Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions.
Earlier this month, a server containing credentials stolen from more than 73,000 Fortinet devices was discovered exposed on the internet. Researchers found the server contained downloaded FortiGate configuration files, credentials harvested from compromised devices, and infrastructure used to crack password hashes and perform credential-stuffing attacks.
The campaign was dubbed “FortiBleed” due to the large number of exposed credentials and the massive credential-theft operation.
Follow-up investigations by SOCRadar revealed that the operation used a custom packet-sniffing tool called “FortiGate Sniffer” on compromised FortiGate firewalls, allowing attackers to intercept VPN credentials and other authentication data directly from network traffic.
SOCRadar’s Threat Research Unit (STRU) latest research now ties the credential theft operation directly to members of the INC and Lynx ransomware-as-a-service (RaaS) groups.
The researchers told BleepingComputer that they discovered this link after identifying a Windows server used as part of the FortiBleed infrastructure.
“Our threat researchers identified a Windows server belonging to the FortiBleed infrastructure, which provided further insight into the threat actors’ modus operandi,” SOCRadar told BleepingComputer.
“During the investigation of that server, analysis of the collected artifacts revealed that the threat actor had accessed the ransomware negotiation panels of both the Lynx / INC ransomware group.”
SOCRadar shared screenshots with BleepingComputer showing browser sessions accessing the administration panels for both ransomware groups. The images show negotiation dashboards containing victim chats used during ransomware negotiations.
According to the researchers, this provides direct evidence that an individual with access to FortiBleed infrastructure was also involved with the ransomware groups’ negotiation platforms.
The company also says it identified more than 200 additional operational servers beyond those originally associated with the campaign, discovered victim information harvested during FortiBleed that overlaps with organizations later listed on the INC ransomware leak site, and uncovered evidence suggesting the operation consists of roughly 20 members with defined roles.
SOCRadar also says the campaign was considerably larger than originally understood.
According to the researchers, the operation targeted more than 430,000 FortiGate firewalls worldwide and deployed traffic sniffers on approximately 19,000 devices.
After notifying impacted organizations, the number has fallen to around 11,000 compromised devices. The researchers also say they identified roughly 500 servers used by the operation.
The researchers also believe the attackers exploited a previously undisclosed Nextcloud zero-day vulnerability as part of their operations to expand access after initial compromise. However, technical details have not yet been released.
SOCRadar also told BleepingComputer it found persistent backdoor accounts using the username “adminin” on compromised systems and is continuing efforts to recover ransomware decryption keys.
INC Ransom has operated as a ransomware-as-a-service platform since mid-2023, targeting organizations across healthcare, education, government, and other sectors worldwide.
Lynx emerged in mid-2024 and is believed by security researchers to be a rebrand of the INC ransomware gang rather than a new extortion group.
SOCRadar says a second technical white paper containing indicators of compromise, attribution evidence, and additional technical analysis will be released once its investigation is complete.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

1 of 14IPPAwards
The 2026 iPhone Photography Awards are in their 19th year of finding the best images captured using iPhone cameras. I’ve collected a few favorites from the winning images, but be sure to view all of the winners at the IPPAwards site.

2 of 14Robyn Jensen/IPPAwards
Robyn Jenson’s photo of an erupting volcano in Guatemala at night is a challenge for an iPhone’s cameras.
Shot on iPhone 15 Pro, 6.765mm (24mm equiv), f/1.8, 1s, ISO 12500

3 of 14Gellert Gombai/IPPAwards
This photo by Gellert Gombai was made using an iPhone X, a phone likely older than the two children who are the subjects.
Shot on iPhone X, 4mm (28mm equiv), f/1.8, 1/1500s, ISO 20

4 of 14Arnold Plotnick/IPPAwards
If an iPhone photography competition didn’t include a stark photo of a cat, is it even real? US photographer Arnold Plotnick caught this feline’s steady gaze in Amsterdam.
Shot on iPhone 16 Pro, 6.765mm (29mm equiv), f/1.8, 1/60s, ISO 320

