Amazon’s Prime Day Apple Watch deals have been extended into the weekend, with the Series 11 discounted by $120 and the Ultra 3 slashed by $150.

Amazon’s Prime Day Apple Watch sale delivered the year’s lowest prices on several Series 11 and Ultra 3 models. And while Prime Day wrapped up on Friday, multiple offers have been extended into the weekend, including the Series 11 for $279 ($120 off) and the Ultra 3 for $649 ($150 off).

Buy Apple Watch S11 from $279

You can find a detailed breakdown of the lowest prices across dozens of styles in our Apple Watch Price Guide, with highlights from the weekend sale below.

42mm Apple Watch Series 11

• 42mm Apple Watch Series 11 GPS (Aluminum Case, Sport Band): $279 ($120 off)
• 42mm Apple Watch Series 11 GPS + Cellular (Aluminum Case, Sport Band): $379 ($120 off)
• 42mm Apple Watch Series 11 GPS + Cellular (Titanium Case, Milanese Loop Band): $609 ($140 off)

46mm Apple Watch Series 11

• 46mm Apple Watch Series 11 GPS (Aluminum Case, Sport Band): $309 ($120 off)
• 46mm Apple Watch Series 11 GPS + Cellular (Aluminum Case, Sport Band): $399 ($130 off)
• 46mm Apple Watch Series 11 GPS + Cellular (Titanium Case, Sport Band): $569.97 ($180 off)
• 46mm Apple Watch Series 11 GPS + Cellular (Titanium Case, Milanese Loop Band): $639 ($160 off)

Apple Watch Ultra 3 $150 off

Not everyone is buying Elon Musk’s vision for orbital data centers. 

Masayoshi Son, the founder and CEO of Softbank, argued at a recent shareholder meeting that building data centers in space won’t do much to cut costs and will take too long when “in the battle for AI, the next few years will be far more important than what might happen a decade or so from now.”

On the latest episode of TechCrunch’s Equity podcast, Kirsten Korosec, Sean O’Kane, and I discussed Son’s remarks as part of a broader discussion that included OpenAI’s plans for custom chips, chipmaker Groq’s new $650 million funding, and much more.

Kirsten noted that it’s “very ironic” that Son is playing the skeptic here, given SoftBank’s “long history of wild bets.”

Sean, meanwhile, said that when Musk talks about “making a constellation of satellites — satellites that need to be replaced every few years as well —  to make up an ‘orbital data center,’” he’s just “guaranteeing that much more business” for SpaceX.

Keep reading for a preview of our conversation, edited for length and clarity.

Sean O’Kane: Listen, neo-clouds are the new oil, and everybody who wants to make money is pivoting to a neo-cloud. I’m proud to announce that TechCrunch is now a neo-cloud, give us all your money.

I mean, this is the thing you do. It seems like there are so many players that are compute constrained, so anybody who has a shot at being able to lease out that compute is taking it, whether that’s Groq, a company that was semi-hollowed out by Nvidia, or Allbirds, which went into bankruptcy and and emerged from it as a new neo-cloud provider instead of selling shoes — Tim Fernholz did an interview with the new CEO of of that new effort that I would definitely recommend people go read. 

Or whether you’re SpaceX, where your idea was: I’m gonna build an AI platform that’s gonna have an addressable market the size of U.S. GDP, but before we get there, we’ll just rent out our compute.  And we saw this continue to happen with SpaceX, where it’s not as big as the deals that they’ve struck with Google or Anthropic, but they just signed another deal, [their] first post IPO deal, to rent out compute to another smaller player. They’re continuing down that road. 

You know, I can see this being a business for Groq in the near term. The question with all of these is how durable is it in the long term.

Anthony Ha: If we’re talking about SpaceX and their AI business and data center business, we also have to talk about these comments that Masayoshi Son, the CEO of SoftBank, made recently, where he basically said: What is the point of data centers in space? Which is a question we’ve asked on this show. 

And it speaks to, again, this sense in the industry of being really, really compute constrained — they need to build as many data centers as possible, [and] there’s all kinds of reasons why that is proving to be challenging here on Earth, so maybe space is the answer. But I think Son makes some pretty fair points about: All this stuff we’re talking about, even if it all works — and the costs are going to be very, very serious to make it work — this is not happening for years and years and years, so this is not a solution to any immediate problem, as far the current need for data centers goes.

