Looking for the most recent Mini Crossword answer? Click here for today’s Mini Crossword hints, as well as our daily answers and hints for The New York Times Wordle, Strands, Connections and Connections: Sports Edition puzzles.

Need some help with today’s Mini Crossword? It wasn’t too tricky today, but read on for all the answers. And if you could use some hints and guidance for daily solving, check out our Mini Crossword tips.

If you’re looking for today’s Wordle, Connections, Connections: Sports Edition and Strands answers, you can visit CNET’s NYT puzzle hints page.

Read more: Tips and Tricks for Solving The New York Times Mini Crossword

Let’s get to those Mini Crossword clues and answers.

Mini across clues and answers

1A clue: Baseball officials
Answer: UMPS

5A clue: Singer/songwriter Kahan with the 2026 #1 album “The Great Divide”
Answer: NOAH

6A clue: Shade of orangeish pink
Answer: CORAL

8A clue: Voice of the smartphone generation?
Answer: SIRI

9A clue: Partner channel of ABC
Answer: ESPN

Mini down clues and answers

1D clue: Someone giving off old guy vibes, in Gen Z slang
Answer: UNC

2D clue: Tallest animal in North America
Answer: MOOSE

3D clue: Setting for “Ratatouille”
Answer: PARIS

4D clue: #, in music
Answer: SHARP

7D clue: ___-Manuel Miranda
Answer: LIN

Not every company can or should build their own frontier AI language model. However, the harness controlling the model is something that most enterprises can and should customize for their specific purposes.

Of course, this is easier said than done. Agent harnesses are still largely tuned through manual, ad hoc debugging — a process that relies heavily on intuition rather than systematic feedback loops, making it difficult to keep pace with rapidly evolving LLMs.

To solve this challenge, researchers at the Shanghai Artificial Intelligence Laboratory have introduced “Self-Harness,” a new paradigm in which an LLM-based agent systematically improves its own operating rules. By examining its own execution traces to apply edits, the system trades manual guesswork for empirical evidence.

Self-improving harnesses can enable development teams to deploy robust custom agents that continually adapt their own execution protocols to overcome model-specific weaknesses.

The challenge of harness engineering

An LLM-based agent’s performance is not determined solely by its underlying base model, but also by its harness: the surrounding system that provides context and enables the model to interact with the environment. A harness includes components like system prompts, tools, memory, verification rules, runtime policies, orchestration logic, and failure-recovery procedures.

This layer is crucial because many common agent failures stem from the harness rather than the model. For example, an agent may report success without checking the model’s response (e.g., running the code to see if it passes the tests), or it might retry a failed action repeatedly. The harness is also responsible for preventing context rot or overload when the agent’s interaction history grows very large. Examples of popular harnesses include SWE-agent, Claude Code, Codex, and OpenHands.

Harness engineering remains a significant challenge, but the bottleneck isn’t necessarily that humans are too slow or incapable.

In fact, Hangfan Zhang, lead author of the Self-Harness paper, told VentureBeat that “in many cases, an experienced engineer with deep domain knowledge can still propose better changes than an LLM can today.”

Instead, the true bottleneck of manual engineering is that it relies heavily on ad hoc debugging rather than a verifiable, empirical feedback loop. “The deeper issue is that the current harness-engineering paradigm often lacks a systematic feedback loop,” Zhang explained. “Many edits are made based on intuition, a few observed failures, or ad hoc debugging.”

With new models being released at a rapid pace, depending on human intuition to manually tune model-specific harnesses becomes increasingly costly and untenable. While some approaches use stronger models to improve the harnesses of weaker target agents, this dependence on external guidance has its own challenges, as these models may be costly, unavailable for frontier models, or mismatched to the target model’s failure modes.

How Self-Harness works

The Self-Harness paradigm enables an LLM-based agent to improve its own harness without relying on human engineers or stronger external models.

This continuous self-evolution is driven by a three-stage iterative loop that turns behavioral evidence into harness updates:

• Weakness mining: Starting from an initial harness, the agent runs a set of tasks, producing execution traces with verifiable outcomes. The agent categorizes failed traces and tries to detect model-specific failure patterns.

• Harness proposal: Based on these failure patterns, the agent uses a “proposer” role to generate a set of diverse yet minimal harness modifications, each tied to a specific failure mechanism to avoid overly general corrections.

