Bose helped write the book on noise canceling when it entered the market way back in the 1970s. Lately, the brand has been on a tear, with the goal of creating the ultimate in sonic solitude. The QuietComfort Ultra Gen 2 are Bose’s latest and greatest creation, offering among the very best noise canceling we’ve ever tested.

Just as importantly, they’re currently on sale for $50 off. Now, this might not seem like a huge discount on a $450 pair of headphones, but this is the lowest price we’ve seen on these headphones outside of a major shopping holiday. So if you missed your chance during Black Friday but you have a spring break trip to Mexico or Hawaii on the calendar, this is your best bet.

The Best Noise Canceling Headphones Are on Sale

I’ve wondered over the last few years if the best noise cancelers even needed another potency upgrade. Previous efforts like Sony’s WH-1000XM5, Apple’s AirPods Max, and Bose’s own QuietComfort 45 offering enough silence that my own wife gives me a jump scare when she walks up behind me.

Then I had a kid.

Bose’s properly named QuietComfort Ultra not only do a fantastic job quelling the many squeaks, squawks, and adorable pre-nap protests my baby makes. Now that my wife and I have turned my solo office into a shared space, I can go about my business in near total sonic freedom, even as she sits in on a loud Zoom call.

In testing, we found Sony’s latest WH-1000XM6 offered a slight bump in noise canceling performance over Bose’s latest, due in part to their zippy response time when attacking unwanted sounds. But both were within a hair of each other when tested across frequencies. I prefer Bose’s pair for travel, due to their more cushy design that lets me listen for a full cross-country flight in luxe comfort.

Upgrades to the latest generation, like the ability to sleep them and quickly wake them, make these headphones surprisingly more intuitive to use daily. The new built-in USB-C audio interface lets you listen to lossless audio directly from supported devices, a nice touch now that Spotify has joined Apple Music and other services with lossless audio support.

Speaking of audio, the QC Ultra Gen 2’s performance is impressive, providing clear and crisp detail and dialog, with a lively touch that brings some added excitement to instruments like percussion or zippy guitar tones. It’s a lovely overall presentation. I’m not a huge fan of the new spatial audio mode (what Bose calls Cinema mode), but it’s always nice to have options.

These headphones often bounce between full price and this $50 discount, so if you’ve been waiting for the dip, now’s the time to buy. If you’ve deal with daily distractions like me, whether at home or in a busy office space, you’ll appreciate the latest level of sound-smashing solitude Bose’s best noise-cancelers ever can provide.

Power up with unlimited access to WIRED. Get best-in-class reporting and exclusive subscriber content that’s too important to ignore. Subscribe Today.

Google has announced that using its newly incorporated Lyria 3 model, Gemini users will be able to generate 30-second music tracks based on a prompt, or remix an existing track to their liking. The new model builds on Gemini’s pre-existing ability to generate text, images and video, and will also be available in YouTube’s “Dream Track” feature, where it can be used to generate detailed backing tracks for Shorts.

Like some other music generation tools, prompting Gemini doesn’t require a lot of detail to produce serviceable results. Google’s example prompt is “a comical R&B slow jam about a sock finding their match,” but after playing with Lyria 3, you can definitely get more granular about individual elements of a track — changing the tempo or the style of drumming, for example — if you want to. Outside of text, Gemini can also generate music based on a photo or video, and tracks can be paired with album art created by Google’s Nano Banana image model.

Google says that Lyria 3 improves on its previous audio generation models in its ability to create more “realistic and musically complex” tracks, give prompters more control over individual components of a song and automatically generate lyrics. Gemini’s outputs are limited to 30-second clips for now, but given how Google’s promotional video shows off the feature, it’s not hard to imagine those clips getting longer or the model getting incorporated into other apps, like Google Messages.

Like Gemini’s other AI-generated outputs, songs made with Lyria 3 are also watermarked with Google’s SynthID, so a Gemini clip can’t as easily be passed off as a human one. Google started rolling out its SynthID Detector for identifying AI-generated content at Google I/O 2025. The sample tracks Google included alongside its announcement are convincing, but you might not need the company’s tool to notice their machine-made qualities. The instrumental parts of Gemini’s clips often sound great, but the composition of the lyrics Lyria 3 produces sounds alternately corny and strange.