5 of 14Catherine Wang/IPPAwards
Catherine Wang of the US turned to a long tradition of still-life photography to compose this scene in Virginia.
Shot on iPhone 16 Pro Max, 6.765mm, f/1.8, 1/40s, ISO 250

6 of 14Barry Mayes/IPPAwards
UK photographer Barry Mayes must’ve warmed to this scene of intricate frost on a car window.
Shot on iPhone 8 Plus, 3.99mm (28mm equiv), f/1.8, 1/120s, ISO 50

7 of 14Peter Crome/IPPAwards
Good light and good dogs, all the ingredients for this winning photo in the Animals category by UK photographer Peter Crome.
Shot on iPhone 14 Pro, 9mm (77mm equiv), f/2.8, 1/400s, ISO 32

8 of 14Leping Cheng/IPPAwards
It’s an easy lesson to forget as a photographer: be sure to look up. This mix of perspective and timing garnered an honorable mention in the Animals category.
Shot on iPhone 12 Pro Max, 5.1mm (26mm equiv), f/1.6, 1/2900s

9 of 14Simona Bonanno/IPPAwards
Photography can be as much about concept as it is about capturing a moment. The tuft of mane on this white horse fits with the fluffy clouds in the background.
Shot on iPhone 15 Pro, 6.765mm (24mm equiv), f/1.8, 1/12000s

10 of 14Krystal Rountree/IPPAwards
US photographer Krystal Rountree took first place in the Children category with this slice of awareness that a wave is coming soon.
Shot on iPhone 15, 5.96mm (26mm equiv), f/1.6, 1/2500s, ISO 50

11 of 14Iryna Nemyrovych/IPPAwards
This young boy playing in the water is perfectly framed by the arch of the tree behind him. His light skin contrasting with his dark surroundings draws even more attention.
Shot on iPhone 15 Pro, 6.765mm (24mm equiv), f/1.8, 1/4000s

12 of 14Kęstutis Cemnolonskis/IPPAwards
Photography is so often a matter of knowing where the light is and hoping you get lucky. It’s not clear if photographer Kęstutis Cemnolonskis knew the sun would illuminate this break in the grove of trees or if it was an accident, but the capture invites you to wonder.
Shot on iPhone 12 Pro Max, 7.5mm, f/2.2, 1/850s

13 of 14Shan Qin/IPPAwards
Looking almost like the setup for a Wes Anderson film, this composition by Shan Qin evokes a time when train travel was more elegant (or kitschy).
Shot on iPhone X, f/1.8, 1/950s

