Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Ernst & Young is notifying customers of a data breach caused by the compromise of a third-party support ticket system used by its IT personnel.
According to the company, support tickets submitted through the platform may have included documents containing client tax information.
Ernst & Young (EY) is among the world’s four largest auditing and professional services providers, offering auditing, tax, consulting, and transaction advisory services to major organizations in more than 150 countries.
The company employs 406,000 people and reported a global revenue of $53.2 billion last year.
The breach notification to affected clients states that Ernst & Young detected anomalous activity on its networks on April 23 and initiated an investigation.
With help from external cybersecurity experts, the company determined that an unauthorized third party had accessed the said platform between March 28 and April 12 and downloaded multiple documents.
The affected information included certain personal and financial data contained in or used to prepare tax filings. Since the notification sample features a placeholder for the specific data types, the type of the information exposed remains unclear.
Also, the company has not shared exactly how many customers were affected or whether the incident impacts only its U.S. customer base or other countries as well.
Ernst & Young says it secured its systems and notified federal law enforcement authorities, while it has assured that the unauthorized access has been removed.
The company also states that it is not aware of any misuse or further exposure of the stolen files and has no indication that particular individuals were targeted by the threat actors.
To mitigate the risks arising from this exposure, EY offers affected clients 24 months of identity monitoring and restoration service through Experian and urges letter recipients to enroll by October 31, 2026.
At the time of writing, no data extortion or ransomware groups have taken responsibility for the attack on Ernst & Young.
BleepingComputer has contacted EY to learn more about the incident, but we have not yet received a response at the time of publication.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Apple’s affordable MacBook Neo could soon become much harder to buy.
The company has significantly reduced production plans for the laptop, not because demand has cooled, but because ongoing memory shortages are putting pressure on chip supplies.
According to DigiTimes, Apple has cut its production target for the MacBook Neo by up to 40%. This lowers expected output from around 10 million units to between six and seven million by the end of the year.
The move is notable given how well the laptop has reportedly performed since launch. Earlier reports suggested the MacBook Neo had boosted Apple’s overall Mac sales by around 10%. Strong demand for its lower price point has made it one of the company’s biggest hardware successes of the year.
Apple is believed to have originally planned to build between five and six million units, largely using stockpiles of A18 Pro chips with one disabled GPU core. As demand exceeded expectations, the company reportedly doubled its production target to around 10 million devices.
Now, however, those plans appear to have run into a familiar problem.
The latest report points to the ongoing DRAM shortage, which is affecting production across the semiconductor industry. With AI hardware continuing to dominate manufacturing capacity, foundries such as TSMC are reportedly prioritising higher-margin chips for data centres. This is coming at the expense of processors destined for more affordable consumer devices.
That leaves Apple with two options: pay considerably more to secure additional A18 Pro production or reduce MacBook Neo output. According to the report, the company has chosen the latter. This allows it to protect profit margins rather than absorb higher component costs or increase the laptop’s price only months after launch.
If the report proves accurate, it could make the MacBook Neo increasingly difficult to find over the coming months. This will be especially true if demand remains strong heading into the holiday shopping season.
For now, there’s no indication that Apple plans to discontinue the model or replace it. Instead, prospective buyers may need to act sooner rather than later if stock becomes more limited. The price of the machine has already risen by £100/$100 since launch due to the RAM issues.
As with any supply chain report, it’s worth treating these claims with some caution until Apple comments officially. Still, if Apple really has scaled back MacBook Neo production by nearly half, the laptop’s biggest challenge may no longer be convincing buyers. It could simply be keeping enough units on shelves.
For about two decades, a Singapore brand in a Chinese shopping mall exuded “quality,” “hygiene,” “trustworthy”—a halo effect so strong that brands like BreadTalk, Jumbo Seafood, Toast Box and Food Republic could set up premium real estate in Beijing, Shanghai and Chengdu and watch the country’s rising middle class come to them as it rode the wave of China’s consumption upgrade.
However, the appeal of “Singapore quality” has since faded, and that golden era is over.
Food Republic closed its last Beijing outlet on Jun 15, 2026. Its parent company, BreadTalk, had already exited the capital completely at the end of Mar, down from 460 China outlets at its peak to roughly 200 today.
Jumbo Seafood is planning to close its outlets across China and consolidate its operations in Shanghai. Song Fa Bak Kut Teh has already made a similar move, having exited other Chinese cities; its sole remaining outlet in the country is also located in Shanghai.
Evidently, the Singapore F&B retreat from China is not just a single brand’s failure, but rather a structural reckoning, and the story of what comes next is only beginning.


In the early 2000s, “Singapore quality” was seen as a genuine competitive advantage in China.
As Chinese incomes rose and the middle class expanded, there was a real appetite for international dining experiences that felt premium yet accessible.
Singapore’s hawker heritage, such as bak kut teh, chilli crab, kaya toast, offered the Chinese middle-class familiar Asian flavours with an international pedigree.
BreadTalk was a pioneer amongst Singapore businesses in overseas expansion to China. Founded in Singapore in 2000 by George Quek, the group grew to nearly 1,000 outlets across 17 countries at its peak, with China as its largest market.
