The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective.
Although the resource has been leveraged for malicious activity in the past, the current spike may be due to a large number of AWS Identity and Access Management access keys exposed in public assets.
Because it is a legitimate, trusted resource, phishing operations can leverage Amazon SES to send out malicious emails that pass authentication checks.
Kaspersky researchers note in a report today that they’ve “observed an uptick in phishing attacks leveraging Amazon SES” to deliver links that redirect to a malicious site.
The researchers believe the main driver of this abuse is the increasing exposure of AWS credentials in GitHub repositories, .ENV files, Docker images, backups, and publicly accessible S3 buckets.
Finding the access keys is typically done in an automated way using bots built on the open-source TruffleHog utility, which is designed to scan for leaked secrets.
Threat actors now rely on automated attacks that streamline secret scanning, permission validation, and email distribution, enabling unprecedented levels of abuse.
“After verifying the key’s permissions and email sending limits, attackers are equipped to spread a massive volume of phishing messages,” Kaspersky explains.
Based on their findings, the researchers say that the phishing quality is high, featuring custom HTML templates that mimic real services and realistic login flows.
The observed attacks include fake document-signing notifications that imitate DocuSign to lead victims to AWS-hosted phishing pages, as well as more advanced business email compromise (BEC) attacks.
Attackers fabricate entire email threads to make the phishing messages appear more convincing and send fake invoices to trick finance departments into making payments.
By leveraging Amazon SES, attackers no longer need to worry about authentication checks such as the SPF, DKIM, and DMARC protocols.
Additionally, blocking the offending IP addresses that deliver the phishing emails is not an acceptable solution because it would prevent all emails coming through Amazon SES.
Kaspersky recommends that companies restrict IAM permissions based on the “least privilege” principles, enable multi-factor authentication, regularly rotate keys, and apply IP-based access restrictions and encryption controls.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
If you want to overthrow Big Tech, you’ll need Section 230. The paradigm shift being built with the Open Social Web can put communities back in control of social media infrastructure, and finally end our dependency on enshittified corporate giants. But while these incumbents can overcome multimillion-dollar lawsuits, the small host revolution could be picked off one by one without the protections offered by 230.
The internet as we know it is built on Section 230, a law from the 90s that generally says internet users are legally responsible for their own speech — not the services hosting their speech. The purpose of 230 was to enable diverse forums for speech online, which defined the early internet. These scattered online communities have since been largely captured by a handful of multi-billion dollar companies that found profit in controlling your voice online. While critics are rightly concerned about this new corporate influence and surveillance, some look to diminishing Section 230 as the nuclear option to regain control.
The thing is, that would be a huge gift to Big Tech, and detrimental to our best shot at actually undermining corporate and state control of speech online.
We’re fed up with legacy social media trapping us in walled gardens, where the world’s biggest companies like Google and Meta call the shots. Our communities, and our voices, are being held hostage as billionaires’ platforms surveil, betray, and censor us. We’re not alone in this frustration, and fortunately, people are collaborating globally to build another way forward: the Open Social Web.
This new infrastructure puts the public’s interest first by reclaiming the principles of interoperability and decentralization from the early internet. In short, it puts protocols over platforms and lets people own their connections with others. Whether you choose a Fediverse app like Mastodon or an ATmosphere app like Bluesky, your audience and community stay within reach. It’s a vision of social media akin to our lives offline: you decide who to be in touch with and how, and no central authority can threaten to snuff out those connections. It’s social media for humans, not advertisers and authoritarians.
Behind that vision is a beautiful mess of protocols bringing the open social media web to life. Each protocol is a unique language for applications, determining how and where messages are sent. While this means there is great variety to these projects, it also means everyone who spins up a server, develops an app, or otherwise hosts others’ speech has skin in the game when it comes to defending Section 230.
