
To this end, the Phone 4(b) is in essence a cut-down and more affordable version of the Nothing Phone 4(a), featuring a Qualcomm Snapdragon 6 Gen 4 SoC with 8GB of RAM and 128GB of storage, plus a 6.77-inch Super AMOLED screen and a 5200mAh battery inside.
Advertisement
Priced at £299/$399, it’s more expensive than the older CMF Phone 2 Pro, although it makes a few key upgrades and positions this new Nothing handset against the likes of the Motorola Moto G86 5G and the Poco X8 Pro.
To see if the Phone 4(b) can come out on top as one of the best cheap phones we’ve tested, I’ve been putting it through its paces for the last week or so.
Advertisement
Design
Solid polycarbonate chassis
Typically Nothing design
IP64 water and dust resistance
Nothing’s phones have always had a certain look to them, and the Phone 4(b) sticks with its tried-and-tested formula of being funkier and more interesting than a lot of its contemporaries. You either like it, or you don’t, and admittedly, I’m quite a fan of it.
It is made of polycarbonate (plastic), as you’d perhaps expect for a more affordable handset, but I won’t hold that against Nothing with this phone. It’s comfortable to hold and feels quite durable compared to other cheaper phones out there. There isn’t any creaking or twisting at the corners, either.
Advertisement
Image Credit (Trusted Reviews)
As for colour options, the Phone 4(b) is available in black, white, or blue. My sample is the latter, adding a pleasant pop of colour against the other options, and certainly helping it to stand out.
The rear portion features a rectangular camera bump that doesn’t protrude too far from the main chassis, keeping the phone stable when you set it down. It comes with Nothing’s typical retro-futuristic touches, alongside a downsized Glyph Bar borrowed from the Phone 4(a).
Image Credit (Trusted Reviews)
The Glyph Bar has long been Nothing’s calling card when it comes to its phone design, and it achieves much of the same use cases as with the brand’s other phones. It can do everything from lighting up for notifications from specific people to letting you check charging progress, counting down shutter timers for the camera, or even pulsing red for severe weather alerts.
Ports are standard fare for a modern phone, with a USB-C port for charging and a SIM slot off to the left. There aren’t any other frills, either, such as a headphone jack or a microSD card slot for expandable storage.
Advertisement
Advertisement
Image Credit (Trusted Reviews)
We’ve got IP64 water and dust resistance for the Phone 4(b), which should protect it well against water and dust. This is ahead of the IP54 rating on Nothing’s own CMF Phone 2 Pro, although behind the IP68/IP69 rating of the Motorola Moto G86 5G.
This handset doesn’t ship with a charger in the box, although you at least get a USB-C to USB-C cable and a clear silicone case to help protect the phone.
Screen
6.77-inch 120Hz 1080×2344 AMOLED
2000 nits peak HDR brightness
Optical fingerprint sensor
Nothing has kitted the Phone 4(b) out with a large 6.77-inch Super AMOLED screen with a 1080×2344 resolution. This makes it one of the larger screens kitted out to a phone at this price.
The resolution is more akin to HD, which provides reasonable detail at the price, plus as an AMOLED choice, there are deep blacks and good contrast to my eye.
Advertisement
Advertisement
Image Credit (Trusted Reviews)
If there’s one area where the Phone 4(b)’s screen isn’t quite as strong as its rivals, it’s brightness. A typical peak brightness of 1200 nits gives images some pop and means this phone is fine for brighter conditions, although the 2000-nit peak for HDR content isn’t as vivid as on other budget phones.
It’s up to 120Hz of refresh rate here, which gives an added slickness against the 60Hz we were stuck at for a long time, although the screen here lacks the more advanced LTPO tech we see in costlier phones, meaning the variable refresh rate works in a blockier manner. For the most part, the Phone 4(b)’s panel sticks at 120Hz in my experience, which isn’t much of a hardship.
Image Credit (Trusted Reviews)
Nothing has also included an optical under-display fingerprint sensor for this phone, mounted quite low down on the panel. It’s fine to use, although not quite as good as the ultrasonic ones seen on higher-end devices.
