United Airlines is updating its iOS and Android mobile apps with several new features, including estimated security wait times to give travelers a better idea of when they should arrive at the airport. The move comes as the ongoing partial government shutdown has left TSA checkpoints understaffed.

In the “Travel” section of the United mobile app, travelers can now view security wait times for the airline’s U.S. hub airports in Chicago, Denver, Houston, Los Angeles, New York/Newark, San Francisco, and Washington D.C. Users will see estimated wait times for specific lanes, including standard security and TSA PreCheck, throughout terminals serving United customers.

“We appreciate the work and professionalism of our TSA agents, and while most began receiving back pay earlier this week, the U.S. Department of Homeland Security shutdown continues and people want to stay informed about expected security wait times at our airports,” Jason Birnbaum, United’s chief information officer, said in a press release. “Our customers rely on our mobile app for all their travel needs, and this new feature lets them know what to expect and better plan their trip.”

The app is also rolling out updates designed for passengers with connecting flights. Travelers will now receive personalized, turn-by-turn directions to their next gate, complete with estimated walking times, real-time status updates, and tips for longer layovers. It will also provide a “heads up” if United can hold a plane for passengers with tight connections.

The app will offer automatic rebooking assistance as well. Instead of waiting in line to speak with an agent or manually searching for alternatives, United’s self-service tools will automatically present travelers with rebooking options, along with baggage tracking details and meal and hotel vouchers if they’re eligible for them, in cases where a flight is delayed or canceled.

The app has also integrated Apple’s “Share Item Location” feature for AirTag, allowing travelers who use an AirTag or other Find My network accessory to share their item’s location with United’s customer service team in the event that their baggage is lost.

Users will also receive text updates featuring real-time radar maps to inform them on how severe weather in one region of the country can affect flights in another.

Tesla spent more than a year touting that “more affordable” cars were on the way, and they finally arrived last October, with stripped-down versions of the Model Y and Model 3 starting at $39,990 and $36,990, respectively. But the new vehicles are not moving the needle much for Tesla’s overall sales, first-quarter figures show.

Tesla said Thursday that it delivered 358,023 EVs globally in the first three months of the year, below analysts’ expectations of of around 368,000. The company also produced far more than it sold, with the final tally built coming in at 408,386.

This means Tesla only delivered about 6% more cars in the first quarter of this year than it did in Q1 2025, which was the company’s worst quarter in years. The first quarter 2025 figures were also affected by the company shutting down production lines for a few weeks to switch some equipment, meaning Q1 2026 figures likely aren’t much of a real improvement.

The sales figures are striking for a company that once promised to grow EV sales 50% every year. And the poor first quarter means Tesla now risks seeing its overall sales decline for a third year in a row — at a time when its profits are also tanking.

Tesla is not the only company struggling to grow EV sales, especially in the United States. Legacy automakers have backed away from — and in some cases, outright canceled — once-grand plans and ambitions for new EVs. Newcomers have struggled, too. Rivian announced Thursday morning that it shipped just over 10,000 vehicles in the first quarter, more or less the same figure it seems to report every quarter.

Rivian does have a new model waiting in the wings, as it is about to start shipping its cheaper R2 SUV, which should boost sales. The company is banking on the R2 being hugely successful out of the gate, despite the fact that the cheapest version of it won’t arrive until late 2027.

Tesla doesn’t have a new, mass-market vehicle ready to go. The company had been working on a much lower-cost EV that was expected to be priced around $25,000. But CEO Elon Musk killed the project in favor of going all-in on the “CyberCab.” In place of that $25,000 car, Musk instead had Tesla develop the stripped-down Model Y and Model 3.

The only truly new model Tesla has released over the last few years is the Cybertruck. While that outsells most other all-electric trucks, it’s been a complete flop in the face of Tesla’s — and Musk’s — expectations for the steel-clad EV. In the first quarter of this year, Tesla only sold 16,130 “other models,” which includes the Cybertruck and the now-retired Model S and Model X.

Fraud operations have expanded beyond traditional hacking techniques to include methods that exploit legitimate services and real-world infrastructure. By combining publicly available data, weak identity verification processes, and operational gaps, threat actors are building scalable fraud workflows that are both low-cost and difficult to detect.

