In short: CoreWeave announced a multi-year agreement with Anthropic on April 10, 2026, giving the Claude maker access to Nvidia GPU capacity across US data centres for production-scale AI workloads. Financial terms were not disclosed. The deal arrives one day after CoreWeave announced a $21 billion expansion of its Meta partnership, and adds Anthropic to a customer roster that now covers nine of the ten leading AI model providers. CoreWeave generated $5.13 billion in revenue in 2025 and is guiding for more than $12 billion in 2026, backed by a contracted backlog exceeding $66 billion.

Ex-crypto miner becomes AI’s landlord

CoreWeave was founded in 2017 as Atlantic Crypto, an Ethereum mining operation that bought Nvidia graphics processing units in bulk to mine cryptocurrency and rent spare GPU capacity to other miners. When crypto margins compressed in 2019, the company renamed itself CoreWeave and pivoted to GPU-on-demand cloud services for general computing purposes. The timing proved transformative: the AI model training boom that began in earnest in 2023 turned CoreWeave’s stockpile of Nvidia hardware into one of the most strategically valuable infrastructure positions in technology. The company went public on Nasdaq under the ticker CRWV on March 28, 2025, at $40 per share, raising $1.5 billion and valuing it at approximately $23 billion. CoreWeave operates 32 data centres with more than 250,000 GPUs and 1.3 gigawatts of contracted power capacity. Its 2025 revenue of $5.13 billion represented a 168 per cent increase year-on-year, and management has guided for more than $12 billion in 2026 revenue against a contracted backlog that now exceeds $66 billion.

The company’s rapid growth has come with a significant concentration risk: Microsoft accounted for approximately 67 per cent of CoreWeave’s 2025 revenue, a dependence that investors and analysts flagged in the run-up to the IPO. Microsoft’s push to develop its own AI models adds a further strategic variable, raising the question of how much of Microsoft’s compute demand will eventually shift toward in-house infrastructure rather than third-party GPU cloud rental. The Anthropic deal, arriving the day after a $21 billion Meta expansion, represents CoreWeave’s most visible effort to build a diversified customer base that reduces its dependence on any single hyperscaler.

What Anthropic is paying for

Anthropic’s compute strategy has grown more complex alongside its revenue. The company’s annualised revenue run rate surpassed $30 billion in early April 2026, more than three times the $9 billion figure it recorded at the end of 2025. That rate of acceleration, driven by enterprise Claude adoption and the breakout growth of Claude Code, has required Anthropic to expand its infrastructure commitments across multiple chip architectures simultaneously. Its primary training workloads run on Amazon Web Services Trainium hardware via Project Rainier, a large-scale cluster spanning hundreds of thousands of AI chips across multiple US data centres. Three days before the CoreWeave announcement, Anthropic’s deal with Google and Broadcom for multi-gigawatt TPU capacity secured access to approximately 3.5 gigawatts of next-generation tensor processing unit compute expected to come online in 2027. The CoreWeave deal fills a third lane: Nvidia GPU capacity for production inference workloads, running at the scale and latency performance that enterprise Claude deployments require. Anthropic’s $100 million commitment to its Claude partner network earlier this year signalled the company’s intent to expand the ecosystem of developers and enterprises building on Claude, and that ecosystem expansion is now directly driving the compute procurement decisions behind deals like this one.

CoreWeave co-founder and CEO Michael Intrator framed the deal in terms that go beyond raw infrastructure capacity. “AI is no longer just about infrastructure, it’s about the platforms that turn models into real-world impact,” he said. “We’re excited to work with Anthropic at the centre of where models are put to work and performance in production shows up. It’s exactly the kind of real-world deployment of AI that CoreWeave was built for.” Anthropic will initially deploy compute under a phased infrastructure rollout, with the option to expand the arrangement over time. The specific Nvidia chip architectures involved have not been publicly disclosed, though CoreWeave’s estate spans current and next-generation Nvidia GPU generations. Nvidia’s Vera Rubin GPUs, unveiled at GTC 2026, represent the next major architecture in CoreWeave’s deployment roadmap, with volume shipments expected in the second half of 2026.