If you’re curious to try Lyria 3 for yourself, Google says you can prompt tracks in Gemini starting today, provided you’re 18 years or older and speak English, Spanish, German, French, Hindi, Japanese, Korean or Portuguese.

from the flow-my-sewage,-said-the-swamp dept

The ICE surge in Minneapolis, Minnesota was instigated by a far-right click bait artist and encouraged by the president’s portrayal of Somali immigrants as “garbage” people from a “garbage” country. And those were some of the nicer words Trump used to describe the people his agencies would be hunting down first.

Several weeks later, a draw-down has begun, prompted by two murders committed by federal officers, an inability to obtain indictments against protesters, and every narrative about violence perpetrated by federal officers disintegrating the moment the government was asked to provide some evidence of its claims to the court.

Hundreds of judges in hundreds of immigration cases have found that the government has routinely violated the due process rights of the immigrants it has arrested. This dates all the way back to the beginning of Trump’s second term, but months of roving patrols by masked men with guns has created a massive influx of cases courts are still trying to sort out. But one thing is clear: the government will do anything it can to keep the people it arrests from availing themselves of their constitutional rights.

This starts with the arrests themselves, which most often occur without a judicial warrant. The same goes for the invasion of people’s houses and places of business. With the Supreme Court giving its tacit blessing to casual racism (the so-called “Kavanaugh stops”), anyone who looks less than white or whose English has a bit of an accent is considered reasonably suspicious enough to detain.

The government has been on the losing end of hundreds of cases involving due process rights. This decision [PDF], coming to us via Politico’s Kyle Cheney, details the massive amount of constant movement this government engages in to keep people separated from their rights and physical freedom.

It opens with this:

Immigrations and Customs Enforcement (“ICE”) recognizes that noncitizen detainees have a constitutional right to access counsel. But in recent weeks, ICE has isolated thousands of people—most of them detained at the Bishop Henry Whipple Federal Building—from their attorneys. Plaintiffs, who are noncitizen detainees and a nonprofit that represents noncitizens, have presented substantial, specific evidence detailing these alleged violations of the United States Constitution. In response, Defendants offer threadbare declarations generally asserting, without examples or evidence, that ICE provides telephone access to counsel for noncitizens in its custody. The Plaintiffs’ declarations provide specifics of the opposite. The gulf between the parties’ evidence is simply too wide and too deep for Defendants to overcome.

It’s not like ICE can’t provide detainees with access to attorneys or respect their due process rights. It’s that they choose not to, now that Trump is in charge. The access is theoretically possible. It’s just being purposefully denied. And it’s not even just being denied in the sense that phone call requests are being refused. People detained by ICE are placed into a constant state of flux for the sole purpose of making it as difficult as possible for them to avail themselves of their rights.

The devil is in the details. And the court brings plenty of those, all relating to the administration’s “Operation Metro Surge” that targeted Minneapolis, Minnesota:

Detainees are moved frequently, quickly, without notice,and often with no way for attorneys to know where or how long they will be at a given facility. (ECF No. 20 (“Boche Decl.”) ¶¶ 9, 13, 18; ECF No. 24 (“Edin Decl.”) ¶ 6; Heinz Decl. ¶ 5 (explaining that of eleven clients initially detained at Whipple, ten were transferred out of the state within twenty-four hours); Kelley Decl. ¶ 19.) Once a person has been transferred out of Minnesota, “representation becomes substantially more difficult”—attorneys must secure local counsel to sponsor a pro hac vice application and navigate additional barriers.

This is a key part of the administration’s deliberate destruction of constitutional rights. Moving people quickly helps prevent habeas corpus motions from being filed, since they need to be filed in the jurisdiction where they’re being held. If detainees are shifted from place to place quickly enough, their counsel needs to figure out where they’re being held and hope that their challenge lands in court before their clients are moved again. And with the Fifth Circuit basically codifying the denial of due process to migrants, more and more people arrested elsewhere in the nation are being sent to detainment centers in Texas as quickly as possible.

