As cyberthreats advance, so too must workforce cyber defences to avoid making what are often preventable and costly mistakes.

Cybersecurity measures in the workplace never grind to a halt, in that employees and employers must always strive to ensure that their skills and systems are as advanced, if not more so, than those wielded by people with malicious intent.

A lot of cybersecurity is arguably common sense – don’t click suspicious links, don’t share sensitive information and so on – but it doesn’t hurt to have a refresher course now and then to keep it all fresh in the mind. To that point, here are some of the most helpful tips to follow if you want to improve or maintain your company’s cybersecurity efforts. 

Silo your systems

This one is specifically for anyone who works from home. It goes without saying that we feel comfortable in our own properties and have tried and tested ways of doing things. But there is such a thing as being too comfortable and employees may forget that their systems should never overlap with the organisations.

If you are using company software, keep all activity tied to the workplace. That is to say, don’t download anything not approved by the organisation, or anything you are using in a personal capacity. 

Furthermore, if you move around and work between locations – for example at home, a cafe, a work hub – do your due diligence first and ensure that the network you are using is secure. This can be easier said than done, as using public Wi-Fi in general can be risky. With that in mind, shared office spaces and hubs tend to be a more secure option. If you are using what could be a potentially non-secure network in a public place, always use a VPN as an added layer of protection. 

Get AI ready 

Advancements in technology unfortunately bring risk. AI has unlimited potential and it is certainly the way forward for a lot of organisations looking to advance, scale and grow, but as we have seen recently, it also presents significant risk, as threat actors can use it to launch highly sophisticated scams. The companies and employees that are serious about avoiding and navigating threats are the ones that will adopt AI upskilling as a core aspect of the organisation – not just as a once a year box-ticking exercise.   

Useful skills to consider include an understanding of AI and ML models, data science for cyber defence, AI-specific threats and broad digital literacy. You can’t defend against a threat that you don’t understand and if your organisation has knowledge gaps, then you are automatically in a weak position. So make sure everyone on a system understands the ins and outs of how it works and how to keep it secure. 

Simple simply isn’t good enough

We have all picked a password because it was simple and easy to remember, making our own lives simpler and easier, in theory. But when you choose an obvious password, or take shortcuts online, it can expose you to malicious people who can easily bypass the protections you put in place. 

That doesn’t mean that every password has to be 80 characters long, or so obscure that you yourself can’t recall it without physically writing it down. But it should be something with a diverse set of characters, that someone else couldn’t guess. For example, avoid using easily obtained information like the names of pets, loved ones, birthdays or other significant dates. Implementing multifactor authentication adds another critical layer and biometric verification tools, such as fingerprint or facial recognition software, can also be useful. 

Stay current

It is important to note that all of the above is effectively useless if you are operating off of a system that is old or is not updated frequently. In the same way that innovators are constantly coming up with new ways to enhance a system, bad actors are also constantly coming up with ways to break and exploit weaknesses in systems. If you don’t regularly update your devices then you are basically holding a door open for threat actors and welcoming them in. 

If your approved system or device is due an update or if there is a trustworthy patch to be applied, don’t put it on the long finger. The longer you leave an update the more vulnerable you leave yourself, your co-workers and the organisation. So, don’t leave it on the to-do list for too long. 

When it comes down to it, cybersecurity measures are arguably the most important policies in place at a company. When they are breached or weakened, either accidentally, or on purpose, there is no one in an organisation that won’t feel the impact. Externally, it also places the consumers and partners of a business at risk. Especially financially, or if that business deals with complex or sensitive information.  

So we all have to do our bit to ensure practical, robust and consistent cybersecurity engagement.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

X-energy’s stock popped today in its debut on the Nasdaq, opening at $30.11 before closing at $29.20, up 27% over its initial public offering of $23 per share.

Investors can’t get enough nuclear power, apparently. Even the initial share price had been revised upward from the $16 to $19 target floated by the company during its investor roadshow. At close, the company was valued at $11.5 billion.

Just five years ago, such interest in a nuclear startup would have come as a surprise to many. 

Back then, the nuclear industry was haunted by delayed projects and massive cost overruns at recently completed reactors. Two power plants were completed in Georgia — one in the late 2010s and another in the early 2020s. In total, they cost around $30 billion to build.

Nuclear startups in the early 2020s were in their infancy, and at least one frontrunner had run into significant regulatory problems, sparking fears that the industry hadn’t been able to put its past behind it.

Now, investors appear optimistic that X-energy and its peers have figured out a way around the challenges.

