The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack.

The payload can intercept cryptocurrency wallet addresses entered on websites and replace them with attacker-controlled addresses to divert funds to the threat actor.

Since the AppsFlyer SDK is used by thousands of applications for marketing analytics (user engagement and retention), the impact extends to a significant number of end users.

According to AppsFlyer, its SDK platform is used by 15,000 businesses worldwide for over 100,000 mobile and web applications. It is one of the leading “mobile measurement partner” (MMP) SDKs used to track marketing campaign attribution and in-app events.

The suspected compromise was discovered by Profero researchers, who “confirmed the presence of obfuscated attacker-controlled JavaScript being delivered to users visiting websites and applications that loaded the AppsFlyer SDK.”

AppsFlyer has not confirmed any incidents beyond a domain availability issue published on its status page on March 10, 2026.

On March 9, Profero discovered a malicious payload served by the SDK from its official domain, at ‘websdk.appsflyer.com,’ which was also reported by multiple users.

“While the full scope, duration, and root cause of the incident remain unverified, the activity highlights how threat actors can abuse trust in widely deployed third-party SDKs to impact downstream websites, applications, and end users,” Profero explains.

The injected JavaScript was designed to preserve normal SDK functionality, but in the background, it loads and decodes obfuscated strings at runtime and hooks into browser network requests.

The malware monitors pages for cryptocurrency wallet input activity. When it detects a wallet address, it replaces it with the attacker’s wallet while exfiltrating the original wallet address and associated metadata.

The targeted addresses include Bitcoin, Ethereum, Solana, Ripple, and TRON, covering a large swath of mainstream cryptocurrency transactions.

The researchers suggest that the exposure window is likely between March 9, 22:45 UTC, and March 11. It is unclear if the compromise impacted SDK users beyond that point.

BleepingComputer has contacted AppsFlyer with questions on Profero’s findings, and a spokesperson confirmed via a statement that unauthorized code was delivered through the AppsFlyer SDK: 

“AppsFlyer detected and contained a domain registrar incident on March 10 that temporarily exposed the AppsFlyer Web SDK running on a segment of customer websites to unauthorized code.

“The mobile SDK was not affected, and our investigation to date has not identified evidence that customer data on AppsFlyer systems was accessed. We take this incident very seriously and have been actively communicating with customers,” AppsFlyer told BleepingComputer.

The vendor said that the issue has been resolved and that AppsFlyer customers received direct communication and updates about the incident.”

The company said that the investigation is ongoing and it is working with external forensic experts. More information will be shared after completing the investigation.

Given the uncertainty about exactly what happened and the scope of the incident, organizations deploying the SDK should review telemetry logs for suspicious API requests from websdk.appsflyer.com, downgrade to known-good versions of the SDK, and investigate potential compromise.

AppsFlyer was implicated in a cybersecurity incident again earlier this year, when the notorious threat group ShinyHunters claimed that it leveraged the SDK to achieve a supply chain breach at Match Group, stealing over 10 million records of Hinge, Match.com, and OkCupid users.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Download The Report

Peacock is adding several AI-powered features to its mobile app, including vertical NBA broadcasts, a personalized Bravo video hub, and an in-app Jeopardy trivia game designed to keep viewers engaged beyond traditional streaming.

The new AI features are designed to make the app more interactive and turn the Peacock app into a mobile entertainment hub for fans. Instead of scrolling through titles, you will soon be able to watch sports highlights, explore personalized video feeds, and even play games tied to popular NBCUniversal franchises.

Vertical NBA video is coming to Peacock

Peacock is introducing live NBA broadcasts formatted vertically for mobile viewing. The feature uses AI-powered cropping technology that tracks the action and adjusts the frame so you can watch games comfortably without turning your phone sideways.

These vertical streams will debut in beta during NBA games this spring. They will appear inside Peacock’s Courtside Live feature, which already lets you switch between different camera angles while watching a game.

