Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Tech
Bluekit phishing kit adopts browser-in-the-middle for login theft
The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week, and by adding browser-in-the-middle (BitM) capabilities for improved data theft.
First documented in April by Varonis researchers, Bluekit provides an AI assistant that supports multiple large language models (Llama, GPT-4.1, Claude, Gemini, and DeepSeek) for drafting phishing emails.
At the time, the phishing kit offered “customers” 40 distinct templates targeting popular online services such as Outlook, Hotmail, Gmail, Yahoo, ProtonMail, iCloud, GitHub, and Ledger.
A new report from digital risk protection company Netcraft warns that Bluekit has switched from adversary-in-the-middle to a BitM mechanism that uses the open-source JavaScript library ‘rrweb’ to serialize the page’s DOM and stream it over a WebSocket connection to the victim.
In a BitM attack, the victim interacts with a browser session controlled by the attacker, which loads the legitimate login page and relays requests and responses between the victim and the target service.
Netcraft notes that rrweb itself is a legitimate project widely used for session replay and analytics, and its presence in a web environment should not be interpreted as an indicator of compromise without a larger context.
Images, fonts, and CSS are fetched through the phishing infrastructure, while the victim’s inputs are forwarded back to the attacker’s browser.
The researchers state that rrweb was chosen for its excellent visual fidelity, real-time interactivity, and bandwidth efficiency.
However, some latency still exists, so any keyboard input and mouse click delays on the login pages should be considered as red flags.
Authentication completes in the attacker’s browser, granting them a valid session token and unlimited access to the victim’s account.
.jpg)
Source: Netcraft
The BitM attack method has been known since 2022, devised by researcher mr.d0x and later adopted for malicious activity.
Before stealing the credentials, Bluekit uses a comprehensive victim qualification system to distinguish real targets from researchers or security crawlers.
Anti-analysis systems in the latest Bluekit include:
- Randomized CSS filters to defeat screenshot-based detection.
- A large (>1 MB), frequently changing obfuscated JavaScript bundle.
- Custom CAPTCHA that may imitate Cloudflare or the target brand.
- Browser fingerprinting (RAM, CPU cores, screen resolution, language, headless browser detection, anti-fingerprinting extensions).
- WebRTC-based IP mismatch detection to identify users behind proxies or VPNs.
Netcraft also reports that the live (5-second update interval) monitoring system Varonis previously documented is still available in BlueKit, allowing operators to monitor victims as they are entrapped in deceptive login sessions and track their actions after login.
The researchers’s report provides a set of indicators and signals that are associated with Bluekit but do not constitute indicators of compromise.
These include CSS filter manipulation on top-level HTML elements with randomized values, an obfuscated JavaScript bundle that is rotated periodically, browser fingerprint checks, a WebSocket connection sending encrypted or binary data on login pages, and WebRTC IP mismatch detection on the landing page.
For organizations looking to defend against increasingly sophisticated phishing, business email compromise (BEC), and account takeover (ATO) attacks, BleepingComputer is hosting a webinar with Abnormal titled “Stop chasing alerts: Automating email security with behavioral AI.“
The webinar will explore how behavioral AI can help security teams detect and respond to modern phishing attacks, automate investigations and remediation, and reduce the operational burden caused by alert fatigue and increasingly sophisticated social engineering campaigns.
Continue Reading
Data from Inrix.com found that American drivers in 2025 on average spent nearly 50 hours a year sitting bumper to bumper with other motorists, up from 44 hours in 2024. Something those residing in places like Chicago, and other U.S. cities that have the worst traffic know only too well. According to the U.S. Department of Transportation, other than severe weather, merging is the biggest enemy to the flow of traffic.
In an effort to reduce bottlenecks, several state level agencies have been promoting something called “zipper merging.” Essentially, vehicles in the merging lane should wait to get over until nearing the lanes end, with motorists in both the merging and open lane alternating turns. But there is a lot of confusion surrounding the practice. It requires motorists in the open lane to allow mergers in and is typically reserved for specific circumstances such as lane closures. Also, a consistent speed from the merging lane is crucial. Rushing forward then hitting the brakes at the merge point go against the zipper method.
To be clear, there is no national law mandating the practice. Some states ask drivers to implement it in certain conditions and included it in campaigns to educate the public. However, others such as Utah, do have a law (41.6a-903.1) that specifically names the “Zipper method.” It’s also mentioned in Illinois Rules of the Road publication and carries a potential fine if disregarded. You should verify your areas stance on zipper merging with your local DMV.
Why use zipper merging?