Section 230 protects freedom of expression online by protecting US intermediaries that make the internet work. Passed in 1996 to preserve the new bubbling communities online, 230 enshrined important protections for free expression and the ability to block or filter speech you don’t want on your site. One portion is credited as the “26 words that created the internet”:
“No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”
In other words, this bipartisan law recognizes that speech online relies on intermediaries — services that deliver messages between users — and holding them potentially liable for any message they deliver would only stifle that speech. Intuitively, when harmful speech occurs, the speaker should be the one held accountable. The effect is that most civil suits against users and services based on others’ speech can quickly be dismissed, avoiding the most expensive parts of civil litigation.
Section 230 was never a license to host anything online, however. It does not protect companies that create illegal or harmful content. Nor does Section 230 protect companies from intellectual property claims.
What Section 230 has enabled, however, is the freedom and flexibility for online communities to self-organize. Without the specter of one bad actor exposing the host(s) to serious legal threats, intermediaries can moderate how they see fit or even defer to volunteers within these communities.
The superpower of decentralized systems like the Fediverse is the ability for thousands of small hosts to each shoulder some of the burdens of hosting. No single site can assert itself as a necessary intermediary for everyone; instead, all must collaborate to ensure messages reach the intended audience. The result is something superior to any one design or mandate. It is an ecosystem that is greater than the sum of its parts, resilient to disruptions, and free to experiment with different approaches to community governance.
The open social web’s kryptonite though, is the liability participants can face as intermediaries. The greater the potential liability, the more interference from powerful interests in the form of legal threats, more monetary costs, and less space for nuance in moderation. And in practice, participants may simply stop hosting to avoid those risks. The end result is only the biggest and most resourced options can survive.
This isn’t just about the hosts in the Open Social Web, like Mastodon instances or Bluesky PDSes. In the U.S., Section 230’s protections extend to internet users when they distribute another person’s speech. For example, Section 230 protects a user who forwards an email with a defamatory statement. On the open social web, that means when you pass along a message to others through sharing, boosting, and quoting, you’re not liable for the other user’s speech. The alternative would be a web where one misclick could open you up to a defamation lawsuit.
Section 230 also applies to the infrastructure stack, too, like Internet service providers, content delivery networks, domain, and hosting providers. Protections even extend to the new experimental infrastructures of decentralized mesh networks.
Beyond the existential risks to the feasibility of indie decentralized projects in the United States, weakening 230 protections would also make services worse. Being able to customize your social media experience from highly curated to totally laissez-faire in the open social web is only possible when the law allows space for private experiments in moderation approaches. The algorithmically driven firehose forced on users by antiquated social media giants is driven by the financial interests of advertisers, and would only be more tightly controlled in a post-230 world.
Laws aimed at changing 230 protections put decentralized projects like the open social web in a uniquely precarious position. That is why we urge lawmakers to take careful consideration of these impacts. It is also why the proponents and builders of a better web must be vigilant defenders of the legal tools that make their work possible.
The open social web embodies what we are protecting with Section 230. It’s our best chance at building a truly democratic public interest internet, where communities are in control.
Republished from the EFF’s Deeplinks blog.
Filed Under: activitypub, atprotocol, open social web, section 230
The New York Times reports that the White House may create a new working group to oversee AI development. A federal review of new AI models ahead of their public release is being considered as a possible power for that committee, according to the publication’s sources.
No clear approach has been decided, but the Times suggested it could mimic what’s currently happening within the UK government, where multiple layers of oversight confirm that AI models meet safety standards. (Although the UK has recently been having its own drama about AI regulation.) There’s also still a chance the entire concept fizzles and comes to nothing.
If an oversight group is created, it would mark quite a reversal from the hands-off attitude presented in the White House’s previously introduced AI Action Plan. The plan appeared willing to offer the AI companies most of the concessions they wanted, although it did leave a lot of potential to create plenty of new problems.
Regulation for a technology industry that sure does get sued a lot seems worthwhile. Whether this administration is capable of making good decisions about that regulation is a different question.
