Spotify is leaning even harder into AI, and this time it wants your chatbot to double as a podcast producer.

The streaming service has launched a new beta feature called Save to Spotify. This lets AI agents like OpenClaw, Claude Code and OpenAI Codex generate personalised podcast-style audio briefings directly inside your Spotify library.

The idea is fairly simple: instead of reading through notes, schedules or research documents yourself, you can ask an AI assistant to turn them into an audio episode. You can then listen to it later. Spotify says the feature can handle everything from daily briefings and travel plans to study notes and deep dives into specific topics.

Once generated, the Personal Podcast is saved like a regular episode inside Spotify. It is ready to stream during a commute, workout or wherever else you normally catch up on podcasts.

Getting started is a little more developer-focused than Spotify’s usual features. Users need to install the Save to Spotify CLI tool from GitHub. Then they must connect their Spotify account through a browser login. After that, they prompt their AI agent to create a podcast. Spotify automatically adds the generated episode to the user’s library.

Spotify also shared a few examples of how to use the tool. One suggested prompt creates a five-minute morning briefing using your calendar, inbox and news feeds. Another turns holiday plans into an audio travel itinerary complete with restaurant recommendations and airport routes. You could even ask for a narrated explainer on this year’s World Cup.

The move shows how aggressively Spotify is embedding itself into the AI ecosystem beyond music streaming. The service already integrates with AI assistants like Claude and ChatGPT for playlist controls and recommendations. However, Save to Spotify pushes things much further by treating AI-generated audio as a first-class feature inside the app.

Spotify also quietly confirmed another AI update alongside the launch: users can now interact with the AI DJ in four additional languages beyond English and Spanish.

For now, Save to Spotify remains in beta. However, it’s a pretty clear sign of where Spotify sees the platform heading next — less passive listening, more AI-generated audio built around your own life.

The OnePlus 16 might still be months away, but if the latest rumours are accurate, OnePlus is preparing one of its most over-the-top flagship phones yet.

According to leaks shared by Digital Chat Station, the OnePlus 16 could arrive with a staggering list of specs. These may include a 240Hz display, LPDDR6 RAM, a 200MP zoom camera, and a massive 9,000mAh battery. In addition, Qualcomm’s next-gen Snapdragon 8 Elite Gen 6 Pro chip is also tipped to power the device.

Some of those upgrades make sense. Others feel like OnePlus is simply turning every number up to the maximum.

The jump to a 200MP zoom camera is probably the most believable move here. OnePlus phones have traditionally lagged behind Samsung and Google when it comes to camera consistency, so improving the telephoto hardware would be a logical next step.

The rest of the rumoured spec sheet, though, borders on excessive. A 240Hz refresh rate would comfortably outpace almost every flagship on the market. However, realistically, very few apps or games would fully support it. Even the OnePlus 15’s already-aggressive 165Hz panel felt beyond what most users actually needed.

The same goes for the supposed 9,000mAh battery. That would make it one of the biggest batteries ever fitted into a mainstream smartphone. In fact, it would be nearly double the size of the Galaxy S26 Ultra’s 5,000mAh cell.

What makes these leaks more interesting is the timing. Rumours surrounding OnePlus itself haven’t exactly been calm lately, with reports suggesting Oppo could scale back OnePlus operations in the US; the company has already scaled back operations in the UK and Europe in recent weeks.

Alternatively, they could potentially merge the brand more closely with Realme. Nothing has been confirmed either way, but the uncertainty has been enough to spark questions. People are wondering where OnePlus fits within Oppo’s wider strategy.

That’s partly why the OnePlus 16 rumours feel so aggressive. This doesn’t sound like a company playing it safe. Instead, it sounds like a brand trying to build a headline-grabbing flagship. Their aim is to remind people what made OnePlus exciting in the first place.

There’s also a reason to stay cautious. Digital Chat Station reportedly edited the original leak post to remove some of the speculation, suggesting the details may still be in flux. But even if only half of these rumours prove true, the OnePlus 16 already sounds like it’s aiming to be one of 2026’s most outrageous Android phones.

Security

There’s a mysterious framework worming its way through exposed cloud instances removing all traces of TeamPCP infections, but it’s not benevolent by a long shot: Whoever is behind this bit of malware may be cleaning up who came before, but only so they can take their place.