When two lanes merge into one, the zipper method asks motorists to use the entirety of the lane that’s coming to an end (rather than getting over immediately). This allows speeds to match across both lanes of traffic, improving efficiency. The slowdown affects everyone equally, which may reduce anger among drivers. Some figures, like a Minnesota study from 2013, reported by AAA.com, claim the practice can lessen traffic jams by as much as 40%. According to the Missouri Department of Transportation, congestion can see a reduction of up to 50%. Zipper merging isn’t the only way speed is used to manage traffic flow, as other methods such as a minimum speed limit sign helps reduce congestion by narrowing the disparity in speeds between motorists.
The concept isn’t new and has been in place for years in some European countries. Belgium made it a law back in 2014, and Germany included it among its motorist regulations in 2001. Some Canadian provinces have also been campaigning for its use, with examples like British Columbia, putting up signs encouraging the practice.
Why zipper merging has struggled to gain traction among U.S. drivers
The zipper merge tends to go against certain unwritten rules many drivers have followed for years. Kevin Gutknecht of the Minnesota DOT summed up the problem in an interview with NewsChannel5.com, “From kindergarten on we’re told we need to stand in line and stay in place in line.” A motorist who successfully merges at the first opportunity, can feel slighted when another driver continues past them in the closing lane, because it can be interpreted as cutting ahead in line.
The zipper method can create frustration from both early mergers and those who follow it correctly. A motorist following the zipper method can become increasingly upset that others aren’t willing to allow them to merge, trapping them in place. Situations like these can cause tempers to boil over, especially when motorists become more aggressive trying to force a merge. Surprisingly, Louisiana has the most road rage in America, according to Consumer Affairs.
Some states have taken a step back on the zipper merge idea, like Tennessee. According to a Tennessee Department of Transportation statement published on Fox17.com, “It requires a significant amount of not only public education, but also public compliance. According to our traffic division, some states have had issues with getting the public to comply with the “take turns” direction.” Some law enforcement officials in Arizona have expressed their opinion that the zipper method would work well in an idyllic society, but reality is different.
Looking for the most recent Mini Crossword answer? Click here for today’s Mini Crossword hints, as well as our daily answers and hints for The New York Times Wordle, Strands, Connections and Connections: Sports Edition puzzles.
Need some help with today’s Mini Crossword? The first two across clues are perfect for summer vacations. Read on for all the answers. And if you could use some hints and guidance for daily solving, check out our Mini Crossword tips.
If you’re looking for today’s Wordle, Connections, Connections: Sports Edition and Strands answers, you can visit CNET’s NYT puzzle hints page.
Read more: Tips and Tricks for Solving The New York Times Mini Crossword
Let’s get to those Mini Crossword clues and answers.
The completed NYT Mini Crossword puzzle for June 28, 2026.
Mini across clues and answers
1A clue: Sound of relaxation
Answer: AHH
4A clue: Summer vacation destination
Answer: BEACH
7A clue: “In some bad news …”
Answer: SADLY
8A clue: Extend, as a contract
Answer: REUP
9A clue: Flying squirrel’s landing point
Answer: TREE
Mini down clues and answers
1D clue: Muscles exercised by crunches
Answer: ABS
2D clue: What the Tin Man wants from the Wizard of Oz
Answer: HEART
3D clue: Bill of HBO’s “Barry”
Answer: HADER
5D clue: You’re reading one
Answer: CLUE
6D clue: Super-excited, in slang
Answer: HYPE
Birdhouses can be a great way to help out nesting birds in your area, but they can be a bit intensive to make. As part of a 500 birdhouse marathon, [Of Human and Nature] decided to test whether a metal roof would be safe or turn the birdhouse into an oven.
Most DIY birdhouses are made of wood to encourage cavity nesting species that would naturally find a hole in a tree to use the house. Unfortunately, an unprotected chunk of wood will deteriorate much faster than a whole tree full of holes might. A metal roof reduces the exposure to the elements, but does it make the box too hot?
[Of Human and Nature] heeded concerns from commenters and actually tested his hypothesis with a simple set of thermocouples, a heat lamp, and an assembled birdhouse. While the metal roof was held at 70˚C for four hours, the inside of the house stayed in the mid 20˚C range thanks to the separation between the roof and the actual box which allows air to flow between the two.
Maybe a metal roof could help you house your homing pigeons as well? If you want to spread the mesh with your birdhouse instead, how about a solar panel roof with a LoRa node?
IBM spent a decade “building, testing and improving” quantum computing, reports the Wall Street Journal.
“This year, the company is laying the groundwork to turn that technology into a fully-fledged, scalable business from an expensive science project.”