The Iranian Shahed-136’s basic design has seen many changes and additions since Russia began using them, with some featuring interesting payloads such as cameras in a gimbal, making these drones useful for tasks like surveillance. Recently [Michel] got his hands one one such camera that was recovered from a shot-down drone in Ukraine, providing the opportunity for an in-depth look at what hardware is in these cameras.
The teardown thus covers the gimbal mechanism itself as well as the electronics and camera. First up is an Artix-7 FPGA-based board, followed by the range finder assembly. Unsurprisingly the camera feed handling is performed by an Hi3519 SoC, as this appears to be the off-the-shelf option you find all over on AliExpress and similar sites. There’s also an Artix-7 FPGA-based board here, which presumably performs some machine vision tasks or similar.
Continuing the ‘bought off AliExpress’ vibe, the power supply board (pictured above) is quite literally just that. A relay board follows the same pattern, with apparently the entire contents of the camera consisting of off-the-shelf development boards and modules that are readily found for sale online.
For the camera there is a thermal camera presumably for night operations, as most of these drone swarms are launched towards Ukraine at night. Looking at the gimbal assembly it similarly feels like it was sourced off AliExpress, featuring mostly Western components, sometimes with the typical lasered-off component markings and such.
This makes one wonder how much has changed here since nearly two years ago we saw an air data computer from a similar drone that could have been sourced off AliExpress, while the Russian missile teardowns show significantly more custom hardware, presumably because those are harder to source off AliExpress.
Google’s long-running face unlock comeback story may have hit another wall. A recent Pixel 11 series leak claims that Project Toscana, Google’s rumored infrared face unlock system, likely will not debut on the Pixel 11 lineup because it is still not ready for release.
The feature was expected to give future Pixel phones a stronger rival to Apple’s Face ID. Earlier reports said Project Toscana was tested on both Pixel phones and Chromebooks, with Face ID-like speed and better low-light performance. The latest leak suggests Pixel users may have to wait beyond the 2026 lineup for that upgrade.
Based on the latest Pixel 11 leak, yes. Project Toscana is now said to be unlikely for the Pixel 11 series, even though Google was reportedly testing the system for months.
The system was described as an iPhone-like face unlock setup using hybrid near-infrared sensors and possible under-display infrared hardware. It was meant to improve speed, security, and low-light unlocking, areas where Apple’s Face ID still has an advantage.
Google has already tried a serious face unlock system on Pixel phones. The Pixel 4 series used dedicated hardware, including Soli radar, to sense when a user was reaching for the phone and prepare face authentication before the screen was fully active. Google said the system worked in almost any orientation and could be used for secure payments and app sign-ins.
The feature quickly ran into trouble. Soon after launch, users found that the Pixel 4 could unlock even when a person’s eyes were closed, raising security concerns. Google later issued an update that added an “eyes open” requirement, but the company moved away from dedicated 3D face unlock hardware after the Pixel 4 generation.
Newer Pixel phones brought face unlock back in a more limited form. Project Toscana looked like Google’s chance to close that gap and bring a hardware-backed face unlock system to future Pixels.
The same Pixel 11 leak still points to several hardware changes. The lineup is expected to use the Tensor G6 chip, new cameras, brighter OLED displays, a MediaTek M90 modem, and an RGB LED array in the camera bar on Pro models. The leak also claims the thermometer may be removed from the Pixel 11 Pro, Pixel 11 Pro XL, and Pixel 11 Pro Fold.
The delay is disappointing, but a rushed launch would be worse. Face unlock is not just a convenience feature when it is tied to payments, banking apps, and device security. If Project Toscana needs more time, the next Pixel generation is a better landing place than a half-ready rollout. For privacy and security, it should arrive only when it works correctly and feels bulletproof.
A severe security vulnerability affecting almost every version of the Linux operating system has caught defenders off-guard and scrambling to patch after security researchers publicly released exploit code that allows attackers to take complete control of vulnerable systems.