Cameras
Main rear camera is reasonable
Lack of a telephoto leaves long-range photography fuzzy
Decent selfie camera and okay video options
Advertisement
In terms of cameras, the Phone 4(b) slices off the telephoto shooter found on the Phone 4(a) and opts for a dual-camera arrangement. The main camera is a 50MP 1/2.76-inch sensor optically stabilised snapper with an f/1.8 aperture, which is joined by an 8MP 1/4-inch ultrawide sensor with an f/2.2 aperture.
By default, the main sensor chucks out 12MP images, although you can switch to the camera’s 50MP mode to make full use of the resolution on offer for more detail, dynamic range and inherently larger file size.
Image Credit (Trusted Reviews)
Out-of-the-box images with the main snapper are perfectly pleasant, with natural colours and solid detail resolution. In general, the 12MP mode offers richer colours, while using the full 50MP resolution will give you stronger detail.
By comparison, the 8MP ultrawide is lacking in overall detail and only provides images I’d describe as serviceable at best. Finer portions are fuzzier if you pixel-peep.
Advertisement
Image Credit (Trusted Reviews)
Advertisement
The lack of a telephoto lens is the downfall of the Phone 4(b)’s camera setup, as it means anything beyond a simple 2x or 3x zoom can cause detail to fall off dramatically. For instance, the images taken of Spinnaker Tower beyond the advised 2x on the phone’s camera leave a lot to be desired, with a digital crop nowhere near as effective as proper optical zoom. A dedicated telephoto would have resolved the fuzziness and given a lot more to work with.
Image Credit (Trusted Reviews)
For selfies, the 16MP snapper on the front is okay, with good richness of colour and a pleasant, vibrant tone. Video capabilities in any guise are locked to a max of 1080p/60fps or 4K/30fps, which is fine, if unremarkable.
Performance
Reasonable mid-tier Qualcomm SoC inside
Solid speed for more basic tasks
More advanced 3D loads can lead to stutters
Inside, the Phone 4(b) is brought down a peg or two against its dearer brother by coming with a Qualcomm Snapdragon 6 Gen 4 SoC, paired with 8GB of RAM and 128GB of storage as its only configuration.
With this in mind, performance is stronger against the likes of the Xiaomi Redmi Note 15 4G model, with a much stronger CPU and GPU in the customary Geekbench 6 test. From Nothing’s own canon, the cheaper CMF Phone 2 Pro is rather similar in its performance, while last year’s Phone 3(a) is also faster than the 4(b) in this regard.
Advertisement
Image Credit (Trusted Reviews)
For general use, things are better than the benchmark numbers would suggest, with zippy performance navigating the operating system, streaming music or video or dealing with social media in my usual workflow.
In terms of 3D performance, more casual titles such as COD Mobile or PUBG fare absolutely fine, just as long as you’re happy to turn down some graphics settings for a smoother feel. With this in mind, don’t expect to be playing heavier and more intensive titles, as the 3DMark Wild Life Extreme test posted single-digit frame rates for one of the lower scores I’ve seen.
Advertisement
Image Credit (Trusted Reviews)
For more prolonged intensive loads, expect this Nothing phone to get a little on the warm side, although it wasn’t uncomfortable to the point I had to put it down. The Phone 4(b)’s vapour chamber cooling apparatus seems to do its job decently well.
Test Data
Nothing Phone 4(b)
Xiaomi Redmi Note 15 4G
CMF Phone 2 Pro
Nothing Phone 3a
Geekbench 6 single core
1090
738
1003
1164
Geekbench 6 multi core
3177
1990
2910
3273
Geekbench 6 GPU
2912
1307
–
–
3D Mark – Wild Life
965
350
852
1057
3D Mark – Wild Life Stress Test
99.2 %
99.1 %
–
–
Advertisement
Software & AI
Monochromatic Nothing OS or stock Android looks available
Very basic AI features against rivals
Reasonable OS and security update commitments
The Phone 4(b) comes with Nothing’s own Nothing OS 4.1 Android skin out of the box that’s based on Android 16. When you first set the phone up, you get a choice between a stock Android lock or the monochromatic, retro-future aesthetic Nothing offers.
I went full Nothing, and opted for its own skin, which is an interesting look against other budget Android phones out there. App icons appear in white on black circles, and it can be a little difficult to distinguish one app icon from another at first. If you’d prefer, going back to the more colourful traditional Android aesthetic is a few taps away in the settings menu.