• Proposal validation: The system evaluates candidate modifications through regression tests. An edit is promoted only if it improves performance without causing measurable degradation on held-out tasks. If multiple candidate modifications pass the regression tests, they are merged into the next version of the harness, which then serves as the starting point for the next iteration.

To visualize why an enterprise would need this, imagine an automated issue-fixing agent that reads internal documentation, writes patches, and opens pull requests. If the company updates its documentation style, the agent might suddenly fail, pulling the wrong context or writing bad patches.

On the surface, the agent simply looks broken. But Self-Harness turns this ambiguous failure into a solvable problem. “The failure traces expose where the agent is misusing the new documentation format; the proposer can generate a targeted harness edit… and the evaluator can decide whether that edit improves the failing cases without regressing other cases,” Zhang said.

Self-Harness in action

The researchers evaluated Self-Harness on Terminal-Bench-2.0, a benchmark that tests general tool-based execution, including artifact management, command use, verification behavior, and recovery from execution errors. They applied Self-Harness with MiniMax M2.5, Qwen3.5-35B-A3B, and GLM-5.

To isolate the impact of the self-evolving harness, they started with a minimal harness built upon the DeepAgent SDK, containing only the benchmark-facing system prompt, and the default filesystem and shell tools. The model backend, tool set, benchmark environment, and evaluator were kept unchanged while only the harness was allowed to vary.

The quantitative results show that agents improved their performance through automated harness edits. On held-out tasks, performance jumped significantly across the board, ranging from 33 to 60 percent relative improvements for different models.

Importantly, an explicit acceptance rule promotes only those edits that improve performance without introducing unacceptable regressions. What makes Self-Harness powerful for enterprise applications is that it doesn’t simply make the prompt longer or add generic instructions. Instead, it introduces targeted changes that reflect the recurring problems each model encounters during execution.

For example, under the baseline harness, MiniMax M2.5 would get stuck endlessly exploring dataset configurations until the execution environment timed out, failing to produce any deliverables. Through Self-Harness, the system identified this specific flaw and wrote a “loop breaker” into its runtime policy, forcing the agent to stop and redirect its approach after 50 tool calls. It also added a rule to create an initial version of required artifacts as early as possible.

On the other hand, Qwen-3.5 had a habit of hitting a file overwrite error and then blindly retrying the same command repeatedly, eventually deleting necessary files out of confusion before stopping. The self-harness fixed this by introducing a strict command-retry discipline (forbidding exact duplicate commands) and a mechanism that forced the agent to immediately recreate any missing artifacts if a file error occurred.

GLM-5 struggled to preserve environment changes across different commands, and would often waste time on massive downloads or finalize tasks even when sanity checks were failing. Its self-generated harness introduced rules instructing the agent to persist PATH variables across shell sessions, limit external compute, and repair any failed sanity checks before concluding its run.

The hidden costs of automated harnesses

While Self-Harness automates the tedious work of tracking down idiosyncratic model failures, decision-makers must be realistic about the trade-offs. Replacing human engineering with automated trial-and-error requires significant computational overhead.

“Self-Harness replaces part of the human engineering burden with repeated proposal generation, parallel candidate evaluation, and regression testing,” Zhang said. “That can mean more API tokens, more latency during optimization, and more infrastructure for running evaluation tasks.”

Also, this system relies on the accuracy of its evaluation pipeline. During their experiments on Terminal-Bench-2.0, the researchers relied on strict, deterministic verifiers to ensure the agent’s edits were actually helpful. Without this rigorous ground truth, an automated system risks promoting bad updates. “[The] evaluation system is not an optional component; it is what lets us trade human intuition for empirical evidence,” Zhang said.

This reliance on strict verifiers also dictates where Self-Harness should be deployed. “The best deployment targets today are environments where failures can be measured and where trial-and-error is relatively safe,” Zhang said, pointing to coding, internal workflow automation, and DevOps data pipelines as ideal use cases.

Conversely, enterprises should avoid fully automating harnesses in high-stakes or subjective fields. “The clearest red flags are domains where evaluation is subjective, delayed, non-deterministic, or costly to get wrong, such as medical decision-making, safety-critical infrastructure, or legal decisions.”