Jumbo claimed to serve 1.6 tonnes of crab per day at its three Shanghai outlets in 2017. Song Fa, Putien, Paradise Group, and Toast Box all expanded into first-tier cities like Beijing, Shanghai, Guangzhou and Shenzhen, and, buoyed by success, pushed further into second-tier cities like Chengdu, Hangzhou, and Nanjing.
For about two decades, the aura of “Singapore quality” worked in China—until around 2023.


The turning point was not just one event but several overlapping shifts that fundamentally changed what Chinese consumers want and who they are willing to pay for.
Firstly, consumer spending has contracted greatly over the years. China’s property market downturn eroded middle-class wealth, while youth unemployment hit record highs in 2023. As such, the aspirational spending that once fuelled premium dining retreated sharply.
Those with more wealth also weren’t spending as much as they used to. Jumbo Group CEO Ang Kiam Meng told Lianhe Zaobao that consumer confidence is the main issue and that the CCP’s “eight-point regulations” limiting corporate entertainment spending had hit the entire mid-to-high-end F&B environment hard.
The Jumbo Group financials show that out of the total revenue of S$178.8 million in 2023, China’s revenue was S$26.1 million, but it dropped by a whopping 27.6% to S$18.9 million in FY2024 and S$18.3 million in FY2025.


Secondly, it’s important to acknowledge that local Chinese brands have become formidable world-class competitors. While Singapore operators were managing existing outlets, Chinese competitors were investing in R&D and digital marketing, building social media presences on Douyin, and getting onto food delivery platforms like Meituan with aggressive discounts, building loyal followings online and physically that Singapore brands struggled to match.
Putien’s general manager for China, Ling Ling Kong, observed that market traffic is now increasingly concentrated among leading Internet-famous brands, making it harder for traditional quality restaurants to attract new customers.
BreadTalk’s own spokesperson acknowledged that the rapid rise of Chinese brands, coupled with the growing importance of food delivery and e-commerce platforms, has reshaped the entire competitive landscape.
Underlying all of this was the fading of the Singapore premium itself. Jianggan Li, CEO of consultancy Momentum Works, explained that “the place of origin of overseas brands, including Singapore’s, has shifted from a competitive advantage to mere background information.”
Chinese consumers today care about product quality, whether prices are reasonable, and whether the experience is worth sharing online. A brand being from Singapore no longer moves the needle the way it once did.
As such, with the added pressures of high rents in core commercial districts and the cost of high-quality ingredients, shrinking profit margins have increasingly become a reality for the entire industry, including Singaporean businesses.


Since around 2023, most Singapore brands have been quietly consolidating—and by now, Shanghai has become the last viable city for almost all of them, but even there, the competitive environment is brutal.
BreadTalk took the deepest cut, contracting from 460 China outlets to roughly 200 while Food Republic retains four remaining Shanghai outlets, and pivoted to a new avenue of growth in operating canteens for schools and companies. The group’s sights are now firmly set on a S$1 billion revenue target by 2029, built on its Singapore and Thailand bakeries and its Din Tai Fung franchise rights.
BreadTalk still operates across 14 international markets.
Jumbo is making a similar pivot, foreseeing the closure of six restaurants in six Chinese cities to focus on Shanghai while betting on a different kind of growth at home: a new S$10 million Tai Seng headquarters with a dedicated catering kitchen and a new subsidiary, Jumbo Catering Services, with Jakarta and Ho Chi Minh City next on the list.
On the other hand, Jumbo still has outlets in South Korea, Thailand, and Cambodia, maintaining its overseas footprint to comprise more than just China.
These overseas expansions operate on the logic that Asian markets offer growing middle classes, cultural familiarity with Singaporean food, and less savage competition than in China.
Song Fa, meanwhile, has drawn a quiet line under its China ambitions entirely, condensing to just a single Shanghai outlet while refocusing on Singapore and tourist-facing spots like Jewel Changi Airport.
Of all these retreats, Putien is an outlier, holding on. By capping its China presence at 20 to 30 outlets from the start and holding 27 today, it never overextended, and that discipline now looks like it’s paying off as it never badly exposed the company in the first place.
What’s striking is that none of these is failing companies.
Jumbo’s first-half 2025 revenue grew 7.9% to S$105 million, driven by Singapore operations, while BreadTalk hit nearly S$600 million in 2023 revenue. They are companies recalibrating, rather than collapsing, shedding China exposure that was diluting returns and doubling down on markets where they still have genuine advantages.
The harder question is what happens when those alternatives face the same pressures.


As Singapore’s F&B brands retreat from China, Chinese F&B brands are also flooding into Singapore at an unprecedented pace.
About 85 Chinese F&B brands were operating approximately 405 outlets in Singapore as of Aug 2025, more than double the 32 brands running 184 outlets just a year earlier, according to data from Inside Retail.
Chagee, Mixue, Tai Er, Nong Geng Ji — brands Singaporeans now see in every major mall — are using Singapore as a launchpad to greater expansion, leveraging the city’s regulatory clarity, international reputation, and diverse consumer base to validate their concepts before moving into broader Southeast Asia.
There’s a temptation to frame this as China got hard, so Singapore’s F&Bs are coming home. But home isn’t a soft landing either.
