Michael Jackson is once again back in the cultural conversation. New movie Michael, starring Jaafar Jackson — Michael’s own nephew — in the leading role, lands in theaters this week, following the singer’s life and career from The Jackson 5 to the peak of his solo career.

Michael | Official Trailer – YouTube

Watch On

However, this isn’t the be-all and end-all of Jackson’s story, particularly considering the singer’s untimely death weeks before his 2009 This Is It tour was supposed to start.

A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela.

The malware was uploaded to a publicly available platform in mid-December from a machine in Venezuela and has been analyzed by researchers at Kaspersky.

Before the cripling stage, the attacker relies on two batch scripts that prepare the system for the final payload by weakening defenses and obstructing normal operations.

According to the researchers, the Lotus data-wiping malware is designed to completely destroy compromised systems by overwriting physical drives and eliminating recovery options.

“The wiper removes recovery mechanisms, overwrites the content of physical drives, and systematically deletes files across affected volumes, ultimately leaving the system in an unrecoverable state,” Kaspersky says in a report today.

Given the timing, the observed activity aligns with geopolitical tensions in the region, which culminated this year on January 3 with the capture of Venezuela’s then-president, Nicolás Maduro.

Around mid-December 2025, the state-owned oil company Petróleos de Venezuela (PDVSA) suffered a cyberattack that disabled its delivery systems. The organization blamed the United States for the incident.

It should be noted that there is no public evidence indicating that PDVSA’s systems were wiped in the attack or details about the nature of the attack.

Preliminary activity

Kaspersky’s report notes that the attacks begin with the execution of a batch script (OhSyncNow.bat) that disables the Windows ‘UI0Detect’ service, and performs an XML file check to coordinate execution across domain-joined systems.

A second-stage script (notesreg.bat) is executed when certain conditions are met. It enumerates users, disables accounts via password changes, logs off active sessions, disables all network interfaces, and deactivates cached logins.

The malicious code then enumerates drives and runs ‘diskpart clean all’ to overwrite them with zeros. It also uses ‘robocopy’ to overwrite directory contents, Kaspersky found.

In the next phase, it calculates the free space and uses ‘fsutil’ to create a file that fills the disk, making it harder to restore the wiped data.

After preparing the environment for data destruction and performing some wiping actions itself, the batch script decrypts and executes the Lotus wiper as the final payload.

Lotus wiper deployment

The Lotus wiper operates at a lower level, interacting with disks via IOCTL calls, retrieving the disk geometry, clearing USN journal entries, wiping restore points, and overwriting physical sectors, not just logical volumes.

The malware performs multiple actions, summarized as follows:

• Enables all privileges in its token to gain administrative-level access.
• Deletes all Windows restore points using the Windows System Restore API.
• Wipes physical drives by retrieving disk geometry and overwriting all sectors with zeroes.
• Clears the USN journal to remove traces of file system activity.
• Deletes files by zeroing their contents, renaming them randomly, and removing them (or scheduling deletion on reboot if locked).
• Repeats cycles of drive wiping and restore point deletion multiple times.
• Updates disk properties using IOCTL_DISK_UPDATE_PROPERTIES after the final wipe.

Kaspersky suggests that system administrators should monitor for NETLOGON share changes, UI0Detect manipulation, mass account changes, and disabling of network interfaces, which are all precursor activities.

They say that unexpected usage of ‘diskpart,’ ‘robocopy,’ and ‘fsutil’ is also a red flag.

A general recommendation against wipers and ransomware is to maintain regular offline backups whose restorability is frequently validated.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot

The Apple Watch‘s blood oxygen sensor has been at the center of what feels like a never-ending tennis match of legal back-and-forth.

In 2020, the Apple Watch Series 6 launched with the sensor that measures your blood’s oxygen saturation (SpO2), which is how much oxygen red blood cells pick up from your lungs and transport to the rest of your body. That same year, global medical technology company Masimo filed a lawsuit claiming that Apple’s sensor infringed its patents. In 2023, the US International Trade Commission sided with Masimo and imposed an import ban on Apple Watch Series 9 and Ultra 2 models.