Nine of ten, two deals in 48 hours

The Anthropic agreement means that nine of the ten leading AI model providers now use CoreWeave’s platform, a market penetration figure the company cited in its press release. The customer roster built alongside Microsoft includes Meta, OpenAI, Mistral, Cohere, IBM, and Nvidia itself, as well as a sub-leasing arrangement through which Microsoft supplies some CoreWeave capacity to third-party clients. The Meta relationship deepened significantly on April 9, 2026, one day before the Anthropic announcement: Meta committed an additional $21 billion to CoreWeave for dedicated AI cloud capacity running from 2027 through December 2032, bringing the total value of the two companies’ infrastructure relationship to approximately $35 billion. CoreWeave also expanded its agreement with OpenAI by up to $6.5 billion earlier in 2026. The two announcements in 48 hours, covering Meta and Anthropic, illustrate how CoreWeave is converting its infrastructure position into long-duration contracted revenue rather than spot-market GPU rentals. CoreWeave raised $8.5 billion in a GPU-backed debt facility in March 2026, with the Meta relationship used as collateral. The Anthropic deal, while undisclosed in value, will contribute to a backlog that analysts are watching as the primary indicator of the company’s long-term revenue predictability.

The infrastructure tells a story about dependence

The same day CoreWeave announced the Anthropic agreement, reports emerged that Anthropic is exploring the design of its own custom AI chips — a move that would, if realised, eventually reduce its dependence on the Nvidia-powered infrastructure that CoreWeave provides. The irony is deliberate: Anthropic’s current infrastructure commitments across AWS, Google Cloud, and now CoreWeave reflect a company that is simultaneously expanding compute dependency in the short term and exploring the routes to architectural independence in the long term. That tension is not unique to Anthropic. Meta, OpenAI, and Google have all invested heavily in custom silicon programmes while continuing to rent third-party Nvidia capacity, because the timelines for custom chip maturity and the demand curve for AI compute do not align closely enough to allow a clean transition. CoreWeave’s position as the GPU landlord of choice for the AI industry is therefore both a statement about the current moment and a structural bet that Nvidia-native cloud capacity will remain competitively necessary for at least the duration of the contracts now being signed. As AI infrastructure spending accelerated through 2025, the GPU cloud market began to look less like a transitional gap-filler and more like a permanent layer of the AI stack, and CoreWeave, two deals in two days, is the clearest evidence of that shift.

In short: Amazon’s Brand Innovation Lab, PetIQ’s PetArmor brand, and Best Friends Animal Society have launched “Protect Playtime,” a campaign combining an AI-powered pet-matching tool on Amazon with Amazon Nova Reel-generated videos of individual shelter animals to drive adoptions. The tool processes natural language queries to match prospective adopters with compatible shelter pets, and a pilot event in Glen Rose, Texas, in February 2026 produced 24 adoptions in a single day, four times the previous record. Personalised generative video content for each animal is distributed across Prime Video and Amazon Streaming TV ads through July 31, 2026.

Every 90 seconds

Best Friends Animal Society estimates that a dog or cat dies in a US shelter every 90 seconds, a rate that translated to approximately 400,000 animals killed in 2025 despite nearly two-thirds of US shelters having reached no-kill status. The gap between the national no-kill aspiration and its reality sits in the third that has not yet crossed the threshold, facilities that lack the resources, visibility, or adoption throughput to move animals out faster than they arrive. The Protect Playtime campaign, announced on April 9, 2026, is an attempt by PetArmor, Amazon Ads Brand Innovation Lab, and Best Friends to close that gap through a combination of AI-assisted discovery, personalised generative video, and direct shelter infrastructure investment. The campaign name references PetArmor’s core product, flea, tick, and parasite prevention, and positions pet protection as beginning not with the treatment but with the adoption. Best Friends, which partners with more than 6,000 shelters and rescue organisations across the United States, provided the data infrastructure and shelter network that underpins the matching tool’s reach. “Best Friends is working toward a day where no dog or cat has to die in a shelter simply because they don’t have a safe place to call home,” said CEO Julie Castle. “This innovative campaign will make a meaningful impact on the lives of dogs and cats around the country by giving people new ways to connect with adoptable pets, and we’re honoured to work alongside PetArmor and Amazon to bring it to life.”