Singapore’s F&B sector recorded over 3,000 outlet closures in 2024—the highest in almost two decades—and closures continued at roughly 300 every month through 2025.
The format that’s struggling in China is also struggling in Singapore.
This exposes a much bleaker read of Singapore businesses than a simple East-versus-West business environment contrast, and it raises the question of where these companies can expect growth to come if they’re to continue in their old ways in the seemingly foreign retail landscape back at home.
The dynamic is a direct inversion of what happened in China a decade ago, where Singapore brands rode the wave of China’s consumption upgrade.
Now, Chinese brands are riding Singapore’s position as Southeast Asia’s gateway city and bringing the capital backing, digital marketing muscle, and operational scale that Singapore brands found themselves lacking when competing in China.


Momentum Works’ Li felt that Singapore brands’ retreating from China aren’t necessarily poor brands, but rather brands that were once successful but failed to keep pace with the speed of change in the Chinese market.
China’s market has never lacked opportunities, but it is simply changing too quickly. Many Singapore brands entered, attempting to solve the needs of consumers a decade ago, and found themselves stranded when those needs shifted.
A restaurateur who has operated a Singaporean restaurant in Beijing for 14 years noted that Singapore companies were not aggressive enough in capturing market share, were underinvested in their frontline teams, and were too slow to embrace digital marketing.
What they lost in China was not just outlets, but also the assumption that being Singaporean was enough.
As Li advices: “Singapore brands that can continue to survive in China would either have to offer Singaporean characteristics and experiences that other Chinese brands cannot replace, or fully localise themselves.”
Also Read: The price of going regional: Raffles Medical’s S$600M bet is still struggling to pay off
Featured Image Credit: Jumbo Seafood, JonasCN via Tripadvisor
Investor interest in these IPOs comes amid growing concerns over whether hyperscalers, whose shares have soared in recent years, will be able to convert their huge spending into profits. Many traders are instead starting to look at smaller companies or those in other sectors that are likely to benefit from this wave of investment.
Fervo chief executive Tim Latimer says the company and its investors view public markets as a way to grow quicker. Fervo raised more than $2bn when it went public in May. Michael Nagle/Bloomberg
Credit:
However, despite the surging demand for energy and the strong interest in the IPOs, there are signs that investors are buying into hot stocks at flotation, only to sell out shortly afterwards.
Nearly two-thirds of the energy companies that floated this year and last are now trading below their offer price, according to Dealogic. That compares with less than 40 percent of IPOs across all sectors that are underwater.
X-energy, which develops small modular nuclear reactors and is backed by Amazon, came to market in April and is now trading 33 percent below its $23 offer price. ERock, a gas generator maker, has lost 42 percent of its value since its IPO in June, while Fermi, a data center energy company, is down 68 percent since coming to market in September.
Deep Fission, which is designing nuclear reactors to be buried in one-mile underground holes, raised $40 million in June, a 73 percent cut from its initial target. The company’s shares are down 33 percent from its Wall Street debut.
Brian Kessens, senior portfolio manager at energy-focused fund firm Tortoise Capital, said some traders are buying into IPOs then selling quickly and “rolling into the next one.”
Investment banks need to make sure they’re setting “reasonable valuations” and be more careful about selling shares to investors who are likely to flip fast, he added.
“If you think that an IPO is going to go really well, then it’s in some sense free money,” said RBC’s Dendrinos.
Some companies, like X-energy and Deep Fission, are developing technologies that critics say are not yet proven to be technically or commercially viable.
Often those faring better have “a real business now,” said Jeff Osborne, a sustainability and energy transition analyst at TD Cowen, and are “less of a science experiment.”
Additional reporting by George Steer. Data visualisation by Nolan Shaffer
© 2025 The Financial Times Ltd. All rights reserved. Not to be redistributed, copied, or modified in any way.
Looking ahead: Apple users have long wondered when the Cupertino company would expand OLED technology beyond the iPhone and iPad Pro. The latest information suggests that Apple’s entry-level tablet could receive the display upgrade this fall, with other models expected to follow in the coming months.
Bloomberg’s Mark Gurman reports that Apple is aiming to release a revised iPad mini with an OLED display by October. Meanwhile, a new version of the standard iPad is expected to launch in the first quarter of 2027, followed by an OLED-equipped iPad Air and a new iPad Pro in the spring.
It remains unclear how much Apple’s plans have changed since earlier reports about an OLED iPad mini. In 2025, Gurman claimed that the device would debut in the spring of 2026 with a water-resistant chassis and a slightly higher price tag. Despite the apparent delay, plans for the iPad Air and iPad Pro do not seem to have changed. The standard iPad is expected to retain its LCD display while receiving a processor upgrade.

Overall, Gurman describes Apple’s plans for the next several months as the biggest overhaul of the iPad lineup in half a decade. The iPhone received its first OLED display in 2017, while iPad Pro models have featured OLED panels since 2024.
Pricing expectations have also changed since earlier reports, and the ongoing RAM shortage has likely made future prices more difficult to predict. The OLED iPad mini was originally expected to start at $599, but the current model reached that price last month after all iPad and MacBook models received significant price increases.
