ABC News reports that White House teleprompter operator Gabriel Perez allegedly made more than $100,000 betting on Kalshi markets tied to what President Trump would say in speeches, using his access to prepared remarks and last-minute edits. ABC News reports: According to the sources, Kalshi alerted its regulator, the Commodity Futures Trading Commission (CFTC), to the suspicious activity on its “Mentions” market, where users can bet on whether specific words, phrases or topics are uttered during a public speech. “Our surveillance team promptly flagged and referred these trades to the CFTC, and we are cooperating and assisting regulators,” Kalshi’s head of enforcement, Bobby DeNault, said in a statement provided to ABC News.
White House Press Secretary Karoline Leavitt told reporters Thursday afternoon, following ABC News’ report, that Perez has been put on unpaid administrative leave. Leavitt said she spoke with President Trump about it, and he thought it was a “disgrace” and made the decision himself to put Perez on unpaid leave. Leavitt said she was unaware of any other White House staffers who have made such trades. “The White House has strict ethics guidelines that we expect all staffers and officials to follow,” said White House spokesperson Davis Ingle when contacted by ABC News.
In addition to February’s State of the Union address, sources said CFTC investigators discovered that Perez placed bets on more than a dozen Trump speeches over a three-month period, including a December primetime address, a January speech at the World Economic Forum in Davos, Switzerland, and Trump’s remarks in March during a Medal of Honor ceremony.
A tribute to venture capitalist S. “Soma” Somasegar before the Sounders FC match. (GeekWire photo/John Cook0
The Seattle Sounders paused before Thursday night’s rivalry match against the Portland Timbers to honor one of their own.
Before the match at Lumen Field, the club paid tribute to S. “Soma” Somasegar, the longtime Microsoft executive, Madrona venture capitalist and Sounders minority owner who died in May at age 59. Fans stood in silence as Somasegar’s image appeared on the stadium video boards.
Somasegar joined the Sounders ownership group in 2019, part of a wave of Seattle tech leaders — including Microsoft CEO Satya Nadella — who bought in that year.
After his death, the club said Somasegar viewed sports as a way to bring people together, and credited him and his wife, Akila, with strengthening the Sounders and Seattle Reign communities.
GeekWire chronicled the outpouring of tributes after Somasegar’s death, as colleagues, founders and friends remembered the former Microsoft executive and venture capitalist for his humility, generosity and commitment to helping others succeed.
During his 27 years at Microsoft, he helped lead the company’s developer tools business before spending more than a decade at Madrona, where he backed and advised a new generation of cloud and AI startups.
Kaspersky uncovers GoSerpent, a long‑running campaign on Southeast Asian government systems using a backdoor, RAT (Stowaway), and exfiltration tool (TmcLoader)
Attackers showed extreme patience, waiting weeks before deploying secondary tools to evade detection and outlast log retention policies
Attribution remains uncertain, but overlaps with past TetrisPhantom operations; defenders are urged to review shared IoCs to detect compromise
Security researchers Kaspersky discovered a five-year-old piece of malware that’s been hiding on government computers in the Southeast Asian region, harvesting secrets and other actionable intelligence.
The company analyzed a campaign called GoSerpent, which comprises of a backdoor of the same name, a Remote Access Trojan (RAT) called Stowaway, and a two-stage data exfiltration tool called TmcLoader.
The backdoor was first used in 2021, it was said, meaning it was successfully hiding for half a decade. This was achieved, among other things, with plenty of patience and careful planning.
Latest Videos From
TetrisPhantom
“What stands out about GoSerpent is the deliberate dwell time,” Noushin Shabab, Lead Security Researcher in Kaspersky GReAT, explained.
Advertisement
“Usually, attackers want to move quickly once they get a foothold, but this group drops the initial backdoor and waits. They let the dust settle for weeks before deploying their secondary exfiltration tools like TmcLoader. That kind of patience is a calculated move designed to outlast standard log retention policies and automated security sweeps, making it incredibly difficult for defenders to connect the initial infection to the eventual data theft.”
The researchers could not conclusively attribute this campaign to any particular threat actor but did say that it has a lot in common with older campaigns conducted by the TetrisPhantom actor, including victimology, technical capabilities, and operational methods.