Kirsten Korosec: I just want to point out that SoftBank has a long history of making wild bets. I think it says something when Son comes up and asks the question that a lot of people have asked. 

I mean, there are a lot of VCs and founders [who] have been swept up into the idea of orbital data centers and it seems like suddenly everyone’s on board. When just a couple of years ago, I think, if someone had mentioned that, it would get slapped down a little bit. So I do think it’s an important part of the process that someone who has a pretty high profile is asking that question. But it is very ironic to me that he is the one asking it, because if you look at his pitch deck, they’ve thrown a lot of money at some pretty bold ideas.

Sean: WeWork! Listen, we’re going to be saying this for a lot over the next couple years. The idea of putting these things in space is going to be an interesting engineering challenge and certainly an interesting economic challenge. 

Anthony, what you said is definitely right to a certain extent. Elon Musk is a person who hates red tape and you know, there are no NIMBYs in space so of course he’s going to try and do that. 

To me, it comes down to: The business as it stands now for SpaceX, especially its launch business, is just overwhelmingly reliant on Starlink. The reason that they are 80 or 90% of the launch market globally is not just because they’ve done all these things that are better than pretty much every other launch provider around the globe, it’s also because they have Starlink that is driving up that number. If you remove Starlink from the equation, they would be closer to — I don’t know, maybe 20% or 30% of the launch market, or 40%, but it certainly wouldn’t be 90%. 

And when you talk about making a constellation of satellites — satellites that need to be replaced every few years as well —  to make up an “orbital data center,” quote unquote, you’re just guaranteeing that much more business for your launch business. And I just can’t stop myself from coming back to that point.

Kirsten: I want to really quickly say that [SpaceX’s] other big business is renting out their compute, by the way. So back to the chip conversation. We’ve come full circle.

Anthony: One of the other themes that may run through this episode is this idea of talking your own book. This is not a new phenomenon. Executives at tech companies, or any other company, what they’re predicting for the future is ultimately the future that is going to be advantageous to their business. 

But I think it’s something that’s just always worth remembering when we’re having these conversations about big AI companies, because it is this moment of incredible uncertainty, and we’re all wondering: What does the job market look like in the future? What effect is this going to have on the environment? What are the skills I need to learn? 

All these AI CEOs or AI investors, they all have thoughts on that. And it’s not that they’re wrong or that they are being deliberately misleading, but in each case, there’s an asterisk to these predictions. In Musk’s case, he’s talking about something that would be very good for SpaceX’s business. In SoftBank’s case, they are very, very heavily invested in data center projects here on Earth. Sam Altman is the other notable figure who’s rolled his eyes a bit at the orbital data center idea — and again, he and Elon Musk obviously have a long and complicated history together.

All of which is to say that there’s just no objective, impartial observers here. It’s all these people with baggage and tremendous amounts of money at stake.

Anthropic recently told its growth team to hire more product managers, not fewer. The reason, as reported in industry coverage, was that Claude Code had quietly turned its engineering org into a team that ships at roughly three times its actual headcount, and the bottleneck moved from the integrated development environment (IDE) to the people deciding what to build.

That detail is easy to miss in the noise of every AI productivity claim. It is also the structural shift the rest of the industry is now living through. The bottleneck in software is no longer typing. It is deciding what to type. And the engineers who treat that as someone else’s problem are about to plateau.

For most of the last decade, that decision sat with someone else. Software engineering was a craft you absorbed slowly, then practiced in a long, predictable sequence: Dive deep on the technology, write the code, ask Stack Overflow when stuck, escalate to a senior engineer when Stack Overflow failed, ship the ticket. The product manager owned the funnel. The engineer owned the build. Both sides treated this division as physics.

Then the funnel collapsed in five steps.

A short history of how the engineer’s day got compressed

The Stack Overflow era (2014 to late 2022): The way engineers thought lived in one place. But new monthly questions on Stack Overflow are now down roughly 77% since November 2022, which was not coincidentally when ChatGPT launched. The drop is not a referendum on the site. It is a referendum on the workflow it represented.

The browser-tab era (late 2022 to 2024): The first ChatGPT generation sat outside the IDE. Engineers ran the same loop they had always run, just with a faster oracle: Write a prompt in a browser, paste the answer back into VS Code, repeat. The work was still single-threaded and engineer-driven. The leverage was real but local.