Also read: Which iPad Model Should You Get? 2026 Update
Apple is expected to unveil the OLED iPad mini after revealing the iPad 18 Pro and the company’s first foldable device, the iPhone Ultra, in September. Those launches could be followed by another new touchscreen product from Cupertino and the next device to carry the “Ultra” moniker: the MacBook Ultra.
Although the laptop’s expected launch date remains unclear, tipsters now believe that the next MacBook model will feature a touchscreen. The discovery of full touchscreen support for Sidecar – which currently supports only Apple Pencil input and a limited number of touch gestures – in the macOS 27 developer preview increases the likelihood of a touch-enabled MacBook. However, Apple does not plan to replace iPads with 2-in-1 MacBooks anytime soon.
The iPhone maker has accused OpenAI of stealing hardware secrets via its former employees.
Apple has reportedly contacted around 40 of its former employees who now work for OpenAI, as it looks to gather evidence of alleged trade secrets theft by the AI juggernaut.
The iPhone maker launched a major lawsuit against OpenAI last week, accusing the company stealing hardware secrets from Apple via its former employees to develop its own line of devices.
Reports of OpenAI’s upcoming AI-powered smart speaker surfaced just days later. Sources told Bloomberg that the new device is designed to be a next-generation, ChatGPT-powered home computer – meant to be a physical embodiment of the AI chatbot.
In legal letters, Apple directed its ex-employees at OpenAI to collect and preserve certain documents. More than 400 former Apple workers are now employed at OpenAI.
In its lawsuit, Apple accused OpenAI of a “coordinated pattern of misconduct at an institutional level”, alleging that the AI start-up instructed potential job candidates from Apple to bring design artefacts and prototypes to their interviews.
The lawsuit levelled accusations against two former Apple employees, including Io co-founder Tang Yew Tan, who currently serves as OpenAI’s chief hardware officer.
According to Apple, Tan had been “methodically using Apple’s confidential information to benefit OpenAI”. He has been accused of directing job candidates still working at Apple to bring confidential physical parts from products under development for ‘show and tell’ sessions at OpenAI.
Tan co-founded Io alongside Apple design veteran Jony Ive, Scott Cannon and Evans Hankey in 2024, and led the line as its chief hardware officer. The hardware start-up was acquired by OpenAI for $6.5bn last year.
OpenAI already owned around 23pc of Io prior to the acquisition. Bloomberg reported that tensions between the companies worsened after OpenAI poached Ive to help with its product line.
Apple has been working on its AI offerings in hopes of catching up with its industry rivals. Earlier this year, reports emerged that suggested Apple was set to move away from ChatGPT exclusivity for its Siri voice assistant. The company was also reportedly developing three AI-infused wearables, including smart glasses, earlier this year.
Last month, it launched Siri AI, marketed as an “entirely new version of Siri”. The new AI agent can draw from messages, emails, photos and more from Apple devices to power new features across editing, communication and organisation.
The iPhone maker is also reportedly on the lookout to acquire AI chip companies in a bid to reduce its dependency on Nvidia. Meanwhile, it recently renewed its deal with Broadcom for custom-made chips through to 2031.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
Capital One on Thursday released VulnHunter, an open-source, agentic AI security tool that scans source code for exploitable vulnerabilities, maps out how an attacker would reach them, and proposes targeted fixes — all before a single line ships to production. The tool, built internally and now available on GitHub under an Apache 2.0 license, is one of the most ambitious attempts by a major financial institution to turn offensive AI capabilities into a public defensive resource.
At a time when security teams are facing a rising tide of new AI threats, Capital One’s decision to open-source the tool reflects an effort, according to CISO Chris Nims, to address “an increasingly brief window before sophisticated, next-generation AI attack capabilities become affordable and accessible to virtually every adversary.”
Capital One is not simply releasing another vulnerability scanner. VulnHunter introduces what the company calls an “attacker-first forward analysis” — a workflow in which the tool begins at the points where a real adversary would enter a system, such as APIs, network messages, or file uploads, and reasons forward through the application’s logic to determine whether an exploit path actually survives the code’s existing defenses. Conventional scanners typically work in reverse, flagging a dangerous-looking code pattern and then searching backward for a hypothetical attacker. That approach, security practitioners widely acknowledge, buries engineering teams under avalanches of false positives.
VulnHunter attacks that problem head-on with a second innovation: a built-in “falsification engine” that tries to disprove its own findings before a developer ever sees them. After the tool surfaces a potential vulnerability, a structured reasoning workflow hunts for logical gaps, unsupported assumptions, and conditions that would prevent the attack from succeeding. Only findings the engine fails to rule out reach a human reviewer — and when they do, VulnHunter delivers not just an alert but a full explanation of the exploit path and a proposed code fix ready for engineering review.
The tool currently runs on Anthropic’s Claude Opus 4.8 model inside a Claude Code environment, though Capital One says the framework has the potential to work across other foundation models and coding harnesses.
Asked why Capital One decided to open-source a tool this consequential, Nims pointed to the communal nature of the problem.
“We felt an imperative to open-source VulnHunter because modern software supply chains are very connected, and the scale of the AI threat is larger than any single organization,” Nims told VentureBeat. “Securing software and our digital environments is a shared foundation that benefits developers, enterprises, and the people who depend on the systems we all build. The defensive tools to address this reality need to be just as widely distributed, tested, and improved as the codebases they protect.”