The matching tool and the Glen Rose pilot

The AI pet-matching tool is accessible at amazon.com/ProtectPlaytime and processes natural language queries from prospective adopters, questions about size, temperament, energy level, compatibility with children or other animals, and living situation, to surface shelter animals from Best Friends’ partner network that fit the stated preferences. The interface is designed to lower the research burden that frequently delays or prevents adoptions: prospective owners who struggle to navigate individual shelter databases, filter by characteristic, or assess compatibility from static listing photographs often abandon the process before making a match. By drawing on Best Friends’ partner network of more than 6,000 organisations, the tool aggregates inventory that would otherwise require multiple separate searches. The campaign team also invested directly in shelter environments: physical “Protect Playtime” spaces were built at participating facilities to give animals a setting in which to demonstrate their personalities to potential adopters, addressing the long-standing problem that shelter environments produce stress behaviours that make animals appear less adoptable than they would be in a home. A Valentine’s Day pilot event at Glen Rose Animal Control in Texas in February 2026 tested the combined approach, improved shelter environment, AI-assisted matching, and localised promotion, and produced 24 adoptions in a single day, four times the facility’s previous single-day record. Kyle Lembke, senior vice president at PetIQ, framed the campaign as a natural extension of the brand’s fifteen-year mission. “For 15 years, PetArmor has protected pets from outdoor threats,” he said. “Now we’re protecting their chance at finding a loving home. By giving the adoptable dogs and cats AI-powered animated videos that visualise their future and building shelter spaces where they can show their personalities, we’re removing the barriers between pets in shelters and the families who will love them.”

Nova Reel and the generative video layer

For each animal in the programme, Amazon’s Brand Innovation Lab created an animated generative video using Amazon Nova Reel, the company’s AI video generation model available through Amazon Bedrock. The videos are produced from text prompts and images of individual shelter animals, rendering each pet in a simulated home environment to help prospective adopters visualise the animal in a domestic context rather than a kennel. Nova Reel supports multi-shot video sequences of up to two minutes, drawing on text prompts and optional reference images to generate footage that Amazon describes as suitable for commercial deployment. The Protect Playtime videos run across Prime Video and Amazon Streaming TV advertising inventory through July 31, 2026, and are also featured in PetArmor’s Amazon Brand Store. The production pipeline, a unique generative video for each adoptable animal, rather than a generic campaign creative, would not have been economically viable with traditional video production methods; Nova Reel makes per-animal personalisation scalable across the full inventory of Best Friends’ partner shelters. Nova Reel has drawn attention beyond the Protect Playtime campaign in April 2026: the model is currently the subject of a lawsuit accusing Amazon of training Nova Reel on scraped YouTube videos, filed by a group of prominent creators including H3H3 Productions, alleging that Amazon used their content without consent or compensation to build the model’s training dataset. Amazon has not publicly commented on the litigation. Lauren Anderson, head of Amazon Ads Brand Innovation Lab, described the campaign’s design logic in terms of the North Star question the team applied to every decision. “The best part of working on this was aligning everything around one question: ‘how do we help more of our country’s adoptable pets in shelters find the healthy, happy homes they deserve?‘” she said. “That North Star drove every decision, the AI matching tool, the generative videos, the shelter spaces. It’s a true full-funnel campaign on a worthy mission.”