Peacock is also expanding short-form video across the app. One of the biggest new experiences is called Your Bravoverse, an AI-driven vertical feed guided by a digital avatar of Bravo host Andy Cohen.

The feature pulls clips from more than 5,000 hours of Bravo programming and stitches them into personalized playlists. Cohen’s AI avatar introduces scenes, connects storylines, and helps viewers discover new shows from the Bravo catalog.

A Jeopardy game is also joining the Peacock app

Peacock is also expanding into mobile gaming. One of the most recognizable additions is a Jeopardy mini game launching this spring.

The game features daily trivia rounds written by the Jeopardy team. You can answer questions, track streaks, and share your results with friends, all inside the Peacock mobile app.

By mixing vertical video, AI recommendations, and games, Peacock hopes to keep viewers interacting with the app long after the credits roll.

Streaming platforms are increasingly turning to vertical video feeds and AI-driven recommendations to keep users engaged on mobile. Disney recently introduced its short-video format called Verts and Netflix already offers a TikTok-style discovery feed.

YouTube’s dominance shows why this strategy matters. The video platform generated $40.4 billion in advertising revenue last year, surpassing the combined 37.8 billion earned by major Hollywood studios, including NBCUniversal.

You’re responsible for your own Spotify algorithm now. On stage at SXSW, Spotify’s co-CEO, Gustav Söderström, announced the Taste Profile feature, which allows users to personally customize exactly what they want to listen to, whether it’s music, audiobooks or podcasts. This AI-powered feature is still in beta, and it will be available to Premium users in New Zealand in the coming weeks.

From its short video demo, Spotify’s Taste Profile feature will show you a summary of your listening habits and offer a “Tell us more” prompt at the bottom. With the new prompt, users can inform the AI what they want to see more of or if they want to get rid of a genre that keeps popping up in their algorithm. Spotify said that the Taste Profile will take into consideration more ambiguous prompts, too, like if you’re training for a marathon and want upbeat music or want to listen to news podcasts during your commute to work. Spotify added that Taste Profile is an optional feature, and unwilling users can “leave it and enjoy Spotify as usual.”

With Taste Profile, Spotify is continuing its momentum of offering AI features, like the Prompted Playlist feature that was made available last month. Unlike the existing AI Playlist feature, Prompted Playlist lets you put in specific requests to generate a playlist, like only including songs from a specific TV show. Like Taste Profile, the Prompted Playlist feature saw beta testing in New Zealand first, before expanding to US and Canadian users a month later.

The research shows that younger cohorts often find the path towards greater workplace benefits inaccessible in comparison to their older peers.

Global talent services firm Morgan McKinley has today launched the Ireland 2026 Benefits Guide, which is a comprehensive national study of the way in which benefits are offered by employers, as well as how they are experienced and valued by employees across Ireland’s labour market. 

To compile the data, Morgan McKinley gathered 1,222 employee and employer responses across more than 32 sectors, from organisations dispersed all across Ireland.  What was discovered is that while benefits are often an expectation and technically available, there are issues of accessibility, raising questions about visibility, trust and awareness. 

Mutually beneficial?

Younger cohorts in particular were found to have significantly less access to pension or health schemes, despite 90pc of participating employee respondents reporting being enrolled in an employer-sponsored pension plan. The report said, “This points to a benefits model that remains strongest for established employees, rather than consistently supporting talent from the earliest stages of employment.”

Nearly 62pc of Baby Boomer generation employees said that they have access to a pension plan, as did 77pc of Gen X and 72pc of millennials, compared to just 54pc of Gen Z. 

The report said: “While this pattern may partially reflect variances in tenure and contractual stability, for example temporary versus permanent roles, it is likely also influenced by eligibility criteria or employer matching structures that defer enrolment for junior or early-career employees. 

“In  certain organisations, minimum service requirements or mandated contribution thresholds can act as a barrier, preventing younger employees from fully utilising pension benefits during their early career stages.”

