TL;DR
ASML is cutting EUV build cycle from 22 weeks to 15-16 weeks. Nearly sold out for 2027, substantial 2028 orders. Raised guidance to €43-45B. 30% capacity boost planned.
ASML is cutting EUV build cycle from 22 weeks to 15-16 weeks. Nearly sold out for 2027, substantial 2028 orders. Raised guidance to €43-45B. 30% capacity boost planned.
ASML is working to cut the time it takes to build and test its extreme ultraviolet lithography machines by roughly a third, CFO Roger Dassen told reporters on Wednesday. The cycle time, the period between starting production in ASML’s clean rooms and shipping, was about 22 weeks a few quarters ago. “We’re now looking at bringing that down to 15 to 16 weeks,” Dassen said.
The Dutch company is “close to being fully booked” for EUV machines in 2027, with a “substantial number” of orders for 2028. Dassen called it “rare” to have orders that far in advance, a signal of how aggressively chipmakers are building capacity for AI. ASML raised its full-year sales guidance to between €43 billion and €45 billion ($49.2 billion) and plans to increase capacity by 30% for 2027, while “investigating” a further 30% boost for 2028.
The company outlined plans to produce about 65 units of its low-NA EUV machines this year. To hit higher numbers, ASML is reducing testing protocols while maintaining quality, reorganising clean room cabins to dedicate all space to output rather than R&D, and working with its supply chain to remove bottlenecks. “We see opportunities to reduce the testing protocol and still maintain quality,” Dassen said. “We can crank out more tools, and customers are open to that.” AI infrastructure demand is driving long-term supply commitments across every layer of the semiconductor stack, from memory to the machines that make the chips.
EUV machines take more than a year to deliver after an order is placed, and ASML is the only company in the world that makes them. Every advanced chip from TSMC, Samsung, and Intel requires ASML’s tools. The capacity constraints mean that the pace at which AI data centres can be built is ultimately gated by how fast ASML can ship lithography equipment. The AI memory shortage is already driving up consumer electronics prices, and ASML’s production bottleneck sits one step further upstream, at the machines that make the chips that go into everything.
The Nothing Phone 4(b) is a capable budget Android handset with a clean OS, avant-garde looks and excellent battery life. Its internal power is fine for the price, although lacking against some of the competition, and the dual camera array is mostly fine for the price.
Classic Nothing design
Solid internal grunt
Excellent battery life
Screen is dimmer than some rivals
A fair bit dearer than the last CMF phone
Performance isn’t as strong as rival devices
Review Price:
£299
Snapdragon 6 Gen 4 SoC
The Phone 4(b) has a decent mid-range Qualcomm chip inside to offer solid day-to-day performance.
50MP + 8MP camera system
It features a dual camera setup with a 50MP main sensor and 8MP ultrawide, meaning no dedicated telephoto lens is present.
Signature Nothing design
In spite of being a more affordable option, this handset retains Nothing’s signature industrial design and unique elements.
The Nothing Phone 4(b) is the first of a new kind of phone for the London-based brand.
The budget phones sector was rocked by the decision from Nothing that it wasn’t going to release a sequel to the excellent CMF Phone 2 Pro this year, and instead chose to launch a spiritual successor under its own Nothing branding.
To this end, the Phone 4(b) is in essence a cut-down and more affordable version of the Nothing Phone 4(a), featuring a Qualcomm Snapdragon 6 Gen 4 SoC with 8GB of RAM and 128GB of storage, plus a 6.77-inch Super AMOLED screen and a 5200mAh battery inside.
Priced at £299/$399, it’s more expensive than the older CMF Phone 2 Pro, although it makes a few key upgrades and positions this new Nothing handset against the likes of the Motorola Moto G86 5G and the Poco X8 Pro.
To see if the Phone 4(b) can come out on top as one of the best cheap phones we’ve tested, I’ve been putting it through its paces for the last week or so.
Nothing’s phones have always had a certain look to them, and the Phone 4(b) sticks with its tried-and-tested formula of being funkier and more interesting than a lot of its contemporaries. You either like it, or you don’t, and admittedly, I’m quite a fan of it.
It is made of polycarbonate (plastic), as you’d perhaps expect for a more affordable handset, but I won’t hold that against Nothing with this phone. It’s comfortable to hold and feels quite durable compared to other cheaper phones out there. There isn’t any creaking or twisting at the corners, either.


As for colour options, the Phone 4(b) is available in black, white, or blue. My sample is the latter, adding a pleasant pop of colour against the other options, and certainly helping it to stand out.
The rear portion features a rectangular camera bump that doesn’t protrude too far from the main chassis, keeping the phone stable when you set it down. It comes with Nothing’s typical retro-futuristic touches, alongside a downsized Glyph Bar borrowed from the Phone 4(a).