However, on Friday, the ITC declined Masimo’s request for another import ban on the Apple Watch and said it wouldn’t review a preliminary ruling finding that the redesigned Apple Watch doesn’t infringe Masimo’s patents. This is a major win for Apple. 

Unless Masimo decides to appeal the decision, Apple can bring blood oxygen monitoring back to its devices. 

But based on the history of this case, it may not be the end of this match. 

The history of Apple’s blood oxygen ban

The ITC became involved in the Masimo and Apple legal battle in 2021, and in January 2023, it upheld that Apple violated Masimo’s patents. Then, in December 2023, the ITC banned Apple from importing its watches, including the Series 9 and Ultra 2, into the US. 

To avoid the ban, Apple disabled blood oxygen sensing on its devices. 

Ahead of the Apple Watch Series 11 launch, Apple reintroduced blood oxygen sensing in August 2025, which was approved by the US Customs and Border Protection. It got around the ban by using a paired iPhone to display blood oxygen levels instead of the Apple Watch. Masimo sued US Customs over this decision. 

In November 2025, a jury for the US District Court for the Central District of California found that Apple infringed one of Masimo’s patents and awarded the company $634 million in damages. Apple told AppleInsider that it plans to appeal, claiming that the patent expired in 2022.

Though the ITC has rejected another ban on Apple’s blood oxygen feature and declined Masimo’s request to review the ruling in Apple’s favor, Masimo may continue the battle, especially given its November win, after which the company released a statement saying, “We remain committed to defending our IP [intellectual property] rights moving forward.”

An Apple representative didn’t immediately respond to a request for comment. Masimo declined to comment.

In the meantime, if your curiosity gets the best of you, you could always purchase a pulse oximeter. It’s a device that estimates your blood oxygen level by measuring the light that passes through your finger. No messy legal battles involved.

Redwood Materials has laid off around 135 employees, or roughly 10% of its workforce, as it restructures to better accommodate its growing energy storage business, TechCrunch has learned.

The cuts come just five months after Redwood cut 5% of its workforce, and three months after it closed a $425 million funding round that boosted the battery recycling company’s valuation to north of $6 billion, as TechCrunch previously reported.

It’s been a difficult time in the battery industry lately. Earlier this month, battery recycler Ascend Elements filed for Chapter 11 bankruptcy protection, citing “insurmountable” financial challenges. Some battery-makers have also restructured or gone out of business as the automotive industry in the U.S. has backed away from its most optimistic and ambitious plans to transition to electric vehicles.

But Redwood Materials founder and CEO JB Straubel told employees that this new round of cuts is not a sign that the company is heading down the same path.

“Redwood today is the strongest it’s ever been,” Straubel wrote in an email to the workers who weren’t laid off, according to a copy viewed by TechCrunch. “The materials business is well on its way to profitability and has an exciting roadmap ahead.”

Straubel noted that Redwood “continue[s] to dominate the US battery recycling market” but also touted the company’s “great momentum” in its new energy storage business. Redwood has recently announced deals with Crusoe AI and, most recently, electric automaker Rivian to provide recycled batteries that can be used to power those companies’ facilities. The company declined to comment beyond the contents of Straubel’s email.

In his message, Straubel wrote that “parts of the company have expanded faster than needed to support the direction” of Redwood. As a result, he said Redwood is making cuts across multiple divisions, including the engineering and operations organizations, according to an employee who was granted anonymity to discuss the layoffs.

“We are confident that we can deliver on our critical projects with a smaller team that is more focused,” he wrote. “We have successfully adapted to changes in the market that have bankrupted many of our competitors.”

Straubel went on to write that he is “more excited than ever with our path ahead as we build the most integrated and cost-effective critical materials and energy storage business in the world.”