What the campaign signals about Amazon Ads

The Protect Playtime campaign is a working demonstration of what Amazon’s Brand Innovation Lab has been building toward: an advertising stack that moves from awareness to conversion within Amazon’s own ecosystem, using AI to personalise content at a scale that traditional creative production cannot match. The matching tool, the generative video, the streaming ad placement, and the shoppable PetArmor product listing are each layer of a closed funnel that begins with an adoption intent signal and ends with a product purchase. For a brand like PetArmor, whose revenues depend on pet owners who already have animals, driving adoption and driving product sales are the same motion. The same infrastructure logic applies beyond pet care: any category where product purchase is contingent on a prior life event or decision has a structural case for adoption-funnel advertising. The Brand Innovation Lab has positioned this campaign as a proof of concept for that broader model. April 2026 has been a week of heavy Amazon AI announcements in parallel contexts: Amazon’s $50 billion in Trainium chip infrastructure announced in Jassy’s shareholder letter on April 9, and the parallel expansion of AWS’s AI model and developer ecosystem visible in initiatives like the twelve European AI startups selected for Amazon’s 2026 AWS Pioneers cohort. The Protect Playtime campaign sits at the consumer-facing end of the same infrastructure stack: Nova Reel’s generative video capability is built on Amazon Bedrock, which runs on the same Trainium and Nvidia GPU infrastructure that Amazon is committing tens of billions of dollars to expand. The creative application is novel; the substrate is the same AI compute bet that is reshaping every layer of the technology industry. 2025 established AI as the defining technology of the decade, and campaigns like Protect Playtime are the first evidence of what that means at the level of a shoppable Prime Video ad for a rescue dog in Texas.

For a limited time, you can grab the Motorola Razr Ultra with 16 GB of memory and 512 GB of storage for just $700, a $600 discount from its usual price. It’s our favorite folding smartphone, with excellent performance, full-day battery life, and all the trappings you’d expect from a phone that doesn’t also fold in half.

While they may look similar to previous generations of Motorola Razr, there are quite a few under-the-hood improvements for the 2025 model. The Ultra model has the Qualcomm Snapdragon 8 Elite chip, paired with 16 GB of memory, for super snappy performance in everyday use and while gaming. It has an upgrade 4,700-mAh battery, which our reviewer Julian Chokkattu found was easily able to make it through a full day of use with around a quarter of its charge left. If you’re a heavy user and find yourself running low often, there’s 68-watt wired charging and 30-watt Qi wireless charging support to bring you back to life.

There’s no need to worry about the hinge in the middle breaking over time, as all the 2025 Razr models feature a titanium-reinforced hinge plate that should hold up well to daily use. While beauty is subjective, these phones really stand out, with beautiful Pantone color options and unique materials for the case. The screens are more durable too, with ceramic glass coating, and the Ultra features a proper AMOLED internal display with a refresh rate up to 165 Hz, perfect for gaming or smooth scrolling. The exterior screen is a 4-inch pOLED, which also has a 165-Hz refresh rate, so you can check notifications, respond to messages, and even catch a quick selfie without opening your phone.

If you’re ready to flip for this awesome Android smartphone, head on over to Amazon to grab the Motorola Razr Ultra in Pantone Scarab for just $700. If you don’t like the green, for $100 more you can upgrade to one of the other Pantone colors, Cabaret, Rio Red, or Mountain Trail. If you’re curious what the competition looks like, make sure to check out our guide to the best folding phones.

Snap’s AR glasses ambitions might be starting to look a lot more real. In an official announcement, Snap has said it has expanded its partnership with Qualcomm through a multi-year strategic agreement that will bring Qualcomm’s Snapdragon silicon to future generations of Specs.

The company describes this as the first flagship engagement for Specs Inc, which will be launching Specs wearable later this year.

What was revealed in the announcement

According to Snap, future Specs devices will run on Qualcomm’s Snapdragon XR platforms, while the company says it will provide the foundation for edge AI, on-device processing, advanced graphics, and lower-power performance. Snap is framing this mix as essential for building AR glasses.

Snap is clearly trying to position Specs like an always-on computer instead of the tethered demos.