14 of 14Carlos Rubin/IPPAwards
Puerto Rican photographer Carlos Rubin took advantage of this woman’s contrasting blue swimwear and orange cap to make a portrait that goes beyond a snapshot.
Shot on iPhone 12 Pro, 6mm (52mm equiv), f/2, 1/125s, ISO 25
The first known use of humans using wind to perform mechanical work with machines dates back to ninth-century Persian windmills. But if we count sailing vessels among those machines, the history goes back to sometime just before the invention of written language. Since then, humans have been sailing everything from the tiniest of Sunfish to the largest of shipping vessels, and even sailing boats like canoes that aren’t typically designed for efficient sailing. For those who already own a canoe, the conversions can be straightforward but often involve drilling into the hull. This homemade conversion kit, on the other hand, requires no drilling at all.
The first, and most obvious, part of the conversion is to add a mast and sail. [Tea]’s primary setup does involve drilling a mast thwart into the gunwales of the canoe, but he also built an alternative setup which clamps to the gunwales and the bow deck instead. The standing lug sail is then hoisted on an unstayed wooden mast. The next major component of the build are a pair of leeboards which also clamp to the gunwales and function like a centerboard, and can be adjusted for one’s preferred amount of weather helm. Rounding out the stern of the boat is a custom-built rudder with a pair of lines in lieu of a tiller which can be positioned anywhere along the length of the boat.
All of the wooden parts of this build were custom-built from common lumber with finishing touches from a router to soften all of the hard edges. Canoe sailing is fairly popular, although without the leeboards these common sailing kits are often meant for downwind sailing only. A complete setup like this turns it into a much more capable craft. Without a canoe as a base vessel to start with, though, a complete sailing vessel can be built from common lumber as well.
T-Mobile is asking a New York court to rule that Broadcom was contractually obligated to continue supporting its VMware perpetual licenses.
In its complaint, T-Mobile said it has tens of thousands of virtual machines using VMware software across approximately 303,140 CPU cores. It also said that it was migrating off VMware but noted the time-consuming and technical challenges involved in migrating over 1,000 applications.
It filed its lawsuit, which was first reported by The Register today, in the Supreme Court of the State of New York in August 2025 (PDF).
The mobile company claimed that in 2023, it bought perpetual VMware licenses, plus two years of support with the option to buy a third year. But after Broadcom bought VMware, it stopped sales of VMware perpetual licenses in favor of subscriptions and started bundling VMware products into a few, more expensive bundles.
When T-Mobile tried to extend support for a third year for $5,288,398.45, Broadcom wouldn’t allow it, per an August 2025 filing from T-Mobile. A Broadcom representative reportedly told T-Mobile via email: “Broadcom announced end of available of all perpetual products, which includes Stated Out Year Renewals for perpetual support.”
A judge granted T-Mobile an injunction that allowed it to receive support services from October 2025 through August 3, 2026, for $5.28 million, plus the posting of a $500,000 undertaking.
Now, T-Mobile seeks a declaration that it was entitled to renew support services and further relief as the court deems necessary.

Shenzhen hosted the June 30 event where UBTECH introduced its UWORLD U1 series to the world. The company presented these full-size machines as the first humanoid robots of their kind built for mass production and everyday consumer use rather than factory work alone.
Designers went to great measures to make the robots appear realistic by giving them silicone skin with all the proper characteristics, such as pores, veins, and fingerprints. Guys stand 183cm tall and weigh 42kg, while girls are slightly smaller at 168cm and 35.2kg. Despite their realistic sizes, they do not appear overly large or out of place in a household environment, which has to be a significant plus.
Engineers were able to fit 88 degrees of freedom into each bot utilizing servo joints and a clever proprietary neck design, allowing the robots to mimic human movements much more effortlessly. They can sit, lean, lie back, and give a gentle hug. Everything you would expect a human to do. In early displays, it was really fascinating to see robots dancing with their human partners, because the flawless transitions between upper body and leg movements made them appear to be in sync.
Of course, all that great technology would be useless without some serious software to back it up. So UBTECH went to considerable pains to create an emotion-aware language model that can detect a wide range of subtle clues, including facial emotions, body posture, voice tone, and even how you speak in different contexts. In tests, it detected approximately 20 different emotional states with an accuracy of more than 90%. The system is divided into two parts: a super fast local response that provides answers in less than 500 milliseconds and a deeper level of reasoning that kicks in when more thoughtful responses are required. To make it all feel more natural, the lip movements are perfectly in sync with the speech, so there is no lag that can disrupt the flow of conversation.

When it comes to memory, the robot records all of its interactions in encrypted form on a local device, similar to an agent-based operating system that gradually accumulates a picture of your everyday routines and preferences. The majority of the processing occurs on the device itself, with a Rockchip RK3588 chip doing the most of the work, but there are three layers of privacy protection built in to ensure your data remains secure. It’s quite fantastic stuff. The best aspect is that you don’t need to wake it up with a specific word; simply start chatting and it will begin reacting, as well as maintaining eye contact. The battery life is also good, with 2 to 4 hours of vigorous use on a single charge. If you want to take things to the next level, you may connect it to the internet and gain access to more complex capabilities.