Image Credit (Trusted Reviews)
With this in mind, I didn’t find any bloat or unwanted crud here, and the OS is remarkably clean for such an affordable phone. The OS itself has some useful features, such as a hidden vault called Private Space to store sensitive documents and photos, as well as its clever freeform window sizing where you can make any app any size, which is neat.
Pressing the Essential key on the phone’s left side opens up the Essential Space, where the Phone 4(b) uses AI to organise screenshots, recordings and notes, auto-generating summaries, reminders and any to-do lists from the information you saved.
Advertisement
Advertisement
Image Credit (Trusted Reviews)
That’s as far as AI seemingly goes on this Nothing phone, though. There doesn’t seem to be any more AI gubbins here, such as for photo editing as we see on lots of other phones up and down the price ladder.
For the Phone 4(b), Nothing is committing to six years of security updates and three years of Android updates, giving some peace of mind for long-term use.
Battery Life
5200 mAh battery
33W wired charging
No wireless charging support
The Phone 4(b) features a 5200mAh battery inside, which is ironically the largest battery Nothing has ever fitted to one of its phones, in spite of it being the most affordable Nothing-branded handset. For reference, the Phone 4(a) comes with a 5080mAh cell.
The brand says that works out to enough for 22 hours of video streaming. In my experience, I managed around eight hours of screen-on time of use when it came to an intensive day of multitasking and using my phone as normal at more middling brightness levels.
Advertisement
Image Credit (Trusted Reviews)
For reference, that’s scrolling my social media, streaming music through Tidal or Plexamp, taking the odd photo when out and about, and dealing with a small amount of work in a pinch in Google Docs.
For a more scientific test, a cursory run of the PCMark Work V3.0 battery test at 50% brightness worked out to nearly 17 and a half hours of use – a fantastic result.
Advertisement
Image Credit (Trusted Reviews)
The Phone 4(b) supports up to 33W wired charging with no wireless charging support, which lags behind a lot of its key rivals. In using my 66W 6A charger to put some go-juice back into the handset, it also proves to be quite slow, taking 57 minutes to get back to 50%, while a full charge took 100 minutes.
Advertisement
Should you buy it?
You want an affordable Nothing phone
The Phone 4(b) is the cheapest Nothing-branded phone out there, and if you want the brand’s unique features and design, it’s the most affordable way to do it.
Advertisement
You want a brighter screen
Advertisement
Against some rivals, this Nothing handset lacks some vividness with its screen and has less in the way of overall detail, too.
Final Thoughts
The Nothing Phone 4(b) is a capable budget Android handset with a clean OS, avant-garde looks and excellent battery life. Its internal power is fine for the price, although lacking against some of the competition, and the dual camera array is mostly fine for the price.
Advertisement
It makes several key upgrades to the CMF Phone 2 Pro, such as with battery life, dust and water resistance, and by sticking with Nothing’s own design philosophy, although it feels a little baffling considering the Phone 4(b)’s screen is dimmer, and it isn’t much more powerful. Bear in mind the CMF option is also nearly £100 cheaper, too.
Elsewhere, the Motorola Moto G86 5G has a slightly higher-res screen, similar performance from its MediaTek Dimensity 7300 SoC and a similar camera array to the Phone 4(b) while costing £20 less. Its OS is much more chock-full of bloatware than Nothing’s, though, so it’s swings and roundabouts.
With this in mind, the Phone 4(b) is an interesting choice if you want an affordable handset with Nothing’s typical flair and interesting design, and seems like it’s going to be the way the brand does things going forward. For more choices, check out our list of the best cheap phones we’ve tested.
How We Test
We test every mobile phone we review thoroughly. We use industry-standard tests to compare features properly and we use the phone as our main device over the review period. We’ll always tell you what we find and we never, ever, accept money to review a product.
Advertisement
Used as a main phone for a week
Thorough camera testing in a variety of conditions
Tested and benchmarked using respected industry tests and real-world data
FAQs
How big is the Nothing Phone 4(b)’s battery?
The Nothing Phone 4(b) has a 5200mAh battery inside, which is the biggest Nothing has ever fitted to one of its devices.
One of the things we love about the M7 Pro 5G is the 50MP Sony camera that comes with optical image stabilisation built in, which keeps handheld shots sharp in situations where a shakier phone would blur, from a moving bus to a poorly lit restaurant table at night.