Why this actually matters for Snap

Sony has been working on AR eyewear for years through Spectacles, but this latset announcement seems more serious because it is tied to a long-term hardware roadmap. The company says its collaboration with Qualcomm already stretches back more than five years, with Snapdragon platforms having powered multiple earlier generation of Spectacles.

So the new agreement is meant to provide a more predictable foundations for developers and partners building apps for the platform. Snap also added that the collaboration will focus on things like on-device AI, improved graphics, and advanced multiuser digital experiences. In simplers terms, Snap is saying it wants its glasses to handle AR interactions without feeling slow, power-hungry, or dependent on a phone.

There is still a lot that Snap isn’t saying yet. The company hasn’t shared detailed consumer hardware specs, pricing, or launch timing beyond later in 2026. Though, Snap clearly wants developers and buyers to see Specs as a long-term computing platform, and Qualcomm is now being positioned as the chip partner that could help make it possible.

Tired of seeing the Copilot AI logo appear everywhere in Windows 11? It may be getting at least a little less ubiquitous. Reports this week found the latest Insider version of Windows 11, version 11.2512.28.0, has removed Copilot language from key places such as the computer’s Notepad app. 

Previously, Notepad used Copilot to offer generative writing help, with a button featuring the AI tool’s swirly logo on the top right of the toolbar. Options included writing from scratch with prompts, rewriting, changing tone and more. In the latest update, the Copilot language has disappeared from Notepad, and the feature has been renamed “Writing tools.”

“Writing tools” appears to offer all the same AI features Copilot did, just without the name. The Copilot branding has also vanished from Notepad settings, with AI tools now relegated to the Advanced Features section. This change follows reports from March that Microsoft is quietly backing away from pushing Copilot into so many parts of Windows 11. 

That’s not entirely surprising. AI is one of the least popular things in the US in 2026. Copilot has drawn particular ire on Reddit and other social media sites.

Right now, it looks like Microsoft is pausing its Copilot expansion and removing the branding while leaving the AI features themselves intact, at least on Notepad. Other reports suggest that AI features have disappeared entirely from the Windows 11 Snipping Tool. 

Again, it’s only the Insider version of Windows 11 that shows these Copilot changes for now. When I booted up my standard version of Notepad, Copilot was still there. So unless you’re signed up for early versions of Windows updates, you’ll have to wait for these changes to take effect. 

Microsoft did not immediately respond to a request for comment.

Amazon’s AI services division filed 1.1 million reports of suspected online child exploitation in 2025 to an advocacy group. But because those reports lacked essential information, there were zero cases where law enforcement was able to take action. A new inquiry opened in the Senate aims to ensure that never happens again.

Sen. Chuck Grassley, an Iowa Republican who chairs the Senate Judiciary Committee, this week opened an inquiry into eight big tech companies over their handling of mandatory reporting of online child exploitation. It’s the latest step in a growing movement questioning whether tech companies can be trusted to keep their youngest users safe while online.

Electronic service providers are required by law to report incidents of child sex exploitation to the CyberTipline run by the National Center for Missing and Exploited Children. In 2025, over 17 million reports of suspected online child sex exploitation were filed. But these reports may not have the necessary information to prompt action in the real world.

“I’m alarmed by what I’ve read,” Grassley said. “Based on information provided to my office, I am concerned that some companies have not provided NCMEC and law enforcement with sufficient data needed to protect kids and prosecute suspected predators.”

Grassley sent requests for more information to several major tech companies: Meta, TikTok, Roblox, Snap, Amazon AI Services, xAI, Grindr and Discord. These eight companies make up 81% of all child exploitation reports submitted to NCMEC. Notably absent from the inquiry was Google, owner of YouTube. 

A Meta spokesperson told CNET the company “works tirelessly” to protect kids from this “horrific crime,” stating: “We’re committed to constant improvement and appreciate feedback, which has already led us to make some improvements, as NCMEC has acknowledged. We will continue making refinements to improve our reporting process.” 