Discovered by security outfit SentinelOne’s SentinelLabs researchers and dubbed PCPJack for its habit of stealing previously compromised systems from TeamPCP, the worm was first spotted in late April hiding among a Kubernetes-focused VirusTotal hunting rule. It stood out from known cloud hacktools, said SentinelLabs, because the first action it always takes is to eliminate tools associated with TeamPCP attacks. 

The script didn’t stop there, though.

“We initially considered that this toolset could be a researcher removing TeamPCP’s infections,” SentielLabs said. “Analysis of the later-stage payloads indicates otherwise.”

“Analyzing this script led us to discover a full framework dedicated to cloud credential harvesting and propagating onto other systems, both internal and external to the victim’s environment,” SentinelLabs continued. In other words, this thing will harvest credentials from everywhere it can get its hands on, and then find new, unsecured cloud environment targets to spread itself to. 

TeamPCP came onto the scene late last year, and since then has made a name for itself primarily by undertaking a successful compromise of the Trivy vulnerability scanner. That act spread credential-harvesting malware which attackers then used to pivot to more valuable targets, and became one of the most notable supply chain attacks in recent memory. 

Unlike TeamPCP’s campaign, which relied on the spread of compromised software by human actors, this one spreads on its own accord. 

Infections start when already-infected systems look for exposed services, including Docker, Kubernetes, Redis, MongoDB, and RayML, as well as exposed web applications. Once it finds a vulnerable environment, it runs a shell script on the target system that sets up an environment to download additional payloads and searches for TeamPCP processes and artifacts to kill. 

That part of the infection downloads the worm itself, along with modules to enable lateral movement, parse credentials and encrypt them for exfiltration, and for scanning the web for new environments to infect. 

From there, the worm goes to work with the second module in its kit that conducts the actual credential thefts. This portion of the infection targets environment variables, config files, SSH keys, Docker secrets, Kubernetes tokens, and credentials from a list of finance, enterprise, messaging, and cloud service targets so long that we recommend taking a look at it here, or just assuming whatever you’re using is probably being targeted. 

SentinelLabs noted that the lack of a cryptominer in the malware package is unusual, and said the particular services it targeted suggests its goal is either conduct its own spam campaigns and financial fraud with the stolen data, or to make the data it harvests available to those planning similar crimes. 

The worm’s practice of removing TeamPCP files could be opportunistic, or could mean there’s drama going on in the cybercrime world. 

“We have no evidence to suggest whether this toolset represents someone associated with the group or familiar with their activities,” SentinelLabs noted. “However, the first toolset’s focus on disabling and replacing TeamPCP’s services implies a direct focus on the threat actor’s activities rather than pure cloud attack opportunism.”

Because this is a worm relying on unsecured cloud and web app instances ripe for targeting, mitigation recommendations are pretty simple: Keep your cloud platforms secure, and ensure authentication is required even for instances of things like Docker and Kubernetes that aren’t exposed to the internet. ®

Hackers give operator Instructure until 12 May to ‘negotiate a settlement’.

Cyber extortion group ShinyHunters has claimed responsibility for a second breach into edtech giant Instructure – this time, for hacking into the Canvas login portal.

The hackers replaced the Canvas login page with a message that claimed responsibility for an earlier Instructure breach and threatened to leak stolen data if ransom demands aren’t met.

“ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches’,” the message seen by news publications read.

“If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by May 12 2026 before everything is leaked,” it continued.

Bleeping Computer reported that the threat actors’ message appeared in around 330 educational institutions’ portals. It was up for approximately 30 minutes before being taken down. ShinyHunters told the publication that the stolen data contains private messages, user records and enrolment data.

Canvas is used by more than 8,000 educational institutions globally, including several in Ireland, such as the University of Galway and Munster Technological University (MTU). The platform enables communication between students and faculty, and provides coursework management and grading services.

Earlier this week, MTU informed users of a cybersecurity breach into Instructure, which it believed, at the time, did not affect its services. Yesterday (7 May), the institution advised caution, and told staff and students that Canvas remains safe to use.

Meanwhile, in a statement to SiliconRepublic.com, the University of Galway said: “Services have been restored following a relatively low level of disruption in the last 24 hours. We are continuing to liaise with the company affected to understand the full nature and extent of the breach.”

According to the company’s status page, Instructure first began experiencing issues at around 6.30pm Irish Standard Time yesterday. At the time of publication, the services are back online for “most users”.

Last Friday (1 May), Instructure disclosed that it experienced a cybersecurity incident perpetrated by a criminal threat actor. ShinyHunters claimed responsibility for the attack and claimed to have stolen 280m records. The threat actor also published a list of more than 8,800 institutions that were affected by its attacks on Canvas.