“Rather than wait,” he added, “we decided that the right response was to build a product that is purpose-fit for today’s complex security landscape, and put it into the hands of defenders everywhere.”
The release nonetheless arrives against a backdrop the company knows well. On July 19, 2019, Capital One disclosed that an outside individual — later identified as a former Amazon Web Services employee named Paige Thompson — had gained unauthorized access to names, addresses, self-reported income, Social Security numbers, and linked bank account numbers belonging to credit card customers and applicants. The breach, which Capital One says occurred on March 22 and 23, 2019, was discovered only after an external security researcher flagged a configuration vulnerability through the company’s Responsible Disclosure Program on July 17 of that year.
The damage was sweeping. Approximately 100 million people in the United States and 6 million in Canada were affected. Roughly 140,000 Social Security numbers, about 80,000 linked bank account numbers, and approximately 1 million Canadian Social Insurance Numbers were compromised. The FBI arrested Thompson, and the government stated it believed the data had been recovered with no evidence of fraud. But the reputational and regulatory toll was enormous.
In August 2020, the Office of the Comptroller of the Currency fined Capital One $80 million, finding that the bank had failed to adequately identify and manage risks as it migrated significant technology operations to the cloud. As Reuters reported at the time, the OCC’s consent order cited insufficient network security controls, inadequate data loss prevention measures, and a board that failed to hold management accountable when internal auditing surfaced problems. The OCC also ordered Capital One to overhaul its operations and submit new cybersecurity plans for regulatory review.
CyberScoop at the time called the incident “a cautionary tale for companies rushing to embrace new tech.” Capital One’s own CEO, Richard D. Fairbank, acknowledged the gravity of the moment. “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Fairbank said at the time. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
What followed was not a retreat from technology but a doubling down — with security explicitly at the center.
Capital One began releasing open-source projects in 2014 and declared itself an “open-source first” company in 2015 as part of a broader technology transformation that began over a decade ago. The company has continued to invest in software supply chain security, open-source governance, and AI-driven defense. In August 2022, Capital One joined the Open Source Security Foundation as a premier member, earning a seat on the organization’s Governing Board. Chris Nims, then EVP of Cloud & Productivity Engineering, framed the move as a natural extension of the company’s operating philosophy. “As a highly-regulated company, we are seasoned in managing compliance and governance and advocate for standardization, automation and collaboration,” Nims said in the OpenSSF announcement.
Behind that public commitment lay a substantial operational apparatus. Capital One’s Open Source Program Office, now in its third iteration, manages open-source usage, contributions, and community building across the enterprise. The company has released more than 40 open-source projects and has made thousands of contributions to external open-source projects it depends on, according to the company. Those efforts address not just code dependencies but the entire software development lifecycle — DevSecOps tools, infrastructure, and the collaborative environments, both internal and external, that shape how software gets built and shipped.
VulnHunter is the most consequential product of that multi-year effort — and the clearest signal yet that Capital One views open-source collaboration not as charity but as a competitive security strategy. The company argues that modern software supply chains are so deeply interconnected that a single vulnerability in a widely used open-source component can cascade across thousands of enterprises simultaneously. Proprietary defenses, no matter how sophisticated, cannot address a problem that is fundamentally communal. By releasing VulnHunter under a permissive license, Capital One invites the global security research community to stress-test, extend, and improve the tool — effectively crowdsourcing its own defense infrastructure while strengthening the broader ecosystem.
For engineering leaders evaluating VulnHunter, the technical architecture is where the tool’s ambitions become concrete. The workflow unfolds in three distinct stages.
In the first stage — attacker-first forward analysis — VulnHunter begins at the points where an external adversary would interact with a system: API endpoints, network message handlers, file upload interfaces. From each entry point, the tool reasons forward through application logic, tracing data flows, transformations, and internal security checkpoints to determine whether an attacker can actually reach a dangerous code path. This approach mirrors how a skilled penetration tester would probe a system, but automates the process at a scale no human team could match.
The second stage is where VulnHunter departs most sharply from conventional scanners. After identifying a potential vulnerability, the falsification engine runs a structured reasoning workflow designed to disprove its own conclusion. It searches for assumptions that do not hold, logical gaps in the exploit path, and environmental conditions that would prevent an attack from succeeding. Findings that fail this internal challenge are discarded before any developer sees them. Capital One’s explicit goal is to shift the developer’s burden away from triaging false alarms — a perennial pain point that erodes trust in security tooling and slows development velocity.
In the third stage, vulnerabilities that survive the falsification engine trigger an evidence-backed remediation workflow. VulnHunter gathers supporting evidence across the codebase, maps the complete surviving exploit path, explains the defect and the specific capabilities an attacker would gain, and generates targeted code changes for engineering review. The output is not a generic advisory but a concrete, context-aware patch proposal.
Capital One says it validated VulnHunter internally before release, running it across thousands of repositories spanning tens of business areas. The company reports that the tool identified and remediated vulnerabilities with speed and efficiency that far exceeded what its teams previously achieved through manual triage.
VulnHunter arrives at a moment when the cybersecurity landscape is shifting beneath the feet of every enterprise. Capital One’s announcement frames the urgency in stark terms: advanced AI models have “dramatically lowered the barrier for bad actors to discover and exploit vulnerabilities in software,” and the window before sophisticated AI attack capabilities become affordable and accessible to virtually every adversary is shrinking rapidly.