All of this is intentional:

Defendants transfer people so quickly that even Defendants struggle to locate detainees. Often, Defendants do not accurately or timely input information into the Online Detainee Locator System. This prevents Minnesota-based attorneys from locating and speaking with their clients.The locator either produces no search results or instructs attorneys to call for details, referencing a phone number that ICE does not answer. Often, Defendants do not update the locator until after detainees areout of state. Attorneys frequently learn of their client’s location for the first time when the government responds to a habeas petition.

These are not the good faith efforts of a government just trying to get a grasp on the immigration situation. These are the bad faith efforts of government hoping to violate rights quickly enough that the people it doesn’t like will be remanded to the nearest war-torn nation/foreign torture prison before the judicial branch has a chance to catch up.

There’s more. There’s the phone that detainees supposedly have access to for their one phone call. It’s the same line used to receive calls for inmates, so that means lawyers calling clients back either run into a busy signal or a ringing phone that detainees aren’t allowed to answer and ICE officers certainly aren’t interested in answering.

Lawyers seeking access to their clients have been refused access. In some cases, they’ve been threatened with arrest by officers simply for showing up. Even if they happen to make it inside the Whipple Detention Center, ICE officers and detention center employees usually refuse them access to their clients.

And when people try to work within the unconstitutional limitations of this deliberately broken system, they’re mocked for even bothering to avail themselves of their rights.

When an attorney told an agent that she sent a copy of a releaseorder to the specified email address, the agent laughed and said “something to the effect of ‘yeah we really need to get someone to check that email.’”

To sum up, the government is exactly what the court thinks it is: a set of deliberate rights violations pretending it’s a legitimate government operation that’s just trying to do the best it can in these troubling times:

It appears that in planning for Operation Metro Surge, the government failed to plan for the constitutional rights of its civil detainees. The government suggests—with minimal explanation and even less evidence—that doing so would result in “chaos.” The Constitution does not permit the government to arrest thousands of individuals and then disregard their constitutional rights because it would be too challenging to honor those rights.

The administration has long lost the “presumption of regularity” that courts have utilized for years while handling lawsuits and legal challenges against the government. It no longer is considered to be acting in good faith in much of the country (Fifth Circuit excluded, for the most part). This is the “rule of law” party making it clear that it will only follow the rules and laws it likes. And it will continue to do so because courts can’t actually physically free people or force the government to respect their rights. The Trump administration is fine with losing in court and losing the hearts and minds of most of America as long as those in power keep getting to do what they want.

Filed Under: dhs, doj, due process, ice, immigration, kristi noem, mass deportation, minnesota, rights violations, todd lyons, tom homan, trump administration

This story was sponsored and fact checked by Marantz

Marantz is redefining what reference level home theater looks and sounds like for today’s listener. The focus is no longer on excess hardware or visual dominance, but on delivering uncompromising performance, meticulous tuning, and premium build quality within a refined, contemporary industrial design that complements modern living spaces. It is theater-grade sound, executed with intention and restraint.

That philosophy comes into full view with the introduction of the AV30 and AMP30, completing Marantz’s new A/V separate series alongside the AV10 and AMP10 and the AV20 and AMP20. The result is a deliberately tiered lineup of preamp/processors and multi-channel amplifiers offering mix-and-match configurations, including support for immersive layouts up to 9.4.6 Dolby Atmos.

Whether building a reference system from the ground up or integrating selectively with the Cinema Series AVRs to add power where it matters most, Marantz has designed an ecosystem that scales performance with consistent visual elegance.

Execution matters at this level, and Marantz’s latest A/V separates reflect that standard. All components are engineered and manufactured at the Marantz Shirakawa Audio Works facility in Japan, and each product is certified by a Marantz Sound Master, currently Yoshinori Ogata, to ensure tuning accuracy, consistency, and performance integrity.

The result is a modern reference platform that prioritizes sound quality, visual refinement, and long term relevance, delivering premium home theater without the traditional equipment rack mentality and signaling clearly where Marantz believes high-end A/V performance belongs today.