On 6 May, Instructure said the stolen information includes “certain identifying information of users at affected institutions, such as names, email addresses and student ID numbers, as well as as messages among users”.

In March, ShinyHunters was linked to a breach of the European Commission’s Europa.eu platform, where 350GB of data, across multiple databases, was reportedly accessed and stolen.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Updated 8 May, 12.34 pm: The article has been updated with a statement from the University of Galway.

Friday is the last day for your encrypted Instagram DMs. After May 8, the platform will no longer support the feature, it announced in a help post.

Instagram said in March that it would stop offering end-to-end encryption to its roughly 3 billion users worldwide. At the time, Meta said the feature, which required people on the platform to opt in, had a low adoption rate.

A Meta spokesperson told CNET that nothing has changed in its plans since that announcement and repeated a statement from March: “Very few people were opting in to end-to-end encrypted messaging in DMs, so we’re removing this option from Instagram in the coming months. Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp.”

WhatsApp is also owned by Meta.

Read more: I Tried Signal, Telegram and WhatsApp, and This Is the One I’d Recommend

The change means that there’s no longer the option to keep private messages on Instagram shielded from potentially prying eyes. By default, if law enforcement agencies are given access to someone’s Instagram messages, there’s no encryption to prevent them from reading them. With the option enabled, Instagram users could keep messages private, with only the keys on their devices able to unlock them. However, anyone in an encrypted chat could also share messages with Meta if they were reporting an incident, or with anyone else if they chose. 

How to get your encrypted messages

According to the help page message, you’ll be able to download any encrypted messages you have: “If you have chats that are affected by this change, you will see instructions on how you can download any media or messages you may want to keep,” the company said. “If you’re on an older version of Instagram, you may also need to update the app before you can download your affected chats.”

Cloudflare on Thursday joined a growing list of tech companies — including Meta, Microsoft, and Amazon — that have reported increased revenue alongside massive layoffs, attributing both trends to their use of AI.

Cloudflare, which provides internet security and performance services to millions of websites worldwide, announced it was cutting its workforce by approximately 20%, which equates to 1,100 people, it said as part of its first quarter 2026 earnings report on Thursday.

“We’ve never done something like this in Cloudflare’s history,” co-founder and CEO Matthew Prince said Thursday on the quarterly conference call, marking the first mass layoff in the company’s 16-year history. The company is cutting people from all teams and geographies except for salespeople who carry revenue quotas, CFO Thomas Seifert detailed on the call.

The news of the workforce cuts came as the company reported quarterly revenues of $639.8 million, a 34% year-over-year increase and the highest single quarter in the company’s history. However, this was coupled with a loss of $62.0 million compared with losing $53.2 million in the year-ago quarter.

That widening loss, even as revenue surged, highlights a familiar paradox in Cloudflare’s story: the company is growing fast but has yet to turn a consistent profit. But the loss was a smaller percentage of revenue, and the quarter was coupled with a lot of other positive indicators. For instance, Cloudflare reported that it had over $2.5 billion in “remaining performance obligations,” a year-over-year growth of 34%. RPO is the favorite metric these days to indicate revenue under contract but not yet delivered.

Hence, Prince insisted, the 20% cuts were not to reduce expenses but were strictly because of its use of AI.

“Today’s actions are not a cost-cutting exercise or an assessment of individuals’ performance; they are about Cloudflare defining how a world-class, high-growth company operates and creates value in the agentic AI era,” Prince and Cloudflare co-founder and COO, Michelle Zatlyn, wrote in a related blog post about the layoffs.

Prince acknowledged on the call that even though Cloudflare has been selling AI-powered products, it was at first cautious about adopting AI itself.

“Internally, the tipping point was last November. At that point, across our teams, we began to see massive productivity gains, team members that were two, 10, even 100 times more productive than they had been before. It was like going from a manual to an electric screwdriver,” he described.

“Cloudflare’s usage of AI has increased by more than 600% in the last three months alone,” he added.

Prince highlighted the internal use of AI coding, saying that virtually the entire R&D team is now using the company’s own Workers platform — a tool that lets developers build and run software directly on Cloudflare’s global network — including its vibe coding feature. He also noted that 100% of the code produced this way and deployed for use in Cloudflare’s products is “now reviewed by autonomous AI agents.”