“Safeguarding information is essential to our mission and our role as a financial institution,” Nims told VentureBeat. “We have invested heavily in cybersecurity and will continue to do so to stay ahead of today’s evolving threat landscape.”
The company’s own AI security researchers have been tracking these trends closely. At NeurIPS 2024 in Vancouver, Capital One’s team presented research and curated a list of nearly 100 papers spanning LLM safety, adversarial resilience, jailbreak attacks, and synthetic data generation. The papers they highlighted — including work on multi-agent defense frameworks, automated red-teaming, and guardrail classifiers — paint a picture of an arms race in which offensive and defensive AI capabilities are co-evolving at breakneck speed.
Several of those research themes map directly onto VulnHunter’s architecture. The falsification engine echoes the adversarial defense strategies explored in papers like “BackdoorAlign,” which demonstrated that embedding a structured safety mechanism into a small number of training examples could recover a model’s safety alignment without degrading performance. The attacker-first forward analysis reflects the philosophy of “WildTeaming,” a framework that collects and analyzes real-world jailbreak attempts to build more resilient models. And VulnHunter’s emphasis on minimizing false positives parallels the goals of “GuardFormer,” a guardrail classifier that outperformed GPT-4 on safety benchmarks while running 14 times faster.
The thread connecting all of this work is a conviction that traditional, reactive security — monitoring networks, patching known vulnerabilities, responding to incidents after they occur — is no longer sufficient when adversaries can use AI to discover and exploit zero-day vulnerabilities at machine speed. The only durable defense, Capital One argues, is to find and fix the vulnerabilities in your own code before attackers find them first.
Capital One’s cloud journey also illuminates a broader reckoning across financial services. When Capital One moved aggressively to Amazon Web Services in the mid-2010s, it was a rarity among major banks. Most financial institutions simply did not trust third parties to store their most sensitive data. Capital One’s CIO at the time, Rob Alexander, publicly championed the cloud as more secure than the bank’s own data centers — a claim that the 2019 breach complicated considerably.
The CyberScoop report from that period captured the tension within the industry. W. Patrick Opet, managing director of cybersecurity at JP Morgan Chase, described a cultural shift in banking from prioritizing traders to prioritizing developers: “Now, it’s ‘Focus on the developer, turn everything into code, and automate everything.’” Mark Nicholson, Deloitte’s cyber leader for the financial industry, noted that the pressure to move quickly was exposing “weaknesses in the development methodology.” And the breach itself was a reminder that even as Chase spent $600 million annually on cybersecurity, relatively simple vulnerabilities — like the Apache Struts bug that enabled the Equifax breach — could undercut massive investments in data protection.
Seven years later, the industry has largely followed Capital One into the cloud, and the security challenges have only intensified. The question is no longer whether to use cloud infrastructure but how to secure the software that runs on it. VulnHunter represents Capital One’s answer: rather than relying solely on network-level controls and perimeter defenses, push security directly into the code itself, at the moment it is written. The open-source release also carries implicit competitive pressure. If VulnHunter gains traction among developers and security teams, it could set a new baseline for what enterprise security tooling is expected to do — and force rival banks, fintechs, and cloud providers to match or exceed its capabilities.
Whether VulnHunter lives up to that ambition will depend on adoption, community engagement, and the tool’s real-world performance against the increasingly sophisticated AI-powered attacks it was designed to counter. But the release itself tells a story that extends well beyond any single tool or any single company. In 2019, a misconfigured firewall exposed 100 million records and made Capital One a byword for cloud misconfiguration risk. In 2026, the same institution is open-sourcing an AI-driven defense built for a new generation of threats — and betting that the best way to protect its own code is to help the entire industry protect theirs.
The search for life beyond Earth has borne little fruit. That remains true, but scientists have some renewed hope. For the first time, astronomers discovered an atmosphere surrounding an exoplanet within the habitable zone of its host star.
Say hello to LHS 1140b, an Earth-like rocky planet that lives approximately 48 light-years away from us. For reference, Voyager 1 is rapidly approaching its first light day after nearly 50 years in flight. LHS 1140b sits in the “Goldilocks” zone for its star, which means it’s far enough away to not get roasted like Mercury, but close enough that it gets warm enough to support liquid water.
According to a new study published in Science, the “special” part of this discovery is not just the habitable zone around a star. It’s that it seems to meet extra criteria that scientists care about — i.e., it’s rocky, not a gas giant, and can still hold onto an atmosphere despite harsh conditions. An atmosphere is what helps stabilize surface temperatures, which is essential for life to exist.
“It’s very exciting,” said Collin Cherubim, lead author on the study and a PhD graduate from Harvard, in an email. “A major goal in the field has been to understand whether any rocky exoplanets at all can retain atmospheres.”
Cherubim says that most rocky planets orbit M-class dwarf stars, which “emit high-energy radiation for far longer than stars like the sun.” Most rocky planets are stripped of their atmospheres fairly early in their life cycles, thanks to this radiation, the stripping effect of solar wind and other factors, thereby eliminating their chance to host life.