Kaspersky analyzed TetrisPhantom back in 2023, when it saw the group compromising secure USB drives used to provide encryption for safe data storage. This campaign also targeted government entities in the Asia-Pacific region (APAC) but, at the time, it was a newly discovered threat actor with no overlap with other known groups.
Advertisement
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Apple’s lawsuit against OpenAI is full of astonishing accusations and details, with Apple alleging it uncovered a pattern of theft of Apple’s trade secrets. Apple’s complaint mostly points the finger at a few ex-Apple employees that now work at OpenAI, the maker of ChatGPT.
OpenAI has faced quite a number of lawsuits lately on how it does business, but Apple’s suit brings a different twist. If this case goes to trial, it could reveal the secret hardware that OpenAI has long teased. A trial could seek damages if Apple’s work is being used to help develop some sort of rival AI device. Would a lawsuit spill the beans on a device — or several devices — before OpenAI is ready to launch?
Advertisement
Watch this: Apple vs. OpenAI: These Lawsuit Details Are Wild
This week’s episode of One More Thing, embedded above, goes into the juicy details of the suit and what happens next. OpenAI CEO Sam Altman says he’s not afraid of Apple, but maybe he should be. Taking rivals to court is part of the Apple playbook, and the company knows how to do it well.
The fight could also drag in a few famous Apple faces. Apple’s former design chief, Jony Ive, is now working on making AI gadgets for OpenAI. That means Apple lawyers might call to the stand the former designer of the iPhone, to see if he used information stolen from Apple. (Awkwaaard.)
For more One More Thing, subscribe to our YouTube page to catch Bridget Carey breaking down the latest Apple news and issues every Friday.
The US Treasury sanctioned First VPN Service for aiding ransomware gangs
Complying with the sanctions, the .ME registry wrongly suspended Telegram’s entire t.me domain
The domain was restored roughly 19 hours later after Telegram CEO Pavel Durov flagged the issue online
If you clicked a Telegram link on Monday and stared at a blank screen, you weren’t alone. Every shortlink starting with ‘t.me’ suddenly vanished from the global internet, breaking group invites, profile shares, and channel links for roughly a billion users worldwide.
But the outage wasn’t caused by a technical glitch or a targeted cyberattack. Instead, it was the unintended collateral damage of a US government crackdown on a cybercriminal proxy network.
On July 13, the US Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the administrators of a rogue proxy network called First VPN Service (1VPNS), aiming to cut off infrastructure used by ransomware operators.
As part of the new sanctions, the US Treasury published a list of web addresses associated with the VPN. Buried in that list was a link to First VPN’s public Telegram support channel: t.me/FirstVPNService.
A sledgehammer to crack a nut
(Image credit: Photo by Fred TANNEAU / AFP via Getty Images)
Because top-level domains operate under strict international compliance rules, domain registrars must act quickly when sanctioned entities use their infrastructure.
However, because a domain registry cannot selectively disable a specific webpage or channel path — like a single Telegram group — the Montenegro-based registry Domain.Me applied a “serverHold” status to Telegram’s entire t.me domain.
This sweeping action effectively erased the domain from the global Domain Name System (DNS). The core Telegram app continued to function, and the older telegram.me domain remained active, but the shortlinks the messaging platform is built upon went entirely dark.
Advertisement
The swift resolution
The sudden shutdown prompted immediate action from Telegram’s leadership.
Unaware of the backend domain hold, Telegram CEO Pavel Durov took to X to publicly ask the registrar for an explanation: “Hey @domainME, t.me links stopped working. Can you look into it?”
Hey @domainME, https://t.co/9z6UC2o37U links stopped working. Can you look into it? 🙏July 14, 2026
Once the sanctions issue was identified, Telegram scrubbed the offending channels from its platform. The registry operator subsequently verified the compliance and brought the domain back online.
Advertisement
“On 13 July, 1VPNS was included as a sanctioned entity by the US Department of the Treasury. A Telegram channel using the t.me domain was among 1VPNS identified infrastructure. Accordingly, the t.me domain was suspended,” domain.Me confirmed in a statementfollowing the outage.
The registrar clarified that normal service resumed roughly a day later, after Telegram provided confirmation that it had removed its links and affiliations with 1VPNS. “We appreciate Telegram’s prompt cooperation in resolving this matter,” domain.Me added.