The IDE-native era (2024 to 2025): Cursor and Claude Code moved the model inside the editor and gave it access to the full repository. The senior-engineer escalation path largely dissolved. For years, the prevailing wisdom among veteran engineers was that Bash had the longest shelf life of any tool in the stack. By 2026, for a meaningful share of working developers, the first command typed in a fresh terminal is claude.

The spec-driven era (2025 to 2026): Larger context windows turned single-session work into something that previously required tickets, design docs, and sprints. Amazon’s Kiro IDE team reportedly compressed feature builds from two weeks to two days using the same spec-driven workflow they were shipping. An AWS engineering team described an 18-month rearchitecture, originally scoped for 30 engineers, was completed by 6 people in 76 days. The bottleneck stopped being how long it takes to write the code. It started being how clearly the team can describe what correct looks like.

The routines era (2026): In April, Anthropic shipped Claude Code Routines: Scheduled, persistent agents that run on a cadence, on a webhook, or overnight while the laptop is closed. Cron came back. Hooks came back. The engineer’s job is now part orchestration: Spin up a swarm before bed, review a stack of pull requests in the morning. Third-party wrappers like OpenClaw, which was briefly suspended by Anthropic in April before partial reinstatement, made the same point from the open-source side.

The bottleneck moved; most teams have not

Engineering has roughly tripled. Product management has not budged. The traditional 1:8 ratio of PMs to engineers, already strained, now plays out closer to an effective 1:20 because each engineer ships more per day. For instance, LinkedIn replaced its associate product manager track with a “Product Builder” program that trains generalists across product, design, and engineering. Anthropic is hiring more PMs, not fewer. The pattern is consistent across companies that have actually deployed agentic workflows in production: The system is producing built features faster than it is producing decisions about what should be built.

For engineers, this is the most important career signal of the decade, and the easiest one to miss while the productivity stories dominate the feed.

First principles matter more, not less

The instinct to declare fundamentals obsolete in the agent era gets the trend exactly wrong.

When a memory leak takes down production at 3 a.m., and the cause turns out to be a subtle ownership bug pushed 4 years ago, no agent currently in the wild closes that loop end-to-end. Operating systems, networks, concurrency, and query plans still decide who can resolve a real incident. They also decide who can spot the moments when an agent’s output looks correct on the surface and is quietly, expensively, wrong underneath. The agent that wrote 70% of the code in a modern repo cannot reliably tell anyone where its assumptions about thread safety, memory ownership, or transaction isolation diverged from the runtime. The engineer who can read the diff and catch that is the engineer the rest of the team needs in the room, and that engineer is built on fundamentals, not on prompting skill.

The corollary is that fundamentals are now a leverage skill, not a hygiene skill. In 2014, knowing how a TCP retransmit worked got a debug ticket closed faster. In 2026, the same knowledge keeps an entire agent-driven release pipeline from shipping a regression at scale. The blast radius of the engineer who knows what is happening underneath has gone up, not down.

Review is the new writing

Engineers in 2026 generate code at a rate that exceeds what any of them can read carefully. The team that ships fast and survives is the team whose engineers treat reviewing AI-generated code with at least the same rigor they once reserved for writing it. The 2025 Stack Overflow developer survey put 84% of developers on AI tools, with 46% saying they do not trust the output, up sharply from 31% the year before. That gap, heavy use paired with low trust, is exactly where review skills now matter most. Coders who push lots and review little are accumulating a debt that will come due during the first real incident, and the engineer who can pay it back is the one who paired their volume with deep first-principles knowledge of the systems involved.

The new differentiator is the product funnel

Both of those are necessary. Neither is sufficient. The engineer who matters in 2026 is the one who has stopped waiting for the funnel to arrive in the form of a Jira ticket.

That means doing things the role was historically allowed to skip.

Talk to customers. Watch how they actually use the product. Read the support queue. Sit in on the sales call. The signal a product team gets through three layers of summary, an engineer can now get firsthand in an afternoon.

Generate ideas, not just estimates. The product manager who used to source ideas for 8 engineers cannot source ideas for 20 at the same fidelity. The engineer who shows up with a validated, scoped opportunity is no longer doing the PM’s job. The engineer is doing the job the new ratio requires.