IBM said last month it plans to form a new independent subsidiary called Anderon, a foundry to produce the silicon wafers needed to make quantum-computing processors. The venture is seeded by a $1 billion investment from the Trump administration and another $1 billion of IBM’s own cash.
Anderon will give the company a new line of business in selling wafers to other quantum-computing companies. It will also provide a steady stream of wafers to continue developing its own quantum technology, positioning IBM to capture part of what the Boston Consulting Group projects will be a $90 billion to $170 billion market for quantum-computing providers by 2040…
The company also plans to spend an additional $9 billion over five years to advance the final stages of its quest to build a quantum-mechanics-powered computer capable and reliable enough for widespread use, a goal known as fault tolerance. That computer, named Starling, is being targeted for 2029. With Anderon, IBM is thinking beyond Starling, or even a more powerful quantum computer planned for 2033.
Looking for the most recent regular Connections answers? Click here for today’s Connections hints, as well as our daily answers and hints for The New York Times Mini Crossword, Wordle and Strands puzzles.
The World Cup is swinging into the knockout round, and today’s Connections: Sports Edition includes a World Cup category. If you’re struggling with the puzzle but still want to solve it, read on for hints and the answers.
Connections: Sports Edition is published by The Athletic, the subscription-based sports journalism site owned by The Times. It doesn’t appear in the NYT Games app, but it does in The Athletic’s own app. Or you can play it for free online.
Read more: NYT Connections: Sports Edition Puzzle Comes Out of Beta
Hints for today’s Connections: Sports Edition groups
Here are four hints for the groupings in today’s Connections: Sports Edition puzzle, ranked from the easiest yellow group to the tough (and sometimes bizarre) purple group.
Yellow group hint: Very cool!
Green group hint: Hoops data.
Blue group hint: Allez les Bleus!
Purple group hint: Where the dunking happens.
Answers for today’s Connections: Sports Edition groups
Yellow group: Style.
Green group: Basketball stats, abbreviated.
Blue group: Members of France’s World Cup squad.
Purple group: NBA arenas.
Read more: Wordle Cheat Sheet: Here Are the Most Popular Letters Used in English Words
What are today’s Connections: Sports Edition answers?
The completed NYT Connections: Sports Edition puzzle for June 28, 2026.
The yellow words in today’s Connections
The theme is style. The four answers are flair, panache, pizzazz and swagger.
The green words in today’s Connections
The theme is basketball stats, abbreviated. The four answers are FG, FT, PF and TO.
The blue words in today’s Connections
The theme is members of France’s World Cup squad. The four answers are Barcola, Gusto, Mbappé and Olise.
The purple words in today’s Connections
The theme is NBA arenas. The four answers are Barclays, Kia, Moda and TD.
If you want a capable tablet, but an iPad isn’t for you (or your wallet) take a look at this,
The Xiaomi Pad 8 Pro is available for £324, down from £381.65 with £57.65 off for Prime Day.
The Xiaomi Pad 11.2‑inch has a genuinely strong saving right now, but with Prime Day ending today, it’s your last chance to snap it up
The Xiaomi Pad 11.2‑inch is sitting at a great price, though with Prime Day ending today, you’ll need to move quickly.
The Snapdragon 8 Elite chip underneath is the same silicon powering flagship smartphones in 2025, and on a tablet, it translates into multitasking, gaming, and document work that never asks you to wait for the hardware to catch up.
That performance lands on a 3.2K display running at up to 144Hz with Dolby Vision support, 12-bit colour depth, and 345 PPI, so whether you’re editing a presentation or watching something on a long journey, the screen is doing full justice to whatever’s on it.
The 11.2-inch size sits in a body just 5.75mm thick and weighing 485 grams, which means the Xiaomi Pad 8 Pro fits into a bag without thinking about it and stays comfortable through sessions that would make a heavier tablet feel like work.
Battery life is rated at up to 18 hours of continuous video streaming from the 9200mAh cell, and 67W HyperCharge brings it back quickly when you do run it down, so the charging cable rarely needs to be a fixture on your desk.
The quad speaker setup with Dolby Atmos support means audio holds up without headphones, which matters more on an 11-inch screen than it ever does on a phone, and HyperOS 3 ties the software experience together with system-wide AI features across apps.
Not sure whether a tablet or a phone upgrade makes more sense right now? Our best smartphones 2026 guide and best Android phones 2026 roundup lay out the strongest options across both, so you can make the call with the full picture in front of you.
The Xiaomi Pad 8 Pro is a top 11-inch contender for those who would like a Samsung Galaxy Tab S11 or iPad Pro, but can’t stomach their price tags. It costs less, while providing similar real-world results. Its screen isn’t class-leading, with lesser contrast than the best, but it only stands out because the bar is so very high in 2026.