While the outage is now resolved, the incident highlights a glaring vulnerability in the modern web, where a single URL swept up in a government sanctions list can inadvertently silence an essential communication channel for millions.
What just happened? European Union regulators are forcing Google to change how Android handles artificial intelligence, ordering the company to open up the operating system and its search data to competing AI services. Under a binding decision announced on Thursday, Google must grant rival AI assistants the same system-level access that its Gemini assistant enjoys on Android phones in the bloc. The move is intended to prevent Google from using Android’s vast reach to tilt the fast-growing AI market in its favor and to ensure that competing services have a fair opportunity to reach users.
The stakes are high. Android powers about 60% of smartphones in the European Union, and AI companies see those devices as the primary gateway for turning chatbots into everyday assistants. The deeper a service is integrated into a device – reading the screen, handling messages, and interacting with other apps – the more useful it becomes. That is precisely the layer of control EU officials are now trying to open up.
Regulators said Google will have to place rival AI services on “equal footing” with Gemini. That includes access to voice commands, system search, and the ability to perform actions in other apps, such as ordering a ride, replying to a text message, or pulling up information about a place a user recently visited. The changes must be implemented by next July.
The order also extends beyond the operating system. By January, Google will have to begin sharing anonymized search data with competing services, including developers of AI chatbots. The goal is to give those rivals access to more of the behavioral signals that help improve search and assistant products without exposing individual users.
Advertisement
Google has not said whether it will challenge the ruling in court. Instead, the company has warned that the EU’s demands could create new risks.
“Today’s decisions risk undermining vital privacy and security safeguards for millions of Europeans,” Kent Walker, Google’s general counsel, said in a statement. Google argues that allowing third-party developers to access sensitive data stored on a person’s smartphone or in their search history could weaken the protections built into its products.
European officials see it differently. The bloc has long taken a tough stance toward large technology platforms, and it views artificial intelligence as the next gateway to digital services. In their view, allowing a handful of companies to control the main AI assistants built into phones, browsers, and operating systems would entrench those players and shut out competitors.
The legal basis for the ruling is the Digital Markets Act, a competition law that applies to gatekeeper companies such as Google and Apple. The DMA requires them to make their products interoperable so that outside developers can offer competing AI assistants alongside – or instead of – built-in options such as Google’s Gemini and Apple’s Siri.
Advertisement
That requirement is already causing friction. In June, Apple said it would withhold new AI features for Siri in the European Union because it could not reach an agreement with regulators. As a result, iPhone users in the bloc will not receive the same Siri upgrades that Apple plans to roll out elsewhere, at least for now.
At the same time, some AI companies are trying to sidestep the mobile platform issue entirely by developing their own hardware. Last year, OpenAI hired Jony Ive, Apple’s former chief designer, to lead work on new AI-centric devices. The goal is to create products in which an AI assistant serves as the primary interface, rather than one that operates within another company’s operating system.
That partnership is now under strain. Last week, Apple sued OpenAI, accusing the company of stealing trade secrets. OpenAI has denied the allegations.
Microsoft restored streamer Joshua Khane’s 25-year-old Xbox and OneDrive account after it was compromised by a hacker and then suspended, putting years of personal data, baby photos, and thousands of dollars in games at risk. IGN reports: While he was “extremely happy” and thanked Microsoft for its help recovering his account and all the invaluable information therein, he levied some criticisms toward the brand for its initial response, claiming it had told him the suspension was “irreversible” at first. “It’s unfortunate that such a big company can bring back your account if you ask them to,” he said. “The way it all went, to me, is a little bit shady, because it’s not that they can’t bring back your account — they won’t bring back your account if you’re a nobody.”
Khane credited the community for making his story go viral and bringing it to Microsoft’s attention, but felt that without their help, he would have been up a creek without a paddle. He also tied the situation to the growing conversation surrounding digital ownership, comparing it to Sony’s decision to stop printing physical game discs starting January 2028.
A newly discovered strain of macOS malware is taking social engineering to an unsettling new level. Instead of exploiting a software vulnerability or silently stealing information in the background, it simply refuses to let you use your Mac until you type in your login password.