From prompt tweakers to feedback architects

The introduction of self-improving agents does not mean coding or enterprise workflows will suddenly become human-free. The quality of collaboration between the human engineer and the AI is still paramount and difficult to capture with automated benchmarks. 

Instead, the engineering profession is moving up the abstraction layer. “The role of enterprise engineers will shift from manually patching individual prompts or tool calls toward designing the feedback systems that make agent improvement possible,” Zhang predicted. Moving forward, “the engineer becomes less of a prompt tweaker and more of a feedback architect.”

As foundational models grow more capable, they will naturally absorb many capabilities that currently require manual harness engineering. “But once that happens, the harness will not disappear; its scope will move outward to connect the model to richer external environments,” Zhang said. “Until that boundary moves beyond what humans can evaluate, humans will remain critical providers of feedback.”

The Apple TV streaming service is run by Apple SVP of Services and Health, Eddy Cue, and Cannes Lions has recognized him as the 2026 Entertainment Person of the Year thanks to his work on the platform.

The Cannes Lions International Festival of Creativity is underway from June 22 to June 26. It was previously reported that Apple SVP Eddy Cue would be presented as the 2026 Entertainment Person of the Year, and that has now occurred.

Eddy Cue accepted the award from Cannes Lions CEO Simon Cook and shared a statement on stage. Apple’s press release highlighted some of what Cue had to say.

“We’ve never strived to be the most. We strive to be the best.”

“When we started Apple TV nearly seven years ago, we said, let’s build the place that allows the best storytellers in the world to do their best work.”

Advertisement

“Stories can make you laugh, cry, think and many other emotions. They connect us. Across language, across culture, across everything.”

“That’s what we’re all about at Apple, so stay tuned for more. We’re just getting started.”

Earlier in the event, Eddy Cue talked with Jerry Bruckheimer about his partnership with Apple and the F1 movie. They also discussed an upcoming movie with director Joseph Kosinski.

Apple’s press release doesn’t share any other details. From here, it repeats information like how Apple TV (formerly Apple TV+) launched in 2019, has won many awards, and is consistently recognized as the highest critically rated slate of original programming.

The latest count provided by Apple shows the streaming service has won more than 840 awards and been nominated for them over 3,600 times. There’s also the briefest mention that Cue also oversees Apple Music, which is experiencing all-time highs in listenership and new subscribers.

Security

Package dependencies can create vulnerabilities that are fiendishly hard to find and stamp out

The JavaScript development ecosystem may be a security nightmare, but it’s also ripe for improvement.

One such tool is the CVE Lite CLI, a free open source dependency scanner that helps reduce the risk of software supply chain attacks. It runs locally and provides actionable vulnerability fixes, if any are available.

The tool, endorsed by OWASP, has recently been updated to include override auditing, which has the potential to avert transitive dependency vulnerabilities such as the March 2022 node-ipc package incident.

The Shai-hulud software supply chain attacks that have been vexing security professionals for the past few months underscore how common it has become for threat actors to target the developer ecosystem, including CI/CD, package registries, and developer tooling.

Software developers can reduce their risk by making sure the dependencies in their apps are up to date and free of known vulnerabilities, but that’s more difficult than it should be. It’s generally apparent when a particular library or module relies on a vulnerable dependency. But there isn’t necessarily an available fix or clear remediation path.

Modern JavaScript applications, like many other programming languages, allow developers to incorporate pre-existing solutions to particular problems in the form of packages – modular code that can be imported to implement particular functionality.

These packages commonly depend on other packages, which is why they’re known as dependencies. And these dependencies in turn may also depend on still more packages, referred to as transitive or indirect dependencies.

A common security scenario goes something like this: A developer creates an app using some application framework. The app includes a dependency on “Package A”, which itself relies on “Package B” – the transitive or indirect dependency in this situation.

If the maintainers of “Package B” have deployed a patch addressing a reported CVE, but the maintainers of “Package A” haven’t gotten around to incorporating that change into their code, apps incorporating “Package A” may be vulnerable to attack. 

Among other possible responses, affected developers may choose to create an override to replace the outdated, vulnerable version of “Package B,” a configuration entry that can be removed once “Package A” gets repaired.