The opportunity for hybrid work was also shown to be unequally distributed among employees, with those in the Gen X (63pc) and millennial (62pc) categories reporting higher availability than their younger Gen Z (44pc) and older Baby Boomer (29pc) peers. 

“This difference suggests that access to hybrid working may vary by role or level within organisations, with younger employees less likely to report receiving these benefits. The findings indicate that, even where hybrid working is available at an organisational level, it may not be experienced equally across all employee groups,” the report said. 

Bonus and incentive schemes also highlighted the disparity in the access to benefits between certain age demographics. For those in the middle of their careers – Gen X (63pc) and millennials (64pc) – the report indicated that there is better access to bonus and incentive schemes.  

But to the detriment of the Baby Boomer (48pc) and Gen Z (42pc) employees, the research indicated that there is a concentration of performance-related pay within mid-career roles, where professionals are more likely to hold positions directly linked to business outcomes.

Interestingly, benefits considered to be specialised, such as menopause leave, menstruation leave, childcare benefits, rental support and unlimited paid time off, were shown to have a limited uptake across all generations, suggesting minimal exposure.

The report said, overall, that generational analysis suggests that patterns of employees receiving benefits are closely linked to career stage and the way eligibility is applied within organisations. 

“Although core benefits are widely reported across the workforce, variation in access among younger and more junior employees points to the need for employers to review eligibility rules and how benefits are communicated, so that entitlements are easier to understand and more consistently experienced across a multi-generational workforce.”

Long-term impact

More than two-thirds of participating employees (68pc) stated that the benefits provided by their employer, as part of the compensation for their work, play a significant role in their loyalty, compared to the 32pc who reported that benefits do not influence this aspect of their career. 

This, according to Morgan McKinley, indicates that, for the majority of employees, benefits form a meaningful part of the overall employment proposition and can influence decisions to remain with an organisation for the long-term. 

But the report also suggested that it isn’t enough to just have benefits available. It is critical that they be relevant to the workforce in question, with “a notable minority expressing dissatisfaction”.

“More than one in four employees (26.8pc) report being either somewhat dissatisfied (17pc) or very dissatisfied (10pc) with their benefits. Given the strong stated link between benefits and loyalty, this dissatisfied cohort represents a potential retention risk, particularly in competitive labour markets where benefits are increasingly used as a differentiator.”

Commenting on the findings of the report, Trayc Keevans, global FDI director at Morgan McKinley, said: “This report shows that the Irish benefits market is no longer defined by how many benefits an employer can list. It is defined by whether those benefits are accessible, understood and aligned with what employees actually value.

“What stands out most is the contradiction. The benefits employees value most for long-term security, particularly pensions and health insurance, are not always reaching people early enough in their careers. In a market shaped by an ageing population and by lifetime community rating in health insurance, that is a strategic issue for employers, not just a design detail.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Meta is considering major layoffs that could affect 20% or more of the company’s workforce, according to Reuters.

These layoffs could help the Facebook parent company offset its aggressive spending on AI infrastructure, as well as AI-related acquisitions and hiring. Meta employed nearly 79,000 people as of December 31, according to a recent filing.

“This is speculative reporting about theoretical approaches,” a Meta spokesperson said in a statement.

The report comes as many tech companies — most recently Block — have announced sweeping layoffs that they say are necessary as AI automates more work. But some pundits, and even executives like OpenAI’s Sam Altman, have suggested that many of these cuts are “AI-washing,” where executives use AI as cover for other issues, such as over-hiring during the pandemic.

The last time Meta announced layoffs of this scale was in November 2022, when it cut 11,000 jobs, followed by another 10,000 in March 2023.

Colin Furze, a self-taught engineer, has a flair for coming up with new ways to use magnets. One comment from a viewer spurred an idea, and he set to work transforming a regular skateboard into something that appears to be just hovering above the ground. He’d already built a bike with magnetic suspension, but he wanted to apply the concept to four wheels, giving the ride a gentle, floating feel without needing standard springs or shocks.