The U.S. government says the bug, dubbed “CopyFail,” is now being exploited in the wild, meaning it’s being actively used in malicious hacking campaigns.
The bug, officially tracked as CVE-2026-31431 and discovered in Linux kernel versions 7.0 and earlier, was disclosed to the Linux kernel security team in late March, and patched after about a week. But the patches have yet to fully trickle down to the many Linux distributions that rely on the vulnerable kernel, leaving any system running an affected Linux version at risk of compromise.
Linux is widely used in enterprise settings, running the computers that operate much of the world’s data centers.
The CopyFail website says that the same short Python script “roots every Linux distribution shipped since 2017.” According to security firm Theori, which discovered CopyFail, the vulnerability was verified in several widely used versions of Linux including Red Hat Enterprise Linux 10.1, Ubuntu 24.04 (LTS), Amazon Linux 2023, as well as SUSE 16.
DevOps engineer and developer Jorijn Schrijvershof wrote in a blog post that the exploit works on Debian and Fedora versions, as well as Kubernetes, which relies on the Linux kernel. Schrijvershof described the bug as having an “unusually big blast radius” as it works on “nearly every modern distribution” of Linux.
The bug is called CopyFail because the affected component in the Linux kernel, the core of the operating system that has virtually complete access to the entire device, does not copy certain data when it should. This corrupts sensitive data within the kernel, allowing the attacker to piggyback the kernel’s access to the rest of the system, including its data.
If exploited, the bug is particularly problematic because it allows a regular, limited-access user to gain full-administrator access on an affected Linux system. A successful compromise of a server in a data center could allow an attacker to gain access to every application, server, and database of numerous corporate customers, and potentially gain access to other systems on the same network or data center.
The CopyFail bug cannot be exploited over the internet on its own, but can be weaponized if used in conjunction with an exploit that works over the internet. Per Microsoft, if the CopyFail bug is chained together with another vulnerability that can be delivered over the internet, an attacker could use the flaw to gain root access to an affected server. A user operating a Linux computer with a vulnerable kernel could also be tricked into opening a malicious link or attachment that triggers the vulnerability.
The bug could also be injected by way of supply chain attacks, in which malicious actors hack into an open source developer’s account and plant the malware in their code in order to compromise a large number of devices in one go.
Given the risk to the federal enterprise network, U.S. cybersecurity agency CISA has ordered all civilian federal agencies to patch any affected systems by May 15.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Wave energy had largely been bobbing around in the background of the U.S. clean energy sector — until now. On Monday, Oregon-based Panthalassa announced a $140 million round led by Peter Thiel.
The new funding from the PayPal co-founder and others will allow the startup to finish building its pilot manufacturing facility near Portland. Panthalassa is developing technology that pairs wave power generated by massive floating orbs with onsite AI computing. The systems transmit data via low-Earth-orbit satellites.
“We’ve built a technology platform that operates in the planet’s most energy-dense wave regions, far from shore, and turns that resource into reliable clean power,” said Garth Sheldon-Coulson, Panthalassa’s co-founder and CEO, in a statement. “We’re now ready to build factories, deploy fleets, and provide a sustainable new source of energy for humanity.”
The planet is scrambling to find new energy sources to meet demand from data centers and electrified transportation, building heating and cooling, and industrial applications.
One of the biggest challenges historically with wave power is the need to build costly infrastructure to move energy from the ocean to where it’s needed. Panthalassa’s approach sidesteps that problem by using power onsite to run already-trained AI models, while tapping cold ocean water to cool the hardware — solving two problems at once.
The strategy shares parallels with surging interest in space-based data centers that harness solar energy. In March, Starcloud, a Redmond, Wash.-based startup, announced $170 million in new funding, vaulting it to unicorn status with a $1.1 billion valuation.
“The future demands more compute than we can imagine,” said Peter Thiel. “Extra-terrestrial solutions are no longer science fiction. Panthalassa has opened the ocean frontier.”