But Sonu Kapoor, creator of CVE Lite CLI, explained to The Register that overrides represent a legitimate security tool but have limitations. 

“When a transitive dependency has a CVE and the upstream maintainer hasn’t shipped a fix yet, you pin it via npm overrides, pnpm overrides, or Yarn resolutions,” Kapoor explained in an email. “Once the vulnerability is addressed and CI passes, you move on. The problem is what happens after that.”

Kapoor recently added an override auditing tool to the CLI. When he scanned four popular JavaScript open source projects, he found that three of the four had broken overrides.

“Cal.com has 90 override entries and 11 that are silently doing nothing,” he said. “Jest has an override for its own package name pointing at nothing in the resolved tree. NoCoDB has entries using wildcard patterns that never matched any path in the graph. Next.js was the only clean one with zero findings, which tells me the tool is finding a real pattern, not noise.”

This can be dangerous, he said, when a project migrates between package managers (e.g. npm to pnpm) that looks for overrides in a different location. 

“npm reads from overrides, pnpm from pnpm.overrides, Yarn from resolutions,” he explained. “When a team migrates package managers and forgets to move their security pins, the package manager silently ignores them. No error, no warning, the vulnerable package ships unconstrained.”

Kapoor said that AI coding assistants commonly advise developers to add override entries when asked to fix a transitive dependency vulnerability.

“That advice is correct at the moment,” he said. “None of them ever tell the developer to come back and verify the entry still works.”

CVE Lite CLI, Kapoor said, does not recommend overrides as the way to properly address a vulnerable dependency.

“Overrides look like a security fix in package.json, but routinely outlive their purpose – they can point at packages no longer in the dependency tree, apply to the wrong package manager entirely, or shift to an unintended version on every install,” he said. “The override hygiene feature exists precisely because of this failure mode: teams add an override to address a CVE, move on, and years later, the override does nothing while they still believe they’re protected.” ®

Toy Story 5 only hit theaters three days ago, but ahead of Amazon‘s Prime Day and thanks to Walmart Deals — yes, a very to-the-point name — you can already save on some of the most exciting toys launched alongside the film.

Yes, Toy Story 5 might be all about toys versus tech, but Mattel’s Interactables are some of the most exciting figures around because they can talk to each other. While these are “playscale” rather than movie-scale and a bit less tech-heavy, these versions of Buzz Lightyear, Woody, and Jessie still delight.

Even better, they’re a record 54% off, bringing each figure down to just $10. That’s right: you can get a movie-accurate, play-sized Jessie, Woody, or Buzz Lightyear for only $10 — a deal that’s definitely headed to infinity and beyond.

Each figure can speak on its own, but when you bring them near one another, some clever under-the-hood tech lets them interact, cycling through more than 10 phrases together. If you’ve got a friend in these toys already, now’s a pretty good time to add another one to the collection.

Today’s best Toy Story 5 figure deals

Scoring a Toy Story 5 figure for $10 is a pretty incredible feat, and if you’re a Walmart+ member, you’ll score free, fast shipping as well. Both Woody and Jessie come with their iconic hats, and you’ll notice that Jessie sports a sheriff badge while Woody doesn’t, making these figures accurate to their appearances in Toy Story 5.

Jessie stands 8.8 inches tall, Woody measures 9.2 inches, and Buzz Lightyear comes in at 7 inches tall. The entire Interactables PlayScale line from Mattel is designed around this scale, meaning that if you pick up one of these figures — or all three — and add Forky or Lilypad down the line, they’ll fit right in. Better yet, they’re also designed to work with Mattel’s other PlayScale figures.

Either way, whether you’re shopping for a kid who just saw Toy Story 5 in theaters or looking to upgrade your own collection — because we’re all young at heart, and we won’t judge — Walmart is serving up a practically perfect deal here. It’s a straight-out-of-Star-Command bargain to score a new Mattel figure for a record 54% off, and you can check out our behind-the-scenes tour at Mattel to see how these figures came to life.

Now for some minor spoilers. If you haven’t seen Toy Story 5 yet, consider this your warning.

Friendly reminder: a minor spoiler lies ahead.

Alright, if you’ve scrolled this far, you’ve probably already seen Toy Story 5 and know about the arrival of a new Buzz Lightyear. If you’re anything like me, you’ve likely been waiting to see a toy version of that upgraded Space Ranger.