The Glyph Bar has long been Nothing’s calling card when it comes to its phone design, and it achieves much of the same use cases as with the brand’s other phones. It can do everything from lighting up for notifications from specific people to letting you check charging progress, counting down shutter timers for the camera, or even pulsing red for severe weather alerts.
Ports are standard fare for a modern phone, with a USB-C port for charging and a SIM slot off to the left. There aren’t any other frills, either, such as a headphone jack or a microSD card slot for expandable storage.


We’ve got IP64 water and dust resistance for the Phone 4(b), which should protect it well against water and dust. This is ahead of the IP54 rating on Nothing’s own CMF Phone 2 Pro, although behind the IP68/IP69 rating of the Motorola Moto G86 5G.
This handset doesn’t ship with a charger in the box, although you at least get a USB-C to USB-C cable and a clear silicone case to help protect the phone.
Nothing has kitted the Phone 4(b) out with a large 6.77-inch Super AMOLED screen with a 1080×2344 resolution. This makes it one of the larger screens kitted out to a phone at this price.
The resolution is more akin to HD, which provides reasonable detail at the price, plus as an AMOLED choice, there are deep blacks and good contrast to my eye.


If there’s one area where the Phone 4(b)’s screen isn’t quite as strong as its rivals, it’s brightness. A typical peak brightness of 1200 nits gives images some pop and means this phone is fine for brighter conditions, although the 2000-nit peak for HDR content isn’t as vivid as on other budget phones.
It’s up to 120Hz of refresh rate here, which gives an added slickness against the 60Hz we were stuck at for a long time, although the screen here lacks the more advanced LTPO tech we see in costlier phones, meaning the variable refresh rate works in a blockier manner. For the most part, the Phone 4(b)’s panel sticks at 120Hz in my experience, which isn’t much of a hardship.


Nothing has also included an optical under-display fingerprint sensor for this phone, mounted quite low down on the panel. It’s fine to use, although not quite as good as the ultrasonic ones seen on higher-end devices.
In terms of cameras, the Phone 4(b) slices off the telephoto shooter found on the Phone 4(a) and opts for a dual-camera arrangement. The main camera is a 50MP 1/2.76-inch sensor optically stabilised snapper with an f/1.8 aperture, which is joined by an 8MP 1/4-inch ultrawide sensor with an f/2.2 aperture.
By default, the main sensor chucks out 12MP images, although you can switch to the camera’s 50MP mode to make full use of the resolution on offer for more detail, dynamic range and inherently larger file size.


Out-of-the-box images with the main snapper are perfectly pleasant, with natural colours and solid detail resolution. In general, the 12MP mode offers richer colours, while using the full 50MP resolution will give you stronger detail.
By comparison, the 8MP ultrawide is lacking in overall detail and only provides images I’d describe as serviceable at best. Finer portions are fuzzier if you pixel-peep.


The lack of a telephoto lens is the downfall of the Phone 4(b)’s camera setup, as it means anything beyond a simple 2x or 3x zoom can cause detail to fall off dramatically. For instance, the images taken of Spinnaker Tower beyond the advised 2x on the phone’s camera leave a lot to be desired, with a digital crop nowhere near as effective as proper optical zoom. A dedicated telephoto would have resolved the fuzziness and given a lot more to work with.


For selfies, the 16MP snapper on the front is okay, with good richness of colour and a pleasant, vibrant tone. Video capabilities in any guise are locked to a max of 1080p/60fps or 4K/30fps, which is fine, if unremarkable.
Inside, the Phone 4(b) is brought down a peg or two against its dearer brother by coming with a Qualcomm Snapdragon 6 Gen 4 SoC, paired with 8GB of RAM and 128GB of storage as its only configuration.
With this in mind, performance is stronger against the likes of the Xiaomi Redmi Note 15 4G model, with a much stronger CPU and GPU in the customary Geekbench 6 test. From Nothing’s own canon, the cheaper CMF Phone 2 Pro is rather similar in its performance, while last year’s Phone 3(a) is also faster than the 4(b) in this regard.


For general use, things are better than the benchmark numbers would suggest, with zippy performance navigating the operating system, streaming music or video or dealing with social media in my usual workflow.
In terms of 3D performance, more casual titles such as COD Mobile or PUBG fare absolutely fine, just as long as you’re happy to turn down some graphics settings for a smoother feel. With this in mind, don’t expect to be playing heavier and more intensive titles, as the 3DMark Wild Life Extreme test posted single-digit frame rates for one of the lower scores I’ve seen.


For more prolonged intensive loads, expect this Nothing phone to get a little on the warm side, although it wasn’t uncomfortable to the point I had to put it down. The Phone 4(b)’s vapour chamber cooling apparatus seems to do its job decently well.
Test Data
Nothing Phone 4(b)
Xiaomi Redmi Note 15 4G
CMF Phone 2 Pro
Nothing Phone 3a
Geekbench 6 single core
1090
738
1003
1164
Geekbench 6 multi core
3177
1990
2910
3273
Geekbench 6 GPU
2912
1307
–
–
3D Mark – Wild Life
965
350
852
1057
3D Mark – Wild Life Stress Test
99.2 %
99.1 %
–
–
The Phone 4(b) comes with Nothing’s own Nothing OS 4.1 Android skin out of the box that’s based on Android 16. When you first set the phone up, you get a choice between a stock Android lock or the monochromatic, retro-future aesthetic Nothing offers.
I went full Nothing, and opted for its own skin, which is an interesting look against other budget Android phones out there. App icons appear in white on black circles, and it can be a little difficult to distinguish one app icon from another at first. If you’d prefer, going back to the more colourful traditional Android aesthetic is a few taps away in the settings menu.