Founded in 2016 as a public benefit corporation, Panthalassa has spent nearly a decade developing power generation, propulsion, autonomous operations and computing technology. That work has included prototypes — Ocean-1, Ocean-2 and Wavehopper — deployed in sea trials in 2021 and 2024. The company is now preparing to deploy its Ocean-3 pilot series this year, with commercial systems planned for 2027.
Sheldon-Coulson previously served as a senior investment associate at Bridgewater Associates. Chief Innovation Officer Brian Moffat, listed as a co-founder by Lowercarbon Capital, developed a novel wave energy system for Spindrift Energy before launching Panthalassa. The company has approximately 108 employees, according to PitchBook.
Other Pacific Northwest companies pursuing wave energy include Seattle’s Oscilla Power and Oregon State University spinout C-Power. Wave energy startups that have exceeded $100 million in investment globally include Sweden’s CorPower Ocean and the United Kingdom’s Marine Power Systems.
The Series B round included participation from new investors John Doerr, Marc Benioff’s TIME Ventures, Max Levchin’s SciFi Ventures, Susquehanna Sustainable Investments, Hanwha Group, Anthony Pratt, Fortescue Ventures, Future Positive, WTI, Nimble Partners, Super Micro Computer, Sozo Ventures, Dylan Field, Planetary VC, Leblon Capital, Resilience Reserve, Portland Seed Fund, and the Intrepid Oregon Fund.
Returning investors include Founders Fund, Gigascale Capital, Lowercarbon Capital, Unless and WovenEarth. Panthalassa previously raised $78 million, according to PitchBook.
Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands.
The attacks started five days after the software vendor released a security update to address the issue, and two weeks before disclosing it publicly.
Researchers at threat intelligence company Vega documented the malicious activity and reported that the attacks lasted roughly a week, each with several distinct phases.
Weaver E-cology is an enterprise office automation (OA) and collaboration platform used for workflows, document management, HR, and internal business processes. The product is primarily used by Chinese organizations.
CVE-2026-22679 is a critical unauthenticated remote code execution flaw affecting E-cology 10.0 builds prior to March 12.
The flaw is caused by an exposed debug API endpoint that improperly allows user-supplied parameters to reach backend Remote Procedure Call (RPC) functionality without authentication or input validation.
This lets attackers pass crafted values that are ultimately executed as system commands on the server, effectively turning the endpoint into a remote command execution interface.
According to Vega, the attackers first checked for remote code execution (RCE) capabilities by triggering ping commands from the Java process to a Goby-linked callback, and then proceeded to multiple PowerShell-based payload downloads. However, all these were blocked by endpoint defenses.
Next, they attempted to deploy a target-aware MSI installer (fanwei0324.msi), but this failed to execute properly, and no follow-up activity was observed.
After those failed attempts, the attackers reverted to the RCE endpoint, using obfuscated and fileless PowerShell to repeatedly fetch remote scripts.
Throughout all attack phases, the threat actors executed reconnaissance commands, such as whoami, ipconfig, and tasklist.
Vega explains that although the attackers had the RCE opportunity by exploiting CVE-2026-22679, they never established a persistent session on the targeted host.
Users of Weaver E-cology 10.0 are recommended to apply the security updates available through the vendor’s site as soon as possible.
“Every attacker process we observed is parented by java.exe (Weaver’s Tomcat-bundled Java Virtual Machine), with no preceding authentication,” explained Vega, adding that “the vendor fix (build 20260312) removes the debug endpoint entirely.”
No alternative mitigations or workarounds are listed in the official bulletin, so upgrading is the only recommendation.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
Sony, owner of the PlayStation brand, has been accused of antitrust practices. The lawsuit was originally settled in 2024 but was rejected twice during the approval process. Last week, a judge approved a preliminary reopening of the settlement.