-
Powerful processor
-
(Optional) Neat hinged keyboard case
-
Long battery life
-
Stylus and keyboard are pricey
-
Non-OLED screen with just OK colour depth
-
Heat regulation can cause app closures
SQUIRREL_PLAYLIST_10148964
YouTube streaming typically involves a camera with an HDMI output, a USB3 HDMI digitiser, and a suitably beefy PC to run it all. It’s quite a process, and for [Coreymillia], more complex than it needs to be. He’s come up with something simpler, a dedicated self-contained streaming rig using a Raspberry Pi 4.
As you might expect it uses the Raspberry Pi HQ camera at the optical end, but it’s the software surrounding it that transforms it from a mere camera into a streaming rig. There’s a web based user interface, but perhaps more interesting are the companion dashboard peripherals. A Raspberry Pi or an ESP32 Cheap Yellow Display can both serve as a small in-view dashboard and controller.
We know from experience that a stream can be a difficult thing to get right even with high-end hardware, and we’re interested to see this standalone device allowing , we hope, an easier way to do it. If you’re a streamer we’re guessing you’ll be taking a closer look. Even so, this is surprisingly, not the simplest Raspberry Pi based streaming device we’ve seen.
Tech
OpenAI's GPT-5.6 gets staggered release after Trump administration cites national security concerns
Sol, the flagship model in the GPT-5.6 lineup, is built with a robust safety stack with guardrails against higher-risk activities, sensitive cyber requests, and repeated misuse. Terra is designed for balanced reasoning and agentic workloads, with OpenAI claiming that it offers similar performance to GPT-5.5 while being 2x cheaper. Luna…
Read Entire Article
Source link
Apple has petitioned the Trump administration to allow it to buy Mac RAM chips from a blacklisted Chinese supplier, to ease the price pressure caused by the global memory crisis.
The tech industry is continuing to struggle with keeping the cost of manufacturing low due to the ongoing demand for memory chips. While Apple is also affected and now passing down the costs to consumers, it’s still trying to find ways around the problem.
According to six people speaking to the Financial Times, Apple has reached out to the Trump administration. It wants permission to buy memory chips from the Chinese memory supplier CXMT.
The problem is that CXMT is a memory chip maker that is on the Chinese Military Company Blacklist, or 1260H list. It is a list of firms that the Pentagon believes have links to the People’s Liberation Army, and therefore could undermine the national security of the U.S.
Apple has reportedly reached out to the Commerce Department over a month ago, as well as the administration and others in Washington to try and get the green light.
The naughty list
The existence of CXMT on the Chinese Military Company Blacklist doesn’t stop Apple from buying chips from it. However, the existence on the list has repercussions that would affect Apple.
The Defense Department is not able to make agreements with companies on the list, nor use any products and services from third parties that use their components. That would mean Apple would suddenly lose sales from that arm of the U.S. government.
That’s not the only problem that Apple faces, because it’s not the only list to be concerned about. In 2025, the Department of Commerce indicated that CXMT was one of a number of Chinese companies it wanted to put on to the “Entity List.”
At the time, the White House told the Commerce Department to hold off from adding them to the Entity List, which would’ve blocked all trade with the company completely. The administration was negotiating with China at the time to try to end the trade war.
CXMT is not on the Entity List, but that can still change. While Apple can get permission to buy from CXMT, there’s no guarantee that it could later be added to the Entity List, disrupting supplies once again.
For the moment, Apple would have to deal with a reputational risk of being associated with CXMT, but it can always get worse.
Lawmaker worries
Aside from getting permission to get the chips, Apple will also have to deal with a backlash from other U.S. lawmakers.
To the Republican chair of the House China Committee, John Moolenaar, it would be a “grave mistake” for Apple to make a deal. Doing so would help China succeed in dominating critical supply chains, making the U.S. tech industry more dependent on China.
Apple previously felt pressure in 2022 when it thought about sourcing memory chips from YMTC, specifically for iPhones to be sold in China. Marco Rubio, the top Republican on the Senate Intelligence Committee at the time, said Apple was “playing with fire.”
Rubio added that Apple would face extreme scrutiny from the U.S. government, even though they were for memory chips to be sold in iPhones elsewhere.
Apple does have a duty to its customers and a fiscal responsibility to its shareholders to make sales without wasting funds. Securing another memory supplier is a natural thing for it to do in this case, especially when the world is jointly facing the same memory pressures.