Work backwards from the customer. Amazon has been writing the press release first for two decades. The discipline travels well to teams of one and to swarms of agents. Both produce a great deal of working software in the wrong direction without a clear statement of what “customer wins” means before any code is written.

Stop hiding behind bandwidth. The honest answer to “Do you have capacity for this idea?” used to be ‘No.’ With routines, hooks, and a cooperative agent stack, the honest answer is closer to “What is the idea worth?” That is a different conversation, and a much harder one to have without a real point of view on the customer.

What the next decade rewards

The five-phase history above is not really a history of tools. It is a history of which part of the job a human had to do. The part that is still human, and that will remain human for the foreseeable future, has moved up the funnel: From typing, to reviewing, to deciding, to choosing the customer to serve and the problem to solve.

The 2026 version of a great engineer is not the one who writes the most code. It is the one who knows what to build, can prove it is worth building, and has the agent fleet plus the review discipline to ship it without the system collapsing under its own velocity.

Engineers who internalize this will spend the next decade doing the most interesting work software has ever produced. Engineers who wait for a ticket will spend it watching the ticket get written by the agent next to them.

Ishan Gupta is a software engineer at Amazon.

Welcome to the VentureBeat community!

Our guest posting program is where technical experts share insights and provide neutral, non-vested deep dives on AI, data infrastructure, cybersecurity and other cutting-edge technologies shaping the future of enterprise.

Read more from our guest post program — and check out our guidelines if you’re interested in contributing an article of your own!

Looking for the most recent Wordle answer? Click here for today’s Wordle hints, as well as our daily answers and hints for The New York Times Mini Crossword, Connections, Connections: Sports Edition and Strands puzzles.

Today’s Wordle puzzle is especially tricky, and relies heavily on one letter. If you need a new starter word, check out our list of which letters show up the most in English words. If you need hints and the answer, read on.

Read more: New Study Reveals Wordle’s Top 10 Toughest Words of 2025

Today’s Wordle hints

Before we show you today’s Wordle answer, we’ll give you some hints. If you don’t want a spoiler, look away now.

Wordle hint No. 1: Repeats

Today’s Wordle answer has one repeated letter, and it shows up three separate times.

Wordle hint No. 2: Vowels

Today’s Wordle answer has one vowel, but it is the repeated letter.

Wordle hint No. 3: First letter

Today’s Wordle answer begins with E.

Wordle hint No. 4: Last letter

Today’s Wordle answer ends with E.

Wordle hint No. 5: Meaning

Today’s Wordle answer can refer to a person who serves as a master of ceremonies at an event.

TODAY’S WORDLE ANSWER

Today’s Wordle answer is EMCEE.

Yesterday’s Wordle answer

Yesterday’s Wordle answer, June 27, No. 1834, was SCOOP.

Recent Wordle answers

June 23, No. 1830: CURRY

June 24, No. 1831: QUEER

June 25, No. 1832: UNITY

June 26, No. 1833: ACUTE

from the ivory-back-scratching dept

This is not the only administration to engage in corruption. Most administrations have to some extent. It’s that corruption is the everyday, front-page business of this administration. It’s so brazen, it’s insulting. It demands Americans pretend nothing matters but what Trump wants and, to a lesser extent, whatever his current roster of obliging subservients want.

Even MAGA should be angry. But this political movement is as bereft of intellectual honesty as it is bereft of anything approaching normal human intelligence. It’s millions of people willing to be peasants just because the king has promised to make things even worse for their fellow human beings.

We, the people, end up with daily fuckery, composed and carried out by chinless nepo babies, former Fox commentators and far right podcasters, multiply-disgraced, massively-underqualified members of Trump’s personal legal team, Marco Fucking Rubio, and the homunculus currently doing business as “Stephen Miller.”

Then there’s Kash Patel — a guy who would have been derided as a diversity hire by the MAGA crowd if he hadn’t been given the top spot in the FBI by Donald Trump. Less than 18 months into his tenure, Patel is best known for partying with sports teams, abusing government airplane privileges, spending more time in nightclubs than in his office (ALLEGEDLY), and performing loyalty tests of FBI agents and officials, most often in the form of polygraph tests.

Trump’s slush fund for insurrectionists might be as (nearly!) dead in the water as the Faith No More fish (you know the one…), but Patel has apparently found a way to misuse public funds to reward loyalists willing to ride or die with a man who has managed to (ALLEGEDLY) drink his lack of qualifications under the table.