Grindr, Discord and Roblox made similar comments, saying they plan to work with the Senate and NCMEC on these issues. Grindr added that its dating site is only for adults, aged 18 and up. The other tech companies did not immediately respond to requests for comment. 

The Iowa Republican’s inquiry follows reports from NCMEC in 2025 that tech companies were failing to provide essential location data in their reports and failing to disclose their use of child sex abuse material in AI data training. This is especially concerning given previous incidents of AI being used to create nonconsensual intimate imagery, including child sex abuse material.

Child exploitation online is a growing issue. In 2025, Meta alone filed nearly 11 million reports, 1.2 million of which dealt with suspected child trafficking. Meta owns the popular platforms Facebook, Instagram and WhatsApp. NCMEC said in 2025 that Meta and xAI had improved their reporting, but it was still lacking.

“Many ESPs regularly tout the number of reports they submit to the CyberTipline, but fail to disclose that millions of reports lack basic information,” NCMEC wrote to Grassley in 2025. “This leaves children unprotected online, subjects survivors to revictimization, enables sexual offenders to remain freely online and wastes valuable and limited law enforcement resources.”

There has been movement in other branches of government to hold tech companies accountable for child safety. Meta was recently found liable by a New Mexico jury for misleading users about the safety of its platforms and failing to prevent child exploitation. The company was ordered to pay $375 million in damages. One day later, Meta and Google were found liable by a California jury for creating social media platforms that are addictive to children.

The first person was convicted on Tuesday under the new US anti-AI deepfake law, the Take It Down Act, for creating AI-generated child sex abuse materials.

• Thousands of official government email addresses are exposed online
• Credentials including plaintext passwords are available on the dark web
• The UK has the highest percentage of exposed credentials

The official email accounts of public officials all over the world have been leaked online, with many exposed alongside their plaintext passwords, making it trivial for an attacker to breach their accounts.

Researchers at Proton scoured the darker side of the internet for the publicly available email addresses of government officials – and discovered thousands of exposed credentials.

Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.

Rowhammer attacks attach the electrical characteristics of RAM, using manipulation of the contents of RAM to cause changes in the contents of adjacent memory cells. Bit values are just voltage levels, after all, and if a little charge leaks across from one row to the next, you can potentially pull a bit high by writing repeatedly to its physical neighbors.

The attack was used to allow privilege escalation by manipulating the RAM defining the user data, and later, to allow reading and manipulation of any page in ram by modifying the system page table that maps memory and memory permissions. By 2015 researchers refined the attack to run in pure JavaScript against browsers, and in 2016 mobile devices were shown to be vulnerable. Mitigations have been put in place in physical memory design, CPU design, and in software. However, new attack vectors are still discovered regularly, with DDR4 and DDR5 RAM as well as AMD and RISC-V CPUs being vulnerable.

The GDDR6-Fail attack targets the video ram of modern graphics cards, and is able to trigger similar vulnerabilities in the graphics card itself, culminating in accessing and changing the memory of the PC via the PCI bus and bypassing protections.

For users who fear they are at risk — most likely larger AI customers or shared hosting environments where the code running on the GPU may belong to untrusted users — enabling error correcting (ECC) mode in the GPU reduces the amount of available RAM, but adds protection by performing checksums on the memory to detect corruption or bit flipping. For the average home user, your mileage may vary – there’s certainly easier ways to execute arbitrary code on your PC – like whatever application is running graphics in the first place!

NoVoice Android Malware

McAfee identified a malware campaign in the Android Play store targeting older devices – using vulnerabilities publicly disclosed and patched between 2016 and 2021 – that was still found in over 50 apps in the official Google store.

All of the infected apps are built using a modified Facebook SDK to avoid detection, which unpacks the actual malicious payload from inside a PNG polyglot image. By using a common SDK found in millions of apps, the app looks like any other app using common libraries, even when viewing a decompiled list of classes referenced inside the binary.