I’m talking about the new Hi-Tech Buzz Lightyear, which gets an upgrade that finally lets the iconic toy take flight. Mattel is already serving up its own version, set to ship later in 2026 — specifically around August — that’s designed to be safe for both kids and the young at heart.

Yes, Mattel has unveiled the Toy Story 5 Flying RC Hi-Tech Edition Buzz Lightyear, an enhanced version of the iconic character from›› the film. Rather than wings that pop out and somehow generate flight, this version deploys four propellers protected by safety guards, making it much more suitable for younger fans.

Designed for kids ages 8 and up, the Toy Story 5 Flying RC Hi-Tech Edition Buzz Lightyear comes with a controller that makes takeoff and landing easy with the press of a button. It’s also intended for indoor use, and I’m certainly looking forward to going hands-on with it later this year.

If you’re already sold, Walmart is taking preorders for the Toy Story 5 Flying RC Hi-Tech Edition Buzz Lightyear right now at $75.57 with an estimated delivery date of August 20, 2026.

More Prime Day deals in the US

• Amazon Devices: Fire Sticks & Echo from $18
• Amazon Haul: viral gadgets, tech & appliances from $1.99
• Apple: MacBooks, AirPods & AirTags from $29
• Beauty: 50% off toothbrushes & hair tools
• Cheap TVs: smart TVs from $69.99
• Garden: tools, mowers, planters from $24.99
• Headphones: 50% off Beats, Bose & Samsung
• Laptops: Apple, HP & Dell from $199
• Mattresses: Sealy, Serta & more from $186
• Patio: outdoor furniture, rugs & decor from $19.99
• Sports: 50% off fitness gear, treadmills & clothing
• Vacuums: Dyson, Shark & Bissell from $34

Oracle disclosed Monday that it has reduced its workforce by 21,000 employees over the past 12 months, a decline of 13%, which means more cuts than was previously known, including jobs eliminated because of AI. “The adoption and deployment of AI technologies across our operations have resulted, and may continue to result, in reductions to our workforce,” the company said in an annual financial regulatory filing.

The revelation puts new numbers to what feels to many in the tech industry like an epidemic: companies reporting record revenues while simultaneously culling their workforces, pointing to AI as both the engine of growth and the reason for the cuts. Tech layoffs hit their highest single month in years in May, and AI was the most-cited reason, according to outplacement firm Challenger, Gray & Christmas.

We recently wrote about why that rationale is something companies may want to rethink, not least because for many of these companies, the headcount they’re now cutting was hired during the pandemic hiring surge, raising questions about what’s really going on. Below, a running look — in reverse chronological order — at the bigger tech companies that have announced significant layoffs this year with AI as a stated factor.

GitLab — June 3, 2026. In one of the most recent cuts on this list, GitLab laid off roughly 350 workers, about 14% of its staff, to fund AI infrastructure investment and handle surging traffic from AI workflows. CEO Bill Staples said agentic workloads are “pushing competitors to the brink” and that the company had begun a “generational rebuild” of its core infrastructure to support what he called 100x growth requirements. GitLab is exiting 22 countries, flattening management layers, and partnering with an unspecified AI lab to rebuild its platform for agent-scale workloads. The company reported first-quarter revenue of $264 million, up 23% year-over-year, and expects to incur $30 to $35 million in restructuring costs.

Google — ongoing through May. Alphabet’s Google has quietly cut employees across its Cloud division, including its Threat Intelligence Group and Mandiant-linked cybersecurity staff, even as Cloud revenue grew 63% to exceed $20 billion for the first time and its backlog nearly doubled to over $460 billion. Over the past year, Google has cut more than a third of the managers overseeing small teams — 35% fewer managers with fewer direct reports. Unlike most companies on this list, Google has never announced a single overall number — the cuts have come through a rolling performance review process, a voluntary buyout program, and structural reorganizations, with outside estimates putting the 2026 total at between 1,500 and 3,000+ engineers.

Intuit — May 20, 2026. Intuit announced plans to eliminate roughly 3,000 jobs — about 17% of its total workforce — in a restructuring centered on reducing complexity and reallocating resources toward AI. CEO Sasan Goodarzi reportedly told staff the company is reducing complexity and simplifying the structure, so it can deliver better products.