Until LHS 1140b, Earth was the only rocky planet that humans had ever observed with an intact atmosphere.
It wasn’t easy to find. Cherubim used a computer model he’d developed during his work that “simulates how exoplanet atmospheres evolve over billions of years.” Those models predicted the existence of “helium worlds,” or rocky planets with helium atmospheres (or at least mostly helium). Cherubim tested his theory with LHS 1140b and struck proverbial gold.
Mars is still the best chance humans have at discovering life on another planet.
Whether or not LHS 1140b contains life is a complicated question. Cherubim says that science recognizes three main requirements for a planet to support life: an atmosphere, the right temperatures to sustain liquid water, and a mostly rocky planet to make it hospitable. LHS 1140b appears to have all of those.
The primary problem is that LHS 1140b’s upper atmosphere is almost entirely helium, which is also “depleted of hydrogen.” That doesn’t bode well for life, since helium typically can’t support life as we know it here on Earth.
Cherubim says the planet is also tidally locked to its star, like the moon to Earth, meaning one side of the planet has permanent daytime and the other permanent night. It’s also roughly 70% larger than Earth, which means gravity is nearly twice as strong there. These findings don’t rule out life entirely, but if LHS 1140b does host life, it would surely be very different from life on Earth.
Cherubim also admits that researchers don’t yet know whether the planet has a rocky surface or is entirely covered by an ocean, the latter of which would be significant for the search for life. Computer models developed by Cherubim predict that the lower atmosphere may even contain gases more conducive to life, such as carbon dioxide, water and even oxygen.
“While we need more data to see what’s going on in the rest of the atmosphere, this may be the first known helium world,” Cherubim said. “That these rocky worlds can retain helium atmospheres isn’t just good for habitability prospects, but also tells us our [computer prediction] models are getting something right.”
Until then, Mars is the most likely candidate for finding signs of life, since researchers have already identified possible biosignatures in its soil.
Another potential candidate for habitability is K2-18b, where scientists have reported tentative evidence for dimethyl sulfide, a compound commonly produced by oceanic phytoplankton. Scientists are also paying attention to the Trappist-1 star system, which has seven Earth-sized planets, three of them in the star’s habitable zone.

Seattle helped create the modern smartphone era. Now, nearly 40 people in the heart of one of the world’s biggest technology hubs are voluntarily putting theirs away.
The inaugural Month Offline Seattle cohort challenges participants to swap their smartphones for flip phones — or other “dumb phones” — for 35 days, gathering weekly for what organizers describe as part happy hour, part support group.
What started as a niche experiment in Washington, D.C. and Brooklyn has found an enthusiastic audience in Seattle, where organizers expected 10 to 20 participants but have already attracted the largest cohort outside those two cities.
Weekly programs are scheduled during the month-long detox from July 28 to Sept. 1, with activities on Tuesday evenings like bocce ball, bowling and mini golf slated to connect people in real time. There are also themed programs during the week, starting in week one with orientation and goal setting, and followed by topics such as “communication and relationships,” and “attention and boredom.” You can register here.
For a region like Seattle that’s home to Microsoft, Amazon, T-Mobile and a booming AI industry, the idea might sound almost rebellious. But organizers say the goal isn’t to reject technology — it’s to rethink how much of our lives should revolve around our smartphones.
James Wagar, a former investment banker and self-described techno-optimist who has carried a flip phone alongside his smartphone for years, teamed up with therapist and coach Maggie Hollinbeck, who describes herself as a techno-skeptic, to get the Seattle cohort launched. Together, they’re leading the gatherings, serving as the guides to those ready to take a break from their always-connected lifestyles.
“We (finally) seem to be at the beginning of a cultural moment with more people seriously evaluating their relationships with technology,” Wagar tells GeekWire. “Those using flip phones and simpler devices may be the canaries in the coal mine. While I remain a techno-optimist, the attention economy is not sustainable.”

Hollinbeck said she remembers when smartphones felt like a convenience — a way to replace multiple devices with one. But over time, she felt that same “rectangle of glass” had become harder to put down, prompting her to rethink her relationship with technology. She’s already ditched her Facebook and Instagram accounts, and was ready for the next step.
“I’m here to reclaim my time and attention, and I’m doing it in this way because I’ve found that it’s actually pretty hard to disentangle myself from this pocket-sized dementor,” said Hollinbeck. “It’s gonna take a village, so we’re building one.”

The concept has been spreading nationally through the Month Offline movement, but Seattle’s response has surprised the organizers. Most participants found the group not through social media, but through flyers, word of mouth, and conversations at neighborhood pubs during the FIFA World Cup.
Cohort members can use their own flip phone or purchase one at a discounted price of $10, and a commitment to subscribe for four months of discounted wireless service from dumb.co. That’s a total commitment of $42.
Denver, Austin, Los Angeles and Philadelphia also are jumping on the “Month Offline” bandwagon — which is kind of best described as a dry January for the tech obsessed. The organization says it is united by a common mission — “our commitment to attention liberation.”
Wagar and Hollinbeck are also encouraging a GeekWire reporter to join the movement.
So far, no takers.
Note: I actually tried a digital detox for one day back in 2013. Not sure I am ready for 35 days, 13 years later.