From Foundational Engineering to Modern Reference Home Theater

The current Marantz A/V separates continue the ethos, engineering discipline, and design principles established by founder Saul Marantz beginning in 1953. Most notably, the Marantz Model 9 from 1960 introduced the porthole and architectural symmetry that remain defining elements of the 2026 lineup. From the outset, Marantz established a clear technical philosophy centered on precise power control, stability under load, and system designs that balance performance with usability.

Inspired by the proportion and resonance of musical instruments, Marantz components use symmetry not as a stylistic gesture but as a visual expression of control and order, reinforcing the central role of sound rather than competing with it. The iconic porthole carries that same philosophy forward. Originally a functional window for an analog VU meter, it has evolved into a modern aperture into the heart of the component, maintaining a sense of connection between listener and system whether the technology inside is analog or digital.

The warmth long associated with Marantz sound is equally present in its physical form. Materials, finishes, and color choices are selected to feel inviting rather than clinical, while controls are designed to respond with precision and confidence in hand. Anchoring it all is the Marantz mark, placed deliberately at the pinnacle of each product as a quiet statement of lineage and intent.

As formats evolved and system complexity increased, Marantz expanded its engineering and tuning operations, reinforcing a culture of precision and consistency. Rather than treating home theater as a departure from high-fidelity design, Marantz applied its amplification expertise directly to multichannel systems, focusing on clarity, spatial coherence, and controlled dynamics across increasingly demanding channel counts.

A key technical milestone followed with the development of Hyper Dynamic Amplifier Module technology. Created as a discrete alternative to conventional integrated circuits, HDAM established Marantz’s approach to faster signal response, wider bandwidth, and more precise dynamic control—an architecture that continues to define the brand’s amplification.

That lineage is carried forward in Marantz’s latest A/V separates, which translates decades of amplification and tuning expertise into reference-level home theater as it is experienced today.

A Tiered Reference System Designed for Modern Home Theater

Marantz’s current A/V separates are designed as a deliberately tiered system rather than a single statement product. The lineup comprises three preamp processors, the AV10, AV20, and AV30, and three multichannel power amplifiers, the AMP10, AMP20, and AMP30, allowing system builders to scale performance while maintaining a consistent design and tuning philosophy.

The newest additions, the AV30 and AMP30, serve as the most accessible entry point in the lineup, complemented by the AV20 and AMP20 and the flagship AV10 and AMP10. Together, they form three clearly defined performance tiers that allow systems to scale without sacrificing a unified design language or tuning philosophy.

Signal integrity, tonal balance, and amplification control are consistent across the Marantz separates range. The differences come down to channel capacity. The AV30 supports up to 7.4.4 Dolby Atmos processing, the AV20 adds 2 additional height or surround channels, and the flagship AV10 expands that by another 2 channels. The amplifier lineup follows the same logic: the AMP30 provides 6 channels, the AMP20 offers 12, and the AMP10 tops the range with 16. All amplifier channels are rated at 200 watts into 8 ohms and support bi-amping or bridging, which doubles output to 400 watts per channel.

With support for immersive configurations from 11 to 15 channels, Marantz A V separates are well suited to high-performance living spaces and dedicated theaters where integration, efficiency, and visual restraint matter as much as output. Their focus is consistency, maintaining clarity, stability, and coherence as channel counts and speaker demands increase. All three AMP models also provide a flexible upgrade path for Marantz Cinema Series AVR owners who need additional power or channel expansion.

The result is a separates platform defined by flexibility rather than hierarchy. Whether beginning with the AV30 and AMP30 or building toward a flagship configuration, each tier reflects the same approach to amplification, tuning, and industrial design.

AV30 and AMP30: A Modern Entry Point to Marantz Reference Home Theater

Marantz reinforces its tiered separates strategy with the AV30 and AMP30 by addressing a buyer who wants a high-performance home theater that is equally capable with film, music, and modern displays. Positioned as the most accessible entry point in the Marantz separates lineup, the pairing is designed to deliver the core elements that matter at this level: format flexibility, system integration, and the ability to adapt as the system and room evolve.