The suit, brought before the San Francisco division of the United States District Court for the Northern District of California, accuses the company of allegedly limiting third-party retailers from selling PlayStation titles via “game-specific vouchers.” That means preventing customers from buying games elsewhere and forcing them to make digital purchases solely on Sony’s PlayStation Network, where it controls prices without worrying about competitors.
The settlement means the company won’t admit to any wrongdoing, but it will have to pay nearly $8 million to affected players. Unfortunately, that might take quite a while.
Here’s what to know about the settlement and whether you’ll be able to get any money out of it. (The full details are at the PlayStation Digital Games Settlement website.)
If you bought a digital game on PlayStation Network between April 1, 2019, and December 31, 2023, then yes, you are likely eligible for a cut of the settlement.
You can find a full list here of games that are eligible for a settlement payout.
If you’ve played anything around that time and bought it from the PSN store, chances are you’ll have a shot at being included. Games include The Last of Us, Resident Evil 4, and lots of sports games, such as several generations of Madden, NBA 2K, and FIFA
Thankfully, you won’t have to do very much. When the settlement finally goes through, the funds will be deposited into the payment accounts linked to all of the eligible PSN profiles.
If you’d like to exclude yourself from the payout, or object to it entirely, you can do so by filing out a written request. That’s not necessary unless you have a moral issue with the payout, or you plan to sue Sony about this very same issue later. Accepting the payout now by default means you waive the right to sue Sony for this in the future.
If your PSN account is deactivated or otherwise MIA, but you know you’ve bought games that meet the conditions of this settlement, you still have options for getting some recompense. You can call (877) 777-9145 or email [email protected]. You can also send your qualifying purchase information and current address to:
PSN Digital Game Settlement
P.O. Box 17304
Milwaukee, WI 53217
The deadline to submit that request for a check is August 27, 2026.
Probably not a lot. That $7.85 million will be split across legal representatives who argued the settlement, then evenly spread across potentially millions of people’s PSN accounts. It’s hard to tell exactly how much that will amount to, but it’s likely to be a few dollars at best.
The settlement hearing won’t happen until after a so-called fairness hearing takes place, which is currently scheduled for October 15, 2026. If that is finalized, the money could take additional weeks or months to be doled out.
Class action lawsuits aren’t super consumer-friendly most of the time. They certainly don’t tend to be timely. This particular settlement was first arranged in December 2024, but two requests for approval had been rejected. The language in the settlement originally said the payments would be distributed after April 1, 2025. As you can probably tell, the wait isn’t over yet.
A long-serving military vessel is a unique piece of a country’s naval history. Sadly, several iconic U.S. Navy ships are set to be decommissioned in 2026, and still others are stuck in increasingly delayed renovation projects. The formidable U.S.S. Dwight D. Eisenhower aircraft carrier, however, is finally set to return to naval service.
This huge Nimitz-class carrier, measuring 1,092 feet long and displacing 101,600 long tons, will mark its 50th birthday in 2027. With aircraft carriers being such a crucial component of global power projection, the venerable ship was returned to Virginia’s Norfolk Naval Shipyard in January 2025, for an extensive period of PIA (Planned Incremental Availability).
This is an extended inspection, evaluation, and modernization process, a daunting job for a vessel of this size. It was completed ahead of schedule in April 2026, and Commander Jason Downs, Project Superintendent, hailed the collaborative effort. He said, a Navy release reports, “The entirety of the project team mustered more than 4,000 people daily, all with one common vision–deliver IKE, fully mission capable, back to the fleet before our commitment date.”
The extensive effort included unique tasks like repairing and improving the carrier’s catapult system, a vital feature that allows for the launch of aircraft. Commander Downs went on to boast that this was “the SECOND consecutive early finish of an aircraft carrier availability at Norfolk Naval Shipyard,” with U.S.S. George H.W. Bush’s own period of PIA concluding in late 2024.