“We have been receiving troubling reports that you may be using part of the budget of the Federal Bureau of Investigation (FBI) as a personal slush fund to make tens or hundreds of thousands of dollars in unlawful ‘bonus’ payments to loyalist MAGA henchmen who have engaged in misconduct,” says a letter from Rep. Jamie Raskin, D-Md., to Patel, obtained exclusively by MS NOW.

Committee Democrats have information that Patel has issued more than $1 million in awards, the letter says. The letter says the money went to special agents serving on his Director’s Advisory Team, which Raskin’s letter describes as “a curated group of agents who are willing to carry out your unlawful partisan and personal orders.” It also went to agents on Patel’s security detail, “circumventing the mandatory maximum pay caps established by statute,” the letter says.

I’ve got to hand it to Raskin. While some will (dishonestly) object to the tone of this official letter, it’s written in a form MAGA understands: direct accusations, delivered with contempt. Most official letters/queries sent by legislators are a bit more polite and tend to treat accusations as unconfirmed suspicions, even when the accusers have the facts in hand to deliver unqualified accusations.

This letter forgoes those niceties. That makes it much more difficult for the FBI and/or Kash Patel himself to dispute the accusations. When punches aren’t pulled, the administration has to defend itself in kind. Since it far prefers to bully people who aren’t willing to deliver the first blow, it seems unsure of how to handle this:

The FBI did not respond to a request for comment by MS NOW.

The FBI has maintained its silence even after Sen. Raskin made the letter public by publishing it to the Judiciary Committee’s website. And what’s detailed there definitely looks like the actions of a binge drinker — you know, the magical moment in a bar evening when the contents of your wallet suddenly turn into Monopoly money and you don’t realize just how much damage you’ve done to your bank account until the NSF push notifications start rolling in:

In some cases, nearly $8,000 payments have been made to multiple individuals every two-week pay period despite many of the beneficiaries of your selective generosity already maxing out on a federal employee’s salary. While it is unclear at this time exactly how much each of the agents has received, we can confirm that numerous loyalist employees have received at least five such payments in consecutive pay periods, amounting to nearly $40,000 per agent. We can also confirm you have depleted the FBI reserve accounts for bonus payments at such a frenzied rate that some of the payments have bounced back from exhausted accounts.

That’s insane. On one hand, you have the drunk-on-a-spending-spree indicators: a guy who doesn’t know how much money he’s spent or from what account until someone else notifies him of his overdrafts.

On the other hand, you have the ugly reality of the situation: this is what it takes to keep FBI employees “bought.” The payments are large and happen frequently, strongly suggesting loyalty to his MAGA twist on FBI day-to-day operations lasts — at most — up until the next paycheck hits the bank. If you’re buying loyalty two weeks at a time, you’re not a benefactor. You’re a blackmail victim.

Either Kash Patel thinks he can throw money at any problem that can’t be solved with a lie detector test and a swift dismissal or agents have figured out they can make bank by pretending to be on board with whatever vengeful kick the director happens to be on that particular week. And I’ll be honest: I prefer a yes man who’s in it for personal profit to a yes man that’s in it because toadying is the only life-hack they know.

Whatever the equation, it all comes down to Patel being an absolute chump. Every negative headline increases the chance of him being tossed aside by the man whose boots he’s been licking for most of the last decade. And I can bet that most of these people walking away with inflated paychecks can easily see the buttons they need to push to ensure they get their loyalty bonuses, week in and week out.

Filed Under: corruption, day drinking, fbi, jamie raskin, kash patel, maga, slush fund, trump administration

Effective fraud prevention programs call for monitoring across every customer touchpoint from account creation to checkout, login to customer service interactions. Once established, this practice provides ground-level insights on user engagement on an interaction-by-interaction basis.

While this is a necessary layer of visibility, appropriate collation of various data sets provides the context for the identification of advanced fraud methods and early detection of emerging trends.

Below, we provide one fraud case with examples of relevant data visibility across 4 levels necessary for establishing a competitive fraud program in this constantly evolving world. 

Transaction Level: The individual interactions of users monitored and decisioned in siloes. 

Commonly, a fraud program will begin with pressure from chargebacks inciting action for monitoring transaction performance at the checkout page.