Much of the momentum can be traced to the AI-driven data center boom. GPUs need tremendous amounts of electricity, and while solar, wind, batteries, and natural gas have been filling the need today, tech companies have been hoping to diversify. Nuclear power is one of the many options they’ve been exploring, hoping that the compact form factor will be an ideal fit for their sprawling data centers.

Nuclear power has long had more potential to power the U.S. grid than it has been able to deliver. Today, about 18% of electricity in the country comes from nuclear power. But reactor costs have risen in recent decades. Nuclear power might be one of the most reliable sources of electricity in the U.S., but it’s also one of the most expensive.

X-energy’s 80-megawatt reactor design is an order of magnitude smaller than many existing nuclear power plants. The company is betting that modularity can help bring costs down, and data center operators are hoping that a single campus can be powered by a fleet of reactors, providing the sort of redundancy and stability they prize. Amazon has said it will buy up to 5 gigawatts’ worth of capacity from X-energy over the next decade or so, but chemical maker Dow will receive the startup’s first power plant. 

Construction is underway at X-energy’s fuel facility, and while the company has yet to start construction of a power plant, investors appear bullish that the company will be able to break nuclear power free from its decades-long malaise. 

The HP DeskJet 2855e is a compact all-in-one inkjet printer designed for light home use. It provides printing, scanning, and copying functions. The printer stands out because of its simple setup process, which users praise when they use the HP Smart app together with wireless connectivity features.

Now, this is a budget inkjet – it’s currently $50 at Amazon.com and in the UK, the virtually identical DeskJet 2820e is £40 at Amazon.co.uk.

Canadian AI start-up Cohere has agreed to acquire Germany’s Aleph Alpha in a transatlantic deal aimed at giving governments and regulated industries an alternative to US tech giants.

The combined entity will be anchored in Germany and Canada, pooling engineering talent and compute resources across the two G7 nations. It will target customers in the public sector, finance, defence, energy, manufacturing, telecommunications and healthcare.

As part of the deal, Germany’s Schwarz Group, the retail giant behind Lidl and Kaufland, is leading a €500m structured financing commitment into Cohere’s upcoming Series E round. Schwarz’s sovereign cloud service Stackit will act as the technical backbone of the venture.

The market opportunity is sizeable. McKinsey projects AI services will surpass $1trn annually, with sovereign AI needs accounting for close to $600bn of that total.

“Organisations globally are demanding uncompromising control over their AI stack,” said Aidan Gomez, co-founder and CEO of Cohere. He said the partnership would give enterprises and governments “the absolute certainty that their data remains their own”.

Ilhan Scheer, co-CEO of Aleph Alpha, said the combined company would give European institutions “access to powerful, yet controllable AI they can truly own”, and serve as a “real counterweight” for organisations that refuse to outsource AI control to a single provider or jurisdiction.

A transatlantic challenger

Forrester’s vice-president and principal analyst Thomas Husson said the deal creates “a unique transatlantic player designed to challenge the dominance of US giants”.

“While it is technically an acquisition by the Canadian firm, the real power is likely to be shared,” Husson said. “Cohere will provide cutting-edge engineering and global product and commercial leadership, while German players (and especially the Schwarz Group) provide the essential capital and political backing.”

He described the structure as “hybrid and unusual” and said it was aimed at “capturing the sovereign AI market to offer a secure alternative for governments of highly regulated industries to avoid reliance on US cloud laws”.

Husson said the tie-up will put pressure on French AI company Mistral in particular. “This will directly challenge Mistral AI who will now face a new rival combining North American agility with European regulatory trust,” he said.

However, Husson warned that success is not guaranteed. “Ultimately, the deal’s success depends on whether this dual-headed leadership can remain unified while competing against the massive budgets of giants like Microsoft, Google or OpenAI.”

The transaction is subject to approval by Aleph Alpha shareholders and competition regulators.

In August last year, Cohere raised $500m at a $6.8bn valuation and hired the former Meta vice-president for AI research Joelle Pineau as its first chief AI officer. Pineau, a Canadian computer scientist and a professor at McGill University, led Meta’s Fundamental AI Research team.

Cohere’s oversubscribed raise was led by Radical Ventures and Inovia Capital, with additional participation from existing investors including AMD Ventures, Nvidia and Salesforce Ventures.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026.

The group, also tracked as CL-CRI-1116, UNC6671, and Cordial Spider, is impersonating corporate IT helpdesk staff to steal employee credentials and demand seven-figure ransoms, according to information shared by cybersecurity firm Palo Alto Networks’ Unit 42 with the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC).