Advertisement
Above that sits a 120Hz FHD+ AMOLED display designed with eye care in mind, delivering the kind of smooth scrolling and crisp colour that makes browsing or gaming feel noticeably sharper than a standard 60Hz panel.
Powering all of that is a Dimensity 7025-Ultra processor, a 6nm 5G chip with an octa-core CPU clocked up to 2.5GHz, built to handle multitasking and heavier games without slowing down or overheating during longer sessions.
Memory Extension technology adds up to 12GB of virtual RAM on top of the phone’s physical memory, taking the total as high as 24GB and letting more than 42 apps stay open in the background at once.
Advertisement
None of that performance drains the battery quickly either, since the 5110mAh cell paired with 45W turbo charging is built to get through a full day of heavy use and top back up fast when it does run low.
The handset also carries IP64 dust and water resistance, a flagship-level touch that protects against light rain, spilled drinks, or dusty environments without needing a separate case bought just for peace of mind, which is rare to find at this price point.
Worth noting is that the enhanced 5G experience POCO promises depends on regional network coverage and local operator support, meaning actual speeds will vary depending on where the M7 Pro is used day to day.
If you’re after a 5G phone that covers photography, display quality, and everyday battery life without the flagship price tag, the POCO M7 Pro 5G is a no brainer choice right now, especially when you’ll save £80 before this deal disappears.
Recent photos from NASA / ESA’s Hubble Space Telescope show magnificent crimson plasma and dazzling blue stars in all their glory. The image in question is from LH 95, a star-forming region in the Large Magellanic Cloud, a dwarf galaxy that orbits the Milky Way.
The light from hundreds of young stars is burning the surrounding hydrogen, creating a bright red glow across the entire image. This type of emission, known as H-alpha, is a good indicator that star formation is actually taking place, and it’s similar to a flashing neon sign that draws your attention. You can also detect darker wisps of dust breaking through the light gas, indicating that denser material has withstood the relentless battering of star winds and radiation.
PROJECT HAIL MARY SCI-FI MODEL – Launch into the world of cinematic science fiction with the LEGO Icons Project Hail Mary (11389) microscale…
WHAT’S IN THE BOX – Includes everything you need to build a microscale replica of the Hail Mary spacecraft, a functional display stand, plus a…
FUNCTIONAL SPACE MODEL – Turn the crank on the display stand to send the crew module into orbit, simulating the spaceship’s centrifugal gravity…
Blue and white stars sparkle vividly against the blazing red backdrop. Many of these are extremely hot, massive objects that have only been around for a few million years, and if you look closely, there’s one that really stands out, located just above the middle and to the left, as this bloke has a mass between 60 and 70 times that of the sun, and he’s probably a million years younger than the ones around him, the majority of which are around 4 million years old.
So far, astronomers have identified nearly 2,500 stars in LH 95, which have all of the mass they’ll ever need. They are still in the pre-main-sequence phase, essentially hanging out in their disks while nuclear fusion takes place and transforms them into stable, hydrogen-burning stars. However, the results reveal that this growth stage can last several million years, which is longer than some researchers had previously anticipated. However, accretion rates do slow down over time, but material continues to pour in for quite some time.
Hubble has given us a magnificent view of the hottest gas and brightest stars in all of their glory. The hues in this photo are fairly typical, with shorter wavelengths displaying blue and longer visible light, as well as that magnificent red hydrogen emission glowing brightly red. It all helps to accentuate the dynamic dance between stars and their surroundings, and the dark dust lanes stand out since they are the only areas that conceal some of the backdrop glow, adding depth to the entire impression.
Launched in 2014, Japan’s Hayabusa2 spacecraft completed its primary asteroid sample return mission all the way back in 2020. But with the main spacecraft still healthy, the intrepid little probe was assigned new missions — such as its future investigation of asteroid 1998 KY26, a rather unassuming 11 meter diameter rock.
Artist impression of Hayabusa2 firing its ion thrusters. (Credit: DLR, Wikimedia)
Earlier this month Hayabusa2 flew by the 450 meter 98943 Torifune at a distance of 800 meters, close enough to get an up-close look of its surface of mostly silicate minerals. With the spacecraft flying past at around 5 km/s, this posed some challenges with tracking, especially since its systems and instruments were not designed for high-speed tracking.