Fraudsters are persistent. When one door closes, they move to the window, the garage, and so on; Payment fraud attacks shift into Account Takeovers, deposits into transfers, Account Takeovers upstream to identity theft / synthetic ID Fraud and Mule Accounts. 

The shift happens in seconds and impacts our organizations in many ways. 

In response, practitioners deploy checks at each touchpoint. This is effective for many isolated fraud incidents but can result in increased false positives and false negatives. 

Account Level: The performance of the account over time. 

Device Intelligence, spending behaviors, geolocation, behavioral biometrics, step-up verification interactions, all help to identify evidence of account-level exploits like Account Takeovers (ATOs). 

The benefit of tracking this level of performance becomes especially clear when contrasting fraudster behavior against the historical performance of the account. Fraudsters cannot duplicate what has been defined as ‘trusted’ behavior and still get what they are after. 

They will seek to change payment information, bypass automated verifications, satisfy verifications after what can be deemed “a suspicious number of attempts”, associate new addresses / geographies, and more. 

When monitored appropriately, fraudster behaviors emerge clearly and afford practitioners increased confidence and accuracy.  

Platform Level: The performance of grouped accounts on a single platform. 

By successfully tracking performance of both ‘trusted’ and ‘confirmed fraud’ account performance, practitioners leverage these deeper insights resulting in less friction for trusted interactions, increasing customer satisfaction, and decreasing false positive rates. 

Additionally, fraud rings and multi-account attacks are quickly identified based on geolocation, device intelligence, IP resolution, and more, decreasing the time that multi-account exploits are active on the platform. 

Network Level: Partnerships with providers in the space, delivering data enrichment and decisioning based on insight across their network.  

Until this point, we have spoken about the rich data available to practitioners operating in isolation. By partnering with a solution provider, your fraud program leverages the performance of all of the other practitioners.

“First seen to you is not first seen to us.” 

Example Fraud Case: A fraudster is adamant about attacking a particular platform with stored value. For this example, we’ll use a bank. The fraudster is armed with typical information; payment information, Identity Information, and system knowledge. The majority of fraudsters have this access and deploy new methods at a moment’s notice. 

For this exercise, we will use a common fraud method wherein the fraudster sees that the target identity banks with ‘Bank X’. The fraudster accesses the account to do 3 things; Transfer funds into the account from other compromised funding accounts, request a card for an ‘Authorized User’ (the fraudster), transfer funds to a 3rd compromised account off-platform.

Transaction Level: Logging into the account is performed by contacting customer service; historically underserved, heavily reliant on knowledge-based verifications (KBVs). The fraudster is equipped with bureau information and is prepared to satisfy the verification process. 

The fraudster resets access information and orders an authorized card for a new authorized user for the account. Too rarely does this process receive the appropriate level of scrutiny. 

The fraudster reviews the spending behaviors of the account and mimics the dollar amounts for transfers into the account and withdraws from the account. Following the historic behavior seen in the transaction summaries, the fraudster follows the same behaviors.

From the transaction level, the fraudster is flying under the radar and triggers siloed verifications that they are prepared to satisfy. The clock ticks until the real account holder contacts customer service and files a report. The problem that started with customer service is finally identified at customer service. 

From an Account Perspective, this fraudster has exhibited many suspicious behaviors: 

1. Calling customer service from a new phone number 

2. Updating contact information

3. The time to ordering a secondary card

4. The relationship to the authorized user and the account holder

Advertisement

5. The timeline of transfers and withdrawals 

6. The device used to interact with the platform and initiate these suspicious actions 

Any of these interactions can be monitored and tracked with associated verifications. Again, reinforcing the idea of accuracy is a key point, when viewing the storyline from this altitude, confidence should be high. 

From a Platform Perspective, it is unlikely that this storyline was the first of its kind. By tracking these events with automation, practitioners will identify the other occurrences and pick out regions, IPs, devices, and behaviors that transcend the performance of the single account. This, in turn, informs the decisioning downstream. 

This entire process takes a matter of hours to execute. As we know, fraudsters are not operating against one account at a time. It is likely that many other accounts are currently walking through this same scenario. Time to action is vital to avoid deep financial impact. 