A tutorial shared in a fraud-focused chat group and analyzed by Flare analysts provides step-by-step guidance on how to identify and exploit vacant residential properties to intercept sensitive mail, revealing a low-tech but highly effective method for enabling identity theft and financial fraud.

Unlike traditional cybercrime techniques that rely on malware, phishing kits, or network intrusions, the method outlined in this article focuses almost entirely on abusing legitimate services and physical-world logistics.

The approach blends open-source intelligence, postal service features, and fake identity fraud into a coordinated workflow designed to gain persistent access to victims’ mail.

Turning vacant properties into fraud infrastructure

The tutorial begins with identifying so-called “drop addresses”, real residential properties that are temporarily unoccupied and can be used to receive mail without immediately alerting the rightful occupants.

Threat actors are instructed to search real estate platforms such as Zillow, Rightmove, or Zoopla, filtering for recently listed rental properties. By focusing on newly available listings, attackers increase the likelihood that the property is vacant or between tenants.

The guidance further suggests reviewing older listings to identify homes that have remained unoccupied for extended periods, increasing their reliability as drop locations.

In some cases, threat actors even recommend physically maintaining abandoned properties to make them appear occupied, reducing the risk of drawing attention while using the address for fraudulent purposes.

Monitoring incoming mail to identify valuable targets

Once a suitable address is identified, the next phase involves utilizing legitimate digitalized postal services for discovery and monitoring of incoming mail.

Informed Delivery, for instance, is a free service that provides residential consumers with digital previews of their incoming letter-sized mail and tracks package deliveries.

By registering these services for the selected address, attackers can monitor incoming correspondence remotely, allowing them to identify valuable items such as financial documents, credit cards, or verification letters before physically accessing the mailbox.

This transforms mail delivery into a form of intelligence gathering, enabling more targeted and efficient fraud.

If the address is already registered, the tutorial references change-of-address requests as a way to regain control over mail delivery. These services are designed for legitimate users relocating their residence and are widely available through postal systems such as USPS.

For example, users can submit a permanent or a temporary Change of Address (COA) request online or in person, enabling mail to be forwarded to a new location for periods ranging from several weeks up to 12 months.

Additional services, such as Premium Forwarding, can consolidate and redirect all incoming mail on a recurring basis.

While these mechanisms include identity verification safeguards such as requiring a small online payment tied to a billing address or presenting a valid photo ID in person, the tutorial suggests that actors perceive these controls as potentially insufficient or inconsistently enforced.

In particular, the ability to submit forwarding requests remotely, combined with the reliance on address-linked verification rather than strong identity binding, may create opportunities for abuse if supporting identity information is compromised or fabricated.

As a result, control over mail delivery may, in some cases, be reassigned without direct interaction with the legitimate resident, turning a service intended for convenience into a potential vector for unauthorized redirection.

At this stage, the operation moves beyond passive targeting and into active monitoring, providing attackers with visibility that significantly increases the success rate of downstream fraud.

Establishing persistence through mail forwarding

After confirming that valuable mail is being delivered, the workflow shifts toward establishing long-term access through mail forwarding services.

Actors are instructed to create personal mailbox accounts that allow them to redirect all incoming mail from the drop address to a separate location under their control. 

Because these services typically require identity verification, attackers rely on fake identities, forged documents, or purchased personal data to complete the process.

This marks a critical transition from opportunistic interception to persistent access. Once mail forwarding is in place, attackers no longer need to revisit the physical location, reducing exposure while maintaining continuous access to sensitive information.

The use of fake identities, often involving fabricated personal details or Credit Privacy Numbers (CPNs), demonstrates how this technique integrates with broader fraud ecosystems.

Rather than operating in isolation, drop address abuse becomes one component in a larger pipeline that can support account takeovers, credit fraud, and refund scams.

In practice, these fake identities can be used to register mailbox services, submit forwarding requests, or receive sensitive financial correspondence tied to victim accounts.

This allows actors to bridge the gap between digital compromise and real-world access, enabling them to complete verification steps, intercept authentication materials, or establish new accounts under assumed identities.