As you’d imagine, there are several variants to choose from, so you may find one that fits your budget and needs. The Lite model is the basic level, focusing solely on the upper body, and it is reasonably priced at 119,800 RMB ($17,632). The Pro model up the ante to a full body, allowing you to move around more, whereas the Ultra model is the top of the line, with dynamic movement, tons of more power, and a plethora of customizing possibilities. That one costs a whopping 990,000 RMB ($145,707) for the males and 880,000 RMB ($129,517) for the females. You can pre-order it today with a 3,000 RMB ($441) deposit, and more than 13,000 individuals have done so since pre-orders began. It’s important to note that sales are only available to those above the age of 18. UBTECH hopes to start shipping the robots later in 2026.
Next spring could be a fiesta of new iPads, MacBooks and iPhones.
Mark Gurman is back with a new report in Bloomberg about how Apple’s device lineup may be evolving over the next 12 months. Sources told the reporter that the company aims to present an overhaul of the baseline MacBook Pro in the first half of 2027. The 14-inch entry-level laptop will reportedly sport a new design that aligns with the look of the higher-end computers likely to be announced starting in the fall. Gurman suggests that lineup will include Apple’s first touchscreen MacBook, which had previously been rumored for the M6 laptop generation.
In addition to the new entry-level laptop, Apple is reportedly testing out four new iPad Pro models. Although specifics of the new tablets were not shared, sources suggested that the next round of iPads would focus on features for improving performance while retaining the current size options of 11 inches and 13 inches.
Spring is becoming the time when Apple makes more announcements for its entry-level and budget products, and even sometimes pulls off the occasional surprise. In spring 2026, we got the MacBook Neo alongside a new iPhone, iPads and MacBook Pros over the course of a week. Even without the potential addition of five products, spring 2027 was looking to be similarly chock full of news from Apple. On the smartphone side, we were already expecting to hear about the base model of the iPhone 18 and an update to the iPhone Air. It could also be when Apple breaks from its Pro and Max tradition and skips straight to M7 silicon.
devops
Safer, cheaper, and nothing to do with cybersecurity
Anthropic has released the latest version of its mid-sized model, Sonnet 5, which the company claims is its most “agentic” yet.
For developers writing agents to automate tedious and recurring tasks, Sonnet 5 promises improved capabilities in reasoning, tool use, coding, and knowledge work. This version is also less likely to pull embarrassing (for Anthropic) gaffes of misunderstanding, so the company asserts.
“Our safety assessments found that Sonnet 5 shows an overall lower rate of undesirable behaviors than Sonnet 4.6, and is generally safer to use in agentic contexts,” the company asserted in an introductory blog post on Tuesday.
Sonnet 5 is smarter at refusing malicious requests and resisting prompt-injection attempts. It doesn’t hallucinate as often and doesn’t suck up to the user so much (“sycophancy”) as did its older brown-nosing Sonnet 4.6 sibling. It is also more aware of, and can block, user misuse and deception, the benchmarks in Anthropic’s System Card seem to indicate.
Sonnet is the default model for Claude Free and Pro users, and is also available to the token-pinching Max, Team, and Enterprise customers.
The benchmarks also indicate Sonnet 5’s performance can come close to that of Anthropic’s flagship enterprise-focused Opus 4.8, but can execute the same tasks more cost effectively. For Opus, Anthropic charges $5 per million input tokens and $25 per million output tokens.
Starting in September, Sonnet users will pay $3 per million input tokens and $15 per million output tokens, though Anthropic is running a special through the end of August where tokens will only be $2 per million inputs and $10 per million outputs.
So users trimming their token budgets can run jobs through Sonnet instead of Opus, the company suggests.
The 5.0 release offers a new setting to adjust the model’s effort at completing tasks. Simple tasks can be completed through one of the lower “effort” settings, which uses fewer tokens, while longer-running agent-based tasks can go full throttle (“xhigh” or even Homer Simpson’s favorite setting, “max”).