With this in mind, I didn’t find any bloat or unwanted crud here, and the OS is remarkably clean for such an affordable phone. The OS itself has some useful features, such as a hidden vault called Private Space to store sensitive documents and photos, as well as its clever freeform window sizing where you can make any app any size, which is neat.
Pressing the Essential key on the phone’s left side opens up the Essential Space, where the Phone 4(b) uses AI to organise screenshots, recordings and notes, auto-generating summaries, reminders and any to-do lists from the information you saved.


That’s as far as AI seemingly goes on this Nothing phone, though. There doesn’t seem to be any more AI gubbins here, such as for photo editing as we see on lots of other phones up and down the price ladder.
For the Phone 4(b), Nothing is committing to six years of security updates and three years of Android updates, giving some peace of mind for long-term use.
The Phone 4(b) features a 5200mAh battery inside, which is ironically the largest battery Nothing has ever fitted to one of its phones, in spite of it being the most affordable Nothing-branded handset. For reference, the Phone 4(a) comes with a 5080mAh cell.
The brand says that works out to enough for 22 hours of video streaming. In my experience, I managed around eight hours of screen-on time of use when it came to an intensive day of multitasking and using my phone as normal at more middling brightness levels.


For reference, that’s scrolling my social media, streaming music through Tidal or Plexamp, taking the odd photo when out and about, and dealing with a small amount of work in a pinch in Google Docs.
For a more scientific test, a cursory run of the PCMark Work V3.0 battery test at 50% brightness worked out to nearly 17 and a half hours of use – a fantastic result.


The Phone 4(b) supports up to 33W wired charging with no wireless charging support, which lags behind a lot of its key rivals. In using my 66W 6A charger to put some go-juice back into the handset, it also proves to be quite slow, taking 57 minutes to get back to 50%, while a full charge took 100 minutes.
The Phone 4(b) is the cheapest Nothing-branded phone out there, and if you want the brand’s unique features and design, it’s the most affordable way to do it.
Against some rivals, this Nothing handset lacks some vividness with its screen and has less in the way of overall detail, too.
The Nothing Phone 4(b) is a capable budget Android handset with a clean OS, avant-garde looks and excellent battery life. Its internal power is fine for the price, although lacking against some of the competition, and the dual camera array is mostly fine for the price.
It makes several key upgrades to the CMF Phone 2 Pro, such as with battery life, dust and water resistance, and by sticking with Nothing’s own design philosophy, although it feels a little baffling considering the Phone 4(b)’s screen is dimmer, and it isn’t much more powerful. Bear in mind the CMF option is also nearly £100 cheaper, too.
Elsewhere, the Motorola Moto G86 5G has a slightly higher-res screen, similar performance from its MediaTek Dimensity 7300 SoC and a similar camera array to the Phone 4(b) while costing £20 less. Its OS is much more chock-full of bloatware than Nothing’s, though, so it’s swings and roundabouts.
With this in mind, the Phone 4(b) is an interesting choice if you want an affordable handset with Nothing’s typical flair and interesting design, and seems like it’s going to be the way the brand does things going forward. For more choices, check out our list of the best cheap phones we’ve tested.
We test every mobile phone we review thoroughly. We use industry-standard tests to compare features properly and we use the phone as our main device over the review period. We’ll always tell you what we find and we never, ever, accept money to review a product.
The Nothing Phone 4(b) has a 5200mAh battery inside, which is the biggest Nothing has ever fitted to one of its devices.
| Nothing Phone 4(b) | |
|---|---|
| Geekbench 6 single core | 1090 |
| Geekbench 6 multi core | 3177 |
| Geekbench 6 GPU | 2912 |
| Max brightness | 2000 nits |
| 1 hour video playback (Netflix, HDR) | 4 % |
| Time from 0-100% charge | 100 min |
| 3D Mark – Wild Life | 965 |
| 3D Mark – Wild Life Stress Test | 99.2 % |
| Nothing Phone 4(b) Review | |
|---|---|
| Manufacturer | Nothing |
| Screen Size | 6.77 inches |
| Storage Capacity | 128GB |
| Rear Camera | 50 MP, f/1.8, (wide), 1/2.76″, PDAF, OIS, 8 MP, f/2.2, 15mm, 120˚ (ultrawide), 1/4.0″, 1.12µm |
| Front Camera | 16 MP, f/2.4, (wide), 1/3.0″ |
| Video Recording | Yes |
| IP rating | IP65 |
| Battery | 5200 mAh |
| Fast Charging | Yes |
| Size (Dimensions) | 78.2 x 159.4 x 8.6 MM |
| Weight | 210 G |
| Operating System | Nothing OS 4.1 (Android 16) |
| Release Date | 2026 |
| First Reviewed Date | 15/07/2026 |
| Resolution | 1078 x 2344 |
| HDR | Yes |
| Refresh Rate | 120 Hz |
| Ports | USB-C |
| Chipset | Qualcomm Snapdragon 6 Gen 4 |
| RAM | 8GB |
| Colours | Black, White, Blue |
| Stated Power | 33 W |
| UK RRP | £299 |
| USA RRP | $399 |
A phone that pairs a 120Hz AMOLED display with a 50MP OIS camera rarely costs under £200, but for a limited time, you could own one for just that.
That’s because the POCO M7 Pro 5G is now available for £179.00 instead of £259.00 – saving you 30% and giving you one a chance to pick up one of the best cheap phones available in this price bracket.
Save 30% on a Xiaomi handset with a crisp 50MP camera and a 120Hz AMOLED screen built for silky scrolling
The POCO M7 Pro 5G is down to £179, a 30% saving. Enjoy a 120Hz AMOLED display, 50MP OIS camera, and 5110mAh battery with 45W charging.