As a result, control over a physical address can become an important step in fraud operations that depend on both identity credibility and access to legitimate communication channels. 

A hybrid fraud model blending digital and physical layers

The method outlined in the tutorial reflects a broader evolution in fraud operations, where digital intelligence gathering is combined with physical-world manipulation.

In addition to leveraging online platforms and postal services, actors also describe using individuals (sometimes recruited from vulnerable populations) to physically access mailboxes or collect delivered items.

This introduces a human layer into the operation, allowing attackers to outsource risk and further distance themselves from direct involvement.

The activity described in the tutorial reflects a broader rise in mail-enabled fraud documented in recent reporting. According to U.S. Postal Inspection Service–related data, reports of mail theft have increased significantly in recent years, with theft from mail receptacles rising by 139% between 2019 and 2023.

Financially, the impact is substantial, with mail theft schemes linked to hundreds of millions of dollars in suspicious activity tied to check fraud.

At the same time, abuse of postal redirection services, similar to the technique referenced in the tutorial, has also grown, with change-of-address fraud increasing sharply year-over-year. Together, these trends highlight how control over physical mail has become valuable.

At the same time, the tutorial acknowledges operational challenges. Virtual addresses and commonly reused locations are increasingly flagged by financial institutions, suggesting that defenders are beginning to incorporate address-based risk signals into their detection models.

As a result, actors emphasize the importance of finding “clean” residential addresses that have not yet been associated with fraudulent activity.

Together, these elements illustrate a fraud model that is not driven by technical sophistication, but by coordination, adaptability, and the strategic use of legitimate systems. 

Not an Isolated Tutorial / Fraud

While this may look like an isolated tutorial, this is part of a broader phenomenon or tutorials on how to find physical drop address, some are for free and others are paid for. 

Expanding attack surface beyond traditional cybersecurity controls

The emergence of these techniques underscores a growing challenge for organizations: many of the systems being abused: real estate platforms, postal services, and identity verification processes, exist outside the scope of traditional cybersecurity defenses.

As fraud operations continue to evolve, detection increasingly depends on correlating signals across domains, including address usage patterns, mail forwarding activity, and identity inconsistencies. Without this broader visibility, attacks that rely on legitimate services rather than technical exploits may continue to evade conventional security controls.

Learn more by signing up for our free trial.

Sponsored and written by Flare.

Are you aiming to replace cable TV? Two popular streaming platforms happen to be among of our favorite picks for cord-cutters and cord-cutter wannabes: Google’s YouTube TV and Disney-owned Hulu Plus Live TV. Both streamers offer a swath of live channels, such as CNN, ESPN and TNT, along with local stations ABC, CBS, Fox and NBC, among others  — all without a cable box.

Yet, pricing for each service has steadily increased over the past few years. Currently, the least-expensive plan for YTTV is $83 a month, while Hulu Plus Live TV will put you back $90 a month. While the trend of streaming being less expensive than cable TV remains true, the costs for both are higher than they were just a couple of years ago. Price hikes aside, you still get plenty of value with both Hulu and YTTV. Both offer features like an advanced DVR with a program guide and extensive on-demand content. Not to mention, both platforms are easy to watch on the go, whether on your phone or tablet. They can also be streamed on TVs through a media streamer (such as Roku, Amazon Fire TV or Apple TV), a game console or your smart TV itself.

Hulu has an outstanding selection of live channels and a vast catalog of on-demand shows and movies, and it comes bundled with Disney Plus and ESPN. Of all the live TV streaming services, YouTube TV still offers the most channels among the top 100.

Need more information about YouTube TV and Hulu Plus Live TV? Let’s dive in.

Advertisement

Hulu’s greatest asset is the integration of a full lineup of live TV channels with a massive catalog of on-demand content, all for one price. Its channel count is solid, including some must-have programming. The $90-per-month price includes the ad-supported versions of Disney Plus and ESPN Plus, and there are even higher-priced options for people who don’t want to watch ads. Hulu Plus Live TV is where the smart money is if you want other services bundled with it.