With that mission now complete, 1998 KY26 – first discovered in 1998 – is next on the menu, though this will have to wait a while. Currently it’s estimated that the two will not meet until July 2031.
Once they do meet up, after Hayabusa2 zips twice more past Earth, it’ll be another major challenge for the by now rather degraded spacecraft. Its sensors have suffer radiation and other types of damage, while its ion engines are quite depleted. The goal at this target asteroid is to enter orbit, deploy its last target marker and projectile, before attempting a landing, probably at one of its poles.
Advertisement
As likely the final mission for this spacecraft it’ll be very educational in many ways, not the least of which is that of planetary defense, but also that of deepening our understanding of these asteroids and the many varieties that we share space with.
Ford’s F-150 Lightning was a good truck, but not necessarily a successful one. Launched in 2022 and discontinued in late 2025, the truck fell short of expectations and eventually proved financially disastrous, triggering a massive $19.5 billion shift in Ford’s EV strategy. In the wake of the F-150 Lightning, Ford announced a fresh EV project called the Ford Universal EV Platform in late 2025, investing $5 billion in the project to launch a new, $30,000 all-electric mid-size pickup truck for 2027.
Over a year since that announcement, Ford’s new affordable electric pickup truck looks like it’ll become a reality. Multiple reports have emerged of people encountering the new EV in camouflage, possibly while undergoing real-world testing. But the camouflage isn’t just to hide the truck’s final shape. Observers were quick to notice something quirky with the wrap, which, upon close inspection, doesn’t just include heart emojis, dogs, soccer balls, and sailboats, but also a scannable QR code.
Scanning the QR code, as it turns out, takes users to a new Ford website for the upcoming EV. The website welcomes users with a message stating that they have spotted a Unicorn. The page features several videos discussing Ford’s vision for this project, with one of the newest videos featuring Ford’s vice president of advanced development projects, Alan Clarke. In the video, Clarke clarifies that this website will be regularly updated as the project moves forward.
Advertisement
What we know about Ford’s new mid-size pickup truck
Aside from the $30,000 starting price, Ford’s initial announcement outlined its intention for the new truck to perform similarly to a Ford Mustang EcoBoost while offering more passenger space than a Toyota Rav4. While Ford hasn’t officially revealed a name for the new vehicle, reports indicate that the company could be reviving the Ranchero nameplate, which it last used for a ute sold between 1958 and 1979. Ford regained the rights to the Ranchero name in April 2026.
Advertisement
Ford also appears to be trying every possible trick in its book to keep production costs low. Its new platform allegedly uses 20% fewer parts and fasteners and also has a smaller and lighter wiring harness than those used on previous EVs. Another major change is the switch to a 400-volt architecture (as opposed to an 800-volt architecture), trading charging speed for price.
Ford intends to equip the upcoming EV with advanced prismatic lithium-iron-phosphate (LFP) batteries, which cost less than typical EV batteries. What remains under wraps includes specific data about range, charging speeds, and overall performance (although we do have the EcoBoost Mustang reference). The electric motors that Ford intends to use on this machine also remain a mystery.
Advertisement
Intense competition awaits Ford’s 2027 launch
rblfmr/Shutterstock
No matter when it launches, Ford’s new EV will likely end up competing in a vastly different automotive landscape from the one that existed when development first started. Aside from locking horns with established players like Tesla, Rivian, General Motors, and Stellantis, Ford will also need to address newfound competition from companies like the Jeff Bezos-backed EV startup Slate and possible challenges from newer players like Telo and Scout Motors.
Slate, perhaps, poses the greatest challenge to Ford, with the $25,000 Slate pickup truck likely launching before the end of 2026. As for Telo, the company is developing a small pickup truck called the MT1, which is expected to be priced around the $41,000 mark. This vehicle is also likely to reach the production stage before the end of 2026. While not a direct competitor to Ford’s upcoming truck, another company that Ford could be looking at closely is Scout. The company is on track to launch a new pickup truck in 2027, which will be a larger machine with body-on-frame construction and premium pricing.
Can Ford deliver on its promise of bringing the new mid-size EV pickup truck to American consumers by 2027? Even if it does, will the truck be able to compete? Only time will tell.