One of the things we love about the M7 Pro 5G is the 50MP Sony camera that comes with optical image stabilisation built in, which keeps handheld shots sharp in situations where a shakier phone would blur, from a moving bus to a poorly lit restaurant table at night.
Above that sits a 120Hz FHD+ AMOLED display designed with eye care in mind, delivering the kind of smooth scrolling and crisp colour that makes browsing or gaming feel noticeably sharper than a standard 60Hz panel.
Powering all of that is a Dimensity 7025-Ultra processor, a 6nm 5G chip with an octa-core CPU clocked up to 2.5GHz, built to handle multitasking and heavier games without slowing down or overheating during longer sessions.


Memory Extension technology adds up to 12GB of virtual RAM on top of the phone’s physical memory, taking the total as high as 24GB and letting more than 42 apps stay open in the background at once.
None of that performance drains the battery quickly either, since the 5110mAh cell paired with 45W turbo charging is built to get through a full day of heavy use and top back up fast when it does run low.
The handset also carries IP64 dust and water resistance, a flagship-level touch that protects against light rain, spilled drinks, or dusty environments without needing a separate case bought just for peace of mind, which is rare to find at this price point.
Worth noting is that the enhanced 5G experience POCO promises depends on regional network coverage and local operator support, meaning actual speeds will vary depending on where the M7 Pro is used day to day.
If you’re after a 5G phone that covers photography, display quality, and everyday battery life without the flagship price tag, the POCO M7 Pro 5G is a no brainer choice right now, especially when you’ll save £80 before this deal disappears.
SQUIRREL_PLAYLIST_10148964

Recent photos from NASA / ESA’s Hubble Space Telescope show magnificent crimson plasma and dazzling blue stars in all their glory. The image in question is from LH 95, a star-forming region in the Large Magellanic Cloud, a dwarf galaxy that orbits the Milky Way.

The light from hundreds of young stars is burning the surrounding hydrogen, creating a bright red glow across the entire image. This type of emission, known as H-alpha, is a good indicator that star formation is actually taking place, and it’s similar to a flashing neon sign that draws your attention. You can also detect darker wisps of dust breaking through the light gas, indicating that denser material has withstood the relentless battering of star winds and radiation.
Blue and white stars sparkle vividly against the blazing red backdrop. Many of these are extremely hot, massive objects that have only been around for a few million years, and if you look closely, there’s one that really stands out, located just above the middle and to the left, as this bloke has a mass between 60 and 70 times that of the sun, and he’s probably a million years younger than the ones around him, the majority of which are around 4 million years old.
So far, astronomers have identified nearly 2,500 stars in LH 95, which have all of the mass they’ll ever need. They are still in the pre-main-sequence phase, essentially hanging out in their disks while nuclear fusion takes place and transforms them into stable, hydrogen-burning stars. However, the results reveal that this growth stage can last several million years, which is longer than some researchers had previously anticipated. However, accretion rates do slow down over time, but material continues to pour in for quite some time.
Hubble has given us a magnificent view of the hottest gas and brightest stars in all of their glory. The hues in this photo are fairly typical, with shorter wavelengths displaying blue and longer visible light, as well as that magnificent red hydrogen emission glowing brightly red. It all helps to accentuate the dynamic dance between stars and their surroundings, and the dark dust lanes stand out since they are the only areas that conceal some of the backdrop glow, adding depth to the entire impression.
Launched in 2014, Japan’s Hayabusa2 spacecraft completed its primary asteroid sample return mission all the way back in 2020. But with the main spacecraft still healthy, the intrepid little probe was assigned new missions — such as its future investigation of asteroid 1998 KY26, a rather unassuming 11 meter diameter rock.