Dubbed ClickLock, the malware repeatedly shuts down key macOS processes, disables notifications, displays convincing Apple password prompts, and effectively traps users in a loop that only ends when the correct password is entered. Once that happens, it doesn’t just steal the password. It goes after browser data, cryptocurrency wallets, saved credentials, password managers, and much more.
A BleepingComputer reports states researchers at Group-IB say the malware has already infected at least 100 systems across 33 countries since May. Even more worrying, when it was first uploaded to VirusTotal in June, none of the security engines on the platform flagged it as malicious.
ClickLock doesn’t hack your Mac. It hacks you.
Unlike many modern malware campaigns that rely on zero-day exploits or privilege escalation vulnerabilities, ClickLock succeeds through psychological pressure. The infection is believed to begin with a ClickFix-style attack, where users are tricked into copying and pasting a command into Terminal under the guise of completing a Cloudflare “human verification” check. While a fake verification progress bar keeps the victim distracted, the malware quietly downloads its payloads in the background.
Advertisement
At the same time, it disables keyboard interrupts, hides the Terminal cursor, and suppresses macOS Notification Center alerts for nearly six hours, making it much harder for victims to realise something suspicious is happening.
Representative ImageUnsplash
The malware’s most disturbing feature comes next. It displays what appears to be a legitimate macOS password dialog complete with the user’s real account name and Apple branding. If the victim enters the correct system password, ClickLock immediately validates it and sends the credentials to the attackers through Telegram.
If the user refuses, the malware doesn’t give up. Instead, it installs persistence mechanisms that reactivate after the next login. Once triggered, ClickLock begins killing critical macOS processes every 210 milliseconds, including Finder, Dock, Terminal, Activity Monitor, Console, System Settings, Spotlight, and even popular web browsers.
The result is a Mac that appears almost completely unusable, leaving only the password prompt visible on screen. According to Group-IB, this loop can continue for more than 83 hours, or until the victim finally gives in.
It wants far more than your password
The login password is only the beginning. ClickLock also attempts to trick victims into approving a genuine Keychain access prompt that grants permission to Chrome’s Safe Storage key. That key can later be used to decrypt stored passwords, cookies, and autofill information from Chromium-based browsers.
Advertisement
The malware’s data-stealing module casts an exceptionally wide net. It targets browser profiles from Chrome, Firefox, Brave, Microsoft Edge, Opera, Vivaldi, Arc and Chromium, harvesting saved passwords, cookies, bookmarks, browsing sessions, local storage and autofill information.
Cryptocurrency users face an even greater risk. ClickLock searches for browser wallet extensions, desktop wallet files, encrypted wallet vaults and cached wallet addresses across major blockchain ecosystems including Bitcoin, Ethereum-compatible chains, Solana, TRON, TON and Stacks.
Representative ImageUnsplash
It also collects FileZilla FTP configurations, shell history, basic system information and public IP addresses before compressing everything into ZIP archives and uploading the stolen data through the Telegram Bot API. To ensure attackers maintain long-term access, ClickLock deploys a modified version of the open-source GSocket tool, creating a persistent backdoor capable of remotely controlling the infected Mac. Unlike the malware’s other components, which delete themselves after execution to minimise forensic evidence, this backdoor remains active on the system.
The stealth techniques don’t end there. Researchers say the malware is hosted on compromised but otherwise legitimate websites, helping it evade reputation-based security systems. Its payloads also remove themselves after execution, leaving very few traces behind. Despite that, Group-IB says defenders can still spot suspicious behaviour by watching for repeated password dialog boxes generated through osascript, continuous termination of macOS processes, mass access to browser profile folders and unusual outbound connections to Telegram.
The biggest takeaway, however, is surprisingly simple. If a website ever asks you to open Terminal and paste a command to prove you’re human, close the page immediately. No legitimate website, including Cloudflare, requires Terminal access for human verification. And if your Mac suddenly becomes unusable while repeatedly demanding your system password, resist the urge to comply. Instead, force a shutdown using the power button, restart in Safe Mode, and investigate the system before entering any credentials. In ClickLock’s case, your password isn’t solving the problem. It’s exactly what the attackers are waiting for.
Retirement of PowerShell -Credential parameter pushed back to the end of 2026
Microsoft has delayed the removal of the -Credential parameter from Exchange Online PowerShell until December 2026, giving administrators more time to update affected scripts and automation.