The obstacle here isn’t one of price, but in keeping the United States government on-side. Under the current political climate, that’s going to be a very tough sell, even with current CEO Tim Cook‘s years of relationship groundwork.
It may well be a political price that’s just too high. Something that consumers will pay for either way.
America generated 10.06% more energy with renewables in the first four months of 2026 than it did in the same period the year before. That’s according to new figures from America’s Energy Information Administration, cited in this report from Electrek:
The growth was led by utility-scale solar (+21.3%), hydropower (+15.7%), small-scale solar
In April alone, wind and solar each produced more electricity than US coal plants, while the combination of solar and wind produced 57.0% more electricity than nuclear power.
The mix of all renewables, including biomass and geothermal, accounted for 30.0% of total US electrical generation during the first third of 2026 — up from 27.8% a year earlier… EIA reported that, in April, utility-scale solar capacity surpassed wind capacity for the first time (160,208.1 MW vs. 160,100.6 MW). Further, utility-scale battery energy storage capacity increased by 17,703.5 MW, or 58.1%. Nuclear added just 18.4 MW.
The combined capacity growth of all utility-scale renewable energy sources for the 12-month period (55,980.3 MW) is two-thirds more (i.e., 67.6%) than that added during the previous 12 months (33,392.0 MW).
“EIA projects no new nuclear generating capacity and a net decline of 5,200.5 MW in fossil fuel capacity.”
Sports2 minutes ago
Mac Jones in Purple, Kyler Murray, Jake Golday
Tech3 minutes ago
What Is The Zipper Merge ‘Law’ And Why Do Most Drivers Do It Wrong?
NewsBeat5 minutes ago
England’s next opponents change overnight as World Cup fixtures take dramatic turn
Business2 weeks ago
No Jackpot Winner as $257 Million Prize Rolls Over to $269 Million Monday Draw
Entertainment1 week ago
Renter of Home in Anne Heche Crash Denies Settlement With Son
Crypto World1 month ago
Blockchain.com files with SEC for U.S. IPO
News Videos19 minutes ago
lisa – money (slowed + reverb)
News Videos40 minutes ago
This Just Happened Again And Bitcoin Investors Are Not Ready For It This Is Now Officially OVER
News Videos60 minutes ago
U HAD NO IDEA ABT YOUR SPIRITUAL/FINANCIAL INHERITANCE BUT ITS TIME U KNO THE TRUTH! ITS COMING TO U
-
Sports4 days agoTwo goals and an assist by sheer aura: Cristiano Ronaldo just entered the World Cup chat
-
Tech6 days agoMicrosoft accidentally kills epic Outlook email threads
-
Fashion2 days agoWeekend Open Thread: Staud – Corporette.com
-
Politics2 days agoThe House | Manchesterism won’t survive the painful trade-offs unless it gets citizens on board
-
Politics2 days agoPotential 2028er World Cup attendee leaderboard
-
Business2 days agoAsia stock markets slide as tech shares slump
-
Tech2 days agoA Look At A Gaggle Of Transputer Boards
-
Crypto World4 days ago
Bitcoin (BTC) Dips Below $62K, Ethereum (ETH) Plunges 6% Daily: Market Watch
-
Crypto World4 days agoSecuritize Wraps Roubini's SEC-Registered ETF as Dubai VARA Digital Security
-
Crypto World3 days agoDell (DELL) Shares Tumble Over 5% Following Analyst Downgrade to Hold
-
Business4 days ago
Entergy settles forward sale agreements, raises $672 million in cash proceeds
-
Crypto World1 day agoKraken's xStocks Opens Bending Spoons IPO Registration to EEA Retail
-
Sports1 day agoFIH Pro League: India defeat Pakistan 7-1, register biggest win of campaign | Other Sports News
-
Crypto World2 days agoRTX holders must register wallets before token distribution begins
-
Crypto World2 days agoHyperliquid Named on Singapore MAS Investor Alert Register
-
Sports3 days agoIndia vs Bangladesh LIVE Score, Women’s T20 World Cup: Bangladesh Opt To Bat; India Enter ‘Do-Or-Die’ Stage As Semi-Final Race Heats Up
-
Crypto World2 days ago
The DATA Foundation Launches to Tackle AI’s Multi-Billion Dollar Training Data Bottleneck
-
Tech7 days agoSignal’s Meredith Whittaker says AI chatbots ‘are not your friends’ and calls Copilot agents a backdoor
-
Crypto World3 days agoStrategy (MSTR) has a 10-month cash runway for dividends, but retail investors are losing faith
-
Crypto World2 days agoAAVE price tests 9-month trendline after 17% rebound as breakout hopes build
You must be logged in to post a comment Login