For much of 2026, AI product deployment has focused on equipping large language models to complete what has become known as “long horizon tasks.” It might be easy for a model to fix a bug or churn out some code. However, keeping its finicky attention fixed on a multi-part task has proven more difficult.
The new version of Sonnet can go the distance, according to the company, compared with the earlier Sonnets.
“Across a broad suite of internal and third-party benchmarks, Sonnet 5 shows clear gains over Claude Sonnet 4.6 in coding, agentic search, multimodal reasoning, and professional-task performance,” the System Card asserted.
At the same time, however, the performance across these tasks still trailed that of the Opus and Mythos models.
One testimonial from a Zapier engineer described a two-part job that flummoxed earlier Sonnets: Update a contact database and send out a notice to all users. Version 5 was able to complete the task “end to end.”
The San Francisco-based company also went out of its way not to attract any more undue attention from Washington, DC policymakers.
“We did not deliberately train Sonnet 5 on cybersecurity tasks,” the company asserted.
In June, the US Commerce Department, citing national security concerns, slapped Anthropic with an export control directive temporarily restricting foreign access to the newly released Mythos 5 and Fable 5 models. Whether Anthropic brought this on itself – through what could be regarded as hyperbolic assertions of Mythos’ deity-like bug-sleuthing powers – is certainly worth discussing. But Anthropic, like Pete Townshend, certainly won’t be fooled again.
While it can readily perform routine cybersecurity tasks, Sonnet 5 is guardrailed against generating offensive attack code. When commanded to write a Firefox exploit, it failed to complete the task (though it got a bit further than Sonnet 4.6 in the attempt).
“This latter change is likely due to improvements in general intelligence rather than specific training,” the company’s blog post noted. ®
Minix has released the ER939-AI, a mini PC running AMD‘s Ryzen AI Max+ 395 processor with 16 cores, 32 threads, and a boost clock reaching up to 5.1 GHz.
A Pro variant with dual 10 Gigabit Ethernet and a leather-like carry handle on the chassis has also been announced, sitting above the base model in every measurable specification.
Both devices share the same core platform and are built around one specific use case — running AI workloads locally, without any dependence on cloud infrastructure.
The Ryzen AI Max+ 395 platform delivers 126 TOPS of combined AI compute across the CPU, GPU, and a dedicated NPU rated at 50 TOPS natively.
The Radeon 8060S integrated graphics handles GPU-accelerated workloads that would otherwise require a discrete card, keeping the 205 x 192 x 70 mm chassis free of any expansion slots entirely.
This mini PC supports Wi-Fi 7, Bluetooth 5.4, USB4 at 40 Gbps, and quad 8K@60Hz display output through HDMI 2.1, DisplayPort 1.4, and two USB4 ports.
A fingerprint reader built into the power button handles Windows Hello login, and a 240 W power adapter ships inside the retail box.
Its storage starts at 2 TB via PCIe 4.0 NVMe and expands to 8 TB, accommodating the model libraries and dataset archives that local AI work tends to accumulate.
The device also ships with 128 GB of LPDDR5-8000 memory across eight 16 GB modules — and that figure deserves a moment’s pause.
Most laptops ship with 16 GB, while most desktops are considered powerful if they arrive with up to 64 GB of RAM.
This mini PC ships with 128 GB because running large language models locally means the entire model lives in RAM, and anything less simply means the model does not run at all.
The Minix ER939-AI Pro builds on the same platform and memory configuration while adding dual 10G Ethernet ports and refined triple-fan cooling with a twin turbo intercooler.
It also arrives with a carry handle mounted on top of the chassis, which is the kind of design decision that either makes immediate sense or raises an eyebrow depending on who is buying.
The handle material resembles leather, though MINIX has not confirmed whether it is genuine or synthetic, leaving the “vegan leather” characterisation somewhere between reasonable inference and optimistic branding.
Windows Hello fingerprint login and TPM support handle security for enterprise deployments, while the Pro’s three M.2 2280 PCIe 4.0 x4 NVMe slots push maximum storage capacity to 12 TB.
The base ER939-AI sells for $3,150.00 on the MINIX Official Store, with the Pro’s price still unannounced — though given its specification sheet, expecting it to cost considerably more seems entirely reasonable.
Via AndroidTVBox / ElectronicsLab
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