Advertisement

With an excellent channel selection, easy-to-use interface and excellent cloud DVR, YouTube TV is a stellar cable TV replacement. If you don’t mind paying a bit more than the Sling TVs of the world, YouTube TV offers a great live TV streaming experience.

Watch this: Live TV streaming services for cord cutters: How to choose the best one for you

02:44

Channels: YouTube wins, but Hulu’s a close second

It all comes down to channels, really. When you compare both streamers, this is the biggest difference. If you take a look at our list of the top 100 channels on each service, YouTube TV is the winner with 78; Hulu is a close second with 75. That total doesn’t include every channel the services carry, just the ones in the top 100 as determined by CNET editors.

You can find most major national channels on both, including Cartoon Network, Disney Channel, ESPN, Fox News, NFL, TBS, USA Network, PBS and more. There are a few differences, though.

Here’s a condensed version of that list showing the 12 of the top 100 channels carried by one service and not the other.

You may be asking: What about the major local channels? Hulu Plus Live TV and YouTube TV offer all four — ABC, CBS, Fox and NBC — in most areas of the country, along with local affiliates for The CW and MyTV and a number of local PBS stations.

On the premium channels front, you can get add-ons for Starz, Cinemax and HBO by paying an extra fee. Hulu also offers optional channel add-on packages: the Entertainment Add-On for $8 a month with 15 channels including MTV Classic, Cooking Channel and NickToons, its Sports Add-on with seven channels for $10 per month and the Español Add-On with 16 Spanish-language channels for $5. 

Sports: YouTube TV hits a home run

Hulu dropped most of its regional sports networks in 2020. YouTube TV followed suit at the time, but currently carries NBC Sports Bay Area, NBC Sports California, NBC Sports Boston and NBC Sports Philadelphia as part of its base package. The streamer has an advantage when it comes to national sports networks: NBA TV is included in YouTube TV’s base package. 

With YouTube, you can pay another $11 to get the Sports Plus add-on that also includes Fox Soccer Plus, NFL RedZone and Tennis Channel. In addition, new customers get exclusive access to the NFL Sunday Ticket for an added $240 for the first year. That price goes up to $378 annually for returning customers. Separately, there are new skinny TV packages that YouTube TV offers that are genre specific, including four that are sports-centric. These options are different from the platform’s main live TV streaming plan discussed here.

Meanwhile, those with Hulu who opt for the $10 sports add-on can watch the likes of NFL RedZone, MLB Strike Zone, Outdoor Channel, Sportsman Channel, MAVTV Motorsports Network, Racer Network, FanDuel Racing and FanDuel TV.

Read more: With the Tablo Over-the-Air DVR, I Can Watch and Record Live TV — No Subscription Required

Usability: YouTube TV has simpler menus

The menus and interfaces on both are quite different from those of a typical cable provider, and we prefer YouTube TV’s menus overall. 

YouTube TV: In general, the YouTube TV interface is easier to use, not just for people who are already familiar with regular YouTube. Whether you’re using the desktop or app versions, Google’s streamer offers a streamlined structure — even if it’s not as pretty as Hulu.

Hulu Plus Live TV: If it were all about which interface is more fun, Hulu would take the win. Hulu’s look is brighter, and though it lacks YouTube’s comprehensive search, it’s still relatively easy to drill down into the kind of content you want to watch.  

The difference in the number of simultaneous streams is worth noting, especially for families and other households that watch a lot of TV. YouTube TV lets you stream to three different devices — say, the living room TV, a bedroom TV and a tablet — at the same time. Pay Hulu an extra $10 per month, and it will upgrade your stream count to unlimited and let you stream content on more devices simultaneously. On the other hand, the main reason to pay for YouTube’s $10 4K upgrade is to also get unlimited streams.

As for the cloud DVRs on both YouTube TV and Hulu, they offer unlimited storage and let you fast-forward through commercials in recorded programming. While CNET still considers YouTube TV’s DVR the gold standard, Hulu’s is an excellent option as well.

Read more: 10 of the Best Movies on Hulu You Should Watch Now

On-demand and originals: Hulu with the runaway win

Advertisement

YouTube TV includes on-demand TV shows and movies from participating networks and shows, much like your cable service. But it pales in comparison to what Hulu offers. 