But it’s not just developers who are using AI internally, he said. “Employees across the company from engineering to HR to finance to marketing run thousands of AI agent sessions each day to get their work done.”

As a result, these highly productive, AI-powered employees require fewer support staff, he argued.

“A lot of the support people that provide support behind them, those roles aren’t going to be the roles that, you know, drive companies going forward,” Prince said.

Interestingly, Prince says that Cloudflare “will continue to hire people, and we’ll continue to invest in them because the people that are embracing these tools are just so much more productive than we’d ever seen before. I would guess that in 2027 we’ll have more employees than we did at any point in 2026.”

Cloudflare said it ended its first quarter before layoffs with a headcount of about 5,500.

The pattern Prince described — deploying AI gains as justification for workforce reductions even during a period of strong revenue growth — is fast becoming a familiar script across the tech industry. Whether it reflects true structural transformation or acts as convenient cover for cost discipline is a question that investors and employees will be wrestling with for some time to come.

When asked by an analyst on the call why the company needed to cut so deeply after such a good quarter, Prince said, “Just because you’re fit doesn’t mean you can’t get fitter.”

Nothing has expanded the Nothing Ear (open) lineup with a blue colourway, set to go on sale on 11 May, nearly a year after the earbuds launched exclusively in white.

The addition marks the first time the Ear (open) has received an alternative finish, a gap that stood out against the broader Nothing earbud range, which launched with black and yellow options across other models in 2024, giving the open-ear variant a noticeably more limited visual identity from the start.

That single-colour restriction was an unusual choice for Nothing, a brand that has leaned heavily into distinctive industrial aesthetics and bold colour pairings as a core part of its market positioning across both phones and audio hardware since launching in 2021.

The new blue sits on the more restrained end of the spectrum for Nothing, described as a subdued shade rather than the vivid tone seen on the recently released Nothing Phone (4a), which adopted a brighter, more saturated blue finish that drew considerable attention at launch earlier this year.

Nothing teased the colourway earlier this week through its community forum under the codename “Flaaffy,” with the formal announcement confirming the 11 May release date following subsequent posts on the brand’s X account, where a short promotional caption referenced the ocean, the sky, and Yves Klein among its blue-themed references.

The Ear (open) itself sits in a still-emerging product category, with open-ear earbuds occupying a distinct space from in-ear and over-ear designs, prioritising ambient awareness over isolation and finding a growing audience among commuters and outdoor users who prefer to keep some connection to their surrounding environment.

Nothing has not announced any changes to the hardware, driver configuration, or software features alongside the new finish, meaning the blue Ear (open) carries the same specifications as the original white model released in 2024.

The blue Nothing Ear (open) goes on sale on 11 May, with pricing expected to match the existing model’s retail rate.

Problems in space can be complex and dangerous. But NASA’s Curiosity Mars rover spent the end of April embroiled in a much simpler problem: It got stuck in a rock.

Curiosity’s woes began on April 25 when it drilled into a 28-pound rock NASA nicknamed Atacama. In a moment that could’ve come straight out of a Flintstones episode, Curiosity became stuck, and when it tried to pull its drill out, it yanked the whole rock with it. 

“Drilling has fractured or separated the upper layers of rock in the past, but a rock has never remained attached to the drill sleeve,” NASA said in a blog post.  

Such problems are comical here on Earth, where we can just shake the tool and the rock around until it’s free. Not so on Mars. Radio signals can take nearly half an hour to travel between Earth and Mars. Curiosity’s controllers had to send instructions and then wait upward of 30 to 45 minutes to see if the rover did anything. 

It took five days of troubleshooting, but NASA’s Jet Propulsion Laboratory crew finally freed Curiosity from its overly attached new friend on May 1. 

Watch Curiosity free itself from Mars’ clingiest rock

NASA’s Curiosity is known for sending panoramas of the Martian surface. Still, this time, the cameras caught Curiosity doing something many construction workers have to deal with every day. NASA posted two GIFs of the event. The first is a head-on shot, and the other is from a higher angle.

In the GIFs, you can see Curiosity drilling into the rock, a task it’s done many times before. Except when the rover lifts its arm, the rock comes along with it. The rover pauses right at the start before giving in to its fate and lifting the rock off the ground. 

Since these are stitched images, you don’t see the drill arm’s finer movements, but NASA says the rock was tilted, and the drill was rotated and vibrated multiple times over the course of the events. The rock finally falls free at the end. 

A representative for NASA told CNET that the rover was not harmed in the incident.