Earlier this month Hayabusa2 flew by the 450 meter 98943 Torifune at a distance of 800 meters, close enough to get an up-close look of its surface of mostly silicate minerals. With the spacecraft flying past at around 5 km/s, this posed some challenges with tracking, especially since its systems and instruments were not designed for high-speed tracking.
With that mission now complete, 1998 KY26 – first discovered in 1998 – is next on the menu, though this will have to wait a while. Currently it’s estimated that the two will not meet until July 2031.
Once they do meet up, after Hayabusa2 zips twice more past Earth, it’ll be another major challenge for the by now rather degraded spacecraft. Its sensors have suffer radiation and other types of damage, while its ion engines are quite depleted. The goal at this target asteroid is to enter orbit, deploy its last target marker and projectile, before attempting a landing, probably at one of its poles.
As likely the final mission for this spacecraft it’ll be very educational in many ways, not the least of which is that of planetary defense, but also that of deepening our understanding of these asteroids and the many varieties that we share space with.
Ford’s F-150 Lightning was a good truck, but not necessarily a successful one. Launched in 2022 and discontinued in late 2025, the truck fell short of expectations and eventually proved financially disastrous, triggering a massive $19.5 billion shift in Ford’s EV strategy. In the wake of the F-150 Lightning, Ford announced a fresh EV project called the Ford Universal EV Platform in late 2025, investing $5 billion in the project to launch a new, $30,000 all-electric mid-size pickup truck for 2027.
Over a year since that announcement, Ford’s new affordable electric pickup truck looks like it’ll become a reality. Multiple reports have emerged of people encountering the new EV in camouflage, possibly while undergoing real-world testing. But the camouflage isn’t just to hide the truck’s final shape. Observers were quick to notice something quirky with the wrap, which, upon close inspection, doesn’t just include heart emojis, dogs, soccer balls, and sailboats, but also a scannable QR code.
Scanning the QR code, as it turns out, takes users to a new Ford website for the upcoming EV. The website welcomes users with a message stating that they have spotted a Unicorn. The page features several videos discussing Ford’s vision for this project, with one of the newest videos featuring Ford’s vice president of advanced development projects, Alan Clarke. In the video, Clarke clarifies that this website will be regularly updated as the project moves forward.
Aside from the $30,000 starting price, Ford’s initial announcement outlined its intention for the new truck to perform similarly to a Ford Mustang EcoBoost while offering more passenger space than a Toyota Rav4. While Ford hasn’t officially revealed a name for the new vehicle, reports indicate that the company could be reviving the Ranchero nameplate, which it last used for a ute sold between 1958 and 1979. Ford regained the rights to the Ranchero name in April 2026.
Ford also appears to be trying every possible trick in its book to keep production costs low. Its new platform allegedly uses 20% fewer parts and fasteners and also has a smaller and lighter wiring harness than those used on previous EVs. Another major change is the switch to a 400-volt architecture (as opposed to an 800-volt architecture), trading charging speed for price.
Ford intends to equip the upcoming EV with advanced prismatic lithium-iron-phosphate (LFP) batteries, which cost less than typical EV batteries. What remains under wraps includes specific data about range, charging speeds, and overall performance (although we do have the EcoBoost Mustang reference). The electric motors that Ford intends to use on this machine also remain a mystery.
No matter when it launches, Ford’s new EV will likely end up competing in a vastly different automotive landscape from the one that existed when development first started. Aside from locking horns with established players like Tesla, Rivian, General Motors, and Stellantis, Ford will also need to address newfound competition from companies like the Jeff Bezos-backed EV startup Slate and possible challenges from newer players like Telo and Scout Motors.
Slate, perhaps, poses the greatest challenge to Ford, with the $25,000 Slate pickup truck likely launching before the end of 2026. As for Telo, the company is developing a small pickup truck called the MT1, which is expected to be priced around the $41,000 mark. This vehicle is also likely to reach the production stage before the end of 2026. While not a direct competitor to Ford’s upcoming truck, another company that Ford could be looking at closely is Scout. The company is on track to launch a new pickup truck in 2027, which will be a larger machine with body-on-frame construction and premium pricing.
Can Ford deliver on its promise of bringing the new mid-size EV pickup truck to American consumers by 2027? Even if it does, will the truck be able to compete? Only time will tell.
AI is changing how vulnerability research gets done, but most of the conversation is still theoretical: what a model might eventually be capable of, rather than what it can actually find today.
We wanted to answer a more practical question: using the models already available to us right now, how far can AI take us in finding real, exploitable vulnerabilities in production software?
This piece details how the team at Intruder is using LLMs to find novel vulnerabilities using code scanning frameworks alongside current, pre-Mythos models.
We walk through a remote, multi-stage SQL injection zero-day we discovered in a WordPress plugin with over 300,000 users — fully automated from discovery through exploitation, with no human in the loop.
The big problem when pairing AI with a code scanner is focus. LLMs are excellent at taking small segments of code, or a description of a specific problem, and finding an interesting solution. But point one at a large codebase and ask it to find security issues, and it will try to ingest every file in the repo.
That’s expensive in tokens, and worse for accuracy: by the time the model is halfway through, its context is full of irrelevant code, and the bug you actually want is buried in noise.
For more complex bugs that require chaining several steps together, you’re then relying on the framework to keep the right context in memory, or retrieve it intelligently when needed. In our experience, that produces poor output rather than real and interesting bugs.
Traditional code scanning frameworks already solve this. We use a technique we’re calling a program slice, which is similar to when an IDE or LSP tool uses features like “find implementation” or a call graph to find all functions called by the current function. These are mature, well-tested tools, and they sidestep the diluted-context problem entirely.
Intruder’s AI pentesting agents deliver the depth of a manual engagement on-demand: no lead time, no scoping calls, a fraction of the cost.
Test with every release, close your window of exposure, and get an audit-ready report in hours.
We built a pipeline that takes a codebase, runs it through a code scanning engine (we use Joern), generates slices of code relevant to each finding, and uses an LLM to triage and exploit the issue. The design was inspired by nooperator’s work on Slice, though we use Joern rather than CodeQL and designed the slicing algorithm quite differently to handle the specific vulnerability classes we’re looking for.
We pointed it at the top 200 WordPress plugins — code that’s already heavily picked over by bug bounty researchers, so finding something real there would mean the process can compete with skilled humans.
First, Joern runs against the codebase with rules designed to flag broadly “interesting” patterns — this is deliberately loose to avoid creating rules that are too specific and might miss bugs. Since we have the triage agent filtering later anyway, we can err on the side of false positives.
For this experiment we were after unauthenticated WordPress plugin attack surface, so we had Joern identify every place a script can be affected by user input: REST routes, template hooks, nopriv AJAX calls, and so on.
For each WordPress hook, Joern generates a slice: the function the hook calls, every method that function calls, and so on down the chain. Basic taint tracking rules out obviously safe functions, such as SQL and XSS inputs that go through a known-safe sanitizer. Where we can verify statically that the code is safe to run, we drop those passing onto an LLM.
Each slice goes to a lightweight triage model (Sonnet, in our tests) to filter out the obviously uninteresting: hooks that are meant to be public and have no side effects, for example.
What’s left goes to a heavier model (Opus) to assess exploitability, with the full relevant call context in memory so it isn’t hunting through unrelated source.
Anything judged exploitable goes to a final exploitation agent to try and write an exploit. This agent has access to full source again (if needed) since it can now use targeted searches to find relevant code, and it will also spin up a Docker container running the software to test while developing.
The first bug the pipeline vended was CVE-2026-3985, a SQL injection vulnerability in the Creative Mail plugin. It stood out to us for a few reasons:
It’s high impact, giving an attacker read access to the database (including admin hashes and secret tokens!)