The -Credential parameter is used when connecting to Exchange Online PowerShell. It allows an administrator to supply stored username and password credentials. These days, it is heavily discouraged, particularly when more secure authentication methods are available.
Advertisement
Microsoft had designated the parameter for removal in July 2026 as part of its move away from password-based authentication. The trouble is tracking down automation scripts that use it, updating them, and validating the changes – assuming a fix is even possible.
Once the parameter is gone from the Connect-ExchangeOnline and Connect-IppsSession cmdlets in the Exchange Online PowerShell module, any scripts still relying on it will break, potentially taking carefully built workflows down with them.
However, Microsoft has opted to push back the retirement beginning December 2026 – a festive gift for administrators.
The company stated: “If your organization uses the -Credential parameter in PowerShell scripts or automation workflows connecting to Exchange Online or Security & Compliance PowerShell, those scripts will break when you update to an Exchange Online PowerShell module version released beginning December 2026.”
Advertisement
As such, the retirement won’t take effect until an update is performed. The server-side retirement of the underlying authentication flow is planned “for a later date.”
“When that occurs, the -Credential parameter will stop functioning even on older module versions.”
Microsoft said it delayed the retirement due to “customer feedback,” although it came late in the day. That said, a few extra months will be welcomed by affected administrators dealing with the impact of the change.
And the change is still coming. Microsoft added: “While our published timeline extends to the start of December 2026, we strongly recommend that all customers transition away from the -Credential parameter as soon as possible and not wait until the deadline.” ®
Anyone hoping Apple would refresh its entry-level iPad or iPad Air before the end of next year may need to be patient.
According to Bloomberg, Apple is planning a rollout that begins with a new iPad mini in October 2026. This will be followed by a refreshed entry-level iPad in the first quarter of 2027. Updated iPad Air models are then expected to follow in spring 2027.
The base iPad appears to be getting the most meaningful upgrade of the bunch. While it will not receive a redesign or an OLED display, the report claims it will move from the current A16 chip to an A19 processor. This change would bring support for Apple Intelligence. As a result, it would become the last iPad in Apple’s lineup to gain access to the company’s AI features.
The rest of the lineup looks set for more modest changes. Bloomberg says neither the 11-inch nor 13-inch iPad Air is expected to receive a major visual overhaul. However, previous reports have suggested Apple is preparing an OLED version of the tablet. Samsung is reportedly due to begin mass-producing those panels in late 2026. This points to a possible launch around March 2027.
The only iPad expected to arrive sooner is the iPad mini. Rumours have consistently pointed to an October 2026 launch. The compact tablet is tipped to become the next model in Apple’s lineup to adopt an OLED display. If that proves accurate, it would make the iPad mini the second OLED-equipped iPad after the current iPad Pro.
That chip is a 16-thread Ryzen Z2 Extreme paired with a 16-core RDNA 3.5 GPU, and in games like Forza Horizon 5 it managed a smooth 59fps at native resolution without needing any upscaling to get there.
Advertisement
It’s paired with an 8-inch, 1920×1200 IPS screen running at 120Hz, hitting a genuinely bright 514.9 nits in testing, so fast-paced titles look sharp and punchy rather than washed out on a smaller, dimmer panel.
The Hall effect thumbsticks and triggers are a genuine upgrade over cheaper mechanisms, staying accurate and drift-free over time, while the blockier grips make the 765g body comfortable to hold even during longer gaming sessions away from a desk.
Connectivity is well catered for too, with a pair of Thunderbolt 4 ports up top that let you dock the Claw A8 to an external monitor or a fast SSD without needing extra adapters at your desk.
Advertisement
There’s 24GB of fast LPDDR5X memory and a full 1TB SSD onboard, plenty of room for a handful of modern AAA titles alongside the smaller indie games most people actually play, though a couple of bigger installs will eat into that fast.
MSI’s 80Whr battery is one of the largest in this category, lasting close to ten hours in general use and around two hours and forty five minutes of sustained gaming, with the bundled 65W charger getting it back to half power in just 31 minutes.
At £749 instead of £899, the Claw A8 becomes a far easier sell against pricier Windows rivals, and anyone chasing the strongest chip currently available in a handheld gets it without paying full flagship money for the privilege.
You must be logged in to post a comment Login