Polyglot files are files that contain multiple valid file formats simultaneously – for instance a single file for Windows, Linux, or Web Browser or a JPEG containing a ZIP of all the works of Shakespeare. Polyglot files are possible because different formats often look for the start of data at different locations or when one file format denotes the length of valid data and happily ignores extraneous information. For malware, polyglot files are often used to hide malicious content in ways that detection tools or researchers may not spot.

Once the malicious payload is extracted from the PNG image in the app, the malware collects a fingerprint of the device, contacts a control server, and downloads exploits for that specific version. After gaining root, the exploit disables SELinux protections and replaces core system libraries with Trojan copies that impact every app. McAfee reports 22 different exploits in use, including Linux IPv6 kernel and Android GPU driver vulnerabilities, however all of the exploits used were fixed as of the 2021-05-01 Android security patches.

Ultimately, the malware steals authentication tokens and message databases from WhatsApp, reading them out of the local storage of the app, extracting the key from the running WhatsApp instance, and sending the decoded databases to a remote service. The malware also contains mechanisms to survive a factory reset by modifying the system partition of the device, but a full firmware re-install is still enough to get rid of it.

Unfortunately, older Android devices are still prevalent, and devices no longer supported by their manufacturers are still vulnerable to exploits based on publicly known and fixed security issues. There isn’t a good solution for devices abandoned by manufacturers, other than alternative firmware like LineageOS, but users of devices stuck on old firmware may also not be tech savvy enough, interested enough, or in a position to risk the device becoming nonfunctional by installing custom firmware.

Flatpak and XDG Fixes

Flatpak 1.16.4 and xdg-desktop-portal 1.20.4 have been released to address multiple security issues:

• CVE-2026-34078 in Flatpak allows a complete sandbox escape from the jailed app environment
• CVE-2026-34079 allows deleting any file on the host environment
• GHSA-2fxp-43j9-pwvc allows read access to files accessible by the Flatpak system helper, a system service for integrating Flatpak apps with the rest of the system environment
• GHSA-rqr9-jwwf-wxgj in xdg-desktop-portal which allowed writing to arbitrary system files, independent of the bug in Flatpak itself

Flatpak is a Linux application packaging format that aims to provide installations that work on any Linux distribution. Normal packaging formats like deb and rpm are tightly linked to the specific version of the specific distribution they are built for. Flatpak packages all dependencies for an application, which increases the package size but reduces the load on the developer to provide builds for every possible variation. xdg-desktop-portal is a companion helper to Flatpak to manage access to system resources like screenshots, opening files outside the sandbox, and opening links in the default browser.

Flatpak attempts to introduce a modern sandboxing security model on top of Linux apps, similar to the restricted access model most mobile apps run under on Android or iOS. Traditionally, any code running has the permissions of the user running it; reducing that access can reduce the attack surface. Flaws in the sandboxing code can allow exploits in an app to impact the rest of the system.

Almost all modern Linux distributions include Flatpak support, and it may not even be obvious to users when a package comes from Flatpak versus a traditional package – many commercial Linux applications like Slack and Steam distribute as Flatpak images, and many open source tools also provide images. For all our Linux users – make sure you’ve applied any pending security updates in your distribution!

Minnesota Ransomware

In an example of real-world impacts, Minnesota has requested assistance from the National Guard after a significant ransomware attack against Winona County. The state has asked the National Guard to assist in recovering from an attack impacting unspecified systems, but which apparently was severe enough that local and state resources weren’t enough. The only definitive statements from county officials are that emergency dispatch and 911 services are not disrupted – a frighteningly low bar you hope to not see. This is the second ransomware attack this county has seen this year, reportedly from unrelated attackers.

While high-profile ransomware attacks against governments and major corporations get lots of press, smaller companies are also impacted. Ransomware continues to be a pervasive problem, especially for organizations with a small – or even no – official IT department or security positions. Many security companies offer discounted or sometimes even free support to small companies and non-profits; if this is you, there’s no better time to look into multi-factor authentication, account privilege auditing and limiting, and testing your (offline) backups!