It requires multiple chained requests to exploit, making it less likely to be detected by traditional tooling
The root cause was hidden from the developer’s own static analysis tooling by a mistake in their code
Exploitation does require WooCommerce to be installed alongside Creative Mail, but since WooCommerce is a common reason people run WordPress (over 7 million active installs), the combination is common.
The exploitation agent one-shotted a working proof-of-concept, producing a check to confirm the issue existed and a full extraction method capable of pulling password hashes from the database.
This vulnerability was also found independently by Dmitrii Ignatyev of CleanTalk Inc., who reported it to Wordfence.
The plugin has been pulled from the WordPress store pending review; if you’re running Creative Mail alongside WooCommerce, disable it until a patch is available.
For the full technical details, see our write-up.
This is just the first vulnerability the pipeline has vended. We’re already finding more and reporting them to affected vendors (those are still under disclosure).
AI clearly has a growing role to play in vulnerability research, and the work now is building the frameworks to get the most out of current models. Attackers are already using similar tooling to feed AI high-signal input, which means the same speed advantage we’ve demonstrated here isn’t unique to defenders.
Vulnerabilities surfaced by our vending machine become detection checks in the Intruder platform, so your next scan finds and reports them.
Sam Pizzey, Security Engineer, Intruder
Sam Pizzey is a Security Engineer at Intruder. Previously a pentester a little too obsessed with reverse engineering, currently focused on ways to detect application vulnerabilities remotely at scale.
Sponsored and written by Intruder.
Sometimes the sun throws a temper tantrum, and that tantrum hits Earth. For some people, that means a chance to see the beautiful aurora borealis light up the night sky. But solar storms can cause damage to Earth and the various people and items orbiting in space. That’s because, according to a new study, the risks from solar storms might be worse than originally thought.
The study, authored by NASA’s Nithin Sivadas and Maria Walach of Lancaster University, posits that science’s understanding of solar storms and the electrical currents generated in Earth’s upper atmosphere may have been misunderstood, and that solar storms may be much riskier, especially for satellites and astronauts in orbit.
To understand the problem, understanding what the science currently says is key. When solar winds hit the upper atmosphere, they create all sorts of interactions, resulting in effects such as the auroras and electrical current. The current scientific consensus is that there’s a maximum amount of electrical current that can exist in the upper atmosphere because of factors such as solar wind energy, atmospheric limits and current saturation. Once that threshold is reached, Earth’s magnetosphere naturally dissipates the excess.
But this new research suggests that the limit doesn’t actually exist and that earlier assumptions about it were based on “uncertainties in solar wind measurements.” Those uncertainties likely arose because most solar wind measurements are taken by spacecraft about a million miles closer to the sun than Earth, at a location known as Lagrange Point 1.
Measurements taken closer to Earth’s surface by NASA spacecraft show a direct correlation between solar wind strength and electrical current in the atmosphere, and suggest that there is no upper limit as previously assumed. That means the atmosphere can produce as much electricity as there is solar wind to generate it.
Extreme solar wind events can be seen far away from the point of impact in the form of the aurora borealis.
It’s not well understood how much riskier solar storms are versus what science already knew. Solar storms have caused a lot of damage in the past, with instances such as the Carrington Event in 1859 setting telegraph machines on fire or the 12,350 BC solar storm, which researchers said was “orders of magnitude stronger than everything directly observed.” Further study is still needed to understand the potential risks.
“If there is no upper limit to our planet’s response to the solar wind, modeling for extreme cases needs to take this into account, and we should be vigilant of space weather effects,” Walach said in a statement. “Fortunately, these very extreme cases are rare, but this also means we have limited data to work with and only time will tell what happens at the very extreme one-in-a-thousand-year kind of event.”
Current simulations that use the limits explained above already paint a pretty grim picture for our electronic-heavy modern existence. A solar storm of the magnitude of the Carrington Event would level a significant number of Earth’s satellites and cause untold damage to systems here on Earth as well. And it wouldn’t be the first time: During the Halloween solar storms in 2003, Earth lost contact with 59% of its satellites at the time. While modern technology is better at resisting these risks, it’s not immune.
But there is some good news. First, such a catastrophic solar storm wouldn’t spell the end for humanity. Walach says that the Earth’s magnetic field “does a really great job of protecting us against many space weather effects,” and that most of the time, all humans will notice is the occasional glitch or a beautiful aurora. She says satellites would fare more poorly in such extreme space weather conditions.
The other good news is that the sun is nearing the end of its solar maximum for its current 11-year cycle (assuming it hasn’t already ended), so the odds of extreme space weather are much lower than they were in 2024, when Earth was treated to an extreme solar weather event that pushed the aurora borealis down to Texas for an entire week.
Stripe and private equity firm Advent International have reportedly made a joint $60.50-per-share offer to buy PayPal, valuing the payments company at more than $53 billion. The bid is said to represent a 28% premium to PayPal’s latest closing price and is backed by roughly $50 billion in committed bank financing.
Apple is in early talks with PrismML, a startup that shrinks large AI models to run directly on a phone. The company’s on-device AI pitch could help Apple keep more of Siri’s work off the cloud.
PrismML chief executive Babak Hassibi told CNBC that Apple and other companies were evaluating its technology. He called the discussions very early and said it was unclear where they would lead, but that “things are progressing nicely.” Apple did not comment. The Information first reported Apple’s interest last week.
The startup is a Khosla Ventures-backed spinout from the California Institute of Technology. Caltech owns the underlying patents and licenses them exclusively to PrismML. The company raised a $16.25 million seed round in March.
On Tuesday, PrismML released Bonsai 27B. It is a compressed build of Alibaba’s open-source Qwen model, not a new one trained from scratch. The company shrank it from roughly 54GB to as little as 3.9GB.
PrismML ships two versions under a free licence. A ternary build runs on a laptop. A smaller 1-bit build, about 3.9GB, is designed to fit within the memory budget of an iPhone 17 Pro. PrismML says it is the first model of that size to run on a phone.
The trick is how the model stores its internal values. PrismML reduces each one from 16 bits to just one or three possible values. It says this cuts memory use by 10 to 15 times, speeds up responses by six to eight times, and lowers energy use by three to six times.
There is a cost. Hassibi said the compressed models lose a few percentage points of performance. Factual recall weakens first, he said, before skills such as reasoning, maths, and coding. PrismML says its builds keep about 95% of full performance in the ternary version and 90% in the 1-bit one.
The timing is not an accident. PrismML released the model a day after Apple opened the public beta of iOS 27, which carries its long-delayed Siri overhaul. Apple is trying to make Siri competitive with assistants from OpenAI and Anthropic.
Running more AI on the device would help. Apple already sends complex requests to cloud models. Keeping more work local would cut delay, lower cloud costs, and support the company’s privacy pitch. Some features would also work offline.
There is a cost angle too. Morgan Stanley estimates Apple’s memory costs could climb sharply in its 2027 financial year. The bank expects the company to raise iPhone prices to protect margins. Smaller models help Apple fit capable AI into tight hardware without paying for more memory.
Analysts urged caution. Tarun Pathak of Counterpoint Research said the real test would be millions of queries across thousands of devices. Phil Solis of IDC said power use was the biggest open question, since a model that runs often could still drain a battery.
The release also feeds a debate over whether efficiency gains will cut demand for memory and data-centre chips. Gil Luria, an analyst at D.A. Davidson, said shrinking models would not remove the need for processors. It would simply move some of them from data centres onto phones, part of a broader shift toward edge AI.
Hassibi said Google’s open-source Gemma model is next in the pipeline, followed by larger frontier models. “It’s very important that the intelligence be local and that it can run fast,” he said.