Unit 42 security researchers have also linked BlackFile with moderate confidence to “The Com,” a loose-knit network of English-speaking cybercriminals known for targeting and recruiting young people for extortion, violence, and the production of child sexual exploitation material (CSAM).

In a Thursday report, RH-ISAC said that the group’s attacks begin with phone calls to employees from spoofed numbers, in which the threat actors pose as IT support to lure staff to fake corporate login pages that ask them to enter their credentials and one-time passcodes.

“The attackers behind CL-CRI-1116 use voice-based phishing (vishing) from spoofed Voice over Internet Protocol (VoIP) numbers or fraudulent Caller ID Names (CNAM) as a social engineering technique, typically posing as IT support staff,” RH-ISAC said.

“We can confirm that we are seeing a significant increase in Blackfile matters and that TTPs appear to be very similar to such groups as ShinyHunters and SLSH and similar copycats employing vishing/social engineering data exploit tactics,” CyberSteward founder and CEO Jason S.T. Kotler also told BleepingComputer.

Using stolen credentials, the BlackFile attackers register their own devices to bypass multifactor authentication, then escalate access to executive-level accounts by scraping internal employee directories.

BlackFile steals data from victims’ Salesforce and SharePoint servers using standard API functions, searching specifically for files containing terms such as “confidential” and “SSN.”

The exfiltrated documents are downloaded to attacker-controlled servers and published to the gang’s dark web data leak site before victims are contacted with ransom demands via compromised employee email accounts or randomly generated Gmail addresses.

“By leveraging Salesforce API access and standard SharePoint download functions, the attackers move large volumes of data – including CSV datasets of employee phone numbers and confidential business reports – to attacker-controlled infrastructure,” RH-ISAC added.

“This is often done under the guise of legitimate SSO-authenticated sessions to avoid triggering simple user-agent alerts.”

Employees of compromised companies (including senior executives) have also been targets of swatting attempts, which involve making false emergency calls to responders. Attackers often use this tactic to exert additional pressure on their victims.

Mandiant also told BleepingComputer that they are actively responding to several vishing incidents that led to data theft and extortion, including one that used a BlackFile victim-shaming site that is now offline.

To reduce the success rate of BlackFile’s attacks, RH-ISAC recommends that organizations strengthen their call-handling policies, enforce multifactor identity verification for callers, and conduct simulation-based social engineering training for frontline staff.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot

Overpriced Mac minis are flooding eBay amid shortages of the sold-out machines, which have become a favored tool for running on-device AI models like OpenClaw.

This week, reports indicated that the $599 M4 Mac mini base model with 16GB RAM and 256GB of storage is sold out on Apple’s retail website, with no options for delivery or in-store pickup. The shortages have since extended to other configurations of the base model, regardless of the amount of memory selected. This is the first time the base model has been sold out, some outlets noted. Meanwhile, models with higher storage (512GB and up) are only available to ship starting in June.

As a result, eBay has become a secondary market for these in-demand computers. On the site, various configurations of the M4 Mac mini are available for sale at higher prices than if buying direct from Apple, which is no longer an option.

Apple’s power-efficient Mac minis have become popular devices for testing and running at-home, on-device AI models, beginning with the OpenClaw craze but now extending to OpenClaw alternatives like ZeroClaw, other AI tools from Anthropic and OpenAI, Perplexity Computer, or other specialized local models. Unlike some PCs, Mac minis also run quietly and tend to be more reliable for 24/7 use, compared with laptop computers.

The shortage of the devices also comes alongside an industry-wide memory crunch and plans for a Mac mini refresh, according to Bloomberg. However, refreshes of product lines haven’t led to shortages before.

Apple did not immediately respond to a request for comment.

This perfect storm of supply chain stress and increased demand for AI-friendly machines has inflated the prices of used consumer electronics.

As of Friday morning, M4 base models with the 16GB RAM/256GB SSD configuration were selling at markups like $715-$795 for a new, “open box” model, and as high as $979 for an “excellent” refurbished version. Some “lightly used, pre-owned” Mac minis with this configuration were selling for around $700 — more than $100 more than the price of a new base model.

There was also a single listing for a $925 brand-new M4 Mac mini with the same 16GB RAM and 256GB storage; the listing warned in bright red text: “Last one.”

While you still may be able to score a reasonably priced refurb if you keep a close eye out (or if you win an eBay auction where the bid has started at a lower price point), it seems that the demand for the device is going to keep prices up until Apple’s supply chain refreshes.