Indicators include: 

1. The shipping address for the “authorized card / user”. 

2. Device Fingerprinting 

3. Geolocation of the user 

Advertisement

4. Geolocation of the withdrawals 

5. Dollar amounts (though crafty fraudsters follow the behaviors of the accounts, many will gradually increase amounts over time, which is a valuable indicator) 

6. Funding institutions 

…..and more 

Looking at this from a Network Perspective empowers practitioners to automate against known suspicious data points such: 

1. The phone number that call customer service, 

2. The device used to interact with the platform 

3. The shipping address used for the authorized card / user 

4. The name of the authorized user 

….and more. 

By leveraging network information, practitioners are afforded the opportunity to leverage the insights provided by peers’ operations to make a decision in the moment and apply these findings downstream and across the entire platform. 

Schedule a consultation with one of IPQS Fraud Experts today!

Sponsored and written by IPQS.

The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week, and by adding browser-in-the-middle (BitM) capabilities for improved data theft.

First documented in April by Varonis researchers, Bluekit provides an AI assistant that supports multiple large language models (Llama, GPT-4.1, Claude, Gemini, and DeepSeek) for drafting phishing emails.

At the time, the phishing kit offered “customers” 40 distinct templates targeting popular online services such as Outlook, Hotmail, Gmail, Yahoo, ProtonMail, iCloud, GitHub, and Ledger.

A new report from digital risk protection company Netcraft warns that Bluekit has switched from adversary-in-the-middle to a BitM mechanism that uses the open-source JavaScript library ‘rrweb’ to serialize the page’s DOM and stream it over a WebSocket connection to the victim.

In a BitM attack, the victim interacts with a browser session controlled by the attacker, which loads the legitimate login page and relays requests and responses between the victim and the target service.

Netcraft notes that rrweb itself is a legitimate project widely used for session replay and analytics, and its presence in a web environment should not be interpreted as an indicator of compromise without a larger context.

Images, fonts, and CSS are fetched through the phishing infrastructure, while the victim’s inputs are forwarded back to the attacker’s browser.

The researchers state that rrweb was chosen for its excellent visual fidelity, real-time interactivity, and bandwidth efficiency.

However, some latency still exists, so any keyboard input and mouse click delays on the login pages should be considered as red flags.

Authentication completes in the attacker’s browser, granting them a valid session token and unlimited access to the victim’s account.

The BitM attack method has been known since 2022, devised by researcher mr.d0x and later adopted for malicious activity.

Before stealing the credentials, Bluekit uses a comprehensive victim qualification system to distinguish real targets from researchers or security crawlers.

Anti-analysis systems in the latest Bluekit include:

• Randomized CSS filters to defeat screenshot-based detection.
• A large (>1 MB), frequently changing obfuscated JavaScript bundle.
• Custom CAPTCHA that may imitate Cloudflare or the target brand.
• Browser fingerprinting (RAM, CPU cores, screen resolution, language, headless browser detection, anti-fingerprinting extensions).
• WebRTC-based IP mismatch detection to identify users behind proxies or VPNs.

Netcraft also reports that the live (5-second update interval) monitoring system Varonis previously documented is still available in BlueKit, allowing operators to monitor victims as they are entrapped in deceptive login sessions and track their actions after login.

The researchers’s report provides a set of indicators and signals that are associated with Bluekit but do not constitute indicators of compromise.

These include CSS filter manipulation on top-level HTML elements with randomized values, an obfuscated JavaScript bundle that is rotated periodically, browser fingerprint checks, a WebSocket connection sending encrypted or binary data on login pages, and WebRTC IP mismatch detection on the landing page.

For organizations looking to defend against increasingly sophisticated phishing, business email compromise (BEC), and account takeover (ATO) attacks, BleepingComputer is hosting a webinar with Abnormal titled “Stop chasing alerts: Automating email security with behavioral AI.“

The webinar will explore how behavioral AI can help security teams detect and respond to modern phishing attacks, automate investigations and remediation, and reduce the operational burden caused by alert fatigue and increasingly sophisticated social engineering campaigns.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Advertisement

Get the whitepaper

SSD prices aren’t what they were a year ago, so any sort of saving right is probably worth – especially if it’s a purchase you need.

The Crucial P310 is down from £219.99 to £182.99, saving you £37 on a 2TB M.2 SSD that hits sequential read speeds of up to 7,100MB/s across both Gen3 and Gen4 laptops and desktops.

While this is far from the cheapest this SSD has been, it is the cheapest we’ve seen it for a few months.