“This is a self-sustaining business and will continue to make this company more valuable over time. We have the team and the technology to do what no other company can,” he wrote.

Workers who were laid off were told by Redwood’s chief HR officer that the layoffs were made “to sharpen our focus, our work and the size of our teams to support the direction Redwood is going in the future,” according to a copy of her email, which was viewed by TechCrunch.

Employees who were laid off are receiving severance and paid health benefits, according to Straubel’s email, as well as “career transition assistance.”

“I am grateful to the approximately 135 employees who we say goodbye to today — they’ve all contributed to building Redwood,” he wrote.

Google has made its Gemini Notebooks feature free for all users. Now, instead of starting over every time, you get a space where chats, files, and instructions live together and build on each other. Google describes these notebooks as personal knowledge bases, which is another way of saying Gemini can finally remember what you were doing and keep going.

Notebooks are great for the small, repeated things that usually fall apart because you have to keep re-explaining them. You don’t need them for big, complex projects, but once you start using them, you might just default to them when engaging with Gemini. To get the most out of Notebooks takes a few attempts, but here are some useful tips to make them the perfect way to have Gemini remember you and how you work.

1. Treat a notebook like your “ongoing life admin” space

Modders Delca and Trxye have spent years pouring their hearts into a fan project that reimagines legendary Tomb Raider adventures in side scroller fashion, which is a tall job for anyone, but they’ve pulled it off with flying colors. They’ve created 11 levels inspired by the series’ first three games, and you’ll be guiding Lara Croft through reinvented places such as Peru, Greece, Venice, and the sunken ship the Maria Doria, all of which have been updated with a 2D twist.

Delca had already dabbled in an official Tomb Raider Remastered collection, but when Trxye joined the team about a year ago, the two of them went back to the drawing board and started from scratch. That kind of attention has paid off handsomely, as new game feels like a love tribute to the originals, but with a unique twist all its own.

Sale

ASUS ROG Xbox Ally – 7” 1080p 120Hz Touchscreen Gaming Handheld, 3-month Xbox Game Pass Premium…

• XBOX EXPERIENCE BROUGHT TO LIFE BY ROG The Xbox gaming legacy meets ROG’s decades of premium hardware design in the ROG Xbox Ally. Boot straight into…
• XBOX GAME BAR INTEGRATION Launch Game Bar with a tap of the Xbox button or play your favorite titles natively from platforms like Xbox Game Pass…
• ALL YOUR GAMES, ALL YOUR PROGRESS Powered by Windows 11, the ROG Xbox Ally gives you access to your full library of PC games from Xbox and other game…

The gameplay is just as you remember it, with Lara still able to run over platforms, dive into water, climb walls, and fight monsters with the same timing and weight as before. According to classical physics, she can still perform a swan dive that ends horribly if there is concrete waiting for her, and those traps will spring shut just as quickly as before. Secrets are still hidden in places that fans used to memorize (and then carefully avoid) back in the day.

The audio and visuals are all from the PlayStation era, so the soundtrack and Lara model are exactly what fans of the franchise would expect. In terms of gameplay, Delca and Trxye painstakingly selected 11 levels that take in a variety of environments, including rainforests, ancient ruins, freezing Antarctic bases, and the opulent halls of Atlantis. Each one has been painstakingly rebuilt level by level to operate precisely in the side scroller style, resulting in platforming sequences that demand precise leaps, fighting, and puzzles that take just as much careful thought as before.

The release date is slated for May 2026, and all you have to do is go to TRCustoms.org, the main site for Tomb Raider fan creations, and download the game with no account or purchase required.
[Source]

• OpenClaw exposures reveal thousands of internet accessible high risk systems
• AI agents are being deployed with excessive permissions across critical environments
• Remote code execution vulnerabilities expose most observed OpenClaw deployments

Agentic systems are moving quickly from experimentation into everyday workflows, yet recent findings suggest security practices are not keeping pace.