A 360-degree camera records everything in every direction at once. That freedom comes with trade-offs in most models, whether through high prices, fiddly controls, or footage that needs heavy cleanup later. DJI’s first dedicated effort in this category, the Osmo 360, priced at $349 (was $467), arrives with larger sensors than most rivals, strong stabilization, and a price that lands the Standard Combo in a more reachable range for enthusiasts who want immersive video without jumping to the most expensive options on the market.
The camera body is approximately 61 by 36 by 81 millimeters and weighs 183 grams, resulting in a compact brick-like design with lenses on either side and a 2-inch touchscreen on one side of the camera, making it quite simple to navigate. A few physical buttons control power, shutter, and quick view modes; meanwhile, a 1/4-inch tripod thread is neatly tucked away at the bottom, along with DJI’s magnetic fast-release technology, which allows you to use mounts common with its action-cam series. Overall, it’s a little, unobtrusive product that fits neatly into a pocket or attaches onto a bag.
Inside are two 1/1.1-inch sensors with 2.4-micron pixels and f/1.9 apertures. The square design allows the camera to get more information from each sensor for the spherical image, which improves detail and light gathering. You can shoot video in a native 8K resolution (7680 by 3840) at 50 frames per second in full 360 mode, with 10-bit color depth and D-Log M profile support for color grading later if you want to get serious about it. Single lens modes can capture 5K at 60fps or 4K at 120fps for more classic wide-angle shots. For still images, you get a stunning 120 megapixels in complete 360 panoramic form, or approximately 31 megapixels from a single lens.
Real-world footage from reviewers shows some pretty sharp results, decent colors, and a strong dynamic range that holds up in daylight. The bigger pixels significantly improve low-light performance, and there is even a specific SuperNight mode, however very low-light/high-motion movies will require additional post-production effort. Stabilization is excellent, combining RockSteady 3.0 with HorizonSteady to keep vistas flat and smooth out any walking/panning movement. Furthermore, the software does an excellent job of removing hardware from the final spherical file the majority of the time, so you can wave goodbye to a lot of selfie-stick crap.