Furze began the project with a standard skateboard, removing the trucks and creating a custom base plate out of aluminum using his trusty plasma cutter. He then used a 3D printer to create customized holders for the magnets at the bottom end. Large disc magnets, roughly 100mm across and 30mm deep, were placed in pairs to push against each other.

Sale

Maxshot Electric Scooter, 8.5″ /10″ /14″ Tire, 16/19/22 Mph Top Speed, 12/16/21/27/28/49/50 Miles Long…

• 【Dual Suspension and Solid Tire】The 10”honeycomb tires, along with the shock absorbing system, make this electric scooter adults for a smooth…
• 【LED Display & Smart Control &Lockable】You can check your speed, modes and battery level on the LED digital display. check and control the…
• 【Powerful Motor & Long Range】The electric scooter for adults with a 500W brushless hub motor allows for speed up to 22mph. High-capacity…

The upper deck received identical holders, and when the two were combined, the repelling forces lifted the riders platform away from the foundation. The problem was getting everything to stay in one piece while still allowing steering. Furze tried several ways. At first, he just used pins to connect the two halves of the board, but this was not very smooth. Then he tried utilizing square guide tubes with bearings inside to reduce friction. Even attempted attaching a hinge on one end and running tensioned cables between the layers.

It took a lot of trial and error; the boards first flexed under weight, so he had to double the base material. He also had to tweak the guides to get them to work properly, as turning requires precise alignment. After a couple complete rebuilds, he was able to resolve the issue, as the connections allowed the top to bounce vertically while passing the twist forces through to appropriately guide the trucks.

Riding it seems very different, as if you’re gliding around on an invisible cushion. Road bumps rarely reach your feet. Furze went so far as to glue a glass of water to both the magnetic and conventional boards before rolling them over some rough concrete. The magnetic version kept the water quiet, but the standard board sloshed all over the place.

Steering still works by shifting your body around, so it’s not too different from a typical ride on flat ground. The one drawback is that the entire contraption feels lighter than it is, which makes climbing hills difficult, and stopping requires some preparation because there are no brakes.

Meta is pulling the plug on one of Instagram’s most secure messaging feature, and the company has a good reason for you to accept it. End-to-end encryption (E2EE) in DMs is going away from the popular photos and videos sharing platform after May 8, 2026, i.e., in less than two months. 

For those catching up, E2EE is a feature that encrypts messages so that only the sender and the receiver can see them. No platform, no advertiser, and no government agency gets to peek inside; just the two people messaging each other.

The feature everybody needed, but nobody used?

The feature is widely considered as the most secure form of digital communication that is available to the general public. However, here’s the catch. Critics have long argued that E2EE creates a digital blind spot which isn’t accessible by the tech firms or the police, even when they’re the front for crimes.

A Meta spokesperson said that “very few people were opting in,” for the feature in the first place, which is why the platform has decided to remove it. Further, anyone who wants encrypted chats can switch to WhatsApp. 

To be real, Meta never made E2EE the default standard on Instagram. It was available as an optional feature in some regions. To activate it, users had to tap on the recipient’s name at the top, select Privacy & safety, and tap on Use end-to-end encryption. Clearly, not a lot of users would appreciate going through a three-step process to enable the feature.

Privacy vs. safety: The E2EE pros and cons debate

The debate has been playing out loudly in a New Mexico child safety trial, where internal Meta documents have revealed executives debating the trade-offs between privacy (encryption) and safety. Even Mark Zuckerberg has acknowledged that safety concerns were among the primary reasons encryption took so long to reach Messenger.

While Instagram is removing the feature it already had, TikTok has refused to add E2EE entirely, specifically citing the risk it poses to safety teams and the law enforcement bodies, who wouldn’t be able to access the messages. 

I remember the backlash that WhatsApp had to face back in 2021 when it decided to share users’ conversations with business accounts to advertisers, but what’s happening with TikTok now is a rare event. Critics are actually appreciating the company for not introducing E2EE conversations.