According to SecurityScorecard, thousands of OpenClaw deployments are exposed directly to the internet with minimal safeguards.

People often talk about finding value when a product simply works for you and does not involve a significant trade-off in performance or cost. The Anker Solix C2000 Gen 2 portable power station, priced at $799.99 (was $1,499), has a capacity of 2,048 watt-hours and is powered by lithium iron phosphate cells that can withstand thousands of charge cycles without trouble. With so much energy saved, you can power a conventional dual-door fridge for up to 32 hours on a full charge.

The output is consistent at 2,400 watts and can reach 4,000 watts, so using a window air conditioner, power tools, or small appliances will not disrupt your power supply. Five regular AC outlets will handle most household plugs, plus there’s an extra RV-style connector and a slew of USB connections to keep your phone, laptop, and lights all charged at the same time.

Charging is also quite flexible, as a typical wall socket will charge the unit from empty to full in just 58 minutes. Solar charging accepts up to 800 watts, and adding a wall power supply accelerates the process even further. If you’re on the road, the auto alternator charging works exactly as you’d think, and there are five different ways to top it off, ensuring that downtime is minimal. What really stands out in real-world applications is efficiency, and this isn’t just about raw statistics. The standby drain is minimal, around 9 watts, allowing the station to be ready for weeks without depleting its own battery.

It’s also pretty nice to know that the unit is small and light enough to toss in the car trunk or carry across a campsite without breaking your back, weighing in at 41.7 pounds and measuring roughly 18 by 10 by 10 inches, making it much smaller and lighter than some of the other units with the same capacity. If you need additional power in the future, simply add another battery, doubling the total capacity to 4,096 watt-hours, eliminating the need to purchase a new system. During a power outage, the operation can be operated quietly in your bedroom or living area. The app allows you to check the battery level, predict the runtime, and turn on or off the ports remotely, allowing you to keep an eye on things even when you are not present.

France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data.

Also known as Agence nationale des titres sécurisés (ANTS), the administrative body operates under the French Ministry of the Interior, serving as the managing authority for official identity and registration documents in France. This includes driver’s licenses, national ID cards, passports, and immigration documents.

According to an announcement the agency published yesterday, the attack occurred last week, and while the investigation is still ongoing, several data types for an undisclosed number of individuals may have been exposed.

“On Wednesday, April 15, 2026, the National Agency for Secure Documents (ANTS) detected a security incident that may involve the disclosure of data from individual and professional accounts on the ants.gouv.fr portal,” reads ANTS’s announcement.

The types of data that may have been exposed are:

• Login ID
• Full name
• Email address
• Date of birth
• Unique account identifier
• Postal address (for some)
• Place of birth (for some)
• Phone number (for some)

ANTS stated that it is currently in the process of notifying those identified as impacted.

The agency noted that the exposed information does not allow unauthorized access to its electronic portals. However, the same data can be used in phishing and social engineering attacks.

“No action is required from users. However, they are advised to remain highly vigilant regarding any suspicious or unusual messages they may receive (SMS, phone calls, emails, etc.) that appear to come from ANTS,” the agency warned.

ANTS has notified the data protection authority (CNIL), the Paris Public Prosecutor, and has also involved the national cybersecurity agency (ANSSI) in the response effort. The agency warned that the sale or dissemination of the data is illegal.

19 million records claimed stolen

On April 16, a threat actor using the moniker ‘breach3d’ claimed the attack on hacker forums claimed the attack on ANTS, alleging to be holding up to 19 million records.

The threat actor claims that the stolen data contains full names, contact details, birth data, home addresses, account metadata, and gender and civil status.

The data has been offered for sale for an undisclosed amount, so it has not been broadly leaked yet.

ANTS saus that user do not need to take any action but recommends exercising “extreme caution” about suspicious or unusual communication over SMS, voice, and emails appearing to come from the agency.

BleepingComputer has contacted ANTS to ask about the threat actor’s allegations, but we have not received a response as of publishing.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot