Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites.

The flaw is tracked as CVE-2026-4020 and received a medium severity rating. It affects all versions of the plugin from 2.1.4 and older and has been addressed in version 2.1.5, released on March 17.

WordPress security company Defiant is warning that hackers are actively exploiting the vulnerability. The company’s Wordfence firewall has blocked more than 17 million attempts against protected customers.

The issue stems from an exposed REST API endpoint in Gravity SMTP, whose ‘permission_callback’ always returns ‘true,’ allowing unauthenticated GET requests to receive a comprehensive JSON “System Report” generated by the plugin. The exposed information may contain:

• API keys, secrets, and OAuth tokens for configured email integrations
• Credentials for third-party email services, including Amazon SES, Google, Mailjet, Resend, and Zoho
• WordPress configuration details, including installed plugins, themes, and software versions
• Server and PHP environment information
• Database configuration details, including server version and table names

Despite its medium-severity rating, the CVE-2026-4020 vulnerability can be exploited without authentication, and the exposed information can be used to steal email service credentials.

This allows an attacker to impersonate the victim to third parties and also to gain detailed information about the site’s software stack and the potential vulnerabilities present.

“The exposure of live third-party API credentials means an attacker could abuse the site’s connected email services, while the detailed system report significantly lowers the effort required to plan further attacks against the site,” Wordfence researchers warn.

Wordfence says exploitation activity spiked on June 7, with 4 million requests being blocked that day. Similar activity was recorded for several days afterward.

The security firm listed the most prolific source IP addresses for exploit requests, which website administrators should add to their blocklists.

A key indicator of compromise is requests to ‘/wp-json/gravitysmtp/v1/tests/mock-data’ found in web server access logs, particularly those including the ‘?page=gravitysmtp-settings’ query parameter.

Yesterday, the company issued a separate advisory about a critical, unauthenticated, arbitrary file-deletion flaw in the Avada Builder WordPress plugin, used on one million sites.

This vulnerability is identified as CVE-2026-8713 and allows attackers to delete arbitrary files on the server through a path traversal flaw, provided a published Avada form is configured to save submissions to the database.

Deleting critical files, such as wp-config.php, can revert the site to its initial setup state, potentially leading to a full site takeover and remote code execution.

The issue was fixed in version 3.15.4, which is the recommended upgrade target for website administrators. No active exploitation of CVE-2026-8713 has been observed yet, but this is a good candidate, so quick action is advised.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Advertisement

Get the whitepaper

Large language models have moved out of the research lab and into engineers’ daily workflow. LLMs serve as reasoning engines that can orchestrate complex tasks including identifying vulnerabilities in source code and transforming fragmented project discussions into rigorous technical specifications.

While the general public uses AI tools to write email and plan vacations, technical professionals use LLMs as core architectural elements that are fundamentally changing how digital infrastructures are built and maintained. As the AI models move into mainstream engineering practice, the demand for technical expertise is rising.

The LLM technology market is expected to grow by about 33 percent every year through 2030, according to MarketsandMarkets. The rapid expansion suggests that proficiency in implementing and securing the models is transitioning from a niche into a core requirement for technologists.

To use LLMs effectively, technical professionals must move beyond treating them as conversational robots. At a fundamental level, the AI systems are built on the transformer architecture, a framework that replaced the older method of processing data in a fixed, sequential order. Unlike earlier models that analyzed information one step at a time, transformers use self-attention mechanisms to ingest vast datasets simultaneously.

For technical professionals, LLMs are core architectural elements that are fundamentally changing how digital infrastructures are built and maintained.

Relying on such LLMs without understanding their internal logic creates a significant reliability risk. To build tools that work consistently, developers must understand the core principles that govern how the models process information and generate results. By mastering how a model processes information and how its internal settings influence the result, developers can move away from a trial-and-error approach toward a more precise one to ensure the AI tool handles complex data reliably.

Four ways LLMs are changing jobs

Here are areas that integrate large language models.

Moving past basic prompts. Developers are using application program interfaces (APIs) to connect LLMs directly to their databases and software tools. Employing the APIs allows AI to perform work such as executing code or searching through internal repositories.

Fixing the “hallucination” problem. LLMs are at risk of hallucinations, which are generated facts or code that looks correct but actually is wrong or broken. To fix the problem, retrieval-augmented generation (RAG) forces AI to look up information in a trusted source such as a company’s database.

Prioritizing data security. When using AI with proprietary code, security is a major concern. Engineers must learn how to set up “private” instances of the models to ensure that sensitive company data stays within a secure cloud environment and is not used to train public versions.

The future of collaboration. By automating repetitive coding tasks and summarizing thousands of pages of documentation, LLMs let engineers spend more time on high-level designs and solving important issues.

Online course program helps with mastering the tech

The gap between people who use AI and those who understand how to build with it is growing wider. To help technical professionals stay ahead, IEEE offers a five-course online program, Large Language Models Demystified, available through the IEEE Learning Network.

The program, developed by IEEE Educational Activities in partnership with the IEEE Computer Society, is built for people who want to understand the “how” and the “why” behind the technology. Rather than just teaching basic prompting, the curriculum dives into the engineering behind generative AI, including:

• Evolution, impact, and hands-on exercises: the shift from statistical methods to modern transformers, including hands-on model optimization.
• Understanding transformer architectures: the mathematical core of self-attention and positional encoding, implemented in NumPy and Python.
• Architectural analysis and implementation: advanced LLM design with practical model-building exercises.
• Training and modeling with PyTorch: end-to-end pipelines in PyTorch, leveraging parameter-efficient techniques such as low-rank adaptation and quantization.
• Optimization, alignment, and deployment: performance scaling, reinforcement learning from human feedback (RLHF), group-relative policy optimization, RAG, and agentic AI.

Upon completion of the program, participants earn professional development credits and a digital badge from IEEE to verify their expertise.

Enroll in the course program on the IEEE Learning Network.

Organizations looking to prepare their teams to work on LLMs can connect with an IEEE content specialist to discuss group enrollment and tailored training paths.

Researchers at Carnegie Mellon University built a wearable system that captures both the exact movements of a human hand and the precise locations and forces where it presses against objects. The device, called ART-Glove, or Articulated Tactile Glove, tackles a long-standing gap in robot training. Robots have grown skilled at seeing their surroundings through cameras, yet they still struggle when tasks require careful contact, variable grip force, or coordinated finger adjustments during everyday actions like turning a key or unscrewing a cap.

The majority of current models for collecting demo data result in an uncomfortable trade-off. Teleoperation setups provide robot-ready orders but frequently exclude the natural sensation of a hand, leaving you feeling like you’re in a robot. Pure video recordings keep your hand free, but contact information remains a mystery, inferred at best with limited reliability. Soft sensing gloves provide some pressure data, but their exact shape varies with each wearer, making it difficult to translate it onto a robot hand.

ART-Glove avoids these issues by utilizing a hybrid technique. The primary contact zones on your hand are covered by 16 hard surfaces: three on each finger, three on the thumb, and a broader one across the palm. These pieces provide a recognized geometry on the hand side of things, so any recorded touch contains explicit information about where exactly on the hand the contact occurred and at what angle, among other things. The rigid sections are linked together by 22 joints, all of which are aligned with real human hand anatomy, including multi-axis rotations at the thumb base. They’ve also managed to keep the size down while maintaining natural motion by developing three separate joint systems. Some are rather simple, consisting of shafts and sleeves with gears that transfer to encoders on the back of the hand. Others employ direct bearings or curved slots to provide tighter clearances. All of this is tracked by magnetic rotary encoders, which add no additional friction or wear points.

Each hard surface is now covered with a thin piezoresistive layer. Each of these seven flexible circuit modules contains 2048 separate pressure-sensing devices, or taxels, as there is a lot of pressure sensing going on. These sensors monitor real-time force distribution over the hand. On the back of the glove, there’s also a small STM32 microprocessor that reads both the joint encoders and the entire tactile array before synchronizing everything at 120 samples per second. You’ll get a live output stream with 22 degrees of freedom in joint motion, as well as high-resolution pressure maps.

When someone puts on the glove and completes a task, the system records the entire physical story. During a ball rotation exercise, for example, it demonstrates how the contact points vary constantly to keep the force in line with gravity. When someone screws a bottle cap, the pressure patterns begin to move and intensify as the fingers adjust their grip and torque. Pressing a USB drive into a port demonstrates a coordinated multi-finger grab followed by localized pushing force. All of this appears in its own chronology, with a reference to the specific location on the surface where contact occurred.
[Source]

In every CNET TV review, I compare three or more similar TVs side by side in a dedicated, light-controlled test lab. With each review, I employ a rigorous, unbiased evaluation process that has been honed by more than two decades of TV reviews. I test TVs with a combination of scientific measurements and real-world evaluations of TV, movies and gaming content.

To ensure I can evaluate the picture quality of every TV, I connect each one to an AVPro Connect 8×8 4K HDR splitter so each one receives the same signal. I test the TVs using various lighting conditions, playing different media, including 4K HDR movies and console games, across a variety of test categories, from color to video processing to gaming to HDR.

In order to measure each TV, I use specialized equipment to grade them according to light output and color. My hardware includes a Konica Minolta CS-2000 spectroradiometer and a Murideo Six-G 4K HDR signal generator. I use Portrait Displays CalMan Ultimate software to evaluate every TV I review according to its brightness, black levels and color.

Advertisement

I play a variety of games from an Xbox Series X or PlayStation 5, and note the effects of gaming modes and settings as well as the 4K/120Hz and VRR input capabilities. Helpfully, the Xbox includes a 4K/120Hz and HDR compatibility test: Settings>TV and display options>4K TV details. The page will detail the HDR modes it supports (including Dolby Atmos) and whether it will support VRR — if a TV gets ticks in all the boxes it means it has the best compatibility with high-end Xbox games.

Our reviews also account for such things as features, design, smart TV performance, connectivity including HDMI inputs and gaming compatibility.

Measuring input lag (in milliseconds) is an important component of my process for testing gaming TVs.

Check out the page on how CNET tests TVs for more details.

Input lag will often be lower in game mode than in any other mode on your TV. Here are a few more gaming-specific aspects I looked at for each TV.

How to turn on game mode. In most cases, viewing in game mode isn’t automatic, so you’ll have to turn it on manually, and sometimes the gaming monitor setting can be difficult to find. Many use a picture mode called “Game” while some, like Samsung and Vizio, let you apply game mode to any setting. 

Advertisement

Game mode makes a difference, but not at all frequencies. As you can see in the table above, many TVs cut lag substantially when you turn on game mode, but plenty don’t. In general, expensive TVs with elaborate video processing get more of a benefit when you engage game mode. Additionally, and as I noted above, the Boost mode on LG OLEDs only works on 60Hz and not 120Hz.

Most TV game modes are good enough for most gamers. No matter how twitchy you are, it’s going to be tough to tell the difference between 10 and 30 milliseconds of input lag. Many gamers won’t even be able to discern between having game mode on and off — it all depends on the game and your sensitivity to lag.

Turning game mode on can hurt image quality (a little). TV-makers’ menus often refer to reduced picture quality. Reduced picture quality is generally the result of turning off that video processing. In my experience, however, the differences in image quality are really subtle with console gaming, and worth the trade-off if you want to minimize lag for a great gaming experience.

4K HDR gaming lag is different from 1080p. The display resolution you play at has an impact, and since new consoles prominently feature 4K HDR output for games, I started testing for 4K HDR lag in 2018. In general, the numbers are similar to the lag with standard 1080p resolution, but as you can see from the chart above, there are exceptions.

Testing is an inexact science. I use Leo Bodnar lag testers. Here’s how they work, and how I use them. I use two of these Bodnar lag testers — one in 1080p and one in 4K HDR — which use onboard optical sensors to measure and report input lag. When plugged into an HDMI port, the Bodnars make the screen flash in three different places and you place the unit’s onboard optical sensor flush onto the screen at these points. They calculate the lag at each position and you average the three readings to get a score. You might see different lag test results from different review outlets, which may use Bodnar or another method.

VSCO is making a bigger push into professional photography with the launch of Studio Pro, a new editing app designed for photographers handling large volumes of images.

The app arrives alongside a new VSCO One subscription bundle. This subscription will cost $500 per year. As a result, it puts the app in direct competition with Adobe’s creative software ecosystem, which dominates the industry.

Available now on iOS, with a macOS version due later this year, Studio Pro is aimed at photographers who regularly work on projects such as weddings, sports events, portraits and school photography. Rather than focusing on casual edits, the app is built around streamlining larger workflows.

Most of the AI industry is betting that bigger models mean smarter machines. A new startup is betting the opposite.

Aether AI, based in San Diego, has raised a $20mn seed round to chase a different idea entirely. Its founder thinks the next leap will not come from scale. It will come from teaching machines cause and effect.

Correlation versus causation

Today’s big models learn by spotting patterns in huge piles of data. That works well in the lab. But it can wobble in the messy real world, where a statistical shortcut quietly fails.

Aether wants machines to grasp the mechanisms behind events instead. Its “causal world models” are meant to let a system reason about what would happen if it acted, before it acts. The company says this makes AI more reliable and far less data-hungry. The thesis sits squarely in the wider debate over whether AI’s progress is starting to stall.

Why robots first

The first target is physical AI and robotics. The logic is neat. Every move a robot makes is an intervention in the world, so errors show up at once as dropped objects or failed tasks.

That makes robotics a brutal test for causal reasoning. Aether’s long-term goal is a single “causal brain” that could steer many kinds of robots. It is a crowded ambition, with everyone from Google DeepMind’s world models to Jeff Bezos’s $10bn physical-AI lab chasing the same prize.

A serious pedigree

The founder gives the bet credibility. Biwei Huang is an assistant professor at UC San Diego and a known name in causal discovery. She created the open-source tools Causal-Learn and Causal-Copilot, and has published widely at the field’s top venues.

Aether also invokes the founders of modern causality, naming Judea Pearl, Bernhard Schölkopf and others as supporters of its work. The round was led by MPCi, with Inno Angel Fund, SWC Global and Unity Ventures joining.

Why it matters

Causality is one of AI’s oldest unsolved problems, and turning it into a product is hard. So the caveats matter. Aether’s early results are its own, not peer-reviewed, and $20mn is small against the billions pouring into rival labs. Its backers are mostly Asia-based funds, not the usual Silicon Valley names.

Still, the idea lands at a useful moment. Doubts about pure scaling are growing, and robots keep stumbling on tasks that look simple to humans. If causal models really do cut the data needed and improve reliability, they would matter well beyond robotics. That is a big “if”. But it is the kind of bet worth watching.

Facepalm: Microsoft has acknowledged a strange Recycle Bin bug affecting Windows 11 following this month’s Patch Tuesday update. Users have reported several other issues since the June 2026 update rolled out earlier this week, but this is the only bug Microsoft has officially confirmed.

According to Microsoft, users who have installed the KB5095051 update might encounter a strange Recycle Bin bug that replaces the names of deleted files with internal Recycle Bin filenames in specific situations. When permanently deleting a single file from the Recycle Bin, the confirmation dialog displays a cryptic internal filename, such as $Rxxxxx.ext, instead of the original filename, such as realfilename.txt.

However, the bug only affects the confirmation dialog, as the Recycle Bin window continues to display the original filename. Restoring the item also reportedly returns it to its original location with the correct filename. Despite the incorrect filename shown in the confirmation dialog, the file is still deleted as expected once the action is confirmed, meaning the bug does not cause any significant usability issues.

Microsoft says a workaround is available for affected devices, but only commercial users can deploy it for now. To obtain additional details on how to mitigate the issue, system administrators must contact Microsoft Support for Business. Everyone else will have to wait for a permanent fix, which Microsoft says will be delivered in a future Windows update.

Despite Microsoft’s recent emphasis on improving the Windows user experience, the operating system’s updates continue to be plagued by bugs and reliability issues. According to posts on Microsoft’s official forums, the June 2026 update has introduced a variety of annoying bugs, including problems accessing OneDrive and Dropbox. IT administrators are also reporting sluggish File Explorer performance across hundreds of PCs in their organizations.

Some HP users are reporting random BSODs after installing the update, while Lenovo users say their PCs freeze even under moderate workloads. Additionally, one IT administrator claims the update is triggering BitLocker Recovery on devices configured with local accounts and says a Microsoft support chatbot told them the only solution is to wipe the computer and reinstall Windows.

Crystal ball: The company accused of making Pokémon copycats “with guns” says it is not interested in using generative AI in its games. It argues that gamers are largely opposed to this kind of content, while noting that generative AI is likely to remain a controversial topic in the industry for a range of reasons.

The debate around AI-generated assets in games is heating up, and Pocketpair has already taken a clear stance. The Japanese studio, best known for Palworld, says it is not using generative AI in its games, arguing that potential customers are rejecting “fake” assets and other AI-generated content.

In a recent interview, Pocketpair’s Head of Publishing & Communications John Buckley said that “gamers don’t want it.” And “if the gamers don’t want it, I guess that’s it, right? Not much of a conversation to be had.”

The Palworld developer has previously faced accusations of both plagiarism and the use of generative AI in creating some of the game’s assets and creature designs. Nintendo is pursuing legal action against the studio, though the dispute has not unfolded entirely in the company’s favor so far.

During the interview, Buckley also said that some developers are already using generative AI in their games. However, he believes the trend is not yet widespread, and added that Pocketpair has no interest in extensively adopting the technology in any case.

Some companies are exploring chatbots and large language models to save time and reduce reliance on human creators, but growing public pushback suggests the generative AI “bubble” could eventually burst. Pocketpair already has all the in-house artists it needs, Buckley said, arguing there is no “pointless” reason to replace staff with AI systems doing the same work.

The controversy around generative AI in gaming continues to intensify. Established studios such as Crystal Dynamics have found themselves explaining the use of AI-generated assets as placeholders in the latest Tomb Raider remake. Meanwhile, Sega faced significant backlash after introducing the new Crazy Taxi game as an AI-assisted production.

Steam now requires developers to disclose whether and how they have used AI in their games. Epic Games CEO Tim Sweeney, however, has argued that Valve’s disclosure requirement is unnecessary, claiming that nearly all future games will incorporate generative AI in some form.

Pocketpair’s John Buckley is less convinced by Sweeney’s stance. He suggests the industry could eventually split, with some studios leaning into a heavily marketed “human-made” identity as a response to growing concerns over “AI slop” in digital storefronts. He also believes AI adoption could become a regional divide.

Developers in parts of Asia, including China and South Korea, may adopt AI more rapidly than competitors, while Western studios – and players – remain more resistant. Stellar Blade developer Shift Up has also said that generative AI could help South Korean studios compete with much larger companies in China and the US.

Alogic is bringing more touch and stylus input options to Mac with a new desktop monitor and portable displays, expanding a lineup that adds a feature Apple doesn’t offer on its own hardware yet.

The company unveiled the Aspekt Touch 27 and Folio portable displays at InfoComm 2026, expanding its lineup of touch-enabled hardware for Mac users. Both products let users interact directly with apps, documents, presentations, and creative projects through touch and stylus input.

Alogic is one of the few monitor makers offering touchscreen hardware for Macs. The company uses its own software to enable touch gestures, navigation, annotation, and drawing on macOS.

The Aspekt Touch 27 adds touchscreen input to a desktop monitor

The Aspekt Touch 27 is a smaller version of Alogic’s existing 32-inch model. The new display combines a 27-inch 4K IPS touchscreen with a 60Hz refresh rate, 600 nits of brightness, a 1000:1 contrast ratio, and support for 97% of the DCI-P3 color space, 93% Adobe RGB, and 100% sRGB.

Alogic pairs the display with its Active Stylus, which offers 4,096 levels of pressure sensitivity. The monitor supports 10-point multitouch input and MPP 2.0 styluses, while a magnetic holder wirelessly charges the stylus between uses.

The monitor also functions as a docking station with HDMI 2.0, DisplayPort 1.4, USB-C, Gigabit Ethernet, and a 3.5mm headphone jack. Three USB-C ports, two USB-A ports, dual 5W speakers, and up to 150W of total charging output are built into the display, including up to 90W of USB-C power delivery for a connected laptop.

The Aspekt Touch 27 is available in Silver and Space Black, and buyers can choose from a Raise Stand, a Fold Stand, or an Omni Fold Stand. The Fold Stand lowers the display into a drafting position for stylus use, while the Omni Fold Stand includes an integrated mount for an M4 Mac mini.

Folio targets portable Mac and iPad workflows

Alogic also introduced the Folio and Folio Duo portable touchscreen displays for users who need a secondary screen away from a desk. The standard Folio features a 16-inch QHD IPS touchscreen, while the Folio Duo combines two 16-inch panels into a folding design that can be used side by side or stacked vertically.

A fabric cover doubles as a stand and allows the displays to fold flat for travel.

The Folio Duo

Both models deliver 400 nits of brightness, a 1000:1 contrast ratio, and 100% sRGB color coverage. The displays support 10-point multitouch interaction, stylus input, and full gesture controls on both Mac and Windows.

The portable displays operate over a single USB-C connection and support up to 45W of passthrough charging. A magnetic attachment point wirelessly charges the Active Stylus. The Folio weighs about 1 kilogram, while the dual-screen Folio Duo weighs about 1.2 kilograms.

Alogic says the Folio lineup is the first portable display series to bring full gesture controls and 10-point multitouch support to both Mac and Windows. The company says users can draw, annotate, and edit content directly on screen without moving projects between a computer and tablet.

Alogic has spent years targeting users who want touch and stylus input on macOS. The Aspekt Touch 27 and Folio lineup expand those options with both desktop and portable designs.

The Aspekt Touch 27 starts at $1,799 and will be available beginning in July. The Folio is priced at $899, while the Folio Duo costs $1,299. Both portable displays are expected to launch around September.