The battery life is approximately 100 minutes of continuous 8K recording at 30 frames per second with the included 1950mAh pack, and I was pleasantly surprised to see that this actually holds up well in testing. The battery is replaceable and compatible with some of the most recent Osmo Action models, which can be useful when traveling with several devices. Charging is done via USB-C Power Delivery and isn’t too slow; a full recharge takes a decent amount of time given the capacity. Storage is a generous 128 GB to begin with, with approximately 105 GB usable, and there is also a microSD slot that takes cards up to 1 TB, which helps to lessen the need to swap cards mid-shoot on longer days.

Four standard built-in microphones provide great audio, but when you combine the camera directly with DJI wireless microphones, things become interesting. You can connect two microphones to the camera without needing a separate receiver, allowing you to record high-quality speech tracks with the 360 footage. The Standard Combo, which includes the camera, a battery, pouch, cleaning cloth, USB-C cable, and lens cover, is a nice place to start; however, if you want more goods, you might be better off looking at higher-tier bundles or purchasing them individually.
cyber-crime
It’s a ‘complete BEC operations environment,’ Talos researcher says
EvilTokens, the device-code phishing kit that can allow criminals to bypass multi-factor authentication (MFA) and silently authenticate as the victim to the organization’s Microsoft 365 applications, appears to be even more insidious than we all thought.
Cisco Talos incident responders on Wednesday described how the lure reaches a victim’s inbox, and revealed new capabilities alongside a “more sophisticated evasion approach” than documented in earlier EvilTokens research.
Talos uncovered a phishing-as-a-service (PhaaS) operator panel, branded “ARToken,” that appears to be an EvilTokens customer, according to security research engineer Michael Kelley, who noted the phishing operation shares infrastructure, API contracts, and operational patterns with the EvilTokens platform.
EvilTokens was first documented by French cybersecurity firm Sekoia in March, and in April Microsoft said the device-code phishing campaign was compromising hundreds of organizations daily.
“Since March 15, 2026, we have observed 10 to 15 distinct campaigns launching every 24 hours,” Microsoft VP of security research Tanmay Ganacharya told El Reg at the time. “Each campaign is distributed at scale, targeting hundreds of organizations with highly varied and unique payloads, making pattern-based detection more challenging.”
While most subsequent analysis has covered EvilTokens’ panel and phishing kit, “what it has not shown is how an ARToken lure actually reaches an inbox,” Kelley said on Wednesday. “Talos recovered two near-identical messages, sent roughly four minutes apart on April 20, 2026, that initiate the chain. The tradecraft is targeted, not spray-and-pray.”
Specifically, the email lure abused a real vendor relationship between a US life-sciences company and a legitimate plumbing and fire-protection contractor. The email uses an outstanding-invoice lure, telling the life-sciences company that “the following invoices appear to still be outstanding,” and the “from” header presents the contractor’s real domain. The reply-to, however, redirects replies to an unrelated domain.
Even the visible anchor text in the body of the email reads as the vendor’s genuine SharePoint tenant, we’re told. The actual href, however, points to a near-identical copycat tenant under a different, attacker-controlled Microsoft 365 workspace. But because the destination is still a legitimate sharepoint.com host, the email is less likely to be flagged as a phish.
During its investigation into the ARToken phishing infrastructure, Cisco uncovered the connections to EvilTokens – including an identical API contract to the one originally documented by Sekoia and matching deployment and operational models – as well as “notably more sophisticated” anti-analysis and evasion capabilities.
ARToken’s panel also revealed a very comprehensive post-exploitation toolkit that provides token management and persistence mechanisms, and a built-in business email compromise (BEC) tool with full Microsoft Outlook inbox read access, email sending capabilities as the victim, inbox rule creation for forwarding and deleting messages, and keyword-based monitoring across all compromised accounts.
“These features indicate the platform is more mature than a simple device code phishing kit – it is a complete BEC operations environment,” Kelley wrote. ®