Router Hacks Redirect DNS

Following on with the real world impacts of some of the advisories, Lumen reports a widespread campaign to exploit home routers and install authentication-hijacking malware.

The attack targets TP-Link and MikroTik routers: TP-Link is a common home router brand, while MikroTik is more common in small business and remote office environments. Lumen comments that the attack seems to focus on older models, implying that it is using older, publicly disclosed vulnerabilities in devices which have been designated end-of-life by the manufacturers. Nearly 20,000 unique IPs were seen communicating with the control servers, so there were a lot of unmaintained routers out the Internet.

Once the router was compromised, the attackers used DNS redirection to send users to fake login pages to capture authentication info for Microsoft Office and other corporate resources. By hijacking DNS in the router and passing a custom DNS server over DHCP to local systems on the network, the attackers controlled the login pages. While DNS level attacks can’t defeat protections like SSL, users may not notice that they are being phished with an unencrypted login lookalike site, or they might just ignore the SSL warnings and click through anyhow.

Lumen credits Russian state actors with the attack, with the victims including national and local governments and regulatory agencies.

Malware on 3D Printer Repos

Striking closer to home, this Reddit post points out a malware campaign targeting sites holding models for 3D printers such as Printables, Thingiverse, and Makerworld.

Abusing the ability to upload arbitrary files to the model sites, the goal appears to be to trick the user into downloading a zip file containing Blender assets with instructions on “how to convert them to a STL”. Unfortunately, Blender has an embedded scripting environment (Python) – opening untrusted Blender ‘blend’ files allows direct execution as the user running Blender! The malicious files and instructions then download traditional malware and infect the user. Vendors of 3D assets have experienced this before, but it may be a first for the printing sites to deal with.

The campaign appears to have been stopped a few days later, with the original poster reporting that the flood of fake accounts appears to have stopped a few days later.

Unfortunately this goes to show that constant vigilance is needed – if something that should be a basic 3d model expects you to download additional tools to convert it to the format used everywhere else on the site, it’s probably worth being suspicious. Formats with embedded scripting environments are a new level of unexpected behaviors users have to be aware of – difficult if you’re not already a Blender user familiar with the capabilities and risks!

PLC takeover

Finally, this week’s “you hope it’s not your problem” is an advisory from CISA, the United States cyber security agency. It appears that Iranian state-sponsored agents have been attacking Programmable Logic Controller (PLC) systems. Usually outside the realm of the home hacker, PLC systems like these are used to control factories, power plants, water treatment facilities, and other industrial scale facilities.

Before the Internet of Things took the reins as the joke category for security — “the ‘S’ in IOT stands for security” — one of the strongest contenders was SCADA, or Supervisory Control and Data Acquisition devices. SCADA fills a suspiciously parallel role to IOT in the industrial space, providing network monitoring and control of physical systems, and suffers some of the same fate. A SCADA system may be too difficult to update, too important to risk the downtime of a change gone wrong, or simply too legacy to have support from the manufacturer, and like an IOT device, generally isn’t expected to be exposed to the entire Internet.

Out of the realm of most people – even technically inclined ones – SCADA attacks may still be some of the highest profile attacks someone has heard of. The Stuxnet worm in 2010 targeted SCADA control systems and modified PLC-controlled centrifuges used for uranium refinement. In 2015 and 2016 the Ukrainian power grid suffered two major attacks targeting the SCADA control systems, closing breakers and forcing manual intervention at each substation to restore power to 250,000 people. The attacks evolved into the ‘CRASHOVERRIDE’ malware, which is specifically designed to target power grid SCADA control systems.

The simplest fix is to ensure these systems are never connected to the Internet at large. (If simple can be said to apply to processes controlling multi-million dollar facilities.) But even separated from direct connections, systems that cannot be safely updated to patch security concerns will always be at risk of router and firewall appliance compromises, or compromised PCs or laptops allowed onto the control network.