Brinc Drones, the Seattle-based maker of 911 response drones, has raised $125 million in a new funding round led by Motorola Solutions, boosting its ambitions to put a drone on the roof of every police and fire station in America.
The company says it will use the money to expand manufacturing capacity, bring new products to market, and grow its workforce. Later this year, Brinc is set to move into a new headquarters and factory in Seattle’s Queen Anne neighborhood — a former fish cannery on the Lake Washington Ship Canal — with three times the production space of its current factory.
The investment and expansion come as new federal restrictions squeeze Chinese-made drones out of the U.S. market, giving domestic manufacturers a new opening.
Brinc’s drones and devices are used by police, fire, and other emergency responders to reach 911 calls before officers arrive, deliver medical supplies, and assist in hostage negotiations. Founded in 2019 by CEO Blake Resnick, now 26, Brinc moved from Las Vegas to Seattle in 2021.
Existing investors Index Ventures and Figma founder Dylan Field also participated in the latest round, the company said. Motorola Solutions became a Brinc investor in April 2025 as part of a $75 million round that formed a strategic alliance between the two companies.
Brinc didn’t disclose a specific valuation associated with the round but said it nearly doubled from $480 million a year ago, which means it hasn’t quite reached billion-dollar unicorn status. The new capital brings Brinc’s total funding to more than $280 million.
Other investors who’ve backed the company include OpenAI CEO Sam Altman, Scale AI founder Alexandr Wang, Palantir CTO Shyam Sankar, former LinkedIn CEO Jeff Weiner, former acting Defense Secretary Patrick Shanahan, and former FCC chairman Julius Genachowski.