And now that the Mac mini is unavailable, Apple has begun to see increased demand for the Mac Studio, too. That computer is also now sold out across several configurations.

As Ars Technica pointed out, you can still get a MacBook Pro with 128GB RAM and larger SSDs within a few weeks, and even the new and popular MacBook Neo is still shipping within two to three weeks. This suggests the real issue is consumer demand for the Mac mini itself.

Erdŏgan has 15 days to sign the bill into law. The legislation enters into force six months after publication in the Official Gazette. The main opposition CHP criticised it as a political censorship tool rather than child protection.

Turkey has previously blocked Instagram, Roblox, and restricted platforms during the İmamoglu protests.

Turkey’s Grand National Assembly passed a law late on Wednesday banning social media for children under 15, making the country the latest, and one of the largest by population, to introduce legislative age restrictions on social media access.

Under the law, social media companies including YouTube, TikTok, Facebook, and Instagram will be required to implement age verification systems, block under-15s from creating accounts, and provide parental control tools to manage the accounts of 15-to-17-year-olds.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

President Recep Tayyip Erdŏgan has 15 days to sign the bill. If signed, it will enter into force six months after publication in the Official Gazette. Online gaming companies must also appoint a Turkey-based representative to ensure compliance.

The immediate political catalyst is the Kahramanön school shooting on 14 April 2026, in which a 14-year-old boy killed nine students and a teacher at a middle school in Kahramanön in southern Turkey before dying himself. Police subsequently arrested 162 people accused of sharing footage of the attack online. Investigators are examining the perpetrator’s online activity for clues to his motivation.

Erdŏgan made the political link explicit in a televised address on Monday: “We are living in a period where some digital sharing applications are corrupting our children’s minds, and social media platforms have, to put it bluntly, become cesspools.”

The parliamentary commission that proposed the law framed it in a report titled “Threats and Risks Awaiting Our Children in Digital Media.”

The law’s operational mechanics carry significant compliance demands for platforms. Companies with more than 10 million daily users in Turkey, a threshold that covers all major platforms, must remove content deemed harmful within one hour of notification in an emergency.

Foreign services with more than 100,000 daily users must maintain a local representative. Enforcement is through Turkey’s communications watchdog, the BTK.

Penalties escalate from advertising bans to access speed restrictions, effectively throttling platform performance, to potential access bans. The speed restriction mechanism is the same tool Turkey has used in previous enforcement actions against platforms that have declined to comply with content removal orders.

Running parallel to the under-15 law is a second legislative initiative that is editorially more significant for digital rights. The Turkish government has separately reached an agreement with social media companies requiring that all Turkish citizens, not just minors, verify their identity to use social media accounts.

The precise mechanism of this identity verification system has not been disclosed, and how platforms will technically implement it is still unknown. Merve Gürlek, the Turkish official who announced the agreement, made the announcement on 3 April; further details of the legal framework are still being drafted.

The end of social media anonymity for all Turkish users represents a categorically different kind of intervention than the under-15 age restriction and carries obvious implications for political speech.

The opposition Republican People’s Party, the CHP, Turkey’s main secular opposition, voted against the bill, arguing that children should be protected “not with bans but with rights-based policies.”

This is a standard liberal critique of age-based social media bans, but in the Turkish context it carries additional weight given the government’s documented record of using platform restrictions for political purposes.

Online communications were widely restricted during 2025 protests in support of Istanbul’s jailed opposition mayor Ekrem İmamoglu. Instagram was blocked in 2024 following a dispute over Hamas-related content.

Roblox was banned, with Turkish officials citing inappropriate sexual content and, separately, what an official described as the “promotion of homosexuality.”

The law passed by parliament is not in itself a tool of censorship; but it expands and formalises the regulatory infrastructure through which the government controls what Turks can access online.

Turkey’s law joins a rapidly expanding international landscape of social media age restrictions. Australia’s ban for under-16s came into force in December 2025.

Norway announced on Friday that it plans to legislate a ban for under-16s by end of 2026. Indonesia has implemented restrictions on under-16 access to platforms exposing minors to pornography, cyberbullying, and addiction. France has age verification requirements for social media.

The UK’s Online Safety Act imposes harm prevention duties on platforms. Turkey’s approach is distinctive in two ways: it pairs the child protection measure with a universal identity verification requirement that no comparable democracy has yet implemented, and it introduces it in a political environment where the infrastructure for platform restriction has already been deployed against political opposition.

Whether the legislation functions primarily as child protection or primarily as a new layer of state control over digital speech will depend largely on how the BTK applies its enforcement powers in the years ahead.