Meta — May 20-21, 2026. Meta laid off about 8,000 employees, roughly 10% of its workforce, while moving about 7,000 employees into new AI-focused roles (that they reportedly hate). Zuckerberg told staff the cuts were necessary because “success isn’t a given” in AI.

Cisco — May 14, 2026. Cisco announced it’s cutting nearly 4,000 jobs, about 5% of its workforce, despite reporting better-than-expected profit and revenue. CFO Mark Patterson said: “This was really not a savings-driven restructure… this is more [about] realigning … resources around silicon, optics, security and AI.”

Cloudflare — May 7-8, 2026. Cloudflare cut about 20% of its workforce (1,100 people), reporting quarterly revenue of $639.8 million, up 34% year-over-year and the highest single quarter in company history. CEO Matthew Prince wrote that “the vast majority of those we laid off last week were measurers” — middle management, finance, legal, internal auditing, and revenue recognition.

General Motors — May 12, 2026. GM eliminated 500 to 600 jobs, largely in IT roles in Austin, Texas, and Warren, Michigan, saying it was reevaluating its workforce needs amid uncertain market conditions. A person familiar with the cuts told CNBC that AI played a role in the decision but that it wasn’t the only reason. GM’s statement said it was “transforming its Information Technology organization to better position the company for the future.” Despite the cuts, the company still had roughly 80 open IT positions, including roles in AI, motorsports, and autonomous vehicles.

Coinbase — May 5, 2026. The crypto exchange said it was cutting about 700 employees, or 14% of its staff, as part of a restructuring aimed at addressing market volatility and increasing AI efficiency. The company flattened its organizational structure to five layers below the CEO and COO, and said it would experiment with “one-person teams” combining engineering, design, and product roles. CEO Brian Armstrong wrote that AI had changed the pace of work dramatically — “engineers use AI to ship in days what used to take a team weeks” — and that the company needed to “leverage AI across every facet of our jobs.”

PayPal — May 5, 2026. PayPal announced plans to cut around 20% of its workforce over the next two to three years — north of 4,500 jobs — as part of a turnaround strategy centered on AI adoption and organizational simplification. CEO Enrique Lores told investors the company would “aggressively adopt AI” in its development processes and formed a new “AI transformation and simplification” team reporting directly to him, tasked with redesigning the company’s processes “function by function.” Lores framed the cuts as removing organizational layers, and said AI would extend well beyond coding into customer service, support operations, and risk management.

Microsoft — April-May 2026. Microsoft offered buyouts structured as voluntary separations, without disclosing how many employees these would impact. CFO Amy Hood said total headcount declined year-over-year in fiscal Q3, and is expected to keep declining as the company focuses on “building high-performing teams that operate with pace and agility” amid rising AI investment.

Snap — April 16, 2026. Snap cut roughly 16% of its global workforce — about 1,000 full-time employees — and closed more than 300 open roles, with CEO Evan Spiegel citing AI advancements as a key driver. “Rapid advancements in artificial intelligence enable our teams to reduce repetitive work, increase velocity, and better support our community, partners, and advertisers,” Spiegel wrote in a memo filed with the SEC. The company said it had already seen small squads using AI tools to drive progress across Snapchat+, ad platform performance, and infrastructure efficiency.

IBM — rolling through 2026. Between Q4 2025 cuts and April 2026 Red Hat engineering reductions, estimates range from 3,000 to 9,000 U.S. positions eliminated, bringing IBM’s cumulative total since September 2024 above 15,000. Bloomberg reported IBM plans to triple its U.S. entry-level hiring for AI and hybrid-cloud roles, even as roughly 200 HR positions were replaced by AI agents. An IBM spokesperson described the Q4 2025 round as a routine rebalancing affecting “a low single-digit percentage” of its global workforce.

Atlassian — March 11, 2026. Atlassian cut about 1,600 jobs (10% of its workforce) to “rebalance” toward AI and enterprise sales, even as shares rose nearly 2% on the news. CEO Mike Cannon-Brookes said: “Our approach is not ‘AI replaces people.’ But it would be disingenuous to pretend AI doesn’t change the mix of skills we need or the number of roles required in certain areas. It does.”