The company has grown to 187 employees, up from 108 a year ago, and is actively hiring for 41 more. It expects to top 250 employees by the time the new factory opens.
All of its drones are built in the U.S., which is a growing selling point as federal regulators tighten restrictions on Chinese-made drones. The FCC in December 2025 blocked foreign-made drones from receiving U.S. equipment authorization, effectively barring new models — most notably from Chinese giant DJI — from the American market.
Some exemptions have since been granted for certain non-Chinese drones, and DJI is challenging the ruling in court, but Brinc says the shift has prompted more public safety agencies to look at American-made drones like its own.
Brinc’s drones integrate with Motorola’s public safety radios, 911 call systems, and dispatch software. An officer can launch a Brinc drone by pressing a button on a Motorola radio, or have one dispatched automatically when a 911 call comes in.
The company’s drone lineup includes the Lemur 2 for indoor use, the Responder 911 response drone, and Guardian, a larger Starlink-connected drone unveiled in March that the company says is built to replace police helicopters.
The company said it more than tripled revenue in 2025 and has signed nearly four times as many 911 response drone contracts so far this year as it did in the same period of 2025. Newer customers include the Los Angeles Fire Department and St. Louis Police Department.
More than 900 public safety agencies now use Brinc’s products, according to the company, including more than 20% of U.S. SWAT teams. That’s a fraction of the roughly 80,000 police and fire stations across the country that Brinc is targeting.
Loro Piana Fall 2026 Enters Houston’s Art Scene
Weekend Open Thread: Nutriplenish Leave-In Conditioner
2026 Genesis Scottish Open Thursday TV coverage: Round 1
Super Eagles star Moses Simon opens up on Liverpool transfer regret
Character.AI enters the microdrama arena with its own productions, but there’s a twist
Young campaigners urge incoming PM to act on outdoor junk food ads
XRP BOMBSHELL… XRP OMBOARDED FOR TRANSACTIONS!!!
Get Your ESP32 Sunny Side Up With This Solar Dev Board
Dark Secrets Emerge When Jailbreaking LLMs
Crypto Just Entered Its Most Important 6-Month Candle (Could Decide Everything!)
Level Infinite Launches Gangstar Mirage City in India with Pre-Registrations
Major update after Huntingdon train attack as man enters plea
how to make coin bank box with cardboard #scienceproject #money #diy #shorts
Cloudflare Precursor Watches Your Mouse and Keyboard To Decide If You Are Human
Entra passkey enrollment vishing targets Microsoft 365 users
DeFi Dashboard Zapper to Shut Down After 7 Years
Ripple, Coinbase, Circle Join Linux x402 Foundation to Help Shape AI Payments
Mark Cuban-Backed DeFi Dashboard Zapper Shuts Down After 7 Years
Claude’s New Reflect Dashboard Wants To Help You Log Off Of Claude
Fed minutes June 2026: officials split on rates
You must be logged in to post a comment Login