AI is changing how vulnerability research gets done, but most of the conversation is still theoretical: what a model might eventually be capable of, rather than what it can actually find today.
We wanted to answer a more practical question: using the models already available to us right now, how far can AI take us in finding real, exploitable vulnerabilities in production software?
This piece details how the team at Intruder is using LLMs to find novel vulnerabilities using code scanning frameworks alongside current, pre-Mythos models.
We walk through a remote, multi-stage SQL injection zero-day we discovered in a WordPress plugin with over 300,000 users — fully automated from discovery through exploitation, with no human in the loop.
Advertisement
The focus problem: why pointing AI at a whole codebase doesn’t work
The big problem when pairing AI with a code scanner is focus. LLMs are excellent at taking small segments of code, or a description of a specific problem, and finding an interesting solution. But point one at a large codebase and ask it to find security issues, and it will try to ingest every file in the repo.
That’s expensive in tokens, and worse for accuracy: by the time the model is halfway through, its context is full of irrelevant code, and the bug you actually want is buried in noise.
For more complex bugs that require chaining several steps together, you’re then relying on the framework to keep the right context in memory, or retrieve it intelligently when needed. In our experience, that produces poor output rather than real and interesting bugs.
Traditional code scanning frameworks already solve this. We use a technique we’re calling a program slice, which is similar to when an IDE or LSP tool uses features like “find implementation” or a call graph to find all functions called by the current function. These are mature, well-tested tools, and they sidestep the diluted-context problem entirely.
Advertisement
Intruder’s AI pentesting agents deliver the depth of a manual engagement on-demand: no lead time, no scoping calls, a fraction of the cost.
Test with every release, close your window of exposure, and get an audit-ready report in hours.
We built a pipeline that takes a codebase, runs it through a code scanning engine (we use Joern), generates slices of code relevant to each finding, and uses an LLM to triage and exploit the issue. The design was inspired by nooperator’s work on Slice, though we use Joern rather than CodeQL and designed the slicing algorithm quite differently to handle the specific vulnerability classes we’re looking for.
We pointed it at the top 200 WordPress plugins — code that’s already heavily picked over by bug bounty researchers, so finding something real there would mean the process can compete with skilled humans.
Advertisement
First, Joern runs against the codebase with rules designed to flag broadly “interesting” patterns — this is deliberately loose to avoid creating rules that are too specific and might miss bugs. Since we have the triage agent filtering later anyway, we can err on the side of false positives.
For this experiment we were after unauthenticated WordPress plugin attack surface, so we had Joern identify every place a script can be affected by user input: REST routes, template hooks, nopriv AJAX calls, and so on.
For each WordPress hook, Joern generates a slice: the function the hook calls, every method that function calls, and so on down the chain. Basic taint tracking rules out obviously safe functions, such as SQL and XSS inputs that go through a known-safe sanitizer. Where we can verify statically that the code is safe to run, we drop those passing onto an LLM.
Each slice goes to a lightweight triage model (Sonnet, in our tests) to filter out the obviously uninteresting: hooks that are meant to be public and have no side effects, for example.
Advertisement
What’s left goes to a heavier model (Opus) to assess exploitability, with the full relevant call context in memory so it isn’t hunting through unrelated source.
Anything judged exploitable goes to a final exploitation agent to try and write an exploit. This agent has access to full source again (if needed) since it can now use targeted searches to find relevant code, and it will also spin up a Docker container running the software to test while developing.
The first vulnerability: a blind SQL injection in a popular WordPress plugin
The first bug the pipeline vended was CVE-2026-3985, a SQL injection vulnerability in the Creative Mail plugin. It stood out to us for a few reasons:
It’s high impact, giving an attacker read access to the database (including admin hashes and secret tokens!)
Advertisement
It requires multiple chained requests to exploit, making it less likely to be detected by traditional tooling
The root cause was hidden from the developer’s own static analysis tooling by a mistake in their code
Exploitation does require WooCommerce to be installed alongside Creative Mail, but since WooCommerce is a common reason people run WordPress (over 7 million active installs), the combination is common.
The exploitation agent one-shotted a working proof-of-concept, producing a check to confirm the issue existed and a full extraction method capable of pulling password hashes from the database.
This vulnerability was also found independently by Dmitrii Ignatyev of CleanTalk Inc., who reported it to Wordfence.