Dell — Jan 30 (though disclosed in March 2026). Dell’s total workforce fell about 10% in fiscal 2026 — roughly 11,000 jobs — to about 97,000 employees from 108,000 a year earlier, with $569 million spent on severance. The cuts came as Dell projected its AI-optimized server revenue could double in fiscal 2027.

Oracle — March 5-31, 2026. As noted above, Oracle began telling employees it would be cutting thousands of jobs via terminal emails. The cuts came even as Oracle posted $3.7 billion in quarterly net income, up 27% year-over-year, with remaining performance obligations up 325% to $553 billion — savings redirected toward AI data centers. The cuts that would later total 21,000 over 12 months, as Oracle disclosed in its June 22 annual filing.

Block — February 26-27, 2026. Jack Dorsey’s Block cut 4,000 jobs — nearly half its workforce, down to under 6,000 from over 10,000. Dorsey wrote on X: “We’re already seeing that the intelligence tools we’re creating and using, paired with smaller and flatter teams, are enabling a new way of working which fundamentally changes what it means to build and run a company.” He added: “I think most companies are late. Within the next year, I believe the majority of companies will reach the same conclusion and make similar structural changes.”

Salesforce — February 10, 2026. Salesforce laid off fewer than 1,000 employees across marketing, product management, data analytics, and its Agentforce AI unit. The company told Fortune, “Because of the benefits and efficiencies of Agentforce, we’ve seen the number of support cases we handle decline and we no longer need to actively backfill support engineer roles.” This followed an earlier cut of about 4,000 customer-support roles, shrinking that team from roughly 9,000 to 5,000, with CEO Marc Benioff saying the company needed “less heads” because AI agents handle the work.

Amazon — January 28, 2026. Amazon cut 16,000 corporate jobs, following 14,000 cuts in October 2025 — about 9% of its corporate workforce in three months. The company said it was part of “strengthen[ing] our organization by reducing layers, increasing ownership, and removing bureaucracy.” CEO Andy Jassy had said in June 2025 that, “As we roll out more generative AI and agents, it should change the way our work is done. We will need fewer people doing some of the jobs that are being done today… in the next few years, we expect that this will reduce our total corporate workforce as we get efficiency gains from using AI extensively across the company.”

An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access.

The threat actor is using file names that indicate business and financial documents delivered by the victim’s contacts, whose accounts had been compromised.

By downloading and executing the malicious attachments, the recipient starts an infection chain that leads to installing the legitimate ManageEngine Endpoint Central, which is used by IT administrators to manage systems from a centralized dashboard.

Telemetry data from cybersecurity company Kaspersky shows that the campaign spreads across Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia.

Attack chain

Kaspersky reports that the attacks begin with messages sent from compromised accounts that contain nothing but a heavily obfuscated VBS file.

These files are given names that make them appear to be financial reports, billing statements, account notices, and similar documents likely to draw the target’s attention and prompt them to open the file.

The filenames are also localized in multiple languages, further confirming the campaign’s global reach.

“Based on evidence collected from multiple victims through social media reports and submitted samples, we can conclude that the threat actor had gained access to several WhatsApp accounts and used them to distribute the malicious VBScript files to contacts on the compromised users’ contact lists,” Kaspersky explains.

“At the time of writing, the exact method used to compromise these WhatsApp accounts remains unknown.”

If the victim downloads and opens the file on Windows, the VBScript fetches two additional scripts from the attacker’s infrastructure, which, in turn, disable UAC protections through Registry modifications and download a ZIP archive containing the ManageEngine Endpoint Central program.

The software is silently installed in the background and configured to connect to attacker-controlled management servers, giving them remote administration access on the victim’s computer.

Kaspersky notes that when the initial VBScript file is delivered via WhatsApp Web, it must be downloaded, but when opened in the WhatsApp Desktop client, it can be executed directly via Windows Script Host (wscript.exe).

While Kaspersky does not attribute the attacks to a specific threat actor, the researchers found signs of Chinese language use and infrastructure overlap with IPs previously associated with ValleyRAT and Gh0st RAT activity.

However, there is insufficient evidence for high-confidence attribution to be possible.

WhatsApp users are advised to treat files sent by contacts, even trusted ones, with caution and to always verify them through secondary means.

All downloaded files should be scanned with an up-to-date antivirus before executing them.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper