The Federal Communications Commission continued its crackdown on Chinese tech on Friday, issuing a new proposal that would extend a ban on companies to products previously authorized.

In 2021, companies such as Huawei, Hikvision, Dahua, Hytera and ZTE were added to the FCC’s Covered List, a record of companies and products that the FCC believes pose a national security risk to the US, under the Secure Networks Act. The Chinese companies produce mobile phones, security cameras and other tech products.

But the 2021 ban applied only to new models that the FCC hadn’t authorized, and companies were free to keep selling models that had already received the FCC’s stamp of approval. If approved, the new proposal would ban these companies entirely, including those previously approved products. 

“Older models of covered equipment pose an unacceptable risk today when imported or marketed in the United States, not only when such equipment is new to the market,” an FCC report from October said.

The proposal will be open for comment until May 6, after which the commission will vote on whether to adopt the rules. The ban won’t affect devices already owned by Americans.

Read more: My Expert Advice: Don’t Buy a Router Until We Know More About the FCC’s Ban

Millions of consumers and businesses rely on Wi-Fi routers, telecommunications equipment and security cameras every day, making these devices critical links in both home and office networks. The Federal Communications Commission shocked the broadband industry on March 23 by effectively banning the sale of future foreign-made Wi-Fi routers (including some of the biggest router brands). 

In recent years, Chinese telecommunications companies have faced restrictions on operating in the US. In 2020, The Wall Street Journal cited US officials who reportedly said that Chinese companies, including Huawei, used backdoor access intended for law enforcement to track sensitive information.

But this ban could be implemented quickly. The FCC proposes that “all parties [will have to] cease all importation and marketing activities within 30 days of the effective date of the prohibition.”

This proposition doesn’t reflect a final legal ruling on telecommunications imports, but it does reflect how the Trump administration has been increasingly pressuring Chinese tech companies in recent months.

The foreign-made router ban was only the latest in a string of decisions that have placed restrictions on Chinese tech companies operating in the US.

In December, the FCC banned the importation of Chinese-made drones into the US. Just months before that, the agency voted to block new approvals for any device containing parts manufactured by companies on the Covered List.

Representatives from the FCC and Huawei didn’t immediately respond to requests for comment.

• Quantum resource estimates suggest encryption barriers may fall faster than expected
• Reduced qubit requirements bring theoretical attacks closer to practical reality
• Bitcoin’s cryptographic foundations face pressure from advancing quantum algorithm efficiency

Google researchers have revised expectations around the computational requirements needed to break widely used cryptographic systems protecting cryptocurrencies.

The company’s latest whitepaper claims a future quantum machine could solve the elliptic curve discrete logarithm problem using significantly fewer resources than previously assumed.

Kalshi can’t be stopped in New Jersey. A 3rd US Circuit Court of Appeals panel ruled on Monday that New Jersey has no authority to regulate Kalshi’s prediction market allowing people to bet on the outcome of sports events. That power rests with the Commodity Futures Trading Commission, the panel ruled 2-1.

The CFTC is headed by President Donald Trump appointee Michael Selig, who vocally and actively supports prediction markets like Kalshi and Polymarket, calling them “exciting products.” The Trump family agrees: Donald Trump Jr. is a paid adviser to Kalshi and an unpaid adviser to Polymarket, and Truth Social, which is run by the Trump Media and Technology Group, is set to start a prediction market of its own.

Online prediction markets are an emerging phenomenon that allow users to bet on the outcome of basically anything, from local athletic competitions to lethal military invasions. Though they’re new, these marketplaces have already shown evidence of insider trading on an extreme scale, with suspicious bets and big payouts tied to the US and Israel’s military strikes in Iran, and also the US’ brief invasion in Venezuela. According to blockchain analyst DeFi Oasis, fewer than 0.04 percent of Polymarket accounts captured more than 70 percent of profits, totaling $3.7 billion.

Multiple state gaming regulators have filed legal challenges against Kalshi and Polymarket in recent months, and just last week the CFTC sued Arizona, Connecticut and Illinois over their attempts to regulate prediction markets. While each state has its own angle of attack, from election issues to underage betting, they’re all broadly claiming that prediction markets are just illegal gambling businesses. Today’s ruling marks the first federal-level decision in one of these cases and it’s in favor of the prediction markets.

New Jersey sent Kalshi a cease and desist letter in 2025, claiming the service violated the state’s ban on collegiate sports betting. Kalshi escalated the situation and sued New Jersey, arguing that its sports contracts are actually swaps, a type of financial investment that’s (conveniently) regulated by the CFTC. A lower-court judge previously sided with Kalshi, prompting New Jersey to appeal. Two of the three judges in that appeal ruled that Kalshi’s sports-related event contracts were indeed swaps. Kalshi CEO Tarek Mansour called Monday’s ruling “a big win for the industry.”

US Circuit Judge Jane Richards Roth dissented, writing that Kalshi’s “offerings were virtually indistinguishable from the ​betting products available on online sportsbooks, such as DraftKings and FanDuel.”

New Jersey Attorney General Jennifer Davenport has the option to ask the full 3rd Circuit to rehear the case, and the issue is also pending in several other courts.

A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise.

GPUBreach was developed by a team of researchers at the University of Toronto, and full details will be presented at the upcoming IEEE Symposium on Security & Privacy on April 13 in Oakland.

The researchers demonstrated that Rowhammer-induced bit flips in GDDR6 can corrupt GPU page tables (PTEs) and grant arbitrary GPU memory read/write access to an unprivileged CUDA kernel.

An attacker may then chain this into a CPU-side escalation by exploiting memory-safety bugs in the NVIDIA driver, potentially leading to complete system compromise without the need to disable Input-Output Memory Management Unit (IOMMU) protection.

IOMMU is a hardware unit that protects against direct memory attacks. It controls and restricts how devices access memory by managing which memory regions are accessible to each device.

Despite being an effective measure against most direct memory access (DMA) attacks, IOMMU does not stop GPUBreach.

“GPUBreach shows that GPU Rowhammer attacks can move beyond data corruption to real privilege escalation,” the researchers explain.

“By corrupting GPU page tables, an unprivileged CUDA kernel can gain arbitrary GPU memory read/write, and then chain that capability into CPU-side escalation by exploiting newly discovered memory-safety bugs in the NVIDIA driver.”

“The result is system-wide compromise up to a root shell, without disabling IOMMU, unlike contemporary works, making GPUBreach a more potent threat.”

The same researchers previously demonstrated GPUHammer, the first attack showing that Rowhammer attacks on GPUs are practical, prompting NVIDIA to issue a warning to users and suggesting the activation of the System Level Error-Correcting Code mitigation to block such attempts on GDDR6 memory.

However, GPUBreach is taking the threat to the next level, showing that it is possible not only to corrupt data but also to gain root privileges with IOMMU enabled.

The researchers exemplified the results with an NVIDIA RTX A6000 GPU with GDDR6. This model is widely used in AI development and training workloads.

Disclosure and mitigations

The University of Toronto researchers reported their findings to NVIDIA, Google, AWS, and Microsoft on November 11, 2025.

Google acknowledged the report and awarded the researchers a $600 bug bounty.

NVIDIA stated that it may update its existing security notice from July 2025 to include the newly discovered attack possibilities.

As demonstrated by the researchers, IOMMU alone is insufficient if GPU-controlled memory can corrupt trusted driver state, so users at risk should rely solely on that security measure.

Error Correcting Code (ECC) memory helps correct single-bit flips and detect double-bit flips, but it is not reliable against multi-bit flips.

Ultimately, the researchers underlined that GPUBreach is completely unmitigated for consumer GPUs without ECC.

The researchers will publish the full details of their work, including a technical paper and a GitHub repository with the reproduction package and scripts, on April 13.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Advertisement

Get Your Copy Now

In short: Xoople, a Madrid-based geospatial data company founded in 2019, has raised a $130 million Series B led by Nazca Capital, bringing its total funding to $225 million and pushing its valuation into unicorn territory. The round was co-invested by MCH Private Equity, CDTI (the Spanish government’s technology development fund), Buenavista Equity Partners, and Endeavor Catalyst. Alongside the raise, Xoople announced a partnership with US space and defence contractor L3Harris Technologies to build sensors for its own satellite constellation, designed to produce Earth surface data it says will be “two orders of magnitude better than existing monitoring systems.” The company’s EarthAI platform, built on Microsoft Azure and distributed through Microsoft and Esri, delivers continuous surface intelligence for insurers, farmers, governments, and infrastructure operators.

Xoople has spent seven years building something that did not previously exist in a commercially deployable form: a continuous, AI-native data layer for the Earth’s surface. The Madrid startup, founded in 2019, emerged from that development period with a €115 million in prior funding, a platform embedded in the two most widely used enterprise geospatial ecosystems in the world, and a thesis that the AI era will require a fundamentally different approach to Earth observation — one designed from the ground up for machine learning rather than adapted from satellite imagery workflows built for human analysts. The $130 million Series B, led by Nazca Capital, confirms that investors believe that thesis is credible enough to back at scale.

CEO and co-founder Fabrizio Pirondini told TechCrunch the raise brings Xoople’s total funding to $225 million and puts the company in unicorn territory on valuation. The round was joined by MCH Private Equity, CDTI, the Spanish government-backed technology development fund that has also backed Nazca Capital’s aerospace and defence fund, Buenavista Equity Partners, and Endeavor Catalyst.

What EarthAI actually does

Xoople’s core product, EarthAI, is an end-to-end Earth intelligence system. It ingests continuous surface data, currently sourced from government spacecraft and third-party satellite networks, and processes it into AI-ready datasets that can be queried for change detection, risk prediction, and environmental monitoring. The key design choice is continuity: rather than producing point-in-time images for human review, EarthAI is built to stream a persistent, structured view of the planet’s surface into AI models that need regular, reliable ground truth.

The use cases span industries that share a dependence on understanding what is happening on the physical surface of the Earth. For agriculture, EarthAI provides early detection of crop stress, monitors soil health and water conditions, and generates data that enables farmers to participate in carbon credit markets. For insurance, it enables more precise climate risk pricing and real-time verification of natural disaster claims, removing the delay and subjectivity of ground-based assessments. For infrastructure operators, it monitors physical assets for signs of stress or degradation before failures occur. For governments, it supports emergency planning, environmental enforcement, and humanitarian response. Capital flowing into specialised AI applications at the intersection of science, data, and infrastructure has accelerated considerably over the past year, and Xoople sits precisely at that intersection.

The satellite play

The $130 million will fund Xoople’s transition from a platform built on others’ data to one powered by its own. Alongside the Series B, the company announced a partnership with L3Harris Technologies, a US space and defence contractor, to design and manufacture sensors for Xoople’s own satellite constellation. The sensors will collect optical data. Pirondini told TechCrunch that the constellation is designed to produce “a stream of data that is going to be two orders of magnitude better than existing monitoring systems“, a claim that, if borne out, would represent a substantial leap over the imagery quality currently available from commercial earth observation operators.

That claim is where Xoople meets its competitive reality. The company is entering a market that includes Vantor (formerly Maxar Intelligence, rebranded in October 2025), Planet Labs, BlackSky, Airbus Defence and Space, ICEYE, and Capella Space — all of which have satellites already in orbit and established AI-focused data processing pipelines. Companies building the hardware and data layers that AI depends on face a lengthy gap between the announcement of a new approach and its delivery in deployable form, and Xoople’s constellation is not yet in orbit. For now, EarthAI runs on data it did not produce. The L3Harris partnership signals that the proprietary data supply is the next phase.

Distribution before data

Xoople’s strategic sequencing is unusual for an Earth observation company. Most competitors in the space led with hardware — launching satellites, then figuring out distribution. Xoople did the reverse: it spent its first seven years embedding its platform into Microsoft and Esri, the two dominant environments where enterprise buyers, governments, and GIS professionals already live. Neither Microsoft nor Esri has its own proprietary satellite data. Xoople positioned itself to supply that gap from inside the platforms where the purchasing decisions are made.

The Microsoft relationship is structural: Xoople’s platform runs on Azure, and the company is integrated with Microsoft’s Planetary Computer Pro, which delivers AI-powered geospatial insights for enterprise use. Esri, the world’s largest geospatial software company, is a partner distributor. The implication is that when Xoople’s own constellation is operational and its data quality delivers on the “two orders of magnitude” promise, it will have distribution in place that its newer competitors would need years to replicate. The investment flowing into cloud-based AI data infrastructure has made the ability to process and deliver petabytes of Earth surface data at low latency a tractable problem; the scarcity is in the quality and continuity of the underlying data itself.

A Spanish unicorn in a European context

Xoople’s raise is one of the larger deep tech rounds to come out of Spain in recent years, and it lands in a moment that the European space and defence investment community has been accelerating. Nazca Capital, which led the Series B, runs Spain’s largest private equity fund specialised in aerospace and defence, a fund that also received a €294 million commitment from CDTI and a €40 million investment from the European Investment Fund. The investor composition of the Xoople round,government-backed funds, European private equity, and Endeavor Catalyst, which focuses on high-impact technology entrepreneurs, reflects the persistent tension in European technology between deep technical ambition and the capital required to realise it: the funding is patient, multi-source, and has a public interest dimension that pure venture rounds often lack.

The earth observation market was valued at $7.04 billion in 2025 and is projected to reach $14.55 billion by 2034, growing at just over 8% annually. Xoople is betting that as AI models grow more capable and more dependent on real-world data, the market for continuous, structured Earth surface intelligence, rather than periodic imagery, will grow faster than that aggregate. A year in which the appetite for AI applications in climate, infrastructure, and environmental risk grew considerably provided the validation Xoople needed; the $130 million is the bet that the second half of the decade will prove it right at scale.