Advertisement
The plugin has been pulled from the WordPress store pending review; if you’re running Creative Mail alongside WooCommerce, disable it until a patch is available.
Discovery is getting faster. Detection has to keep up
This is just the first vulnerability the pipeline has vended. We’re already finding more and reporting them to affected vendors (those are still under disclosure).
AI clearly has a growing role to play in vulnerability research, and the work now is building the frameworks to get the most out of current models. Attackers are already using similar tooling to feed AI high-signal input, which means the same speed advantage we’ve demonstrated here isn’t unique to defenders.
Advertisement
Vulnerabilities surfaced by our vending machine become detection checks in the Intruder platform, so your next scan finds and reports them.
Sam Pizzey is a Security Engineer at Intruder. Previously a pentester a little too obsessed with reverse engineering, currently focused on ways to detect application vulnerabilities remotely at scale.
Sometimes the sun throws a temper tantrum, and that tantrum hits Earth. For some people, that means a chance to see the beautiful aurora borealis light up the night sky. But solar storms can cause damage to Earth and the various people and items orbiting in space. That’s because, according to a new study, the risks from solar storms might be worse than originally thought.
The study, authored by NASA’s Nithin Sivadas and Maria Walach of Lancaster University, posits that science’s understanding of solar storms and the electrical currents generated in Earth’s upper atmosphere may have been misunderstood, and that solar storms may be much riskier, especially for satellites and astronauts in orbit.
To understand the problem, understanding what the science currently says is key. When solar winds hit the upper atmosphere, they create all sorts of interactions, resulting in effects such as the auroras and electrical current. The current scientific consensus is that there’s a maximum amount of electrical current that can exist in the upper atmosphere because of factors such as solar wind energy, atmospheric limits and current saturation. Once that threshold is reached, Earth’s magnetosphere naturally dissipates the excess.
Advertisement
But this new research suggests that the limit doesn’t actually exist and that earlier assumptions about it were based on “uncertainties in solar wind measurements.” Those uncertainties likely arose because most solar wind measurements are taken by spacecraft about a million miles closer to the sun than Earth, at a location known as Lagrange Point 1.
Measurements taken closer to Earth’s surface by NASA spacecraft show a direct correlation between solar wind strength and electrical current in the atmosphere, and suggest that there is no upper limit as previously assumed. That means the atmosphere can produce as much electricity as there is solar wind to generate it.
Extreme solar wind events can be seen far away from the point of impact in the form of the aurora borealis.
Advertisement
Nithin Sivadas NASA Goddard Space Flight Center
How much risk are we talking?
It’s not well understood how much riskier solar storms are versus what science already knew. Solar storms have caused a lot of damage in the past, with instances such as the Carrington Event in 1859 setting telegraph machines on fire or the 12,350 BC solar storm, which researchers said was “orders of magnitude stronger than everything directly observed.” Further study is still needed to understand the potential risks.
“If there is no upper limit to our planet’s response to the solar wind, modeling for extreme cases needs to take this into account, and we should be vigilant of space weather effects,” Walach said in a statement. “Fortunately, these very extreme cases are rare, but this also means we have limited data to work with and only time will tell what happens at the very extreme one-in-a-thousand-year kind of event.”
Current simulations that use the limits explained above already paint a pretty grim picture for our electronic-heavy modern existence. A solar storm of the magnitude of the Carrington Event would level a significant number of Earth’s satellites and cause untold damage to systems here on Earth as well. And it wouldn’t be the first time: During the Halloween solar storms in 2003, Earth lost contact with 59% of its satellites at the time. While modern technology is better at resisting these risks, it’s not immune.
Advertisement
But there is some good news. First, such a catastrophic solar storm wouldn’t spell the end for humanity. Walach says that the Earth’s magnetic field “does a really great job of protecting us against many space weather effects,” and that most of the time, all humans will notice is the occasional glitch or a beautiful aurora. She says satellites would fare more poorly in such extreme space weather conditions.
The other good news is that the sun is nearing the end of its solar maximum for its current 11-year cycle (assuming it hasn’t already ended), so the odds of extreme space weather are much lower than they were in 2024, when Earth was treated to an extreme solar weather event that pushed the aurora borealis down to Texas for an entire week.
You must be logged in to post a comment Login