The AV30 serves as the system’s control center, supporting the surround formats that define today’s premium home theater, including Dolby Atmos, DTS X, Auro 3D, and IMAX Enhanced. Four independent subwoofer outputs allow precise low-frequency integration and compatibility with advanced room optimization such as Dirac Live ART. On the video side, support for HDR10, HDR10+, Dolby Vision, HLG, and Dynamic HDR pass-through ensures full compatibility with modern displays and high-quality sources.

Beyond home theater, the AV30 is designed to integrate easily into everyday listening. It supports a wide range of streaming services, including Amazon Music, TIDAL, Deezer, Napster, and SoundCloud, Qobuz Connect, and is Roon Ready for library-based playback. HEOS enables multiroom integration, while Bluetooth, Apple AirPlay 2, and Wi-Fi provide straightforward access across devices and use cases.

Paired with the AV30, the AMP 30 delivers controlled, scalable amplification for modern multichannel systems. Its six-channel Class D design provides up to 200 watts per channel, reinforced by Marantz’s HDAM-SA2 circuitry for stability and tonal consistency. Systems can grow by adding additional AMP30 units or pairing with higher-channel-count amplifiers such as the AMP20, while support for bi-amp and bridge-tied load configurations and both XLR and RCA inputs keeps integration straightforward.

Taken together, the AV30 and AMP30 form a cohesive foundation for buyers considering an $8,000 separates investment. As a system, they deliver modern surround processing, refined low-frequency control, scalable amplification, and seamless integration with both home theater and whole-home audio environments.

More importantly, they reflect Marantz’s long-standing priorities; clarity, control, and thoughtful system design applied to the realities of contemporary home theater, where performance must coexist with flexibility and long-term relevance.

Tip: In the coming weeks our Editor-at-Large, Chris Boylan will be releasing his hands-on review of the AV30, AMP30 and AMP20.

Price & Availability

Home Theater Preamplifier/Processors:

Multi-channel Power Amplifiers:

For more information, visit marantz.com

Related Reading:

Like many Silicon Valley companies today, Scout AI is training large AI models and agents to automate chores. The big difference is that instead of writing code, answering emails, or buying stuff online, Scout AI’s agents are designed to seek and destroy things in the physical world with exploding drones.

In a recent demonstration, held at an undisclosed military base in central California, Scout AI’s technology was put in charge of a self-driving off-road vehicle and a pair of lethal drones. The agents used these systems to find a truck hiding in the area, and then blew it to bits using an explosive charge.

“We need to bring next-generation AI to the military,” Colby Adcock, Scout AI’s CEO, told me in a recent interview. (Adcock’s brother, Brett Adcock, is the CEO of Figure AI, a startup working on humanoid robots). “We take a hyperscaler foundation model and we train it to go from being a generalized chatbot or agentic assistant to being a warfighter.”

Adcock’s company is part of a new generation of startups racing to adapt technology from big AI labs for the battlefield. Many policymakers believe that harnessing AI will be the key to future military dominance. The combat potential of AI is one reason why the US government has sought to limit the sale of advanced AI chips and chipmaking equipment to China, although the Trump administration recently chose to loosen those controls.

“It’s good for defense tech startups to push the envelope with AI integration,” says Michael Horowitz, a professor at the University of Pennsylvania who previously served in the Pentagon as deputy assistant secretary of defense for force development and emerging capabilities. “That’s exactly what they should be doing if the US is going to lead in military adoption of AI.”

Horowitz also notes, though, that harnessing the latest AI advances can prove particularly difficult in practice.

Large language models are inherently unpredictable and AI agents—like the ones that control the popular AI assistant OpenClaw—can misbehave when given even relatively benign tasks like ordering goods online. Horowitz says it may be especially hard to demonstrate that such systems are robust from a cybersecurity standpoint—something that would be required for widespread military use.

Scout AI’s recent demo involved several steps where AI had free rein over combat systems.

At the outset of the mission the following command was fed into a Scout AI system known as Fury Orchestrator:

Fury Orchestrator, send 1 ground vehicle to checkpoint ALPHA. Execute a 2 drone kinetic strike mission. Destroy the blue truck 500m East of the airfield and send confirmation.