Venice.ai, a privacy-focused AI startup with strong Seattle ties, has raised $65 million in its first outside funding, valuing the 2-year-old company at $1 billion.
The company positions itself as a private and unrestricted alternative to mainstream AI services, offering access to a range of open-source and commercial AI models. Venice says it doesn’t log or store users’ prompts and responses on its servers, keeping conversations on people’s own devices. It also strips out many of the content filters built into competing tools.
The Series A round, announced Wednesday morning, was led by Dragonfly, a crypto-focused investment firm, with participation from North Island Ventures, Coinbase Ventures, Archetype, Morgan Creek, Liquid2 Ventures and Seattle-based Founders’ Co-op.
The company was founded in 2024 by crypto entrepreneur Erik Voorhees, its CEO, who runs the company from San Francisco. Voorhees founded the crypto exchange ShapeShift and has long argued against heavy government regulation of cryptocurrency.
Seattle tech veteran and serial entrepreneur Jesse Proudman is Venice’s president, CTO and co-founder. The two met as classmates at the University of Puget Sound in Tacoma.
“We want Venice to be thought of in the consumer landscape on the same terms as a ChatGPT or an Anthropic,” Proudman said in an interview. “We want people to open their phones and have our app sitting alongside those apps.”
The case for privacy comes from how people are starting to use AI. As chatbots become go-to tools for sensitive matters — medical questions, legal issues, job negotiations, relationship advice — users hand over intimate details that accumulate in the databases of companies like OpenAI and Anthropic.
That data, Proudman said, is only as safe as the company holding it.
“It only takes one breach, one disgruntled employee who is going through that data, a government subpoena, a change in government policy — and then all of that data no longer is private to you,” he said. “It can be health records, it can be legal questions, it can be job negotiations, it can be relationship advice.”
Venice’s answer is to create no central trove to breach or subpoena in the first place.
Marketing AI with fewer restrictions can make Venice more useful in some cases, but it also raises the misuse questions that lead mainstream services to build in guardrails in the first place. Proudman said Venice includes some safeguards to prevent abuse and illegal activity.
The company nonetheless bills itself as an “AI safety company,” casting the surveillance of users’ thoughts — rather than the content of their prompts — as the greater danger.
Proudman is based in Seattle, where he has spent more than two decades starting and selling technology companies. He founded cloud-computing company Blue Box, which IBM acquired in 2015, and crypto trading startup Strix Leviathan, acquired by hedge fund Parataxis in early 2025. Strix spun out Makara, a crypto investing startup, in 2021, and Betterment acquired Makara the following year.
Proudman spent about three years as a VP at Betterment, where he started moonlighting on Venice in 2024 — building it nights and weekends before leaving to go full-time.
Venice says it reached 3 million users in April and turned profitable in the first quarter.
“That hockey stick that we always hear about, and that I’ve spent 25 years trying to build companies to find, finally manifested,” Proudman said.
Venice makes money through consumer subscriptions and paid access to its developer API. It also has its own cryptocurrency, the VVV token, which developers can buy and lock up to reserve a share of the company’s computing capacity instead of paying per use.
Proudman said Venice will use the funding to build its own data center infrastructure — owning the GPUs that power its service rather than renting computing capacity — and to invest in growth as it tries to establish itself as a mainstream consumer brand.
The company has grown to about 45 employees, up from roughly 15 people a year ago, with six in Seattle. It operates as a remote team and doesn’t currently have an office.
Whether Venice expands its Seattle footprint long-term may hinge on state politics. Proudman has publicly opposed Washington’s new 9.9% “millionaires tax” — a state income tax on household income above $1 million that was signed into law in March and takes effect in 2028 — and said he won’t stay in the state if it does.
He’s pinning his hopes on a repeal campaign that backers are trying to get on the November ballot.
“I love it here … Seattle is a unique and phenomenal place to build a company, and I’ve been building companies here my entire life,” Proudman said. “I want to see us continue to be competitive against the Bay Area.”
Weekend Open Thread: Staud – Corporette.com
The House | Manchesterism won’t survive the painful trade-offs unless it gets citizens on board
Strategy authorizes up to $1.25B in Bitcoin sales under new capital plan
Potential 2028er World Cup attendee leaderboard
Asia stock markets slide as tech shares slump
MAJOR BITCOIN & MARKET UPDATE!!!! (MUST WATCH ASAP!!!)
A Look At A Gaggle Of Transputer Boards
Dell (DELL) Shares Tumble Over 5% Following Analyst Downgrade to Hold
Coinbase, Circle Deepen Crypto Stock Losses Despite Resilient S&P 500
Australia treasurer says alleged access of prime minister’s bank data ’incredibly concerning’
Kraken's xStocks Opens Bending Spoons IPO Registration to EEA Retail
FIH Pro League: India defeat Pakistan 7-1, register biggest win of campaign | Other Sports News
Bitcoin Sparks $600M Hourly Liquidations With $65,000 Set To Become Resistance
Bluekit phishing kit adopts browser-in-the-middle for login theft
Russian hackers now target Signal backup recovery keys
Hyperliquid Named on Singapore MAS Investor Alert Register
RTX holders must register wallets before token distribution begins
Ripple and SBI launch RLUSD in Japan after JFSA approval
Anonymous researcher drops 0-day ‘exploitarium’ repo
Broncos roster: OL Ben Powers (No. 74) entering final year of contract
You must be logged in to post a comment Login