‘Building a successful urban air mobility ecosystem requires collaboration across industries,’ said Eve Air Mobility’s CEO Johann Bordais.
Zurich-headquartered Hitachi Energy is partnering with air mobility company Eve to explore urban air transportation – loosely, flying cars.
The European Union Aviation Safety Agency has said that Urban Air Mobility (UAM) could become a commercial reality in the bloc within three to five years, as a way to – among other things – address transportation challenges in densely populated areas.
This possibility is supported by new innovation areas including battery technologies and electric propulsion.
Hitachi and Eve, as part of a memorandum of understanding (MoU), have agreed to explore infrastructure challenges to ensure ‘vertiports’ – a take-off and landing port for urban air vehicles – can be reliably connected to the power grid and be equipped to handle energy demands.
Hitachi will leverage its energy infrastructure, already widely deployed globally, while the Florida-based Eve, a manufacturer of electric vertical take-off and landing (EVTOL) aircrafts and other UAM products, will provide its complementary expertise to the project.
The companies will also assess requirements to enable vertiport operations, including power availability and high-power charging for EVTOL aircraft.
“Building a successful urban air mobility ecosystem requires collaboration across industries,” said Eve Air Mobility’s CEO Johann Bordais.
“As the sector moves toward commercial operations, it is increasingly important to understand how charging infrastructure, grid connectivity and vertiport energy requirements will be integrated into existing networks.”
The company said it holds around 2,700 letters of intent for EVTOLs from prospective customers. It has been conducting flight tests since last December.
“With more than a century of innovation, we are addressing the most urgent energy challenge of our time, balancing soaring electricity demand while decarbonising the power system,” said Marco Berardi, the head of grid and power quality solutions and service at Hitachi Energy.
“We firmly believe that no single company or country can make the energy transition happen on its own, so we are thrilled to collaborate with Eve to jointly accelerate the decarbonisation of urban air mobility.”
As per the MoU, the two businesses will also explore the potential to repurpose aircraft batteries for energy storage after their aviation life cycle.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
The API is supposed to deliver posts from ‘the highest-ranking Truth Social accounts.’
We may receive a commission on purchases made from links.
Trump Media and Technology Group, the company behind social media platform Truth Social, has announced it will sell access to Truth Social posts through a new API. When it becomes available on August 1, the new Truth API will give businesses “real-time access to posts from the highest-ranking Truth Social accounts” — a direct pipe from President Donald Trump’s favorite social media site to anyone trying to make investments based on his posts.
“Truth API uses familiar, industry-standard delivery methods to deliver Truth Social posts to our customers in milliseconds,” Trump Media says. “It is expected to provide continuous 24/7 coverage and includes a historical archive of posts dating back to 2022.”
Other social media sites have offered free or paid access to their APIs in the past for building clients to view posts or other features. Twitter notably closed free access to its API in 2023, not long after it was purchased by Elon Musk. The difference here, as TMTG CEO Kevin McGurn notes, is that “markets already move on Truth Social posts.”
One likely reason for that is Truth Social’s most popular user, President Trump. Besides being a majority shareholder in the platform’s owner through his trust, Trump is also Truth Social’s most followed user, with around 12.9 million followers as of July 2026. The President frequently announces major new policies and governmental actions through Truth Social before they trickle out through official channels.
Trump Media expects offering unfettered access to posts to be “a meaningful, ongoing source of revenue for the company, creating lasting value for shareholders,” including the President’s family. If that doesn’t work, there’s always the nuclear fusion business Trump Media merged with last year.
London Mayor Sadiq Khan handed a peerage by Keir Starmer alongside 15 other Labour figures… just days before the PM leaves No10
Weekend Open Thread – Corporette.com
Young campaigners urge incoming PM to act on outdoor junk food ads
CFTC blocks Kalshi from unwinding Michigan trades after court order
Nvidia Stock Slips After Big Tuesday Rally as Huang Confirms Vera Rubin Chip Is Now in Production Today
Disney’s Most Ambitious Failed Star Wars Attraction Is Coming to SDCC
Ripple wins EU-wide access as ESMA adds it to MiCA register
XRP BOMBSHELL… XRP OMBOARDED FOR TRANSACTIONS!!!
Injective Submits SEC Transfer-Agent Registration to Onchain Ownership Records
Get Your ESP32 Sunny Side Up With This Solar Dev Board
Registration is now open for March for Men with Kev 2026
Palantir Shares Rise After Expanded Nvidia Partnership and Fresh Analyst Upgrades Ahead of Earnings Day
Dark Secrets Emerge When Jailbreaking LLMs
Money | Class 12 Economics | CBSE Board Exam 2026-27
New Cornerback Enters Vikings Trade Rumor Mill
Banco Bilbao Vizcaya Argentaria, S.A. (BBVA) Discusses Global Macro Environment and Economic Outlook for Core Markets Transcript
Cloudflare Precursor Watches Your Mouse and Keyboard To Decide If You Are Human
Airlines warn Sunshine Protection Act could disrupt flight scheduling
how to make coin bank box with cardboard #scienceproject #money #diy #shorts
Nephros, Inc. (NEPH) Discusses Evolving Water Safety Strategies and Expansion Beyond Filtration Transcript
You must be logged in to post a comment Login