A relatively large AI model with over a 100 billion parameters, which can run either on a secure cloud platform or an air-gapped computer on-site, interprets the initial command. Scout AI uses an undisclosed open source model with its restrictions removed. This model then acts as an agent, issuing commands to smaller, 10-billion-parameter models running on the ground vehicles and the drones involved in the exercise. The smaller models also act as agents themselves, issuing their own commands to lower-level AI systems that control the vehicles’ movements.

Seconds after receiving marching orders, the ground vehicle zipped off along a dirt road that winds between brush and trees. A few minutes later, the vehicle came to a stop and dispatched the pair of drones, which flew into the area where it had been instructed that the target was waiting. After spotting the truck, an AI agent running on one of the drones issued an order to fly toward it and detonate an explosive charge just before impact.

Today, district leaders are being asked to make irreversible budget decisions with fewer dollars and less margin for error than ever before. Yet many districts are making those decisions with limited evidence of what actually works in their classrooms — not because leaders lack interest in data, but because few systems are designed to support real-time learning at the district level.

For school and district leaders, quality data is key. Without strong research, data and connections, district leaders can find themselves working in silos, testing similar ideas in parallel without a shared way to learn what works, what does not and why.

“Right now, education research and development (R&D) isn’t about experimentation; it’s about making smarter bets with limited resources,” shared Jillian Doggett, director of the League of Innovative Schools at Digital Promise.

“R&D has to be embedded in a district’s DNA so that we are not making decisions based on assumptions of what we think works, or on what worked five or 10 years ago,” said Doggett.

That shift requires moving past a traditional approach in which programs are adopted districtwide before leaders have meaningful local evidence of fit or impact.

Dr. Robert Hill, superintendent and chief executive officer of the Springfield City School District in Ohio, argues that meeting students’ needs requires stepping beyond familiar models. To him, research and development is a way to test new approaches, learn quickly and build evidence before scaling.

“Through R&D, we can think outside the box, build evidence through continuous improvement and then advance policy, with funding attached, that actually supports kids,” Hill said.

How Districts Are Prioritizing Research and Development

Hill’s belief in the connection between R&D and student outcomes led him to join a national advisory group of district leaders focused on making education research more responsive to real-time needs.

Prioritizing research and development has already led to measurable progress for Hill’s district. As part of a chronic absenteeism cohort, Hill and his team worked with peer districts to test strategies, analyze real-time attendance data and refine approaches based on what was actually driving shifts in student engagement. Rather than relying on a single program or past assumptions, the district used an inclusive innovation model to identify which interventions were effective.

“Research and development has helped us better engage our students,” Hill shared. “By aligning student interests to career pathways and connecting that with labor market data, we are actually seeing forward progress on our academic outcomes.”

For Dr. Audra Pittman, superintendent of Calistoga Joint Unified School District in rural California, engaging in education research and development helps ensure her district operates through an equity lens. Her approach to innovation is grounded in the belief that if current practices are not working for all students, districts have an obligation to keep trying new approaches.

Through a structured research partnership, Pittman’s district is examining how families and staff can partner more effectively through a cohesive, district-wide engagement and support approach centered on a co-design framework. This work asks not only whether something works, but also for whom, under what conditions and why.

The partnership allows Pittman’s team to pilot ideas thoughtfully, balancing innovation with the realities of limited time and capacity.

Why Collaboration Is Essential to Scaling What Works

Alongside education research and development, Pittman attributes strong connections with peers across the country to turning local insights into broader change.

“There’s a lot of good work that’s occurring across our nation,” said Pittman. Through participation in a national learning network, leaders like Hill and Pittman test, share and refine practices through issue-focused cohorts, innovative partnerships and regular in-person touchpoints.

As a busy superintendent, Pittman knows how difficult it can be to identify new methods she can trust. Engaging with peers who are testing emerging approaches and sharing evidence of impact has supported more efficient, informed decision-making.

Doggett has seen districts benefit from this hands-on approach to research and development, including access to research partnerships, shared tools and opportunities to learn across systems.

“That connective tissue allows district-led R&D to move quickly, learn in real time and extend beyond individual districts.”

From Policy to Action

The collaborative efforts of district leaders matter not only for research and development but also for policy.