As mentioned above, a Hulu Plus Live TV subscription includes all of the on-demand TV shows and movies available on the standard Hulu service, offering thousands of episodes of network TV shows, as well as originals such as Paradise, The Bear, Alien: Earth, Only Murders in the Building and movies like Palm Springs and Prey. 

Read more: Streaming Service Deals for Students: Save on HBO Max, Hulu and Music

Which service is best for you?

Both services represent the peak of what live TV streaming has to offer, and both are better overall than competitors Sling TV and DirecTV. Your choice between the two comes down to cost, channel selection, usability and content — and it’s pretty close between the two. Hulu lets you integrate a wide channel selection with its exemplary on-demand library, which may be worth it for some. In the end, though, it’s all about having access to your favorite channels, so choose the service that offers them.

Channel comparison

Below you’ll find a smaller version of this massive channel comparison. It contains the top 100 channels from each service. Some notes:

• Yes = The channel is available on the cheapest pricing tier. That price is listed next to the service’s name.
• No = The channel isn’t available at all on that service. 
• $ = The channel is available for an extra fee.
• Not every channel a service carries is listed, just the “top 100,” as determined by CNET’s editors. Less popular channels including AXS TV, CNBC World, Discovery Life, GSN, POP and Universal Kids didn’t make the cut.
• Regional sports networks — channels devoted to regular-season games of particular pro baseball, basketball and hockey teams — are not listed. To find out if your local RSN is available, you can search YouTube TV by ZIP code here and search Hulu Plus Live TV by ZIP code here.

Startups are often quick to say they value diversity but are slow to implement hiring practices that reflect that. It is the path of least resistance for a growth-stage company to hire from the familiar Silicon Valley pipelines, but if a founder wants a diverse team, that value has to be put into practice from the very first hire. 

Leah Solivan, the founder of Taskrabbit and founder and managing director of Precedent.VC, joined Isabelle Johannessen on Build Mode to discuss how she thought about hiring while leading Taskrabbit. As the company scaled from being bootstrapped on Solivan’s personal credit cards to becoming one of the defining platforms of the gig economy, the leadership team intentionally sought out diverse talent for each role.

Diversity doesn’t happen by accident. Solivan and their team built it into every aspect of their recruiting and hiring process. “But if you do that from the beginning, then it becomes easier, because the culture that’s built, the team that’s built, the network that you’ve built as a company, is more diverse, and it feeds itself. It becomes an ecosystem. It’s too late if you wait until you’ve scaled and it’s at the end,” said Solivan.

Every startup has a network of talent with the founder at its center, and it stands to reason that the network will reflect the founder’s community. So a more diverse tech industry, in many ways, begins with who is investing in these founders. As an early-stage investor, Solivan has seen the flow of money from both sides of the table. 

“If you follow the money through the system, it comes from limited partners, and they’re the ones that decide who to give the money to, venture capitalists. And from there, then the venture capitalists choose which founders they’re going to invest in,“ said Solivan. “The money is there, but it’s being controlled by people that have different biases.”

However, a founder or the VCs backing them don’t have to be underrepresented to intentionally hire from a diverse talent pool. Solivan suggests setting the goal of seeing two résumés from female candidates for every one male résumé, tapping into a wider range of networks, and promoting people from different backgrounds into leadership roles.

“You’re asking someone to walk off the edge of a cliff — let’s build a net for them to jump into,” said Solivan

Apply to Startup Battlefield: We are looking for early-stage companies that have an MVP. So nominate a founder (or yourself). Be sure to say you heard about Startup Battlefield from the Build Mode podcast. Apply here.

TechCrunch Disrupt 2026: We’re back for TechCrunch Disrupt on October 13 to 15 in San Francisco, where the Startup Battlefield 200 takes the stage. So if you want to cheer them on, or just network with thousands of founders, VCs, and tech enthusiasts, then grab your tickets.  

New episodes of Build Mode drop every Thursday. Hosted by Isabelle Johannessen. Produced and edited by Maggie Nye. Audience development led by Morgan Little. Special thanks to the Foundry and Cheddar video teams.