U.S.S. Dwight D. Eisenhower was christened in October 1975, by Mamie Doud-Eisenhower herself. Commissioned two years later, it operated in the Red Sea in 1990 and during Operation Desert Storm the following year. It remained active throughout the 1990s, with a role in other key operations including Operations Uphold Democracy, Southern Watch, and Deny Flight, the latter being a NATO effort to maintain the no-fly zone in Bosnian airspace.
Into the 2000s and 2010s, it would be deployed during Operations Enduring Freedom and Inherent Resolve. Between February and August 2020, its courageous crew remained aboard, achieving a new record for continuous time spent at sea without docking: 260 days. It was called upon again in 2021 and 2023, for Operations including Inherent Resolve and Prosperity Guardian.
It’s been a stalwart presence in the oceans for almost half a century, and its newly completed period of intensive maintenance and refitting was not its first. A previous period of PIA started in August 2022 and lasted for just over a year. It’s been treated to a lot of maintenance and upgrades over its long career, with an October 1985 to April 1987 stop in Newport News Shipbuilding perhaps being the most significant. During this period, it was equipped with an Anti-Submarine Warfare Module, NATO Sea Sparrow Missiles, and a range of sophisticated communications features.
The U.S.S. Dwight D. Eisenhower may not be the most advanced aircraft carrier in the world, but it’s a sophisticated model and powerhouse nonetheless. The next chapter in its history is sure to be significant, wherever it’s deployed next.
Elon Musk has reached a settlement with the Securities and Exchange Commission (SEC) after a years-long dispute with the regulator over the timing of his disclosure that he had acquired a significant stake in Twitter. Musk agreed to pay a $1.5 million fee without admitting wrongdoing in exchange for the SEC dropping its case, the regulator said.
If the settlement is approved by a court, it will bring to an end the drawn out battle over how he began his $44 billion takeover of Twitter in 2022. The SEC began investigating Musk that same year over his 11-day delay in disclosing that he had acquired a more than 5 percent stake in the company. That lag, the SEC argued in a lawsuit, ultimately saved Musk more than $150 million at the expense of Twitter shareholders.
During the course of its investigation, the SEC accused Musk of using “gamesmanship” to stall its probe as he repeatedly dodged the regulator’s subpoena. Musk, in turn, accused then-SEC chair Gary Gensler of “harassment.” Gensler left his post days after the lawsuit against Musk was filed as President Donald Trump took office.
The 1.5 million penalty is “the largest in SEC history for the type of violation he was accused of,” according to Reuters.
Most Commercial Energy Audits Miss the Real Losses
Kylie Jenner’s KHY Enters a New Era with ‘Born in LA’
Channel 5 – All Creatures Great and Small series 7 new post
Trump’s 25% EU auto tariff breaches Turnberry Agreement that also covers semiconductors and digital trade
CFTC’s AI will review U.S. crypto registration applications, chairman tells CoinDesk
Paul Scholes issues Marcus Rashford reality check as agreement emerges over Man United star
Barclay Brothers Avoid Bankruptcy: HSBC Drops High Court Petitions After IVA Deal
Tesla Officially Registers Elon Musk’s Stock: What Investors Need to Know
Robinhood Phishing Scam Exploits Gmail Dot Feature to Bypass Security
Get Ready for More Brain-Scanning Consumer Gadgets
Gmail Dot Trick Underpins Robinhood Phishing, Sending Real-Looking Emails
Two Powerball Tickets Split $143 Million Jackpot in Indiana and Kansas
Texas Instruments made a new flagship graphing calculator: the TI-84 Evo
CoreWeave (CRWV) Stock Climbs 8% Despite $45M Insider Share Dump
Will Ethereum hold $2,300 or slip lower from here?
Outsourced IT Support vs Internal Teams: A Complete Guide
How A Fantasy Flop Finally Found Success On HBO Max
Global Market Today: Asian shares hold near eight-week high
Winning Numbers Drawn as Jackpot Resets to $20 Million
Saba Capital tender offers for shares are below initial expectations
You must be logged in to post a comment Login