“It’s necessary to have conversations with [policymakers] to express the challenges we are facing, the flexibility that’s necessary to advance an R&D model, and the funding that’s associated with that,” Hill shared.

Traditional funding structures often require districts to commit to specific programs upfront, leaving little room for the iterative testing that defines effective research and development. As a result, districts are often forced to choose certainty over learning — even when that certainty is more assumed than proven.

Late last year, Hill, Pittman and other district leaders convened in Washington, D.C., to make the case for a reimagined approach to funding that better supports effective education R&D.

During those meetings, leaders shared how collaborative research and development efforts have supported improvements in teaching and learning and discussed ways to scale effective practices. They called for sustained investment, greater flexibility to reduce barriers to innovation and more transparent sharing of results to accelerate learning and advance equity nationwide.

“When you’re surrounded by districts from across the nation, you are reminded that education … is truly a bipartisan issue,” Pittman reflected. “We are somewhat divided now, and this is an opportunity to bring us back together.”

Are you interested in tapping into a national learning community through the League of Innovative Schools? Sign up to be the first to hear when the League’s next application cycle is live.

Flare researchers monitoring underground Telegram channels and cybercrime forums have observed threat actors rapidly sharing proof-of-concept exploits, offensive tools, and stolen administrator credentials related to recently disclosed SmarterMail vulnerabilities, providing insight into how quickly attackers weaponize new security flaws.

The activity occurred within days of the vulnerabilities being disclosed, with threat actors sharing and selling exploit code and compromised access tied to CVE-2026-24423 and CVE-2026-23760, critical flaws that enable remote code execution and authentication bypass on exposed email servers.

These vulnerabilities have since been confirmed in real-world attacks, including ransomware campaigns, highlighting how attackers increasingly target email infrastructure as an initial access point into corporate networks, allowing them to move laterally and establish persistent footholds.

CVE-2026-24423 and CVE-2026-23760: Critical RCE and Auth Bypass Flaws

Multiple recently disclosed SmarterMail vulnerabilities created a perfect storm that made the platform highly attractive to attackers. Among them, CVE-2026-24423 stands out as a critical unauthenticated remote code execution flaw affecting versions prior to Build 9511.

With a CVSS score of 9.3 and no user interaction required, the flaw is particularly suited for automation, large-scale scanning, and mass exploitation campaigns.

In parallel, additional vulnerabilities CVE-2026-23760 (CVSS 9.3) include authentication bypass and password reset logic flaws. It allows attackers to reset administrator credentials or gain privileged access to the platform. Research also shows that attackers were quickly reverse-engineering patches to identify and weaponize these weaknesses within days of release.

When combined, these issues enabled full server takeover scenarios, where attackers could move from application-level access to operating system control and potentially domain-level compromise in connected environments.

From an attacker’s perspective, this combination is ideal: SmarterMail is a network-exposed service, often holds a high trust position inside enterprise environments, and in many cases is monitored less aggressively than endpoint systems protected by EDR.

Once proof-of-concept exploit code becomes available, exploitation can be rapidly operationalized – meaning the timeline from vulnerability disclosure to ransomware deployment can shrink to days.

SmarterTools Breached by Own Product Flaw, Ransomware Groups Follow

Recent incidents demonstrate exactly how this pipeline plays out.

According to a SmarterTools report, SmarterTools was breached in January 2026 after attackers exploited an unpatched SmarterMail server running on an internal VM that was exposed inside their network.

The compromised environment included office and lab networks and a data-center segment connected through Active Directory, where attackers moved laterally and impacted around a dozen Windows servers.

The company shut down the affected infrastructure, restored systems from backup, rotated credentials, and removed some Windows/AD dependencies. Having said that, it was reported that core customer services and data were unaffected. Attackers gained an internal network foothold and attempted typical ransomware-style post-exploitation actions; it wasn’t successful, thanks to network segmentation.

In another investigation published by Bleeping Computer, ransomware operators gained initial access through SmarterMail vulnerabilities and waited before triggering encryption payloads, a classic affiliate behavior pattern.

This pattern is important:

1. Initial access via email server vulnerability
2. Credential harvesting or token extraction
3. Lateral movement via Active Directory
4. Persistence via scheduled tasks or DFIR tool abuse
5. Ransomware deployment after staging period

Some campaigns have been linked to the Warlock ransomware group, with overlaps observed with nation-state-aligned activity clusters.

Email Servers: Identity Infrastructure Attackers Target First

Email servers sit at a unique intersection of trust and visibility.

They often provide:

• Domain authentication tokens
• Password reset capabilities
• External communication channels
• Access to internal contact graphs
• Integration with identity and directory services

Attackers understand that email ecosystems rely on multi-component authentication chains where a single weak link can break overall trust. Compromise the email infrastructure and you effectively compromise identity.

1,200+ Vulnerable Servers Identified on Shodan

We found ~34,000 servers on Shodan with indications of running SmarterMail. Out of the 34,000, there were 17,754 unique servers.

A further inspection of these servers shows that 1,185 are vulnerable to authentication bypass or RCE flaws. Other publications talk about ~6,000 vulnerable servers.

A geo-location analysis of these 1,185 servers shows US dominance:

A further analysis of the ISPs and Organizations shows a very diverse distribution of open SmarterMail servers, many self-hosted admin panels, shared hosting, VPS providers, and general-purpose cloud networks, typical of deployment by individuals rather than organizations.

This may indicate that after the strong security hype over the past weeks, organizations were quick to react and block this attack surface.

Underground Forums Share Exploits Within Days of Disclosure

The underground ecosystems are fast to react to such publications. The CVEs were published around the beginning of January, and on the same day, there were mentions and references to these vulnerabilities. To date, we’ve seen dozens of publications and references to these vulnerabilities.

This is normal underground behavior when it comes to critical vulnerabilities.

We have also seen some more malicious references. A few days after the first publication, there were references to Proof of Concept or exploit of the vulnerabilities. For instance, an Arabic-speaking Telegram channel shows PoC.

You can also see how the threat actor is showing proof of concept:

And another threat actor is showing a proof of concept to this vulnerability:

In a Spanish-speaking Telegram group, we saw references to an Offensive Security Tool:

On another Telegram group, we saw a data dump of admin credentials highlighted as it comes from a compromised SmarterMail server:

When accessing one of the links, you can indeed see a long list of admin credentials and the domains (or login) to which they belong.

CISA Confirms Active Exploitation in Ransomware Campaigns

These vulnerabilities were published in the beginning of 2026, CISA added CVE-2026-24423 to the Known Exploited Vulnerabilities catalog in the beginning of February 2026, after confirming active ransomware exploitation.

This confirms that attackers are quick to exploit newly discovered critical RCE- related vulnerabilities:

• Vulnerability disclosure
• PoC written and released
• Mass scanning operation
• Weaponization: Data exfiltration, Ransomware etc.

Timeline shrinking from months/weeks to days.

How to Protect Email Infrastructure From Ransomware Access

Many organizations still treat email servers as “ONLY application infrastructure”. Well, they are not!

They are identity infrastructures that enable many follow-up attack vectors, as well as containing secrets and business logic. Defensive priorities should include:

• Patch Urgency: Critical email server vulnerabilities should be treated like domain controller vulnerabilities.
• Identity Telemetry: Organizations should monitor these environments for:
  • Admin password resets
  • API calls to external hosts
  • Unexpected outbound HTTP from mail servers

• Network Segmentation: Email infrastructure should never have unrestricted access to internal networks.
• Threat Hunting Practice:
  • API abuse patterns
  • Scheduled task persistence
  • Unexpected tooling like DFIR frameworks or remote admin tools

Email Servers Are Identity Infrastructure—Secure Them Accordingly

The SmarterMail cases show once again how modern cybercrime operations are quick to add newly discovered initial access to their ongoing operation.

It also re-emphasizes the critical role email servers take in the modern organization:

• Identity brokers
• Trust anchors
• Business logic
• Invaluable reconnaissance data for follow-up cybercrime

Organizations that continue treating them as just “messaging systems” will remain vulnerable to this new generation of intrusion pipelines.

Learn more by signing up for our free trial.

Sponsored and written by Flare.